last executing test programs: 5.014830093s ago: executing program 0 (id=952): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f0000000380)={{0x68fade03, 0x6}, 0x100, './file1\x00'}) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x3c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_SEQ_ADJ_REPLY={0x4, 0x4}]}, 0x3c}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000a40)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x46, &(0x7f0000000280)={0xfffffffffffffe62, 0x0}, 0x10) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f00000000c0)={0x1, 0x1, 0x0, "3b189831cb9c1d4fd54c60d1dd004dbb6cba09ca3420217017d0a3dad57650f5"}) chdir(&(0x7f00000000c0)='./bus\x00') chdir(&(0x7f00000000c0)='./bus\x00') ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, r4, {0x400}}, './bus\x00'}) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x60) getdents(r5, &(0x7f0000000140)=""/194, 0xc2) 4.784369193s ago: executing program 0 (id=955): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x28, 0x1e, 0x21, 0x0, 0x0, {0xa}, [@typed={0x5, 0x700, 0x0, 0x0, @str='\x00'}, @typed={0xa, 0x2, 0x0, 0x0, @str='w\xa9\xe2\x00\x00\x00'}]}, 0x28}}, 0x0) 4.523920918s ago: executing program 0 (id=960): openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2203, 0x0) pipe(&(0x7f00000045c0)={0xffffffffffffffff}) syz_kvm_setup_syzos_vm$x86(r0, &(0x7f0000556000/0x400000)=nil) 4.372301122s ago: executing program 0 (id=962): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r2, @ANYBLOB="01000000000000007fff010000000c0005006c000000000000000c0002000000000000000000040007800c000300"], 0x90}}, 0x0) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r1) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), r4) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22000, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r7, 0xc008ae05, &(0x7f0000000080)) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_LBT_MODE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x1c, r5, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2008c88}, 0x4000004) sendmsg$NL802154_CMD_GET_SEC_DEV(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x28, r3, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x8001}, 0x4040000) syz_usb_control_io(r0, 0x0, 0x0) r9 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r9, 0xc100565c, &(0x7f0000000440)={0x6, 0x2, 0x2, {0xa, @pix_mp={0x4, 0x2, 0x47504a50, 0x0, 0xf, [{0x38, 0x4}, {0x200, 0xfffffff2}, {0x62c, 0x9}, {0x70, 0x4}, {0x6, 0x3}, {0x7fff, 0x9}, {0xed, 0x7}, {0x1, 0x5}], 0x5, 0x0, 0x4, 0x1, 0x2}}, 0x1ff}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r10 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r10, 0x89f3, &(0x7f0000000840)={'gre0\x00', &(0x7f00000007c0)={'sit0\x00', 0x0, 0x80, 0x7800, 0x6, 0x3b4f, {{0x5, 0x4, 0x3, 0x18, 0x14, 0x68, 0x0, 0x5, 0x2f, 0x0, @loopback, @private=0xa010100}}}}) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000100)=ANY=[@ANYRES64=r0, @ANYRESHEX=r0, @ANYRES32=r0, @ANYRESDEC=r0, @ANYRES16=r11, @ANYRES8=r11, @ANYBLOB="b86e4c1f63da4972351c87185fe85294202ff1c2f0402a04c3e264b0a4aa664b646d702ecec64e6ebb2fa7a902308f14553ec59f5b3074b4b38822f13ce197c05bf8f77c4e22349ff3d7eab8dd75072f041dbe313f07fb83437e38987442053119211cdff33993e510ccc57c2aeb2161f293267795b206316b70bc4e7ff4b96282b221b104"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r12 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000002740)=ANY=[@ANYBLOB="140000001300015b993dde440113e90006"], 0x14}], 0x1}, 0x0) 3.896413359s ago: executing program 1 (id=968): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') pread64(r1, &(0x7f0000001240)=""/102400, 0x19000, 0x80000000000000) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') getdents64(r2, &(0x7f0000000100)=""/80, 0x2f) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000)=0x63c8dc10) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r3, 0xc0045540, &(0x7f0000000080)=0xffffffff) getdents(r2, &(0x7f0000000200)=""/251, 0xfb) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="202326b4b34bf1a2fb47547a40bc0b5fdb965f81ebcc2600", @ANYRESOCT=r4, @ANYBLOB="7961fdffffff0000000900f2ffff0b0099"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x884) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a000001"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$igmp6(0xa, 0x3, 0x2) r8 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r8, 0x29, 0x2e, &(0x7f0000000080)={0xfffffffc, {{0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x8a2}}, {{0xa, 0x4e24, 0xfd, @remote}}}, 0x108) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x3, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x7, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_SET_CPUID2(r11, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000080000000000000003000000040000000008000001fcffff0700"/48]) ioctl$KVM_RUN(r11, 0xae80, 0x0) 3.192682436s ago: executing program 3 (id=971): ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x401, 0x0, 0xfd, "0062ba7d06000000000004000000f713000001"}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_pts(0xffffffffffffffff, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000280)=0xd) 3.192201292s ago: executing program 1 (id=972): ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)={0x2, 0x1, 0x0, 0x2, 0x20000000000000da, 0x0, 0x0, 0x0, [@sadb_x_policy={0x0, 0x12, 0x0, 0x3, 0x0, 0x6e6bb6, 0x9, {0x0, 0x3c, 0x1, 0x2, 0x0, 0x6, 0x0, @in6=@private1, @in=@private=0xa010101}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xe, @ipv4={'\x00', '\xff\xff', @broadcast}}}, @sadb_x_sa2={0x2, 0x13, 0x3, 0x0, 0x0, 0x0, 0x3507}]}, 0x70}, 0x1, 0x7}, 0x0) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0000f1bce6053bdbffd6782b5072659e7bb1ff91578ad44b7c3b39b07488d14e1043961067bf00207dc6b6577338c30c7c5b714f1e6675bc7f07b1caf9cf2ab2aacfe97c941323c5b158b615dd45c09b98ebf4c368e6cc735e733634d2785aa66d3ff23439c5a3527bfa7a05fe56f354795a60307434d767cffa20a60cf39611fabc48e19c1a7ae0f9565920716741b3e3c2132319d55cf4e92c4064d0188d91ff32891f38241f25ad14d6", @ANYRES16=r1, @ANYBLOB="080025bd7000fddbdf2502000000050004000300000005000200020000000800060064010100050002000a0000000400050008000600640101010400050008000600ac14143d"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x80) creat(&(0x7f0000001380)='./file0\x00', 0x4) 3.059491544s ago: executing program 1 (id=973): r0 = socket$packet(0x11, 0x2, 0x300) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4) (fail_nth: 1) 2.957325528s ago: executing program 3 (id=974): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8800, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x41, 0x64, 0xc2, 0x8, 0x100d, 0x3342, 0x223e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x7, 0x5c, 0x60, 0x11, [{{0x9, 0x4, 0xd5, 0x1, 0x2, 0xba, 0x4e, 0xc8, 0x1, [], [{{0x9, 0x5, 0x1, 0x10, 0x200, 0x8, 0x3, 0xf}}, {{0x9, 0x5, 0xd, 0x2, 0x10, 0xd, 0xc, 0x4}}]}}]}}]}}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0}) read(r3, &(0x7f0000000280)=""/4096, 0x1000) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x42, 0x0) read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, r5, {0x7, 0x29, 0x20200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646eb63d", @ANYRESHEX=r2, @ANYBLOB=',\x00']) 2.488760821s ago: executing program 1 (id=975): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = gettid() r2 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/103, 0x67}, {&(0x7f00000047c0)=""/4060, 0xfdc}, {&(0x7f0000001340)=""/4065, 0xfe1}, {&(0x7f0000000700)=""/244, 0xf4}, {&(0x7f0000000340)=""/120, 0x78}, {&(0x7f00000012c0)=""/126, 0x7e}, {&(0x7f00000004c0)=""/38, 0x26}, {&(0x7f0000000080)=""/152, 0x98}], 0x8}, 0x40000100) sendmsg$inet(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000900)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000000) recvmsg$kcm(r2, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x40000002) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1}) r3 = syz_open_dev$vim2m(&(0x7f0000000b00), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000180)={0x28, 0x1, 0x0, "732283ef1acb5aa7abe50000000009be908100"}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000000), 0x10) 2.458060722s ago: executing program 2 (id=976): r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) r1 = accept4$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs, &(0x7f0000000180)=0x6e, 0x80800) accept$unix(r1, 0x0, &(0x7f00000002c0)) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x2, 0xa, 0x8, 0x9, 0x20, 0x0, 0x70bd2c, 0x25dfdbfd, [@sadb_x_kmaddress={0x7, 0x19, 0x0, @in6={0xa, 0x4e23, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2}, @in={0x2, 0x4e21, @local}}, @sadb_x_filter={0x5, 0x1a, @in=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x11}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e21, @empty}, @in6={0xa, 0x4e23, 0x2, @mcast2, 0x6}}, @sadb_x_nat_t_type={0x1, 0x14, 0x2}, @sadb_x_sa2={0x2, 0x13, 0x8, 0x0, 0x0, 0x70bd26, 0x3502}, @sadb_x_nat_t_type={0x1, 0x14, 0x8}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in6={0xa, 0x4e21, 0xff, @loopback, 0x5f2}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x40}}}]}, 0x110}}, 0x40) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000010c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@multicast1, 0x0, 0x0, 0x0, 0xb7, 0x2}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 2.297255913s ago: executing program 2 (id=977): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, r4, {0x7, 0x29, 0x20200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) (fail_nth: 11) 2.278723073s ago: executing program 1 (id=978): ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) gettid() openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000280)={0x79, 0x0, 0xbf0}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0xc4fc27d37f13a39, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000340)=0x4, 0x12) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'vlan0\x00', 0x800004}, 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) inotify_init() recvmmsg(r3, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}, 0x1ffffd}, {{0x0, 0x0, 0x0}, 0x10004}, {{0x0, 0x0, 0x0}, 0xfff}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/228, 0xe4}, {&(0x7f0000000900)=""/242, 0xf2}, {&(0x7f0000002a40)=""/4098, 0x1002}, {&(0x7f00000006c0)=""/216, 0xd8}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0xff}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000600)=""/130, 0x82}, {&(0x7f0000001900)=""/222, 0xde}, {&(0x7f0000004e40)=""/4116, 0x1014}, {&(0x7f0000006080)=""/4080, 0xff0}, {&(0x7f00000003c0)=""/98, 0x62}], 0x5}, 0x4}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40000222, 0x0) r4 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)={0x2, 0x0, @c}, 0x29, 0xfffffffffffffffc) keyctl$revoke(0x3, r4) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x110, r5, 0x45809000) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000140)={0x6, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0xe}]}, 0x10) r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_GET_CAP(r6, 0xc010640c, &(0x7f0000000080)={0x2}) socket(0x2, 0x5, 0x8) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r7 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000062a10b40450c1010fce60102030109021b00010000000009043200019740a40009058203ff0300"], 0x0) syz_usb_ep_write$ath9k_ep1(r7, 0x82, 0xc, &(0x7f0000000040)={[{0x5, 0x4e00, "d382504a0d"}]}) mremap(&(0x7f00006a2000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f00004a6000/0x2000)=nil) 1.758048853s ago: executing program 0 (id=979): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000009800)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000002180)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/121, 0x79}, {0x0}, {&(0x7f00000005c0)=""/140, 0x8c}, {&(0x7f0000000240)=""/36, 0x24}, {&(0x7f0000000480)=""/121, 0x79}, {&(0x7f0000000400)=""/80, 0x50}, {&(0x7f00000032c0)=""/246, 0xf6}, {&(0x7f0000000180)=""/68, 0x44}, {&(0x7f0000000380)=""/19, 0x13}, {&(0x7f0000000500)=""/150, 0x96}, {&(0x7f0000003580)=""/4082, 0xff2}, {&(0x7f00000008c0)=""/239, 0xef}], 0xd}, 0x2}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x25}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x1ff}], 0x7, 0x2100, 0x0) 1.717474266s ago: executing program 2 (id=980): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x24, r1, 0x5, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options]}, 0x24}, 0x1, 0x0, 0x0, 0x40048}, 0x0) (fail_nth: 10) 1.647668025s ago: executing program 0 (id=981): socket$kcm(0x10, 0x2, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fdinfo/3\x00') r1 = gettid() r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000500), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000780)={0x5, 0x20000006, 0x11080, 0x0, 0x4}) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) read$eventfd(r0, &(0x7f0000000080), 0x8) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f00000003a8407a730b93bf0280b3"], 0x0}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3ff, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000001c0)={0x9, 0x2, 0x1}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r3, 0xc058565d, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x8, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'BRTI'}, 0x0, 0x1, {}, 0x7f}) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_vlan\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x2, 0x4, 0x0, 0xfe, 0x0, 0x0, 0x9, 0xff, 0x0, 0x0, 0x0, 0x3}}) syz_usb_connect(0x3, 0x2d, &(0x7f0000000300)=ANY=[@ANYBLOB="120100050000000000000032cf690000000109021b00010000000009040000010e010000090581b9a7a259af24f2b73e3a0f7ea4062ad80c2bd5ed08757a458d2f4dd1bfa372babff84642530429359190b7eef8eadb28ac0000000000"], 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x1c, r6, 0x1, 0x0, 0x10, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}]}, 0x1c}}, 0x0) r7 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r7, 0xc018480b, 0x0) 1.488885201s ago: executing program 2 (id=982): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r0, 0x2000) (async) mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, 0xffffffffffffffff, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x8}}, 0x2}}, 0x2e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 1.110189171s ago: executing program 2 (id=983): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000240)={0x0, 0xa00, &(0x7f0000000140)={&(0x7f0000000480)={0x24, r1, 0x5, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options]}, 0x24}, 0x1, 0x0, 0x0, 0x40048}, 0x0) 1.059297395s ago: executing program 2 (id=984): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) pipe(&(0x7f0000000400)) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) pipe2$9p(&(0x7f0000000180), 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x2a) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8=r2, @ANYRES64=r1], 0x0) ioctl$TUNSETIFF(r0, 0x400454da, &(0x7f0000000080)={'batadv0\x00'}) r3 = socket$inet6(0xa, 0x6, 0x8000) setsockopt$inet6_opts(r3, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x18) setsockopt$inet6_opts(r3, 0x29, 0x36, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'veth1\x00', 0x800}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x103442, 0x0) ioctl$TUNSETIFF(r4, 0x400454da, &(0x7f0000000140)={'virt_wifi0\x00'}) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x1}) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmsg$alg(r6, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x4000480) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r6) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000240)={'\x00', 0x52d35ce30131f272}) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0) 744.889628ms ago: executing program 3 (id=985): r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xcd) ioctl$SIOCAX25NOUID(r0, 0x89e3, &(0x7f0000000080)=0x1) creat(&(0x7f0000001380)='./file0\x00', 0x4) mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x8000, 0x0) socket$phonet(0x23, 0x2, 0x1) 737.868966ms ago: executing program 3 (id=986): r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) r1 = accept4$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs, &(0x7f0000000180)=0x6e, 0x80800) accept$unix(r1, 0x0, &(0x7f00000002c0)) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x2, 0xa, 0x8, 0x9, 0x20, 0x0, 0x70bd2c, 0x25dfdbfd, [@sadb_x_kmaddress={0x7, 0x19, 0x0, @in6={0xa, 0x4e23, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2}, @in={0x2, 0x4e21, @local}}, @sadb_x_filter={0x5, 0x1a, @in=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x11}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e21, @empty}, @in6={0xa, 0x4e23, 0x2, @mcast2, 0x6}}, @sadb_x_nat_t_type={0x1, 0x14, 0x2}, @sadb_x_sa2={0x2, 0x13, 0x8, 0x0, 0x0, 0x70bd26, 0x3502}, @sadb_x_nat_t_type={0x1, 0x14, 0x8}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in6={0xa, 0x4e21, 0xff, @loopback, 0x5f2}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x40}}}]}, 0x110}}, 0x40) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000010c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@multicast1, 0x0, 0x0, 0x0, 0xb7, 0x2}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 511.212025ms ago: executing program 3 (id=987): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0xfffffd9d) r4 = socket$packet(0x11, 0x3, 0x300) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) socket$packet(0x11, 0x2, 0x300) write$UHID_INPUT(r5, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xdd52d6c}}, 0x1006) r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETTRIGGER(r6, 0x40045010, &(0x7f0000000140)) write$dsp(r6, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r5, 0x0) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4) setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) sendfile(r2, r3, 0x0, 0x1000004) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0xc) r10 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r10, 0x89f0, &(0x7f0000001440)={'gre0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x20000000, 0x0, 0x9, 0x900}}) bind$netlink(r9, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setuid(0xee01) r11 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r11, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0xa, 0x0, 0x300, 0xed}}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, 0x0, 0x10004011) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0017000054f466802e4c9a513c515b775b4573bcc8b81ce2528425a503fdafb0bc14e1ae2da6d56676f6f427d8e2b1095449d9fd1601a0535dda986ccf5ea2497ce37fba088967b2f9db57f1bdb831406932e46ed4a24c6e255c9d8b6b88f7fd3aef7c0adf20c4f47663eb2fa4d4cc4a48634fe0c1a3e7560651160bd5827b7f337377a7c68ab620594704c68745136914fe24cdce1648ea6243427a452e16dc89c4122d6f1a4283396bcc5188b2fe43385f0f5517f18de6c0fa9d69e89205391faa32592d118efe8c0edbac7eba22b849e2cd1c3ab753246d10b621f0bb728817da29e90dbf522dca51333db45340d3491d", @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r8, @ANYBLOB="0a00340001010101010100000400cc00"], 0x2c}}, 0x0) 530.708µs ago: executing program 1 (id=988): r0 = creat(&(0x7f0000001380)='./file0\x00', 0x4) (async) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', 0x4000, 0x111) fanotify_mark(r0, 0x20, 0x10, r1, &(0x7f0000000080)='./file0\x00') (async) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a000090480000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) (async) syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000180)={0x20, 0x9}, 0x0, 0x0, 0x0, 0x0}) (async) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 64) r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') (rerun: 64) r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff) r6 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r6, &(0x7f0000000000)={0x18, 0x2, {0x2, @remote}}, 0x1e) (async) bind$pptp(r6, &(0x7f0000000080)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x1e) close(r5) (async) execveat$binfmt(0xffffffffffffff9c, r4, &(0x7f0000000280)={[&(0x7f0000000000)='/dev/usbmon#\x00', &(0x7f0000000080)='/dev/usbmon#\x00']}, &(0x7f0000000300)={[&(0x7f00000002c0)='/dev/usbmon#\x00']}, 0x1000) (async, rerun: 32) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) (async, rerun: 32) r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x40) fcntl$notify(r7, 0x402, 0x8000003d) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0) (async) renameat2(0xffffffffffffff9c, &(0x7f00000008c0)='./file4\x00', 0xffffffffffffff9c, &(0x7f0000000900)='./file7\x00', 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @mcast1}, 0x1c) (async) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28) (async) sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000240)="78cf3d30c0c23baf32452d129569808e8debc251c0b98e095e5c5450e1015c66cdca6625588eeab7d52293875907a281d0552fc030e6eb998fccb71921701f9bde0f05de4a11c388953295fdab75f626be58eb8849fd23a80eaa1b95a12f1f4cd53edf5ef3a290639e27a874c0ef9facb7095b94e244cb85d1e6a28290c268f53f00c5c0df97ad9da2beefea5353a3dbfd26c6dfbfaad4fd01792aae77f7dc17f0b9c3a947805e422a2311bafad5f97554032c40bab65b573d2900dcd4828588fb6601c07805259edee693eb5c68b1d9984dc2af480c330a4ade", 0xda}, {&(0x7f0000000500)="385343ced8a47af7d176ad55869eb42a80fc7c3c11d79f3329f6e2e8df340ea59bfffb03f823f327febcfd2ac99ca2562537557cda7802b8a8fa88847be2e18e8b705653cfa331538c87a9656910c4b63bd7fe0f5366704b4ed9f898c047df984984d9fee54d4a9baea8992eb14492f424e393da60d8740c1baadd36c8493fad626d9ac5a63cf624baa936386f9e3b22d51fd8f7b595bd39067b62e567091f2852c55d34fecffd87937267a11102f564e911a60330ce9ab2a87317198216dcc029db4b7d8b2aa4594f2d2204054d7095dd35a4a29f2d3406917a359db94cfaf3eca1", 0xe2}, {&(0x7f00000039c0)="e29f82d2f1041703046cf82ff8f74934309afdd91ac8494181c911112e7b22eaef7d9689d5f347dd6ec359938dcd706f1cb7e5a1c403e6acd29abac2e79db5dd3bfbde1f3c195309118506a902482ebc22a20548b846934962fb4b522b986532b35f987bc38e559b92278cbc60ef2a73369c5d7e7b16422f84e0e31e67131031c1b9791ecbee5547dbbcc220e83df4cd7bc84f3c5a2d398fe982efc0795206b3539ab93704f8b65b6a112728f44be7791f5963e7a91002fed31e4c17081b9efccdb5bd0f2a33cc69c6928186bf6e8faa921d38621c788a4d0e415d2950382e327bfb5e7948480aab2f8d41528da2a8de0249906b8e24a300a4630e9ca2ed90a89b14f4860015b8cb2ba349c4d77a22170e2f88a0f86cfa288cb14c5a12402339770983e893874ef40bc8caffd0469d1afab82fc218ea397c380ad307e6e950c3b879420ab4046e488c466a72b77d03a1f5d1fec41fbea2697792d5e6a00712fe60d21213a77c0c9d8220125264d5fb494fa196cdc2ea617b6a206359f83461dfa111152cbbacd7046b3313294c79a97ab14f4665e11dae0ed5e41a1f75391ff62ae19619a38085c779a057115300ab0d55d46a0e67c4289c4604a0f3df0d6d5798bb3873ec875a14c15cb47eac05c614f2f37315fbb37cca8c6ea12ba1540fbec9def377417a6b2dde71df85d1c5f91dd128b268d5dd2a4e76b45e27f40f326b46f88890314e033bad4205cd8b8d41e34c77121b4ddfd462a028a5c2ef85f11af3261f4264a2b47b86cfdc6f6ccd3af932ed5d8715d341044f6206f3ffad1a209f83b495c4d9633fa2d7e9ba9ad146b875921190cc634d7b7c969049aa9591e64178a3efc936c2a6d570c1cedee93c42985dab2ddcf1bd8d67943241ce87c0eac7e52a6bc00ac7cf3ec3b3f02768a37d9787b2da2fa258a99f25f6fbc60256e476906f837e3426c093dc8e1d67a3f54298302a4e6037c9e8c3c5f283aab9335f6dee4f2e9dbd60bac4d3c001e30a81a3f4f639b48a2eb7dff4a57a1b91bd3788cd6c113f0450fb58864f8f8a6996228b87181b4da47b0a55b0cd3258d7d7794cb88b60b7608c38955f9edd5373dc8852c4aadf32a1334cd75af9590de82a890e9809873d4f1a499af521ae64307e3083382c883bbbeff0c2bce4f82da79bffb6f49166a6cf1f7f719291b59395a78b1d692fef42b968d907a2b0738ca82b7ae2cc691911a5842f781ec55b67c3cdaca015ca189c5bc35e4f5821cbd40e0123b34b1c453fb52ae5c856319302886ba1baa3f6a84355fa8600da12ca99da772b5bf6da9167de9eebe4ef0998ae78caa44cb574558e42209d9d5368c32f2479a25514ab43d1cb6cd44c08d6175759a503820003bb1219fe38cada272cb83544e923b40a23f5606133221308cec7953b37e9d814d1f25cb35ed03da06f04c3898c4d6d1d31bfcd294284f508df865983e5ce20239ac87b88287f990092bc61e033210dfd1eccb9fc470e330e770513af3e7c020c1f82f0cbe4d609964d50b9403df9622ba3cab6261cce349c69caf2a1b9d1dfa7f93c83fa6df626f0b8a9a2c813d115f2bf2090bda3864aa87dff19e90ec75ade8566f17ae7cfa1c3874aedb4e7a0c6350d7d3f103fe51e359137a249fb56a1a9a35a13f72f352b5c2593afa38c403d578c6c1cb93928d8c3cc656b212fa1ee086a5dcb2b19677b7f5243430ab0e5c459631ec505c7730e1537a11860bc3bb2c0d920c388fa3be03b17e5df1990ca672b6e7c1de0ce778d8e185420d9c281aa67e45398b90bd248090494c9eb1fad7a47984f278274f2adcbbdd7a8b8cb257d976c91f697120649e88b89408ce353bd70523885db43ed52590275c7e284281847b1a8fb71db3cb3ae2a09c24b370ce8134c23d3eb246a259820b7e6dcccc4127e784845c17bcc9c67f541a26bed715d3f5e59c8bb8fcd9403442c862b1ad77cf5246154dd94fd80a3b66629a3f7a7d1e11cd4803a15dcf15028b8c91d381fcd4f71c86c30d2fbc9176239d3a2ffefe70750727a9368c1c6e0efbb3b3ac0f6702c9946d4f5c1dcd94b4f7590e604fc0b071a10e2faa4382cd6e71510f0abc6b0ddf6bee223542095d9ea45a33c140857f8008e4aa851506d743d9f5180d333c1106fc476a3e1a8895727f3cb4c34b85b3bcec2f2839dfbdce0b87d5f6d38d521cfd6da70c420c75b70fbe2504a0edfd0c16937fecae31adc6040e42f430ee45678836b36bea51d157f1238bab10538323b3d11092e94ee458175bf44fa340f21ba06a8d732bc610b959de440732939e2443d4672884571d47ced4ec4873a0d95f708dae2f13a29cd27c0a50cb94d28d59ac1de5d9cebc80cf8a9c9156820f9b4f0630ca064101e733ea0e2f906179a4b701927ef88ff079732e155da8c73df96e144d36de7898fb27f8a92834e0cd6e8304d2a03787c0b84564b695e9fad5edb906e0c8ac9c946fcb421d5caf79072fbbe5a36ce2108735526118c8f9e92b5b1fa53148579dd7cad9207ed42ddc1118a4d7d8b7db0ccb96b56bd9315fbed23c1c59999ee0cea197b2e23fb871053fc2f85ee9cdf37382edd921114420d85c1a0a9e12cc0f805c355f4451ffebf0e760fc5f4a04b043533ab2dd333117c32b0a0168fd5ca1501dcf849163fab64a7af57b9092e2b4b24692dc86c459d0b98a6d04ed633dd848e8f5a60052ddba8daf77ee72f8eb526de8d83d09d878890e1656f8643bd5038d99f7637016b144d74090d001437f8c4cf36b794f687bec5ca2a18c3b95ee96b559b6e8c7383c1c7fed11ef53b0c8ffdb41e92f6ab10be9e2689cc0d91a1079776fcae3abd740c56477e3ff765ee469fa6ba96246ceaf302175dc16c86c666a11dd18ab75fe42f8f8d7abd016dcda7ee3ba45c9d4d422803d3313d249351813e8ca505bbcb4e7919f7f82bdcd57b94934417f0624433ec33d603d92543d1bf3457cd08c7d8b4505615dcbaa0382cd511497337939397a0d1f2d0867e896b442dacbf8bd3219e7f46358deb6fd981596810ddbcb0c676ace339c97f2e9379f34c127fda28aabd90abeb69683a86d4fdc09e6aef9a453571ea8c31700152664c5b43f30c950957388ec914a1ac984cebe4271e21ecf64666495d95c314a9eb69b525dacc547836fae7fead6e560a2be62edd2a175cdb380bfcd593c927cf1dfdca268245529bb8c90bc7fb248eecee3df35f83f45704d2dc2d4ffc6fa304055357be1af9360665f00b9d62cedb94764f65a9b5046b0d3a71a36e245b01d5dab5307ded23e630d19134dabc618a4e97cafd4911fc50242aed2677d38999e860455dd940cb11380e2b7ca5d1c1345c12f2c8a7adf319546753e30cc7d70db4bda6b28df7053f80d67462e27c1e040a071b10e618164866379a6d69f7528408c78d43828b0bdfac4e86ffdf684e6dca73b12b7aef12eb3cedca166c8b13496646cd0384f45e35ba43f480609cf665a19e6b828fef21dfc81ad46a3e692a30826361edc02068382ba2ab0df8b44fcc42d4368e1f53a3389a1642938ecffc4589e7af75bd378a1d89b6e1e6f3537af8b58543dc57aa53e2da2448ab703681674b3c271792d6baf6c3192051365dfc84dafdca238e76afefbdc52bbb35b626873a7de2a501174178efce016f748d1a960e65d7694e0fe3cef6ee70b7bea6c9f32c552e40faf84bb9c4308035a5b7cbee872e00ec186f6537fc2b1142da673e48fbc2b4109a326453fd83f6e05dcac944db5cabe157e9955381a8da479320a1b1568b45a7b6ebd3e196df51926695d328009d5ad25b72ee501398815d02b98e923f8aa709f882b7eaa08d44e0f3262c4b763b581776bb88f2cc5b15e650e71b7fd0e5cb18421ac3437e486109f72ad903b2dbcc72ca7cd12faed885e4d678e3e2463521490ef97b4df52ac12efcf609821a87a84ee0add2d052fba06e176455cd5f01e187cf63405c3912b212c012e31ab437204f35b4c3b03d29637de7f972a66f44b2f0fd5aca2826b8ac2a68a40c30b320acbfcf19731db1facad7023db4e9b40c2ffeec93627f87c0f937b3e235b5e26a488ec4ee50508ca15dcf31145acff4db86bf0612a66c9dec36aea5a943d2bf4b285dc59f9d718d6e266405b9cc9e1e918c28ce7ad0c52413ddb404f5abef4820898fb8b23bf70b8406c865f02ebb8845fa34122684265f3e15272ec4edeaa532524fb6ec9c0b52f37050a7ca34e1081ceee50e7cfa08c941bdf7636eeb2687ecf6b1305863297a18b6cb014aafe1cb3f1f4efdd65c7d7d35d7654d25e5ad56f8619c3920e5b83bc0402eba0f4070c9e78a2c433fe38d13477c010a0ecaf66bca847077f04308770e7df07cea42657d1524e06f9eecef52e8375c3136c6b47aa6d3d243a092653e684b3bf964e9951862966af75a37fdd492e0be2a7d36696ff8e887a83f763ca3cf6c6a6e344980f10981db657ee51369acf3942d2e9835ccbefe1435b5016431c9a86c64cb317d50a1f0297506178d408fde9af21f50da03f6fadb38b149c6b394ca9b5bcde8d84577618388046c00288bb9ac8030dfb6ea893113a4785e80517081f08f6d0ce8ad5942ed811b3f998f48d4ce1b700e103db4fd45cfa3cf7cb1a4895118052041b1cd94ac9c0439f909cbaa1d60d473af7e26117ac0eb267016ff92da1edcb72438fd01591ff00b86457fa03454e65bb6ab22fe01e8cb31b0e8282ecde9268d9bdc36e2c68b3a34c151d818751a55eef4414987ee5d40cd9bc7d8cd0ed414190dea9cf0e1ccbeee888fff97483203e7031cc1b17618ca2a8af97401f823804a956b507fb8ebe99baf4f55e22c7c514ffdb71259b790292f233dcc29da8d9fd408797faefc6f00dd271cdef3101071fce49efc61c043e924c9870b67e0d8a60904e733f5e66f9a31d087adcc7d7d9083ca428e062572d855f8a2865beac1da00d391704838254ae4fc6d881e269ad240cc34d5b7078c1f8dcd08b5adda87e70e2da1c9ddccc09f68f38f8f598d46c4f469623a5c4c5ed8fb457e1094100d8e8ffcf5795a24a1441185ae2c27c19f0cc75c568a4cb846bbfc5d7ab5d047fe89c764d39a070d7de2d3fbf1a520923cd54c1587d2e8131eee64aed907a419c0c937b934609785c4babe4bd09f3d1b33b9c26f054c382902b2772949d02d51587373b1eba7edf4b5fb573dd175760b06ed76b560efc0f7a92ef212becd465f17bfb7cc13dbf2c9557c18820b74285b1054544faf4d52f29d02651b906819ed75fa0614473466581a7ae7f85c68c9925e0e0f78fdcfbb9e25e5d7d4a0f4173ab2c71175d4c4696ba357ecbea5951a8918590fcd9290857dee26af16c515f483f2cc50906d24ff2d0ea3accd5de6509ffad8c112249ca5157e0a661c885a2ab45a2f9c39e0c3bde551cbd924d137bc1441ec447a85278dfe9cffc563f5301db62eabf575b69978cdd386558ba64f83ebb80d9a0418d1e0d7b04c5f859f7af639975c16fee21b7e851858e86e7a842505ed3379b6df45db5870eb2ad54a627a5bf7ebdefa6d07a657190d38bca9e9048237b32a1fd3eaa8d5bfe7ab3f6600425f32948853ec43b64b32ddef43ebd64260b406b3f8159bca50092318e05ad982fd702a613feb9f2e1eb18b8af41b27b04cf05cfe23d6f9ab7e224404e06d5d60ec12a8a47ac87d88a787c195262a8320948b01c5c8872e7bf995d27b298bce6fa828ec62894d418cf47dcc4eccf5b82604f4eeb1ee8ccee44216326d33d8c4c7284603dca846198215b0afdaeeca54d8a845de", 0x1000}, {&(0x7f0000000400)="e7e930bda7c47baa2d227dee41c0d6ebcd5fb24981fb32eb1457b8896e77294a6ea004ec60545d41542a0bd2c73b3ccef69da0771940ee14f8073dfd8bc679383e68dd5d149e667e0e9432937d2f6e303a697c9d8271d90172241967bf473585bac0ec12156bb3717931030cff17fdbadaf726b893e39ce587927e347fa90f25d457d53a968bc94b90ef022aecbfe759ad208e0bc86ee98097f4b6b7329a678b23c831d028b5d4c5497808bf640ee9cac3ed607a7982d656e36966da885e046a897431d579d453", 0xc7}, {&(0x7f0000000040)="6e317af83f09e4", 0x7}, {&(0x7f00000029c0)="8ee4ae2308b69e0e46462053651a8fe59980da529993c33a33638d5c738d69b590358dda2f66a505f204d0a81c5626bf7784a5f9711a456a90afbe4b9da0c384b4752034f1f8d00609509bbcd1583758d68b8d810641d8cd77c7ff33a5336ee2892bf04ad2214bbc1095d752eb7b72628dbf1d7da46031b835f9e5ede843e92d3fd62344ea034d189b74c3cf69bc5a969393ee8962a44fc37776548f7871bbe164368a63fe26c02ed7bc010d159a091babfd467fb258825151bc47e77efe31e026fbf210c21dc1d25fffeda21d209baef6e3aa7313fbcc71deb551d36b55200e4ccd8d0582dc315c3c8ed8230e6d4da83790fd596679bbad94518bf218d5ea91a49f35b64ee315e442b780c4dcd2359e5e181b3af2fb2aa502186c85f48da4d76eb25605b2c4cd1b0e1215d82ddaf2299b6bdf7bd41d39f76dfcf5055b9978ff353a8cbfafe75851b63e078a42cf36d715b2efa17e09b799e3553f01c12782649d7dcae038fa23c344ecbec280d594170c6563def838a2b783dd53b4982bde6d55c5a3e5f2d8ede801db6f5db273eb205ab5d9064130514f6db53f841d951b71461b7c11c4b60f3cee0833a227b0ac950c7e278facf5716a5f371595dde4ebf47441cf8eb60433a36c67f93aecbe02b9fa260eee7ee3600f0daa2cdbac1f49fc5c3c0fda6d3f227fc379b41d97c0c9cbfdb9c73520626ee64bcd359944225109530ff1dea7dd4a29a444c7a1646b43cb086e55b222306bddd7ec001ca5469a683441df8bde7b5613e20692ec7ec2c90d8ed3abe81d6296cd7d4688fe76222636813c2320ed82e4ee83b619f11fa4780ec1af3fcb583369c409f720b02d8edec5bbc4d6f8571d17fddf04a8a51c500c1ce577cf6373fb355727d148314fe98b254c9a3f93459e3d94bb53866f0abeeb55f1fabe14ff38427e97bf270cfe75f7a0957beacafe11375a9f097211dc54eef2fdd39c82529c838703ed3cd9d5969236c1fdc9f9b1f7b1810036890111504779b391be74efe7bd689c5154e17ed5eb41901d6bf8f1ccfcfb83d079969806b5dd904bc6717fbc039af617092d8f52a12d02881cc65be19045a24cdb4a344d3dfd079a8fa437292e9ce6ec2c459f964b69c7fa7e18d0e403cbdcc58f1d3c40f5904cdfb5f286abed35c934d9fd419ed015db1bd82dc54fbfd25c5569966cc3ca5ec67f968a9aa82f78400fa932c609361caef6658dae6d18ac7c89bbfc82632d3cddd6fec8f382c219164b8a9d32c0287bcf3b7d8228401643693daa760b421327912c1514b07e95ab91b159e20982be20907dba6dfb5889f9bc9f4969db354d0c52851c68d3b5aa1bb0df0a33385fb98b70c7b3d57c7660c773c1afbcaf6aad9f9c24dbc13153af355f53eb222cefbd9c3f5676b14cdccfbe440cae075469f646f76923ac29431b6ab1c354962cb378fbf80c5d8a278ff8f1a22aba31dd3ce8aeac2917c9bbcd4cef7db8e2b82f2041b13ed62845a96bcd9b04df261803a1504690d5e9fdfc30f3117509a03b3c863d52cd5cba2231a92bb1ae7e5170be0b6acecea251f99034350aa091efadb9bdcc1e6db75d3e68e5d1d4bd07b10d9e09d53e8a04a888be1a4bef997ca560431dcc617ebd62dd444a96a420a837085ffbceb64e7a249be5be0e9489f13b219831789563b54c0396946d1961aaa2788781917fcfcf4912a0651c93f0dc5077f8b9fa09d0287d7485ebb38a1f59842783457b9e033f2b27d0b1cd8799bcf2ffa63a8ffa39dbb720606fe86b88e6c3f6e11845af97fd6b76e98f5a677e6b19ad7c4c098cc1e23422be609ebb7323d531eb1aa675cf958eb027aa17fbdedf0390c77073a9ab7523c9c16c4f4d2607b9f4097799f543fd4a172c66d369ec59c1a4eeefe3e063fbcedbcaf82c77e2efa03942f264cd9d93cd39df344422c9b8abe1c35f396c56eb68adda207ad8577bdc23fbf6bad3b8fc5b95689681b7c0e94c50a4e9739c39091c796cc2e528b5289ae2a138ae194133afe988327f5fd8f9a679a73011a9d127a7eaeaa4916aeaf388a7e4638f3e14fa40e7abc60dad290add6881bd9d3f76355df780b811991dacd9d3da25f6d8e0cff171f64705c9d6a9f6b6e8acc04ada80c25468e7f536c44433fe41b96121264ff0689ff51a791ce1c8cc789f38d52d526b67ce73881707c8d5f4e2ca585c12de4a08d8697b4f9a7d560d90a5a5163d836a0b2787728abc8e9bb2fb75100fce8737551c71a1afa11229e6e3c614d84cbaae97f4fc2518769b60160ee435db4a87a8f71ee663dd3a3785ccecbbed5cdafb1ef5c9d726e74c83e9891eab0de5966eb5237a2610f7913a340b433da8f9aae141050035328697e60250f2f42f0372230718a960d35a325664d769de8a7c75fb56e193b3e32edd2a6a648511fee04c2320371e20af31fcd9a14164b181fdf67238a8cc7c9acab5da187b7256fc28431ebd1c12cba8aa16c30d1df1a687749542ac35bc8dec25720eb255b2b6620ec5fe1ba712767b7f280065cb2fba4ec5d6735286fd0d0f7c23be5a4f4d091f07a576640bcceb0779f4573fcdaedcd329849052cff48bf39ba81ea5da530c43a85669aa3bbdf40f0c47af8d41ed8b7049ea86a797c504dd2a9564080afe2976abd6b73198274f64a3848f49dd621871f7bd7fa96658bda1d601106871e79330bdf268ab459fe0d304c65014b1fa9155b95bb9377790ca7337fe4a2e3d83dd32ecf6f4f96e6bd49f1fe0598bf13fd6d593ff40fed111d5d7b54ad28fa7c9cdac281042353516d7d6ace7890c2ec4be7e55ccb4d0fa5898f906add8fd9c381f843af95207a03f4e345ab3022bbc64e5f3353160972adef7f45ed3b0a6ae559fbfc8a8452c35673becc51f18885986c36034356ce9064ca4e16572b0a74a2fbff962bf165afd4c0abb39860127db0ceb49953c036de5c4de842525ce2b1af2a5b4b3f975024917fa55c9459ed58d8613561e2918bd1223b22bd4517aadcffa4fac9799daee478ddf7df90b5d3080aa36fea3fe411eff0caf666b6c5a842ba7bb7483d5078781cfd30c3c54581ef9168da96e405d74d2cd126b8f9361020f260aa02340920f53e9327914492831120497b67ea6a58ced6a91ec15bb406f9ad675b11f1ba7371db874b312ecd09f7c62b72a86232e38fe0c3cbe2230d0122adad2a315c382d74b2169908a41e1e441dae1192f1b3a5707d571d4cc41b6531eb194e965593979418ab25226b437880f8de01c35c3ff26bfe94a6acaef8a7d0d6b85a4ac5756a40726fbd6dd3f13f10cfbb0bcefd5f8be277ae6d470139e7c9a3208138cb4fa2080b06d899ae832eb1cc079194af6a6abbed60420c7d8f7f48844e9211b1c45c0d0899f3153d4b646dd894914830aec61ec549c5ba1b866ad7e8aca3ea419624debeb13295bc3ab2732087ae5f91427d77c0dc36fb45bf93271055a36ffd7eb9832c7dd1eb23f20a3f09a97548ba9e829d458c65c0e795133303b7a428c36d73eb33dce3571a4041ed2b3476c6f9ec50e8fda5a4bb4225541860f93751cefcf74d7dee041857244810dbc2f8bffcffaf9681595a18fd56f1e671f0ccd102314a9c3db7590b425cda792f48628e8a5570b8a1762679cf844df51dd39082c78f8343d97bff75153fcb841cbeada70602851fda0200283b63cb02a2c80ebb641dc98fe75af4188723f5be07f263e45ed4c25ff77a5cb5c4b8fe041bc8041c28f22db13fac3c93fe060517a4ca51d5788064b0d746a04a4047c00759d82acd49a65eaaef70fd6e2a2e041b969d45f7ba7874711c970384e29eec51ad8bd2ede6f1671ef76638db4523087b9845c785f1894febce4f3b16f2decf09e3f472eed66982fb7b4d6c0686ba9d2de673a1d40ce54d74a63a43aa1cb292fc58e27cb41772646dd63e6969f0d404e5813b901b67a64a242ea4970d4e77554a8175d53cb91de4ee39a8eaaeab7078122fed58b74b5af021354c88a4bf595677d08a6a6438fdd74c3ffca74546c98c0410907c02c5bb0f6417a56e12722662792146fff9df23873726730ab43649a7e8a0b45af06f199e46e6f4a7c823fc55d0d75688b977e668db0b1c9cb8094d49f6e21d8b605c1b6e1c45e648eb9ca5e6dbcfff05175ad2d0d72084b4844b7f688fc265a7281cc588c6595cb80e9811f7a74c27d611376c807f87f530b2181140b8694f10724841ad448f3962b65ab47b8cca3a67895a4d964875b1646862674ca7ae754ca38d9c8858454107879ce18285da8a5de36a31b40c35e8cfffd4cf35c38407321df694ea254a1d39af19840b254b349b9d8a113966a1f09fcaff58a66ef406be8fcb3bbb2a6a9f69d233ceb37bd9d4162c24bf46240e28a392f5013681ac5751544089d6d4f1d4b7f97aaae1ed0d57e24affbd088d521bbdb546ca473e3c29f6ece98eca1890808bf80b282029d97d955d31b9a5dc0e300ffa250e75851949d5131ef89f1a4121966c3c473267ca729042efef6f3788355b6e2b583a039a6d960b29dff2bae930acefe816820b57c1210b45e65570114d654f328ddfffa9a00c24e609bc77e9e4aaf57b06255c707d6b49746602ecf0cbdd60bc6fdc10471c0fe019bf0e6d9f260bb4b0227ea67fc9329649ec3767c932af21a5910d29131072186beeb2d0a3396da28ec120d34f56e5291f5db3e18b72e87ed2220f936b02ca9d26da0cf7b5dd179299ce528a5366e594f95e372677d695f08cd0fc99ef7ba823016233ec5e41c2b055880d9f64290b78d6b4f7bd035b3ea8cd8f9063289d6359f139e12721e9190c2cac14d8a40156a00ade7cf3b17b2f3778734a50073234d0b821eadb1886e4cf438b7", 0xd6a}], 0x6}, 0x0) (async) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) (async, rerun: 32) readv(r3, &(0x7f0000000100)=[{&(0x7f0000000340)=""/154, 0x9a}], 0x1) (async, rerun: 32) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000001c0)={0x1, &(0x7f0000000380)=[{0x6, 0x80, 0xfd, 0x7fffffff}]}) r8 = syz_clone(0xa0000280, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r8) (async, rerun: 64) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r8, 0x0, 0x0) (rerun: 64) 0s ago: executing program 3 (id=989): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_xfrm(0x10, 0x3, 0x6) syz_usb_connect(0x3, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902"], 0x0) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r1, 0x113, 0x7ffffffe, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x40, 0xf0, 0x75, [{{0x9, 0x4, 0x0, 0x3, 0x3, 0x2, 0x6, 0x0, 0x4b, {{0x5}, {0x5, 0x24, 0x0, 0x31}, {0xd, 0x24, 0xf, 0x1, 0x3, 0xfffd, 0x0, 0xb}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x6, 0xa, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x5, 0x8, 0x4}}}}}]}}]}}, 0x0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r6, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) write$nci(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r4], 0x4) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x7, @remote}, r7}}, 0x48) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'erspan0\x00', 0x0}) setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r8, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r9, 0x1, 0x0, 0x6, @multicast}, 0x14) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @private2}, {0xa, 0x0, 0x0, @local}, r7}}, 0x48) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r10, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): 00000000107 RDI: 0000000000000045 [ 163.979122][ T7607] RBP: 00007efdd1410b39 R08: 000000000000001c R09: 0000000000000000 [ 163.979133][ T7607] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 163.979144][ T7607] R13: 0000000000000000 R14: 00007efdd15b6080 R15: 00007fffa6f479d8 [ 163.979174][ T7607] [ 163.979181][ T7607] Mem-Info: [ 164.288288][ T7607] active_anon:6214 inactive_anon:0 isolated_anon:0 [ 164.288288][ T7607] active_file:11334 inactive_file:39902 isolated_file:0 [ 164.288288][ T7607] unevictable:768 dirty:70 writeback:0 [ 164.288288][ T7607] slab_reclaimable:6578 slab_unreclaimable:94933 [ 164.288288][ T7607] mapped:26318 shmem:1361 pagetables:1156 [ 164.288288][ T7607] sec_pagetables:0 bounce:0 [ 164.288288][ T7607] kernel_misc_reclaimable:0 [ 164.288288][ T7607] free:1335272 free_pcp:18759 free_cma:0 [ 164.288354][ T7607] Node 0 active_anon:24856kB inactive_anon:0kB active_file:45336kB inactive_file:159404kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:105272kB dirty:276kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11588kB pagetables:4484kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 164.288396][ T7607] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 164.288435][ T7607] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 164.288481][ T7607] lowmem_reserve[]: 0 2496 2498 2498 2498 [ 164.288517][ T7607] Node 0 DMA32 free:1430312kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24808kB inactive_anon:0kB active_file:45336kB inactive_file:158080kB unevictable:1536kB writepending:276kB present:3129332kB managed:2556908kB mlocked:0kB bounce:0kB free_pcp:56048kB local_pcp:32428kB free_cma:0kB [ 164.288564][ T7607] lowmem_reserve[]: 0 0 1 1 1 [ 164.288602][ T7607] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 164.288658][ T7607] lowmem_reserve[]: 0 0 0 0 0 [ 164.288696][ T7607] Node 1 Normal free:3895408kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18980kB local_pcp:5536kB free_cma:0kB [ 164.288743][ T7607] lowmem_reserve[]: 0 0 0 0 0 [ 164.288780][ T7607] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 164.288930][ T7607] Node 0 DMA32: 680*4kB (ME) 1125*8kB (UME) 986*16kB (UME) 461*32kB (UME) 505*64kB (UME) 137*128kB (UME) 91*256kB (UME) 58*512kB (UME) 39*1024kB (UME) 8*2048kB (UE) 300*4096kB (UM) = 1430216kB [ 164.289067][ T7607] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 164.289152][ T7607] Node 1 Normal: 186*4kB (UME) 41*8kB (UME) 38*16kB (UME) 73*32kB (UME) 31*64kB (UME) 6*128kB (UME) 4*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 947*4096kB (M) = 3895408kB [ 164.289289][ T7607] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 164.289301][ T7607] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 164.289313][ T7607] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 164.289324][ T7607] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 164.289336][ T7607] 52594 total pagecache pages [ 164.289343][ T7607] 0 pages in swap cache [ 164.289350][ T7607] Free swap = 124996kB [ 164.289357][ T7607] Total swap = 124996kB [ 164.289364][ T7607] 2097051 pages RAM [ 164.289369][ T7607] 0 pages HighMem/MovableOnly [ 164.289375][ T7607] 425846 pages reserved [ 164.289382][ T7607] 0 pages cma reserved [ 164.762756][ T121] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 164.924889][ T121] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 164.956226][ T121] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 164.967234][ T7630] FAULT_INJECTION: forcing a failure. [ 164.967234][ T7630] name failslab, interval 1, probability 0, space 0, times 0 [ 164.967431][ T121] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.981747][ T30] audit: type=1326 audit(1751342649.473:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7628 comm="syz.2.627" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efdd138e929 code=0x0 [ 164.999348][ T121] usb 1-1: config 0 descriptor?? [ 165.023309][ T121] pwc: Askey VC010 type 2 USB webcam detected. [ 165.042435][ T7630] CPU: 0 UID: 0 PID: 7630 Comm: syz.3.626 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 165.042459][ T7630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.042469][ T7630] Call Trace: [ 165.042477][ T7630] [ 165.042485][ T7630] dump_stack_lvl+0x189/0x250 [ 165.042509][ T7630] ? __pfx____ratelimit+0x10/0x10 [ 165.042529][ T7630] ? __pfx_dump_stack_lvl+0x10/0x10 [ 165.042542][ T7630] ? __pfx__printk+0x10/0x10 [ 165.042554][ T7630] ? __pfx___might_resched+0x10/0x10 [ 165.042565][ T7630] ? fs_reclaim_acquire+0x7d/0x100 [ 165.042579][ T7630] should_fail_ex+0x414/0x560 [ 165.042600][ T7630] should_failslab+0xa8/0x100 [ 165.042625][ T7630] __kmalloc_noprof+0xcb/0x4f0 [ 165.042643][ T7630] ? tomoyo_encode+0x28b/0x550 [ 165.042666][ T7630] tomoyo_encode+0x28b/0x550 [ 165.042687][ T7630] tomoyo_realpath_from_path+0x58d/0x5d0 [ 165.042704][ T7630] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 165.042718][ T7630] tomoyo_path_number_perm+0x1e8/0x5a0 [ 165.042733][ T7630] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 165.042766][ T7630] ? __lock_acquire+0xab9/0xd20 [ 165.042810][ T7630] ? __fget_files+0x2a/0x420 [ 165.042834][ T7630] ? __fget_files+0x2a/0x420 [ 165.042846][ T7630] ? __fget_files+0x3a0/0x420 [ 165.042857][ T7630] ? __fget_files+0x2a/0x420 [ 165.042871][ T7630] security_file_ioctl+0xcb/0x2d0 [ 165.042886][ T7630] __se_sys_ioctl+0x47/0x170 [ 165.042901][ T7630] do_syscall_64+0xfa/0x3b0 [ 165.042921][ T7630] ? lockdep_hardirqs_on+0x9c/0x150 [ 165.042940][ T7630] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.042957][ T7630] ? clear_bhb_loop+0x60/0xb0 [ 165.042978][ T7630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.042990][ T7630] RIP: 0033:0x7fbea658e929 [ 165.042999][ T7630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.043007][ T7630] RSP: 002b:00007fbea73e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 165.043018][ T7630] RAX: ffffffffffffffda RBX: 00007fbea67b6160 RCX: 00007fbea658e929 [ 165.043025][ T7630] RDX: 0000200000000140 RSI: 0000000040045612 RDI: 0000000000000003 [ 165.043032][ T7630] RBP: 00007fbea73e4090 R08: 0000000000000000 R09: 0000000000000000 [ 165.043038][ T7630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 165.043046][ T7630] R13: 0000000000000001 R14: 00007fbea67b6160 R15: 00007ffc0427c8e8 [ 165.043073][ T7630] [ 165.043113][ T7630] ERROR: Out of memory at tomoyo_realpath_from_path. [ 165.428091][ T121] pwc: recv_control_msg error -32 req 02 val 2b00 [ 165.438872][ T121] pwc: recv_control_msg error -32 req 02 val 2700 [ 165.455057][ T121] pwc: recv_control_msg error -32 req 02 val 2c00 [ 165.485058][ T121] pwc: recv_control_msg error -32 req 04 val 1000 [ 165.492580][ T121] pwc: recv_control_msg error -32 req 04 val 1300 [ 165.502187][ T121] pwc: recv_control_msg error -32 req 04 val 1400 [ 165.514306][ T121] pwc: recv_control_msg error -32 req 02 val 2000 [ 165.725453][ T121] pwc: recv_control_msg error -32 req 04 val 1500 [ 165.733474][ T121] pwc: recv_control_msg error -32 req 02 val 2500 [ 165.741713][ T121] pwc: recv_control_msg error -32 req 02 val 2400 [ 165.853945][ T980] vhci_hcd: vhci_device speed not set [ 165.950435][ T121] pwc: recv_control_msg error -71 req 02 val 2900 [ 165.962736][ T121] pwc: recv_control_msg error -71 req 02 val 2800 [ 165.972464][ T5900] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 165.992711][ T121] pwc: recv_control_msg error -71 req 04 val 1100 [ 166.005751][ T121] pwc: recv_control_msg error -71 req 04 val 1200 [ 166.026814][ T121] pwc: Registered as video103. [ 166.044560][ T121] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input14 [ 166.102419][ T121] usb 1-1: USB disconnect, device number 20 [ 166.150912][ T7651] netlink: 72 bytes leftover after parsing attributes in process `syz.2.635'. [ 166.172759][ T5900] usb 2-1: Using ep0 maxpacket: 32 [ 166.202068][ T7652] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 166.204022][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.238100][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.263265][ T5900] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 166.272325][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.305340][ T5900] usb 2-1: config 0 descriptor?? [ 166.634605][ T30] audit: type=1326 audit(1751342651.123:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7660 comm="syz.0.639" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1da338e929 code=0x0 [ 166.738943][ T5900] ft260 0003:0403:6030.0007: unknown main item tag 0x7 [ 166.812529][ T10] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 166.928683][ T5900] ft260 0003:0403:6030.0007: chip code: 6424 8183 [ 166.967399][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 166.992408][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 167.008410][ T10] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 167.017511][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 167.025560][ T10] usb 4-1: SerialNumber: syz [ 167.072653][ T5840] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 167.174388][ T5900] ft260 0003:0403:6030.0007: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0 [ 167.232573][ T5840] usb 3-1: Using ep0 maxpacket: 32 [ 167.247019][ T5840] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 167.261314][ T10] usb 4-1: 0:2 : does not exist [ 167.261417][ T5840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.275507][ T5840] usb 3-1: Product: syz [ 167.280145][ T5840] usb 3-1: Manufacturer: syz [ 167.283652][ T10] usb 4-1: USB disconnect, device number 31 [ 167.299289][ T5840] usb 3-1: SerialNumber: syz [ 167.312817][ T5840] usb 3-1: config 0 descriptor?? [ 167.339700][ T5840] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 167.361963][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 167.655662][ T5900] ft260 0003:0403:6030.0007: failed to retrieve status: -71 [ 167.683058][ T5900] ft260 0003:0403:6030.0007: failed to reset I2C controller: -71 [ 167.717155][ T5900] usb 2-1: USB disconnect, device number 12 [ 168.497828][ T30] audit: type=1326 audit(1751342652.983:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7686 comm="syz.3.649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbea658e929 code=0x0 [ 168.533800][ T980] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 168.696875][ T980] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 168.706096][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.714305][ T10] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 168.722497][ T980] usb 2-1: Product: syz [ 168.726754][ T980] usb 2-1: Manufacturer: syz [ 168.731349][ T980] usb 2-1: SerialNumber: syz [ 168.743464][ T980] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 168.761466][ T5888] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 168.862456][ T10] usb 1-1: device descriptor read/64, error -71 [ 169.102537][ T10] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 169.172035][ T121] usb 2-1: USB disconnect, device number 13 [ 169.244110][ T10] usb 1-1: device descriptor read/64, error -71 [ 169.352785][ T10] usb usb1-port1: attempt power cycle [ 169.620133][ T7696] FAULT_INJECTION: forcing a failure. [ 169.620133][ T7696] name failslab, interval 1, probability 0, space 0, times 0 [ 169.640173][ T7696] CPU: 0 UID: 0 PID: 7696 Comm: syz.3.652 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 169.640199][ T7696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 169.640210][ T7696] Call Trace: [ 169.640217][ T7696] [ 169.640225][ T7696] dump_stack_lvl+0x189/0x250 [ 169.640250][ T7696] ? __pfx____ratelimit+0x10/0x10 [ 169.640271][ T7696] ? __pfx_dump_stack_lvl+0x10/0x10 [ 169.640290][ T7696] ? __pfx__printk+0x10/0x10 [ 169.640315][ T7696] ? __pfx___might_resched+0x10/0x10 [ 169.640332][ T7696] ? fs_reclaim_acquire+0x7d/0x100 [ 169.640358][ T7696] should_fail_ex+0x414/0x560 [ 169.640388][ T7696] should_failslab+0xa8/0x100 [ 169.640410][ T7696] __kmalloc_noprof+0xcb/0x4f0 [ 169.640427][ T7696] ? kfree+0x4d/0x440 [ 169.640442][ T7696] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 169.640467][ T7696] tomoyo_realpath_from_path+0xe3/0x5d0 [ 169.640489][ T7696] ? tomoyo_domain+0xd9/0x130 [ 169.640514][ T7696] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 169.640538][ T7696] tomoyo_path_number_perm+0x1e8/0x5a0 [ 169.640565][ T7696] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 169.640607][ T7696] ? __lock_acquire+0xab9/0xd20 [ 169.640651][ T7696] ? __fget_files+0x2a/0x420 [ 169.640676][ T7696] ? __fget_files+0x2a/0x420 [ 169.640696][ T7696] ? __fget_files+0x3a0/0x420 [ 169.640714][ T7696] ? __fget_files+0x2a/0x420 [ 169.640740][ T7696] security_file_ioctl+0xcb/0x2d0 [ 169.640767][ T7696] __se_sys_ioctl+0x47/0x170 [ 169.640788][ T7696] do_syscall_64+0xfa/0x3b0 [ 169.640810][ T7696] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.640826][ T7696] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 169.640843][ T7696] ? clear_bhb_loop+0x60/0xb0 [ 169.640864][ T7696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.640880][ T7696] RIP: 0033:0x7fbea658e929 [ 169.640894][ T7696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.640907][ T7696] RSP: 002b:00007fbea7426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 169.640924][ T7696] RAX: ffffffffffffffda RBX: 00007fbea67b5fa0 RCX: 00007fbea658e929 [ 169.640935][ T7696] RDX: 0000200000000280 RSI: 000000004008ae89 RDI: 0000000000000005 [ 169.640945][ T7696] RBP: 00007fbea7426090 R08: 0000000000000000 R09: 0000000000000000 [ 169.640954][ T7696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.640964][ T7696] R13: 0000000000000000 R14: 00007fbea67b5fa0 R15: 00007ffc0427c8e8 [ 169.640987][ T7696] [ 169.640994][ T7696] ERROR: Out of memory at tomoyo_realpath_from_path. [ 169.838670][ C0] vkms_vblank_simulate: vblank timer overrun [ 169.906495][ T5888] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 169.913602][ T5888] ath9k_htc: Failed to initialize the device [ 169.921416][ T121] usb 2-1: ath9k_htc: USB layer deinitialized [ 169.963621][ T10] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 169.993050][ T10] usb 1-1: device descriptor read/8, error -71 [ 170.232613][ T10] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 170.265856][ T10] usb 1-1: device descriptor read/8, error -71 [ 170.320418][ T30] audit: type=1326 audit(1751342654.803:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7707 comm="syz.1.658" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a2dd8e929 code=0x0 [ 170.372912][ T10] usb usb1-port1: unable to enumerate USB device [ 170.505459][ T121] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 170.669038][ T121] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 170.682867][ T5840] gspca_stk1135: reg_w 0x353 err -71 [ 170.694209][ T5840] gspca_stk1135: serial bus timeout: status=0x00 [ 170.700546][ T5840] gspca_stk1135: Sensor write failed [ 170.705883][ T121] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 170.714926][ T5840] gspca_stk1135: serial bus timeout: status=0x00 [ 170.721301][ T5840] gspca_stk1135: Sensor write failed [ 170.726829][ T5840] gspca_stk1135: serial bus timeout: status=0x00 [ 170.734054][ T5840] gspca_stk1135: Sensor read failed [ 170.739400][ T121] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 170.748709][ T5840] gspca_stk1135: serial bus timeout: status=0x00 [ 170.755626][ T5840] gspca_stk1135: Sensor read failed [ 170.760807][ T5840] gspca_stk1135: Detected sensor type unknown (0x0) [ 170.767422][ T121] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 170.775524][ T121] usb 4-1: SerialNumber: syz [ 170.781104][ T5840] gspca_stk1135: serial bus timeout: status=0x00 [ 170.789063][ T5840] gspca_stk1135: Sensor read failed [ 170.794393][ T5840] gspca_stk1135: serial bus timeout: status=0x00 [ 170.803317][ T121] usb 4-1: 0:2 : does not exist [ 170.809713][ T5840] gspca_stk1135: Sensor read failed [ 170.815015][ T5840] gspca_stk1135: serial bus timeout: status=0x00 [ 170.821350][ T5840] gspca_stk1135: Sensor write failed [ 170.826787][ T5840] gspca_stk1135: serial bus timeout: status=0x00 [ 170.833804][ T5840] gspca_stk1135: Sensor write failed [ 170.839148][ T5840] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71 [ 170.852809][ T5840] usb 3-1: USB disconnect, device number 23 [ 171.258874][ T121] usb 4-1: USB disconnect, device number 32 [ 171.449358][ T5840] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 171.720387][ T7728] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 171.728214][ T7728] UDF-fs: Scanning with blocksize 4096 failed [ 171.908834][ T30] audit: type=1326 audit(1751342656.393:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7735 comm="syz.0.667" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1da338e929 code=0x0 [ 171.989524][ T30] audit: type=1400 audit(1751342656.473:37): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=7738 comm="syz.3.668" [ 172.233884][ T57] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 172.382578][ T57] usb 2-1: device descriptor read/64, error -71 [ 172.420469][ T7747] syzkaller1: entered promiscuous mode [ 172.428043][ T7747] syzkaller1: entered allmulticast mode [ 172.632516][ T57] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 172.772546][ T57] usb 2-1: device descriptor read/64, error -71 [ 172.897631][ T57] usb usb2-port1: attempt power cycle [ 173.156121][ T7770] vxfs: WRONG superblock magic 00000000 at 1 [ 173.162302][ T7770] vxfs: WRONG superblock magic 00000000 at 8 [ 173.170875][ T7770] vxfs: can't find superblock. [ 173.208481][ T30] audit: type=1800 audit(1751342657.693:38): pid=7748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.670" name="/" dev="fuse" ino=0 res=0 errno=0 [ 173.246109][ T57] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 173.277268][ T57] usb 2-1: device descriptor read/8, error -71 [ 173.324387][ T30] audit: type=1326 audit(1751342657.813:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7773 comm="syz.0.683" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1da338e929 code=0x0 [ 173.552472][ T57] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 173.574781][ T57] usb 2-1: device descriptor read/8, error -71 [ 173.682705][ T57] usb usb2-port1: unable to enumerate USB device [ 174.012602][ T10] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 174.462230][ T7790] __vm_enough_memory: pid: 7790, comm: syz.0.686, bytes: 21200297705472 not enough memory for the allocation [ 174.671250][ T7793] FAULT_INJECTION: forcing a failure. [ 174.671250][ T7793] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.693297][ T7793] CPU: 0 UID: 0 PID: 7793 Comm: syz.3.687 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 174.693324][ T7793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.693335][ T7793] Call Trace: [ 174.693342][ T7793] [ 174.693350][ T7793] dump_stack_lvl+0x189/0x250 [ 174.693374][ T7793] ? __pfx____ratelimit+0x10/0x10 [ 174.693395][ T7793] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.693414][ T7793] ? __pfx__printk+0x10/0x10 [ 174.693433][ T7793] ? __might_fault+0xb0/0x130 [ 174.693464][ T7793] should_fail_ex+0x414/0x560 [ 174.693492][ T7793] _copy_from_iter+0x1db/0x16f0 [ 174.693518][ T7793] ? rcu_is_watching+0x15/0xb0 [ 174.693537][ T7793] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 174.693558][ T7793] ? __pfx__copy_from_iter+0x10/0x10 [ 174.693580][ T7793] ? __build_skb_around+0x257/0x3e0 [ 174.693605][ T7793] ? netlink_sendmsg+0x642/0xb30 [ 174.693625][ T7793] ? skb_put+0x11b/0x210 [ 174.693649][ T7793] netlink_sendmsg+0x6b2/0xb30 [ 174.693678][ T7793] ? __pfx_netlink_sendmsg+0x10/0x10 [ 174.693702][ T7793] ? aa_sock_msg_perm+0xf1/0x1d0 [ 174.693723][ T7793] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 174.693744][ T7793] ? __pfx_netlink_sendmsg+0x10/0x10 [ 174.693773][ T7793] __sock_sendmsg+0x21c/0x270 [ 174.693796][ T7793] sock_write_iter+0x258/0x330 [ 174.693818][ T7793] ? __pfx_sock_write_iter+0x10/0x10 [ 174.693847][ T7793] ? __lock_acquire+0xab9/0xd20 [ 174.693880][ T7793] do_iter_readv_writev+0x56e/0x7f0 [ 174.693905][ T7793] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 174.693929][ T7793] ? bpf_lsm_file_permission+0x9/0x20 [ 174.693943][ T7793] ? security_file_permission+0x75/0x290 [ 174.693967][ T7793] ? rw_verify_area+0x258/0x650 [ 174.693989][ T7793] vfs_writev+0x31a/0x960 [ 174.694016][ T7793] ? __lock_acquire+0xab9/0xd20 [ 174.694041][ T7793] ? __pfx_vfs_writev+0x10/0x10 [ 174.694079][ T7793] ? __fget_files+0x2a/0x420 [ 174.694105][ T7793] ? __fget_files+0x3a0/0x420 [ 174.694123][ T7793] ? __fget_files+0x2a/0x420 [ 174.694153][ T7793] do_writev+0x14d/0x2d0 [ 174.694178][ T7793] ? __pfx_do_writev+0x10/0x10 [ 174.694198][ T7793] ? rcu_is_watching+0x15/0xb0 [ 174.694219][ T7793] ? do_syscall_64+0xbe/0x3b0 [ 174.694244][ T7793] do_syscall_64+0xfa/0x3b0 [ 174.694265][ T7793] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.694298][ T7793] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 174.694315][ T7793] ? clear_bhb_loop+0x60/0xb0 [ 174.694335][ T7793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.694352][ T7793] RIP: 0033:0x7fbea658e929 [ 174.694368][ T7793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.694383][ T7793] RSP: 002b:00007fbea7426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 174.694402][ T7793] RAX: ffffffffffffffda RBX: 00007fbea67b5fa0 RCX: 00007fbea658e929 [ 174.694415][ T7793] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003 [ 174.694426][ T7793] RBP: 00007fbea7426090 R08: 0000000000000000 R09: 0000000000000000 [ 174.694437][ T7793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.694447][ T7793] R13: 0000000000000000 R14: 00007fbea67b5fa0 R15: 00007ffc0427c8e8 [ 174.694475][ T7793] [ 175.014403][ C0] vkms_vblank_simulate: vblank timer overrun [ 175.039488][ T5918] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 175.255640][ T5918] usb 1-1: config 0 has an invalid interface number: 11 but max is 0 [ 175.263940][ T5918] usb 1-1: config 0 has no interface number 0 [ 175.270087][ T5918] usb 1-1: config 0 interface 11 has no altsetting 0 [ 175.276860][ T5918] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 175.285942][ T5918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.298672][ T5918] usb 1-1: config 0 descriptor?? [ 175.431996][ T5918] keyspan 1-1:0.11: Keyspan 2 port adapter converter detected [ 175.450853][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 7 [ 175.513988][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 81 [ 175.536535][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 82 [ 175.559342][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 1 [ 175.582555][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 2 [ 175.609977][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 85 [ 175.640135][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 5 [ 175.678077][ T5918] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 175.751062][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 83 [ 175.796671][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 84 [ 175.831747][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 3 [ 175.851533][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 4 [ 175.879820][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 86 [ 175.919936][ T5918] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 6 [ 175.991957][ T5918] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 176.090839][ T7805] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 176.138970][ T7805] /dev/rnullb0: Can't open blockdev [ 176.519849][ T7811] loop2: detected capacity change from 0 to 7 [ 176.536856][ T7811] Dev loop2: unable to read RDB block 7 [ 176.548384][ T7811] loop2: unable to read partition table [ 176.554913][ T7811] loop2: partition table beyond EOD, truncated [ 176.568296][ T7811] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 176.893619][ T7815] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 177.052661][ T5840] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 177.197039][ T7815] VFS: Can't find a romfs filesystem on dev rnullb0. [ 177.197039][ T7815] [ 177.206392][ T5840] usb 4-1: device descriptor read/64, error -71 [ 177.259419][ T7817] netlink: 56 bytes leftover after parsing attributes in process `syz.2.698'. [ 177.315255][ T7817] netlink: 'syz.2.698': attribute type 9 has an invalid length. [ 177.455370][ T5840] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 177.487692][ T5900] usb 1-1: USB disconnect, device number 26 [ 177.500936][ T5900] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 177.520421][ T5900] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 177.531262][ T5900] keyspan 1-1:0.11: device disconnected [ 177.582457][ T980] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 177.612506][ T5840] usb 4-1: device descriptor read/64, error -71 [ 177.719515][ T7833] mkiss: ax0: crc mode is auto. [ 177.725520][ T5840] usb usb4-port1: attempt power cycle [ 177.731715][ T7833] FAULT_INJECTION: forcing a failure. [ 177.731715][ T7833] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.748491][ T7833] CPU: 1 UID: 0 PID: 7833 Comm: syz.0.704 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 177.748506][ T7833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 177.748512][ T7833] Call Trace: [ 177.748517][ T7833] [ 177.748522][ T7833] dump_stack_lvl+0x189/0x250 [ 177.748537][ T7833] ? __pfx____ratelimit+0x10/0x10 [ 177.748551][ T7833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.748561][ T7833] ? __pfx__printk+0x10/0x10 [ 177.748572][ T7833] ? __might_fault+0xb0/0x130 [ 177.748588][ T7833] should_fail_ex+0x414/0x560 [ 177.748605][ T7833] _copy_from_user+0x2d/0xb0 [ 177.748620][ T7833] mkiss_ioctl+0x193/0x5b0 [ 177.748633][ T7833] ? __pfx_mkiss_ioctl+0x10/0x10 [ 177.748646][ T7833] ? __pfx_mkiss_ioctl+0x10/0x10 [ 177.748656][ T7833] tty_ioctl+0x9c6/0xde0 [ 177.748666][ T7833] ? __pfx_tty_ioctl+0x10/0x10 [ 177.748676][ T7833] __se_sys_ioctl+0xfc/0x170 [ 177.748688][ T7833] do_syscall_64+0xfa/0x3b0 [ 177.748699][ T7833] ? lockdep_hardirqs_on+0x9c/0x150 [ 177.748710][ T7833] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.748719][ T7833] ? clear_bhb_loop+0x60/0xb0 [ 177.748731][ T7833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.748740][ T7833] RIP: 0033:0x7f1da338e929 [ 177.748750][ T7833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.748758][ T7833] RSP: 002b:00007f1da41c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 177.748769][ T7833] RAX: ffffffffffffffda RBX: 00007f1da35b5fa0 RCX: 00007f1da338e929 [ 177.748776][ T7833] RDX: 0000000020001116 RSI: 0000000000008924 RDI: 0000000000000003 [ 177.748783][ T7833] RBP: 00007f1da41c9090 R08: 0000000000000000 R09: 0000000000000000 [ 177.748789][ T7833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.748794][ T7833] R13: 0000000000000000 R14: 00007f1da35b5fa0 R15: 00007ffebc108018 [ 177.748809][ T7833] [ 177.754592][ T980] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 177.959620][ T980] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 177.968733][ T980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.978605][ T980] usb 2-1: config 0 descriptor?? [ 177.984537][ T7820] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 178.038724][ T7835] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 178.046160][ T7835] VFS: Can't find a romfs filesystem on dev rnullb0. [ 178.046160][ T7835] [ 178.082886][ T5840] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 178.123246][ T5840] usb 4-1: device descriptor read/8, error -71 [ 178.355059][ T7845] netlink: 'syz.0.710': attribute type 2 has an invalid length. [ 178.363951][ T5840] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 178.405267][ T980] elan 0003:04F3:0755.0008: unknown main item tag 0x0 [ 178.412671][ T5840] usb 4-1: device descriptor read/8, error -71 [ 178.539963][ T5840] usb usb4-port1: unable to enumerate USB device [ 178.584290][ T980] elan 0003:04F3:0755.0008: unknown main item tag 0x0 [ 178.591126][ T980] elan 0003:04F3:0755.0008: unknown main item tag 0x0 [ 178.597985][ T980] elan 0003:04F3:0755.0008: unknown main item tag 0x0 [ 178.620402][ T980] elan 0003:04F3:0755.0008: unknown main item tag 0x0 [ 178.631747][ T980] elan 0003:04F3:0755.0008: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 178.682710][ T5840] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 178.717930][ T7820] trusted_key: encrypted_key: key user:syz not found [ 178.730722][ T5918] usb 2-1: USB disconnect, device number 18 [ 178.840354][ T980] IPVS: starting estimator thread 0... [ 178.853535][ T5840] usb 1-1: Using ep0 maxpacket: 16 [ 178.861043][ T5840] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 178.871463][ T5840] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 178.883354][ T5840] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 178.892541][ T5840] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.900520][ T5840] usb 1-1: Product: syz [ 178.904801][ T5840] usb 1-1: Manufacturer: syz [ 178.909538][ T5840] usb 1-1: SerialNumber: syz [ 178.942565][ T7861] IPVS: using max 30 ests per chain, 72000 per kthread [ 179.130103][ T5840] usb 1-1: 0:2 : does not exist [ 179.152261][ T5840] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 179.175648][ T5840] usb 1-1: USB disconnect, device number 27 [ 179.228453][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 179.815444][ T7883] delete_channel: no stack [ 179.820150][ T7883] delete_channel: no stack [ 179.829488][ T7883] netlink: 88 bytes leftover after parsing attributes in process `syz.0.721'. [ 179.925699][ T7885] /dev/rnullb0: Can't open blockdev [ 179.942539][ T5840] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 179.954414][ T7887] FAULT_INJECTION: forcing a failure. [ 179.954414][ T7887] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.984120][ T7887] CPU: 0 UID: 0 PID: 7887 Comm: syz.0.723 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 179.984146][ T7887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 179.984157][ T7887] Call Trace: [ 179.984164][ T7887] [ 179.984172][ T7887] dump_stack_lvl+0x189/0x250 [ 179.984196][ T7887] ? __pfx____ratelimit+0x10/0x10 [ 179.984217][ T7887] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.984236][ T7887] ? __pfx__printk+0x10/0x10 [ 179.984268][ T7887] should_fail_ex+0x414/0x560 [ 179.984297][ T7887] _copy_to_user+0x31/0xb0 [ 179.984316][ T7887] simple_read_from_buffer+0xe1/0x170 [ 179.984345][ T7887] proc_fail_nth_read+0x1df/0x250 [ 179.984372][ T7887] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 179.984398][ T7887] ? rw_verify_area+0x258/0x650 [ 179.984417][ T7887] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 179.984442][ T7887] vfs_read+0x1fd/0x980 [ 179.984467][ T7887] ? __pfx___mutex_lock+0x10/0x10 [ 179.984487][ T7887] ? __pfx_vfs_read+0x10/0x10 [ 179.984505][ T7887] ? __fget_files+0x2a/0x420 [ 179.984530][ T7887] ? __fget_files+0x3a0/0x420 [ 179.984549][ T7887] ? __fget_files+0x2a/0x420 [ 179.984577][ T7887] ksys_read+0x145/0x250 [ 179.984598][ T7887] ? __pfx_ksys_read+0x10/0x10 [ 179.984613][ T7887] ? rcu_is_watching+0x15/0xb0 [ 179.984637][ T7887] ? do_syscall_64+0xbe/0x3b0 [ 179.984659][ T7887] do_syscall_64+0xfa/0x3b0 [ 179.984679][ T7887] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.984698][ T7887] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.984715][ T7887] ? clear_bhb_loop+0x60/0xb0 [ 179.984737][ T7887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.984753][ T7887] RIP: 0033:0x7f1da338d33c [ 179.984768][ T7887] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 179.984783][ T7887] RSP: 002b:00007f1da41c9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 179.984801][ T7887] RAX: ffffffffffffffda RBX: 00007f1da35b5fa0 RCX: 00007f1da338d33c [ 179.984814][ T7887] RDX: 000000000000000f RSI: 00007f1da41c90a0 RDI: 0000000000000004 [ 179.984825][ T7887] RBP: 00007f1da41c9090 R08: 0000000000000000 R09: 0000000000000000 [ 179.984836][ T7887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 179.984850][ T7887] R13: 0000000000000000 R14: 00007f1da35b5fa0 R15: 00007ffebc108018 [ 179.984879][ T7887] [ 180.082476][ T5840] usb 2-1: device descriptor read/64, error -71 [ 180.083903][ C0] vkms_vblank_simulate: vblank timer overrun [ 180.234038][ C0] vkms_vblank_simulate: vblank timer overrun [ 180.240031][ C0] hrtimer: interrupt took 247700535 ns [ 180.340366][ C0] vkms_vblank_simulate: vblank timer overrun [ 180.412523][ T5840] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 180.554210][ T5840] usb 2-1: device descriptor read/64, error -71 [ 180.612483][ T5900] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 180.662763][ T5840] usb usb2-port1: attempt power cycle [ 180.675020][ T10] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 180.772550][ T57] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 180.780238][ T5900] usb 1-1: Using ep0 maxpacket: 32 [ 180.789516][ T5900] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 180.798819][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.807081][ T5900] usb 1-1: Product: syz [ 180.811314][ T5900] usb 1-1: Manufacturer: syz [ 180.815933][ T5900] usb 1-1: SerialNumber: syz [ 180.822259][ T5900] usb 1-1: config 0 descriptor?? [ 180.831200][ T5900] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 180.837860][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.849470][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.860946][ T10] usb 4-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 180.870371][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.881369][ T10] usb 4-1: config 0 descriptor?? [ 180.932502][ T57] usb 3-1: Using ep0 maxpacket: 16 [ 180.939673][ T57] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 180.948490][ T57] usb 3-1: config 0 has no interface number 0 [ 180.954653][ T57] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.965604][ T57] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.975447][ T57] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 180.984518][ T57] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.995354][ T57] usb 3-1: config 0 descriptor?? [ 181.002447][ T5840] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 181.033120][ T5840] usb 2-1: device descriptor read/8, error -71 [ 181.127255][ T7889] overlayfs: failed to resolve 'TޠYCQ?': -2 [ 181.272474][ T5840] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 181.293062][ T5840] usb 2-1: device descriptor read/8, error -71 [ 181.402849][ T5840] usb usb2-port1: unable to enumerate USB device [ 181.514437][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 181.521080][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 181.531934][ T10] usb 4-1: USB disconnect, device number 37 [ 181.642942][ T5900] gspca_ov534_9: reg_w failed -71 [ 181.811492][ T7894] netlink: 16 bytes leftover after parsing attributes in process `syz.2.726'. [ 181.826129][ T7894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.834887][ T7894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.964014][ T5900] gspca_ov534_9: Unknown sensor 0000 [ 181.964119][ T5900] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22 [ 181.980529][ T5900] usb 1-1: USB disconnect, device number 28 [ 182.452451][ T10] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 182.582544][ T10] usb 1-1: device descriptor read/64, error -71 [ 182.792580][ T7915] exFAT-fs (rnullb0): invalid boot record signature [ 182.799274][ T7915] exFAT-fs (rnullb0): failed to read boot sector [ 182.823363][ T10] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 182.831065][ T7915] exFAT-fs (rnullb0): failed to recognize exfat type [ 182.962510][ T10] usb 1-1: device descriptor read/64, error -71 [ 182.990878][ T7927] FAULT_INJECTION: forcing a failure. [ 182.990878][ T7927] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.004332][ T7927] CPU: 0 UID: 0 PID: 7927 Comm: syz.1.740 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 183.004355][ T7927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 183.004365][ T7927] Call Trace: [ 183.004373][ T7927] [ 183.004380][ T7927] dump_stack_lvl+0x189/0x250 [ 183.004403][ T7927] ? __pfx____ratelimit+0x10/0x10 [ 183.004423][ T7927] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.004440][ T7927] ? __pfx__printk+0x10/0x10 [ 183.004470][ T7927] should_fail_ex+0x414/0x560 [ 183.004499][ T7927] _copy_to_user+0x31/0xb0 [ 183.004518][ T7927] simple_read_from_buffer+0xe1/0x170 [ 183.004544][ T7927] proc_fail_nth_read+0x1df/0x250 [ 183.004571][ T7927] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 183.004598][ T7927] ? rw_verify_area+0x258/0x650 [ 183.004616][ T7927] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 183.004641][ T7927] vfs_read+0x1fd/0x980 [ 183.004665][ T7927] ? __pfx___mutex_lock+0x10/0x10 [ 183.004693][ T7927] ? __pfx_vfs_read+0x10/0x10 [ 183.004714][ T7927] ? __fget_files+0x2a/0x420 [ 183.004740][ T7927] ? __fget_files+0x3a0/0x420 [ 183.004760][ T7927] ? __fget_files+0x2a/0x420 [ 183.004790][ T7927] ksys_read+0x145/0x250 [ 183.004812][ T7927] ? __pfx_ksys_read+0x10/0x10 [ 183.004836][ T7927] ? do_syscall_64+0xbe/0x3b0 [ 183.004861][ T7927] do_syscall_64+0xfa/0x3b0 [ 183.004880][ T7927] ? lockdep_hardirqs_on+0x9c/0x150 [ 183.004899][ T7927] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.004916][ T7927] ? clear_bhb_loop+0x60/0xb0 [ 183.004936][ T7927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.004953][ T7927] RIP: 0033:0x7f5a2dd8d33c [ 183.004969][ T7927] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 183.004981][ T7927] RSP: 002b:00007f5a2ec09030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 183.004999][ T7927] RAX: ffffffffffffffda RBX: 00007f5a2dfb5fa0 RCX: 00007f5a2dd8d33c [ 183.005010][ T7927] RDX: 000000000000000f RSI: 00007f5a2ec090a0 RDI: 0000000000000008 [ 183.005020][ T7927] RBP: 00007f5a2ec09090 R08: 0000000000000000 R09: 0000000000000000 [ 183.005030][ T7927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 183.005040][ T7927] R13: 0000000000000000 R14: 00007f5a2dfb5fa0 R15: 00007ffe209ffc88 [ 183.005068][ T7927] [ 183.162485][ T121] usb 4-1: new low-speed USB device number 38 using dummy_hcd [ 183.166541][ C0] vkms_vblank_simulate: vblank timer overrun [ 183.250693][ C0] vkms_vblank_simulate: vblank timer overrun [ 183.259965][ T10] usb usb1-port1: attempt power cycle [ 183.356743][ C0] vkms_vblank_simulate: vblank timer overrun [ 183.358070][ T121] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 183.372458][ T121] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.392927][ T121] usb 4-1: config 0 descriptor?? [ 183.490547][ T57] usbhid 3-1:0.1: can't add hid device: -71 [ 183.499481][ T57] usbhid 3-1:0.1: probe with driver usbhid failed with error -71 [ 183.513328][ T57] usb 3-1: USB disconnect, device number 25 [ 183.632439][ T10] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 183.652620][ T5918] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 183.662452][ T10] usb 1-1: device descriptor read/8, error -71 [ 183.815052][ T5918] usb 2-1: unable to get BOS descriptor or descriptor too short [ 183.824079][ T5918] usb 2-1: not running at top speed; connect to a high speed hub [ 183.827508][ T7945] netlink: 22 bytes leftover after parsing attributes in process `syz.2.744'. [ 183.835224][ T5918] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4 [ 183.856917][ T5918] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 183.866695][ T5918] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.874814][ T5918] usb 2-1: Product: syz [ 183.878986][ T5918] usb 2-1: Manufacturer: syz [ 183.886686][ T5918] usb 2-1: SerialNumber: syz [ 183.912571][ T10] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 183.934007][ T10] usb 1-1: device descriptor read/8, error -71 [ 184.042749][ T10] usb usb1-port1: unable to enumerate USB device [ 184.140314][ T5918] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 184.164047][ T5918] usb 2-1: unit 2 not found! [ 184.207947][ T7920] netlink: 8 bytes leftover after parsing attributes in process `syz.3.737'. [ 184.223612][ T5918] usb 2-1: USB disconnect, device number 23 [ 184.225923][ T7920] netlink: 8 bytes leftover after parsing attributes in process `syz.3.737'. [ 184.662591][ T5840] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 184.812451][ T5840] usb 3-1: Using ep0 maxpacket: 8 [ 184.820732][ T5840] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 184.830577][ T5840] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.854644][ T5840] pvrusb2: Hardware description: Terratec Grabster AV400 [ 184.861718][ T5840] pvrusb2: ********** [ 184.866296][ T5840] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 184.877936][ T5840] pvrusb2: Important functionality might not be entirely working. [ 184.886043][ T5840] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 184.897539][ T5840] pvrusb2: ********** [ 185.088552][ T121] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 185.110178][ T121] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 185.126920][ T2344] pvrusb2: Invalid write control endpoint [ 185.130026][ T121] asix 4-1:0.0: probe with driver asix failed with error -71 [ 185.147921][ T121] usb 4-1: USB disconnect, device number 38 [ 185.224068][ T2344] pvrusb2: Invalid write control endpoint [ 185.234356][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 185.245216][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 185.255155][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 185.265770][ T2344] pvrusb2: Device being rendered inoperable [ 185.275441][ T2344] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 185.283158][ T2344] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 185.294366][ T2344] pvrusb2: Attached sub-driver cx25840 [ 185.300437][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 185.317451][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 185.422479][ T980] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 185.445120][ T7975] netlink: 36 bytes leftover after parsing attributes in process `syz.0.757'. [ 185.454383][ T7975] netlink: 16 bytes leftover after parsing attributes in process `syz.0.757'. [ 185.465719][ T7975] netlink: 36 bytes leftover after parsing attributes in process `syz.0.757'. [ 185.477899][ T7975] netlink: 36 bytes leftover after parsing attributes in process `syz.0.757'. [ 185.521878][ T30] audit: type=1326 audit(1751342670.003:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7976 comm="syz.0.758" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1da338e929 code=0x0 [ 185.592465][ T980] usb 2-1: Using ep0 maxpacket: 32 [ 185.599080][ T980] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x1 has invalid maxpacket 1024 [ 185.616004][ T980] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x82 has invalid maxpacket 1024 [ 185.627219][ T980] usb 2-1: config 1 interface 0 has no altsetting 0 [ 185.656371][ T980] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 185.675468][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.675949][ T7982] pvrusb2: Attempted to execute control transfer when device not ok [ 185.694651][ T980] usb 2-1: Product: ๻샾ᤡ箓﯉啸濃⻉䷙ꦠﲄ엹逽Ⴌད壟聹ᘔꈑ뜣娟燦܉阰᧻핹讥䍌✭㶚꜡㙆≭ꡰ㜧臌隌總ꁧ념粞⾺婥쫿㗠瘠炊쟗ቘ鲏ꌓ븼⨖鍒铻訞盈現쨫䀮㧮릯璉뚰긼䞅⢱Թ橛 [ 185.730930][ T980] usb 2-1: Manufacturer: Ѕ [ 185.736321][ T980] usb 2-1: SerialNumber: Б [ 185.760659][ T7970] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 185.768447][ T7970] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 186.184325][ T7970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.196251][ T7970] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.212846][ T980] usblp 2-1:1.0: usblp0: USB Bidirectional printer dev 24 if 0 alt 3 proto 3 vid 0x0525 pid 0xA4A8 [ 186.227087][ T980] usb 2-1: USB disconnect, device number 24 [ 186.239952][ T980] usblp0: removed [ 186.470446][ T7987] netlink: 2 bytes leftover after parsing attributes in process `syz.0.761'. [ 186.480394][ T7987] batadv_slave_1: entered promiscuous mode [ 186.870590][ T7999] netlink: 36 bytes leftover after parsing attributes in process `syz.3.766'. [ 186.882417][ T7999] netlink: 16 bytes leftover after parsing attributes in process `syz.3.766'. [ 186.999357][ T30] audit: type=1326 audit(1751342671.483:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8002 comm="syz.3.768" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbea658e929 code=0x0 [ 187.023794][ T980] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 187.082470][ T121] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 187.162476][ T980] usb 1-1: device descriptor read/64, error -71 [ 187.232519][ T121] usb 2-1: Using ep0 maxpacket: 16 [ 187.245975][ T121] usb 2-1: unable to get BOS descriptor or descriptor too short [ 187.253778][ T121] usb 2-1: no configurations [ 187.258357][ T121] usb 2-1: can't read configurations, error -22 [ 187.413709][ T980] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 187.495605][ T10] usb 3-1: USB disconnect, device number 26 [ 187.554275][ T980] usb 1-1: device descriptor read/64, error -71 [ 187.672613][ T980] usb usb1-port1: attempt power cycle [ 187.944815][ T10] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 188.012843][ T980] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 188.033083][ T980] usb 1-1: device descriptor read/8, error -71 [ 188.093266][ T121] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 188.102497][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 188.110064][ T10] usb 3-1: unable to get BOS descriptor or descriptor too short [ 188.117033][ T8022] NILFS (nbd3): device size too small [ 188.119261][ T10] usb 3-1: config 1 has an invalid interface number: 39 but max is 0 [ 188.134171][ T10] usb 3-1: config 1 has no interface number 0 [ 188.140520][ T10] usb 3-1: config 1 interface 39 has no altsetting 0 [ 188.150436][ T10] usb 3-1: New USB device found, idVendor=0572, idProduct=1340, bcdDevice=c8.04 [ 188.162756][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.170749][ T10] usb 3-1: Product: syz [ 188.179558][ T10] usb 3-1: Manufacturer: syz [ 188.185972][ T10] usb 3-1: SerialNumber: syz [ 188.267356][ T121] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.272666][ T980] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 188.292471][ T121] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.316052][ T121] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 188.331689][ T980] usb 1-1: device descriptor read/8, error -71 [ 188.345316][ T121] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 188.363556][ T121] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.387214][ T121] usb 2-1: config 0 descriptor?? [ 188.442925][ T980] usb usb1-port1: unable to enumerate USB device [ 188.483846][ T8026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.512936][ T8026] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 189.526482][ T121] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 189.564673][ T121] usb 2-1: USB disconnect, device number 26 [ 189.700056][ T8030] fido_id[8030]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 189.905988][ T30] audit: type=1326 audit(1751342674.383:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8037 comm="syz.3.780" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbea658e929 code=0x0 [ 189.957443][ T8042] sctp: [Deprecated]: syz.0.781 (pid 8042) Use of int in maxseg socket option. [ 189.957443][ T8042] Use struct sctp_assoc_value instead [ 190.532409][ T121] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 190.682488][ T121] usb 2-1: Using ep0 maxpacket: 32 [ 190.690931][ T121] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 190.699062][ T121] usb 2-1: can't read configurations, error -61 [ 190.797164][ T10] usb 3-1: USB disconnect, device number 27 [ 190.843796][ T121] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 190.872412][ T5918] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 191.002775][ T121] usb 2-1: Using ep0 maxpacket: 32 [ 191.023343][ T5918] usb 1-1: device descriptor read/64, error -71 [ 191.030202][ T8075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 191.032085][ T121] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 191.043238][ T8075] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 191.060403][ T8075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 191.067818][ T121] usb 2-1: can't read configurations, error -61 [ 191.087751][ T121] usb usb2-port1: attempt power cycle [ 191.092887][ T8075] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 191.115405][ T5834] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 191.124246][ T5834] Bluetooth: hci3: unexpected event for opcode 0x0c24 [ 191.147837][ T8075] XFS (rnullb0): Invalid superblock magic number [ 191.252524][ T24] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 191.274536][ T5918] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 191.393908][ T24] usb 3-1: device descriptor read/64, error -71 [ 191.422678][ T5918] usb 1-1: device descriptor read/64, error -71 [ 191.432870][ T121] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 191.463505][ T121] usb 2-1: Using ep0 maxpacket: 32 [ 191.475969][ T121] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 191.479126][ T30] audit: type=1326 audit(1751342675.963:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8096 comm="syz.3.798" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbea658e929 code=0x0 [ 191.485577][ T121] usb 2-1: can't read configurations, error -61 [ 191.542864][ T5918] usb usb1-port1: attempt power cycle [ 191.642446][ T24] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 191.650079][ T121] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 191.673098][ T121] usb 2-1: Using ep0 maxpacket: 32 [ 191.680844][ T121] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 191.688693][ T121] usb 2-1: can't read configurations, error -61 [ 191.695379][ T121] usb usb2-port1: unable to enumerate USB device [ 191.782444][ T24] usb 3-1: device descriptor read/64, error -71 [ 191.892438][ T5918] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 191.902993][ T24] usb usb3-port1: attempt power cycle [ 191.913277][ T5918] usb 1-1: device descriptor read/8, error -71 [ 192.152600][ T5918] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 192.173069][ T5918] usb 1-1: device descriptor read/8, error -71 [ 192.262537][ T24] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 192.293539][ T24] usb 3-1: device descriptor read/8, error -71 [ 192.293714][ T5918] usb usb1-port1: unable to enumerate USB device [ 192.421586][ T8101] ipvlan0: entered promiscuous mode [ 192.427018][ T8101] ipvlan0: entered allmulticast mode [ 192.432310][ T8101] veth0_vlan: entered allmulticast mode [ 192.440668][ T8101] syzkaller1: entered promiscuous mode [ 192.446933][ T8101] syzkaller1: entered allmulticast mode [ 192.455525][ T8101] netlink: 'syz.3.799': attribute type 4 has an invalid length. [ 192.532547][ T24] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 192.564164][ T24] usb 3-1: device descriptor read/8, error -71 [ 192.673878][ T24] usb usb3-port1: unable to enumerate USB device [ 192.802137][ T8108] Invalid logical block size (1280) [ 192.900808][ T8112] netlink: 'syz.3.804': attribute type 29 has an invalid length. [ 192.915445][ T8112] netlink: 'syz.3.804': attribute type 29 has an invalid length. [ 192.924475][ T8112] netlink: 'syz.3.804': attribute type 29 has an invalid length. [ 192.933057][ T8112] netlink: 'syz.3.804': attribute type 29 has an invalid length. [ 192.992943][ T8114] x_tables: duplicate underflow at hook 4 [ 193.076544][ T30] audit: type=1326 audit(1751342677.563:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8117 comm="syz.3.807" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbea658e929 code=0x0 [ 193.850172][ T8137] __nla_validate_parse: 3 callbacks suppressed [ 193.850189][ T8137] netlink: 65051 bytes leftover after parsing attributes in process `syz.1.813'. [ 194.159844][ T8146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.817'. [ 194.169607][ T8146] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 194.177912][ T8146] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 194.196742][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.203391][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.232520][ T5918] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 194.315165][ T8151] /dev/sg0: Can't lookup blockdev [ 194.322433][ T5888] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 194.331483][ T8153] /dev/sg0: Can't lookup blockdev [ 194.412672][ T5918] usb 2-1: Using ep0 maxpacket: 16 [ 194.419935][ T5918] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 194.428909][ T5918] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.439311][ T5918] usb 2-1: config 0 has no interface number 0 [ 194.447113][ T5918] usb 2-1: config 0 interface 41 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 194.466458][ T5918] usb 2-1: config 0 interface 41 has no altsetting 0 [ 194.477933][ T5918] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 194.489776][ T5888] usb 4-1: Using ep0 maxpacket: 32 [ 194.496757][ T5918] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.507145][ T5918] usb 2-1: Product: syz [ 194.511790][ T5918] usb 2-1: Manufacturer: syz [ 194.518815][ T5918] usb 2-1: SerialNumber: syz [ 194.524869][ T5888] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 194.536714][ T5918] usb 2-1: config 0 descriptor?? [ 194.549035][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.557155][ T5888] usb 4-1: Product: syz [ 194.561366][ T5888] usb 4-1: Manufacturer: syz [ 194.567774][ T5918] dm9601 2-1:0.41: probe with driver dm9601 failed with error -22 [ 194.576734][ T5888] usb 4-1: SerialNumber: syz [ 194.586344][ T5918] sr9700 2-1:0.41: probe with driver sr9700 failed with error -22 [ 194.595373][ T5888] usb 4-1: config 0 descriptor?? [ 194.603079][ T5888] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 194.642554][ T24] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 194.772544][ T57] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 194.780181][ T24] usb 3-1: device descriptor read/64, error -71 [ 194.782068][ T5918] usb 2-1: USB disconnect, device number 31 [ 194.942985][ T57] usb 1-1: too many configurations: 17, using maximum allowed: 8 [ 194.951760][ T57] usb 1-1: config 27 has an invalid descriptor of length 13, skipping remainder of the config [ 194.963387][ T57] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 194.974406][ T57] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 194.989066][ T57] usb 1-1: config 27 has an invalid descriptor of length 13, skipping remainder of the config [ 194.999366][ T57] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 195.010442][ T57] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 195.023447][ T24] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 195.030462][ T5888] gspca_ov534_9: reg_w failed -71 [ 195.036581][ T57] usb 1-1: config 27 has an invalid descriptor of length 13, skipping remainder of the config [ 195.047044][ T57] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 195.059283][ T57] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 195.074047][ T57] usb 1-1: config 27 has an invalid descriptor of length 13, skipping remainder of the config [ 195.084613][ T57] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 195.095726][ T57] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 195.109489][ T57] usb 1-1: config 27 has an invalid descriptor of length 13, skipping remainder of the config [ 195.119925][ T57] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 195.131336][ T57] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 195.144720][ T50] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 195.154324][ T50] Bluetooth: hci3: Injecting HCI hardware error event [ 195.155031][ T57] usb 1-1: config 27 has an invalid descriptor of length 13, skipping remainder of the config [ 195.164398][ T50] Bluetooth: hci3: hardware error 0x00 [ 195.177959][ T57] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 195.189165][ T24] usb 3-1: device descriptor read/64, error -71 [ 195.195480][ T57] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 195.209203][ T57] usb 1-1: config 27 has an invalid descriptor of length 13, skipping remainder of the config [ 195.219732][ T57] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 195.230871][ T57] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 195.244837][ T57] usb 1-1: config 27 has an invalid descriptor of length 13, skipping remainder of the config [ 195.256762][ T57] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 195.268185][ T57] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 195.281140][ T57] usb 1-1: New USB device found, idVendor=0000, idProduct=0014, bcdDevice=bb.9d [ 195.290240][ T57] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.312623][ T24] usb usb3-port1: attempt power cycle [ 195.432423][ T5888] gspca_ov534_9: Unknown sensor 0000 [ 195.432515][ T5888] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22 [ 195.452744][ T5888] usb 4-1: USB disconnect, device number 39 [ 195.529213][ T57] usb 1-1: USB disconnect, device number 41 [ 195.559125][ T8167] netlink: 256 bytes leftover after parsing attributes in process `syz.1.825'. [ 195.662437][ T24] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 195.683130][ T24] usb 3-1: device descriptor read/8, error -71 [ 195.806847][ T8176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.819182][ T8176] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.942559][ T24] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 195.942613][ T5888] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 195.973029][ T24] usb 3-1: device descriptor read/8, error -71 [ 196.084033][ T24] usb usb3-port1: unable to enumerate USB device [ 196.102519][ T5888] usb 4-1: Using ep0 maxpacket: 32 [ 196.111261][ T5888] usb 4-1: unable to get BOS descriptor or descriptor too short [ 196.131084][ T5888] usb 4-1: no configurations [ 196.138948][ T5888] usb 4-1: can't read configurations, error -22 [ 196.203421][ T5900] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 196.226029][ T8191] netlink: 20 bytes leftover after parsing attributes in process `syz.0.833'. [ 196.374538][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.385528][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 196.396044][ T5900] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 196.409747][ T5900] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 196.418852][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.428421][ T5900] usb 2-1: config 0 descriptor?? [ 196.542425][ T24] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 196.682566][ T24] usb 1-1: device descriptor read/64, error -71 [ 196.838357][ T5900] plantronics 0003:047F:FFFF.000A: reserved main item tag 0xd [ 196.852756][ T5900] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 196.932526][ T24] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 197.062473][ T24] usb 1-1: device descriptor read/64, error -71 [ 197.093848][ T8180] FAULT_INJECTION: forcing a failure. [ 197.093848][ T8180] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 197.108011][ T8180] CPU: 1 UID: 0 PID: 8180 Comm: syz.1.829 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 197.108035][ T8180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 197.108045][ T8180] Call Trace: [ 197.108052][ T8180] [ 197.108059][ T8180] dump_stack_lvl+0x189/0x250 [ 197.108083][ T8180] ? __pfx____ratelimit+0x10/0x10 [ 197.108104][ T8180] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.108123][ T8180] ? __pfx__printk+0x10/0x10 [ 197.108154][ T8180] should_fail_ex+0x414/0x560 [ 197.108182][ T8180] _copy_from_user+0x2d/0xb0 [ 197.108207][ T8180] hiddev_ioctl_usage+0xda/0x1a90 [ 197.108235][ T8180] ? usbhid_init_reports+0x128/0x270 [ 197.108250][ T8180] hiddev_ioctl+0x8d2/0x1670 [ 197.108273][ T8180] ? __pfx_hiddev_ioctl+0x10/0x10 [ 197.108294][ T8180] ? __fget_files+0x2a/0x420 [ 197.108311][ T8180] ? bpf_lsm_file_ioctl+0x9/0x20 [ 197.108320][ T8180] ? __pfx_hiddev_ioctl+0x10/0x10 [ 197.108333][ T8180] __se_sys_ioctl+0xfc/0x170 [ 197.108345][ T8180] do_syscall_64+0xfa/0x3b0 [ 197.108357][ T8180] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.108368][ T8180] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.108377][ T8180] ? clear_bhb_loop+0x60/0xb0 [ 197.108389][ T8180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.108398][ T8180] RIP: 0033:0x7f5a2dd8e929 [ 197.108408][ T8180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.108416][ T8180] RSP: 002b:00007f5a2ec09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 197.108427][ T8180] RAX: ffffffffffffffda RBX: 00007f5a2dfb5fa0 RCX: 00007f5a2dd8e929 [ 197.108434][ T8180] RDX: 0000200000000600 RSI: 00000000d01c4813 RDI: 0000000000000004 [ 197.108441][ T8180] RBP: 00007f5a2ec09090 R08: 0000000000000000 R09: 0000000000000000 [ 197.108447][ T8180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.108452][ T8180] R13: 0000000000000000 R14: 00007f5a2dfb5fa0 R15: 00007ffe209ffc88 [ 197.108467][ T8180] [ 197.110724][ T980] usb 2-1: USB disconnect, device number 32 [ 197.182736][ T24] usb usb1-port1: attempt power cycle [ 197.222505][ T50] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 197.330767][ T5888] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 197.484635][ T5888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 197.494519][ T5888] usb 4-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00 [ 197.503879][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.524569][ T5888] usb 4-1: config 0 descriptor?? [ 197.572865][ T24] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 197.594593][ T24] usb 1-1: device descriptor read/8, error -71 [ 197.680163][ T8203] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 197.735963][ T50] Bluetooth: hci0: unexpected event for opcode 0x0407 [ 197.743591][ T50] Bluetooth: hci0: SCO packet for unknown connection handle 172 [ 197.769735][ T8209] FAULT_INJECTION: forcing a failure. [ 197.769735][ T8209] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 197.792889][ T8209] CPU: 1 UID: 0 PID: 8209 Comm: syz.2.839 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 197.792914][ T8209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 197.792924][ T8209] Call Trace: [ 197.792931][ T8209] [ 197.792939][ T8209] dump_stack_lvl+0x189/0x250 [ 197.792963][ T8209] ? __pfx____ratelimit+0x10/0x10 [ 197.792984][ T8209] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.793003][ T8209] ? __pfx__printk+0x10/0x10 [ 197.793022][ T8209] ? __might_fault+0xb0/0x130 [ 197.793051][ T8209] should_fail_ex+0x414/0x560 [ 197.793080][ T8209] _copy_from_user+0x2d/0xb0 [ 197.793105][ T8209] ___sys_sendmsg+0x158/0x2a0 [ 197.793132][ T8209] ? __pfx____sys_sendmsg+0x10/0x10 [ 197.793197][ T8209] ? __fget_files+0x2a/0x420 [ 197.793218][ T8209] ? __fget_files+0x3a0/0x420 [ 197.793250][ T8209] __x64_sys_sendmsg+0x19b/0x260 [ 197.793276][ T8209] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 197.793310][ T8209] ? __pfx_ksys_write+0x10/0x10 [ 197.793328][ T8209] ? rcu_is_watching+0x15/0xb0 [ 197.793351][ T8209] ? do_syscall_64+0xbe/0x3b0 [ 197.793375][ T8209] do_syscall_64+0xfa/0x3b0 [ 197.793394][ T8209] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.793414][ T8209] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.793431][ T8209] ? clear_bhb_loop+0x60/0xb0 [ 197.793451][ T8209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.793468][ T8209] RIP: 0033:0x7efdd138e929 [ 197.793483][ T8209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.793498][ T8209] RSP: 002b:00007efdd22b8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 197.793517][ T8209] RAX: ffffffffffffffda RBX: 00007efdd15b5fa0 RCX: 00007efdd138e929 [ 197.793530][ T8209] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 197.793541][ T8209] RBP: 00007efdd22b8090 R08: 0000000000000000 R09: 0000000000000000 [ 197.793552][ T8209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.793563][ T8209] R13: 0000000000000000 R14: 00007efdd15b5fa0 R15: 00007fffa6f479d8 [ 197.793590][ T8209] [ 198.008117][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.034960][ T24] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 198.063749][ T24] usb 1-1: device descriptor read/8, error -71 [ 198.090138][ T8213] netlink: 'syz.2.840': attribute type 11 has an invalid length. [ 198.173097][ T24] usb usb1-port1: unable to enumerate USB device [ 198.174173][ T10] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 198.256933][ T5888] usbhid 4-1:0.0: can't add hid device: -71 [ 198.271718][ T5888] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 198.301766][ T5888] usb 4-1: USB disconnect, device number 41 [ 198.333239][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 198.358849][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 198.389177][ T10] usb 2-1: config 13 has an invalid interface number: 50 but max is 0 [ 198.409352][ T10] usb 2-1: config 13 has no interface number 0 [ 198.418980][ T10] usb 2-1: config 13 interface 50 altsetting 167 bulk endpoint 0x8 has invalid maxpacket 16 [ 198.430248][ T10] usb 2-1: config 13 interface 50 has no altsetting 0 [ 198.455054][ T10] usb 2-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 198.467311][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.476422][ T10] usb 2-1: Product: syz [ 198.480593][ T10] usb 2-1: Manufacturer: syz [ 198.488525][ T10] usb 2-1: SerialNumber: syz [ 198.498167][ T8211] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 198.727909][ T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 198.735019][ T10] usb 2-1: MIDIStreaming interface descriptor not found [ 198.790368][ T10] usb 2-1: USB disconnect, device number 33 [ 198.844683][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 198.864543][ T24] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 198.966595][ T8232] FAT-fs (rnullb0): bogus number of reserved sectors [ 198.974330][ T8232] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 199.042858][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 199.068810][ T24] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 199.077040][ T24] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 199.087491][ T24] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 199.102145][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.431910][ T8238] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 200.009342][ T8252] bond0: (slave ip6gre0): Error: Device can not be enslaved while up [ 200.010494][ T8249] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 200.118214][ T8255] openvswitch: netlink: Unknown key attributes 2 [ 200.272442][ T8266] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 200.278981][ T8266] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 200.352563][ T8266] vhci_hcd vhci_hcd.0: Device attached [ 200.364668][ T8267] vhci_hcd: connection closed [ 200.366232][ T12] vhci_hcd: stop threads [ 200.376578][ T12] vhci_hcd: release socket [ 200.384866][ T12] vhci_hcd: disconnect device [ 200.963563][ T8280] capability: warning: `syz.3.857' uses deprecated v2 capabilities in a way that may be insecure [ 200.978996][ T8275] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 201.002979][ T10] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 201.011297][ T8282] Mount JFS Failure: -22 [ 201.083052][ T8284] netlink: 'syz.1.860': attribute type 21 has an invalid length. [ 201.091034][ T8284] netlink: 164 bytes leftover after parsing attributes in process `syz.1.860'. [ 201.106740][ T8284] netlink: 'syz.1.860': attribute type 17 has an invalid length. [ 201.114761][ T8284] netlink: 'syz.1.860': attribute type 16 has an invalid length. [ 201.123090][ T8284] netlink: 152 bytes leftover after parsing attributes in process `syz.1.860'. [ 201.162431][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 201.174758][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 201.174760][ T8284] tmpfs: Unknown parameter 'grpquoa_ YErdlimit' [ 201.174780][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 201.228322][ T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 201.237609][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.248497][ T10] usb 1-1: Product: syz [ 201.255659][ T10] usb 1-1: Manufacturer: syz [ 201.260256][ T10] usb 1-1: SerialNumber: syz [ 201.387162][ T8288] netlink: 36 bytes leftover after parsing attributes in process `syz.3.862'. [ 201.396122][ T8288] netlink: 16 bytes leftover after parsing attributes in process `syz.3.862'. [ 201.408074][ T8288] netlink: 36 bytes leftover after parsing attributes in process `syz.3.862'. [ 201.417205][ T8288] netlink: 36 bytes leftover after parsing attributes in process `syz.3.862'. [ 201.430349][ T8288] FAULT_INJECTION: forcing a failure. [ 201.430349][ T8288] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 201.443533][ T8288] CPU: 1 UID: 0 PID: 8288 Comm: syz.3.862 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 201.443556][ T8288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 201.443573][ T8288] Call Trace: [ 201.443580][ T8288] [ 201.443588][ T8288] dump_stack_lvl+0x189/0x250 [ 201.443610][ T8288] ? __pfx____ratelimit+0x10/0x10 [ 201.443632][ T8288] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.443651][ T8288] ? __pfx__printk+0x10/0x10 [ 201.443670][ T8288] ? __might_fault+0xb0/0x130 [ 201.443699][ T8288] should_fail_ex+0x414/0x560 [ 201.443727][ T8288] _copy_from_iter+0x1db/0x16f0 [ 201.443753][ T8288] ? rcu_is_watching+0x15/0xb0 [ 201.443770][ T8288] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 201.443790][ T8288] ? __pfx__copy_from_iter+0x10/0x10 [ 201.443812][ T8288] ? __build_skb_around+0x257/0x3e0 [ 201.443837][ T8288] ? netlink_sendmsg+0x642/0xb30 [ 201.443857][ T8288] ? skb_put+0x11b/0x210 [ 201.443881][ T8288] netlink_sendmsg+0x6b2/0xb30 [ 201.443911][ T8288] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.443935][ T8288] ? aa_sock_msg_perm+0xf1/0x1d0 [ 201.443955][ T8288] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 201.443977][ T8288] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.443998][ T8288] __sock_sendmsg+0x21c/0x270 [ 201.444021][ T8288] ____sys_sendmsg+0x505/0x830 [ 201.444050][ T8288] ? __pfx_____sys_sendmsg+0x10/0x10 [ 201.444083][ T8288] ? import_iovec+0x74/0xa0 [ 201.444109][ T8288] ___sys_sendmsg+0x21f/0x2a0 [ 201.444135][ T8288] ? __pfx____sys_sendmsg+0x10/0x10 [ 201.444192][ T8288] ? __fget_files+0x2a/0x420 [ 201.444213][ T8288] ? __fget_files+0x3a0/0x420 [ 201.444244][ T8288] __x64_sys_sendmsg+0x19b/0x260 [ 201.444271][ T8288] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 201.444304][ T8288] ? __pfx_ksys_write+0x10/0x10 [ 201.444329][ T8288] ? do_syscall_64+0xbe/0x3b0 [ 201.444352][ T8288] do_syscall_64+0xfa/0x3b0 [ 201.444371][ T8288] ? lockdep_hardirqs_on+0x9c/0x150 [ 201.444390][ T8288] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.444408][ T8288] ? clear_bhb_loop+0x60/0xb0 [ 201.444425][ T8288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.444441][ T8288] RIP: 0033:0x7fbea658e929 [ 201.444457][ T8288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.444471][ T8288] RSP: 002b:00007fbea7426038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 201.444489][ T8288] RAX: ffffffffffffffda RBX: 00007fbea67b5fa0 RCX: 00007fbea658e929 [ 201.444502][ T8288] RDX: 0000000000000040 RSI: 00002000000001c0 RDI: 0000000000000005 [ 201.444513][ T8288] RBP: 00007fbea7426090 R08: 0000000000000000 R09: 0000000000000000 [ 201.444524][ T8288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.444534][ T8288] R13: 0000000000000000 R14: 00007fbea67b5fa0 R15: 00007ffc0427c8e8 [ 201.444562][ T8288] [ 201.472549][ T10] usb 1-1: 0:2 : does not exist [ 201.745879][ T980] usb 3-1: USB disconnect, device number 36 [ 201.761802][ T10] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 201.785796][ T50] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 201.795047][ T10] usb 1-1: USB disconnect, device number 46 [ 201.802581][ T50] Bluetooth: hci0: Injecting HCI hardware error event [ 201.813520][ T50] Bluetooth: hci0: hardware error 0x00 [ 201.950208][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 202.109972][ T8302] loop3: detected capacity change from 0 to 1 [ 202.118567][ T8302] Dev loop3: unable to read RDB block 1 [ 202.126428][ T8302] loop3: unable to read partition table [ 202.132424][ T8302] loop3: partition table beyond EOD, truncated [ 202.139768][ T8302] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 202.169795][ T8302] IPVS: length: 68 != 24 [ 202.481227][ T8315] hpfs: Bad magic ... probably not HPFS [ 202.513591][ T10] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 202.592694][ T980] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 202.672498][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 202.691084][ T10] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 202.707246][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.727397][ T10] usb 1-1: config 0 descriptor?? [ 202.745929][ T10] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 202.775864][ T980] usb 3-1: Using ep0 maxpacket: 8 [ 202.803796][ T980] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 202.812033][ T980] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 202.835729][ T980] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 202.848518][ T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.924231][ T8331] netlink: 'syz.1.882': attribute type 3 has an invalid length. [ 202.932123][ T8331] netlink: 132 bytes leftover after parsing attributes in process `syz.1.882'. [ 203.428531][ T8350] FAULT_INJECTION: forcing a failure. [ 203.428531][ T8350] name failslab, interval 1, probability 0, space 0, times 0 [ 203.441721][ T8350] CPU: 1 UID: 0 PID: 8350 Comm: syz.1.889 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 203.441746][ T8350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 203.441756][ T8350] Call Trace: [ 203.441763][ T8350] [ 203.441770][ T8350] dump_stack_lvl+0x189/0x250 [ 203.441794][ T8350] ? __pfx____ratelimit+0x10/0x10 [ 203.441815][ T8350] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.441833][ T8350] ? __pfx__printk+0x10/0x10 [ 203.441867][ T8350] should_fail_ex+0x414/0x560 [ 203.441896][ T8350] should_failslab+0xa8/0x100 [ 203.441918][ T8350] __kmalloc_cache_noprof+0x70/0x3d0 [ 203.441938][ T8350] ? sctp_add_bind_addr+0x8c/0x370 [ 203.441963][ T8350] sctp_add_bind_addr+0x8c/0x370 [ 203.441987][ T8350] sctp_copy_local_addr_list+0x30b/0x4e0 [ 203.442011][ T8350] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 203.442031][ T8350] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 203.442052][ T8350] ? sctp_v6_is_any+0x64/0x80 [ 203.442075][ T8350] ? sctp_copy_one_addr+0x93/0x360 [ 203.442097][ T8350] sctp_bind_addr_copy+0xb3/0x3c0 [ 203.442118][ T8350] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 203.442141][ T8350] sctp_connect_new_asoc+0x2e0/0x690 [ 203.442167][ T8350] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 203.442188][ T8350] ? __local_bh_enable_ip+0x12d/0x1c0 [ 203.442211][ T8350] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 203.442227][ T8350] ? security_sctp_bind_connect+0x7e/0x2e0 [ 203.442253][ T8350] sctp_sendmsg+0x155c/0x2810 [ 203.442288][ T8350] ? __pfx_sctp_sendmsg+0x10/0x10 [ 203.442318][ T8350] ? aa_sk_perm+0x81e/0x950 [ 203.442338][ T8350] ? __pfx_aa_sk_perm+0x10/0x10 [ 203.442366][ T8350] ? sock_rps_record_flow+0x19/0x410 [ 203.442387][ T8350] ? inet_sendmsg+0x2f4/0x370 [ 203.442410][ T8350] __sock_sendmsg+0x19c/0x270 [ 203.442433][ T8350] ____sys_sendmsg+0x52d/0x830 [ 203.442461][ T8350] ? __pfx_____sys_sendmsg+0x10/0x10 [ 203.442494][ T8350] ? import_iovec+0x74/0xa0 [ 203.442521][ T8350] ___sys_sendmsg+0x21f/0x2a0 [ 203.442547][ T8350] ? __pfx____sys_sendmsg+0x10/0x10 [ 203.442608][ T8350] ? __fget_files+0x2a/0x420 [ 203.442628][ T8350] ? __fget_files+0x3a0/0x420 [ 203.442659][ T8350] __sys_sendmmsg+0x227/0x430 [ 203.442690][ T8350] ? __pfx___sys_sendmmsg+0x10/0x10 [ 203.442711][ T8350] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 203.442761][ T8350] ? ksys_write+0x22a/0x250 [ 203.442784][ T8350] ? __pfx_ksys_write+0x10/0x10 [ 203.442800][ T8350] ? rcu_is_watching+0x15/0xb0 [ 203.442825][ T8350] __x64_sys_sendmmsg+0xa0/0xc0 [ 203.442852][ T8350] do_syscall_64+0xfa/0x3b0 [ 203.442871][ T8350] ? lockdep_hardirqs_on+0x9c/0x150 [ 203.442891][ T8350] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.442908][ T8350] ? clear_bhb_loop+0x60/0xb0 [ 203.442929][ T8350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.442946][ T8350] RIP: 0033:0x7f5a2dd8e929 [ 203.442962][ T8350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.442976][ T8350] RSP: 002b:00007f5a2ec09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 203.442995][ T8350] RAX: ffffffffffffffda RBX: 00007f5a2dfb5fa0 RCX: 00007f5a2dd8e929 [ 203.443009][ T8350] RDX: 0000000000000001 RSI: 0000200000000a80 RDI: 0000000000000003 [ 203.443020][ T8350] RBP: 00007f5a2ec09090 R08: 0000000000000000 R09: 0000000000000000 [ 203.443031][ T8350] R10: 000000000004c040 R11: 0000000000000246 R12: 0000000000000002 [ 203.443041][ T8350] R13: 0000000000000000 R14: 00007f5a2dfb5fa0 R15: 00007ffe209ffc88 [ 203.443070][ T8350] [ 203.783362][ C1] vkms_vblank_simulate: vblank timer overrun [ 203.865623][ T50] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 203.938879][ T8355] netlink: 60 bytes leftover after parsing attributes in process `syz.1.890'. [ 203.974837][ T8354] netlink: 60 bytes leftover after parsing attributes in process `syz.1.890'. [ 203.995522][ T8355] netlink: 60 bytes leftover after parsing attributes in process `syz.1.890'. [ 204.186051][ T8362] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 204.452527][ T5888] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 204.462851][ T10] gspca_sonixj: i2c_w8 err -71 [ 204.483347][ T10] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 204.498884][ T10] usb 1-1: USB disconnect, device number 47 [ 204.612513][ T5888] usb 2-1: Using ep0 maxpacket: 8 [ 204.629682][ T5888] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 204.645936][ T5888] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 204.664586][ T5888] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 204.676829][ T5888] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 204.689372][ T5888] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.703114][ T5888] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 204.713079][ T5888] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.935596][ T5888] usb 2-1: GET_CAPABILITIES returned 0 [ 204.952556][ T5888] usbtmc 2-1:16.0: can't read capabilities [ 205.152800][ T10] usb 2-1: USB disconnect, device number 34 [ 205.372390][ T5888] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 205.379324][ T24] usb 3-1: USB disconnect, device number 37 [ 205.524319][ T8394] fuseblk: Unknown parameter '&d' [ 205.552673][ T5888] usb 4-1: Using ep0 maxpacket: 32 [ 205.563825][ T5888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 205.578162][ T5888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 205.590063][ T5888] usb 4-1: New USB device found, idVendor=0079, idProduct=1801, bcdDevice= 0.00 [ 205.601109][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.624671][ T5888] usb 4-1: config 0 descriptor?? [ 206.040438][ T5888] hid_mf 0003:0079:1801.000B: item fetching failed at offset 0/2 [ 206.048838][ T5888] hid_mf 0003:0079:1801.000B: HID parse failed. [ 206.057820][ T5888] hid_mf 0003:0079:1801.000B: probe with driver hid_mf failed with error -22 [ 206.245666][ T5900] usb 4-1: USB disconnect, device number 42 [ 206.452544][ T24] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 206.602506][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 206.609862][ T24] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 206.618154][ T24] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 206.628781][ T24] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 206.637903][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.712458][ T980] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 206.882863][ T980] usb 2-1: Using ep0 maxpacket: 16 [ 206.891282][ T980] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.902759][ T980] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.913359][ T980] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 206.931140][ T980] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 206.935989][ T8427] __nla_validate_parse: 1 callbacks suppressed [ 206.936004][ T8427] netlink: 468 bytes leftover after parsing attributes in process `syz.3.918'. [ 206.958204][ T980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.970332][ T980] usb 2-1: config 0 descriptor?? [ 207.034196][ T8429] netlink: 'syz.3.919': attribute type 5 has an invalid length. [ 207.090055][ T8429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 207.110586][ T8429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 207.382592][ T10] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 207.398344][ T980] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 207.405690][ T980] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 207.413380][ T980] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 207.420603][ T980] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 207.428160][ T980] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 207.435582][ T980] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 207.442872][ T980] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 207.451725][ T980] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 207.459503][ T980] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 207.467313][ T980] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 207.478407][ T980] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.000C/input/input20 [ 207.532476][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 207.540431][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.558746][ T10] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 207.582920][ T980] microsoft 0003:045E:07DA.000C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 207.599145][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.614344][ T10] usb 4-1: Product: syz [ 207.618521][ T10] usb 4-1: Manufacturer: syz [ 207.628280][ T980] usb 2-1: USB disconnect, device number 35 [ 207.646382][ T10] usb 4-1: SerialNumber: syz [ 207.668960][ T10] usb 4-1: config 0 descriptor?? [ 207.684436][ T10] usb 4-1: bad CDC descriptors [ 207.690090][ T10] usb 4-1: unsupported MDLM descriptors [ 207.691395][ T8432] fido_id[8432]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 207.884946][ T24] usb 4-1: USB disconnect, device number 43 [ 208.340929][ T8437] FAULT_INJECTION: forcing a failure. [ 208.340929][ T8437] name failslab, interval 1, probability 0, space 0, times 0 [ 208.355262][ T8437] CPU: 1 UID: 0 PID: 8437 Comm: syz.1.921 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 208.355278][ T8437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.355284][ T8437] Call Trace: [ 208.355289][ T8437] [ 208.355294][ T8437] dump_stack_lvl+0x189/0x250 [ 208.355310][ T8437] ? __pfx____ratelimit+0x10/0x10 [ 208.355322][ T8437] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.355333][ T8437] ? __pfx__printk+0x10/0x10 [ 208.355347][ T8437] ? __pfx___might_resched+0x10/0x10 [ 208.355356][ T8437] ? fs_reclaim_acquire+0x7d/0x100 [ 208.355371][ T8437] should_fail_ex+0x414/0x560 [ 208.355388][ T8437] should_failslab+0xa8/0x100 [ 208.355401][ T8437] __kmalloc_noprof+0xcb/0x4f0 [ 208.355411][ T8437] ? p9_client_prepare_req+0x579/0xeb0 [ 208.355425][ T8437] p9_client_prepare_req+0x579/0xeb0 [ 208.355442][ T8437] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 208.355463][ T8437] p9_client_rpc+0x188/0xa70 [ 208.355480][ T8437] ? __pfx_p9_client_rpc+0x10/0x10 [ 208.355496][ T8437] ? rcu_is_watching+0x15/0xb0 [ 208.355507][ T8437] ? trace_9p_fid_ref+0x7c/0x1d0 [ 208.355523][ T8437] p9_client_attach+0x168/0x3c0 [ 208.355536][ T8437] ? __pfx_p9_client_attach+0x10/0x10 [ 208.355544][ T8437] ? do_raw_spin_unlock+0x122/0x240 [ 208.355557][ T8437] ? _raw_spin_unlock+0x28/0x50 [ 208.355566][ T8437] ? v9fs_fid_find_inode+0x1d2/0x220 [ 208.355582][ T8437] v9fs_fid_lookup+0x9ab/0xb70 [ 208.355601][ T8437] v9fs_xattr_set+0x2a/0x110 [ 208.355613][ T8437] ? __pfx_v9fs_xattr_handler_set+0x10/0x10 [ 208.355628][ T8437] __vfs_removexattr+0x431/0x470 [ 208.355647][ T8437] __vfs_removexattr_locked+0x1ed/0x230 [ 208.355662][ T8437] vfs_removexattr+0x80/0x1b0 [ 208.355677][ T8437] path_removexattrat+0x35d/0x690 [ 208.355689][ T8437] ? __pfx_path_removexattrat+0x10/0x10 [ 208.355698][ T8437] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 208.355710][ T8437] ? __pfx_vfs_write+0x10/0x10 [ 208.355736][ T8437] ? __pfx_ksys_write+0x10/0x10 [ 208.355745][ T8437] ? rcu_is_watching+0x15/0xb0 [ 208.355759][ T8437] __x64_sys_removexattr+0x62/0x70 [ 208.355768][ T8437] do_syscall_64+0xfa/0x3b0 [ 208.355779][ T8437] ? lockdep_hardirqs_on+0x9c/0x150 [ 208.355790][ T8437] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.355799][ T8437] ? clear_bhb_loop+0x60/0xb0 [ 208.355811][ T8437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.355820][ T8437] RIP: 0033:0x7f5a2dd8e929 [ 208.355835][ T8437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.355843][ T8437] RSP: 002b:00007f5a2ec09038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5 [ 208.355855][ T8437] RAX: ffffffffffffffda RBX: 00007f5a2dfb5fa0 RCX: 00007f5a2dd8e929 [ 208.355864][ T8437] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 00002000000003c0 [ 208.355874][ T8437] RBP: 00007f5a2ec09090 R08: 0000000000000000 R09: 0000000000000000 [ 208.355884][ T8437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.355894][ T8437] R13: 0000000000000000 R14: 00007f5a2dfb5fa0 R15: 00007ffe209ffc88 [ 208.355921][ T8437] [ 208.815071][ T8443] syzkaller0: refused to change device tx_queue_len [ 209.032467][ T980] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 209.132417][ T10] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 209.183935][ T980] usb 2-1: config 127 has an invalid interface number: 54 but max is 2 [ 209.193806][ T980] usb 2-1: config 127 has an invalid interface number: 56 but max is 2 [ 209.202062][ T980] usb 2-1: config 127 has an invalid interface number: 50 but max is 2 [ 209.211193][ T980] usb 2-1: config 127 has no interface number 0 [ 209.217526][ T980] usb 2-1: config 127 has no interface number 1 [ 209.223987][ T980] usb 2-1: config 127 has no interface number 2 [ 209.240807][ T5888] usb 1-1: USB disconnect, device number 48 [ 209.246805][ T980] usb 2-1: config 127 interface 54 altsetting 248 has an invalid descriptor for endpoint zero, skipping [ 209.266137][ T980] usb 2-1: config 127 interface 54 altsetting 248 endpoint 0x5 has invalid maxpacket 951, setting to 64 [ 209.277358][ T980] usb 2-1: config 127 interface 54 altsetting 248 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 209.292386][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 209.298436][ T980] usb 2-1: config 127 interface 54 altsetting 248 has an invalid descriptor for endpoint zero, skipping [ 209.307753][ T8447] FAULT_INJECTION: forcing a failure. [ 209.307753][ T8447] name failslab, interval 1, probability 0, space 0, times 0 [ 209.310912][ T980] usb 2-1: config 127 interface 54 altsetting 248 endpoint 0xC has invalid maxpacket 512, setting to 64 [ 209.327593][ T8447] CPU: 1 UID: 0 PID: 8447 Comm: syz.0.926 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 209.327616][ T8447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.327627][ T8447] Call Trace: [ 209.327633][ T8447] [ 209.327641][ T8447] dump_stack_lvl+0x189/0x250 [ 209.327664][ T8447] ? __pfx____ratelimit+0x10/0x10 [ 209.327685][ T8447] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.327703][ T8447] ? __pfx__printk+0x10/0x10 [ 209.327725][ T8447] ? __pfx___might_resched+0x10/0x10 [ 209.327742][ T8447] ? fs_reclaim_acquire+0x7d/0x100 [ 209.327773][ T8447] should_fail_ex+0x414/0x560 [ 209.327801][ T8447] should_failslab+0xa8/0x100 [ 209.327822][ T8447] kmem_cache_alloc_noprof+0x73/0x3c0 [ 209.327840][ T8447] ? __anon_vma_prepare+0xcb/0x4a0 [ 209.327863][ T8447] __anon_vma_prepare+0xcb/0x4a0 [ 209.327881][ T8447] ? __pte_alloc+0x15e/0x1a0 [ 209.327904][ T8447] __handle_mm_fault+0x4b2d/0x5440 [ 209.327937][ T8447] ? __pfx___handle_mm_fault+0x10/0x10 [ 209.327971][ T8447] ? find_vma+0xe7/0x160 [ 209.327987][ T8447] ? __pfx_find_vma+0x10/0x10 [ 209.328007][ T8447] handle_mm_fault+0x40a/0x8e0 [ 209.328035][ T8447] do_user_addr_fault+0x764/0x1390 [ 209.328072][ T8447] exc_page_fault+0x76/0xf0 [ 209.328094][ T8447] asm_exc_page_fault+0x26/0x30 [ 209.328109][ T8447] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 209.328126][ T8447] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 209.328139][ T8447] RSP: 0018:ffffc9000f647b88 EFLAGS: 00050206 [ 209.328155][ T8447] RAX: ffffffff84cdc301 RBX: 0000000000000090 RCX: 0000000000000090 [ 209.328166][ T8447] RDX: 0000000000000000 RSI: ffffc9000f647c00 RDI: 0000200000000180 [ 209.328178][ T8447] RBP: ffffc9000f647d30 R08: ffffc9000f647c8f R09: 1ffff92001ec8f91 [ 209.328190][ T8447] R10: dffffc0000000000 R11: fffff52001ec8f92 R12: 0000200000000210 [ 209.328202][ T8447] R13: 00007ffffffff000 R14: ffffc9000f647c00 R15: 0000200000000180 [ 209.328222][ T8447] ? _copy_from_user+0x41/0xb0 [ 209.328251][ T8447] _copy_to_user+0x8a/0xb0 [ 209.328269][ T8447] cp_new_stat+0x391/0x4f0 [ 209.328289][ T8447] ? __pfx_cp_new_stat+0x10/0x10 [ 209.328319][ T8447] ? generic_fillattr+0x5d3/0x9a0 [ 209.328347][ T8447] ? vfs_getattr_nosec+0x374/0x430 [ 209.328373][ T8447] __x64_sys_newfstat+0x171/0x200 [ 209.328399][ T8447] ? __pfx___x64_sys_newfstat+0x10/0x10 [ 209.328441][ T8447] ? __pfx_ksys_write+0x10/0x10 [ 209.328458][ T8447] ? rcu_is_watching+0x15/0xb0 [ 209.328479][ T8447] ? do_syscall_64+0xbe/0x3b0 [ 209.328502][ T8447] do_syscall_64+0xfa/0x3b0 [ 209.328520][ T8447] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.328539][ T8447] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.328555][ T8447] ? clear_bhb_loop+0x60/0xb0 [ 209.328575][ T8447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.328594][ T8447] RIP: 0033:0x7f1da338e929 [ 209.328608][ T8447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.328621][ T8447] RSP: 002b:00007f1da41c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000005 [ 209.328637][ T8447] RAX: ffffffffffffffda RBX: 00007f1da35b5fa0 RCX: 00007f1da338e929 [ 209.328649][ T8447] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 209.328659][ T8447] RBP: 00007f1da41c9090 R08: 0000000000000000 R09: 0000000000000000 [ 209.328669][ T8447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 209.328679][ T8447] R13: 0000000000000000 R14: 00007f1da35b5fa0 R15: 00007ffebc108018 [ 209.328706][ T8447] [ 209.701267][ T10] usb 4-1: config 1 interface 0 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 209.714712][ T10] usb 4-1: config 1 interface 0 has no altsetting 0 [ 209.721798][ T980] usb 2-1: config 127 interface 54 altsetting 248 has a duplicate endpoint with address 0x4, skipping [ 209.733144][ T980] usb 2-1: config 127 interface 56 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 209.744212][ T980] usb 2-1: config 127 interface 56 altsetting 6 has a duplicate endpoint with address 0x9, skipping [ 209.756433][ T980] usb 2-1: config 127 interface 56 altsetting 6 bulk endpoint 0x1 has invalid maxpacket 32 [ 209.767278][ T10] usb 4-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.40 [ 209.776425][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.785366][ T10] usb 4-1: Product: syz [ 209.789534][ T10] usb 4-1: Manufacturer: syz [ 209.794810][ T980] usb 2-1: config 127 interface 56 altsetting 6 has a duplicate endpoint with address 0x2, skipping [ 209.811961][ T10] usb 4-1: SerialNumber: syz [ 209.824960][ T980] usb 2-1: config 127 interface 56 altsetting 6 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 209.872224][ T980] usb 2-1: config 127 interface 56 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 209.898654][ T980] usb 2-1: config 127 interface 56 altsetting 6 has a duplicate endpoint with address 0x3, skipping [ 209.911419][ T980] usb 2-1: config 127 interface 56 altsetting 6 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 209.923312][ T980] usb 2-1: config 127 interface 56 altsetting 6 endpoint 0xA has invalid maxpacket 911, setting to 64 [ 209.935541][ T980] usb 2-1: config 127 interface 56 altsetting 6 has a duplicate endpoint with address 0x3, skipping [ 209.946923][ T980] usb 2-1: config 127 interface 56 altsetting 6 has a duplicate endpoint with address 0x4, skipping [ 209.990438][ T980] usb 2-1: config 127 interface 50 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 210.001889][ T980] usb 2-1: config 127 interface 54 has no altsetting 0 [ 210.015224][ T980] usb 2-1: config 127 interface 56 has no altsetting 0 [ 210.028078][ T980] usb 2-1: New USB device found, idVendor=1f4d, idProduct=a803, bcdDevice=22.70 [ 210.076669][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.100158][ T980] usb 2-1: Product: 飥恳퓞뙛㖨韃瑋뺺揙ੰ槒뼓谆잝葌뱸屿꿹实ڝ乌椡䵴≏嚕Ⲟڗ녰璦菧옄㓌뷜厂嫱쳈⮁첇ᦤਢ㚮ⰶ킜꬚༂ᤛ↳舂덀颮ᘎ璱푲쀄爂鯸驻擓٪蔴ﱬ祁悕몃㉂놙ੇ茠⵨뛻ߍ퇫㾉㧂ⱓ끦ᶛ걠翂㍛㡟쉴鬋祲筶恙ᆷ쮑쏜╠ब둪줠쾯坬巟ꎩ₯ઞᆂ豾 [ 210.151346][ T980] usb 2-1: Manufacturer: 흪쉉咚샑皩莞捩琢乷菸ꇡɎ䟎䅑붅ᐶ⨗됷︆ꑖ㮕̜褷較ق阛ꉲ὚뵥꒨龈㳦妃듽ﱴ댐䧛诒謳橤╜ꓯᤅ챰씳ொ貿呼㌂펴앏枳睸祰ꩀ郶◃땨〒矨㼭竢ٔ훗䋟蟅⫆熏斆ᷰ湩䇺덒뿟鐰൬欠㏈⁃娎鉚믮려ꃫ烗ﰗᔺ肖枿畣쮞ꮁ਴炽籅ඌ乜킦욯젦퐳꘦ [ 210.190575][ T10] usbhid 4-1:1.0: can't add hid device: -71 [ 210.197448][ T10] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 210.209899][ T10] usb 4-1: USB disconnect, device number 44 [ 210.222609][ T980] usb 2-1: SerialNumber: 㰁 [ 210.247301][ T8441] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 210.332424][ T5888] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 210.492582][ T5888] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 210.509253][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.534103][ T5888] usb 3-1: config 0 descriptor?? [ 210.546883][ T980] usb 2-1: USB disconnect, device number 36 [ 210.655232][ T8464] FAULT_INJECTION: forcing a failure. [ 210.655232][ T8464] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 210.668884][ T8464] CPU: 0 UID: 0 PID: 8464 Comm: syz.0.933 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 210.668907][ T8464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.668917][ T8464] Call Trace: [ 210.668925][ T8464] [ 210.668933][ T8464] dump_stack_lvl+0x189/0x250 [ 210.668956][ T8464] ? __pfx____ratelimit+0x10/0x10 [ 210.668977][ T8464] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.668996][ T8464] ? __pfx__printk+0x10/0x10 [ 210.669016][ T8464] ? fs_reclaim_acquire+0x7d/0x100 [ 210.669047][ T8464] should_fail_ex+0x414/0x560 [ 210.669076][ T8464] prepare_alloc_pages+0x213/0x610 [ 210.669105][ T8464] __alloc_frozen_pages_noprof+0x123/0x370 [ 210.669131][ T8464] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 210.669157][ T8464] ? __lruvec_stat_mod_folio+0x79/0x2f0 [ 210.669184][ T8464] ? policy_nodemask+0x27c/0x720 [ 210.669209][ T8464] alloc_pages_mpol+0x232/0x4a0 [ 210.669235][ T8464] vma_alloc_folio_noprof+0xe4/0x200 [ 210.669258][ T8464] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 210.669282][ T8464] ? do_raw_spin_unlock+0x122/0x240 [ 210.669309][ T8464] folio_prealloc+0x30/0x180 [ 210.669330][ T8464] __handle_mm_fault+0x2ab9/0x5440 [ 210.669345][ T8464] ? __lock_acquire+0xab9/0xd20 [ 210.669381][ T8464] ? __pfx___handle_mm_fault+0x10/0x10 [ 210.669414][ T8464] ? lock_vma_under_rcu+0xe0/0x410 [ 210.669432][ T8464] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 210.669460][ T8464] handle_mm_fault+0x40a/0x8e0 [ 210.669489][ T8464] do_user_addr_fault+0xa81/0x1390 [ 210.669519][ T8464] ? rcu_is_watching+0x15/0xb0 [ 210.669536][ T8464] ? trace_page_fault_user+0x84/0x1e0 [ 210.669561][ T8464] exc_page_fault+0x76/0xf0 [ 210.669582][ T8464] asm_exc_page_fault+0x26/0x30 [ 210.669604][ T8464] RIP: 0033:0x7f1da3356716 [ 210.669620][ T8464] Code: 81 fa 80 00 00 00 76 ad c5 fe 6f 56 40 c5 fe 6f 5e 60 c5 fe 6f 64 16 e0 c5 fe 6f 6c 16 c0 c5 fe 6f 74 16 a0 c5 fe 6f 7c 16 80 fe 7f 07 c5 fe 7f 4f 20 c5 fe 7f 57 40 c5 fe 7f 5f 60 c5 fe 7f [ 210.669634][ T8464] RSP: 002b:00007f1da41c8f88 EFLAGS: 00010206 [ 210.669650][ T8464] RAX: 0000200000571000 RBX: 0000200000557000 RCX: 00007f1da338e52b [ 210.669662][ T8464] RDX: 00000000000000c7 RSI: 00007f1da33ea050 RDI: 0000200000571000 [ 210.669674][ T8464] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 210.669685][ T8464] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f1da41c8f90 [ 210.669696][ T8464] R13: 0000200000571000 R14: 0000200000575000 R15: 000020000056d000 [ 210.669725][ T8464] [ 210.669926][ T8464] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 210.807951][ T8453] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.966541][ T8453] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.987517][ T10] usb 3-1: USB disconnect, device number 38 [ 211.092514][ T980] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 211.250710][ T8478] netlink: 'syz.0.938': attribute type 6 has an invalid length. [ 211.258517][ T8478] netlink: 'syz.0.938': attribute type 7 has an invalid length. [ 211.268986][ T8478] netlink: 'syz.0.938': attribute type 7 has an invalid length. [ 211.273642][ T980] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 211.283308][ T8478] netlink: 12370 bytes leftover after parsing attributes in process `syz.0.938'. [ 211.294638][ T980] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 211.306663][ T8479] FAULT_INJECTION: forcing a failure. [ 211.306663][ T8479] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.307519][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.335662][ T8479] CPU: 1 UID: 0 PID: 8479 Comm: syz.3.937 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 211.335686][ T8479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.335698][ T8479] Call Trace: [ 211.335705][ T8479] [ 211.335713][ T8479] dump_stack_lvl+0x189/0x250 [ 211.335738][ T8479] ? __pfx____ratelimit+0x10/0x10 [ 211.335759][ T8479] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.335778][ T8479] ? __pfx__printk+0x10/0x10 [ 211.335800][ T8479] ? get_sigframe+0x596/0x7d0 [ 211.335829][ T8479] should_fail_ex+0x414/0x560 [ 211.335864][ T8479] _copy_to_user+0x31/0xb0 [ 211.335883][ T8479] copy_siginfo_to_user+0x22/0xc0 [ 211.335902][ T8479] x64_setup_rt_frame+0x776/0xd40 [ 211.335946][ T8479] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 211.335979][ T8479] arch_do_signal_or_restart+0x3d7/0x750 [ 211.336008][ T8479] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 211.336038][ T8479] ? __fget_files+0x2a/0x420 [ 211.336066][ T8479] ? exit_to_user_mode_loop+0x40/0x110 [ 211.336092][ T8479] exit_to_user_mode_loop+0x75/0x110 [ 211.336116][ T8479] do_syscall_64+0x2bd/0x3b0 [ 211.336136][ T8479] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.336156][ T8479] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.336173][ T8479] ? clear_bhb_loop+0x60/0xb0 [ 211.336194][ T8479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.336210][ T8479] RIP: 0033:0x7fbea658e929 [ 211.336225][ T8479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.336240][ T8479] RSP: 002b:00007fbea7405038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 211.336259][ T8479] RAX: fffffffffffffffc RBX: 00007fbea67b6080 RCX: 00007fbea658e929 [ 211.336271][ T8479] RDX: 0000000000000000 RSI: 00000000401845e0 RDI: 0000000000000003 [ 211.336282][ T8479] RBP: 00007fbea7405090 R08: 0000000000000000 R09: 0000000000000000 [ 211.336293][ T8479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.336303][ T8479] R13: 0000000000000000 R14: 00007fbea67b6080 R15: 00007ffc0427c8e8 [ 211.336330][ T8479] [ 211.342485][ T980] usb 2-1: Product: 弣몰奺瀇篕騍膲䞱쬣響廩簎᎖槴끽偖㦍쀹埥㚚餉䊢৅ﵵ᥇⢐荓㼣⛭戕숾塺鵨慫㒚浣⤂ [ 211.573849][ T980] usb 2-1: Manufacturer: ␊ [ 211.578530][ T980] usb 2-1: SerialNumber: syz [ 211.813583][ T980] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 211.842445][ T980] cdc_ncm 2-1:1.0: bind() failure [ 211.877736][ T980] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 211.896041][ T980] cdc_ncm 2-1:1.1: bind() failure [ 211.919139][ T980] usb 2-1: USB disconnect, device number 37 [ 212.016315][ T8490] hfs: can't find a HFS filesystem on dev rnullb0 [ 212.198464][ T8504] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 212.206012][ T8504] IPv6: NLM_F_CREATE should be set when creating new route [ 212.213297][ T8504] IPv6: NLM_F_CREATE should be set when creating new route [ 212.220516][ T8504] IPv6: NLM_F_CREATE should be set when creating new route [ 212.661260][ T8514] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 213.413009][ T8526] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 213.459751][ T8526] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 213.473491][ T8529] netlink: 16 bytes leftover after parsing attributes in process `syz.2.953'. [ 213.485228][ T8530] /dev/rnullb0: Can't open blockdev [ 213.639726][ T8534] netlink: 168 bytes leftover after parsing attributes in process `syz.1.954'. [ 213.662171][ T8534] /dev/rnullb0: Can't open blockdev [ 213.803851][ T8542] /dev/rnullb0: Can't open blockdev [ 214.084431][ T8556] /dev/rnullb0: Can't open blockdev [ 214.232579][ T24] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 214.245210][ T8558] fuse: Bad value for 'user_id' [ 214.250087][ T8558] fuse: Bad value for 'user_id' [ 214.293022][ T8562] sit0: entered promiscuous mode [ 214.310916][ T8562] netlink: 'syz.2.966': attribute type 1 has an invalid length. [ 214.329143][ T8562] netlink: 1 bytes leftover after parsing attributes in process `syz.2.966'. [ 214.392484][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 214.413803][ T24] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 214.429764][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.448319][ T24] usb 1-1: Product: syz [ 214.458803][ T24] usb 1-1: Manufacturer: syz [ 214.467984][ T24] usb 1-1: SerialNumber: syz [ 214.485391][ T24] usb 1-1: config 0 descriptor?? [ 214.500091][ T24] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 214.708311][ T8554] netlink: 84 bytes leftover after parsing attributes in process `syz.0.962'. [ 215.337490][ T8581] FAULT_INJECTION: forcing a failure. [ 215.337490][ T8581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 215.390501][ T8581] CPU: 0 UID: 0 PID: 8581 Comm: syz.1.973 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 215.390525][ T8581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 215.390535][ T8581] Call Trace: [ 215.390542][ T8581] [ 215.390548][ T8581] dump_stack_lvl+0x189/0x250 [ 215.390571][ T8581] ? __pfx____ratelimit+0x10/0x10 [ 215.390591][ T8581] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.390609][ T8581] ? __pfx__printk+0x10/0x10 [ 215.390640][ T8581] should_fail_ex+0x414/0x560 [ 215.390669][ T8581] _copy_from_user+0x2d/0xb0 [ 215.390694][ T8581] copy_from_sockptr+0x5e/0xa0 [ 215.390713][ T8581] packet_setsockopt+0x333/0x12c0 [ 215.390736][ T8581] ? __pfx_packet_setsockopt+0x10/0x10 [ 215.390755][ T8581] ? rcu_read_lock_any_held+0xb3/0x120 [ 215.390773][ T8581] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 215.390792][ T8581] ? vfs_write+0x8d8/0xa90 [ 215.390813][ T8581] ? aa_sk_perm+0x81e/0x950 [ 215.390832][ T8581] ? __pfx_aa_sk_perm+0x10/0x10 [ 215.390846][ T8581] ? __lock_acquire+0xab9/0xd20 [ 215.390871][ T8581] ? aa_sock_opt_perm+0xff/0x1b0 [ 215.390892][ T8581] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 215.390914][ T8581] ? __pfx_packet_setsockopt+0x10/0x10 [ 215.390937][ T8581] do_sock_setsockopt+0x25a/0x3e0 [ 215.390963][ T8581] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 215.390990][ T8581] ? __fget_files+0x2a/0x420 [ 215.391024][ T8581] __x64_sys_setsockopt+0x18b/0x220 [ 215.391056][ T8581] do_syscall_64+0xfa/0x3b0 [ 215.391075][ T8581] ? lockdep_hardirqs_on+0x9c/0x150 [ 215.391094][ T8581] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.391111][ T8581] ? clear_bhb_loop+0x60/0xb0 [ 215.391132][ T8581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.391146][ T8581] RIP: 0033:0x7f5a2dd8e929 [ 215.391161][ T8581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.391175][ T8581] RSP: 002b:00007f5a2ec09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 215.391193][ T8581] RAX: ffffffffffffffda RBX: 00007f5a2dfb5fa0 RCX: 00007f5a2dd8e929 [ 215.391205][ T8581] RDX: 0000000000000007 RSI: 0000000000000107 RDI: 0000000000000003 [ 215.391215][ T8581] RBP: 00007f5a2ec09090 R08: 0000000000000004 R09: 0000000000000000 [ 215.391229][ T8581] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 215.391239][ T8581] R13: 0000000000000000 R14: 00007f5a2dfb5fa0 R15: 00007ffe209ffc88 [ 215.391263][ T8581] [ 215.641161][ T24] usb 1-1: USB disconnect, device number 49 [ 215.910465][ T8586] netlink: 60 bytes leftover after parsing attributes in process `syz.1.975'. [ 215.950524][ T8585] netlink: 60 bytes leftover after parsing attributes in process `syz.1.975'. [ 215.979303][ T8585] netlink: 60 bytes leftover after parsing attributes in process `syz.1.975'. [ 215.992596][ T8588] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 216.052497][ T57] usb 4-1: new full-speed USB device number 45 using dummy_hcd [ 216.136256][ T8593] IPVS: sync thread started: state = MASTER, mcast_ifn = vlan0, syncid = 8388612, id = 0 [ 216.153308][ T8592] FAULT_INJECTION: forcing a failure. [ 216.153308][ T8592] name failslab, interval 1, probability 0, space 0, times 0 [ 216.166264][ T8592] CPU: 0 UID: 0 PID: 8592 Comm: syz.2.977 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 216.166287][ T8592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 216.166297][ T8592] Call Trace: [ 216.166304][ T8592] [ 216.166312][ T8592] dump_stack_lvl+0x189/0x250 [ 216.166336][ T8592] ? __pfx____ratelimit+0x10/0x10 [ 216.166357][ T8592] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.166374][ T8592] ? __pfx__printk+0x10/0x10 [ 216.166396][ T8592] ? __pfx___might_resched+0x10/0x10 [ 216.166412][ T8592] ? fs_reclaim_acquire+0x7d/0x100 [ 216.166436][ T8592] should_fail_ex+0x414/0x560 [ 216.166469][ T8592] should_failslab+0xa8/0x100 [ 216.166489][ T8592] __kmalloc_noprof+0xcb/0x4f0 [ 216.166506][ T8592] ? p9_client_prepare_req+0x579/0xeb0 [ 216.166528][ T8592] p9_client_prepare_req+0x579/0xeb0 [ 216.166552][ T8592] ? __kasan_kmalloc+0x93/0xb0 [ 216.166571][ T8592] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 216.166587][ T8592] ? do_filp_open+0x1fa/0x410 [ 216.166605][ T8592] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.166636][ T8592] p9_client_rpc+0x188/0xa70 [ 216.166655][ T8592] ? node_tag_clear+0x1ef/0x320 [ 216.166677][ T8592] ? idr_alloc_u32+0x1b7/0x2d0 [ 216.166697][ T8592] ? __pfx_p9_client_rpc+0x10/0x10 [ 216.166721][ T8592] ? rcu_is_watching+0x15/0xb0 [ 216.166738][ T8592] ? trace_9p_fid_ref+0x7c/0x1d0 [ 216.166767][ T8592] p9_client_walk+0x19f/0x5b0 [ 216.166788][ T8592] ? __pfx_p9_client_walk+0x10/0x10 [ 216.166806][ T8592] ? v9fs_fid_lookup+0x1d1/0xb70 [ 216.166837][ T8592] v9fs_file_open+0x252/0x990 [ 216.166866][ T8592] ? __pfx_v9fs_file_open+0x10/0x10 [ 216.166886][ T8592] ? tomoyo_file_open+0x165/0x220 [ 216.166910][ T8592] ? __pfx_v9fs_file_open+0x10/0x10 [ 216.166929][ T8592] do_dentry_open+0xdf3/0x1970 [ 216.166968][ T8592] vfs_open+0x3b/0x340 [ 216.166988][ T8592] ? path_openat+0x2ecd/0x3830 [ 216.167006][ T8592] path_openat+0x2ee5/0x3830 [ 216.167031][ T8592] ? arch_stack_walk+0xfc/0x150 [ 216.167079][ T8592] ? __pfx_path_openat+0x10/0x10 [ 216.167094][ T8592] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.167128][ T8592] do_filp_open+0x1fa/0x410 [ 216.167143][ T8592] ? __lock_acquire+0xab9/0xd20 [ 216.167168][ T8592] ? __pfx_do_filp_open+0x10/0x10 [ 216.167205][ T8592] ? _raw_spin_unlock+0x28/0x50 [ 216.167221][ T8592] ? alloc_fd+0x64c/0x6c0 [ 216.167253][ T8592] do_sys_openat2+0x121/0x1c0 [ 216.167271][ T8592] ? __pfx_do_sys_openat2+0x10/0x10 [ 216.167288][ T8592] ? ksys_write+0x22a/0x250 [ 216.167308][ T8592] ? __pfx_ksys_write+0x10/0x10 [ 216.167324][ T8592] ? rcu_is_watching+0x15/0xb0 [ 216.167343][ T8592] __x64_sys_openat+0x138/0x170 [ 216.167365][ T8592] do_syscall_64+0xfa/0x3b0 [ 216.167384][ T8592] ? lockdep_hardirqs_on+0x9c/0x150 [ 216.167404][ T8592] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.167420][ T8592] ? clear_bhb_loop+0x60/0xb0 [ 216.167438][ T8592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.167454][ T8592] RIP: 0033:0x7efdd138e929 [ 216.167470][ T8592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 216.167482][ T8592] RSP: 002b:00007efdd22b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 216.167500][ T8592] RAX: ffffffffffffffda RBX: 00007efdd15b5fa0 RCX: 00007efdd138e929 [ 216.167512][ T8592] RDX: 0000000000020842 RSI: 000020000000c380 RDI: ffffffffffffff9c [ 216.167524][ T8592] RBP: 00007efdd22b8090 R08: 0000000000000000 R09: 0000000000000000 [ 216.167535][ T8592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 216.167545][ T8592] R13: 0000000000000000 R14: 00007efdd15b5fa0 R15: 00007fffa6f479d8 [ 216.167571][ T8592] [ 216.563250][ T57] usb 4-1: unable to get BOS descriptor or descriptor too short [ 216.571712][ T57] usb 4-1: not running at top speed; connect to a high speed hub [ 216.582810][ T57] usb 4-1: config 7 has an invalid interface number: 213 but max is 0 [ 216.591748][ T57] usb 4-1: config 7 has no interface number 0 [ 216.598566][ T57] usb 4-1: config 7 interface 213 altsetting 1 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 216.649999][ T57] usb 4-1: config 7 interface 213 has no altsetting 0 [ 216.676958][ T57] usb 4-1: New USB device found, idVendor=100d, idProduct=3342, bcdDevice=22.3e [ 216.708341][ T57] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.719013][ T57] usb 4-1: Product: syz [ 216.749985][ T57] usb 4-1: Manufacturer: syz [ 216.766874][ T57] usb 4-1: SerialNumber: syz [ 216.942445][ T24] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 216.999400][ T8583] 9pnet_fd: Insufficient options for proto=fd [ 217.012399][ T10] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 217.014138][ T57] cxacru 4-1:7.213: cxacru_bind: interface has incorrect endpoints [ 217.036789][ T57] cxacru 4-1:7.213: usbatm_usb_probe: bind failed: -19! [ 217.052523][ T57] usb 4-1: USB disconnect, device number 45 [ 217.097120][ T24] usb 2-1: config 0 has an invalid interface number: 50 but max is 0 [ 217.106144][ T24] usb 2-1: config 0 has no interface number 0 [ 217.112274][ T24] usb 2-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 217.125520][ T24] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 217.135039][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.142808][ T10] usb 1-1: device descriptor read/64, error -71 [ 217.147575][ T24] usb 2-1: Product: syz [ 217.153488][ T24] usb 2-1: Manufacturer: syz [ 217.158084][ T24] usb 2-1: SerialNumber: syz [ 217.173038][ T24] usb 2-1: config 0 descriptor?? [ 217.192765][ T24] yurex 2-1:0.50: USB YUREX device now attached to Yurex #0 [ 217.392461][ T10] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 217.396100][ C1] yurex 2-1:0.50: yurex_interrupt - overflow with length 8, actual length is 8 [ 217.522455][ T10] usb 1-1: device descriptor read/64, error -71 [ 217.572497][ T57] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 217.615044][ T980] usb 2-1: USB disconnect, device number 38 [ 217.636247][ T10] usb usb1-port1: attempt power cycle [ 217.642971][ T980] yurex 2-1:0.50: USB YUREX #0 now disconnected [ 217.744254][ T57] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 217.762924][ T57] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 217.786761][ T57] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 217.796062][ T57] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 217.807046][ T57] usb 3-1: SerialNumber: syz [ 217.992470][ T10] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 218.013012][ T10] usb 1-1: device descriptor read/8, error -71 [ 218.032244][ T8610] trusted_key: syz.2.984 sent an empty control message without MSG_MORE. [ 218.252393][ T10] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 218.283454][ T10] usb 1-1: device descriptor read/8, error -71 [ 218.392674][ T10] usb usb1-port1: unable to enumerate USB device [ 218.602539][ T24] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 218.632442][ T121] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 218.753016][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 218.761493][ T24] usb 2-1: config 4 has an invalid interface number: 128 but max is 0 [ 218.770104][ T24] usb 2-1: config 4 has no interface number 0 [ 218.776493][ T24] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.787569][ T24] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.797535][ T121] usb 4-1: Using ep0 maxpacket: 8 [ 218.802611][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 218.811649][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.821822][ T121] usb 4-1: config 0 has no interfaces? [ 218.827342][ T121] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 218.837334][ T121] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.851715][ T24] hub 2-1:4.128: USB hub found [ 218.863841][ T121] usb 4-1: config 0 descriptor?? [ 219.048380][ T24] hub 2-1:4.128: 2 ports detected [ 219.053821][ T24] hub 2-1:4.128: Using single TT (err -22) [ 219.076371][ T24] hub 2-1:4.128: hub_hub_status failed (err = -71) [ 219.083283][ T24] hub 2-1:4.128: config failed, can't get hub status (err -71) [ 219.085165][ T8629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.094414][ T24] ------------[ cut here ]------------ [ 219.104975][ T24] WARNING: kernel/workqueue.c:4208 at __flush_work+0xabc/0xbc0, CPU#1: kworker/1:0/24 [ 219.114602][ T24] Modules linked in: [ 219.118669][ T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 219.130383][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.130794][ T8629] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.140711][ T24] Workqueue: usb_hub_wq hub_event [ 219.153295][ T24] RIP: 0010:__flush_work+0xabc/0xbc0 [ 219.158795][ T24] Code: 01 00 00 75 53 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 60 3d 35 00 90 0f 0b 90 eb a5 e8 55 3d 35 00 90 <0f> 0b 90 31 c0 48 8b 5c 24 18 eb 95 e8 43 3d 35 00 e9 92 fc ff ff [ 219.178897][ T24] RSP: 0018:ffffc900001e6940 EFLAGS: 00010283 [ 219.185116][ T24] RAX: ffffffff818ade3b RBX: 1ffff1100f7a1e54 RCX: 0000000000100000 [ 219.193158][ T24] RDX: ffffc90018789000 RSI: 000000000002e448 RDI: 000000000002e449 [ 219.201159][ T24] RBP: ffffc900001e6b10 R08: ffffffff8fc29737 R09: 1ffffffff1f852e6 [ 219.209424][ T24] R10: dffffc0000000000 R11: fffffbfff1f852e7 R12: 0000000000000000 [ 219.217650][ T24] R13: ffff88807bd0f2a0 R14: dffffc0000000000 R15: ffff88807bd0f288 [ 219.225933][ T24] FS: 0000000000000000(0000) GS:ffff888125ae4000(0000) knlGS:0000000000000000 [ 219.235162][ T24] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 219.241768][ T24] CR2: 00007f5a2ec07ff0 CR3: 000000006af22000 CR4: 00000000003526f0 [ 219.249777][ T24] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000004520 [ 219.257778][ T24] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 219.265791][ T24] Call Trace: [ 219.269083][ T24] [ 219.272018][ T24] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 219.278379][ T24] ? __pfx___flush_work+0x10/0x10 [ 219.283469][ T24] ? __pfx___might_resched+0x10/0x10 [ 219.288805][ T24] flush_delayed_work+0x13e/0x190 [ 219.293897][ T24] ? __pfx_flush_delayed_work+0x10/0x10 [ 219.299477][ T24] ? _dev_err+0x10a/0x160 [ 219.303886][ T24] hub_quiesce+0x1f0/0x330 [ 219.308346][ T24] hub_disconnect+0xc8/0x470 [ 219.313003][ T24] hub_probe+0x132f/0x36e0 [ 219.317476][ T24] ? __pfx_hub_probe+0x10/0x10 [ 219.322265][ T24] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 219.328503][ T24] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 219.335105][ T24] ? ktime_get_mono_fast_ns+0x2af/0x2d0 [ 219.340728][ T24] ? pm_runtime_enable+0x1f3/0x340 [ 219.345908][ T24] usb_probe_interface+0x634/0xbf0 [ 219.351047][ T24] ? __pfx_usb_probe_interface+0x10/0x10 [ 219.356707][ T24] really_probe+0x26d/0x9a0 [ 219.361241][ T24] __driver_probe_device+0x18c/0x2f0 [ 219.366556][ T24] driver_probe_device+0x4f/0x430 [ 219.371604][ T24] __device_attach_driver+0x2ce/0x530 [ 219.377013][ T24] bus_for_each_drv+0x24e/0x2e0 [ 219.381887][ T24] ? __pfx___device_attach_driver+0x10/0x10 [ 219.387904][ T24] ? __pfx_bus_for_each_drv+0x10/0x10 [ 219.393343][ T24] __device_attach+0x2b8/0x400 [ 219.398128][ T24] ? __pfx___device_attach+0x10/0x10 [ 219.403452][ T24] ? do_raw_spin_unlock+0x122/0x240 [ 219.408670][ T24] bus_probe_device+0x185/0x260 [ 219.413566][ T24] device_add+0x7b6/0xb50 [ 219.417914][ T24] usb_set_configuration+0x1a87/0x20e0 [ 219.423455][ T24] usb_generic_driver_probe+0x8d/0x150 [ 219.429207][ T24] usb_probe_device+0x1c4/0x390 [ 219.434347][ T24] ? __pfx_usb_probe_device+0x10/0x10 [ 219.439750][ T24] really_probe+0x26d/0x9a0 [ 219.444333][ T24] __driver_probe_device+0x18c/0x2f0 [ 219.449648][ T24] driver_probe_device+0x4f/0x430 [ 219.454838][ T24] __device_attach_driver+0x2ce/0x530 [ 219.460253][ T24] bus_for_each_drv+0x24e/0x2e0 [ 219.465169][ T24] ? __pfx___device_attach_driver+0x10/0x10 [ 219.471091][ T24] ? __pfx_bus_for_each_drv+0x10/0x10 [ 219.476523][ T24] __device_attach+0x2b8/0x400 [ 219.481324][ T24] ? __pfx___device_attach+0x10/0x10 [ 219.486667][ T24] ? do_raw_spin_unlock+0x122/0x240 [ 219.491900][ T24] bus_probe_device+0x185/0x260 [ 219.496807][ T24] device_add+0x7b6/0xb50 [ 219.501191][ T24] usb_new_device+0xa39/0x16f0 [ 219.506031][ T24] ? __pfx_usb_new_device+0x10/0x10 [ 219.511259][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 219.516488][ T24] ? lockdep_hardirqs_on+0x9c/0x150 [ 219.521739][ T24] hub_event+0x2941/0x4a00 [ 219.526256][ T24] ? __pfx_hub_event+0x10/0x10 [ 219.531310][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 219.537317][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 219.542567][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 219.548312][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 219.554082][ T24] process_scheduled_works+0xae1/0x17b0 [ 219.559681][ T24] ? __pfx_process_scheduled_works+0x10/0x10 [ 219.565736][ T24] worker_thread+0x8a0/0xda0 [ 219.570360][ T24] kthread+0x70e/0x8a0 [ 219.574475][ T24] ? __pfx_worker_thread+0x10/0x10 [ 219.579616][ T24] ? __pfx_kthread+0x10/0x10 [ 219.584280][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 219.589513][ T24] ? lockdep_hardirqs_on+0x9c/0x150 [ 219.594780][ T24] ? __pfx_kthread+0x10/0x10 [ 219.599399][ T24] ret_from_fork+0x3fc/0x770 [ 219.604041][ T24] ? __pfx_ret_from_fork+0x10/0x10 [ 219.609179][ T24] ? __switch_to_asm+0x39/0x70 [ 219.613989][ T24] ? __switch_to_asm+0x33/0x70 [ 219.618775][ T24] ? __pfx_kthread+0x10/0x10 [ 219.623656][ T24] ret_from_fork_asm+0x1a/0x30 [ 219.628466][ T24] [ 219.631504][ T24] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 219.638777][ T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 219.650122][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.660162][ T24] Workqueue: usb_hub_wq hub_event [ 219.665178][ T24] Call Trace: [ 219.668440][ T24] [ 219.671356][ T24] dump_stack_lvl+0x99/0x250 [ 219.675930][ T24] ? __asan_memcpy+0x40/0x70 [ 219.680509][ T24] ? __pfx_dump_stack_lvl+0x10/0x10 [ 219.685698][ T24] ? __pfx__printk+0x10/0x10 [ 219.690309][ T24] panic+0x2db/0x790 [ 219.694202][ T24] ? __pfx_panic+0x10/0x10 [ 219.698625][ T24] ? ret_from_fork_asm+0x1a/0x30 [ 219.703568][ T24] __warn+0x334/0x4c0 [ 219.707549][ T24] ? __flush_work+0xabc/0xbc0 [ 219.712305][ T24] ? __flush_work+0xabc/0xbc0 [ 219.716976][ T24] report_bug+0x2be/0x4f0 [ 219.721297][ T24] ? __flush_work+0xabc/0xbc0 [ 219.725960][ T24] ? __flush_work+0xabc/0xbc0 [ 219.730713][ T24] ? __flush_work+0xabe/0xbc0 [ 219.735389][ T24] handle_bug+0x84/0x160 [ 219.739648][ T24] exc_invalid_op+0x1a/0x50 [ 219.744145][ T24] asm_exc_invalid_op+0x1a/0x20 [ 219.748994][ T24] RIP: 0010:__flush_work+0xabc/0xbc0 [ 219.754277][ T24] Code: 01 00 00 75 53 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 60 3d 35 00 90 0f 0b 90 eb a5 e8 55 3d 35 00 90 <0f> 0b 90 31 c0 48 8b 5c 24 18 eb 95 e8 43 3d 35 00 e9 92 fc ff ff [ 219.773871][ T24] RSP: 0018:ffffc900001e6940 EFLAGS: 00010283 [ 219.779929][ T24] RAX: ffffffff818ade3b RBX: 1ffff1100f7a1e54 RCX: 0000000000100000 [ 219.787894][ T24] RDX: ffffc90018789000 RSI: 000000000002e448 RDI: 000000000002e449 [ 219.795859][ T24] RBP: ffffc900001e6b10 R08: ffffffff8fc29737 R09: 1ffffffff1f852e6 [ 219.803820][ T24] R10: dffffc0000000000 R11: fffffbfff1f852e7 R12: 0000000000000000 [ 219.811804][ T24] R13: ffff88807bd0f2a0 R14: dffffc0000000000 R15: ffff88807bd0f288 [ 219.819773][ T24] ? __flush_work+0xabb/0xbc0 [ 219.824455][ T24] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 219.830788][ T24] ? __pfx___flush_work+0x10/0x10 [ 219.835825][ T24] ? __pfx___might_resched+0x10/0x10 [ 219.841116][ T24] flush_delayed_work+0x13e/0x190 [ 219.846135][ T24] ? __pfx_flush_delayed_work+0x10/0x10 [ 219.851675][ T24] ? _dev_err+0x10a/0x160 [ 219.856004][ T24] hub_quiesce+0x1f0/0x330 [ 219.860422][ T24] hub_disconnect+0xc8/0x470 [ 219.865005][ T24] hub_probe+0x132f/0x36e0 [ 219.869424][ T24] ? __pfx_hub_probe+0x10/0x10 [ 219.874177][ T24] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 219.880058][ T24] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 219.886372][ T24] ? ktime_get_mono_fast_ns+0x2af/0x2d0 [ 219.891908][ T24] ? pm_runtime_enable+0x1f3/0x340 [ 219.897009][ T24] usb_probe_interface+0x634/0xbf0 [ 219.902120][ T24] ? __pfx_usb_probe_interface+0x10/0x10 [ 219.907742][ T24] really_probe+0x26d/0x9a0 [ 219.912238][ T24] __driver_probe_device+0x18c/0x2f0 [ 219.917514][ T24] driver_probe_device+0x4f/0x430 [ 219.922529][ T24] __device_attach_driver+0x2ce/0x530 [ 219.927896][ T24] bus_for_each_drv+0x24e/0x2e0 [ 219.932738][ T24] ? __pfx___device_attach_driver+0x10/0x10 [ 219.938627][ T24] ? __pfx_bus_for_each_drv+0x10/0x10 [ 219.943998][ T24] __device_attach+0x2b8/0x400 [ 219.948755][ T24] ? __pfx___device_attach+0x10/0x10 [ 219.954029][ T24] ? do_raw_spin_unlock+0x122/0x240 [ 219.959223][ T24] bus_probe_device+0x185/0x260 [ 219.964080][ T24] device_add+0x7b6/0xb50 [ 219.968414][ T24] usb_set_configuration+0x1a87/0x20e0 [ 219.973889][ T24] usb_generic_driver_probe+0x8d/0x150 [ 219.979343][ T24] usb_probe_device+0x1c4/0x390 [ 219.984194][ T24] ? __pfx_usb_probe_device+0x10/0x10 [ 219.989558][ T24] really_probe+0x26d/0x9a0 [ 219.994064][ T24] __driver_probe_device+0x18c/0x2f0 [ 219.999341][ T24] driver_probe_device+0x4f/0x430 [ 220.004357][ T24] __device_attach_driver+0x2ce/0x530 [ 220.009721][ T24] bus_for_each_drv+0x24e/0x2e0 [ 220.014563][ T24] ? __pfx___device_attach_driver+0x10/0x10 [ 220.020442][ T24] ? __pfx_bus_for_each_drv+0x10/0x10 [ 220.025818][ T24] __device_attach+0x2b8/0x400 [ 220.030588][ T24] ? __pfx___device_attach+0x10/0x10 [ 220.035882][ T24] ? do_raw_spin_unlock+0x122/0x240 [ 220.041076][ T24] bus_probe_device+0x185/0x260 [ 220.045923][ T24] device_add+0x7b6/0xb50 [ 220.050246][ T24] usb_new_device+0xa39/0x16f0 [ 220.055013][ T24] ? __pfx_usb_new_device+0x10/0x10 [ 220.060208][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 220.065393][ T24] ? lockdep_hardirqs_on+0x9c/0x150 [ 220.070583][ T24] hub_event+0x2941/0x4a00 [ 220.075030][ T24] ? __pfx_hub_event+0x10/0x10 [ 220.079785][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 220.085504][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 220.090687][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 220.096398][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 220.102111][ T24] process_scheduled_works+0xae1/0x17b0 [ 220.107690][ T24] ? __pfx_process_scheduled_works+0x10/0x10 [ 220.113697][ T24] worker_thread+0x8a0/0xda0 [ 220.118294][ T24] kthread+0x70e/0x8a0 [ 220.122356][ T24] ? __pfx_worker_thread+0x10/0x10 [ 220.127455][ T24] ? __pfx_kthread+0x10/0x10 [ 220.132035][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 220.137221][ T24] ? lockdep_hardirqs_on+0x9c/0x150 [ 220.142408][ T24] ? __pfx_kthread+0x10/0x10 [ 220.146997][ T24] ret_from_fork+0x3fc/0x770 [ 220.151593][ T24] ? __pfx_ret_from_fork+0x10/0x10 [ 220.156707][ T24] ? __switch_to_asm+0x39/0x70 [ 220.161465][ T24] ? __switch_to_asm+0x33/0x70 [ 220.166216][ T24] ? __pfx_kthread+0x10/0x10 [ 220.170794][ T24] ret_from_fork_asm+0x1a/0x30 [ 220.175558][ T24] [ 220.178794][ T24] Kernel Offset: disabled [ 220.183100][ T24] Rebooting in 86400 seconds..