last executing test programs: 6.877799824s ago: executing program 3 (id=1064): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000010bc0)={0x0, 0x0, &(0x7f0000010b80)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000}, 0xc000) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYRES8, @ANYRES8=r1], 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x900) r4 = socket$inet6(0xa, 0x80d, 0x2) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="010000000000000000001a0000000c00018008000100", @ANYRES32=r8, @ANYBLOB], 0x20}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in=@loopback, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, r8}, {}, {}, 0x0, 0x0, 0x1, 0x0, 0x9833bf88d1b218f5, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d6, 0x3c}, 0x0, @in6=@mcast1, 0x0, 0x4, 0x0, 0x5, 0x10008, 0x0, 0x40000}}, 0xe8) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) r9 = socket$inet6_icmp(0xa, 0x2, 0x3a) r10 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r10, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r10, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) sendto(r10, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) sendmmsg$inet(r10, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000100)="94", 0x1}], 0x1}}], 0x1, 0xc08c0) ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f00000004c0)) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000040), &(0x7f00000000c0)=0xc) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000340)={0x0, 0x65, "da82634b00a64c0dea10a602e9f9357a2cda72051a0a59e1cf0589c9379cf8fde60c6914cf9284ac3e20a7272c5746b523f35c296df0332452611384b8243d109dd9191e5d287e3887ea51d495fdb11d73643c175a6a28b1d4c980596af5ce4b3a9a6a48ae"}, &(0x7f0000000280)=0x6d) setsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000480)=@assoc_value={r11, 0x7}, 0x8) syz_usb_connect$uac1(0x1, 0x76, &(0x7f0000000b40)=ANY=[@ANYBLOB="12010102000000046b1d01014000010203010902640003019b40022a04000000010100000a24010080020201020524040102090401000001020000090401010001020000090501090002088efc0725018307dc080904020000010200e70904020101010200000905820900020903ff07250103ff010026f69331885794955525caec3d99713d439df7c2f1ee3f17e8a33dda2617fe3bc6326dcce1d788f91c245f4baa7abdf18e844eac24725929e317f784755c604add1b74bf2b98df0efbe54dafd66bdcb3a24f16f3f00d6228ab95bf50178c50ecc1a842bb0701bc3f238465"], &(0x7f0000000740)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x200, 0x1, 0x7, 0x0, 0x10, 0x8}, 0xf, &(0x7f0000000580)={0x5, 0xf, 0xf, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x1c, 0x0, 0xb, 0x4}, @ptm_cap={0x3}]}, 0x6, [{0x40, &(0x7f0000000800)=ANY=[@ANYBLOB="40034633a2f0ea438247040217fc861311f15c81ef43f3fb3c2c6191ac386f92716d3d903c4c7702d837300fa8cadcdabc75042fa66731b3000000000000000074578dbf98a9666675bdad95933e662e3540f84bf8f05904e94e699e6db46908a678451b924ed4d993b3c5a693db6ed1e23adc9ed3bf31c0d3df69e8c75357512e88ae561c2e3b3e49a23613365025a91d95b5ff9983172a917aa2d92690216872621a373b174a7435e22d1c2e18f217e22de17b31b10c0c422fb945c6f220d801877ca3f610352b23dfac053f2d1c6cd577152c2f4f0b1d13ff9d9559306c2a8e2c6cdc337f248a2a14fd30cd93c1334ee656f12b62082eeb40f472e24e4e8af80c3a6f3b74a6782cbf2da15abd53c4b75b9dc1bb6c43bf907c2a1beab1ec264c657ff2a8ef4e2c5d6109ff59c14b937cca321288406e3ae10e9833382cba542bf0291eadf645a5aacaed7e69b9a8a378ccf054d54a51d308c53598d41720fb8d8ca6b731b303c1e322ee7cc2a7442df8b6631fa7d1cecda843116e3f8a08297ab5aa3f5628294caf89ddacf4469510b82e90b2f81d3c88a8643d969e208853474045f8bb2d5566f1f82e904da0a2e3c3092bb1c8c0af9a9684e5efd312b1fb16e2bae8f37845eaa388498e25db188302b7080191ad1322a0017c597efe81b085bfa1bc49ad504b1598647a500c3d7d325212b65599d3ded90b8a0bc562f54e87a5cdaf699cf66c7c4a0d0abd5f22"]}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x4040}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x81d}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x140e}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x807}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0xc09}}]}) sendmmsg$inet(r1, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000011c0)="93bffce623851797a8dc7901f0048678cd35ef833c350900f95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb60000", 0x74}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0xc0) socket$nl_generic(0x10, 0x3, 0x10) 5.38021471s ago: executing program 1 (id=1071): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000580)={0x1fe, 0x1, 0x0, 0x2000, &(0x7f00004ef000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"]) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 4) 4.850116194s ago: executing program 1 (id=1072): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x8000000000000002, 0x100, 0x0, 0x180, 0x1, 0x7d, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x800, 0x0, 0x0, 0xbdb], 0x1, 0x144652}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.736346617s ago: executing program 1 (id=1073): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) (async) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [{@flag='sync'}, {@obj_role={'obj_role', 0x3d, '*'}}]}) mount$bind(0x0, &(0x7f0000000200)='./bus\x00', 0x0, 0x20, 0x0) (async) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) (async) setsockopt$ALG_SET_KEY(r0, 0x117, 0x7, &(0x7f00000000c0)="fdffffff", 0x4) (async, rerun: 32) syz_usb_connect(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12014204c2099b20480b032052a50102030109022400010405c80e09046508029db71e090905e9"], &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0}) (rerun: 32) 4.133431024s ago: executing program 1 (id=1075): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz0\x00', {0xfff9, 0x2, 0x240, 0x9b9a}, 0x9, [0x6, 0x9, 0x5, 0x9, 0x700000, 0x155f, 0x6, 0x5, 0x25c8, 0x1, 0xa5, 0x6, 0xa2b9, 0x1000, 0x0, 0xe4, 0x9, 0xfc000000, 0x6, 0xbbf, 0x5a732f64, 0xc, 0x9, 0x12, 0x2, 0x80, 0x4, 0x1, 0x2, 0x3, 0x7, 0x81, 0x28000, 0x5, 0x0, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x4, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000000, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0xa], [0x9, 0x3, 0x6, 0x0, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x761e, 0x9, 0x4, 0xaca, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x4, 0x1, 0x2, 0x54f5bad8, 0x8, 0x40, 0x400, 0xfeff58b7, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x4, 0xf1, 0x4, 0xab00000, 0x40000005, 0x7, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x8, 0x3, 0x4, 0x6, 0x7, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xf0b, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x2, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000008, 0xb, 0x7, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x240, 0xd, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x200, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3433, 0x3, 0xa6, 0xfc, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x1, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x8, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fbfffff, 0x7, 0x4, 0x10, 0x81, 0x4, 0x9d86, 0x9, 0xfffffff7, 0x20008, 0x40f1, 0x2, 0x1, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x80000002, 0x624dfaee, 0xc, 0x7f, 0x201000, 0x5, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0x4000000f, 0x2, 0x5337, 0x0, 0x9, 0xfffffffb, 0x4, 0x80, 0x9, 0x4, 0x463f, 0x4, 0x7, 0x3, 0x8, 0x13ffd, 0x1, 0x1b1a]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, 0x17, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x24040040) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfc, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0xff}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x7fffffffffffffff, 0xfff, 0x0, 0x180, 0x1, 0x7d, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x800, 0x0, 0x4, 0xbdb], 0x1, 0x1c4213}) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100003f7a7e40720c1200962201020301090212"], 0x0) syz_usb_control_io$uac1(r4, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000100)={0x20, 0xf, 0x2, "9d1b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 3.883885734s ago: executing program 3 (id=1076): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) write$bt_hci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="0000020008"], 0xe) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x1, 0x1, 0x7fffffff}}) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x1}}) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000004100)={0x2020}, 0x2020) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x2}, 0x8) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x0, 0x9}, 0x8) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) readlink(0x0, &(0x7f0000000140)=""/176, 0xb0) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000080f260a6000000000a20000000000a03020000000000000000070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000002f3c00128014000180090001006c6173740000000004000280140001800c000100636f756e746505000400028010000180080001006440000001061400000010000100da27e181000000000084000a76848d938cf9cc43a284bbb1526889b5e10891ceab3183725b694eb872cd71a2da75092ab4c355109ea5f5b82abd4053d6b85db5d9d20e3938f91b424893cb933bfac3fe5541fcd06b6b30cfadfd230e4478f71ca2b07eaa1e1a4f9c47238d1b539ce648d9323ea99e7c6738424d6261e8e2125625"], 0xc8}}, 0x20050800) syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ffff1a40d8048200b7ce010282970902120001000000000904000000020201"], 0x0) 2.857017111s ago: executing program 0 (id=1078): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000380), 0xffffffffffffffff) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz0\x00', {0xfff9, 0x2, 0x240, 0x9b9a}, 0x9, [0x6, 0x9, 0x5, 0x9, 0x700000, 0x155f, 0x6, 0x5, 0x25c8, 0x1, 0xa5, 0x6, 0xa2b9, 0x1000, 0x0, 0xe4, 0x9, 0xfc000000, 0x6, 0xbbf, 0x5a732f64, 0xc, 0x9, 0x12, 0x2, 0x80, 0x4, 0x1, 0x2, 0x3, 0x7, 0x81, 0x28000, 0x5, 0x0, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x4, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000000, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0xa], [0x9, 0x3, 0x6, 0x0, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x761e, 0x9, 0x4, 0xaca, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x4, 0x1, 0x2, 0x54f5bad8, 0x8, 0x40, 0x400, 0xfeff58b7, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x4, 0xf1, 0x4, 0xab00000, 0x40000005, 0x7, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x8, 0x3, 0x4, 0x6, 0x7, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xf0b, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000005, 0xb, 0x7, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x240, 0xd, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x200, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3433, 0x3, 0xa6, 0xfc, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x1, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x8, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fbfffff, 0x7, 0x4, 0x10, 0x81, 0x4, 0x9d86, 0x9, 0xfffffff7, 0x20008, 0x40f1, 0x2, 0x1, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x80000002, 0x624dfaee, 0xc, 0x7f, 0x201000, 0x5, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0x4000000f, 0x2, 0x5337, 0x26d, 0x9, 0xfffffffb, 0x4, 0x80, 0x9, 0x4, 0x463f, 0x4, 0x7, 0x3, 0x8, 0x13ffd, 0x1, 0x1b1a]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000300)={0xda, 0x0, 0x3}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfc, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0xff}}) bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv-cbc-aes-sha256-neon\x00'}, 0x58) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x7fffffffffffffff, 0xfff, 0x0, 0x180, 0x1, 0x7d, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x800, 0x0, 0x4, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 2.705905392s ago: executing program 1 (id=1079): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015cc7aa00090509"], 0x0) unshare(0x62040200) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x139) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000180)=@ethtool_ringparam={0x11, 0x0, 0xfffffffc, 0x0, 0xffff2aef, 0x5, 0x802, 0x8, 0x1000}}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000600)={0xffffffffffffffff, 0x8, 0xfe, 0xfff, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x14}, @dev={0xac, 0x14, 0x14, 0x1f}}, 0x10) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000480)={r4, 0x2, 0x229a, 0x2}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$6lowpan_control(r6, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19) connect$can_bcm(r5, &(0x7f00000004c0), 0x10) r7 = dup(r4) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="000086dd0500561008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef) r8 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r8, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x2, 0xb, 0x7, 0x3, 0x2, 0x0, 0x70bd2b, 0x25dfdbfc}, 0x10}}, 0x10) syz_usb_connect$uac1(0x5, 0xd0, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbe, 0x3, 0x1, 0x12, 0x110, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x400, 0x4}, [@extension_unit={0x9, 0x24, 0x8, 0x3, 0x3, 0x6, "ecf6"}, @extension_unit={0x8, 0x24, 0x8, 0x4, 0x8, 0x5, 'D'}, @output_terminal={0x9, 0x24, 0x3, 0x1, 0x304, 0x1, 0x1}, @input_terminal={0xc, 0x24, 0x2, 0x6, 0x206, 0x4, 0x6, 0x1, 0x45, 0xf}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x8, 0x5, 0x1001}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x5, 0x3, 0xf, 0x5}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x0, 0x7, 0x28, {0x7, 0x25, 0x1, 0x1, 0x9, 0x6}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x0, 0x3, 0x4, 0x9, "bef047"}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x2, 0x1, 0x9, 0xc2}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x1, 0x4, 0x6, 0xf, '_', "b6a983"}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x9, 0x0, 0x2, 'wZ'}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x1, 0xff, 0x1, {0x7, 0x25, 0x1, 0x0, 0x7, 0xbab7}}}}}}}]}}, &(0x7f0000000500)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x9, 0xff, 0x3, 0x40, 0x3}, 0x17, &(0x7f00000001c0)={0x5, 0xf, 0x17, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x6, 0x8, 0x8, 0x2}, @wireless={0xb, 0x10, 0x1, 0x8, 0xb5, 0x6, 0xb, 0x2, 0x5}]}, 0x5, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x42a}}, {0xdb, &(0x7f0000000240)=@string={0xdb, 0x3, "c0e36ae1df7ba8c31a739c781f5d517bf0846285ba8e7200e15d01d94307dbe8d3568fba5a842a2b99f743c538b29e40e20982987f15a7dcf685078572db66e26eb70753212b1374c85e98d235b9cb71ab59add8dc96615e4b25c14fb9ad7254e92844ca89e4f82753fe334becd932d4be1ca5ff999d2031c79018e9d3e84eb1725af3b1e7bfb33f89889e911237e3ea52425858b4ced4b18051092098d79c461938c73c52abe61de053197459e780b958169588341129633ce2dd6cb58b0ec9b4be441eccdaed97f1ececdca5cb428573a7a97febca3e8eb0"}}, {0xf1, &(0x7f0000000340)=@string={0xf1, 0x3, "e55a0a045bc394bc3c24c79c518d3a3b7c9dcf857421e7d8543a96b464b9fb72e28990e098d33bcb8fb6f6bd018082e26cdcd8fe900f94b19bc9e66f53bcc3769c4bdc014e734d8445527022c503667c42274faa249e02027ed8e168509c422782a36331ade53237b80474644c66cb31c8e738c154c41e681021c7bbdc9f62adb6e30f42e6d8890f5551a640974b57d49d48b1f25f5882a7a0f29df615687494a19acc8933256c8c4edbc1e24aa6c428f65e55c8103d73d97a337c2dad3e89067206d7b2189f336b785725642f360c2977196ac0c444da25a235943a93e30a8f06bf8bca92e7357a7445f8c6bfb5ff"}}, {0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="1d036c0ef5f76e8beb9b5b9af06af33c491419d4033d5e66a7064a608b"]}, {0x47, &(0x7f0000000580)=ANY=[@ANYBLOB="4703f76832b723ea44f14dadcae424d66e40414034fa82c307ec7ac08dd148ca1f180f80ef1c3d526fdbc1f8d8ef4eb05b367886fed9c567e6481155f71aa842cfc72a0b65165c1c3268874d42911400ab9b14668f"]}]}) ioctl$VIDIOC_LOG_STATUS(0xffffffffffffffff, 0x5646, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00) syz_usb_disconnect(r0) 2.640073311s ago: executing program 0 (id=1080): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e24, 0x8, @local, 0x6}, 0x32) r4 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r4, &(0x7f0000000100)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e20, @broadcast}}, 0x24) r5 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r5, &(0x7f0000000100)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e20, @broadcast}}, 0x24) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000140)={"2996acbf16803bb01c4b856180c82669", 0x0, 0x0, {0x9, 0x3}, {0x0, 0x400}, 0x6, [0x1, 0x7, 0x40, 0x2, 0xd1, 0x2, 0x1, 0x7, 0x10000, 0x5, 0x401, 0x100, 0x0, 0x9, 0xf, 0x8]}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000001000010700000000000000000a000000060001001400000008000a"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) setsockopt$inet6_int(r3, 0x29, 0x10, &(0x7f0000000140)=0x4, 0x4) ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000080)) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1ff509e1c0b13532057b761886132c92d5707253296cc6949312c8c6b32fba60258993197ad0d2681b4502d9121ead867bb8d0e307f1dd037066d30389cd35e9b97cca6ac4ab63c7592ef1b2f7b48750c54bf793d9111f112a7289e515e54fec960712b4eb18a24898e867fbca87ab4732213de24ea5200d92058f9f6145e4aa749daa98a67ba17b4c4c1640602e762913aa557ca204f2d89aeefcf2fe47db8a0d306e37e23db7f9146088a075ccd693a698f8b663f6b30419a01d09359eee1a6025b996e03766ef8e871516f66654f0f9451799f780a1402c46150990ed0de4684832c36f8555fb907dfffe67dee28d5e4c42244bed189fe3ea0bf0cad33045fd30615cf7fc530838fecb0f", @ANYRES16=r8, @ANYBLOB="010027bd70000000000049000000080001007063690011000200303030303a30303a31302e300000000008007300000000000e0001006e657464657673696d0000000f0002006e657464657673696d300000f6fc030002000000"], 0x60}}, 0x24004000) sendto$inet6(r3, 0x0, 0x0, 0x4000, 0x0, 0x0) r9 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r9, 0x0, 0x482, &(0x7f0000000100)={0x11, @empty, 0x15, 0x4, 'wlc\x00', 0x3c, 0xc, 0x83}, 0x2c) sendto$inet(r9, 0x0, 0x0, 0x200007fd, &(0x7f0000000180)={0x2, 0x14, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000580)={0x1fe, 0x1, 0x0, 0x2000, &(0x7f00004ef000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYRES64=r2]) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.553968176s ago: executing program 2 (id=1081): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x8000000000000002, 0x100, 0x0, 0x180, 0x1, 0x7d, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x800, 0x0, 0x0, 0xbdb], 0x1, 0x144652}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.50524763s ago: executing program 3 (id=1082): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz0\x00', {0xfff9, 0x2, 0x240, 0x9b9a}, 0x9, [0x6, 0x9, 0x5, 0x9, 0x700000, 0x155f, 0x6, 0x5, 0x25c8, 0x1, 0xa5, 0x6, 0xa2b9, 0x1000, 0x0, 0xe4, 0x9, 0xfc000000, 0x6, 0xbbf, 0x5a732f64, 0xc, 0x9, 0x12, 0x2, 0x80, 0x4, 0x1, 0x2, 0x3, 0x7, 0x81, 0x28000, 0x5, 0x0, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x4, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000000, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0xa], [0x9, 0x3, 0x6, 0x0, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x761e, 0x9, 0x4, 0xaca, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x4, 0x1, 0x2, 0x54f5bad8, 0x8, 0x40, 0x400, 0xfeff58b7, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x4, 0xf1, 0x4, 0xab00000, 0x40000005, 0x7, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x8, 0x3, 0x4, 0x6, 0x7, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xf0b, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x2, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000008, 0xb, 0x7, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x240, 0xd, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x200, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3433, 0x3, 0xa6, 0xfc, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x1, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x8, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fbfffff, 0x7, 0x4, 0x10, 0x81, 0x4, 0x9d86, 0x9, 0xfffffff7, 0x20008, 0x40f1, 0x2, 0x1, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x80000002, 0x624dfaee, 0xc, 0x7f, 0x201000, 0x5, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0x4000000f, 0x2, 0x5337, 0x0, 0x9, 0xfffffffb, 0x4, 0x80, 0x9, 0x4, 0x463f, 0x4, 0x7, 0x3, 0x8, 0x13ffd, 0x1, 0x1b1a]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, 0x17, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x24040040) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfc, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0xff}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x7fffffffffffffff, 0xfff, 0x0, 0x180, 0x1, 0x7d, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x800, 0x0, 0x4, 0xbdb], 0x1, 0x1c4213}) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100003f7a7e40720c12009622010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r4, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000100)={0x20, 0xf, 0x4, "9d1b0187"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 2.457074033s ago: executing program 0 (id=1083): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz0\x00', {0xfff9, 0x2, 0x240, 0x9b9a}, 0x9, [0x6, 0x9, 0x5, 0x9, 0x700000, 0x155f, 0x6, 0x5, 0x25c8, 0x1, 0xa5, 0x6, 0xa2b9, 0x1000, 0x0, 0xe4, 0x9, 0xfc000000, 0x6, 0xbbf, 0x5a732f64, 0xc, 0x9, 0x12, 0x2, 0x80, 0x4, 0x1, 0x2, 0x3, 0x7, 0x81, 0x28000, 0x5, 0x0, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x4, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000000, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0xa], [0x9, 0x3, 0x6, 0x0, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x761e, 0x9, 0x4, 0xaca, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x4, 0x1, 0x2, 0x54f5bad8, 0x8, 0x40, 0x400, 0xfeff58b7, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x4, 0xf1, 0x4, 0xab00000, 0x40000005, 0x7, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x8, 0x3, 0x4, 0x6, 0x7, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xf0b, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x2, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000008, 0xb, 0x7, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x240, 0xd, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x200, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3433, 0x3, 0xa6, 0xfc, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x1, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x8, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fbfffff, 0x7, 0x4, 0x10, 0x81, 0x4, 0x9d86, 0x9, 0xfffffff7, 0x20008, 0x40f1, 0x2, 0x1, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x80000002, 0x624dfaee, 0xc, 0x7f, 0x201000, 0x5, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0x4000000f, 0x2, 0x5337, 0x0, 0x9, 0xfffffffb, 0x4, 0x80, 0x9, 0x4, 0x463f, 0x4, 0x7, 0x3, 0x8, 0x13ffd, 0x1, 0x1b1a]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x24040040) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfc, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0xff}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x7fffffffffffffff, 0xfff, 0x0, 0x180, 0x1, 0x7d, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x800, 0x0, 0x4, 0xbdb], 0x1, 0x1c4213}) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100003f7a7e40720c1200962201020301090212"], 0x0) syz_usb_control_io$uac1(r4, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000100)={0x20, 0xf, 0x2, "9d1b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 2.379263135s ago: executing program 2 (id=1084): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d09f91b5b090987f70906d038e7ff7fc6e5539b0d3d0e8b089b39366d07060890e0878f0e1ac6e7049b334a959b3e9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5bcd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39dd0000000039ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d877a4eddd5d0fc5a752f9000", 0xffffffffffffff52}}, 0x1006) 2.281767156s ago: executing program 2 (id=1085): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000380), 0xffffffffffffffff) r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000000440)=0xe) sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0, 0x14}}, 0x0) openat2(0xffffffffffffffff, 0x0, &(0x7f00000001c0)={0x200000, 0x12a, 0x2}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000040)={&(0x7f0000000e80)=ANY=[@ANYBLOB="f0e512868dd383af00000000000000000200000034000003000000000000000000000000050000030900010073797a31000000000900020073797a30000000000800034000000003140000001100010000000000000000000100000a"], 0x5c}, 0x1, 0x0, 0x0, 0x81}, 0x40000) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz0\x00', {0xfff9, 0x2, 0x240, 0x9b9a}, 0x9, [0x6, 0x9, 0x5, 0x9, 0x700000, 0x155f, 0x6, 0x5, 0x25c8, 0x1, 0xa5, 0x6, 0xa2b9, 0x1000, 0x0, 0xe4, 0x9, 0xfc000000, 0x6, 0xbbf, 0x5a732f64, 0xc, 0x9, 0x12, 0x2, 0x80, 0x4, 0x1, 0x2, 0x3, 0x7, 0x81, 0x28000, 0x5, 0x0, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x4, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000000, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x2, 0x4007f, 0xffffffff, 0x6, 0xa], [0x9, 0x3, 0x6, 0x0, 0x4, 0x0, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x761e, 0x9, 0x4, 0xaca, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x4, 0x1, 0x2, 0x54f5bad8, 0x8, 0x40, 0x400, 0xfeff58b7, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x4, 0xf1, 0x4, 0xab00000, 0x40000005, 0x7, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x8, 0x3, 0x4, 0x6, 0x7, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xf0b, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000005, 0xb, 0x7, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x240, 0xd, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x200, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3433, 0x3, 0xa6, 0xfc, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x1, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x954e, 0x9, 0xfffffffc, 0x10000, 0x8, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fbfffff, 0x7, 0x4, 0x10, 0x81, 0x4, 0x9d86, 0x9, 0xfffffff7, 0x20008, 0x40f1, 0x2, 0x1, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x80000002, 0x624dfaf2, 0xc, 0x7f, 0x201000, 0x5, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0x4000000f, 0x2, 0x5337, 0x26d, 0xc, 0xfffffffb, 0x4, 0x80, 0x9, 0x4, 0x463f, 0x4, 0x7, 0x3, 0x8, 0x13ffd, 0x1, 0x1b1a]}, 0x45c) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000) madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x7fffffffffffffff, 0xfff, 0x0, 0x180, 0x1, 0x7d, 0xf1, 0x0, 0x8000000000000, 0x5, 0x2, 0x6, 0x0, 0x0, 0x4, 0xbdb], 0x1, 0x1d4213}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.763810742s ago: executing program 2 (id=1086): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000200)) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x0, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000140)=[0x3000, 0x5, 0x2, 0xffff, 0x5, 0x7, 0xf, 0x5], &(0x7f0000000200), &(0x7f0000000080)=[0x42b4]}) 1.5376157s ago: executing program 2 (id=1087): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000180)={0x1, 0x8}, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x2, @pix={0x40, 0x8, 0x31435641, 0x9, 0x5, 0x8, 0x3, 0x10000, 0x0, 0x6, 0x2, 0xffffffffffffffff}}) syz_io_uring_setup(0x6e2e, &(0x7f0000000000)={0x0, 0xc5fa, 0x400, 0x0, 0xc3}, 0x0, 0x0) clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) (async) prlimit64(0x0, 0x7, &(0x7f0000000180)={0x1, 0x8}, 0x0) (async) syz_open_dev$vim2m(&(0x7f0000000040), 0x800, 0x2) (async) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x2, @pix={0x40, 0x8, 0x31435641, 0x9, 0x5, 0x8, 0x3, 0x10000, 0x0, 0x6, 0x2, 0xffffffffffffffff}}) (async) syz_io_uring_setup(0x6e2e, &(0x7f0000000000)={0x0, 0xc5fa, 0x400, 0x0, 0xc3}, 0x0, 0x0) (async) clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0) (async) 1.353833433s ago: executing program 2 (id=1088): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz0\x00', {0xfff9, 0x2, 0x240, 0x9b9a}, 0x9, [0x6, 0x9, 0x5, 0x9, 0x700000, 0x155f, 0x6, 0x5, 0x25c8, 0x1, 0xa5, 0x6, 0xa2b9, 0x1000, 0x0, 0xe4, 0x9, 0xfc000000, 0x6, 0xbbf, 0x5a732f64, 0xc, 0x9, 0x12, 0x2, 0x80, 0x4, 0x1, 0x2, 0x3, 0x7, 0x81, 0x28000, 0x5, 0x0, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x4, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000000, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0xa], [0x9, 0x3, 0x6, 0x0, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x761e, 0x9, 0x4, 0xaca, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x4, 0x1, 0x2, 0x54f5bad8, 0x8, 0x40, 0x400, 0xfeff58b7, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x4, 0xf1, 0x4, 0xab00000, 0x40000005, 0x7, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x8, 0x3, 0x4, 0x6, 0x7, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xf0b, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x2, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000008, 0xb, 0x7, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x240, 0xd, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x200, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3433, 0x3, 0xa6, 0xfc, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x1, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x8, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fbfffff, 0x7, 0x4, 0x10, 0x81, 0x4, 0x9d86, 0x9, 0xfffffff7, 0x20008, 0x40f1, 0x2, 0x1, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x80000002, 0x624dfaee, 0xc, 0x7f, 0x201000, 0x5, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0x4000000f, 0x2, 0x5337, 0x0, 0x9, 0xfffffffb, 0x4, 0x80, 0x9, 0x4, 0x463f, 0x4, 0x7, 0x3, 0x8, 0x13ffd, 0x1, 0x1b1a]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, 0x17, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x24040040) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfc, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0xff}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x7fffffffffffffff, 0xfff, 0x0, 0x180, 0x1, 0x7d, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x800, 0x0, 0x4, 0xbdb], 0x1, 0x1c4213}) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100003f7a7e40720c1200962201020301090212"], 0x0) syz_usb_control_io$uac1(r4, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000100)={0x20, 0xf, 0x2, "9d1b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 904.872026ms ago: executing program 3 (id=1089): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000380), 0xffffffffffffffff) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz0\x00', {0xfff9, 0x2, 0x240, 0x9b9a}, 0x9, [0x6, 0x9, 0x5, 0x9, 0x700000, 0x155f, 0x6, 0x5, 0x25c8, 0x1, 0xa5, 0x6, 0xa2b9, 0x1000, 0x0, 0xe4, 0x9, 0xfc000000, 0x6, 0xbbf, 0x5a732f64, 0xc, 0x9, 0x12, 0x2, 0x80, 0x4, 0x1, 0x2, 0x3, 0x7, 0x81, 0x28000, 0x5, 0x0, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x4, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000000, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0xa], [0x9, 0x3, 0x6, 0x0, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x761e, 0x9, 0x4, 0xaca, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x4, 0x1, 0x2, 0x54f5bad8, 0x8, 0x40, 0x400, 0xfeff58b7, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x4, 0xf1, 0x4, 0xab00000, 0x40000005, 0x7, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x8, 0x3, 0x4, 0x6, 0x7, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xf0b, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000005, 0xb, 0x7, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x240, 0xd, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x200, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3433, 0x3, 0xa6, 0xfc, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x1, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x8, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fbfffff, 0x7, 0x4, 0x10, 0x81, 0x4, 0x9d86, 0x9, 0xfffffff7, 0x20008, 0x40f1, 0x2, 0x1, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x80000002, 0x624dfaee, 0xc, 0x7f, 0x201000, 0x5, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0x4000000f, 0x2, 0x5337, 0x26d, 0x9, 0xfffffffb, 0x4, 0x80, 0x9, 0x4, 0x463f, 0x4, 0x7, 0x3, 0x8, 0x13ffd, 0x1, 0x1b1a]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000300)={0xda, 0x0, 0x3}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfc, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0xff}}) bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv-cbc-aes-sha256-neon\x00'}, 0x58) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x7fffffffffffffff, 0xfff, 0x0, 0x180, 0x1, 0x7d, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x800, 0x0, 0x4, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 858.544068ms ago: executing program 0 (id=1090): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r3, 0x4, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x47, 0x3b}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x4c}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x8080) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d0000000080211000001080211000000505050505050"], 0x3c}}, 0x10) 753.87218ms ago: executing program 0 (id=1091): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000080)='bdev\x00', 0x203, 0x0) chroot(&(0x7f0000000000)='./file0/../file0\x00') mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') sendfile(r1, r1, &(0x7f0000000000)=0x2eb4, 0x2000007ff) lseek(r0, 0x3, 0x3) getdents64(r0, 0x0, 0x0) socketpair(0x1e, 0x1, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x82040, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000240)={'gre0\x00', &(0x7f00000001c0)={'tunl0\x00', 0x0, 0x700, 0x7800, 0x8, 0x4, {{0x7, 0x4, 0x1, 0x3e, 0x1c, 0x67, 0x0, 0x0, 0x4, 0x0, @local, @broadcast, {[@ra={0x94, 0x4}, @noop, @end]}}}}}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv0\x00', 0x0}) sendmsg$nl_xfrm(r2, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="199807001400000428bd7000fedbdf2500000000000000000000000800003b17043600000000000000000000000000004e2400004e2302000a00a0c029000000", @ANYRES32=r3, @ANYRES32=0xee00, @ANYBLOB="b96b6e000200000028001a00ff020000000000000000000000000001fe80000000000000000000000000000a0200750208000c00ffffffff0a0010000000000000a0fd0f23ce49add9737369762863626328616573292c7368613235362900000000000000000000000000000000000000000000000000000000000000000000000000000000000018030000414765fec1f6b50618bad66167d1f9fd008fd98c249a8d9cd6d2f2b8575ea1cb0adfe23141fd052d3a4f5b52cb88973b78e3463d632c96e59c9cf3c4ed9796fbb25dec6a060be3e816dad05b73db85d6760fd64f09d7b1310a0307d538b1752c5b169400790003006c7a730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000088010000719dab7691ded64912e91d0b7b451cf1eae36bd3f621c7faaa7173deeca50df5b88989f016dab318d4956fe69826aabb0c000000cc01110020010000000000000000000000000000e0000001000000000000000000000000fe800000000000000000000000000014fc020000000000000000000000000001ff060000043500000a000200ac1e0101000000000000000000000000fc020000000000000000000000000000fe8000000000000000000000000000aaffffffff0000000000000000000000003201000004350000020002000a010100000000000000000000000000ac1e0001000000000000000000000000fc020000000000000000000000000001ff010000000000000000000000000001ff020000040000000a000200fe800000000000000000000000000034e0000002000000000000000000000000ac14141300000000000000000000000020010000000000000000000000000001330400000635000002000a00000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000001ac1414aa0000000000000000000000003c030000003500000200020020010000000000000000000000000002ffffffff000000000000000000000000640101010000000000000000000000007f000001000000000000000000000000330300000235000002000a000800180009000000e4000600ffffffff000000000000000000000000000000000000000000000000000000004e2200084e200ed20200800060000000", @ANYRES32=r4, @ANYRES8, @ANYBLOB="fe8000000000000000000000000000aa000004d36c000000fc01000000000000000000000000000006000000000000000100000001000000020000000000000009000000000000000900000000000000070000000000000087350000000000000000000000000000010000000000000074d1ec68000000000500000000000000080000000000000008000000ff0300000800000029bd700000000000020006f0be00000000000000"], 0x46c}, 0x1, 0x0, 0x0, 0x8001}, 0x0) 699.213072ms ago: executing program 0 (id=1092): prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0xda9917f2, &(0x7f0000000480)='\x00\xff\xff\x00\x02@qGP\xc5\x94\xa6\x8fB\xc3\x93\xe5\xc1a\x05!\x9a\x8b\xeb\xceJP\x1e\xf2\x8a\xd4\xaa\x15@>\xdb\xab\x06\x1b\xe2w\xd8\x1e\xda\xc1\x9f\xe9\xc4c\xdd\xf6^\xcb\xec\xab\x82\xcf\x14\xde\xa5\xef\x162bP\x95/\xefMs\xe0%}\xe4\xf1=\x05\xf6l7\xc1\xe9c\xc3\x7f\tg\xf56\xeasl\xbd\x02\xc1\x8a\xa9\x83\xaf\xfa\x95W+N$\x06R\x92\xe5Z\x97\xfb\xb6e}fW\x8bm\x04\'{\xaf\xe2zd\x91+-\xb1\xd8\ftK|\xb8\xd2\xb6\x7f\xf4\x84\v\x1e\xe6R\xfc\xbcg\x81\xbb\xc4\xcd\xe9\xe5.\x9b\x7f\xeb\x04\xe6,N\x00\x9a\x9d\xf8\xd1\x8aR4;\x7f\x8a\x86\xb7\xd7o\x90\xfd\xa9dJ\xd5.\x18F2\x00\x00\x00\xf2y\x99\xfd\xca\xff*\xd3;\x84F\x8f !N\x1c\xfaI\xa5\x85:\xc1\x9ed\x13\xaf\xd0/\x00\x9b\x0e\xb6\xca\xa5X\xb9]<\n\x90Tk\xa4\xb3\xc4\xa4*\xc2\xf6\x1bw\n6^\xfa\xea\r\xf1\xc1\xd0\xd8\xc7B\x1cP\x02\xcfH\x89\x82G\xcf\x1921\x9e\v4Q\xc6\x9c\xc3\xfd\xf3Z1\xef7cK\xd5\xdc\xbf\x00\xe0{\xa0\xf7\xcd\x82\xf6\x99\xcb\x1a\x17\x02\xd1\x9d(\xa2 \x85\x8e 6zL\xeeqG\t~\xafQ(\xc3\xd8\x05\xcb\xbfB\xb0\xe1b\x0f\xa8f\xe6\xb1\xe8\x9aB\x90\x00\x00\x00') mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000001c0)={0x0, 0x7, "4c1e01e47fb263"}, &(0x7f0000000240)=0xf) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000280)={r1, 0xb}, 0x8) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) ioctl$UFFDIO_MOVE(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, 0x1000, 0x3}) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, &(0x7f0000000780)='\x00\xff\xff\x00\x02@qGP\xc5\x94\xa6\x8fB\xc3\x93\xe5\xc1a\xdb\xc9:t\vt,)\x05!\x9a\x8b\xeb\xceJP\x1e\xf2\x8a\xd6\f\xfe\xd4\xaa\x15@>\xdb\xab\x06\x1b\xe2w\xd8\x1e\xda\xc1\x9f\xe9\xc4c\xdd\xf6^\xcb\xec\xab\x82\xcf\x14\xde\xa5\xef\x162bP\x95/\xefMs\xe0%}\xe4\xf1=\x05\xf6l7\xc1\xe9c\xc3\x7f\tg\xf56\xeasl\xbd\x02\xc1\x8a\xa9\x83\xaf\xfa\x95\t\x00\x00\x00\x06R\x92\xe5Z\x97\xfb\xb6e}fW\x8bm\x04\'{\xaf\xe2zd\x91+-\xb1\xd8\ftK|\xb8\xd2\xb6\x7f\x02\xe8rP>R\xfc\xbcg\x81\xbb\xc4\xcd\xe9\xe5.\x9b\x7f\xeb\xd1\x8aR4;\x7f\x8a\x86\xb7\xd7o\x90\xfd\xa9dJ\xd5.\x18F2\x00\x00\x00\xf2y\x99\xfd\xca\xff*\xd3;\x84F\x8f !N\x1c\xfaI\xa5\x85:\xc1\x9ed\x13\xaf\xd0/\x00\x9b\x0e\xb6\xca\xa5X\xb9]<\n\x90Tk\xa4\xb3\xc4\xa4*\xc2\xf6\x1bw\n6^\xfa\xea\r\xf1\xc1\xd0\xd8\xc7B\x1cP\xed\xceH\x891\x9e\v4Q\xee]\x96W\xb9(<\xd1\xbb\x94\xc8\xc6\x9c\xc3\xfd\xf3Z1\xef7cK\xd5\xdc\xbf\x00\xe0{\xa0\xf7\xcd\x82\xf6\x99\xcb\x1a\x17\x02\xd1\x9d(\xa2 \x85\x8e 6zL\xeeqG\t~\xafQ(\xc3\xd8\x05\xcb\xe8\'\xbfB\xb0\xe1b\x0f\xa8f\xe6\xb1\xe8\x9aB\x90\x00\x00\x00d\xeex\xb3\xc3J\xc7\x1f\xe33\x14\x16T\x1bb\xc0\x9c\x12\x00'/378) r2 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="1201000000030020f003176c40000000000109022472510000000009040000120701030009050102000000000009058202", @ANYRESDEC], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) lremovexattr(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140)=@random={'trusted.', '\x00'}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r3, &(0x7f0000006880)=[{{0x0, 0x0, 0x0}, 0x80000001}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000440)=""/183, 0xb7}, {&(0x7f00000007c0)=""/242, 0xf2}, {&(0x7f0000000140)=""/50, 0x32}, {&(0x7f00000018c0)=""/4104, 0x1008}, {&(0x7f0000000340)=""/75, 0x4b}, {&(0x7f0000000500)=""/224, 0xe0}, {&(0x7f0000000600)=""/244, 0xf4}], 0x7}, 0x80000000}], 0x4, 0x4022, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x2982, 0x0) ioctl$TCXONC(r4, 0x540a, 0x2) mkdir(&(0x7f0000000000)='./bus\x00', 0x1) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000640)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) mount$9p_fd(0x0, &(0x7f0000000200)='./bus\x00', 0x0, 0x800031, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x80000000) 527.134696ms ago: executing program 3 (id=1093): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfc, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0xff}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 352.907904ms ago: executing program 3 (id=1094): inotify_init() r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x400008bf) write$binfmt_elf32(r0, &(0x7f00000003c0)=ANY=[], 0x69) close(r0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="12014101f2c59620d016b8108edee501030109022400010000100009040002020083ec0009050602000202000a09058202"], 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000e40)={0x40, 0x9, 0xc, "00004700000040f400bec073"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r2, 0x0, &(0x7f00000003c0)={0x34, &(0x7f0000000100)={0x40, 0x12, 0x29, "8e4a965f8b7816b71a32868db3080bbc7ec355afc43b876d3bd0ce9753dc8a91a7d2c1f1aaec052b9d"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r2, 0x0, &(0x7f0000000340)={0x1c, &(0x7f00000002c0)={0x40, 0x15, 0x5, "c923f8cf06"}, 0x0, 0x0}) r3 = dup(r1) r4 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000000), &(0x7f0000000040)=0xc) mmap(&(0x7f0000200000/0x2000)=nil, 0x2000, 0x1000006, 0x2c011, r3, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 0s ago: executing program 1 (id=1095): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000200)) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x0, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000140)=[0x3000, 0x5, 0x2, 0xffff, 0x5, 0x7, 0xf, 0x5], &(0x7f0000000200), &(0x7f0000000080)=[0x42b4]}) kernel console output (not intermixed with test programs): igh-speed USB device number 119 using dummy_hcd [ 280.714555][ T5939] usb 3-1: no configurations [ 280.719306][ T5939] usb 3-1: can't read configurations, error -22 [ 280.726124][ T5939] usb usb3-port1: attempt power cycle [ 280.793448][ T9] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 280.843924][ T9] usb 4-1: device descriptor read/8, error -71 [ 281.066264][ T5939] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 281.083776][ T9] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 281.096296][ T5939] usb 3-1: no configurations [ 281.102096][ T5939] usb 3-1: can't read configurations, error -22 [ 281.114166][ T9] usb 4-1: device descriptor read/8, error -71 [ 281.233748][ T9] usb usb4-port1: unable to enumerate USB device [ 281.253480][ T5939] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 281.276441][ T5939] usb 3-1: no configurations [ 281.281124][ T5939] usb 3-1: can't read configurations, error -22 [ 281.288314][ T5939] usb usb3-port1: unable to enumerate USB device [ 281.303542][ T5964] usb 1-1: new high-speed USB device number 104 using dummy_hcd [ 281.465862][ T5964] usb 1-1: config index 0 descriptor too short (expected 64706, got 72) [ 281.476480][ T5964] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 281.485674][ T5964] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.493774][ T5964] usb 1-1: Product: syz [ 281.497942][ T5964] usb 1-1: Manufacturer: syz [ 281.502585][ T5964] usb 1-1: SerialNumber: syz [ 281.513760][ T5964] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 281.537874][ T9] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 281.624579][ T5939] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 281.748563][ T8589] netlink: 205 bytes leftover after parsing attributes in process `syz.0.820'. [ 281.786004][ T5977] usb 1-1: USB disconnect, device number 104 [ 282.337030][ T5964] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 282.364755][ T5964] hid-generic 0000:0000:0000.000F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 282.506323][ T8604] hid-generic 0000:0000:0000.000F: pid 8604 passed too short report [ 282.573456][ T9] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 282.580886][ T9] ath9k_htc: Failed to initialize the device [ 282.607263][ T5977] usb 1-1: ath9k_htc: USB layer deinitialized [ 282.802693][ T8614] netlink: 12 bytes leftover after parsing attributes in process `syz.0.830'. [ 282.856434][ T8618] FAULT_INJECTION: forcing a failure. [ 282.856434][ T8618] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 282.869666][ T8618] CPU: 0 UID: 0 PID: 8618 Comm: syz.0.831 Not tainted syzkaller #0 PREEMPT(full) [ 282.869690][ T8618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 282.869698][ T8618] Call Trace: [ 282.869704][ T8618] [ 282.869709][ T8618] dump_stack_lvl+0x189/0x250 [ 282.869730][ T8618] ? __pfx____ratelimit+0x10/0x10 [ 282.869742][ T8618] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.869757][ T8618] ? __pfx__printk+0x10/0x10 [ 282.869771][ T8618] ? __might_fault+0xb0/0x130 [ 282.869792][ T8618] should_fail_ex+0x414/0x560 [ 282.869811][ T8618] _copy_to_iter+0x589/0x1790 [ 282.869831][ T8618] ? __pfx__copy_to_iter+0x10/0x10 [ 282.869842][ T8618] ? __skb_try_recv_from_queue+0x2b2/0x730 [ 282.869859][ T8618] ? __skb_try_recv_datagram+0x3d5/0x4d0 [ 282.869876][ T8618] __skb_datagram_iter+0xf8/0x990 [ 282.869891][ T8618] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 282.869909][ T8618] skb_copy_datagram_iter+0xc5/0x230 [ 282.869925][ T8618] netlink_recvmsg+0x2ab/0xa30 [ 282.869946][ T8618] ? __pfx_netlink_recvmsg+0x10/0x10 [ 282.869957][ T8618] ? __lock_acquire+0xab9/0xd20 [ 282.869971][ T8618] ? aa_sock_msg_perm+0xf1/0x1d0 [ 282.869985][ T8618] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 282.869995][ T8618] ? security_socket_recvmsg+0x7e/0x2e0 [ 282.870010][ T8618] ? __pfx_netlink_recvmsg+0x10/0x10 [ 282.870022][ T8618] sock_recvmsg+0x22c/0x270 [ 282.870040][ T8618] ____sys_recvmsg+0x1c9/0x460 [ 282.870058][ T8618] ? __pfx_____sys_recvmsg+0x10/0x10 [ 282.870079][ T8618] ? import_iovec+0x74/0xa0 [ 282.870094][ T8618] ___sys_recvmsg+0x1b5/0x510 [ 282.870110][ T8618] ? __pfx____sys_recvmsg+0x10/0x10 [ 282.870135][ T8618] ? __fget_files+0x3a0/0x420 [ 282.870153][ T8618] do_recvmmsg+0x307/0x770 [ 282.870171][ T8618] ? __pfx_do_recvmmsg+0x10/0x10 [ 282.870189][ T8618] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 282.870211][ T8618] __x64_sys_recvmmsg+0x190/0x240 [ 282.870226][ T8618] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 282.870241][ T8618] ? do_syscall_64+0xbe/0xfa0 [ 282.870255][ T8618] do_syscall_64+0xfa/0xfa0 [ 282.870266][ T8618] ? lockdep_hardirqs_on+0x9c/0x150 [ 282.870278][ T8618] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.870287][ T8618] ? clear_bhb_loop+0x60/0xb0 [ 282.870299][ T8618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.870309][ T8618] RIP: 0033:0x7f40ed78eec9 [ 282.870320][ T8618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.870329][ T8618] RSP: 002b:00007f40eb9f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 282.870341][ T8618] RAX: ffffffffffffffda RBX: 00007f40ed9e5fa0 RCX: 00007f40ed78eec9 [ 282.870348][ T8618] RDX: 0000000000000002 RSI: 0000200000000600 RDI: 0000000000000003 [ 282.870354][ T8618] RBP: 00007f40eb9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 282.870361][ T8618] R10: 0000000040000020 R11: 0000000000000246 R12: 0000000000000001 [ 282.870367][ T8618] R13: 00007f40ed9e6038 R14: 00007f40ed9e5fa0 R15: 00007ffe6d121dc8 [ 282.870390][ T8618] [ 283.253435][ T5964] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 283.428276][ T5964] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 283.438628][ T5964] usb 4-1: config 0 has no interfaces? [ 283.453832][ T8626] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (200000 ns). Using initial count to start timer. [ 283.480377][ T5964] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 283.489585][ T5964] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.497650][ T5964] usb 4-1: Product: syz [ 283.501883][ T5964] usb 4-1: Manufacturer: syz [ 283.506522][ T5964] usb 4-1: SerialNumber: syz [ 283.513284][ T5964] usb 4-1: config 0 descriptor?? [ 283.603681][ T5909] usb 3-1: new full-speed USB device number 122 using dummy_hcd [ 283.663534][ T5939] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 283.800293][ T5909] usb 3-1: unable to get BOS descriptor or descriptor too short [ 283.809559][ T5909] usb 3-1: not running at top speed; connect to a high speed hub [ 283.818730][ T5909] usb 3-1: config 106 has an invalid interface number: 8 but max is 0 [ 283.828344][ T5909] usb 3-1: config 106 has no interface number 0 [ 283.833014][ T5939] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 283.835053][ T5909] usb 3-1: config 106 interface 8 has no altsetting 0 [ 283.852066][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.853245][ T5909] usb 3-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=93.dd [ 283.860741][ T5939] usb 2-1: Product: syz [ 283.891085][ T5939] usb 2-1: Manufacturer: syz [ 283.896003][ T5939] usb 2-1: SerialNumber: syz [ 283.905866][ T5964] usb 4-1: USB disconnect, device number 102 [ 283.912242][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.925599][ T5909] usb 3-1: Product: syz [ 283.930452][ T5909] usb 3-1: Manufacturer: syz [ 283.932866][ T5939] usb 2-1: config 0 descriptor?? [ 283.939036][ T5909] usb 3-1: SerialNumber: syz [ 284.159649][ T8622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 284.167888][ T5939] peak_usb 2-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 284.170276][ T8622] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 284.199543][ T5909] kalmia 3-1:106.8 (unnamed net_device) (uninitialized): Error sending init packet. Status -22 [ 284.210752][ T5909] kalmia 3-1:106.8: probe with driver kalmia failed with error -22 [ 284.238660][ T5909] usb 3-1: USB disconnect, device number 122 [ 284.280945][ T8647] FAULT_INJECTION: forcing a failure. [ 284.280945][ T8647] name failslab, interval 1, probability 0, space 0, times 0 [ 284.295492][ T8647] CPU: 0 UID: 0 PID: 8647 Comm: syz.0.841 Not tainted syzkaller #0 PREEMPT(full) [ 284.295517][ T8647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 284.295528][ T8647] Call Trace: [ 284.295535][ T8647] [ 284.295542][ T8647] dump_stack_lvl+0x189/0x250 [ 284.295572][ T8647] ? __pfx____ratelimit+0x10/0x10 [ 284.295592][ T8647] ? __pfx_dump_stack_lvl+0x10/0x10 [ 284.295617][ T8647] ? __pfx__printk+0x10/0x10 [ 284.295644][ T8647] ? __pfx___might_resched+0x10/0x10 [ 284.295667][ T8647] ? fs_reclaim_acquire+0x7d/0x100 [ 284.295691][ T8647] should_fail_ex+0x414/0x560 [ 284.295725][ T8647] should_failslab+0xa8/0x100 [ 284.295747][ T8647] kmem_cache_alloc_node_noprof+0x77/0x710 [ 284.295776][ T8647] ? __alloc_skb+0x112/0x2d0 [ 284.295802][ T8647] __alloc_skb+0x112/0x2d0 [ 284.295827][ T8647] nfc_genl_device_removed+0x84/0x330 [ 284.295858][ T8647] ? __pfx_nfc_genl_device_removed+0x10/0x10 [ 284.295884][ T8647] ? destroy_workqueue+0xb36/0xc70 [ 284.295914][ T8647] ? destroy_workqueue+0x894/0xc70 [ 284.295948][ T8647] nfc_unregister_device+0x32/0x2a0 [ 284.295974][ T8647] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 284.296000][ T8647] virtual_ncidev_close+0x56/0x90 [ 284.296024][ T8647] __fput+0x44c/0xa70 [ 284.296055][ T8647] fput_close_sync+0x119/0x200 [ 284.296078][ T8647] ? dnotify_flush+0x1db/0x5e0 [ 284.296101][ T8647] ? __pfx_fput_close_sync+0x10/0x10 [ 284.296123][ T8647] ? do_raw_spin_unlock+0x122/0x240 [ 284.296154][ T8647] __x64_sys_close+0x7f/0x110 [ 284.296178][ T8647] do_syscall_64+0xfa/0xfa0 [ 284.296197][ T8647] ? lockdep_hardirqs_on+0x9c/0x150 [ 284.296215][ T8647] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.296230][ T8647] ? clear_bhb_loop+0x60/0xb0 [ 284.296251][ T8647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.296267][ T8647] RIP: 0033:0x7f40ed78eec9 [ 284.296282][ T8647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.296297][ T8647] RSP: 002b:00007f40eb9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 284.296315][ T8647] RAX: ffffffffffffffda RBX: 00007f40ed9e5fa0 RCX: 00007f40ed78eec9 [ 284.296327][ T8647] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 284.296337][ T8647] RBP: 00007f40eb9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 284.296347][ T8647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 284.296357][ T8647] R13: 00007f40ed9e6038 R14: 00007f40ed9e5fa0 R15: 00007ffe6d121dc8 [ 284.296384][ T8647] [ 284.619311][ T5939] peak_usb 2-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 284.628809][ T5939] peak_usb 2-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 284.680998][ T5939] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -71 [ 284.712161][ T5939] usb 2-1: USB disconnect, device number 96 [ 284.843469][ T5977] usb 1-1: new high-speed USB device number 105 using dummy_hcd [ 284.995932][ T5977] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 285.007510][ T5926] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 285.016050][ T5977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.027693][ T5977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.037570][ T5977] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 285.051531][ T5977] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 285.060881][ T5977] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 285.069142][ T5977] usb 1-1: Manufacturer: syz [ 285.076581][ T5977] usb 1-1: config 0 descriptor?? [ 285.175511][ T5926] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 285.191561][ T5926] usb 4-1: config 0 has no interfaces? [ 285.208446][ T5926] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 285.220605][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.231351][ T5926] usb 4-1: Product: syz [ 285.236314][ T5926] usb 4-1: Manufacturer: syz [ 285.242889][ T5926] usb 4-1: SerialNumber: syz [ 285.253069][ T5926] usb 4-1: config 0 descriptor?? [ 285.509604][ T5977] appleir 0003:05AC:8243.0010: unknown main item tag 0x0 [ 285.535143][ T5977] appleir 0003:05AC:8243.0010: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 285.633734][ T5926] usb 4-1: USB disconnect, device number 103 [ 285.773527][ T5909] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 285.935554][ T5909] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 285.945800][ T5909] usb 2-1: config 0 has no interfaces? [ 285.953262][ T5909] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 285.962380][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.970636][ T5909] usb 2-1: Product: syz [ 285.975257][ T5909] usb 2-1: Manufacturer: syz [ 285.979860][ T5909] usb 2-1: SerialNumber: syz [ 285.986573][ T5909] usb 2-1: config 0 descriptor?? [ 286.008199][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 286.008216][ T30] audit: type=1326 audit(1759327615.565:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8652 comm="syz.0.842" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f40ed78eec9 code=0x0 [ 286.033483][ T9] usb 3-1: new high-speed USB device number 123 using dummy_hcd [ 286.036144][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.212611][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 286.223641][ T9] usb 3-1: config 0 has no interfaces? [ 286.240313][ T9] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 286.269860][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.281570][ T9] usb 3-1: Product: syz [ 286.300562][ T9] usb 3-1: Manufacturer: syz [ 286.315000][ T9] usb 3-1: SerialNumber: syz [ 286.333088][ T9] usb 3-1: config 0 descriptor?? [ 286.440201][ T5909] usb 2-1: USB disconnect, device number 97 [ 286.646467][ T9] usb 3-1: USB disconnect, device number 123 [ 286.744575][ T939] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 286.896787][ T939] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 286.905988][ T939] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.914396][ T939] usb 4-1: Product: syz [ 286.918599][ T939] usb 4-1: Manufacturer: syz [ 286.923198][ T939] usb 4-1: SerialNumber: syz [ 286.930041][ T939] usb 4-1: config 0 descriptor?? [ 286.953859][ T5909] usb 1-1: reset high-speed USB device number 105 using dummy_hcd [ 287.137493][ T939] peak_usb 4-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 287.354223][ T5964] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 287.503439][ T5964] usb 2-1: device descriptor read/64, error -71 [ 287.637316][ T5956] usb 3-1: new high-speed USB device number 124 using dummy_hcd [ 287.723296][ T8708] input: syz1 as /devices/virtual/input/input15 [ 287.821434][ T5964] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 287.829561][ T939] peak_usb 4-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 287.842152][ T5956] usb 3-1: Using ep0 maxpacket: 16 [ 287.848737][ T939] peak_usb 4-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 287.861979][ T5956] usb 3-1: New USB device found, idVendor=0c45, idProduct=800a, bcdDevice=db.47 [ 287.881600][ T5956] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.889967][ T5956] usb 3-1: Product: syz [ 287.894289][ T5956] usb 3-1: Manufacturer: syz [ 287.898892][ T5956] usb 3-1: SerialNumber: syz [ 287.924942][ T5956] usb 3-1: config 0 descriptor?? [ 287.934429][ T5956] gspca_main: sn9c2028-2.14.0 probing 0c45:800a [ 287.968173][ T5964] usb 2-1: device descriptor read/64, error -71 [ 287.976034][ T939] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -71 [ 287.989179][ T939] usb 4-1: USB disconnect, device number 104 [ 288.094599][ T5964] usb usb2-port1: attempt power cycle [ 288.138376][ T8701] netlink: 4 bytes leftover after parsing attributes in process `syz.2.857'. [ 288.152321][ T8701] veth1_macvtap: left promiscuous mode [ 288.443549][ T5964] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 288.454156][ T5956] gspca_sn9c2028: read1 error -110 [ 288.460961][ T5956] gspca_sn9c2028: read1 error -32 [ 288.473811][ T5964] usb 2-1: device descriptor read/8, error -71 [ 288.483265][ T5956] gspca_sn9c2028: read1 error -32 [ 288.496462][ T5956] sn9c2028 3-1:0.0: probe with driver sn9c2028 failed with error -32 [ 288.539306][ T9] usb 1-1: USB disconnect, device number 105 [ 288.548949][ T8719] netlink: 2 bytes leftover after parsing attributes in process `syz.3.860'. [ 288.598787][ T8715] netlink: 36 bytes leftover after parsing attributes in process `syz.3.860'. [ 288.715811][ T5964] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 288.755144][ T5964] usb 2-1: device descriptor read/8, error -71 [ 288.904701][ T5964] usb usb2-port1: unable to enumerate USB device [ 289.607405][ T5977] usb 4-1: new high-speed USB device number 105 using dummy_hcd [ 289.786043][ T5977] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 289.796265][ T5977] usb 4-1: config 0 has no interfaces? [ 289.803786][ T5977] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 289.812882][ T5977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.821859][ T5977] usb 4-1: Product: syz [ 289.826161][ T5977] usb 4-1: Manufacturer: syz [ 289.830765][ T5977] usb 4-1: SerialNumber: syz [ 289.837697][ T5977] usb 4-1: config 0 descriptor?? [ 289.913437][ T9] usb 1-1: new high-speed USB device number 106 using dummy_hcd [ 290.131561][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 290.154162][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.166337][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.179010][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 290.196991][ T5977] usb 4-1: USB disconnect, device number 105 [ 290.230882][ T9] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 290.240046][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.252036][ T5939] usb 3-1: USB disconnect, device number 124 [ 290.275966][ T9] usb 1-1: config 0 descriptor?? [ 290.493588][ T5926] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 290.647173][ T5926] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 290.659471][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.668264][ T5926] usb 2-1: Product: syz [ 290.672464][ T5926] usb 2-1: Manufacturer: syz [ 290.683598][ T5926] usb 2-1: SerialNumber: syz [ 290.689844][ T9] hid (null): unknown global tag 0xd [ 290.696696][ T5926] usb 2-1: config 0 descriptor?? [ 290.709313][ T9] shield 0003:0955:7214.0011: unknown global tag 0xd [ 290.718725][ T9] shield 0003:0955:7214.0011: item 0 0 1 13 parsing failed [ 290.734809][ T9] shield 0003:0955:7214.0011: Parse failed [ 290.742456][ T9] shield 0003:0955:7214.0011: probe with driver shield failed with error -22 [ 290.896476][ T8740] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 290.908849][ T5926] peak_usb 2-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 290.913952][ T8740] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 290.944826][ T5964] usb 1-1: USB disconnect, device number 106 [ 291.298879][ T5926] peak_usb 2-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 291.308421][ T5926] peak_usb 2-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 291.376000][ T5926] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -71 [ 291.394906][ T5926] usb 2-1: USB disconnect, device number 102 [ 291.774608][ T5977] usb 1-1: new high-speed USB device number 107 using dummy_hcd [ 291.875086][ T5926] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 291.936308][ T5977] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 291.947843][ T5977] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 291.976464][ T5977] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 291.985923][ T5977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.999948][ T5977] usb 1-1: Product: syz [ 292.004275][ T5977] usb 1-1: Manufacturer: syz [ 292.020147][ T5977] usb 1-1: SerialNumber: syz [ 292.045772][ T5926] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 292.064425][ T5977] usb 1-1: config 0 descriptor?? [ 292.070558][ T5926] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 292.080656][ T8766] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 292.088450][ T8766] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 292.096030][ T5926] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 292.105149][ T5964] usb 2-1: new full-speed USB device number 103 using dummy_hcd [ 292.115170][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 292.123458][ T5926] usb 4-1: SerialNumber: syz [ 292.279033][ T5964] usb 2-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 292.291154][ T5964] usb 2-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 292.305131][ T5964] usb 2-1: config 0 interface 0 has no altsetting 0 [ 292.311787][ T5964] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00 [ 292.322723][ T5964] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.325903][ T8766] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 292.342336][ T5964] usb 2-1: config 0 descriptor?? [ 292.350445][ T5926] usb 4-1: 0:2 : does not exist [ 292.362763][ T8766] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 292.371770][ T5926] usb 4-1: unit 5: unexpected type 0x0b [ 292.409252][ T5926] usb 4-1: USB disconnect, device number 106 [ 292.458369][ T6330] udevd[6330]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 292.638536][ T8792] FAULT_INJECTION: forcing a failure. [ 292.638536][ T8792] name failslab, interval 1, probability 0, space 0, times 0 [ 292.651981][ T8792] CPU: 0 UID: 0 PID: 8792 Comm: syz.2.885 Not tainted syzkaller #0 PREEMPT(full) [ 292.652008][ T8792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 292.652023][ T8792] Call Trace: [ 292.652031][ T8792] [ 292.652039][ T8792] dump_stack_lvl+0x189/0x250 [ 292.652072][ T8792] ? __pfx____ratelimit+0x10/0x10 [ 292.652095][ T8792] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.652124][ T8792] ? __pfx__printk+0x10/0x10 [ 292.652164][ T8792] should_fail_ex+0x414/0x560 [ 292.652198][ T8792] should_failslab+0xa8/0x100 [ 292.652220][ T8792] __kmalloc_cache_noprof+0x6f/0x6f0 [ 292.652247][ T8792] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 292.652271][ T8792] ? sctp_add_bind_addr+0x8c/0x370 [ 292.652291][ T8792] ? sctp_add_bind_addr+0xb0/0x370 [ 292.652319][ T8792] sctp_add_bind_addr+0x8c/0x370 [ 292.652344][ T8792] sctp_copy_local_addr_list+0x30b/0x4e0 [ 292.652371][ T8792] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 292.652393][ T8792] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 292.652418][ T8792] ? sctp_v6_is_any+0x64/0x80 [ 292.652443][ T8792] ? sctp_copy_one_addr+0x93/0x360 [ 292.652475][ T8792] sctp_bind_addr_copy+0xb3/0x3c0 [ 292.652499][ T8792] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 292.652523][ T8792] sctp_connect_new_asoc+0x2e0/0x690 [ 292.652554][ T8792] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 292.652586][ T8792] ? __local_bh_enable_ip+0x12d/0x1c0 [ 292.652617][ T8792] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 292.652639][ T8792] ? security_sctp_bind_connect+0x7e/0x2e0 [ 292.652672][ T8792] sctp_sendmsg+0x155c/0x2810 [ 292.652711][ T8792] ? __pfx_sctp_sendmsg+0x10/0x10 [ 292.652741][ T8792] ? aa_sk_perm+0x81e/0x950 [ 292.652769][ T8792] ? __pfx_aa_sk_perm+0x10/0x10 [ 292.652794][ T8792] ? sock_rps_record_flow+0x19/0x410 [ 292.652817][ T8792] ? inet_sendmsg+0x2f4/0x370 [ 292.652839][ T8792] __sock_sendmsg+0x19c/0x270 [ 292.652872][ T8792] __sys_sendto+0x3bd/0x520 [ 292.652896][ T8792] ? __pfx___sys_sendto+0x10/0x10 [ 292.652915][ T8792] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 292.652952][ T8792] ? __fget_files+0x3a0/0x420 [ 292.652987][ T8792] ? ksys_write+0x22a/0x250 [ 292.653010][ T8792] ? __pfx_ksys_write+0x10/0x10 [ 292.653034][ T8792] __x64_sys_sendto+0xde/0x100 [ 292.653059][ T8792] do_syscall_64+0xfa/0xfa0 [ 292.653080][ T8792] ? lockdep_hardirqs_on+0x9c/0x150 [ 292.653102][ T8792] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.653121][ T8792] ? clear_bhb_loop+0x60/0xb0 [ 292.653144][ T8792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.653163][ T8792] RIP: 0033:0x7fc18d38eec9 [ 292.653180][ T8792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.653196][ T8792] RSP: 002b:00007fc18e2df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 292.653218][ T8792] RAX: ffffffffffffffda RBX: 00007fc18d5e5fa0 RCX: 00007fc18d38eec9 [ 292.653233][ T8792] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 292.653245][ T8792] RBP: 00007fc18e2df090 R08: 0000200000000100 R09: 000000000000001c [ 292.653258][ T8792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 292.653270][ T8792] R13: 00007fc18d5e6038 R14: 00007fc18d5e5fa0 R15: 00007ffeb1709078 [ 292.653301][ T8792] [ 292.983254][ T5964] konepure 0003:1E7D:2DBE.0012: hidraw0: USB HID v0.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.1-1/input0 [ 293.181333][ T8780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.190302][ T8780] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.201263][ T8780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.211047][ T8780] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.251928][ T5926] usb 2-1: USB disconnect, device number 103 [ 293.408950][ T5977] dm9601 1-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 293.425376][ T5977] dm9601 1-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.0-1, Davicom DM96xx USB 10/100 Ethernet, 38:75:63:a0:62:f1 [ 293.442948][ T5977] usb 1-1: USB disconnect, device number 107 [ 293.453070][ T5977] dm9601 1-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.0-1, Davicom DM96xx USB 10/100 Ethernet [ 293.810479][ T8804] kernel profiling enabled (shift: 63) [ 293.817457][ T8804] profiling shift: 63 too large [ 294.213988][ T5926] usb 3-1: new high-speed USB device number 125 using dummy_hcd [ 294.273526][ T9] usb 1-1: new high-speed USB device number 108 using dummy_hcd [ 294.283503][ T5939] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 294.366836][ T5926] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 294.376050][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.384114][ T5926] usb 3-1: Product: syz [ 294.388286][ T5926] usb 3-1: Manufacturer: syz [ 294.392882][ T5926] usb 3-1: SerialNumber: syz [ 294.400691][ T5926] usb 3-1: config 0 descriptor?? [ 294.435218][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 294.435344][ T5939] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 294.456090][ T5939] usb 2-1: config 0 has no interfaces? [ 294.461838][ T9] usb 1-1: config 0 has no interfaces? [ 294.464576][ T5939] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 294.481903][ T9] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 294.481920][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.499623][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.499651][ T9] usb 1-1: Product: syz [ 294.499667][ T9] usb 1-1: Manufacturer: syz [ 294.499682][ T9] usb 1-1: SerialNumber: syz [ 294.530000][ T5939] usb 2-1: Product: syz [ 294.530358][ T9] usb 1-1: config 0 descriptor?? [ 294.537567][ T5939] usb 2-1: Manufacturer: syz [ 294.550010][ T5939] usb 2-1: SerialNumber: syz [ 294.559279][ T5939] usb 2-1: config 0 descriptor?? [ 294.608309][ T5926] peak_usb 3-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 294.692171][ T8823] cgroup: Bad value for 'name' [ 294.817347][ T5926] peak_usb 3-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 294.860803][ T5926] peak_usb 3-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 294.924249][ T5939] usb 2-1: USB disconnect, device number 104 [ 294.955698][ T5926] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71 [ 294.968298][ T8834] kernel profiling enabled (shift: 63) [ 294.975255][ T8834] profiling shift: 63 too large [ 294.980352][ T5926] usb 3-1: USB disconnect, device number 125 [ 295.034810][ T9] usb 1-1: USB disconnect, device number 108 [ 295.105445][ T8836] netlink: 144 bytes leftover after parsing attributes in process `syz.3.900'. [ 295.739551][ T8862] batadv_slave_0: entered promiscuous mode [ 295.761090][ T8861] batadv_slave_0: left promiscuous mode [ 295.813497][ T9] usb 3-1: new high-speed USB device number 126 using dummy_hcd [ 295.968783][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 295.980754][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 295.988017][ T9] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 296.123411][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.154704][ T9] usb 3-1: config 0 descriptor?? [ 296.233463][ T5964] usb 1-1: new high-speed USB device number 109 using dummy_hcd [ 296.417392][ T5964] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 296.428304][ T5964] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.436422][ T5964] usb 1-1: Product: syz [ 296.440613][ T5964] usb 1-1: Manufacturer: syz [ 296.445271][ T5964] usb 1-1: SerialNumber: syz [ 296.461975][ T5964] usb 1-1: config 0 descriptor?? [ 296.569367][ T9] hid (null): global environment stack underflow [ 296.576611][ T9] hid (null): report_id 0 is invalid [ 296.582028][ T9] hid (null): report_id 0 is invalid [ 296.587464][ T9] hid (null): unknown global tag 0xd [ 296.592800][ T9] hid (null): invalid report_size 15511 [ 296.598533][ T9] hid (null): invalid report_size 55705 [ 296.604131][ T9] hid (null): unknown global tag 0xd [ 296.609461][ T9] hid (null): unknown global tag 0xe [ 296.615127][ T9] hid (null): invalid report_count 1354669020 [ 296.675759][ T5964] peak_usb 1-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 296.770045][ T5926] hid (null): unknown global tag 0xd [ 296.784102][ T5909] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 296.797170][ T5926] hid-generic 0000:0000:0000.0014: unknown global tag 0xd [ 296.812770][ T5926] hid-generic 0000:0000:0000.0014: item 0 0 1 13 parsing failed [ 296.826780][ T5926] hid-generic 0000:0000:0000.0014: probe with driver hid-generic failed with error -22 [ 296.875679][ T8856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 296.889234][ T5964] peak_usb 1-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 296.890273][ T8856] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.907309][ T5964] peak_usb 1-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 296.929201][ T5926] usb 3-1: USB disconnect, device number 126 [ 296.967454][ T5909] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 296.977692][ T5909] usb 2-1: config 0 has no interfaces? [ 296.989430][ T5909] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 296.999920][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.008508][ T5964] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -71 [ 297.016780][ T5909] usb 2-1: Product: syz [ 297.020936][ T5909] usb 2-1: Manufacturer: syz [ 297.027643][ T5909] usb 2-1: SerialNumber: syz [ 297.035663][ T5909] usb 2-1: config 0 descriptor?? [ 297.040992][ T5964] usb 1-1: USB disconnect, device number 109 [ 297.203971][ T9] usb 4-1: new high-speed USB device number 107 using dummy_hcd [ 297.337639][ T5909] usb 2-1: USB disconnect, device number 105 [ 297.355258][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 297.368902][ T9] usb 4-1: config 0 has no interfaces? [ 297.376639][ T9] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 297.385787][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.395822][ T9] usb 4-1: Product: syz [ 297.400205][ T9] usb 4-1: Manufacturer: syz [ 297.404856][ T9] usb 4-1: SerialNumber: syz [ 297.411378][ T9] usb 4-1: config 0 descriptor?? [ 297.514261][ T8885] delete_channel: no stack [ 297.518980][ T8885] delete_channel: no stack [ 297.793493][ T9] usb 4-1: USB disconnect, device number 107 [ 297.836601][ T5909] usb 1-1: new low-speed USB device number 110 using dummy_hcd [ 297.966371][ T8898] FAULT_INJECTION: forcing a failure. [ 297.966371][ T8898] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 297.980470][ T8898] CPU: 0 UID: 0 PID: 8898 Comm: syz.1.925 Not tainted syzkaller #0 PREEMPT(full) [ 297.980487][ T8898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 297.980495][ T8898] Call Trace: [ 297.980500][ T8898] [ 297.980505][ T8898] dump_stack_lvl+0x189/0x250 [ 297.980527][ T8898] ? __pfx____ratelimit+0x10/0x10 [ 297.980540][ T8898] ? __pfx_dump_stack_lvl+0x10/0x10 [ 297.980556][ T8898] ? __pfx__printk+0x10/0x10 [ 297.980572][ T8898] ? fs_reclaim_acquire+0x7d/0x100 [ 297.980587][ T8898] should_fail_ex+0x414/0x560 [ 297.980607][ T8898] prepare_alloc_pages+0x213/0x610 [ 297.980622][ T8898] __alloc_frozen_pages_noprof+0x123/0x370 [ 297.980636][ T8898] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 297.980653][ T8898] ? policy_nodemask+0x27c/0x720 [ 297.980667][ T8898] alloc_pages_bulk_noprof+0x560/0x710 [ 297.980682][ T8898] ? alloc_pages_noprof+0xbe/0x190 [ 297.980695][ T8898] kasan_populate_vmalloc+0xd1/0x270 [ 297.980711][ T8898] ? do_raw_spin_unlock+0x122/0x240 [ 297.980730][ T8898] alloc_vmap_area+0xd7a/0x14c0 [ 297.980754][ T8898] ? __pfx_alloc_vmap_area+0x10/0x10 [ 297.980767][ T8898] ? __kasan_kmalloc+0x93/0xb0 [ 297.980779][ T8898] ? __get_vm_area_node+0x13f/0x300 [ 297.980794][ T8898] ? copy_process+0x54b/0x3c00 [ 297.980808][ T8898] __get_vm_area_node+0x1f8/0x300 [ 297.980837][ T8898] __vmalloc_node_range_noprof+0x30c/0x12d0 [ 297.980854][ T8898] ? copy_process+0x54b/0x3c00 [ 297.980871][ T8898] ? percpu_ref_get_many+0x19/0x140 [ 297.980888][ T8898] ? __memcg_slab_post_alloc_hook+0x517/0x7d0 [ 297.980907][ T8898] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 297.980924][ T8898] ? memcpy_and_pad+0x48/0x80 [ 297.980936][ T8898] __vmalloc_node_noprof+0xc2/0x110 [ 297.980952][ T8898] ? copy_process+0x54b/0x3c00 [ 297.980964][ T8898] ? copy_process+0x54b/0x3c00 [ 297.980978][ T8898] dup_task_struct+0x3d4/0x830 [ 297.980992][ T8898] ? lockdep_hardirqs_on+0x9c/0x150 [ 297.981006][ T8898] copy_process+0x54b/0x3c00 [ 297.981034][ T8898] ? __pfx_copy_process+0x10/0x10 [ 297.981054][ T8898] vhost_task_create+0x1ce/0x320 [ 297.981070][ T8898] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 297.981086][ T8898] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 297.981102][ T8898] ? __pfx_vhost_task_create+0x10/0x10 [ 297.981121][ T8898] ? __pfx_vhost_task_fn+0x10/0x10 [ 297.981147][ T8898] kvm_mmu_post_init_vm+0x14c/0x300 [ 297.981159][ T8898] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 297.981173][ T8898] ? __mutex_trylock_common+0x153/0x260 [ 297.981189][ T8898] ? __pfx___mutex_trylock_common+0x10/0x10 [ 297.981204][ T8898] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 297.981216][ T8898] ? rcu_is_watching+0x15/0xb0 [ 297.981231][ T8898] ? trace_contention_end+0x39/0x120 [ 297.981245][ T8898] ? look_up_lock_class+0x74/0x170 [ 297.981258][ T8898] ? register_lock_class+0x51/0x320 [ 297.981273][ T8898] ? __lock_acquire+0xab9/0xd20 [ 297.981300][ T8898] kvm_vcpu_ioctl+0x95c/0xe90 [ 297.981314][ T8898] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 297.981335][ T8898] ? __fget_files+0x2a/0x420 [ 297.981350][ T8898] ? __fget_files+0x3a0/0x420 [ 297.981362][ T8898] ? __fget_files+0x2a/0x420 [ 297.981376][ T8898] ? bpf_lsm_file_ioctl+0x9/0x20 [ 297.981389][ T8898] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 297.981399][ T8898] __se_sys_ioctl+0xfc/0x170 [ 297.981416][ T8898] do_syscall_64+0xfa/0xfa0 [ 297.981428][ T8898] ? lockdep_hardirqs_on+0x9c/0x150 [ 297.981440][ T8898] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.981450][ T8898] ? clear_bhb_loop+0x60/0xb0 [ 297.981463][ T8898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.981473][ T8898] RIP: 0033:0x7fcd0fb8eec9 [ 297.981484][ T8898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.981494][ T8898] RSP: 002b:00007fcd109ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 297.981506][ T8898] RAX: ffffffffffffffda RBX: 00007fcd0fde5fa0 RCX: 00007fcd0fb8eec9 [ 297.981513][ T8898] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 297.981520][ T8898] RBP: 00007fcd109ab090 R08: 0000000000000000 R09: 0000000000000000 [ 297.981527][ T8898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 297.981533][ T8898] R13: 00007fcd0fde6038 R14: 00007fcd0fde5fa0 R15: 00007ffedd034708 [ 297.981550][ T8898] [ 297.981842][ T8898] syz.1.925: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 298.023500][ T5939] usb 3-1: new high-speed USB device number 127 using dummy_hcd [ 298.028672][ T8898] ,cpuset= [ 298.196914][ T5939] usb 3-1: New USB device found, idVendor=0545, idProduct=800d, bcdDevice= 3.0a [ 298.199834][ T8898] / [ 298.204710][ T5939] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.210262][ T8898] ,mems_allowed=0-1 [ 298.234918][ T5939] usb 3-1: config 0 descriptor?? [ 298.239050][ T5909] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 298.251720][ T8898] [ 298.254373][ T5909] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.263315][ T5939] gspca_main: xirlink-cit-2.14.0 probing 0545:800d [ 298.276135][ T8898] CPU: 0 UID: 0 PID: 8898 Comm: syz.1.925 Not tainted syzkaller #0 PREEMPT(full) [ 298.276162][ T8898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 298.276174][ T8898] Call Trace: [ 298.276182][ T8898] [ 298.276192][ T8898] dump_stack_lvl+0x189/0x250 [ 298.276225][ T8898] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 298.276247][ T8898] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.276276][ T8898] ? __pfx__printk+0x10/0x10 [ 298.276302][ T8898] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 298.276330][ T8898] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 298.276364][ T8898] warn_alloc+0x214/0x310 [ 298.276384][ T8898] ? lockdep_hardirqs_on+0x9c/0x150 [ 298.276410][ T8898] ? __pfx_warn_alloc+0x10/0x10 [ 298.276435][ T8898] ? copy_process+0x54b/0x3c00 [ 298.276460][ T8898] ? __get_vm_area_node+0x211/0x300 [ 298.276494][ T8898] __vmalloc_node_range_noprof+0x331/0x12d0 [ 298.276537][ T8898] ? percpu_ref_get_many+0x19/0x140 [ 298.276566][ T8898] ? __memcg_slab_post_alloc_hook+0x517/0x7d0 [ 298.276600][ T8898] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 298.276632][ T8898] ? memcpy_and_pad+0x48/0x80 [ 298.276654][ T8898] __vmalloc_node_noprof+0xc2/0x110 [ 298.276683][ T8898] ? copy_process+0x54b/0x3c00 [ 298.276705][ T8898] ? copy_process+0x54b/0x3c00 [ 298.276731][ T8898] dup_task_struct+0x3d4/0x830 [ 298.276755][ T8898] ? lockdep_hardirqs_on+0x9c/0x150 [ 298.276780][ T8898] copy_process+0x54b/0x3c00 [ 298.276840][ T8898] ? __pfx_copy_process+0x10/0x10 [ 298.276878][ T8898] vhost_task_create+0x1ce/0x320 [ 298.276906][ T8898] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 298.276934][ T8898] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 298.276963][ T8898] ? __pfx_vhost_task_create+0x10/0x10 [ 298.276999][ T8898] ? __pfx_vhost_task_fn+0x10/0x10 [ 298.277045][ T8898] kvm_mmu_post_init_vm+0x14c/0x300 [ 298.277067][ T8898] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 298.277093][ T8898] ? __mutex_trylock_common+0x153/0x260 [ 298.277122][ T8898] ? __pfx___mutex_trylock_common+0x10/0x10 [ 298.277149][ T8898] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 298.277172][ T8898] ? rcu_is_watching+0x15/0xb0 [ 298.277197][ T8898] ? trace_contention_end+0x39/0x120 [ 298.277223][ T8898] ? look_up_lock_class+0x74/0x170 [ 298.277247][ T8898] ? register_lock_class+0x51/0x320 [ 298.277275][ T8898] ? __lock_acquire+0xab9/0xd20 [ 298.277325][ T8898] kvm_vcpu_ioctl+0x95c/0xe90 [ 298.277349][ T8898] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 298.277390][ T8898] ? __fget_files+0x2a/0x420 [ 298.277418][ T8898] ? __fget_files+0x3a0/0x420 [ 298.277439][ T8898] ? __fget_files+0x2a/0x420 [ 298.277465][ T8898] ? bpf_lsm_file_ioctl+0x9/0x20 [ 298.277488][ T8898] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 298.277506][ T8898] __se_sys_ioctl+0xfc/0x170 [ 298.277537][ T8898] do_syscall_64+0xfa/0xfa0 [ 298.277559][ T8898] ? lockdep_hardirqs_on+0x9c/0x150 [ 298.277582][ T8898] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.277600][ T8898] ? clear_bhb_loop+0x60/0xb0 [ 298.277623][ T8898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.277656][ T8898] RIP: 0033:0x7fcd0fb8eec9 [ 298.277674][ T8898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.277691][ T8898] RSP: 002b:00007fcd109ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 298.277712][ T8898] RAX: ffffffffffffffda RBX: 00007fcd0fde5fa0 RCX: 00007fcd0fb8eec9 [ 298.277726][ T8898] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 298.277738][ T8898] RBP: 00007fcd109ab090 R08: 0000000000000000 R09: 0000000000000000 [ 298.277751][ T8898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.277763][ T8898] R13: 00007fcd0fde6038 R14: 00007fcd0fde5fa0 R15: 00007ffedd034708 [ 298.277801][ T8898] [ 298.277881][ T8898] Mem-Info: [ 298.294781][ T5939] input: xirlink-cit as /devices/platform/dummy_hcd.2/usb3/3-1/input/input16 [ 298.298959][ T8898] active_anon:6080 inactive_anon:0 isolated_anon:0 [ 298.298959][ T8898] active_file:2842 inactive_file:44639 isolated_file:0 [ 298.298959][ T8898] unevictable:768 dirty:84 writeback:0 [ 298.298959][ T8898] slab_reclaimable:11124 slab_unreclaimable:93034 [ 298.298959][ T8898] mapped:25526 shmem:1356 pagetables:1192 [ 298.298959][ T8898] sec_pagetables:0 bounce:0 [ 298.298959][ T8898] kernel_misc_reclaimable:0 [ 298.298959][ T8898] free:1338005 free_pcp:14705 free_cma:0 [ 298.917470][ T8898] Node 0 active_anon:24320kB inactive_anon:0kB active_file:11368kB inactive_file:178344kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102192kB dirty:332kB writeback:0kB shmem:3888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11856kB pagetables:4824kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 298.917528][ T8898] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 298.917593][ T8898] Node 0 DMA free:15340kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:0kB free_cma:0kB [ 298.917660][ T8898] lowmem_reserve[]: 0 2489 2489 2489 2489 [ 298.917703][ T8898] Node 0 DMA32 free:1438692kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24320kB inactive_anon:0kB active_file:11368kB inactive_file:178344kB unevictable:1536kB writepending:332kB zspages:0kB present:3129332kB managed:2549276kB mlocked:0kB bounce:0kB free_pcp:43604kB local_pcp:22576kB free_cma:0kB [ 298.917762][ T8898] lowmem_reserve[]: 0 0 0 0 0 [ 298.917805][ T8898] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 298.917861][ T8898] lowmem_reserve[]: 0 [ 298.917868][ T5909] usb 1-1: config 0 descriptor?? [ 298.917873][ T8898] 0 0 0 0 [ 298.917906][ T8898] Node 1 Normal free:3895572kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:17064kB local_pcp:10728kB free_cma:0kB [ 298.917964][ T8898] lowmem_reserve[]: 0 0 0 0 0 [ 298.918007][ T8898] Node 0 DMA: 1*4kB (U) 1*8kB (U) 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15340kB [ 298.918184][ T8898] Node 0 DMA32: 1007*4kB (UME) 367*8kB (UM) 157*16kB (UME) 682*32kB (UME) 142*64kB (UME) 28*128kB (UME) 18*256kB (UME) 5*512kB (UM) 3*1024kB (M) 2*2048kB (ME) 337*4096kB (UM) = 1438660kB [ 298.918351][ T8898] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 298.918472][ T8898] Node 1 Normal: 191*4kB (UME) 43*8kB (UE) 32*16kB (UE) 150*32kB (UME) 44*64kB (UME) 4*128kB (UE) 5*256kB (UME) 5*512kB (UME) 1*1024kB (M) 1*2048kB (E) 947*4096kB (M) = 3895572kB [ 298.918636][ T8898] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 298.918652][ T8898] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 298.918669][ T8898] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 298.918687][ T8898] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 298.918704][ T8898] 48833 total pagecache pages [ 298.918720][ T8898] 0 pages in swap cache [ 298.918728][ T8898] Free swap = 124996kB [ 298.918738][ T8898] Total swap = 124996kB [ 298.918747][ T8898] 2097051 pages RAM [ 298.918755][ T8898] 0 pages HighMem/MovableOnly [ 298.918764][ T8898] 428026 pages reserved [ 298.918772][ T8898] 0 pages cma reserved [ 299.040964][ C1] vkms_vblank_simulate: vblank timer overrun [ 299.086774][ T9] usb 3-1: USB disconnect, device number 127 [ 299.368067][ T8888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 299.382498][ T8888] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.404536][ T8888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 299.427514][ T8888] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.484361][ T8888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 299.493254][ T8888] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.533115][ T8912] netlink: 4 bytes leftover after parsing attributes in process `syz.1.930'. [ 299.713472][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 299.766318][ T5909] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 299.776839][ T5909] asix 1-1:0.0: probe with driver asix failed with error -71 [ 299.793491][ T5939] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 299.793713][ T5909] usb 1-1: USB disconnect, device number 110 [ 299.883829][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 299.894912][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 299.903709][ T9] usb 3-1: config 1 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 299.917519][ T9] usb 3-1: config 1 interface 0 has no altsetting 0 [ 299.926508][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=025a, bcdDevice= 0.40 [ 299.935807][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.944095][ T9] usb 3-1: Product: syz [ 299.948272][ T9] usb 3-1: Manufacturer: syz [ 299.952860][ T9] usb 3-1: SerialNumber: syz [ 299.967242][ T5939] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 299.976994][ T5939] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.985721][ T5939] usb 4-1: Product: syz [ 299.990059][ T5939] usb 4-1: Manufacturer: syz [ 299.994752][ T5939] usb 4-1: SerialNumber: syz [ 300.002059][ T5939] usb 4-1: config 0 descriptor?? [ 300.163457][ T7414] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 300.176094][ T9] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input17 [ 300.187388][ T5221] bcm5974 3-1:1.0: could not read from device [ 300.196475][ T5221] bcm5974 3-1:1.0: could not read from device [ 300.206217][ T5221] bcm5974 3-1:1.0: could not read from device [ 300.214165][ T5939] peak_usb 4-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 300.215098][ T9] usb 3-1: USB disconnect, device number 2 [ 300.229522][ T5221] bcm5974 3-1:1.0: could not read from device [ 300.315759][ T7414] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.341806][ T8928] netlink: 16 bytes leftover after parsing attributes in process `syz.0.935'. [ 300.344881][ T7414] usb 2-1: config 0 has no interfaces? [ 300.364224][ T7414] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 300.373524][ T7414] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.382113][ T7414] usb 2-1: Product: syz [ 300.396966][ T7414] usb 2-1: Manufacturer: syz [ 300.401684][ T7414] usb 2-1: SerialNumber: syz [ 300.432938][ T5939] peak_usb 4-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 300.449675][ T7414] usb 2-1: config 0 descriptor?? [ 300.472391][ T5939] peak_usb 4-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 300.499053][ T8933] FAULT_INJECTION: forcing a failure. [ 300.499053][ T8933] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.512373][ T8933] CPU: 1 UID: 0 PID: 8933 Comm: syz.0.937 Not tainted syzkaller #0 PREEMPT(full) [ 300.512400][ T8933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 300.512411][ T8933] Call Trace: [ 300.512418][ T8933] [ 300.512424][ T8933] dump_stack_lvl+0x189/0x250 [ 300.512448][ T8933] ? __pfx____ratelimit+0x10/0x10 [ 300.512462][ T8933] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.512477][ T8933] ? __pfx__printk+0x10/0x10 [ 300.512498][ T8933] should_fail_ex+0x414/0x560 [ 300.512533][ T8933] _copy_to_user+0x31/0xb0 [ 300.512550][ T8933] simple_read_from_buffer+0xe1/0x170 [ 300.512566][ T8933] proc_fail_nth_read+0x1b3/0x220 [ 300.512588][ T8933] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 300.512605][ T8933] ? rw_verify_area+0x2a6/0x4d0 [ 300.512615][ T8933] ? __lock_acquire+0xab9/0xd20 [ 300.512627][ T8933] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 300.512643][ T8933] vfs_read+0x200/0xa30 [ 300.512654][ T8933] ? fdget_pos+0x247/0x320 [ 300.512668][ T8933] ? __pfx___mutex_lock+0x10/0x10 [ 300.512683][ T8933] ? __pfx_vfs_read+0x10/0x10 [ 300.512694][ T8933] ? __fget_files+0x2a/0x420 [ 300.512709][ T8933] ? __fget_files+0x3a0/0x420 [ 300.512720][ T8933] ? __fget_files+0x2a/0x420 [ 300.512745][ T8933] ksys_read+0x145/0x250 [ 300.512757][ T8933] ? __pfx_ksys_read+0x10/0x10 [ 300.512771][ T8933] ? do_syscall_64+0xbe/0xfa0 [ 300.512785][ T8933] do_syscall_64+0xfa/0xfa0 [ 300.512797][ T8933] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.512809][ T8933] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.512819][ T8933] ? clear_bhb_loop+0x60/0xb0 [ 300.512839][ T8933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.512849][ T8933] RIP: 0033:0x7f40ed78d8dc [ 300.512860][ T8933] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 300.512869][ T8933] RSP: 002b:00007f40eb9f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 300.512882][ T8933] RAX: ffffffffffffffda RBX: 00007f40ed9e5fa0 RCX: 00007f40ed78d8dc [ 300.512897][ T8933] RDX: 000000000000000f RSI: 00007f40eb9f60a0 RDI: 0000000000000004 [ 300.512904][ T8933] RBP: 00007f40eb9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 300.512910][ T8933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 300.512916][ T8933] R13: 00007f40ed9e6038 R14: 00007f40ed9e5fa0 R15: 00007ffe6d121dc8 [ 300.512933][ T8933] [ 300.745378][ C1] vkms_vblank_simulate: vblank timer overrun [ 300.796397][ T5939] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -71 [ 300.808685][ T5939] usb 4-1: USB disconnect, device number 108 [ 301.013880][ T7414] usb 2-1: USB disconnect, device number 106 [ 301.035249][ T8942] 9p: Unknown Cache mode or invalid value fs [ 301.279384][ T8950] FAULT_INJECTION: forcing a failure. [ 301.279384][ T8950] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 301.293729][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 301.294557][ T8950] CPU: 1 UID: 0 PID: 8950 Comm: syz.2.943 Not tainted syzkaller #0 PREEMPT(full) [ 301.294582][ T8950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 301.294594][ T8950] Call Trace: [ 301.294602][ T8950] [ 301.294610][ T8950] dump_stack_lvl+0x189/0x250 [ 301.294643][ T8950] ? __pfx____ratelimit+0x10/0x10 [ 301.294666][ T8950] ? __pfx_dump_stack_lvl+0x10/0x10 [ 301.294694][ T8950] ? __pfx__printk+0x10/0x10 [ 301.294722][ T8950] ? __pfx_binder_debug+0x10/0x10 [ 301.294749][ T8950] should_fail_ex+0x414/0x560 [ 301.294790][ T8950] _copy_to_user+0x31/0xb0 [ 301.294818][ T8950] binder_ioctl_write_read+0x954f/0xa040 [ 301.294860][ T8950] ? __kernel_text_address+0xd/0x40 [ 301.294881][ T8950] ? arch_stack_walk+0xfc/0x150 [ 301.294918][ T8950] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 301.294936][ T8950] ? stack_trace_save+0x9c/0xe0 [ 301.294964][ T8950] ? __pfx_stack_trace_save+0x10/0x10 [ 301.294994][ T8950] ? stack_depot_save_flags+0x40/0x860 [ 301.295019][ T8950] ? kasan_save_track+0x4f/0x80 [ 301.295046][ T8950] ? kasan_save_track+0x3e/0x80 [ 301.295071][ T8950] ? __kasan_save_free_info+0x46/0x50 [ 301.295094][ T8950] ? __kasan_slab_free+0x5c/0x80 [ 301.295110][ T8950] ? kfree+0x19a/0x6d0 [ 301.295132][ T8950] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 301.295150][ T8950] ? security_file_ioctl+0xcb/0x2d0 [ 301.295177][ T8950] ? __se_sys_ioctl+0x47/0x170 [ 301.295204][ T8950] ? do_syscall_64+0xfa/0xfa0 [ 301.295224][ T8950] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.295263][ T8950] ? __pfx_binder_debug+0x10/0x10 [ 301.295279][ T8950] ? do_raw_spin_lock+0x121/0x290 [ 301.295323][ T8950] ? _raw_spin_unlock+0x28/0x50 [ 301.295341][ T8950] ? binder_get_thread+0x178/0x6d0 [ 301.295365][ T8950] binder_ioctl+0x3e0/0x19c0 [ 301.295388][ T8950] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 301.295411][ T8950] ? do_vfs_ioctl+0xbe8/0x1430 [ 301.295428][ T8950] ? __pfx_binder_ioctl+0x10/0x10 [ 301.295447][ T8950] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 301.295499][ T8950] ? __fget_files+0x2a/0x420 [ 301.295525][ T8950] ? __fget_files+0x3a0/0x420 [ 301.295547][ T8950] ? __fget_files+0x2a/0x420 [ 301.295572][ T8950] ? bpf_lsm_file_ioctl+0x9/0x20 [ 301.295595][ T8950] ? __pfx_binder_ioctl+0x10/0x10 [ 301.295615][ T8950] __se_sys_ioctl+0xfc/0x170 [ 301.295646][ T8950] do_syscall_64+0xfa/0xfa0 [ 301.295668][ T8950] ? lockdep_hardirqs_on+0x9c/0x150 [ 301.295689][ T8950] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.295708][ T8950] ? clear_bhb_loop+0x60/0xb0 [ 301.295731][ T8950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.295750][ T8950] RIP: 0033:0x7fc18d38eec9 [ 301.295773][ T8950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.295789][ T8950] RSP: 002b:00007fc18e2df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 301.295811][ T8950] RAX: ffffffffffffffda RBX: 00007fc18d5e5fa0 RCX: 00007fc18d38eec9 [ 301.295825][ T8950] RDX: 0000200000000300 RSI: 00000000c0306201 RDI: 0000000000000004 [ 301.295839][ T8950] RBP: 00007fc18e2df090 R08: 0000000000000000 R09: 0000000000000000 [ 301.295851][ T8950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 301.295863][ T8950] R13: 00007fc18d5e6038 R14: 00007fc18d5e5fa0 R15: 00007ffeb1709078 [ 301.295893][ T8950] [ 301.295903][ T8950] binder: 8949:8950 ioctl c0306201 200000000300 returned -14 [ 301.395002][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 301.641698][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 301.650491][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 301.737331][ T8954] FAULT_INJECTION: forcing a failure. [ 301.737331][ T8954] name failslab, interval 1, probability 0, space 0, times 0 [ 301.737389][ T8954] CPU: 1 UID: 0 PID: 8954 Comm: syz.0.945 Not tainted syzkaller #0 PREEMPT(full) [ 301.737411][ T8954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 301.737422][ T8954] Call Trace: [ 301.737429][ T8954] [ 301.737438][ T8954] dump_stack_lvl+0x189/0x250 [ 301.737472][ T8954] ? __pfx____ratelimit+0x10/0x10 [ 301.737496][ T8954] ? __pfx_dump_stack_lvl+0x10/0x10 [ 301.737525][ T8954] ? __pfx__printk+0x10/0x10 [ 301.737555][ T8954] ? __pfx___might_resched+0x10/0x10 [ 301.737580][ T8954] ? fs_reclaim_acquire+0x7d/0x100 [ 301.737606][ T8954] should_fail_ex+0x414/0x560 [ 301.737643][ T8954] should_failslab+0xa8/0x100 [ 301.737667][ T8954] __kmalloc_cache_noprof+0x6f/0x6f0 [ 301.737695][ T8954] ? vkms_plane_duplicate_state+0x51/0x110 [ 301.737739][ T8954] vkms_plane_duplicate_state+0x51/0x110 [ 301.737768][ T8954] drm_atomic_get_plane_state+0x25d/0x5a0 [ 301.737802][ T8954] drm_client_modeset_commit_atomic+0x1e7/0x760 [ 301.737846][ T8954] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 301.737897][ T8954] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 301.737935][ T8954] drm_client_modeset_commit_locked+0xcb/0x4d0 [ 301.737967][ T8954] drm_fb_helper_pan_display+0x3e7/0xbd0 [ 301.738006][ T8954] fb_pan_display+0x39e/0x680 [ 301.738030][ T8954] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 301.738056][ T8954] bit_update_start+0x4d/0x1e0 [ 301.738103][ T8954] fbcon_modechanged+0xbf6/0x1330 [ 301.738138][ T8954] do_fb_ioctl+0x6fd/0x750 [ 301.738169][ T8954] ? __pfx_do_fb_ioctl+0x10/0x10 [ 301.738236][ T8954] ? __fget_files+0x2a/0x420 [ 301.738261][ T8954] ? __fget_files+0x3a0/0x420 [ 301.738283][ T8954] ? __fget_files+0x2a/0x420 [ 301.738309][ T8954] ? bpf_lsm_file_ioctl+0x9/0x20 [ 301.738332][ T8954] ? __pfx_fb_ioctl+0x10/0x10 [ 301.738355][ T8954] __se_sys_ioctl+0xfc/0x170 [ 301.738388][ T8954] do_syscall_64+0xfa/0xfa0 [ 301.738409][ T8954] ? lockdep_hardirqs_on+0x9c/0x150 [ 301.738432][ T8954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.738451][ T8954] ? clear_bhb_loop+0x60/0xb0 [ 301.738474][ T8954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.738491][ T8954] RIP: 0033:0x7f40ed78eec9 [ 301.738512][ T8954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.738527][ T8954] RSP: 002b:00007f40eb9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 301.738547][ T8954] RAX: ffffffffffffffda RBX: 00007f40ed9e5fa0 RCX: 00007f40ed78eec9 [ 301.738561][ T8954] RDX: 0000200000000100 RSI: 0000000000004601 RDI: 0000000000000003 [ 301.738573][ T8954] RBP: 00007f40eb9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 301.738585][ T8954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.738597][ T8954] R13: 00007f40ed9e6038 R14: 00007f40ed9e5fa0 R15: 00007ffe6d121dc8 [ 301.738632][ T8954] [ 301.987540][ T5909] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 302.192841][ T5909] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 302.203237][ T5909] usb 4-1: config 0 has no interfaces? [ 302.257413][ T5909] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 302.267223][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.276968][ T5909] usb 4-1: Product: syz [ 302.281171][ T5909] usb 4-1: Manufacturer: syz [ 302.286720][ T5909] usb 4-1: SerialNumber: syz [ 302.293235][ T5909] usb 4-1: config 0 descriptor?? [ 302.392431][ T8968] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 302.399787][ T8968] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 302.406635][ T8978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.952'. [ 302.414163][ T8968] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 302.594271][ T5909] usb 4-1: USB disconnect, device number 109 [ 302.673481][ T5964] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 302.703487][ T5939] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 302.826639][ T5964] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 302.835806][ T5964] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.843926][ T5964] usb 3-1: Product: syz [ 302.848090][ T5964] usb 3-1: Manufacturer: syz [ 302.852664][ T5964] usb 3-1: SerialNumber: syz [ 302.855263][ T5939] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 302.868906][ T5964] usb 3-1: config 0 descriptor?? [ 302.869348][ T5939] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 302.886571][ T5939] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 302.896004][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.905064][ T5939] usb 2-1: Product: syz [ 302.909525][ T5939] usb 2-1: Manufacturer: syz [ 302.914454][ T5939] usb 2-1: SerialNumber: syz [ 302.921496][ T5939] usb 2-1: config 0 descriptor?? [ 302.928798][ T8980] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 302.936375][ T8980] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 303.084875][ T5964] peak_usb 3-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 303.148759][ T8980] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 303.156397][ T8980] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 303.392471][ T5964] peak_usb 3-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 303.401511][ T5964] peak_usb 3-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 303.453525][ T5956] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 303.484097][ T5964] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71 [ 303.499476][ T5964] usb 3-1: USB disconnect, device number 3 [ 303.613428][ T5956] usb 4-1: Using ep0 maxpacket: 8 [ 303.619290][ T5956] usb 4-1: too many configurations: 210, using maximum allowed: 8 [ 303.629904][ T5956] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 303.637947][ T5956] usb 4-1: can't read configurations, error -61 [ 303.773606][ T5956] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 303.943469][ T5956] usb 4-1: Using ep0 maxpacket: 8 [ 303.955317][ T5956] usb 4-1: too many configurations: 210, using maximum allowed: 8 [ 303.968948][ T5956] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 303.978954][ T5939] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 303.988806][ T5956] usb 4-1: can't read configurations, error -61 [ 304.003797][ T5956] usb usb4-port1: attempt power cycle [ 304.010423][ T5939] dm9601 2-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet, 38:75:63:a0:62:f1 [ 304.036570][ T5939] usb 2-1: USB disconnect, device number 107 [ 304.055188][ T5939] dm9601 2-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet [ 304.333566][ T5876] Bluetooth: hci0: command 0x0c1a tx timeout [ 304.373513][ T5956] usb 4-1: new high-speed USB device number 112 using dummy_hcd [ 304.393928][ T5956] usb 4-1: Using ep0 maxpacket: 8 [ 304.399695][ T5956] usb 4-1: too many configurations: 210, using maximum allowed: 8 [ 304.409569][ T5956] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 304.417841][ T5876] Bluetooth: hci1: command 0x0c1a tx timeout [ 304.417847][ T5956] usb 4-1: can't read configurations, error -61 [ 304.443483][ T5964] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 304.473457][ T5909] usb 1-1: new high-speed USB device number 111 using dummy_hcd [ 304.493470][ T5876] Bluetooth: hci3: command 0x0405 tx timeout [ 304.543968][ T5956] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 304.566108][ T5956] usb 4-1: Using ep0 maxpacket: 8 [ 304.573310][ T5956] usb 4-1: too many configurations: 210, using maximum allowed: 8 [ 304.585714][ T5956] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 304.593456][ T5964] usb 3-1: Using ep0 maxpacket: 32 [ 304.599168][ T5956] usb 4-1: can't read configurations, error -61 [ 304.607472][ T5964] usb 3-1: config 0 has an invalid interface number: 134 but max is 0 [ 304.615811][ T5964] usb 3-1: config 0 has no interface number 0 [ 304.622275][ T5956] usb usb4-port1: unable to enumerate USB device [ 304.631797][ T5909] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 304.642214][ T5964] usb 3-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=ea.6f [ 304.651393][ T5909] usb 1-1: config 0 has no interfaces? [ 304.657306][ T5964] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.667082][ T5964] usb 3-1: Product: syz [ 304.671556][ T5964] usb 3-1: Manufacturer: syz [ 304.676414][ T5964] usb 3-1: SerialNumber: syz [ 304.683231][ T5909] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 304.692429][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.702113][ T5964] usb 3-1: config 0 descriptor?? [ 304.708057][ T5909] usb 1-1: Product: syz [ 304.712384][ T5909] usb 1-1: Manufacturer: syz [ 304.721697][ T5964] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.134/input/input18 [ 304.731164][ T5909] usb 1-1: SerialNumber: syz [ 304.740144][ T5909] usb 1-1: config 0 descriptor?? [ 304.920230][ T5221] bcm5974 3-1:0.134: could not read from device [ 304.937155][ T5221] bcm5974 3-1:0.134: could not read from device [ 304.947270][ T5964] usb 3-1: USB disconnect, device number 4 [ 305.110204][ T5909] usb 1-1: USB disconnect, device number 111 [ 305.383485][ T5956] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 305.546746][ T5956] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 305.555987][ T5956] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.564254][ T5956] usb 2-1: Product: syz [ 305.568717][ T5956] usb 2-1: Manufacturer: syz [ 305.573393][ T5956] usb 2-1: SerialNumber: syz [ 305.580865][ T5956] usb 2-1: config 0 descriptor?? [ 305.723500][ T5977] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 305.791033][ T5956] peak_usb 2-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 305.885603][ T5977] usb 3-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 305.896464][ T5977] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.907988][ T5977] usb 3-1: config 0 descriptor?? [ 306.101002][ T5956] peak_usb 2-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 306.103559][ T5939] usb 1-1: new high-speed USB device number 112 using dummy_hcd [ 306.110690][ T5956] peak_usb 2-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 306.144146][ T5977] kaweth 3-1:0.0: Firmware present in device. [ 306.194140][ T5956] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -71 [ 306.211098][ T5956] usb 2-1: USB disconnect, device number 108 [ 306.289013][ T9033] netlink: 4 bytes leftover after parsing attributes in process `syz.3.973'. [ 306.292146][ T5939] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 306.301746][ T9035] netlink: 4 bytes leftover after parsing attributes in process `syz.3.973'. [ 306.309529][ T5939] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 306.331589][ T5939] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 306.341024][ T5977] kaweth 3-1:0.0: Statistics collection: 0 [ 306.350642][ T5939] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.358966][ T5977] kaweth 3-1:0.0: Multicast filter limit: 0 [ 306.365481][ T5939] usb 1-1: Product: syz [ 306.369798][ T5977] kaweth 3-1:0.0: MTU: 0 [ 306.374284][ T5939] usb 1-1: Manufacturer: syz [ 306.378943][ T5977] kaweth 3-1:0.0: Read MAC address 00:00:00:00:00:00 [ 306.385902][ T5939] usb 1-1: SerialNumber: syz [ 306.399806][ T5939] usb 1-1: config 0 descriptor?? [ 306.407047][ T9029] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 306.414566][ T9029] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 306.626879][ T9029] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 306.634351][ T9029] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 306.703456][ T5956] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 306.867294][ T5956] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 306.877581][ T5956] usb 4-1: config 0 has no interfaces? [ 306.889126][ T5956] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 306.898501][ T5956] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.907115][ T5956] usb 4-1: Product: syz [ 306.911376][ T5956] usb 4-1: Manufacturer: syz [ 306.917171][ T5956] usb 4-1: SerialNumber: syz [ 306.924852][ T5956] usb 4-1: config 0 descriptor?? [ 306.950976][ T5977] kaweth 3-1:0.0: kaweth interface created at eth1 [ 307.116575][ T5919] usb 2-1: new full-speed USB device number 109 using dummy_hcd [ 307.268825][ T5956] usb 4-1: USB disconnect, device number 114 [ 307.277469][ T5919] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 307.301049][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.321516][ T5919] usb 2-1: config 0 descriptor?? [ 307.336385][ T5919] cp210x 2-1:0.0: cp210x converter detected [ 307.458163][ T5939] dm9601 1-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 307.487939][ T5939] dm9601 1-1:0.0 eth2: register 'dm9601' at usb-dummy_hcd.0-1, Davicom DM96xx USB 10/100 Ethernet, 38:75:63:a0:62:f1 [ 307.510989][ T5939] usb 1-1: USB disconnect, device number 112 [ 307.536614][ T5939] dm9601 1-1:0.0 eth2: unregister 'dm9601' usb-dummy_hcd.0-1, Davicom DM96xx USB 10/100 Ethernet [ 308.194896][ T5909] usb 4-1: new high-speed USB device number 115 using dummy_hcd [ 308.342292][ T5919] cp210x 2-1:0.0: failed to get vendor val 0x370c size 13: -71 [ 308.359696][ T5919] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 308.375345][ T5919] usb 2-1: cp210x converter now attached to ttyUSB0 [ 308.393962][ T5919] usb 2-1: USB disconnect, device number 109 [ 308.412885][ T5919] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 308.421449][ T5919] cp210x 2-1:0.0: device disconnected [ 308.460923][ T5909] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 308.483305][ T5909] usb 4-1: config 0 has no interfaces? [ 308.492307][ T5909] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 308.501453][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.509750][ T5909] usb 4-1: Product: syz [ 308.513959][ T5909] usb 4-1: Manufacturer: syz [ 308.518555][ T5909] usb 4-1: SerialNumber: syz [ 308.528020][ T5909] usb 4-1: config 0 descriptor?? [ 308.623158][ T9076] afs: Unknown parameter '\' [ 308.859715][ T5909] usb 4-1: USB disconnect, device number 115 [ 308.874537][ T5964] usb 3-1: USB disconnect, device number 5 [ 309.066548][ T5919] usb 1-1: new high-speed USB device number 113 using dummy_hcd [ 309.240529][ T5919] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 309.270525][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.283426][ T5919] usb 1-1: Product: syz [ 309.287624][ T5919] usb 1-1: Manufacturer: syz [ 309.306019][ T5919] usb 1-1: SerialNumber: syz [ 309.325476][ T5919] usb 1-1: config 0 descriptor?? [ 309.414074][ T5964] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 309.545166][ T5919] peak_usb 1-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 309.596011][ T5964] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 309.610154][ T5964] usb 3-1: config 0 has no interfaces? [ 309.624898][ T5964] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 309.634237][ T5964] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.642395][ T5964] usb 3-1: Product: syz [ 309.653435][ T5964] usb 3-1: Manufacturer: syz [ 309.658151][ T5964] usb 3-1: SerialNumber: syz [ 309.668892][ T5964] usb 3-1: config 0 descriptor?? [ 309.763479][ T5977] usb 4-1: new high-speed USB device number 116 using dummy_hcd [ 309.909708][ T5919] peak_usb 1-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 309.933198][ T5977] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 309.944035][ T5919] peak_usb 1-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 309.955136][ T5977] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 309.976448][ T5977] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 310.006849][ T5977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.019993][ T5977] usb 4-1: Product: syz [ 310.024891][ T5977] usb 4-1: Manufacturer: syz [ 310.029696][ T5977] usb 4-1: SerialNumber: syz [ 310.036288][ T5919] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -71 [ 310.050525][ T5977] usb 4-1: config 0 descriptor?? [ 310.062164][ T9108] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 310.077762][ T5964] usb 3-1: USB disconnect, device number 6 [ 310.082104][ T5919] usb 1-1: USB disconnect, device number 113 [ 310.094103][ T9108] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 310.317955][ T9108] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 310.325466][ T9108] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 310.542585][ T9122] netlink: 'syz.0.990': attribute type 16 has an invalid length. [ 310.550512][ T9122] netlink: 156 bytes leftover after parsing attributes in process `syz.0.990'. [ 310.924071][ T5964] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 311.113437][ T5964] usb 3-1: Using ep0 maxpacket: 16 [ 311.122780][ T5964] usb 3-1: config 7 has an invalid interface number: 82 but max is 1 [ 311.132117][ T5964] usb 3-1: config 7 contains an unexpected descriptor of type 0x1, skipping [ 311.145575][ T5964] usb 3-1: config 7 has an invalid interface number: 145 but max is 1 [ 311.154718][ T5964] usb 3-1: config 7 contains an unexpected descriptor of type 0x2, skipping [ 311.167088][ T5964] usb 3-1: config 7 has an invalid interface number: 23 but max is 1 [ 311.168728][ T5977] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 311.176539][ T5964] usb 3-1: config 7 has 3 interfaces, different from the descriptor's value: 2 [ 311.198245][ T5964] usb 3-1: config 7 has no interface number 0 [ 311.203926][ T5977] dm9601 4-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.3-1, Davicom DM96xx USB 10/100 Ethernet, 38:75:63:a0:62:f1 [ 311.221445][ T5977] usb 4-1: USB disconnect, device number 116 [ 311.228983][ T5964] usb 3-1: config 7 has no interface number 1 [ 311.236752][ T5964] usb 3-1: config 7 has no interface number 2 [ 311.241547][ T5977] dm9601 4-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.3-1, Davicom DM96xx USB 10/100 Ethernet [ 311.243171][ T5964] usb 3-1: config 7 interface 82 altsetting 0 endpoint 0x9 has an invalid bInterval 215, changing to 7 [ 311.254317][ T5939] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 311.266911][ T5964] usb 3-1: config 7 interface 82 altsetting 0 has an endpoint descriptor with address 0x1E, changing to 0xE [ 311.285446][ T5964] usb 3-1: config 7 interface 82 altsetting 0 has a duplicate endpoint with address 0x8, skipping [ 311.298847][ T5964] usb 3-1: config 7 interface 82 altsetting 0 has a duplicate endpoint with address 0xB, skipping [ 311.309753][ T5964] usb 3-1: config 7 interface 82 altsetting 0 has a duplicate endpoint with address 0xB, skipping [ 311.321604][ T5964] usb 3-1: config 7 interface 82 altsetting 0 has a duplicate endpoint with address 0xD, skipping [ 311.334312][ T5964] usb 3-1: config 7 interface 82 altsetting 0 has a duplicate endpoint with address 0x9, skipping [ 311.346662][ T5964] usb 3-1: config 7 interface 82 altsetting 0 endpoint 0x4 has an invalid bInterval 247, changing to 11 [ 311.359535][ T5964] usb 3-1: config 7 interface 82 altsetting 0 has a duplicate endpoint with address 0x4, skipping [ 311.370831][ T5964] usb 3-1: config 7 interface 145 altsetting 13 endpoint 0x2 has invalid maxpacket 544, setting to 64 [ 311.384686][ T5964] usb 3-1: config 7 interface 145 altsetting 13 has a duplicate endpoint with address 0x6, skipping [ 311.396021][ T5964] usb 3-1: config 7 interface 145 altsetting 13 endpoint 0x7 has invalid maxpacket 19054, setting to 64 [ 311.407921][ T5964] usb 3-1: config 7 interface 145 altsetting 13 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 311.419457][ T5964] usb 3-1: config 7 interface 145 altsetting 13 has a duplicate endpoint with address 0xD, skipping [ 311.432654][ T5964] usb 3-1: too many endpoints for config 7 interface 23 altsetting 142: 93, using maximum allowed: 30 [ 311.444345][ T5964] usb 3-1: config 7 interface 23 altsetting 142 has 0 endpoint descriptors, different from the interface descriptor's value: 93 [ 311.454441][ T5939] usb 2-1: Using ep0 maxpacket: 16 [ 311.458081][ T5964] usb 3-1: config 7 interface 145 has no altsetting 0 [ 311.469636][ T5964] usb 3-1: config 7 interface 23 has no altsetting 0 [ 311.471636][ T5939] usb 2-1: unable to get BOS descriptor or descriptor too short [ 311.478897][ T5964] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=30.82 [ 311.488715][ T5939] usb 2-1: config 15 has an invalid interface number: 107 but max is 0 [ 311.494431][ T5964] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.504436][ T5939] usb 2-1: config 15 has no interface number 0 [ 311.517308][ T5939] usb 2-1: config 15 interface 107 has no altsetting 0 [ 311.529158][ T5939] usb 2-1: New USB device found, idVendor=1ba6, idProduct=0001, bcdDevice=a7.8c [ 311.543247][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.554544][ T5964] usb 3-1: Product: ఇ [ 311.557150][ T5939] usb 2-1: Product: syz [ 311.558733][ T5964] usb 3-1: Manufacturer: ࠁ [ 311.563069][ T5939] usb 2-1: Manufacturer: syz [ 311.567543][ T5964] usb 3-1: SerialNumber: syz [ 311.573512][ T5939] usb 2-1: SerialNumber: syz [ 311.582474][ T9127] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 311.758017][ T9147] FAULT_INJECTION: forcing a failure. [ 311.758017][ T9147] name failslab, interval 1, probability 0, space 0, times 0 [ 311.783000][ T9147] CPU: 0 UID: 0 PID: 9147 Comm: syz.3.999 Not tainted syzkaller #0 PREEMPT(full) [ 311.783027][ T9147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 311.783054][ T9147] Call Trace: [ 311.783063][ T9147] [ 311.783072][ T9147] dump_stack_lvl+0x189/0x250 [ 311.783105][ T9147] ? __pfx____ratelimit+0x10/0x10 [ 311.783126][ T9147] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.783154][ T9147] ? __pfx__printk+0x10/0x10 [ 311.783185][ T9147] ? __pfx___might_resched+0x10/0x10 [ 311.783208][ T9147] ? fs_reclaim_acquire+0x7d/0x100 [ 311.783232][ T9147] should_fail_ex+0x414/0x560 [ 311.783268][ T9147] should_failslab+0xa8/0x100 [ 311.783289][ T9147] __kmalloc_noprof+0xcb/0x7f0 [ 311.783316][ T9147] ? tomoyo_encode+0x28b/0x550 [ 311.783344][ T9147] tomoyo_encode+0x28b/0x550 [ 311.783372][ T9147] tomoyo_realpath_from_path+0x58d/0x5d0 [ 311.783406][ T9147] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 311.783426][ T9147] tomoyo_path_number_perm+0x1e8/0x5a0 [ 311.783450][ T9147] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 311.783506][ T9147] ? __fget_files+0x2a/0x420 [ 311.783536][ T9147] ? __fget_files+0x3a0/0x420 [ 311.783558][ T9147] ? __fget_files+0x2a/0x420 [ 311.783585][ T9147] security_file_ioctl+0xcb/0x2d0 [ 311.783623][ T9147] __se_sys_ioctl+0x47/0x170 [ 311.783656][ T9147] do_syscall_64+0xfa/0xfa0 [ 311.783676][ T9147] ? lockdep_hardirqs_on+0x9c/0x150 [ 311.783700][ T9147] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.783726][ T9147] ? clear_bhb_loop+0x60/0xb0 [ 311.783750][ T9147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.783770][ T9147] RIP: 0033:0x7f22b3f8eec9 [ 311.783788][ T9147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.783806][ T9147] RSP: 002b:00007f22b4f0b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 311.783829][ T9147] RAX: ffffffffffffffda RBX: 00007f22b41e5fa0 RCX: 00007f22b3f8eec9 [ 311.783844][ T9147] RDX: 00002000000000c0 RSI: 0000000000004b72 RDI: 0000000000000003 [ 311.783857][ T9147] RBP: 00007f22b4f0b090 R08: 0000000000000000 R09: 0000000000000000 [ 311.783870][ T9147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.783883][ T9147] R13: 00007f22b41e6038 R14: 00007f22b41e5fa0 R15: 00007ffd25c6cf88 [ 311.783915][ T9147] [ 311.841849][ T5939] as10x_usb: device has been detected [ 311.857414][ T9147] ERROR: Out of memory at tomoyo_realpath_from_path. [ 311.866313][ T5939] dvbdev: DVB: registering new adapter (Abilis Systems DVB-Titan) [ 312.076907][ T5939] usb 2-1: DVB: registering adapter 1 frontend 0 (Abilis Systems DVB-Titan)... [ 312.127292][ T5939] as10x_usb: error during firmware upload part1 [ 312.127925][ T5939] Registered device Abilis Systems DVB-Titan [ 312.153771][ T5939] usb 2-1: USB disconnect, device number 110 [ 312.202471][ T5939] Unregistered device Abilis Systems DVB-Titan [ 312.204991][ T5939] as10x_usb: device has been disconnected [ 312.245912][ T9153] usb usb8: usbfs: process 9153 (syz.3.1001) did not claim interface 0 before use [ 312.293820][ T5964] usb 3-1: USB disconnect, device number 7 [ 312.313438][ T5909] usb 1-1: new high-speed USB device number 114 using dummy_hcd [ 312.485256][ T5909] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 312.495592][ T5909] usb 1-1: config 0 has no interfaces? [ 312.504330][ T5909] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 312.513532][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.521514][ T5909] usb 1-1: Product: syz [ 312.525780][ T5909] usb 1-1: Manufacturer: syz [ 312.530396][ T5909] usb 1-1: SerialNumber: syz [ 312.537369][ T5909] usb 1-1: config 0 descriptor?? [ 312.873947][ T5909] usb 1-1: USB disconnect, device number 114 [ 312.894724][ T6047] udevd[6047]: setting mode of /dev/bus/usb/001/114 to 020664 failed: No such file or directory [ 312.918064][ T6047] udevd[6047]: setting owner of /dev/bus/usb/001/114 to uid=0, gid=0 failed: No such file or directory [ 312.938939][ T9174] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 313.243547][ T5977] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 313.293502][ T5964] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 313.395254][ T5977] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 313.405331][ T5977] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 313.418420][ T5977] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 313.428042][ T5977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.443483][ T5977] usb 2-1: Product: syz [ 313.445314][ T5964] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 313.447692][ T5977] usb 2-1: Manufacturer: syz [ 313.466333][ T5964] usb 3-1: New USB device found, idVendor=0bfd, idProduct=0127, bcdDevice=7b.4a [ 313.470726][ T5977] usb 2-1: SerialNumber: syz [ 313.480621][ T5964] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.495751][ T5977] usb 2-1: config 0 descriptor?? [ 313.502776][ T9177] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 313.510708][ T9177] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 313.522356][ T5964] usb 3-1: Product: syz [ 313.529458][ T5964] usb 3-1: Manufacturer: syz [ 313.539614][ T5964] usb 3-1: SerialNumber: syz [ 313.564871][ T5964] usb 3-1: config 0 descriptor?? [ 313.582287][ T5964] kvaser_usb 3-1:0.0: error -ENODEV: Cannot get usb endpoint(s) [ 313.722875][ T9177] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 313.741914][ T9177] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 313.863196][ T5964] usb 3-1: USB disconnect, device number 8 [ 314.559221][ T5977] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 314.587722][ T5977] dm9601 2-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet, 38:75:63:a0:62:f1 [ 314.610344][ T5977] usb 2-1: USB disconnect, device number 111 [ 314.625807][ T5977] dm9601 2-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet [ 314.743469][ T5964] usb 4-1: new high-speed USB device number 117 using dummy_hcd [ 314.895074][ T5964] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 314.906307][ T5964] usb 4-1: config 0 has no interfaces? [ 314.914853][ T5964] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 314.924072][ T5964] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.932084][ T5964] usb 4-1: Product: syz [ 314.936293][ T5964] usb 4-1: Manufacturer: syz [ 314.940896][ T5964] usb 4-1: SerialNumber: syz [ 314.947767][ T5964] usb 4-1: config 0 descriptor?? [ 315.053494][ T5909] usb 1-1: new high-speed USB device number 115 using dummy_hcd [ 315.225727][ T5909] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 315.237713][ T5909] usb 1-1: config 0 has no interfaces? [ 315.255870][ T5964] usb 4-1: USB disconnect, device number 117 [ 315.267112][ T5909] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 315.308314][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.320409][ T9229] FAULT_INJECTION: forcing a failure. [ 315.320409][ T9229] name failslab, interval 1, probability 0, space 0, times 0 [ 315.333492][ T9229] CPU: 1 UID: 0 PID: 9229 Comm: syz.1.1025 Not tainted syzkaller #0 PREEMPT(full) [ 315.333518][ T9229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 315.333529][ T9229] Call Trace: [ 315.333537][ T9229] [ 315.333546][ T9229] dump_stack_lvl+0x189/0x250 [ 315.333579][ T9229] ? __pfx____ratelimit+0x10/0x10 [ 315.333601][ T9229] ? __pfx_dump_stack_lvl+0x10/0x10 [ 315.333631][ T9229] ? __pfx__printk+0x10/0x10 [ 315.333657][ T9229] ? save_netdev_trace_buffer+0x4e2/0x5e0 [ 315.333693][ T9229] should_fail_ex+0x414/0x560 [ 315.333727][ T9229] should_failslab+0xa8/0x100 [ 315.333749][ T9229] kmem_cache_alloc_noprof+0x74/0x6e0 [ 315.333778][ T9229] ? skb_clone+0x212/0x3a0 [ 315.333807][ T9229] skb_clone+0x212/0x3a0 [ 315.333834][ T9229] __netlink_deliver_tap+0x424/0x8b0 [ 315.333865][ T9229] ? netlink_deliver_tap+0x2e/0x1b0 [ 315.333886][ T9229] netlink_deliver_tap+0x19c/0x1b0 [ 315.333908][ T9229] netlink_unicast+0x7fa/0x9e0 [ 315.333935][ T9229] ? __pfx_netlink_unicast+0x10/0x10 [ 315.333956][ T9229] ? netlink_sendmsg+0x642/0xb30 [ 315.333976][ T9229] ? skb_put+0x11b/0x210 [ 315.334002][ T9229] netlink_sendmsg+0x805/0xb30 [ 315.334037][ T9229] ? __pfx_netlink_sendmsg+0x10/0x10 [ 315.334062][ T9229] ? aa_sock_msg_perm+0xf1/0x1d0 [ 315.334083][ T9229] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 315.334101][ T9229] ? __pfx_netlink_sendmsg+0x10/0x10 [ 315.334123][ T9229] __sock_sendmsg+0x21c/0x270 [ 315.334155][ T9229] ____sys_sendmsg+0x505/0x830 [ 315.334192][ T9229] ? __pfx_____sys_sendmsg+0x10/0x10 [ 315.334227][ T9229] ? import_iovec+0x74/0xa0 [ 315.334254][ T9229] ___sys_sendmsg+0x21f/0x2a0 [ 315.334278][ T9229] ? __pfx____sys_sendmsg+0x10/0x10 [ 315.334330][ T9229] ? __fget_files+0x2a/0x420 [ 315.334349][ T9229] ? __fget_files+0x3a0/0x420 [ 315.334377][ T9229] __x64_sys_sendmsg+0x19b/0x260 [ 315.334401][ T9229] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 315.334435][ T9229] ? __pfx_ksys_write+0x10/0x10 [ 315.334456][ T9229] ? do_syscall_64+0xbe/0xfa0 [ 315.334478][ T9229] do_syscall_64+0xfa/0xfa0 [ 315.334496][ T9229] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.334516][ T9229] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.334532][ T9229] ? clear_bhb_loop+0x60/0xb0 [ 315.334552][ T9229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.334568][ T9229] RIP: 0033:0x7fcd0fb8eec9 [ 315.334583][ T9229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.334599][ T9229] RSP: 002b:00007fcd109ab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 315.334617][ T9229] RAX: ffffffffffffffda RBX: 00007fcd0fde5fa0 RCX: 00007fcd0fb8eec9 [ 315.334630][ T9229] RDX: 0000000020004080 RSI: 0000200000000040 RDI: 0000000000000003 [ 315.334641][ T9229] RBP: 00007fcd109ab090 R08: 0000000000000000 R09: 0000000000000000 [ 315.334652][ T9229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.334662][ T9229] R13: 00007fcd0fde6038 R14: 00007fcd0fde5fa0 R15: 00007ffedd034708 [ 315.334689][ T9229] [ 315.336889][ T5909] usb 1-1: Product: syz [ 315.480726][ T9231] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 315.484117][ T5909] usb 1-1: Manufacturer: syz [ 315.654392][ T5909] usb 1-1: SerialNumber: syz [ 315.664346][ T5909] usb 1-1: config 0 descriptor?? [ 315.807406][ T9240] tmpfs: Bad value for 'mpol' [ 315.987667][ T5909] usb 1-1: USB disconnect, device number 115 [ 316.050503][ T9250] FAULT_INJECTION: forcing a failure. [ 316.050503][ T9250] name failslab, interval 1, probability 0, space 0, times 0 [ 316.063829][ T9250] CPU: 0 UID: 0 PID: 9250 Comm: syz.1.1029 Not tainted syzkaller #0 PREEMPT(full) [ 316.063857][ T9250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 316.063870][ T9250] Call Trace: [ 316.063878][ T9250] [ 316.063887][ T9250] dump_stack_lvl+0x189/0x250 [ 316.063922][ T9250] ? __pfx____ratelimit+0x10/0x10 [ 316.063944][ T9250] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.063974][ T9250] ? __pfx__printk+0x10/0x10 [ 316.064006][ T9250] ? __pfx___might_resched+0x10/0x10 [ 316.064035][ T9250] should_fail_ex+0x414/0x560 [ 316.064069][ T9250] should_failslab+0xa8/0x100 [ 316.064091][ T9250] kmem_cache_alloc_node_noprof+0x77/0x710 [ 316.064121][ T9250] ? __alloc_skb+0x112/0x2d0 [ 316.064148][ T9250] __alloc_skb+0x112/0x2d0 [ 316.064179][ T9250] netlink_ack+0x146/0xa50 [ 316.064203][ T9250] ? rcu_is_watching+0x15/0xb0 [ 316.064228][ T9250] ? trace_contention_end+0x39/0x120 [ 316.064266][ T9250] netlink_rcv_skb+0x28c/0x470 [ 316.064289][ T9250] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 316.064317][ T9250] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 316.064353][ T9250] ? netlink_deliver_tap+0x2e/0x1b0 [ 316.064374][ T9250] ? netlink_deliver_tap+0x2e/0x1b0 [ 316.064399][ T9250] xfrm_netlink_rcv+0x79/0x90 [ 316.064430][ T9250] netlink_unicast+0x82f/0x9e0 [ 316.064459][ T9250] ? __pfx_netlink_unicast+0x10/0x10 [ 316.064481][ T9250] ? netlink_sendmsg+0x642/0xb30 [ 316.064501][ T9250] ? skb_put+0x11b/0x210 [ 316.064527][ T9250] netlink_sendmsg+0x805/0xb30 [ 316.064560][ T9250] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.064586][ T9250] ? aa_sock_msg_perm+0xf1/0x1d0 [ 316.064612][ T9250] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 316.064633][ T9250] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.064656][ T9250] __sock_sendmsg+0x21c/0x270 [ 316.064688][ T9250] ____sys_sendmsg+0x505/0x830 [ 316.064717][ T9250] ? __pfx_____sys_sendmsg+0x10/0x10 [ 316.064750][ T9250] ? import_iovec+0x74/0xa0 [ 316.064780][ T9250] ___sys_sendmsg+0x21f/0x2a0 [ 316.064807][ T9250] ? __pfx____sys_sendmsg+0x10/0x10 [ 316.064863][ T9250] ? __fget_files+0x2a/0x420 [ 316.064885][ T9250] ? __fget_files+0x3a0/0x420 [ 316.064918][ T9250] __x64_sys_sendmsg+0x19b/0x260 [ 316.064946][ T9250] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 316.064979][ T9250] ? __pfx_ksys_write+0x10/0x10 [ 316.065002][ T9250] ? do_syscall_64+0xbe/0xfa0 [ 316.065026][ T9250] do_syscall_64+0xfa/0xfa0 [ 316.065044][ T9250] ? lockdep_hardirqs_on+0x9c/0x150 [ 316.065065][ T9250] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.065084][ T9250] ? clear_bhb_loop+0x60/0xb0 [ 316.065106][ T9250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.065125][ T9250] RIP: 0033:0x7fcd0fb8eec9 [ 316.065143][ T9250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.065160][ T9250] RSP: 002b:00007fcd109ab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 316.065180][ T9250] RAX: ffffffffffffffda RBX: 00007fcd0fde5fa0 RCX: 00007fcd0fb8eec9 [ 316.065192][ T9250] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 316.065205][ T9250] RBP: 00007fcd109ab090 R08: 0000000000000000 R09: 0000000000000000 [ 316.065217][ T9250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 316.065229][ T9250] R13: 00007fcd0fde6038 R14: 00007fcd0fde5fa0 R15: 00007ffedd034708 [ 316.065261][ T9250] [ 317.144131][ T5909] usb 4-1: new high-speed USB device number 118 using dummy_hcd [ 317.183513][ T5977] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 317.283456][ T5956] usb 1-1: new high-speed USB device number 116 using dummy_hcd [ 317.319226][ T5909] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 317.328322][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.335269][ T5977] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 317.336606][ T5909] usb 4-1: Product: syz [ 317.346778][ T5977] usb 3-1: config 0 has no interfaces? [ 317.351132][ T5909] usb 4-1: Manufacturer: syz [ 317.359023][ T5977] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 317.362399][ T5909] usb 4-1: SerialNumber: syz [ 317.372059][ T5977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.383141][ T5977] usb 3-1: Product: syz [ 317.384385][ T5909] usb 4-1: config 0 descriptor?? [ 317.387633][ T5977] usb 3-1: Manufacturer: syz [ 317.398581][ T5977] usb 3-1: SerialNumber: syz [ 317.407618][ T5977] usb 3-1: config 0 descriptor?? [ 317.446123][ T5956] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 317.457639][ T5956] usb 1-1: config 0 has no interfaces? [ 317.467881][ T5956] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 317.477073][ T5956] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.485656][ T5956] usb 1-1: Product: syz [ 317.493652][ T5956] usb 1-1: Manufacturer: syz [ 317.498321][ T5956] usb 1-1: SerialNumber: syz [ 317.524577][ T5956] usb 1-1: config 0 descriptor?? [ 317.541603][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.548110][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.598854][ T5909] peak_usb 4-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 317.753448][ T5957] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 317.793776][ T5977] usb 3-1: USB disconnect, device number 9 [ 317.891492][ T5956] usb 1-1: USB disconnect, device number 116 [ 317.914894][ T5957] usb 2-1: Using ep0 maxpacket: 32 [ 317.925746][ T5957] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 317.938263][ T5957] usb 2-1: config 0 has no interface number 0 [ 317.950448][ T5909] peak_usb 4-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 317.962568][ T5957] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.973742][ T5909] peak_usb 4-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 317.983195][ T5957] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.993428][ T5957] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 318.002506][ T5957] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.018611][ T5957] usb 2-1: config 0 descriptor?? [ 318.076072][ T5909] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -71 [ 318.094346][ T5909] usb 4-1: USB disconnect, device number 118 [ 318.388328][ T5977] IPVS: starting estimator thread 0... [ 318.477946][ T9301] binder: 9300:9301 ioctl c020aa04 200000000080 returned -22 [ 318.493755][ T9297] IPVS: using max 31 ests per chain, 74400 per kthread [ 318.631104][ T9287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 318.639830][ T5957] uclogic 0003:28BD:0094.0015: pen parameters not found [ 318.648839][ T5957] uclogic 0003:28BD:0094.0015: interface is invalid, ignoring [ 318.654830][ T9287] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 318.708747][ T9287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 318.722262][ T9287] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 318.743807][ T5977] usb 2-1: USB disconnect, device number 112 [ 318.803463][ T5939] usb 1-1: new high-speed USB device number 117 using dummy_hcd [ 318.957002][ T5939] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 318.969595][ T5939] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 318.978854][ T5939] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.986974][ T5939] usb 1-1: Product: syz [ 318.991141][ T5939] usb 1-1: Manufacturer: syz [ 318.995814][ T5939] usb 1-1: SerialNumber: syz [ 319.007366][ T5939] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 319.023469][ T5957] usb 4-1: new high-speed USB device number 119 using dummy_hcd [ 319.175965][ T5957] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 319.186207][ T5957] usb 4-1: config 0 has no interfaces? [ 319.193736][ T5957] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 319.202797][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.218824][ T5957] usb 4-1: Product: syz [ 319.219199][ T5939] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 319.223025][ T5957] usb 4-1: Manufacturer: syz [ 319.223045][ T5957] usb 4-1: SerialNumber: syz [ 319.234122][ T5957] usb 4-1: config 0 descriptor?? [ 319.239078][ T5939] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0) [ 319.256925][ T5939] usb 1-1: media controller created [ 319.283784][ T5939] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 319.330742][ T9317] FAULT_INJECTION: forcing a failure. [ 319.330742][ T9317] name failslab, interval 1, probability 0, space 0, times 0 [ 319.343835][ T9317] CPU: 0 UID: 0 PID: 9317 Comm: syz.1.1051 Not tainted syzkaller #0 PREEMPT(full) [ 319.343861][ T9317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 319.343874][ T9317] Call Trace: [ 319.343883][ T9317] [ 319.343891][ T9317] dump_stack_lvl+0x189/0x250 [ 319.343921][ T9317] ? __pfx____ratelimit+0x10/0x10 [ 319.343943][ T9317] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.343969][ T9317] ? __pfx__printk+0x10/0x10 [ 319.343997][ T9317] ? __lock_acquire+0xab9/0xd20 [ 319.344026][ T9317] should_fail_ex+0x414/0x560 [ 319.344063][ T9317] should_failslab+0xa8/0x100 [ 319.344085][ T9317] kmem_cache_alloc_noprof+0x74/0x6e0 [ 319.344111][ T9317] ? __inet_hash_connect+0x146c/0x2400 [ 319.344140][ T9317] __inet_hash_connect+0x146c/0x2400 [ 319.344179][ T9317] ? __inet_hash_connect+0x4a4/0x2400 [ 319.344212][ T9317] ? __pfx___inet_hash_connect+0x10/0x10 [ 319.344244][ T9317] ? inet_hash_connect+0x12f/0x240 [ 319.344271][ T9317] tcp_v4_connect+0xd62/0x1a00 [ 319.344312][ T9317] ? __pfx_tcp_v4_connect+0x10/0x10 [ 319.344334][ T9317] ? tcp_v6_connect+0x62f/0x1870 [ 319.344366][ T9317] tcp_v6_connect+0xab1/0x1870 [ 319.344407][ T9317] ? __pfx_tcp_v6_connect+0x10/0x10 [ 319.344436][ T9317] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 319.344485][ T9317] __inet_stream_connect+0x2ae/0xe70 [ 319.344516][ T9317] ? __local_bh_enable_ip+0x12d/0x1c0 [ 319.344539][ T9317] ? __pfx___inet_stream_connect+0x10/0x10 [ 319.344558][ T9317] ? __local_bh_enable_ip+0x12d/0x1c0 [ 319.344581][ T9317] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 319.344614][ T9317] inet_stream_connect+0x66/0xa0 [ 319.344637][ T9317] __sys_connect+0x316/0x440 [ 319.344658][ T9317] ? __fget_files+0x3a0/0x420 [ 319.344680][ T9317] ? __pfx___sys_connect+0x10/0x10 [ 319.344723][ T9317] ? __pfx_ksys_write+0x10/0x10 [ 319.344748][ T9317] __x64_sys_connect+0x7a/0x90 [ 319.344769][ T9317] do_syscall_64+0xfa/0xfa0 [ 319.344792][ T9317] ? lockdep_hardirqs_on+0x9c/0x150 [ 319.344814][ T9317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.344834][ T9317] ? clear_bhb_loop+0x60/0xb0 [ 319.344858][ T9317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.344877][ T9317] RIP: 0033:0x7fcd0fb8eec9 [ 319.344894][ T9317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.344910][ T9317] RSP: 002b:00007fcd109ab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 319.344931][ T9317] RAX: ffffffffffffffda RBX: 00007fcd0fde5fa0 RCX: 00007fcd0fb8eec9 [ 319.344946][ T9317] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000003 [ 319.344958][ T9317] RBP: 00007fcd109ab090 R08: 0000000000000000 R09: 0000000000000000 [ 319.344972][ T9317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 319.344983][ T9317] R13: 00007fcd0fde6038 R14: 00007fcd0fde5fa0 R15: 00007ffedd034708 [ 319.345015][ T9317] [ 319.395838][ T5939] usb 1-1: USB disconnect, device number 117 [ 319.774381][ T5909] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 319.803206][ T5957] usb 4-1: USB disconnect, device number 119 [ 319.934712][ T5909] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 319.944904][ T5909] usb 2-1: config 0 has no interfaces? [ 319.952471][ T5909] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 319.962028][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.970157][ T5909] usb 2-1: Product: syz [ 319.974559][ T5909] usb 2-1: Manufacturer: syz [ 319.979178][ T5909] usb 2-1: SerialNumber: syz [ 319.987629][ T5909] usb 2-1: config 0 descriptor?? [ 320.163539][ T5939] usb 1-1: new high-speed USB device number 118 using dummy_hcd [ 320.325452][ T5909] usb 2-1: USB disconnect, device number 113 [ 320.337814][ T5939] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 320.358596][ T5939] usb 1-1: config 0 has no interfaces? [ 320.366996][ T5939] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 320.376947][ T5939] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.384992][ T5939] usb 1-1: Product: syz [ 320.389167][ T5939] usb 1-1: Manufacturer: syz [ 320.393833][ T5939] usb 1-1: SerialNumber: syz [ 320.412082][ T5939] usb 1-1: config 0 descriptor?? [ 320.683640][ T5919] usb 4-1: new high-speed USB device number 120 using dummy_hcd [ 320.725615][ T5939] usb 1-1: USB disconnect, device number 118 [ 320.833478][ T5919] usb 4-1: Using ep0 maxpacket: 8 [ 320.840117][ T5919] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 320.851855][ T5919] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 320.862393][ T5919] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 320.872416][ T5919] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 320.885819][ T5919] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 320.900626][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.122853][ T5919] usb 4-1: GET_CAPABILITIES returned 0 [ 321.128602][ T5919] usbtmc 4-1:16.0: can't read capabilities [ 321.328643][ T9333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 321.333702][ T9351] syzkaller1: entered promiscuous mode [ 321.337789][ T9333] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 321.346910][ T9351] syzkaller1: entered allmulticast mode [ 321.356995][ T5919] usb 4-1: USB disconnect, device number 120 [ 321.359387][ T9351] FAULT_INJECTION: forcing a failure. [ 321.359387][ T9351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.363232][ T9349] : renamed from dummy0 (while UP) [ 321.376752][ T9351] CPU: 0 UID: 0 PID: 9351 Comm: syz.0.1060 Not tainted syzkaller #0 PREEMPT(full) [ 321.376775][ T9351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 321.376788][ T9351] Call Trace: [ 321.376796][ T9351] [ 321.376805][ T9351] dump_stack_lvl+0x189/0x250 [ 321.376837][ T9351] ? __pfx____ratelimit+0x10/0x10 [ 321.376859][ T9351] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.376887][ T9351] ? __pfx__printk+0x10/0x10 [ 321.376910][ T9351] ? __might_fault+0xb0/0x130 [ 321.376947][ T9351] should_fail_ex+0x414/0x560 [ 321.376982][ T9351] _copy_from_iter+0x1de/0x1790 [ 321.377005][ T9351] ? skb_set_owner_w+0x25b/0x3a0 [ 321.377033][ T9351] ? sock_alloc_send_pskb+0x86b/0x980 [ 321.377065][ T9351] ? __pfx__copy_from_iter+0x10/0x10 [ 321.377096][ T9351] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 321.377125][ T9351] skb_copy_datagram_from_iter+0xf5/0x720 [ 321.377155][ T9351] ? skb_put+0x11b/0x210 [ 321.377181][ T9351] tun_get_user+0x1691/0x3e90 [ 321.377218][ T9351] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 321.377239][ T9351] ? lockdep_hardirqs_on+0x9c/0x150 [ 321.377263][ T9351] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 321.377283][ T9351] ? __pfx_tun_get_user+0x10/0x10 [ 321.377317][ T9351] ? save_netdev_trace_buffer+0x4cd/0x5e0 [ 321.377343][ T9351] ? __lock_acquire+0xab9/0xd20 [ 321.377371][ T9351] ? ref_tracker_alloc+0x318/0x460 [ 321.377389][ T9351] ? tun_get+0x157/0x2f0 [ 321.377409][ T9351] ? tun_chr_write_iter+0x60/0x210 [ 321.377430][ T9351] ? ksys_write+0x145/0x250 [ 321.377450][ T9351] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 321.377475][ T9351] ? tun_get+0x1c/0x2f0 [ 321.377503][ T9351] ? tun_get+0x1c/0x2f0 [ 321.377525][ T9351] ? tun_get+0x1c/0x2f0 [ 321.377553][ T9351] tun_chr_write_iter+0x113/0x210 [ 321.377587][ T9351] vfs_write+0x5c9/0xb30 [ 321.377611][ T9351] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 321.377635][ T9351] ? __pfx_vfs_write+0x10/0x10 [ 321.377664][ T9351] ? __fget_files+0x2a/0x420 [ 321.377695][ T9351] ksys_write+0x145/0x250 [ 321.377718][ T9351] ? __pfx_ksys_write+0x10/0x10 [ 321.377740][ T9351] ? do_syscall_64+0xbe/0xfa0 [ 321.377767][ T9351] do_syscall_64+0xfa/0xfa0 [ 321.377788][ T9351] ? lockdep_hardirqs_on+0x9c/0x150 [ 321.377810][ T9351] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.377828][ T9351] ? clear_bhb_loop+0x60/0xb0 [ 321.377851][ T9351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.377869][ T9351] RIP: 0033:0x7f40ed78eec9 [ 321.377887][ T9351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.377904][ T9351] RSP: 002b:00007f40eb9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 321.377924][ T9351] RAX: ffffffffffffffda RBX: 00007f40ed9e5fa0 RCX: 00007f40ed78eec9 [ 321.377939][ T9351] RDX: 0000000000000024 RSI: 0000200000000ec0 RDI: 0000000000000003 [ 321.377951][ T9351] RBP: 00007f40eb9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 321.377963][ T9351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.377975][ T9351] R13: 00007f40ed9e6038 R14: 00007f40ed9e5fa0 R15: 00007ffe6d121dc8 [ 321.378006][ T9351] [ 322.183544][ T5909] usb 4-1: new high-speed USB device number 121 using dummy_hcd [ 322.263485][ T5919] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 322.323432][ T5909] usb 4-1: device descriptor read/64, error -71 [ 322.413510][ T5919] usb 2-1: Using ep0 maxpacket: 16 [ 322.420091][ T5919] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 322.430345][ T5919] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 322.439474][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.449494][ T5919] usb 2-1: config 0 descriptor?? [ 322.563492][ T5909] usb 4-1: new high-speed USB device number 122 using dummy_hcd [ 322.661795][ T5919] usb 2-1: USB disconnect, device number 114 [ 322.702036][ T5909] usb 4-1: device descriptor read/64, error -71 [ 322.746639][ T9369] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 322.814667][ T5909] usb usb4-port1: attempt power cycle [ 322.939682][ T9373] FAULT_INJECTION: forcing a failure. [ 322.939682][ T9373] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 322.952918][ T9373] CPU: 1 UID: 0 PID: 9373 Comm: syz.2.1068 Not tainted syzkaller #0 PREEMPT(full) [ 322.952944][ T9373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 322.952957][ T9373] Call Trace: [ 322.952967][ T9373] [ 322.952976][ T9373] dump_stack_lvl+0x189/0x250 [ 322.953008][ T9373] ? __pfx____ratelimit+0x10/0x10 [ 322.953028][ T9373] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.953053][ T9373] ? __pfx__printk+0x10/0x10 [ 322.953086][ T9373] should_fail_ex+0x414/0x560 [ 322.953117][ T9373] _copy_to_user+0x31/0xb0 [ 322.953142][ T9373] simple_read_from_buffer+0xe1/0x170 [ 322.953166][ T9373] proc_fail_nth_read+0x1b3/0x220 [ 322.953194][ T9373] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 322.953222][ T9373] ? rw_verify_area+0x2a6/0x4d0 [ 322.953237][ T9373] ? __lock_acquire+0xab9/0xd20 [ 322.953255][ T9373] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 322.953281][ T9373] vfs_read+0x200/0xa30 [ 322.953297][ T9373] ? fdget_pos+0x247/0x320 [ 322.953325][ T9373] ? __pfx___mutex_lock+0x10/0x10 [ 322.953347][ T9373] ? __pfx_vfs_read+0x10/0x10 [ 322.953366][ T9373] ? __fget_files+0x2a/0x420 [ 322.953392][ T9373] ? __fget_files+0x3a0/0x420 [ 322.953412][ T9373] ? __fget_files+0x2a/0x420 [ 322.953441][ T9373] ksys_read+0x145/0x250 [ 322.953462][ T9373] ? __pfx_ksys_read+0x10/0x10 [ 322.953486][ T9373] ? do_syscall_64+0xbe/0xfa0 [ 322.953514][ T9373] do_syscall_64+0xfa/0xfa0 [ 322.953535][ T9373] ? lockdep_hardirqs_on+0x9c/0x150 [ 322.953559][ T9373] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.953578][ T9373] ? clear_bhb_loop+0x60/0xb0 [ 322.953602][ T9373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.953621][ T9373] RIP: 0033:0x7fc18d38d8dc [ 322.953640][ T9373] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 322.953664][ T9373] RSP: 002b:00007fc18e2df030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 322.953686][ T9373] RAX: ffffffffffffffda RBX: 00007fc18d5e5fa0 RCX: 00007fc18d38d8dc [ 322.953701][ T9373] RDX: 000000000000000f RSI: 00007fc18e2df0a0 RDI: 0000000000000004 [ 322.953715][ T9373] RBP: 00007fc18e2df090 R08: 0000000000000000 R09: 0000000000000000 [ 322.953727][ T9373] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.953740][ T9373] R13: 00007fc18d5e6038 R14: 00007fc18d5e5fa0 R15: 00007ffeb1709078 [ 322.953774][ T9373] [ 323.245270][ T5909] usb 4-1: new high-speed USB device number 123 using dummy_hcd [ 323.273886][ T5909] usb 4-1: device descriptor read/8, error -71 [ 323.323438][ T5919] usb 1-1: new high-speed USB device number 119 using dummy_hcd [ 323.467548][ T5957] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 323.480747][ T5919] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 323.490402][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.493903][ T9379] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 323.498927][ T5919] usb 1-1: Product: syz [ 323.519479][ T5909] usb 4-1: new high-speed USB device number 124 using dummy_hcd [ 323.522015][ T5919] usb 1-1: Manufacturer: syz [ 323.532904][ T9379] FAULT_INJECTION: forcing a failure. [ 323.532904][ T9379] name failslab, interval 1, probability 0, space 0, times 0 [ 323.533775][ T5919] usb 1-1: SerialNumber: syz [ 323.547549][ T9379] CPU: 0 UID: 0 PID: 9379 Comm: syz.1.1071 Not tainted syzkaller #0 PREEMPT(full) [ 323.547575][ T9379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 323.547587][ T9379] Call Trace: [ 323.547595][ T9379] [ 323.547603][ T9379] dump_stack_lvl+0x189/0x250 [ 323.547640][ T9379] ? __pfx____ratelimit+0x10/0x10 [ 323.547662][ T9379] ? __pfx_dump_stack_lvl+0x10/0x10 [ 323.547691][ T9379] ? __pfx__printk+0x10/0x10 [ 323.547722][ T9379] ? __pfx___might_resched+0x10/0x10 [ 323.547744][ T9379] ? fs_reclaim_acquire+0x7d/0x100 [ 323.547769][ T9379] should_fail_ex+0x414/0x560 [ 323.547804][ T9379] should_failslab+0xa8/0x100 [ 323.547826][ T9379] kmem_cache_alloc_node_noprof+0x77/0x710 [ 323.547855][ T9379] ? dup_task_struct+0x52/0x830 [ 323.547886][ T9379] dup_task_struct+0x52/0x830 [ 323.547910][ T9379] ? lockdep_hardirqs_on+0x9c/0x150 [ 323.547936][ T9379] copy_process+0x54b/0x3c00 [ 323.547988][ T9379] ? __pfx_copy_process+0x10/0x10 [ 323.548026][ T9379] vhost_task_create+0x1ce/0x320 [ 323.548053][ T9379] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 323.548083][ T9379] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 323.548112][ T9379] ? __pfx_vhost_task_create+0x10/0x10 [ 323.548147][ T9379] ? __pfx_vhost_task_fn+0x10/0x10 [ 323.548194][ T9379] kvm_mmu_post_init_vm+0x14c/0x300 [ 323.548217][ T9379] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 323.548243][ T9379] ? __mutex_trylock_common+0x153/0x260 [ 323.548272][ T9379] ? __pfx___mutex_trylock_common+0x10/0x10 [ 323.548298][ T9379] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 323.548321][ T9379] ? rcu_is_watching+0x15/0xb0 [ 323.548346][ T9379] ? trace_contention_end+0x39/0x120 [ 323.548371][ T9379] ? look_up_lock_class+0x74/0x170 [ 323.548395][ T9379] ? register_lock_class+0x51/0x320 [ 323.548423][ T9379] ? __lock_acquire+0xab9/0xd20 [ 323.548474][ T9379] kvm_vcpu_ioctl+0x95c/0xe90 [ 323.548498][ T9379] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 323.548545][ T9379] ? __fget_files+0x2a/0x420 [ 323.548573][ T9379] ? __fget_files+0x3a0/0x420 [ 323.548595][ T9379] ? __fget_files+0x2a/0x420 [ 323.548621][ T9379] ? bpf_lsm_file_ioctl+0x9/0x20 [ 323.548643][ T9379] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 323.548662][ T9379] __se_sys_ioctl+0xfc/0x170 [ 323.548693][ T9379] do_syscall_64+0xfa/0xfa0 [ 323.548715][ T9379] ? lockdep_hardirqs_on+0x9c/0x150 [ 323.548736][ T9379] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.548755][ T9379] ? clear_bhb_loop+0x60/0xb0 [ 323.548779][ T9379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.548798][ T9379] RIP: 0033:0x7fcd0fb8eec9 [ 323.548816][ T9379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.548833][ T9379] RSP: 002b:00007fcd109ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 323.548854][ T9379] RAX: ffffffffffffffda RBX: 00007fcd0fde5fa0 RCX: 00007fcd0fb8eec9 [ 323.548868][ T9379] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 323.548880][ T9379] RBP: 00007fcd109ab090 R08: 0000000000000000 R09: 0000000000000000 [ 323.548893][ T9379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.548905][ T9379] R13: 00007fcd0fde6038 R14: 00007fcd0fde5fa0 R15: 00007ffedd034708 [ 323.548937][ T9379] [ 323.549056][ T5909] usb 4-1: device descriptor read/8, error -71 [ 323.560865][ T5919] usb 1-1: config 0 descriptor?? [ 323.613458][ T5957] usb 3-1: device descriptor read/64, error -71 [ 323.847380][ T5919] peak_usb 1-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 323.858176][ T5909] usb usb4-port1: unable to enumerate USB device [ 324.068143][ T5919] peak_usb 1-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 324.093511][ T5919] peak_usb 1-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 324.129912][ T9385] overlay: Unknown parameter 'obj_role' [ 324.153497][ T5957] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 324.184482][ T5919] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -71 [ 324.202070][ T5919] usb 1-1: USB disconnect, device number 119 [ 324.283442][ T5957] usb 3-1: device descriptor read/64, error -71 [ 324.393769][ T5957] usb usb3-port1: attempt power cycle [ 324.737316][ T5957] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 324.765491][ T5957] usb 3-1: device descriptor read/8, error -71 [ 324.953454][ T5909] usb 1-1: new high-speed USB device number 120 using dummy_hcd [ 324.973557][ T5964] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 324.992250][ T9393] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1076'. [ 325.002160][ T9393] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1076'. [ 325.011449][ T5957] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 325.033890][ T5957] usb 3-1: device descriptor read/8, error -71 [ 325.123498][ T5909] usb 1-1: Using ep0 maxpacket: 16 [ 325.131372][ T5909] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 325.142296][ T5964] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 325.152725][ T5909] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 325.162543][ T5957] usb usb3-port1: unable to enumerate USB device [ 325.168933][ T5964] usb 2-1: config 0 has no interfaces? [ 325.174432][ T5909] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.186873][ T5909] usb 1-1: config 0 descriptor?? [ 325.192667][ T5964] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 325.205762][ T5964] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.214966][ T5964] usb 2-1: Product: syz [ 325.219233][ T5964] usb 2-1: Manufacturer: syz [ 325.223878][ T5964] usb 2-1: SerialNumber: syz [ 325.230489][ T5964] usb 2-1: config 0 descriptor?? [ 325.343495][ T5919] usb 4-1: new high-speed USB device number 125 using dummy_hcd [ 325.405187][ T5909] usb 1-1: USB disconnect, device number 120 [ 325.504369][ T5919] usb 4-1: too many configurations: 151, using maximum allowed: 8 [ 325.520988][ T5919] usb 4-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 325.531653][ T5919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 325.540153][ T5919] usb 4-1: Product: syz [ 325.546976][ T5964] usb 2-1: USB disconnect, device number 115 [ 325.548358][ T5919] usb 4-1: Manufacturer: syz [ 325.558759][ T5919] usb 4-1: SerialNumber: syz [ 325.582264][ T5919] usb 4-1: config 0 descriptor?? [ 325.590183][ T5919] ims_pcu 4-1:0.0: Zero length descriptor [ 325.596331][ T5919] ims_pcu 4-1:0.0: probe with driver ims_pcu failed with error -22 [ 325.792542][ T5919] usb 4-1: USB disconnect, device number 125 [ 326.263882][ T5909] IPVS: starting estimator thread 0... [ 326.274010][ T9405] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 326.366535][ T9409] IPVS: using max 26 ests per chain, 62400 per kthread [ 326.404056][ T5964] usb 2-1: new high-speed USB device number 116 using dummy_hcd [ 326.580334][ T5964] usb 2-1: config index 0 descriptor too short (expected 39, got 27) [ 326.589146][ T5964] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 326.599201][ T5964] usb 2-1: config 0 interface 0 has no altsetting 0 [ 326.608838][ T5964] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 326.618345][ T5964] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 326.626665][ T5964] usb 2-1: Product: syz [ 326.630975][ T5964] usb 2-1: Manufacturer: syz [ 326.635702][ T5964] usb 2-1: SerialNumber: syz [ 326.651904][ T5964] usb 2-1: config 0 descriptor?? [ 326.659664][ T5964] hub 2-1:0.0: bad descriptor, ignoring hub [ 326.665104][ T7414] usb 4-1: new high-speed USB device number 126 using dummy_hcd [ 326.671140][ T5964] hub 2-1:0.0: probe with driver hub failed with error -5 [ 326.686016][ T5964] usb 2-1: selecting invalid altsetting 0 [ 326.693485][ T5919] usb 1-1: new high-speed USB device number 121 using dummy_hcd [ 326.829247][ T7414] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 326.838912][ T7414] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.848900][ T7414] usb 4-1: Product: syz [ 326.853272][ T7414] usb 4-1: Manufacturer: syz [ 326.858486][ T7414] usb 4-1: SerialNumber: syz [ 326.864929][ T5919] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 326.877367][ T5919] usb 1-1: config 0 has no interfaces? [ 326.885401][ T7414] usb 4-1: config 0 descriptor?? [ 326.911350][ T5919] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 326.922102][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.930301][ T5919] usb 1-1: Product: syz [ 326.935594][ T5919] usb 1-1: Manufacturer: syz [ 326.940555][ T5919] usb 1-1: SerialNumber: syz [ 326.950931][ T5919] usb 1-1: config 0 descriptor?? [ 327.101500][ T7414] peak_usb 4-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 327.201088][ T9422] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 327.207498][ T9422] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 327.216136][ T9422] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 327.233126][ T9426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 327.242778][ T9426] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 327.309461][ T7414] peak_usb 4-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 327.339558][ T7414] peak_usb 4-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 327.367118][ T5919] usb 1-1: USB disconnect, device number 121 [ 327.494115][ T7414] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -71 [ 327.507349][ T7414] usb 4-1: USB disconnect, device number 126 [ 327.713491][ T5957] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 327.875817][ T5957] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 327.886114][ T5957] usb 3-1: config 0 has no interfaces? [ 327.894494][ T5957] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 327.903729][ T5957] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.912647][ T5957] usb 3-1: Product: syz [ 327.917339][ T5957] usb 3-1: Manufacturer: syz [ 327.922019][ T5957] usb 3-1: SerialNumber: syz [ 327.929926][ T5957] usb 3-1: config 0 descriptor?? [ 328.101390][ T9444] overlayfs: overlapping lowerdir path [ 328.190744][ T5909] usb 2-1: USB disconnect, device number 116 [ 328.362520][ T5957] usb 3-1: USB disconnect, device number 14 [ 328.753483][ T7414] usb 4-1: new high-speed USB device number 127 using dummy_hcd [ 328.869630][ T9459] ------------[ cut here ]------------ [ 328.876138][ T9459] WARNING: drivers/gpu/drm/vkms/vkms_crtc.c:97 at vkms_get_vblank_timestamp+0x137/0x160, CPU#0: syz.1.1095/9459 [ 328.890024][ T9459] Modules linked in: [ 328.894750][ T9459] CPU: 0 UID: 0 PID: 9459 Comm: syz.1.1095 Not tainted syzkaller #0 PREEMPT(full) [ 328.905115][ T9459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 328.905902][ T7414] usb 4-1: Using ep0 maxpacket: 32 [ 328.915629][ T9459] RIP: 0010:vkms_get_vblank_timestamp+0x137/0x160 [ 328.927004][ T9459] Code: 42 80 3c 28 00 74 08 48 89 df e8 94 2c 1c fc 4c 89 33 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d0 4a 82 05 cc e8 6a 88 b6 fb 90 <0f> 0b 90 eb e3 44 89 e1 80 e1 07 38 c1 0f 8c ff fe ff ff 4c 89 e7 [ 328.927446][ T7414] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 328.947909][ T9459] RSP: 0018:ffffc90003c6f668 EFLAGS: 00010293 [ 328.947941][ T9459] RAX: ffffffff860a09d6 RBX: ffffc90003c6f7e0 RCX: ffff888020babc80 [ 328.947960][ T9459] RDX: 0000000000000000 RSI: 0000004c8eeddedc RDI: 0000004c8eeddedc [ 328.947977][ T9459] RBP: 1ffff9200078defc R08: ffffffff8fe57b77 R09: 1ffffffff1fcaf6e [ 328.947994][ T9459] R10: dffffc0000000000 R11: ffffffff860a08a0 R12: 0000004c8eeddedc [ 328.948011][ T9459] R13: dffffc0000000000 R14: ffff888025398028 R15: 0000004c8eeddedc [ 328.948028][ T9459] FS: 000055556b85d500(0000) GS:ffff8881257a8000(0000) knlGS:0000000000000000 [ 328.948047][ T9459] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 328.948064][ T9459] CR2: 000000110c430864 CR3: 000000003209e000 CR4: 00000000003526f0 [ 328.948083][ T9459] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 328.958733][ T7414] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 328.964652][ T9459] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 328.964673][ T9459] Call Trace: [ 328.964682][ T9459] [ 328.964690][ T9459] ? __pfx_vkms_get_vblank_timestamp+0x10/0x10 [ 328.964728][ T9459] drm_crtc_next_vblank_start+0x226/0x470 [ 328.964761][ T9459] ? ktime_get+0x3e/0x1f0 [ 328.964798][ T9459] ? __pfx_drm_crtc_next_vblank_start+0x10/0x10 [ 328.972951][ T7414] usb 4-1: config 0 interface 0 has no altsetting 0 [ 328.980875][ T9459] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 328.980913][ T9459] ? lockdep_hardirqs_on+0x9c/0x150 [ 328.980945][ T9459] drm_atomic_helper_wait_for_fences+0x265/0x8c0 [ 328.980975][ T9459] ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10 [ 328.980998][ T9459] ? do_raw_spin_unlock+0x122/0x240 [ 328.981030][ T9459] ? read_tsc+0x9/0x20 [ 328.981055][ T9459] ? ktime_get+0x1cb/0x1f0 [ 328.981084][ T9459] commit_tail+0x79/0x3a0 [ 328.981116][ T9459] drm_atomic_helper_commit+0xa6b/0xb10 [ 328.981146][ T9459] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 328.981168][ T9459] drm_atomic_commit+0x262/0x2c0 [ 328.981201][ T9459] ? __pfx_drm_atomic_commit+0x10/0x10 [ 328.981228][ T9459] ? __pfx___drm_printfn_info+0x10/0x10 [ 329.068208][ T7414] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 329.068711][ T9459] ? drm_client_rotation+0x47c/0x5b0 [ 329.075523][ T7414] usb 4-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3 [ 329.079263][ T9459] drm_client_modeset_commit_atomic+0x620/0x760 [ 329.079311][ T9459] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 329.086112][ T7414] usb 4-1: Product: syz [ 329.092233][ T9459] ? __mutex_lock+0x335/0x1350 [ 329.099775][ T7414] usb 4-1: Manufacturer: syz [ 329.103801][ T9459] drm_client_modeset_commit_locked+0xcb/0x4d0 [ 329.103841][ T9459] drm_client_modeset_commit+0x4a/0x70 [ 329.110641][ T7414] usb 4-1: SerialNumber: syz [ 329.117034][ T9459] drm_fb_helper_lastclose+0xa4/0x1c0 [ 329.117069][ T9459] drm_fbdev_client_restore+0x34/0x40 [ 329.117099][ T9459] drm_client_dev_restore+0x13c/0x270 [ 329.117130][ T9459] drm_release+0x318/0x3f0 [ 329.128340][ T7414] usb 4-1: config 0 descriptor?? [ 329.130833][ T9459] ? __pfx_drm_release+0x10/0x10 [ 329.221771][ T5876] Bluetooth: hci1: command 0x0c1a tx timeout [ 329.225003][ T9459] __fput+0x44c/0xa70 [ 329.225051][ T9459] task_work_run+0x1d4/0x260 [ 329.225076][ T9459] ? __pfx_task_work_run+0x10/0x10 [ 329.225101][ T9459] ? exit_to_user_mode_loop+0x40/0x130 [ 329.225128][ T9459] exit_to_user_mode_loop+0xe9/0x130 [ 329.225152][ T9459] do_syscall_64+0x2bd/0xfa0 [ 329.231021][ T5876] Bluetooth: hci0: command 0x0c1a tx timeout [ 329.235641][ T9459] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.297182][ T5870] Bluetooth: hci3: command 0x0405 tx timeout [ 329.314899][ T9459] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.321012][ T9459] ? clear_bhb_loop+0x60/0xb0 [ 329.325812][ T9459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.331740][ T9459] RIP: 0033:0x7fcd0fb8eec9 [ 329.336641][ T9459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.357167][ T9459] RSP: 002b:00007ffedd034868 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 329.366248][ T9459] RAX: 0000000000000000 RBX: 0000000000050464 RCX: 00007fcd0fb8eec9 [ 329.374298][ T9459] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 329.382292][ T9459] RBP: 00007fcd0fde7da0 R08: 0000000000000001 R09: 0000000ddd034b5f [ 329.390361][ T9459] R10: 0000001b32620000 R11: 0000000000000246 R12: 00007fcd0fde5fac [ 329.398382][ T9459] R13: 00007fcd0fde5fa0 R14: ffffffffffffffff R15: 00007ffedd034980 [ 329.406438][ T9459] [ 329.409464][ T9459] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 329.416747][ T9459] CPU: 0 UID: 0 PID: 9459 Comm: syz.1.1095 Not tainted syzkaller #0 PREEMPT(full) [ 329.426024][ T9459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 329.436077][ T9459] Call Trace: [ 329.439366][ T9459] [ 329.442314][ T9459] dump_stack_lvl+0x99/0x250 [ 329.446935][ T9459] ? __asan_memcpy+0x40/0x70 [ 329.451534][ T9459] ? __pfx_dump_stack_lvl+0x10/0x10 [ 329.456758][ T9459] ? __pfx__printk+0x10/0x10 [ 329.461416][ T9459] vpanic+0x237/0x6d0 [ 329.465431][ T9459] ? __pfx_vpanic+0x10/0x10 [ 329.469952][ T9459] ? is_bpf_text_address+0x292/0x2b0 [ 329.475264][ T9459] ? is_bpf_text_address+0x26/0x2b0 [ 329.480492][ T9459] panic+0xb9/0xc0 [ 329.484297][ T9459] ? __pfx_panic+0x10/0x10 [ 329.488740][ T9459] __warn+0x334/0x4c0 [ 329.492733][ T9459] ? vkms_get_vblank_timestamp+0x137/0x160 [ 329.498581][ T9459] ? vkms_get_vblank_timestamp+0x137/0x160 [ 329.504393][ T9459] report_bug+0x2be/0x4f0 [ 329.508735][ T9459] ? vkms_get_vblank_timestamp+0x137/0x160 [ 329.514578][ T9459] ? vkms_get_vblank_timestamp+0x137/0x160 [ 329.520397][ T9459] ? vkms_get_vblank_timestamp+0x139/0x160 [ 329.526205][ T9459] handle_bug+0x84/0x160 [ 329.530454][ T9459] exc_invalid_op+0x1a/0x50 [ 329.534967][ T9459] asm_exc_invalid_op+0x1a/0x20 [ 329.539819][ T9459] RIP: 0010:vkms_get_vblank_timestamp+0x137/0x160 [ 329.546244][ T9459] Code: 42 80 3c 28 00 74 08 48 89 df e8 94 2c 1c fc 4c 89 33 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d0 4a 82 05 cc e8 6a 88 b6 fb 90 <0f> 0b 90 eb e3 44 89 e1 80 e1 07 38 c1 0f 8c ff fe ff ff 4c 89 e7 [ 329.565936][ T9459] RSP: 0018:ffffc90003c6f668 EFLAGS: 00010293 [ 329.572006][ T9459] RAX: ffffffff860a09d6 RBX: ffffc90003c6f7e0 RCX: ffff888020babc80 [ 329.579976][ T9459] RDX: 0000000000000000 RSI: 0000004c8eeddedc RDI: 0000004c8eeddedc [ 329.587940][ T9459] RBP: 1ffff9200078defc R08: ffffffff8fe57b77 R09: 1ffffffff1fcaf6e [ 329.595906][ T9459] R10: dffffc0000000000 R11: ffffffff860a08a0 R12: 0000004c8eeddedc [ 329.603883][ T9459] R13: dffffc0000000000 R14: ffff888025398028 R15: 0000004c8eeddedc [ 329.611860][ T9459] ? __pfx_vkms_get_vblank_timestamp+0x10/0x10 [ 329.618040][ T9459] ? vkms_get_vblank_timestamp+0x136/0x160 [ 329.623862][ T9459] ? vkms_get_vblank_timestamp+0x136/0x160 [ 329.629670][ T9459] ? __pfx_vkms_get_vblank_timestamp+0x10/0x10 [ 329.635840][ T9459] drm_crtc_next_vblank_start+0x226/0x470 [ 329.641570][ T9459] ? ktime_get+0x3e/0x1f0 [ 329.645905][ T9459] ? __pfx_drm_crtc_next_vblank_start+0x10/0x10 [ 329.652150][ T9459] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 329.658400][ T9459] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.663610][ T9459] drm_atomic_helper_wait_for_fences+0x265/0x8c0 [ 329.669945][ T9459] ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10 [ 329.676790][ T9459] ? do_raw_spin_unlock+0x122/0x240 [ 329.681995][ T9459] ? read_tsc+0x9/0x20 [ 329.686057][ T9459] ? ktime_get+0x1cb/0x1f0 [ 329.690479][ T9459] commit_tail+0x79/0x3a0 [ 329.694813][ T9459] drm_atomic_helper_commit+0xa6b/0xb10 [ 329.700364][ T9459] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 329.706435][ T9459] drm_atomic_commit+0x262/0x2c0 [ 329.711379][ T9459] ? __pfx_drm_atomic_commit+0x10/0x10 [ 329.716872][ T9459] ? __pfx___drm_printfn_info+0x10/0x10 [ 329.722448][ T9459] ? drm_client_rotation+0x47c/0x5b0 [ 329.727741][ T9459] drm_client_modeset_commit_atomic+0x620/0x760 [ 329.734006][ T9459] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 329.740773][ T9459] ? __mutex_lock+0x335/0x1350 [ 329.745567][ T9459] drm_client_modeset_commit_locked+0xcb/0x4d0 [ 329.751731][ T9459] drm_client_modeset_commit+0x4a/0x70 [ 329.757209][ T9459] drm_fb_helper_lastclose+0xa4/0x1c0 [ 329.762610][ T9459] drm_fbdev_client_restore+0x34/0x40 [ 329.768029][ T9459] drm_client_dev_restore+0x13c/0x270 [ 329.773412][ T9459] drm_release+0x318/0x3f0 [ 329.777826][ T9459] ? __pfx_drm_release+0x10/0x10 [ 329.782763][ T9459] __fput+0x44c/0xa70 [ 329.786764][ T9459] task_work_run+0x1d4/0x260 [ 329.791353][ T9459] ? __pfx_task_work_run+0x10/0x10 [ 329.796641][ T9459] ? exit_to_user_mode_loop+0x40/0x130 [ 329.802114][ T9459] exit_to_user_mode_loop+0xe9/0x130 [ 329.807414][ T9459] do_syscall_64+0x2bd/0xfa0 [ 329.812031][ T9459] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.817226][ T9459] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.823288][ T9459] ? clear_bhb_loop+0x60/0xb0 [ 329.827975][ T9459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.833865][ T9459] RIP: 0033:0x7fcd0fb8eec9 [ 329.838363][ T9459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.857972][ T9459] RSP: 002b:00007ffedd034868 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 329.866388][ T9459] RAX: 0000000000000000 RBX: 0000000000050464 RCX: 00007fcd0fb8eec9 [ 329.874361][ T9459] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 329.882327][ T9459] RBP: 00007fcd0fde7da0 R08: 0000000000000001 R09: 0000000ddd034b5f [ 329.890297][ T9459] R10: 0000001b32620000 R11: 0000000000000246 R12: 00007fcd0fde5fac [ 329.898267][ T9459] R13: 00007fcd0fde5fa0 R14: ffffffffffffffff R15: 00007ffedd034980 [ 329.906254][ T9459] [ 329.909545][ T9459] Kernel Offset: disabled [ 329.913858][ T9459] Rebooting in 86400 seconds..