last executing test programs: 8.412886904s ago: executing program 3 (id=3940): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x40}, 0x1c) r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x11c2, 0x2208, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x20, "", [{{0x9, 0x4, 0x0, 0x0, 0x6, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x8, 0x0, 0x1, {0x22, 0x28}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0xf, 0xfe}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) r2 = syz_usb_connect(0x6, 0x540, &(0x7f0000000280)={{0x12, 0x1, 0x201, 0xb3, 0xa7, 0xfa, 0xff, 0x16d8, 0x7212, 0xb66c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x52e, 0x1, 0x4, 0x3, 0xc0, 0x0, "", [{{0x9, 0x4, 0x3e, 0xf, 0xe, 0x99, 0x9, 0x84, 0xe, [@cdc_ncm={{0x7, 0x24, 0x6, 0x0, 0x1, "f606"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x3, 0x6, 0xd1}, {0x6, 0x24, 0x1a, 0xe2b9, 0x20}, [@acm={0x4, 0x24, 0x2, 0xc}, @network_terminal={0x7, 0x24, 0xa, 0x6, 0xf, 0x81, 0x5}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x9}, @mbim={0xc, 0x24, 0x1b, 0x4, 0xa381, 0x5, 0x2, 0x7f, 0x1}]}], [{{0x9, 0x5, 0xe, 0x8, 0x220, 0x8, 0xbc, 0x8}}, {{0x9, 0x5, 0x4, 0x1, 0x0, 0x8, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x3ff}]}}, {{0x9, 0x5, 0xb, 0x0, 0x20, 0xc, 0x29, 0xf2, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x71, 0x3}, @generic={0xf1, 0xa, "62e1adc08100c83fd621c6acd5a772b53fc86d2d7514f15457b86385d67e04fe04f2fe025fc285c1513c3eb0cbd5685b673dcc1341efbca551ff2ca164511b3b4bb29331e651fbaee9e5da6b0bd1e8dcd12354a001b94a3595024fcc88409001e914aba36aafb15dce5d1af905cf14715af43e766071b9817e71e71d58eb4aabe3bde883aedab26855dd429774124f77ef2190a1aed323350c74a520434d83610792288388de1e6b69cf9afc0d35cff35cc279c378f4582482a2f00f63a0cd493e156f39f4c016b55559c748c8cf0f82a7f9f04dd4efab46424e224058bc0838c3504590a37576a17459ee05367a60"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x20, 0x40, 0x9, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0xc4, 0xc622}, @generic={0x3d, 0x24, "a67b60be6a1d76f0b85867d961907b55d09842298e062101ee9352eb87a7b06425fba957caee2160d02be33ea561935ad1fc07f61bafe33466123d"}]}}, {{0x9, 0x5, 0xc, 0x1, 0x3ff, 0x5}}, {{0x9, 0x5, 0x0, 0x0, 0x8, 0x4, 0x8, 0x1}}, {{0x9, 0x5, 0xc, 0x1, 0x400, 0x4, 0x8c, 0x5}}, {{0x9, 0x5, 0x6, 0x10, 0x200, 0x6, 0xa, 0x3e, [@generic={0xad, 0x5, "5056713a23efc3f3eff0d203e2c7f66c7bb9e5c972db731bfe68aa00fac273e03f3646f7af189105fcaedc8f0612c8f0593c4ae96c87e6e3ad23944bf20dabee5024cdc7deb309a14970d520e3defbe764da3d26e9efa6c99f0e5e229dad55f38358068f8b79401ce20d75cd333ad30f34d89bcc569d4aa6ca0ccc7a3eeb741245d3bb2a57932ef78297d8b8e61817d2233f297c0b0d033bedca971409e34cf737fda530a12a39961e36c9"}, @generic={0x36, 0xe, "b3c09e287f35bc07733d9553001b6415a50dc13990a37c68ee8b105065263a22e7c93d1095b7566fea9dc9a1932395fb7ad99203"}]}}, {{0x9, 0x5, 0xd, 0x1, 0x8, 0x3a, 0x7, 0x1}}, {{0x9, 0x5, 0x0, 0x4, 0x40, 0x1, 0x5, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0xc7, 0x7}, @generic={0x1e, 0x15, "4071a2b789fa4bef6cb02eddec17bf38aa6be19b60901a238e13959d"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x20, 0x2, 0x6, 0x4, [@generic={0xbf, 0x10, "bc9839d83068d36b737adae6d19744bac365f5bf2f480d744e0c8c0f1bada1fd68f27298bb104e181bf1ef86102a7d3211056608ce1bbae1a0161388a88e1beefa79fcc4bbe0942f220abb86ba0e501f6b22612d313d97ac7277a7f4e14e37900f9f36f474a1f21e75fb261a03e89510ca661721fb8a74133b3473f512db3b11bbf655a221cad8b4ac5f9795204bebe224134786f0eafa0dfb2b73c9f24ab5fb7511550ece1f12e62d4e76a27494d57985a102352c46e1797d7a57745d"}, @generic={0x1a, 0x21, "b293ee5861c63fb13e11f280e0a9597b95917b7de93cc170"}]}}, {{0x9, 0x5, 0xd, 0x10, 0x3ff, 0x3, 0x9, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xc, 0xdf3}, @generic={0x87, 0x8, "bf3e600cbc06a00e1bdc0dbdeaaf07b57640a2274032e51937b33eee1beb31b95af6f1eb4a782747898e35fdff65534365504245dd02d424b905876a23e002e7798f01404cb7ef1373c227a5a2933ea12667f28e618baa3c4b9be85f413f08ea328487469ddb2416cc2bb49332ef06baa4c9de900ba4d5bb299c9371f07a694f718f12d65a"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0xf3, 0x6, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0x8, 0x7ff}]}}, {{0x9, 0x5, 0xc, 0x1, 0x200, 0x9, 0x2, 0x81, [@generic={0xa3, 0x9, "88dcb64ce57f4dd6c1f91ed05736b68a1b6f02eb6727e885c5d80de1815a6be6c707b56325ee9feba7086b2e002e39e9158b6fc8809ebb28f76c4f91484d2ea958981528fc299bdee4a18d00dad2ab13807ac8ce617c2e81cfb7bd30d1d19adae6be8fc104e62d62b34d71d7a3c878ac7b853531bffb9b92955936283a197c20c27ee73c018b732b835ce9cde74d90d3b7b199a8746e5decaae89b76fadf58ec72"}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0x8, 0x1e24}]}}]}}]}}]}}, &(0x7f0000000d40)={0xa, &(0x7f00000007c0)={0xa, 0x6, 0x310, 0x0, 0x9, 0x24, 0x40, 0x40}, 0xc, &(0x7f0000000800)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x18, 0xb, 0xe, 0x9}]}}) syz_usb_control_io$uac2(r2, &(0x7f0000000100)={0x14, &(0x7f0000000080)={0x0, 0x5, 0x2d, {0x2d, 0xd, "0cd2b3193efa60b2660ccb0f1c0f210338810cf3f50465a0f926a60b8ed15a58e449d0d70dce69091237af"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x459}}}, &(0x7f0000000fc0)={0x44, &(0x7f0000000180)={0x20, 0xd, 0x7b, "dedebad9829f93635a6bc27cc1aa77170535d0dedcc21a55b815a66d538a39d0bd78aac535e344a2127b1b7f837b95aabcfa19a8b33017bb0862cd1c5b45b022c2970d8624d5e80bca968c35a5928074b3bb18c5c9eb2690206b14cdeb8a1ee87fae18ff077a04c3ccbcdf02633cea0ae92e582b9263de964c1e0e"}, &(0x7f0000000e00)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000e40)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000e80)={0x20, 0x81, 0x2, "f8e7"}, &(0x7f0000000ec0)={0x20, 0x82, 0x2, "a01b"}, &(0x7f0000000f00)={0x20, 0x83, 0x2, "20ec"}, &(0x7f0000000f40)={0x20, 0x84, 0x1, 'L'}, &(0x7f0000000f80)={0x20, 0x85, 0x3, "08e7b4"}}) syz_usb_control_io(r1, &(0x7f0000000140)={0x2c, &(0x7f0000000240)={0x0, 0x6, 0x29, {0x29, 0x31, "f70ba381030000000000000000cb4fdca0560fb30d54f365c5b1d43ee44fbf6fc93f0808251f55"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 6.875133069s ago: executing program 0 (id=3968): r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x204000, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) close_range(r0, r0, 0x2) syz_usb_connect$cdc_ecm(0x2, 0x5a, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000020000402505a1a4400000000101090248000101008000090400001002060000062406000047052400fdff0d240f01d1120000530500000008241b07"], 0x0) 6.695759724s ago: executing program 3 (id=3972): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='sessionid\x00') exit(0x3) preadv(r0, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/215, 0xd7}], 0x1, 0x3, 0x5) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x62c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_usb_connect$uac1(0x2, 0xa6, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000106b1d01010000000003010902940003010040000904000000010100000a2401000000020102132406000006000000281ab0ab2c90619b34000000000000000000000924030000000000000924050000f8211cfd0924030500000004000724050401"], 0x0) r3 = socket$igmp(0x2, 0x3, 0x2) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=@migrate={0x50, 0x21, 0x1, 0x4, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x2, 0xa, 0x0, 0xa0, 0x2e}}}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) setsockopt$MRT_INIT(r3, 0x0, 0xc8, &(0x7f0000003d40), 0x4) r5 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl2\x00', r6, 0x29, 0x8, 0x1b, 0x154, 0x52, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x7, 0x1, 0x2680}}) setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000000c0)={0x4, 0x0, 0x0, 0x0, @vifc_lcl_ifindex=r6, @local}, 0x10) close(0x3) syz_usb_control_io$uac1(r2, &(0x7f0000000080)={0x14, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0003230000002303"]}, 0x0) ioprio_set$pid(0x3, 0x0, 0x0) syz_open_procfs(0x0, 0x0) syz_open_procfs(0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r1, 0xc038943b, &(0x7f0000000000)={0x2, 0x0, '\x00', 0x1, 0x0}) 5.555778466s ago: executing program 0 (id=3993): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) connect$802154_dgram(r0, &(0x7f0000000000)={0x24, @none={0x0, 0x3}}, 0x38) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/comedi3\x00', 0x3a043, 0x0) ioctl$COMEDI_RANGEINFO(r1, 0x80106408, &(0x7f000011cc00)={0x7272, 0x0}) 5.294474897s ago: executing program 0 (id=3998): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) lsetxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140), &(0x7f0000000340)={0x0, 0xfb, 0x90, 0x0, 0x80, "9efe85fdcc299a7584a9384e68f73349", "0dc0b3c03ef76948266641241ff3b70f5c42f0925c2e50f95c6341526d0b4b95bc5c8416d226d08758192ef6ac427a714e88d4f7271d4c89e614d094c2f97bfa5a8b543c39f879092d9152b42f5f315f9cfa53f417f1ba34f8ea53d9c26d9153df58dabaedc945d403c37793010574827b7e761072db3f7485a355"}, 0x90, 0x2) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x20, &(0x7f0000000540)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}}) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) 5.147894774s ago: executing program 0 (id=4002): lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'btrfs.', '-\x00'}) ioctl$DVB_DEMUX_DMX_EXPBUF(0xffffffffffffffff, 0xc00c6f3e, &(0x7f0000000080)={0xca2a, 0x0, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'}) read$FUSE(r0, &(0x7f0000000180)={0x2020, 0x0, 0x0, 0x0}, 0x2020) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f00000021c0)={{0x1, 0x1, 0x18, r0, {0xee00, 0x0}}, './file0\x00'}) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000002200)={{{@in6=@remote, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@local}}, &(0x7f0000002300)=0xe8) lstat(&(0x7f0000002340)='./file0\x00', &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x200000, &(0x7f0000002400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x5c14}}, {@blksize={'blksize', 0x3d, 0x1e00}}], [{@euid_gt={'euid>', r6}}, {@obj_user={'obj_user', 0x3d, 'btrfs.'}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'btrfs.'}}, {@audit}, {@fowner_lt={'fowner<', r7}}, {@smackfsroot={'smackfsroot', 0x3d, '{/'}}]}}) ioctl$CEC_G_MODE(r1, 0x80046108, &(0x7f0000002540)) syz_usb_connect$hid(0x1, 0x36, &(0x7f0000002580)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0xb05, 0x183d, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x0, 0x8, "", [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x1, 0x1, 0x7, {0x9, 0x21, 0xe, 0xa, 0x1, {0x22, 0x1c2}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x2, 0x64, 0x5}}}}}]}}]}}, &(0x7f00000026c0)={0xa, &(0x7f00000025c0)={0xa, 0x6, 0x341, 0x5, 0x5, 0x40, 0x40, 0xfd}, 0x43, &(0x7f0000002600)={0x5, 0xf, 0x43, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x3, 0x7, 0x2e73}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x6, 0x7e, 0x7, 0x1ff}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x6, 0x0, 0x6}, @ssp_cap={0x20, 0x10, 0xa, 0x5, 0x5, 0x5, 0xf0f, 0x9, [0xc0, 0x0, 0xffffc0, 0x0, 0xa00f]}, @ptm_cap={0x3}]}, 0x1, [{0x4, &(0x7f0000002680)=@lang_id={0x4, 0x3, 0x100a}}]}) ioctl$sock_bt_bnep_BNEPCONNADD(r4, 0x400442c8, &(0x7f0000002700)={r4, 0x101, 0x6, "7800c0b05ff28a57776875aab655dd7bffebf97cb12a51be15b7c6ae"}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b) getgid() ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000002740)={0x5, 0x3, 0x7, 0x0, '\x00', 0xd}) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002780)='/proc/vmstat\x00', 0x0, 0x0) setsockopt$MRT_FLUSH(r8, 0x0, 0xd4, &(0x7f00000027c0)=0x9, 0x4) write$FUSE_POLL(r0, &(0x7f0000002800)={0x18, 0x0, r2}, 0x18) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x300000b, 0x100010, r1, 0xb10a8000) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r1, &(0x7f0000002940)={&(0x7f0000002840)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000002900)={&(0x7f0000002880)={0x7c, 0x2, 0x7, 0x101, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0xc9}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x2}, @NFACCT_FILTER={0x44, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x520}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xe}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x10}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x9}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x2}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x8}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3331}]}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r8, &(0x7f0000002980)={0x4}) write$binfmt_register(r8, &(0x7f00000029c0)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'obj_user', 0x3a, ',', 0x3a, './file0', 0x3a, [0x13]}, 0x31) read$FUSE(r8, &(0x7f0000002a00)={0x2020}, 0x2020) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000004a40)={0x5, 0x0, 0x7, 0xf, 0x12, "4b583cc458d05194"}) sendmsg(0xffffffffffffffff, &(0x7f0000005240)={&(0x7f0000004a80)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x6}, 0x80, &(0x7f0000004d40)=[{&(0x7f0000004b00)="e7d6ac87f9ce833a369367e913bc4e0b5bb35badb99630aaee090d0823a73fdb07489f58b15ab5444fe8435b77943d972e6252c69b1838656cb0abfe885a5bb967a45615091174e1293feb73d8296a632a60949a1132884a06248fa370487a1cc5803ca413d0be1f6887255b2aac02b4e5d30af14cd2850b61a0ffd42c2ed4fbe1dd0d1474fc1103c8e819e43972f5e10c89", 0x92}, {&(0x7f0000004bc0)="75ca23eb3aefbb94fdda9fe2fe18243cca95fcb7141afd95ea61991fcd5aa8a98065a72a1f0f5383ced52b13bc1564f6f20cb88b5379f06e16989ac1a84dfe53acf042838b3b04dee02170c4a954bfba9eb458aa8ae449f837fd7ed7c8d38f7d519fda98361c8f5cedc5062fba", 0x6d}, {&(0x7f0000004c40)="2810ebfb8f8f002d96895f1b61a997742b631e324e7980fdf081857ace7260f138f94458e0e67ee3cf22482faacce00631e7cd92255fbbfa02c4ee4aef56b1d921c2967e436fa4d3167be562c36a36370cac06995782320e5b9631d05432afa23eaf244efc2330c926f16a0281c5546d0bd05e7a41fa76a1daee5612ceb9687443959c290e6b5a44f639cd5c660ceedccce193781e48428eeb3d63eb4f23a6960dc598d414ab4c3c3410308ac8fc301cad089c63fac467e469871c84c2014a29c735ef2c651e7f02bec2d0f0465a462334be68e0d2ab98ca747c4b49a3d3a411efda82d48e35bd0c0411bb16d4a6c6afa86e4822", 0xf4}], 0x3, &(0x7f0000004d80)=[{0x10, 0x111, 0x5}, {0x48, 0x107, 0x1, "f6345e47b4e77b932bc5e98b28996096d5eb647511993d9a1328bf6e4e385c26730baa1fe53a35943e60ae31d71f947b19813f638c99e1dc"}, {0x60, 0x113, 0x9, "d04f30586962bcaf5c506ee4a862bb0f4a6404bb47e399014195ef5d67f2e42c01ec46d2e99e2e5c0546d80901f9b2a2d977ae23502047bd9d720ade711db865955480ada8024dd50cf3"}, {0x60, 0x118, 0x3, "ad0ad36392206cf94e67c37fea34d81e58ccbc63b71c94b751d5b0c76c1001dacd71238955ef14e71d6cef8eb44d1dafd297902c3a4baed7b9a4adfe5ace4234378651f9b7e40abf5588d42726411adb"}, {0x40, 0xff, 0xf6, "f8e29144a4255d3ca5aa5832b018d43a3ca25856a8128604717386975c4cf50b995539c19f07e6a5b657a2c13321"}, {0xb0, 0x101, 0x2, "4f6fa920cfc8ca65bd9993e01f23a9a769d59e6b43ec10bdb42c737913a33aefc593fb3c59a0c8c478414465f14bb089e6f743c4c465a6bf8f68d9793113813f8670e3e2c1578df3243f16417e14dbe816fb5131a37e82e0a895f1e346a6799774cfcdbc0d0f166e7642442645bc79e00a30851264dce9b322ab5647625596a07c032a1fbcf62f8c738843a6c8e094814286225457761bda1cd23948b2"}, {0xa0, 0x110, 0x2400000, "b24cfba5fb867f41e7a5160abaed369b24c8b0a4993c46d0482241d8f8cdbd4edf74e7da691087fecb162fbbb65f15909ae1082021a48913df4e34dbd58466698d46d477a484743149674d924f52bd89f72980da913d80cb1e0c7dc513c7fba8fc84b14f5b0c39a2602bbff5758f7a0d2ce2b58734917abd62dc7eff3cc401bd9c926898035bfb21feccf171b8e77cac"}, {0xc0, 0x103, 0x800, "28dab859cc03eca2f182cf77e29657ed6b77732d5ad455a22c45b307aa766ab3e2e10f798971788ed97d478c816e6807dd5f46c7dfa500d6a10ce8c4b2934121af41ed6e698ef049a4eb85fee3f50f4cbee2755f5c267103cd276d8a447fd4f631edcafe6cf380064f900ad63b1ff695d0fd77d539b499d1b1ef3b1ff18717c985d0ec86492f9b1437baa83f1fb0e6c0c22ca6dca6ab304b9285a53f50a1c7f728c760ef5d0b04917611b871304c3ec2"}, {0x100, 0x1, 0x6d38, "154ced1d95f2c17e7a799175473f21a6e1a4ec54e1d7bbc242759a24c71f4754e5eeed5820bfb1523ff22ddee9ad6d7bb0b83cdf1c5866ae196d0a77e1937e4bc1fd0a0e213e4bfbba14e032799a5668cc3b9ae1fcb9368d293bce8ed23f2103661fb7d0350dc13af3784bd3af88a616ba57c39f963bed03851bc8c942da87bdc808cfa2d7870b45974c862bf3df087757a6c86ed05547e3c003cae371f6e2c5b667d9b107b5769ea585dfb53d69dc7623537912965fef5039267fe704d9a3f82c06ac3f74ba195ffa564a91f96ca503ebf4b239f298dd9191f1aad736ab6a3e6dddef4fa02f1f4d7410df13c8"}, {0x38, 0x115, 0x2, "916ddabaae6188e7b9b9b4546138c9d28730311af102f8cf3923b9b9ba712314b6d745"}], 0x4a0}, 0x8000) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0xc020662a, &(0x7f0000005280)={0x1, 0x5, 0x2, 0x5, 0x5, 0x0, [{0x1, 0xf, 0x3, '\x00', 0x82}, {0x3819, 0x0, 0x7, '\x00', 0x1000}, {0x101, 0x81, 0xfffffffffffffffc, '\x00', 0x120a}, {0x2, 0x3, 0x7f, '\x00', 0x1204}, {0x9, 0xd6, 0x200}]}) pipe2$watch_queue(&(0x7f00000053c0), 0x80) ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f0000005400)={0x7, r4, 'id0\x00'}) sendmsg$nl_crypto(r4, &(0x7f0000005600)={&(0x7f0000005480)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000055c0)={&(0x7f00000054c0)=@upd={0xf0, 0x12, 0x400, 0x70bd29, 0x7, {{'nhpoly1305-neon\x00'}, '\x00', '\x00', 0x2000, 0x400}, [{0x8, 0x1, 0x5}, {0x8, 0x1, 0x1}]}, 0xf0}, 0x1, 0x0, 0x0, 0x801}, 0x0) r9 = open$dir(&(0x7f0000005640)='./file0\x00', 0x410000, 0x20) faccessat(r9, &(0x7f0000005680)='./file0\x00', 0x22) 3.614240299s ago: executing program 3 (id=4006): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) (async) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) (async) listen(r0, 0x0) (async) r1 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x9b0905, 0x0, '\x00', @p_u32=0x0}}) (async) r2 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000480)={0x18}) (async) r3 = socket$netlink(0x10, 0x3, 0x4) (async) syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) (async, rerun: 32) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000001c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000430109029200030172e5000904000000010100000a24010000000201020c0d240700000500006e626805000c240000e945fff5ffffffff092403f3ff000005024524", @ANYRES8=r4, @ANYBLOB="05"], 0x0) (async) clock_adjtime(0x0, &(0x7f0000000000)={0x3ff, 0x7, 0x0, 0xd, 0x7fffffff, 0x0, 0x4, 0x200000000000000, 0x0, 0x100, 0x0, 0x0, 0x9, 0x3, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x1000, 0x2000000000008, 0x9, 0x3, 0x8000000000805a, 0x3}) (async) epoll_wait(r2, &(0x7f00000002c0)=[{}], 0x1, 0x9450) writev(r3, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1) 3.506236378s ago: executing program 3 (id=4008): syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0x103080) syz_clone(0x2000000, &(0x7f0000000000), 0x0, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="e9523310f197628284aba980f991e0c848516cb65422d479d39afe10e235b9c4fd6c38734ebc07dc7f19e7a1cb031ac3fc2531ca1202cff4c5a02e2429cdb0fcf3200fc3dbd61cf0584d3a13b8f7590de7cef30422f24ddca5393ea5535de13c0258391953dfd90c63ac405cfd19311ff6ea685550d69891c6e2933a3697ec795f2ecff2c2be90bd0d") prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) syz_usb_connect(0x0, 0xe6, &(0x7f0000000240)={{0x12, 0x1, 0x300, 0x11, 0x7b, 0x91, 0x8, 0x17cc, 0x839, 0xa18f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd4, 0x1, 0x3, 0xe1, 0x40, 0x8, "", [{{0x9, 0x4, 0x1f, 0x5f, 0xa, 0x5e, 0x67, 0xfa, 0x5, [], [{{0x9, 0x5, 0xd, 0x3, 0x8, 0x2, 0x4}}, {{0x9, 0x5, 0x1, 0x2, 0x200, 0xa, 0x0, 0x7f}}, {{0x9, 0x5, 0x4, 0x18, 0x3ff, 0xe, 0xb, 0x8f}}, {{0x9, 0x5, 0x3, 0x10, 0x400, 0x69, 0x7, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x4, 0x8}, @generic={0x5, 0xd, "95219d"}]}}, {{0x9, 0x5, 0x4, 0x10, 0x10, 0x5, 0x5, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x0, 0x5}]}}, {{0x9, 0x5, 0x80, 0x0, 0x200, 0x7, 0xde, 0x30, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0xc, 0x710}]}}, {{0x9, 0x5, 0xe, 0x10, 0x8, 0x0, 0x7, 0x0, [@generic={0x47, 0x3, "5214f2ac893b3dff66a0835f5ec143b1d03624942369d74af8ce3db1b38b24487b111c9e2a258418d631b2cd76d54d008a59d06a92943433f6eaa740eb9de310f2b7ab017a"}]}}, {{0x9, 0x5, 0x3, 0x10, 0x40, 0x1, 0x7, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0x8, 0x375c}]}}, {{0x9, 0x5, 0xa, 0x0, 0x10, 0xb, 0x2, 0xa7}}, {{0x9, 0x5, 0xb, 0x1, 0x8, 0x3, 0x40, 0x5}}]}}]}}]}}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0}) r0 = syz_create_resource$binfmt(0x0) openat$binfmt(0xffffffffffffff9c, r0, 0x41, 0x1ff) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000001) r1 = syz_usb_connect$cdc_ecm(0x6, 0x0, 0x0, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000280)={0xaa, 0xc}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r2 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r2, &(0x7f0000000000), 0x10) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) recvmsg$can_raw(0xffffffffffffffff, 0x0, 0x40000000) ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x1) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) ioctl$PPPIOCDISCONN(0xffffffffffffffff, 0x7439) 3.331173729s ago: executing program 1 (id=4012): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000140)={0x0, 0x8, {0xffffffffffffffff}, {0xffffffffffffffff}, 0x3, 0x3}) (async) r3 = getegid() getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000180)={{{@in6, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6}}, &(0x7f0000000280)=0xe8) (async) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f00000005c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000300)={0x58, 0x2, 0x8, 0x3, 0x0, 0x0, {0x2, 0x0, 0x6}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x201}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}]}, 0x58}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) mount$fuseblk(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x9000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x10001}}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x8}}], [{@appraise}, {@appraise}, {@dont_hash}, {@euid_lt={'euid<', r4}}, {@subj_user={'subj_user', 0x3d, '\x16@+\\\'$)}^\x1e'}}, {@fsmagic={'fsmagic', 0x3d, 0x4}}]}}) (async) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000002580000000e0a01020000000000000000010000000900020073797a32000000001800038014000080100001800600028006000180000000000900010073797a30"], 0xc8}}, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) 3.027871215s ago: executing program 1 (id=4014): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x2, 0xc0) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0xa0000001}) r3 = socket(0x2, 0x80805, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r5, @in6={{0xa, 0x3, 0x4, @rand_addr=' \x01\x00'}}}, &(0x7f0000000040)=0x84) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f0000000080)={0x0, 0x80}, 0x8) ppoll(&(0x7f0000000980)=[{r2, 0x1}], 0x1, 0x0, 0x0, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='-'], 0x6) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_COPY(r6, 0x3b83, &(0x7f00000004c0)={0x28, 0xbf627638a5c786b3, 0x0, 0x0, 0x1c, 0xbe3, 0x6}) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getdents64(r7, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_GET_SERVICE(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010026bd70ffd9b39c25040000001400018008000500000000000600010002e900003033f9016c768faeb54d954a3a50c8f99c1aaf8f264a876b925702accab74dab4764b61e0672a6657fa2473b80fc464fb9d40a3535ef55f34d847c9ce6b4c3b5f20003ccad2602f46be07b55191c6fe09edb86dffbde62c7d06809539e2e30d12a537b1d384b23dee04791cd500d460360455e60c6ef3b6ae927657bc6628cae1e6f56268f49371687cd55dff42bb6ff5f3db21b0717adfb4198ff2934933579ac6fb312fcd891ddd8c7cec2b276a7926a37eb587ddcb07efa8151abcae9bb531013c9786c8c0dde97ec73acb77e52ff8020cfecec5e05f67e4e8bb55b1e5e442ce8a6d8"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8000) r9 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) ioctl$DRM_IOCTL_GET_CLIENT(r7, 0xc0286405, &(0x7f00000001c0)={0x126, 0x4, {}, {0xee00}, 0x30, 0xffffffffffffffff}) sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={0x188, 0x52, 0x1, 0x0, 0x24dfdbfb, {0xc}, [@generic="2fd23f676807a5e20bd09c497f9912ee8ec76add06bc87fa6d26e8ffe7730d0dcad62c94e4ef0abfa911d6accd81c8180a0a6db92fa337bbf2a11d0d662e9b9ebe3e1d45a94f61fc967283053c2f717c882b6af2b590fbc81f4c66c16a8eb6e255de283b42c48474660fe6289e5425ea322aa97b614b1332632a705d6da04520bcddc2650130046d92ef1857ca574c34db870609e05d4cdbf0e3ebc5a9b642", @typed={0x8, 0x8c, 0x0, 0x0, @u32=0x8}, @nested={0xcc, 0x158, 0x0, 0x1, [@generic, @generic="afb587081d29f84e9ec5dee88c3c4e65c44506d7a74eaca476582a535287aafbbb34852a469d36f08769c49c86e8a6fa8c83ef1021204b2e19dc427b25e7e1bb42e49dfa75013ccd081350a061ad39e3a8dda2db9df6b4134e0a9929d70ff0e418b536c947672456765c04a3", @generic="dac0918a66bce1579ae10ac375befdafc2eda994602489280f411241d19dfb6f2dfe03a711dc4b757a79b577b4aace291b10b80d567c7738b9f14027801255fdd577dd47d1a48ac7f1e3f4cb8c9f3060b4dbf23f", @typed={0x8, 0xdb, 0x0, 0x0, @uid=r10}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x20040010}, 0x80) mq_open(&(0x7f0000000000)='\x00', 0x40, 0x3a3, &(0x7f0000000040)={0x10000, 0x3, 0x9, 0x1}) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0432020200"], 0x5) 2.125716366s ago: executing program 3 (id=4018): r0 = socket$unix(0x1, 0x5, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) capset(&(0x7f0000000040)={0x20071026, 0xffffffffffffffff}, &(0x7f0000000080)={0x7, 0x80, 0xfffffff7, 0xffffffff, 0xb}) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SET_TIMERSLACK(0x1d, 0x4) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0xb7) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_subtree(r1, &(0x7f0000000200), 0x2, 0x0) rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') close_range(r0, 0xffffffffffffffff, 0x2) 1.998081014s ago: executing program 1 (id=4021): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90}, {0xeda7, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x3, 0x3f8, 0x0, 0x0, 0x2004cb, 0x3, 0x0, 0xfffffffffffffff8, 0x0, 0x9, 0x2000000000003ff, 0x2], 0x2000, 0x200206}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x8000000) 1.931681314s ago: executing program 3 (id=4023): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) msgrcv(0x0, 0x0, 0x20, 0x0, 0x4800) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) write$cgroup_int(r3, &(0x7f0000000040)=0x900, 0x12) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x402) readv(r4, &(0x7f0000000140)=[{&(0x7f0000000100)=""/24, 0x18}], 0x1) ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xc0011022, 0x0, 0x0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.648051863s ago: executing program 0 (id=4026): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000001c0)=0x3) (async) r1 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x16c, &(0x7f00000000c0)=ANY=[@ANYBLOB="8100004ec7148ca53d203ecb6ae2338c792a228c2ea5446a957af349cae9542e4bd761476625874cfe06f10244447d8ddf3c0c5babbd3f6b9e972c39098dd9f4957b4345fe26dceacb812affb2aeeaf7fc4bc72e1dcaac7cdc3a385e0595f3b1bdc54e16d0ec0f92cc31eb6a854e1dc24a6d7613c6e06496e73b6e09e7b53601342edd89300000004800004e99d6793c0d1068ce106476d50862a2549c2b8dc315cc0344e5767c5f29006ab50df62e364d25c6aa417c65aec76c229e1dc1bdd6fd08cb7ef93cc9d21d608b51ea866907022165ce9200004e113e"]) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) (async) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000900)={0x2c, &(0x7f00000000c0)={0x0, 0x12, 0x8, {0x8, 0x31, "2d49d27188f1"}}, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000e80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.399744213s ago: executing program 2 (id=4030): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) 1.347358443s ago: executing program 2 (id=4031): r0 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) (async) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) (async) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) (async) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="ffe24743e01a7afddfd8827557db4e0000810161ce1a8fe20b"], 0x0, 0x0, 0x0, 0x0}) (async) r2 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10, 0x80800) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000100)={'bridge_slave_0\x00', &(0x7f00000000c0)=@ethtool_rxfh={0x46, 0x3, 0xe2, 0x7, 0x7, '\t1{', 0x3, [0x3, 0xfffffffa, 0x80000001, 0x100, 0xffff]}}) 1.230141699s ago: executing program 1 (id=4032): socket$nl_generic(0x10, 0x3, 0x10) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x3000c000) syz_emit_vhci(0x0, 0x2) r2 = openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) process_madvise(r2, 0x0, 0x0, 0x14, 0x0) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) pidfd_send_signal(r1, 0x24, &(0x7f0000000140)={0x27, 0x4, 0x7}, 0x800000000000000) 1.09419798s ago: executing program 1 (id=4033): setresuid(0xee01, 0xee01, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x10, &(0x7f0000000280), 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000306010404000000000000000200e704050001"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080) 1.07652131s ago: executing program 1 (id=4034): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x1c1e82, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x80400, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0xfffffffffffffff4]}, 0x8) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x40305839, &(0x7f0000000540)={'\x00', @link_local={0x1, 0x80, 0xc2, 0x5}}) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x6a, 0x4) bind$inet(r4, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000040)=0xd, 0x4) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000180)=0x337, 0x4) connect$inet(r4, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) sendto(r4, &(0x7f0000000100)="f35e85b283a78fe1b2c5c84948f3426077a9f0ca1475183db3bf52a6f4f00000ee00b22bae1b2443011fd801251bcef8f165533aacc0388e32c121c69ddbe7c1ca58c7556dd51edc5a6865d4e29f0bbd0ed602000000297ede604d8400000000", 0x60, 0x8004, 0x0, 0x0) sendto$inet(r4, &(0x7f0000000380)="01a4acc7cf", 0x5, 0x800, 0x0, 0x0) r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000001c40), 0x40, 0x0) fsetxattr$security_evm(r5, &(0x7f00000022c0), &(0x7f0000002300)=@v2={0x5, 0x3, 0xe, 0x4}, 0x9, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r3, 0xc048aeca, &(0x7f0000000040)) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x1, 0x0, 0x104, 0x9}}, 0x20) 759.095431ms ago: executing program 2 (id=4035): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x8, 0x10, 0x1200, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @multicast1}}}}) 543.570357ms ago: executing program 2 (id=4036): ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(0xffffffffffffffff, 0x3ba0, 0x0) socket(0x1, 0x800, 0x7fff) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(0xffffffffffffffff, 0x3ba0, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f00000000c0)={0x1d, r4}, 0x18) connect$can_j1939(r3, &(0x7f0000000140)={0x1d, r4, 0x0, {0x0, 0x0, 0x3}, 0xff}, 0x18) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x68, r2, 0xa10, 0x70bd25, 0x25dfdbfb, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x3}, @ETHTOOL_A_CHANNELS_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}]}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0xe}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x45}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x40}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x10) sendmsg$SMC_PNETID_DEL(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0153000000000000000001"], 0x4c}, 0x1, 0x40030000000000, 0x0, 0x40084}, 0x4000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000005c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_OCB(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01102dbd7000ffdbca256c00000008000300", @ANYRES32=r8, @ANYBLOB="080026006c09000008009f0006"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008014) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]}) r9 = openat$kvm(0xffffff9c, &(0x7f0000000540), 0x8000, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0xfffff34, 0x0, [{0xf88e470f, 0xed}]}) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x73, 0x2, 0x2, 0x4002804c4, 0x9, 0x8000000000000000, 0xc595, 0x0, 0x4, 0xefffffffffffffff, 0x2000000000000000, 0x5, 0x8d], 0xeeee8000, 0x2002d3}) ioctl$KVM_RUN(r11, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x42282, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, 0x0) 501.893027ms ago: executing program 2 (id=4037): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) (async) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x842, 0x0) (async) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r1, &(0x7f0000001040)={0x27, 0x0, 0xfffffffe, 0x4, 0x0, 0x1, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x3f}, 0x60) (async) sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0) (async) mount$fuseblk(&(0x7f0000000300), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x488, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}}) (async) r2 = socket$inet_tcp(0x2, 0x1, 0x0) (async) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) write$UHID_INPUT2(r3, &(0x7f0000000100)={0xc, {0x1b, "961f873fcd4c0450b0ddb97dbc5db043c9f12932a864d5ff3d2396"}}, 0x21) (async) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000f1d566201e043c40d7cc000000010902120001000000000904"], 0x0) (async) r5 = add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x4, r5, r5, r5, 0x1) (async) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$F2FS_IOC_SET_COMPRESS_OPTION(r6, 0xaf01, 0x0) syz_usb_connect$uac2(0x6, 0xcc, &(0x7f0000000280)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x41e, 0x3000, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xba, 0x3, 0x1, 0x5, 0x20, 0x6, {0x8, 0xb, 0x1, 0x2, 0x1, 0x2, 0x20, 0x1}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0x5, 0x9, 0x1a, 0x1}, [@sample_rate={0x11, 0x24, 0xd, 0x6, 0x3, 0x2, [0x3, 0x1, 0x0, 0x3, 0x3]}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x0, 0x3, 0x8, 0x68, "", "231c"}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x101, 0x3, 0x3, 0x8}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x80, 0x2, 0x80, 0x5f, "dcdb", "4fc0"}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x1, 0x4, 0x2, {0x8, 0x25, 0x1, 0x0, 0xc, 0x3, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@as_header={0x10, 0x24, 0x1, 0x40, 0x7, 0x0, 0x4, 0x0, 0xfffffffa, 0xf}, @as_header={0x10, 0x24, 0x1, 0x8, 0x92, 0x3, 0x3, 0xf4, 0x4, 0x9}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x80, 0x6, 0xf, {0x8, 0x25, 0x1, 0x0, 0x30, 0x5, 0x401}}}}}}}}]}}, &(0x7f00000005c0)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x110, 0x2, 0x8, 0x9, 0x40, 0xcb}, 0x20, &(0x7f00000003c0)={0x5, 0xf, 0x20, 0x2, [@wireless={0xb, 0x10, 0x1, 0xc, 0x2, 0x6, 0x81, 0xe, 0xa}, @ssp_cap={0x10, 0x10, 0xa, 0x58, 0x1, 0x6, 0xf000, 0xd6, [0x3f30]}]}, 0x2, [{0x0, 0x0}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0xf8ff}}]}) (async) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x3, 0xd4bd) (async) syz_usb_control_io(r4, 0x0, &(0x7f0000000000)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) (async) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)={0x20, r8, 0x1, 0x0, 0x25dfdbff, {0x7}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x8) syz_usb_control_io$rtl8150(r4, &(0x7f00000001c0)={0x14, 0x0, 0x0}, 0x0) (async) getsockopt(r2, 0x1, 0x1, &(0x7f0000000680)=""/251, &(0x7f0000000000)=0xfb) (async) syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x310, 0xaa, 0x48, 0x3c, 0x8, 0x1199, 0x9078, 0xf42b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x3, 0x40, 0x5, "", [{{0x9, 0x4, 0x2b, 0x9, 0x0, 0xff, 0x1, 0x78, 0x4}}]}}]}}, &(0x7f00000009c0)={0x0, 0x0, 0x10, &(0x7f0000000a00)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x2, 0x2, 0x2, 0x0, 0xdd24, 0x7}]}}) 123.907403ms ago: executing program 2 (id=4038): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c00810ce00f80ecdb4cb9f207c804a00300000088006afb0a0002000a0ada1b40d805001100c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x28f, 0xfff, 0x1}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x4}) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper}) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r2, 0x7a9, &(0x7f00000003c0)={{}, 0xfff, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffe, 0x80000, 0x2, 0x1000000000ff6}) 0s ago: executing program 0 (id=4039): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) kernel console output (not intermixed with test programs): 0 00 00 00 48 83 ec 08 [ 665.918127][T15915] RSP: 002b:00007fd22d0adfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 665.918147][T15915] RAX: ffffffffffffffda RBX: 00007fd22d0ae6c0 RCX: 00007fd22ee1d68e [ 665.918161][T15915] RDX: 000000000000000f RSI: 00007fd22d0ae0a0 RDI: 0000000000000004 [ 665.918173][T15915] RBP: 00007fd22d0ae090 R08: 0000000000000000 R09: 0000000000000000 [ 665.918184][T15915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 665.918195][T15915] R13: 00007fd22f0d6038 R14: 00007fd22f0d5fa0 R15: 00007fff5ad59a88 [ 665.918225][T15915] [ 666.029446][ T5711] appletouch 4-1:0.85: Geyser mode initialized. [ 666.126464][ T5711] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input86 [ 666.241909][ T5711] usb 4-1: USB disconnect, device number 4 [ 666.241999][ C1] appletouch 4-1:0.85: atp_complete: usb_submit_urb failed with result -19 [ 666.388958][T15919] libceph: resolve 'ck¹ä' (ret=-3): failed [ 666.401638][ T5711] appletouch 4-1:0.85: input: appletouch disconnected [ 666.746924][T15928] FAULT_INJECTION: forcing a failure. [ 666.746924][T15928] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 666.746959][T15928] CPU: 0 UID: 0 PID: 15928 Comm: syz.1.3601 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 666.746984][T15928] Tainted: [L]=SOFTLOCKUP [ 666.746991][T15928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 666.747001][T15928] Call Trace: [ 666.747008][T15928] [ 666.747017][T15928] dump_stack_lvl+0xe8/0x150 [ 666.747043][T15928] should_fail_ex+0x46b/0x600 [ 666.747072][T15928] prepare_alloc_pages+0x22a/0x6b0 [ 666.747101][T15928] __alloc_frozen_pages_noprof+0x12f/0x380 [ 666.747126][T15928] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 666.747152][T15928] ? __pfx_policy_nodemask+0x10/0x10 [ 666.747175][T15928] ? __lock_acquire+0x6b5/0x2d10 [ 666.747202][T15928] alloc_pages_mpol+0xd1/0x380 [ 666.747228][T15928] folio_alloc_mpol_noprof+0x3b/0x1e0 [ 666.747253][T15928] vma_alloc_folio_noprof+0xe1/0x1e0 [ 666.747277][T15928] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 666.747301][T15928] ? __pte_offset_map+0x29/0x200 [ 666.747412][T15928] do_pte_missing+0x822/0x2940 [ 666.747443][T15928] ? handle_mm_fault+0xed/0x14d0 [ 666.747466][T15928] handle_mm_fault+0xdc2/0x14d0 [ 666.747489][T15928] ? handle_mm_fault+0xed/0x14d0 [ 666.747513][T15928] ? __pfx_handle_mm_fault+0x10/0x10 [ 666.747547][T15928] ? __lock_acquire+0x6b5/0x2d10 [ 666.747572][T15928] ? lock_mm_and_find_vma+0xa7/0x340 [ 666.747597][T15928] do_user_addr_fault+0x75b/0x1340 [ 666.747635][T15928] exc_page_fault+0x6a/0xc0 [ 666.747660][T15928] asm_exc_page_fault+0x26/0x30 [ 666.747678][T15928] RIP: 0010:rep_movs_alternative+0x4a/0xa0 [ 666.747700][T15928] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 666.747715][T15928] RSP: 0018:ffffc900041b74d8 EFLAGS: 00050202 [ 666.747731][T15928] RAX: ffff88805bf38e01 RBX: ffff88805bf38f01 RCX: 0000000000000d67 [ 666.747745][T15928] RDX: 0000000000000000 RSI: ffff88805bf39081 RDI: 0000200000003000 [ 666.747758][T15928] RBP: ffffc900041b7650 R08: ffff88805bf39de7 R09: 1ffff1100b7e73bc [ 666.747778][T15928] R10: dffffc0000000000 R11: ffffed100b7e73bd R12: dffffc0000000000 [ 666.747791][T15928] R13: 0000000000000ee7 R14: 00007ffffffff000 R15: 0000200000003d67 [ 666.747820][T15928] _copy_to_iter+0x60a/0x17d0 [ 666.747859][T15928] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 666.747879][T15928] ? __pfx__copy_to_iter+0x10/0x10 [ 666.747902][T15928] ? rt_spin_lock+0x1e0/0x400 [ 666.747924][T15928] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 666.747953][T15928] __skb_datagram_iter+0xf8/0x980 [ 666.747981][T15928] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 666.748014][T15928] skb_copy_datagram_iter+0xb5/0x240 [ 666.748043][T15928] netlink_recvmsg+0x2c3/0xa50 [ 666.748076][T15928] ? __pfx_netlink_recvmsg+0x10/0x10 [ 666.748103][T15928] ? __pfx_aa_sk_perm+0x10/0x10 [ 666.748126][T15928] ? __lock_acquire+0x6b5/0x2d10 [ 666.748151][T15928] ? aa_sock_msg_perm+0x122/0x200 [ 666.748169][T15928] ? __pfx_netlink_recvmsg+0x10/0x10 [ 666.748194][T15928] sock_recvmsg_nosec+0x10c/0x140 [ 666.748218][T15928] ____sys_recvmsg+0x23d/0x4f0 [ 666.748251][T15928] ? __pfx_____sys_recvmsg+0x10/0x10 [ 666.748289][T15928] ? import_iovec+0x73/0xa0 [ 666.748312][T15928] ___sys_recvmsg+0x215/0x590 [ 666.748342][T15928] ? __pfx____sys_recvmsg+0x10/0x10 [ 666.748371][T15928] ? __fget_files+0x2a/0x420 [ 666.748406][T15928] ? __fget_files+0x3a6/0x420 [ 666.748434][T15928] do_recvmmsg+0x33a/0x800 [ 666.748467][T15928] ? __pfx_do_recvmmsg+0x10/0x10 [ 666.748503][T15928] ? rt_mutex_slowunlock+0x1cb/0x300 [ 666.748537][T15928] __x64_sys_recvmmsg+0x198/0x250 [ 666.748565][T15928] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 666.748599][T15928] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.748618][T15928] do_syscall_64+0x15f/0x560 [ 666.748641][T15928] ? trace_irq_disable+0x3b/0x140 [ 666.748661][T15928] ? clear_bhb_loop+0x40/0x90 [ 666.748683][T15928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.748701][T15928] RIP: 0033:0x7fd22ee5ce59 [ 666.748718][T15928] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 666.748733][T15928] RSP: 002b:00007fd22d0ae028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 666.748751][T15928] RAX: ffffffffffffffda RBX: 00007fd22f0d5fa0 RCX: 00007fd22ee5ce59 [ 666.748764][T15928] RDX: 0000000000000001 RSI: 0000200000002e40 RDI: 0000000000000003 [ 666.748802][T15928] RBP: 00007fd22d0ae090 R08: 0000000000000000 R09: 0000000000000000 [ 666.748813][T15928] R10: 00000000400101a0 R11: 0000000000000246 R12: 0000000000000001 [ 666.748824][T15928] R13: 00007fd22f0d6038 R14: 00007fd22f0d5fa0 R15: 00007fff5ad59a88 [ 666.748854][T15928] [ 667.083752][ T5725] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 667.305914][ T5725] usb 1-1: device descriptor read/64, error -71 [ 667.544505][ T5725] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 667.644119][ T5711] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 667.673811][ T5725] usb 1-1: device descriptor read/64, error -71 [ 667.783951][ T5725] usb usb1-port1: attempt power cycle [ 667.796274][ T5711] usb 4-1: config 0 has an invalid descriptor of length 8, skipping remainder of the config [ 667.796306][ T5711] usb 4-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 667.796318][ T5711] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 667.799797][ T5711] usb 4-1: config 0 descriptor?? [ 667.811809][ T5711] rndis_host 4-1:0.0: ACM capabilities 04, not really RNDIS? [ 668.003178][ T5794] usb 4-1: USB disconnect, device number 5 [ 668.043965][ T4942] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 668.123739][ T5725] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 668.144228][ T5725] usb 1-1: device descriptor read/8, error -71 [ 668.193716][ T4942] usb 3-1: Using ep0 maxpacket: 16 [ 668.197441][ T4942] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 668.197467][ T4942] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 668.197477][ T4942] usb 3-1: Product: syz [ 668.197484][ T4942] usb 3-1: Manufacturer: syz [ 668.197492][ T4942] usb 3-1: SerialNumber: syz [ 668.204203][ T4942] r8152-cfgselector 3-1: Unknown version 0x0000 [ 668.204226][ T4942] r8152-cfgselector 3-1: config 0 descriptor?? [ 668.383766][ T5725] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 668.404713][ T5725] usb 1-1: device descriptor read/8, error -71 [ 668.514042][ T5725] usb usb1-port1: unable to enumerate USB device [ 669.363792][ T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 669.513775][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 669.520466][ T10] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 669.520496][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.520517][ T10] usb 4-1: Product: syz [ 669.520532][ T10] usb 4-1: Manufacturer: syz [ 669.520546][ T10] usb 4-1: SerialNumber: syz [ 669.533405][ T10] usb 4-1: config 0 descriptor?? [ 669.628165][ T5620] Bluetooth: hci0: unexpected cc 0x2005 length: 8 > 1 [ 669.628275][ T5620] Bluetooth: hci0: unexpected event for opcode 0x2005 [ 669.748745][ T10] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 670.073894][ T5727] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 670.204144][ T5727] usb 1-1: device descriptor read/64, error -71 [ 670.378826][ T10] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 670.386965][ T10] usb 4-1: USB disconnect, device number 6 [ 670.445543][ T5727] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 670.474156][T15978] netlink: 'syz.1.3618': attribute type 19 has an invalid length. [ 670.593748][ T5727] usb 1-1: device descriptor read/64, error -71 [ 670.704029][ T5727] usb usb1-port1: attempt power cycle [ 670.803204][ T10] r8152-cfgselector 3-1: USB disconnect, device number 31 [ 671.043760][ T5727] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 671.064438][ T5727] usb 1-1: device descriptor read/8, error -71 [ 671.173793][ T32] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 671.185142][ T10] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 671.209720][T15985] netlink: 'syz.1.3621': attribute type 4 has an invalid length. [ 671.209734][T15985] netlink: 17 bytes leftover after parsing attributes in process `syz.1.3621'. [ 671.303743][ T5727] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 671.318281][T15987] overlayfs: failed to resolve './file0': -2 [ 671.327781][ T5727] usb 1-1: device descriptor read/8, error -71 [ 671.335927][ T10] usb 3-1: config 0 has an invalid interface number: 69 but max is 0 [ 671.335953][ T10] usb 3-1: config 0 has no interface number 0 [ 671.335996][ T10] usb 3-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 671.336019][ T10] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 671.338196][ T10] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 671.338222][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.338239][ T10] usb 3-1: Product: syz [ 671.338253][ T10] usb 3-1: Manufacturer: syz [ 671.338266][ T10] usb 3-1: SerialNumber: syz [ 671.348201][ T10] usb 3-1: config 0 descriptor?? [ 671.349413][T15981] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 671.363869][ T10] cyberjack 3-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 671.400474][ T10] usb 3-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 671.403727][ T32] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 671.403760][ T32] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 671.403809][ T32] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 671.403829][ T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.434219][ T5727] usb usb1-port1: unable to enumerate USB device [ 671.503456][T15983] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 671.536501][ T32] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 671.688039][T15989] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.3623'. [ 671.829189][ T32] usb 4-1: USB disconnect, device number 7 [ 671.871481][T10364] udevd[10364]: setting owner of /dev/mixer3 to uid=0, gid=29 failed: No such file or directory [ 673.538675][ T38] audit: type=1326 audit(1779531943.297:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16022 comm="syz.3.3635" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f973b56ce59 code=0x0 [ 674.073912][ T5725] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 674.224037][ T5725] usb 4-1: Using ep0 maxpacket: 8 [ 674.233440][ T5725] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 674.233475][ T5725] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.233496][ T5725] usb 4-1: Product: syz [ 674.233510][ T5725] usb 4-1: Manufacturer: syz [ 674.233523][ T5725] usb 4-1: SerialNumber: syz [ 674.258036][ T10] usb 3-1: USB disconnect, device number 32 [ 674.261442][ T5725] usb 4-1: config 0 descriptor?? [ 674.474085][ T5725] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 674.485554][ T10] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 674.513107][ T10] cyberjack 3-1:0.69: device disconnected [ 674.562471][T16039] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3639'. [ 674.624861][ T4942] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 674.773695][ T4942] usb 1-1: Using ep0 maxpacket: 16 [ 674.781805][ T4942] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 674.781831][ T4942] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 674.781848][ T4942] usb 1-1: config 0 has no interface number 0 [ 674.817577][ T4942] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 674.817606][ T4942] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.817624][ T4942] usb 1-1: Product: syz [ 674.817636][ T4942] usb 1-1: Manufacturer: syz [ 674.817650][ T4942] usb 1-1: SerialNumber: syz [ 674.870130][ T4942] usb 1-1: config 0 descriptor?? [ 674.887046][ T4942] uvcvideo 1-1:0.105: Found UVC 0.00 device syz (046d:08f3) [ 674.887080][ T4942] uvcvideo 1-1:0.105: No valid video chain found. [ 675.215371][T16049] fuse: Bad value for 'fd' [ 675.216742][T16049] netlink: 'syz.0.3638': attribute type 39 has an invalid length. [ 675.487072][ T5725] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 676.565925][ T10] usb 4-1: USB disconnect, device number 8 [ 677.388972][T16031] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 677.402423][T16031] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 677.404490][T16031] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 677.404570][T16031] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 677.469505][T16031] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 677.621241][ T5794] usb 1-1: USB disconnect, device number 45 [ 677.805487][ T5620] Bluetooth: hci0: command 0x206a tx timeout [ 677.813731][ T4942] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 677.828138][T16073] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3649'. [ 677.828174][T16073] openvswitch: netlink: Actions may not be safe on all matching packets [ 677.965705][ T4942] usb 4-1: Using ep0 maxpacket: 8 [ 678.008306][ T4942] usb 4-1: unable to get BOS descriptor or descriptor too short [ 678.010272][ T4942] usb 4-1: config 9 has an invalid interface number: 103 but max is 0 [ 678.010297][ T4942] usb 4-1: config 9 has no interface number 0 [ 678.012644][ T4942] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea7b, bcdDevice=70.39 [ 678.012669][ T4942] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 678.012686][ T4942] usb 4-1: Product: syz [ 678.012698][ T4942] usb 4-1: Manufacturer: syz [ 678.012705][ T4942] usb 4-1: SerialNumber: syz [ 678.287569][ T4942] cp210x 4-1:9.103: cp210x converter detected [ 678.289448][ T4942] cp210x 4-1:9.103: failed to get vendor val 0x370b size 1: -71 [ 678.289473][ T4942] cp210x 4-1:9.103: querying part number failed [ 678.306846][ T4942] usb 4-1: cp210x converter now attached to ttyUSB0 [ 678.322306][ T4942] usb 4-1: USB disconnect, device number 9 [ 678.353085][ T4942] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 678.356496][ T4942] cp210x 4-1:9.103: device disconnected [ 678.567949][T16066] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 678.573292][T16066] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 678.573470][T16066] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 678.680336][T16102] FAULT_INJECTION: forcing a failure. [ 678.680336][T16102] name failslab, interval 1, probability 0, space 0, times 0 [ 678.680361][T16102] CPU: 1 UID: 0 PID: 16102 Comm: syz.0.3654 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 678.680376][T16102] Tainted: [L]=SOFTLOCKUP [ 678.680379][T16102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 678.680386][T16102] Call Trace: [ 678.680390][T16102] [ 678.680396][T16102] dump_stack_lvl+0xe8/0x150 [ 678.680413][T16102] should_fail_ex+0x46b/0x600 [ 678.680431][T16102] should_failslab+0xa8/0x100 [ 678.680445][T16102] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 678.680457][T16102] ? __alloc_skb+0x1d0/0x7d0 [ 678.680470][T16102] ? lockdep_hardirqs_on+0x7a/0x110 [ 678.680487][T16102] __alloc_skb+0x1d0/0x7d0 [ 678.680509][T16102] netlink_sendmsg+0x5d4/0xb40 [ 678.680529][T16102] ? __pfx_netlink_sendmsg+0x10/0x10 [ 678.680545][T16102] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 678.680558][T16102] ? aa_sock_msg_perm+0x122/0x200 [ 678.680569][T16102] ? __pfx_netlink_sendmsg+0x10/0x10 [ 678.680582][T16102] sock_sendmsg_nosec+0x112/0x150 [ 678.680595][T16102] ____sys_sendmsg+0x55c/0x870 [ 678.680612][T16102] ? __pfx_____sys_sendmsg+0x10/0x10 [ 678.680630][T16102] ? import_iovec+0x73/0xa0 [ 678.680643][T16102] ___sys_sendmsg+0x2a5/0x360 [ 678.680657][T16102] ? __lock_acquire+0x6b5/0x2d10 [ 678.680672][T16102] ? __pfx____sys_sendmsg+0x10/0x10 [ 678.680702][T16102] ? __fget_files+0x2a/0x420 [ 678.680712][T16102] ? __fget_files+0x3a6/0x420 [ 678.680726][T16102] __x64_sys_sendmsg+0x1c3/0x2a0 [ 678.680741][T16102] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 678.680760][T16102] ? __pfx_ksys_write+0x10/0x10 [ 678.680775][T16102] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.680786][T16102] do_syscall_64+0x15f/0x560 [ 678.680799][T16102] ? trace_irq_disable+0x3b/0x140 [ 678.680810][T16102] ? clear_bhb_loop+0x40/0x90 [ 678.680823][T16102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.680832][T16102] RIP: 0033:0x7eff00dbce59 [ 678.680843][T16102] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 678.680852][T16102] RSP: 002b:00007efeff00e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 678.680863][T16102] RAX: ffffffffffffffda RBX: 00007eff01035fa0 RCX: 00007eff00dbce59 [ 678.680871][T16102] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 678.680877][T16102] RBP: 00007efeff00e090 R08: 0000000000000000 R09: 0000000000000000 [ 678.680883][T16102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 678.680889][T16102] R13: 00007eff01036038 R14: 00007eff01035fa0 R15: 00007ffe6d2355a8 [ 678.680904][T16102] [ 679.363742][ T5725] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 679.513783][ T5725] usb 1-1: Using ep0 maxpacket: 16 [ 679.515800][ T5725] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 679.515901][ T5725] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 679.520010][ T5725] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 679.520035][ T5725] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 679.520054][ T5725] usb 1-1: Product: syz [ 679.520063][ T5725] usb 1-1: Manufacturer: syz [ 679.520070][ T5725] usb 1-1: SerialNumber: syz [ 679.610328][ T5725] usb 1-1: 0:2 : does not exist [ 679.798006][T16116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 679.803395][T16116] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 679.849620][ T5725] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 679.872566][T16135] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 679.872612][T16135] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 679.872631][T16135] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 679.883954][ T5620] Bluetooth: hci0: command 0x206a tx timeout [ 680.012190][ T5725] usb 1-1: USB disconnect, device number 46 [ 680.052942][T11939] udevd[11939]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 680.076281][ T9] usb 2-1: new full-speed USB device number 34 using dummy_hcd [ 680.225881][ T9] usb 2-1: config 0 has an invalid interface number: 9 but max is 0 [ 680.225908][ T9] usb 2-1: config 0 has no interface number 0 [ 680.225937][ T9] usb 2-1: too many endpoints for config 0 interface 9 altsetting 237: 50, using maximum allowed: 30 [ 680.225979][ T9] usb 2-1: config 0 interface 9 altsetting 237 has 0 endpoint descriptors, different from the interface descriptor's value: 50 [ 680.226004][ T9] usb 2-1: config 0 interface 9 has no altsetting 0 [ 680.226034][ T9] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 680.226055][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.232055][ T9] usb 2-1: config 0 descriptor?? [ 680.320918][T16138] netlink: 1010 bytes leftover after parsing attributes in process `syz.3.3667'. [ 680.523549][T16141] batadv_slave_1: entered promiscuous mode [ 680.526480][T16141] veth1_to_team: entered promiscuous mode [ 680.573416][T16133] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3659427032 (7318854064 ns) > initial count (3328 ns). Using initial count to start timer. [ 680.606822][ T5620] Bluetooth: hci1: command 0x0c1a tx timeout [ 680.606841][T16058] Bluetooth: hci3: command 0x0c1a tx timeout [ 680.950595][ T9] usb 2-1: string descriptor 0 read error: -71 [ 680.970488][ T9] cp210x 2-1:0.9: cp210x converter detected [ 680.971145][ T9] cp210x 2-1:0.9: failed to get vendor val 0x370b size 1: -71 [ 680.971167][ T9] cp210x 2-1:0.9: querying part number failed [ 680.984095][ T9] usb 2-1: cp210x converter now attached to ttyUSB0 [ 680.999808][ T9] usb 2-1: USB disconnect, device number 34 [ 681.040363][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 681.041132][ T9] cp210x 2-1:0.9: device disconnected [ 681.055147][ T5725] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 681.206128][ T5725] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 681.206185][ T5725] usb 3-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 681.206207][ T5725] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.213250][ T5725] usb 3-1: config 0 descriptor?? [ 681.219901][ T5725] rndis_host 3-1:0.0: probe with driver rndis_host failed with error -22 [ 681.347056][T16140] veth1_to_team: left promiscuous mode [ 681.347435][T16140] batadv_slave_1: left promiscuous mode [ 681.421970][ T5725] usb 3-1: USB disconnect, device number 33 [ 682.015378][ T38] audit: type=1326 audit(1779531951.767:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16176 comm="syz.3.3678" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f973b56ce59 code=0x0 [ 682.072526][T16177] lo speed is unknown, defaulting to 1000 [ 682.228181][T16184] netlink: 'syz.2.3680': attribute type 10 has an invalid length. [ 682.263748][T16184] macvlan1: entered promiscuous mode [ 682.263780][T16184] macvlan1: entered allmulticast mode [ 682.297405][T16184] veth1_vlan: entered allmulticast mode [ 682.400412][T16184] team0: Port device macvlan1 added [ 682.524151][ T5725] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 682.674064][ T5725] usb 3-1: Using ep0 maxpacket: 32 [ 682.676527][ T5725] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 682.678606][ T5725] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 682.678629][ T5725] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.678647][ T5725] usb 3-1: Product: syz [ 682.678659][ T5725] usb 3-1: Manufacturer: syz [ 682.678671][ T5725] usb 3-1: SerialNumber: syz [ 682.686794][ T5620] Bluetooth: hci1: command 0x0c1a tx timeout [ 682.746337][ T5725] usb 3-1: config 0 descriptor?? [ 682.777620][ T5725] cdc_ether 3-1:0.0: Descriptor too short [ 682.778972][ T5725] usb 3-1: unsupported MDLM descriptors [ 682.961167][ T5725] usb 3-1: USB disconnect, device number 34 [ 683.023820][ T5794] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 683.155426][ T5794] usb 2-1: device descriptor read/64, error -71 [ 683.413709][ T5794] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 683.540714][T16204] netlink: 260 bytes leftover after parsing attributes in process `syz.0.3687'. [ 683.637804][ T5794] usb 2-1: device descriptor read/64, error -71 [ 683.639819][T16209] netlink: 160 bytes leftover after parsing attributes in process `syz.2.3688'. [ 683.754038][ T5794] usb usb2-port1: attempt power cycle [ 684.104809][ T5794] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 684.124669][ T5794] usb 2-1: device descriptor read/8, error -71 [ 684.373697][ T5794] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 684.397167][T16227] fuse: Bad value for 'fd' [ 684.404825][ T5794] usb 2-1: device descriptor read/8, error -71 [ 684.515023][ T5794] usb usb2-port1: unable to enumerate USB device [ 684.763820][ T5620] Bluetooth: hci1: command 0x0c1a tx timeout [ 685.424040][ T5711] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 685.603710][ T5711] usb 4-1: Using ep0 maxpacket: 8 [ 685.605982][ T5711] usb 4-1: unable to get BOS descriptor or descriptor too short [ 685.607821][ T5711] usb 4-1: config 64 has an invalid interface number: 8 but max is 0 [ 685.607852][ T5711] usb 4-1: config 64 has no interface number 0 [ 685.610021][ T5711] usb 4-1: New USB device found, idVendor=0b57, idProduct=3dcd, bcdDevice=1e.db [ 685.610048][ T5711] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 685.610059][ T5711] usb 4-1: Product: syz [ 685.610066][ T5711] usb 4-1: Manufacturer: syz [ 685.610074][ T5711] usb 4-1: SerialNumber: syz [ 685.961703][ T5711] usbhid 4-1:64.8: couldn't find an input interrupt endpoint [ 685.980862][ T5711] usb 4-1: USB disconnect, device number 10 [ 686.203820][ T5725] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 686.353763][ T5725] usb 1-1: Using ep0 maxpacket: 32 [ 686.355727][ T5725] usb 1-1: config index 0 descriptor too short (expected 8192, got 36) [ 686.355751][ T5725] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 686.355769][ T5725] usb 1-1: config 0 has no interfaces? [ 686.355797][ T5725] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 686.355817][ T5725] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.361262][ T5725] usb 1-1: config 0 descriptor?? [ 686.461939][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.462091][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.622498][T16256] 9p: Bad value for 'rfdno' [ 686.665332][ T5725] usb 1-1: string descriptor 0 read error: -71 [ 686.680011][ T5725] usb 1-1: USB disconnect, device number 47 [ 687.077642][T16274] netlink: 284 bytes leftover after parsing attributes in process `syz.3.3714'. [ 687.633817][ T5711] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 687.799138][ T5711] usb 1-1: config 0 has an invalid interface number: 117 but max is 0 [ 687.799167][ T5711] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 687.799186][ T5711] usb 1-1: config 0 has no interface number 0 [ 687.799231][ T5711] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 687.799254][ T5711] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 687.799275][ T5711] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 687.804450][ T5711] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 687.804476][ T5711] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.804494][ T5711] usb 1-1: Product: syz [ 687.804507][ T5711] usb 1-1: Manufacturer: syz [ 687.804520][ T5711] usb 1-1: SerialNumber: syz [ 687.846537][ T5711] usb 1-1: config 0 descriptor?? [ 688.145081][T16295] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3723'. [ 688.227508][T16295] IPVS: persistence engine module ip_vs_pe_si{ not found [ 688.261602][ T5725] usb 1-1: USB disconnect, device number 48 [ 689.094401][ T5711] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 689.114830][ T4942] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 689.262233][ T5711] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 689.262323][ T5711] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 689.262347][ T5711] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 689.273982][ T4942] usb 1-1: Using ep0 maxpacket: 32 [ 689.277004][ T5711] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 689.277240][ T5711] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 689.277260][ T5711] usb 3-1: Product: syz [ 689.277273][ T5711] usb 3-1: Manufacturer: syz [ 689.277287][ T5711] usb 3-1: SerialNumber: syz [ 689.309184][ T4942] usb 1-1: config 0 has no interfaces? [ 689.309304][ T4942] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 689.309328][ T4942] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.318892][ T5711] usb 3-1: config 0 descriptor?? [ 689.319896][T16321] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 689.320073][T16321] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 689.329476][ T5711] usb 3-1: ucan: probing device on interface #0 [ 689.345509][ T4942] usb 1-1: config 0 descriptor?? [ 689.696278][T16332] loop8: detected capacity change from 0 to 7 [ 689.758945][ T5711] usb 3-1: ucan: failed to retrieve device info [ 689.758967][ T5711] usb 3-1: ucan: probe failed; try to update the device firmware [ 689.793202][ T5711] usb 3-1: USB disconnect, device number 35 [ 689.875685][T16332] Dev loop8: unable to read RDB block 7 [ 689.875729][T16332] loop8: unable to read partition table [ 689.875942][T16332] loop8: partition table beyond EOD, truncated [ 689.875979][T16332] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 690.231220][T16349] binder: 16348:16349 ioctl d000943d 2000000fa200 returned -22 [ 690.231529][T16349] binder: 16348:16349 ioctl d000943d 2000000fb200 returned -22 [ 690.231807][T16349] binder: 16348:16349 ioctl d000943e 2000000fc200 returned -22 [ 690.231972][T16349] binder: 16348:16349 ioctl 81f8943c 2000000fd200 returned -22 [ 690.232205][T16349] binder: 16348:16349 ioctl d000943e 2000000fd400 returned -22 [ 690.232446][T16349] binder: 16348:16349 ioctl d000943d 2000000fe400 returned -22 [ 690.232617][T16349] binder: 16348:16349 ioctl 81f8943c 2000000ff400 returned -22 [ 690.232781][T16349] binder: 16348:16349 ioctl c0709411 2000000ff600 returned -22 [ 690.232996][T16349] binder: 16348:16349 ioctl d000943e 2000000ff6c0 returned -22 [ 690.233274][T16349] binder: 16348:16349 ioctl d000943e 2000001006c0 returned -22 [ 690.233518][T16349] binder: 16348:16349 ioctl d000943d 2000001016c0 returned -22 [ 690.323361][T16349] binder: 16348:16349 ioctl 81f8943c 2000001026c0 returned -22 [ 690.328172][T16349] binder: 16348:16349 ioctl d000943d 2000001028c0 returned -22 [ 690.328450][T16349] binder: 16348:16349 ioctl d000943d 2000001038c0 returned -22 [ 690.328663][T16349] binder: 16348:16349 ioctl d000943e 2000001048c0 returned -22 [ 690.328865][T16349] binder: 16348:16349 ioctl d000943e 2000001058c0 returned -22 [ 690.329080][T16349] binder: 16348:16349 ioctl d000943e 2000001068c0 returned -22 [ 690.329315][T16349] binder: 16348:16349 ioctl d000943d 2000001078c0 returned -22 [ 690.335268][T16349] binder: 16348:16349 ioctl d000943e 2000001088c0 returned -22 [ 690.335490][T16349] binder: 16348:16349 ioctl d000943e 2000001098c0 returned -22 [ 690.335807][T16349] binder: 16348:16349 ioctl d000943d 20000010a8c0 returned -22 [ 691.013893][ T9] usb 3-1: new full-speed USB device number 36 using dummy_hcd [ 691.167226][ T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 691.167247][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 691.169480][ T9] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 691.169512][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 691.169532][ T9] usb 3-1: Product: syz [ 691.169545][ T9] usb 3-1: Manufacturer: syz [ 691.169558][ T9] usb 3-1: SerialNumber: syz [ 691.175015][ T9] usb 3-1: config 0 descriptor?? [ 691.209669][ T9] uvcvideo 3-1:0.0: Found UVC 0.00 device syz (18ec:3288) [ 691.209712][ T9] uvcvideo 3-1:0.0: No valid video chain found. [ 691.490702][T16370] netlink: 'syz.2.3747': attribute type 27 has an invalid length. [ 691.878654][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 691.913302][ T5711] usb 1-1: USB disconnect, device number 49 [ 692.296169][T16378] FAULT_INJECTION: forcing a failure. [ 692.296169][T16378] name failslab, interval 1, probability 0, space 0, times 0 [ 692.296203][T16378] CPU: 1 UID: 0 PID: 16378 Comm: syz.3.3752 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 692.296228][T16378] Tainted: [L]=SOFTLOCKUP [ 692.296235][T16378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 692.296245][T16378] Call Trace: [ 692.296252][T16378] [ 692.296261][T16378] dump_stack_lvl+0xe8/0x150 [ 692.296290][T16378] should_fail_ex+0x46b/0x600 [ 692.296318][T16378] should_failslab+0xa8/0x100 [ 692.296349][T16378] __kmalloc_cache_node_noprof+0x8a/0x6c0 [ 692.296371][T16378] ? __get_vm_area_node+0x13f/0x300 [ 692.296392][T16378] __get_vm_area_node+0x13f/0x300 [ 692.296412][T16378] __vmalloc_node_range_noprof+0x36a/0x1750 [ 692.296431][T16378] ? fpu_alloc_guest_fpstate+0x24/0x410 [ 692.296458][T16378] ? percpu_ref_get_many+0x19/0x140 [ 692.296565][T16378] ? percpu_ref_get_many+0x19/0x140 [ 692.296599][T16378] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 692.296626][T16378] ? rcu_is_watching+0x15/0xb0 [ 692.296647][T16378] ? fpu_alloc_guest_fpstate+0x24/0x410 [ 692.296671][T16378] vzalloc_noprof+0xb2/0xe0 [ 692.296687][T16378] ? fpu_alloc_guest_fpstate+0x24/0x410 [ 692.296712][T16378] fpu_alloc_guest_fpstate+0x24/0x410 [ 692.296737][T16378] kvm_arch_vcpu_create+0x45b/0x8b0 [ 692.296839][T16378] kvm_vm_ioctl_create_vcpu+0x461/0x970 [ 692.296892][T16378] kvm_vm_ioctl+0x896/0xd50 [ 692.296914][T16378] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 692.296949][T16378] ? kasan_quarantine_put+0xbb/0x1f0 [ 692.296973][T16378] ? tomoyo_path_number_perm+0x219/0x630 [ 692.297000][T16378] ? tomoyo_path_number_perm+0x219/0x630 [ 692.297026][T16378] ? do_vfs_ioctl+0x117b/0x1540 [ 692.297076][T16378] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 692.297123][T16378] ? __fget_files+0x2a/0x420 [ 692.297144][T16378] ? __fget_files+0x2a/0x420 [ 692.297160][T16378] ? __fget_files+0x3a6/0x420 [ 692.297174][T16378] ? __fget_files+0x2a/0x420 [ 692.297193][T16378] ? bpf_lsm_file_ioctl+0x9/0x20 [ 692.297216][T16378] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 692.297237][T16378] __se_sys_ioctl+0xff/0x170 [ 692.297256][T16378] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.297276][T16378] do_syscall_64+0x15f/0x560 [ 692.297300][T16378] ? trace_irq_disable+0x3b/0x140 [ 692.297318][T16378] ? clear_bhb_loop+0x40/0x90 [ 692.297347][T16378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.297366][T16378] RIP: 0033:0x7f973b56ce59 [ 692.297383][T16378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 692.297399][T16378] RSP: 002b:00007f97397c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 692.297419][T16378] RAX: ffffffffffffffda RBX: 00007f973b7e5fa0 RCX: 00007f973b56ce59 [ 692.297432][T16378] RDX: 0000000000000002 RSI: 000000000000ae41 RDI: 0000000000000004 [ 692.297443][T16378] RBP: 00007f97397c6090 R08: 0000000000000000 R09: 0000000000000000 [ 692.297455][T16378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 692.297466][T16378] R13: 00007f973b7e6038 R14: 00007f973b7e5fa0 R15: 00007ffcef69ed08 [ 692.297494][T16378] [ 692.309159][T16378] syz.3.3752: vmalloc error: size 896, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 692.309337][T16378] CPU: 0 UID: 0 PID: 16378 Comm: syz.3.3752 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 692.309363][T16378] Tainted: [L]=SOFTLOCKUP [ 692.309370][T16378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 692.309381][T16378] Call Trace: [ 692.309389][T16378] [ 692.309396][T16378] dump_stack_lvl+0xe8/0x150 [ 692.309425][T16378] warn_alloc+0x24c/0x270 [ 692.309451][T16378] ? __pfx_warn_alloc+0x10/0x10 [ 692.309470][T16378] ? __kmalloc_cache_node_noprof+0x27d/0x6c0 [ 692.309490][T16378] ? __get_vm_area_node+0x13f/0x300 [ 692.309511][T16378] ? __get_vm_area_node+0x2b5/0x300 [ 692.309535][T16378] __vmalloc_node_range_noprof+0x38f/0x1750 [ 692.309558][T16378] ? percpu_ref_get_many+0x19/0x140 [ 692.309581][T16378] ? percpu_ref_get_many+0x19/0x140 [ 692.309617][T16378] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 692.309644][T16378] ? rcu_is_watching+0x15/0xb0 [ 692.309666][T16378] ? fpu_alloc_guest_fpstate+0x24/0x410 [ 692.309690][T16378] vzalloc_noprof+0xb2/0xe0 [ 692.309708][T16378] ? fpu_alloc_guest_fpstate+0x24/0x410 [ 692.309734][T16378] fpu_alloc_guest_fpstate+0x24/0x410 [ 692.309759][T16378] kvm_arch_vcpu_create+0x45b/0x8b0 [ 692.309787][T16378] kvm_vm_ioctl_create_vcpu+0x461/0x970 [ 692.309818][T16378] kvm_vm_ioctl+0x896/0xd50 [ 692.309841][T16378] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 692.309878][T16378] ? kasan_quarantine_put+0xbb/0x1f0 [ 692.309903][T16378] ? tomoyo_path_number_perm+0x219/0x630 [ 692.309928][T16378] ? tomoyo_path_number_perm+0x219/0x630 [ 692.309954][T16378] ? do_vfs_ioctl+0x117b/0x1540 [ 692.309977][T16378] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 692.310027][T16378] ? __fget_files+0x2a/0x420 [ 692.310047][T16378] ? __fget_files+0x2a/0x420 [ 692.310062][T16378] ? __fget_files+0x3a6/0x420 [ 692.310078][T16378] ? __fget_files+0x2a/0x420 [ 692.310103][T16378] ? bpf_lsm_file_ioctl+0x9/0x20 [ 692.310127][T16378] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 692.310147][T16378] __se_sys_ioctl+0xff/0x170 [ 692.310168][T16378] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.310186][T16378] do_syscall_64+0x15f/0x560 [ 692.310209][T16378] ? trace_irq_disable+0x3b/0x140 [ 692.310229][T16378] ? clear_bhb_loop+0x40/0x90 [ 692.310250][T16378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.310267][T16378] RIP: 0033:0x7f973b56ce59 [ 692.310284][T16378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 692.310299][T16378] RSP: 002b:00007f97397c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 692.310317][T16378] RAX: ffffffffffffffda RBX: 00007f973b7e5fa0 RCX: 00007f973b56ce59 [ 692.310330][T16378] RDX: 0000000000000002 RSI: 000000000000ae41 RDI: 0000000000000004 [ 692.310341][T16378] RBP: 00007f97397c6090 R08: 0000000000000000 R09: 0000000000000000 [ 692.310352][T16378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 692.310362][T16378] R13: 00007f973b7e6038 R14: 00007f973b7e5fa0 R15: 00007ffcef69ed08 [ 692.310390][T16378] [ 692.310398][T16378] Mem-Info: [ 692.310407][T16378] active_anon:25090 inactive_anon:0 isolated_anon:0 [ 692.310407][T16378] active_file:1 inactive_file:61238 isolated_file:0 [ 692.310407][T16378] unevictable:768 dirty:129 writeback:0 [ 692.310407][T16378] slab_reclaimable:12865 slab_unreclaimable:105882 [ 692.310407][T16378] mapped:25562 shmem:17749 pagetables:1531 [ 692.310407][T16378] sec_pagetables:0 bounce:0 [ 692.310407][T16378] kernel_misc_reclaimable:0 [ 692.310407][T16378] free:1284102 free_pcp:7090 free_cma:0 [ 692.310455][T16378] Node 0 active_anon:100352kB inactive_anon:0kB active_file:4kB inactive_file:244572kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102076kB dirty:516kB writeback:0kB shmem:69452kB kernel_stack:13688kB pagetables:5976kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 692.310501][T16378] Node 1 active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:380kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:172kB dirty:0kB writeback:0kB shmem:1544kB kernel_stack:32kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 692.310544][T16378] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 692.310597][T16378] lowmem_reserve[]: 0 2492 2493 2493 2493 [ 692.310626][T16378] Node 0 DMA32 free:1185508kB boost:0kB min:3912kB low:6436kB high:8960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:100352kB inactive_anon:0kB active_file:4kB inactive_file:244572kB unevictable:1536kB writepending:516kB zspages:0kB present:3129332kB managed:2552244kB mlocked:0kB bounce:0kB free_pcp:28352kB local_pcp:8084kB free_cma:0kB [ 692.310680][T16378] lowmem_reserve[]: 0 0 0 0 0 [ 692.310708][T16378] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:868kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:4kB free_cma:0kB [ 692.312007][T16378] lowmem_reserve[]: 0 0 0 0 0 [ 692.312039][T16378] Node 1 Normal free:3935540kB boost:0kB min:6372kB low:10480kB high:14588kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:380kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111096kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 692.312099][T16378] lowmem_reserve[]: 0 0 0 0 0 [ 692.312128][T16378] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 692.312226][T16378] Node 0 DMA32: 1227*4kB (UME) 630*8kB (UME) 521*16kB (UME) 402*32kB (UM) 156*64kB (UM) 43*128kB (UM) 33*256kB (UE) 58*512kB (UME) 7*1024kB (UM) 28*2048kB (UM) 253*4096kB (UM) = 1185580kB [ 692.312370][T16378] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 692.312454][T16378] Node 1 Normal: 1*4kB (U) 4*8kB (UM) 13*16kB (UM) 12*32kB (UM) 5*64kB (U) 5*128kB (UM) 3*256kB (UM) 4*512kB (UM) 3*1024kB (UM) 0*2048kB 959*4096kB (M) = 3935540kB [ 692.312583][T16378] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 692.312598][T16378] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 692.312613][T16378] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 692.312627][T16378] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 692.312642][T16378] 78984 total pagecache pages [ 692.312649][T16378] 0 pages in swap cache [ 692.312656][T16378] Free swap = 124896kB [ 692.312663][T16378] Total swap = 124996kB [ 692.312671][T16378] 2097051 pages RAM [ 692.312677][T16378] 0 pages HighMem/MovableOnly [ 692.312684][T16378] 427159 pages reserved [ 692.312690][T16378] 0 pages cma reserved [ 692.312698][T16378] kvm: failed to allocate vcpu's fpu [ 693.583687][ T5794] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 693.740375][ T5794] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 693.740428][ T5794] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 693.740450][ T5794] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 693.779016][ T5794] usb 4-1: config 0 descriptor?? [ 693.795843][ T5794] pwc: Askey VC010 type 2 USB webcam detected. [ 693.827473][ T9] usb 3-1: USB disconnect, device number 36 [ 694.206992][ T5794] pwc: recv_control_msg error -32 req 02 val 2b00 [ 694.207875][ T5794] pwc: recv_control_msg error -32 req 02 val 2700 [ 694.208679][ T5794] pwc: recv_control_msg error -32 req 02 val 2c00 [ 694.209827][ T5794] pwc: recv_control_msg error -32 req 04 val 1000 [ 694.210800][ T5794] pwc: recv_control_msg error -32 req 04 val 1300 [ 694.211548][ T5794] pwc: recv_control_msg error -32 req 04 val 1400 [ 694.212045][ T5794] pwc: recv_control_msg error -32 req 02 val 2000 [ 694.263602][ T5794] pwc: recv_control_msg error -32 req 02 val 2100 [ 694.279234][ T5794] pwc: recv_control_msg error -32 req 04 val 1500 [ 694.279831][ T5794] pwc: recv_control_msg error -32 req 02 val 2500 [ 694.280595][ T5794] pwc: recv_control_msg error -32 req 02 val 2400 [ 694.292292][ T5794] pwc: recv_control_msg error -32 req 02 val 2600 [ 694.368805][ T4942] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 694.494880][ T5794] pwc: recv_control_msg error -71 req 02 val 2800 [ 694.501025][ T5794] pwc: recv_control_msg error -71 req 04 val 1100 [ 694.501648][ T5794] pwc: recv_control_msg error -71 req 04 val 1200 [ 694.525534][ T4942] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 694.525560][ T4942] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 694.525578][ T4942] usb 2-1: config 0 has no interface number 0 [ 694.525635][ T4942] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 694.525658][ T4942] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 694.525678][ T4942] usb 2-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 694.525714][ T4942] usb 2-1: New USB device found, idVendor=04d9, idProduct=a04a, bcdDevice= 0.00 [ 694.525733][ T4942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 694.619813][ T4942] usb 2-1: config 0 descriptor?? [ 694.657990][ T5794] pwc: Registered as video103. [ 694.690778][ T5794] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input89 [ 694.746236][ T5794] usb 4-1: USB disconnect, device number 11 [ 695.142882][T16402] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3760'. [ 695.239956][ T4942] usbhid 2-1:0.1: can't add hid device: -71 [ 695.240078][ T4942] usbhid 2-1:0.1: probe with driver usbhid failed with error -71 [ 695.267249][ T4942] usb 2-1: USB disconnect, device number 39 [ 695.370099][T16405] lo speed is unknown, defaulting to 1000 [ 695.488280][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88805e49d400: rx timeout, send abort [ 695.533799][ T5794] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 695.686180][ T5794] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 695.686239][ T5794] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 695.688362][ T5794] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 695.688388][ T5794] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.688407][ T5794] usb 1-1: Product: syz [ 695.688418][ T5794] usb 1-1: Manufacturer: syz [ 695.688425][ T5794] usb 1-1: SerialNumber: syz [ 695.752401][ T5794] rtl8150 1-1:1.0: couldn't find required endpoints [ 695.752674][ T5794] rtl8150 1-1:1.0: probe with driver rtl8150 failed with error -5 [ 695.912871][ T9] usb 1-1: USB disconnect, device number 50 [ 695.933082][T16416] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3763'. [ 696.032356][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88805e49d400: abort rx timeout. Force session deactivation [ 696.032482][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88803cb5d800: rx timeout, send abort [ 696.215495][T16424] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.3766'. [ 696.532563][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88803cb5d800: abort rx timeout. Force session deactivation [ 696.668610][T16433] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_team, syncid = 1, id = 0 [ 696.934757][T16439] netlink: 'syz.0.3771': attribute type 11 has an invalid length. [ 697.193763][T13848] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 697.333792][T13848] usb 1-1: device descriptor read/64, error -71 [ 697.445766][T16448] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3774'. [ 697.583823][T13848] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 697.693832][ T10] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 697.715229][T13848] usb 1-1: device descriptor read/64, error -71 [ 697.825386][T13848] usb usb1-port1: attempt power cycle [ 697.843821][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 697.845460][ T10] usb 2-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 196, changing to 11 [ 697.845487][ T10] usb 2-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 697.845501][ T10] usb 2-1: config 0 interface 0 has no altsetting 0 [ 697.845519][ T10] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 697.845531][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.851002][ T10] usb 2-1: config 0 descriptor?? [ 698.163823][T13848] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 698.184655][T13848] usb 1-1: device descriptor read/8, error -71 [ 698.263755][ T10] elan 0003:04F3:0755.002E: unknown main item tag 0x3 [ 698.263794][ T10] elan 0003:04F3:0755.002E: unknown main item tag 0x0 [ 698.263818][ T10] elan 0003:04F3:0755.002E: unknown main item tag 0x0 [ 698.263842][ T10] elan 0003:04F3:0755.002E: unknown main item tag 0x0 [ 698.263871][ T10] elan 0003:04F3:0755.002E: unknown main item tag 0x0 [ 698.263896][ T10] elan 0003:04F3:0755.002E: unknown main item tag 0x0 [ 698.387050][ T10] elan 0003:04F3:0755.002E: hidraw0: USB HID v0.04 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 698.424504][T13848] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 698.447890][T13848] usb 1-1: device descriptor read/8, error -71 [ 698.556074][T13848] usb usb1-port1: unable to enumerate USB device [ 698.703706][ T4942] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 698.853710][ T4942] usb 4-1: Using ep0 maxpacket: 32 [ 698.855631][ T4942] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 698.855657][ T4942] usb 4-1: config 0 has no interface number 0 [ 698.855699][ T4942] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 698.855724][ T4942] usb 4-1: config 0 interface 85 has no altsetting 0 [ 698.858159][ T4942] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 698.858185][ T4942] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 698.858204][ T4942] usb 4-1: Product: syz [ 698.858217][ T4942] usb 4-1: Manufacturer: syz [ 698.858231][ T4942] usb 4-1: SerialNumber: syz [ 698.863356][ T4942] usb 4-1: config 0 descriptor?? [ 698.992860][ T10] usb 2-1: USB disconnect, device number 40 [ 699.479015][ T4942] appletouch 4-1:0.85: Geyser mode initialized. [ 699.481143][ T4942] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input90 [ 699.681427][T16455] netlink: 'syz.3.3777': attribute type 12 has an invalid length. [ 699.805921][ T9] usb 4-1: USB disconnect, device number 12 [ 699.862810][T16469] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3782'. [ 699.894653][ T4942] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 699.916204][ T9] appletouch 4-1:0.85: input: appletouch disconnected [ 700.054085][ T4942] usb 2-1: Using ep0 maxpacket: 32 [ 700.061190][ T4942] usb 2-1: config 5 has an invalid interface number: 176 but max is 0 [ 700.061219][ T4942] usb 2-1: config 5 contains an unexpected descriptor of type 0x2, skipping [ 700.061235][ T4942] usb 2-1: config 5 has no interface number 0 [ 700.061280][ T4942] usb 2-1: config 5 interface 176 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 700.061301][ T4942] usb 2-1: config 5 interface 176 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 700.061321][ T4942] usb 2-1: config 5 interface 176 altsetting 4 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 700.061345][ T4942] usb 2-1: config 5 interface 176 altsetting 4 has a duplicate endpoint with address 0x9, skipping [ 700.061367][ T4942] usb 2-1: config 5 interface 176 altsetting 4 endpoint 0x8 has invalid maxpacket 2015, setting to 64 [ 700.061390][ T4942] usb 2-1: config 5 interface 176 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 700.061410][ T4942] usb 2-1: config 5 interface 176 altsetting 4 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 700.061433][ T4942] usb 2-1: config 5 interface 176 altsetting 4 endpoint 0x8A has invalid maxpacket 1024, setting to 64 [ 700.061458][ T4942] usb 2-1: config 5 interface 176 altsetting 4 has a duplicate endpoint with address 0x7, skipping [ 700.061478][ T4942] usb 2-1: config 5 interface 176 altsetting 4 has a duplicate endpoint with address 0x8, skipping [ 700.061506][ T4942] usb 2-1: config 5 interface 176 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 700.061525][ T4942] usb 2-1: config 5 interface 176 has no altsetting 0 [ 700.108710][ T4942] usb 2-1: New USB device found, idVendor=0bda, idProduct=1724, bcdDevice=b6.6d [ 700.108741][ T4942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 700.108760][ T4942] usb 2-1: Product: 鱲řá“ã™™æ é»§éº—鳲꾌⟊그ç˜ê‚¢ï³±é€¦íƒ¸ã„¦é‘´ï—¢ä²—틢⛔ä“ﱥꅆ调빺姾ꙇ巜î¥ã¼ˆë‹šä£ƒã””îˆä¶½é¥è•žä‹†é“¦ê´¨é¸Šãš–걬⷟ત㑥醫í䮊㾫뗴é”ê„锌跶Ľ듛۷贯웃㌀ࠈ㩩䜜ྐྵⲫ [ 700.108782][ T4942] usb 2-1: Manufacturer: 㽋⋖옦쮸銋骘㜑ျဲੀ⌵ [ 700.108805][ T4942] usb 2-1: SerialNumber: syz [ 700.563801][ T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 700.725949][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 700.725982][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 700.726002][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 700.726042][ T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 700.726064][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.763173][ T10] usb 4-1: config 0 descriptor?? [ 700.823231][ T4942] usb 2-1: USB disconnect, device number 41 [ 701.209197][ T10] plantronics 0003:047F:FFFF.002F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 701.575960][T16510] FAULT_INJECTION: forcing a failure. [ 701.575960][T16510] name failslab, interval 1, probability 0, space 0, times 0 [ 701.575996][T16510] CPU: 1 UID: 0 PID: 16510 Comm: syz.1.3793 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 701.576022][T16510] Tainted: [L]=SOFTLOCKUP [ 701.576029][T16510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 701.576057][T16510] Call Trace: [ 701.576065][T16510] [ 701.576073][T16510] dump_stack_lvl+0xe8/0x150 [ 701.576098][T16510] should_fail_ex+0x46b/0x600 [ 701.576126][T16510] should_failslab+0xa8/0x100 [ 701.576149][T16510] __kmalloc_noprof+0xdf/0x7b0 [ 701.576166][T16510] ? kfree+0x4d/0x6c0 [ 701.576181][T16510] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 701.576205][T16510] tomoyo_realpath_from_path+0xe3/0x5d0 [ 701.576227][T16510] ? tomoyo_domain+0xd7/0x130 [ 701.576250][T16510] ? tomoyo_path_number_perm+0x219/0x630 [ 701.576273][T16510] tomoyo_path_number_perm+0x246/0x630 [ 701.576303][T16510] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 701.576332][T16510] ? __lock_acquire+0x6b5/0x2d10 [ 701.576355][T16510] ? do_raw_spin_lock+0x12b/0x2f0 [ 701.576403][T16510] ? __fget_files+0x2a/0x420 [ 701.576424][T16510] ? __fget_files+0x2a/0x420 [ 701.576439][T16510] ? __fget_files+0x3a6/0x420 [ 701.576455][T16510] ? __fget_files+0x2a/0x420 [ 701.576475][T16510] security_file_ioctl+0xc3/0x2a0 [ 701.576499][T16510] __se_sys_ioctl+0x47/0x170 [ 701.576519][T16510] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.576539][T16510] do_syscall_64+0x15f/0x560 [ 701.576560][T16510] ? trace_irq_disable+0x3b/0x140 [ 701.576579][T16510] ? clear_bhb_loop+0x40/0x90 [ 701.576601][T16510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.576618][T16510] RIP: 0033:0x7fd22ee5ce59 [ 701.576636][T16510] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 701.576653][T16510] RSP: 002b:00007fd22d0ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 701.576672][T16510] RAX: ffffffffffffffda RBX: 00007fd22f0d5fa0 RCX: 00007fd22ee5ce59 [ 701.576685][T16510] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007 [ 701.576696][T16510] RBP: 00007fd22d0ae090 R08: 0000000000000000 R09: 0000000000000000 [ 701.576707][T16510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 701.576717][T16510] R13: 00007fd22f0d6038 R14: 00007fd22f0d5fa0 R15: 00007fff5ad59a88 [ 701.576744][T16510] [ 701.613900][T16510] ERROR: Out of memory at tomoyo_realpath_from_path. [ 702.023475][T16520] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3794'. [ 702.143754][ T5794] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 702.308685][ T5794] usb 2-1: Using ep0 maxpacket: 16 [ 702.332818][ T5794] usb 2-1: config 0 has an invalid interface number: 104 but max is 1 [ 702.332848][ T5794] usb 2-1: config 0 has an invalid interface number: 104 but max is 1 [ 702.332867][ T5794] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 702.332884][ T5794] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 702.332904][ T5794] usb 2-1: config 0 has no interface number 0 [ 702.332934][ T5794] usb 2-1: config 0 interface 104 has no altsetting 1 [ 702.387600][ T5794] usb 2-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00 [ 702.387627][ T5794] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 702.387643][ T5794] usb 2-1: Product: syz [ 702.387655][ T5794] usb 2-1: Manufacturer: syz [ 702.387666][ T5794] usb 2-1: SerialNumber: syz [ 702.439730][ T5794] usb 2-1: config 0 descriptor?? [ 702.449662][ T5794] asix 2-1:0.104: probe with driver asix failed with error -22 [ 702.653867][ T10] usb 4-1: reset high-speed USB device number 13 using dummy_hcd [ 702.656227][ T5794] usb 2-1: USB disconnect, device number 42 [ 703.514219][ T5727] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 703.665174][ T5727] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 703.665208][ T5727] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 703.665220][ T5727] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 703.676190][ T5727] usb 2-1: config 0 descriptor?? [ 703.686636][ T5727] pwc: Askey VC010 type 2 USB webcam detected. [ 704.081997][ T5727] pwc: recv_control_msg error -32 req 02 val 2b00 [ 704.082641][ T5727] pwc: recv_control_msg error -32 req 02 val 2700 [ 704.083279][ T5727] pwc: recv_control_msg error -32 req 02 val 2c00 [ 704.103451][ T5727] pwc: recv_control_msg error -32 req 04 val 1000 [ 704.104496][ T5727] pwc: recv_control_msg error -32 req 04 val 1300 [ 704.112000][ T5727] pwc: recv_control_msg error -32 req 04 val 1400 [ 704.124509][ T5727] pwc: recv_control_msg error -32 req 02 val 2000 [ 704.125205][ T5727] pwc: recv_control_msg error -32 req 02 val 2100 [ 704.126307][ T5727] pwc: recv_control_msg error -32 req 04 val 1500 [ 704.127099][ T5727] pwc: recv_control_msg error -32 req 02 val 2500 [ 704.127736][ T5727] pwc: recv_control_msg error -32 req 02 val 2400 [ 704.128673][ T5727] pwc: recv_control_msg error -32 req 02 val 2600 [ 704.291437][ T10] usb 4-1: device descriptor read/64, error -71 [ 704.330165][ T5727] pwc: recv_control_msg error -71 req 02 val 2800 [ 704.332397][ T5727] pwc: recv_control_msg error -71 req 04 val 1100 [ 704.332847][ T5727] pwc: recv_control_msg error -71 req 04 val 1200 [ 704.338017][ T5727] pwc: Registered as video103. [ 704.348881][ T5727] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input91 [ 704.401827][ T5727] usb 2-1: USB disconnect, device number 43 [ 704.631151][ T10] usb 4-1: reset high-speed USB device number 13 using dummy_hcd [ 704.632121][ T10] usb 4-1: device reset changed ep0 maxpacket size! [ 704.736992][ T9] usb 4-1: USB disconnect, device number 13 [ 704.933825][ T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 705.013321][T16058] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 705.085025][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 705.102961][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 705.105178][ T9] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7 [ 705.125293][ T9] usb 4-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 705.125321][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 705.125341][ T9] usb 4-1: Product: syz [ 705.125354][ T9] usb 4-1: Manufacturer: syz [ 705.125367][ T9] usb 4-1: SerialNumber: syz [ 705.151181][ T10] kernel write not supported for file /input/event0 (pid: 10 comm: kworker/0:1) [ 705.453748][ T5725] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 705.479879][ T9] usb 4-1: Audio class v2/v3 interfaces need an interface association [ 705.480335][ T9] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 705.631231][ T5725] usb 1-1: config 1 has an invalid interface number: 7 but max is 0 [ 705.631258][ T5725] usb 1-1: config 1 has no interface number 0 [ 705.631298][ T5725] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x9 has invalid maxpacket 64 [ 705.631370][ T5725] usb 1-1: config 1 interface 7 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 705.657995][ T5725] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 705.658022][ T5725] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 705.658040][ T5725] usb 1-1: Product: syz [ 705.658105][ T5725] usb 1-1: Manufacturer: syz [ 705.658118][ T5725] usb 1-1: SerialNumber: syz [ 705.662472][ T9] usb 4-1: 2:1 : can't get High Capability descriptor [ 705.682552][T16570] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 705.682733][T16570] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 705.692311][T16577] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3813'. [ 705.710864][ T5725] usb 1-1: Expected 3 endpoints, found: 2 [ 705.746620][ T5727] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 705.837981][T16581] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3815'. [ 705.873752][ T5727] usb 2-1: device descriptor read/64, error -71 [ 705.887591][T16570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.888411][T16570] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 705.930087][T16570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.931480][T16570] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 705.940531][T16570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.941079][T16570] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 705.949018][T16570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.953778][T16570] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 705.959565][T16570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.961281][T16570] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 706.078292][ T5725] usb 1-1: USB disconnect, device number 55 [ 706.113895][ T5727] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 706.243854][ T5727] usb 2-1: device descriptor read/64, error -71 [ 706.356594][ T5727] usb usb2-port1: attempt power cycle [ 706.696630][ T5727] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 706.715195][ T5727] usb 2-1: device descriptor read/8, error -71 [ 706.953778][ T5727] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 706.982375][ T5727] usb 2-1: device descriptor read/8, error -71 [ 707.028510][T13848] usb 4-1: USB disconnect, device number 14 [ 707.089306][ T5727] usb usb2-port1: unable to enumerate USB device [ 707.261159][T16595] FAULT_INJECTION: forcing a failure. [ 707.261159][T16595] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 707.261189][T16595] CPU: 0 UID: 0 PID: 16595 Comm: syz.2.3820 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 707.261208][T16595] Tainted: [L]=SOFTLOCKUP [ 707.261213][T16595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 707.261221][T16595] Call Trace: [ 707.261227][T16595] [ 707.261234][T16595] dump_stack_lvl+0xe8/0x150 [ 707.261257][T16595] should_fail_ex+0x46b/0x600 [ 707.261283][T16595] _copy_from_user+0x2d/0xb0 [ 707.261299][T16595] ___sys_sendmsg+0x1c6/0x360 [ 707.261320][T16595] ? __lock_acquire+0x6b5/0x2d10 [ 707.261340][T16595] ? __pfx____sys_sendmsg+0x10/0x10 [ 707.261384][T16595] ? __fget_files+0x2a/0x420 [ 707.261397][T16595] ? __fget_files+0x3a6/0x420 [ 707.261417][T16595] __x64_sys_sendmsg+0x1c3/0x2a0 [ 707.261437][T16595] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 707.261475][T16595] ? __pfx_ksys_write+0x10/0x10 [ 707.261496][T16595] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 707.261511][T16595] do_syscall_64+0x15f/0x560 [ 707.261529][T16595] ? trace_irq_disable+0x3b/0x140 [ 707.261543][T16595] ? clear_bhb_loop+0x40/0x90 [ 707.261559][T16595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 707.261572][T16595] RIP: 0033:0x7f32675fce59 [ 707.261586][T16595] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 707.261597][T16595] RSP: 002b:00007f3265856028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 707.261613][T16595] RAX: ffffffffffffffda RBX: 00007f3267875fa0 RCX: 00007f32675fce59 [ 707.261622][T16595] RDX: 0000000020000040 RSI: 0000200000000cc0 RDI: 0000000000000003 [ 707.261631][T16595] RBP: 00007f3265856090 R08: 0000000000000000 R09: 0000000000000000 [ 707.261639][T16595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 707.261647][T16595] R13: 00007f3267876038 R14: 00007f3267875fa0 R15: 00007ffd96eac798 [ 707.261668][T16595] [ 707.483340][T16602] syzkaller1: entered promiscuous mode [ 707.483356][T16602] syzkaller1: entered allmulticast mode [ 707.488201][T16602] FAULT_INJECTION: forcing a failure. [ 707.488201][T16602] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 707.488238][T16602] CPU: 0 UID: 0 PID: 16602 Comm: syz.2.3823 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 707.488263][T16602] Tainted: [L]=SOFTLOCKUP [ 707.488270][T16602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 707.488281][T16602] Call Trace: [ 707.488289][T16602] [ 707.488297][T16602] dump_stack_lvl+0xe8/0x150 [ 707.488322][T16602] should_fail_ex+0x46b/0x600 [ 707.488351][T16602] _copy_from_iter+0x1d3/0x1670 [ 707.488378][T16602] ? rep_movs_alternative+0x4a/0xa0 [ 707.488404][T16602] ? __pfx__copy_from_iter+0x10/0x10 [ 707.488434][T16602] ? sock_alloc_send_pskb+0x8a2/0x9a0 [ 707.488464][T16602] ? __pfx__copy_from_iter+0x10/0x10 [ 707.488495][T16602] copy_page_from_iter+0x220/0x2d0 [ 707.488523][T16602] skb_copy_datagram_from_iter+0x306/0x710 [ 707.488558][T16602] tun_get_user+0xc5b/0x4400 [ 707.488590][T16602] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 707.488614][T16602] ? rt_mutex_slowunlock+0x3e0/0x8b0 [ 707.488630][T16602] ? reacquire_held_locks+0x104/0x190 [ 707.488654][T16602] ? rt_spin_lock+0x1e0/0x400 [ 707.488678][T16602] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 707.488698][T16602] ? __pfx_tun_get_user+0x10/0x10 [ 707.488719][T16602] ? rt_spin_unlock+0x14f/0x200 [ 707.488740][T16602] ? rt_spin_unlock+0x160/0x200 [ 707.488760][T16602] ? save_netdev_trace_buffer+0x4ba/0x5f0 [ 707.488785][T16602] ? ref_tracker_alloc+0x332/0x4a0 [ 707.488903][T16602] ? tun_get+0x157/0x2f0 [ 707.488923][T16602] ? vfs_write+0x629/0xba0 [ 707.488941][T16602] ? ksys_write+0x156/0x270 [ 707.488960][T16602] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 707.488987][T16602] ? tun_get+0x1c/0x2f0 [ 707.489015][T16602] ? tun_get+0x1c/0x2f0 [ 707.489036][T16602] ? tun_get+0x1c/0x2f0 [ 707.489063][T16602] tun_chr_write_iter+0x119/0x210 [ 707.489089][T16602] vfs_write+0x629/0xba0 [ 707.489115][T16602] ? __pfx_vfs_write+0x10/0x10 [ 707.489143][T16602] ? __fget_files+0x2a/0x420 [ 707.489168][T16602] ksys_write+0x156/0x270 [ 707.489190][T16602] ? __pfx_ksys_write+0x10/0x10 [ 707.489216][T16602] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 707.489236][T16602] do_syscall_64+0x15f/0x560 [ 707.489254][T16602] ? trace_irq_disable+0x3b/0x140 [ 707.489273][T16602] ? clear_bhb_loop+0x40/0x90 [ 707.489293][T16602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 707.489311][T16602] RIP: 0033:0x7f32675fce59 [ 707.489329][T16602] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 707.489344][T16602] RSP: 002b:00007f3265856028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 707.489363][T16602] RAX: ffffffffffffffda RBX: 00007f3267875fa0 RCX: 00007f32675fce59 [ 707.489377][T16602] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000003 [ 707.489388][T16602] RBP: 00007f3265856090 R08: 0000000000000000 R09: 0000000000000000 [ 707.489400][T16602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 707.489411][T16602] R13: 00007f3267876038 R14: 00007f3267875fa0 R15: 00007ffd96eac798 [ 707.489445][T16602] [ 707.523713][T13848] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 707.746876][T13848] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 707.746925][T13848] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 707.746938][T13848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 707.848109][T13848] usb 4-1: config 0 descriptor?? [ 707.859565][T13848] pwc: Askey VC010 type 2 USB webcam detected. [ 708.104084][T16608] netlink: 'syz.0.3826': attribute type 29 has an invalid length. [ 708.164634][T16613] FAULT_INJECTION: forcing a failure. [ 708.164634][T16613] name failslab, interval 1, probability 0, space 0, times 0 [ 708.164659][T16613] CPU: 1 UID: 0 PID: 16613 Comm: syz.0.3827 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 708.164674][T16613] Tainted: [L]=SOFTLOCKUP [ 708.164678][T16613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 708.164684][T16613] Call Trace: [ 708.164689][T16613] [ 708.164694][T16613] dump_stack_lvl+0xe8/0x150 [ 708.164714][T16613] should_fail_ex+0x46b/0x600 [ 708.164737][T16613] should_failslab+0xa8/0x100 [ 708.164751][T16613] __kmalloc_noprof+0xdf/0x7b0 [ 708.164763][T16613] ? kfree+0x4d/0x6c0 [ 708.164771][T16613] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 708.164786][T16613] tomoyo_realpath_from_path+0xe3/0x5d0 [ 708.164803][T16613] tomoyo_check_open_permission+0x229/0x470 [ 708.164819][T16613] ? tomoyo_check_open_permission+0x1d3/0x470 [ 708.164833][T16613] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 708.164848][T16613] ? __asan_memset+0x22/0x50 [ 708.164875][T16613] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 708.164890][T16613] ? tomoyo_file_open+0x166/0x220 [ 708.164904][T16613] security_file_open+0xa9/0x240 [ 708.164918][T16613] do_dentry_open+0x4c0/0x13e0 [ 708.164936][T16613] ? vfs_open+0x31/0x350 [ 708.164952][T16613] vfs_open+0x3b/0x350 [ 708.164966][T16613] ? path_openat+0x2ed3/0x3960 [ 708.164979][T16613] path_openat+0x2eea/0x3960 [ 708.165019][T16613] ? __pfx_path_openat+0x10/0x10 [ 708.165040][T16613] ? kasan_save_track+0x4f/0x80 [ 708.165049][T16613] ? kasan_save_track+0x3e/0x80 [ 708.165058][T16613] ? __kasan_slab_alloc+0x6c/0x80 [ 708.165072][T16613] ? do_raw_spin_lock+0x12b/0x2f0 [ 708.165087][T16613] do_file_open+0x23e/0x4a0 [ 708.165099][T16613] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 708.165114][T16613] ? __pfx_do_file_open+0x10/0x10 [ 708.165124][T16613] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 708.165146][T16613] ? alloc_fd+0x679/0x6f0 [ 708.165166][T16613] do_sys_openat2+0x115/0x200 [ 708.165177][T16613] ? __pfx_do_sys_openat2+0x10/0x10 [ 708.165192][T16613] ? ksys_write+0x248/0x270 [ 708.165205][T16613] ? __pfx_ksys_write+0x10/0x10 [ 708.165218][T16613] __x64_sys_openat+0x138/0x170 [ 708.165229][T16613] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.165239][T16613] do_syscall_64+0x15f/0x560 [ 708.165253][T16613] ? trace_irq_disable+0x3b/0x140 [ 708.165265][T16613] ? clear_bhb_loop+0x40/0x90 [ 708.165277][T16613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.165286][T16613] RIP: 0033:0x7eff00d7d68e [ 708.165297][T16613] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 708.165306][T16613] RSP: 002b:00007efeff00db28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 708.165318][T16613] RAX: ffffffffffffffda RBX: 00007efeff00e6c0 RCX: 00007eff00d7d68e [ 708.165325][T16613] RDX: 0000000000108383 RSI: 00007efeff00dc00 RDI: ffffffffffffff9c [ 708.165332][T16613] RBP: 00007efeff00dc00 R08: 0000000000000000 R09: 0000000000000000 [ 708.165338][T16613] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 708.165345][T16613] R13: 00007eff01036038 R14: 00007eff01035fa0 R15: 00007ffe6d2355a8 [ 708.165360][T16613] [ 708.165409][T16613] ERROR: Out of memory at tomoyo_realpath_from_path. [ 708.262500][T13848] pwc: recv_control_msg error -32 req 02 val 2b00 [ 708.263365][T13848] pwc: recv_control_msg error -32 req 02 val 2700 [ 708.264420][T13848] pwc: recv_control_msg error -32 req 02 val 2c00 [ 708.266820][T13848] pwc: recv_control_msg error -32 req 04 val 1000 [ 708.268440][T13848] pwc: recv_control_msg error -32 req 04 val 1300 [ 708.269082][T13848] pwc: recv_control_msg error -32 req 04 val 1400 [ 708.270953][T16616] FAULT_INJECTION: forcing a failure. [ 708.270953][T16616] name failslab, interval 1, probability 0, space 0, times 0 [ 708.270986][T16616] CPU: 1 UID: 0 PID: 16616 Comm: syz.0.3828 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 708.271009][T16616] Tainted: [L]=SOFTLOCKUP [ 708.271016][T16616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 708.271027][T16616] Call Trace: [ 708.271035][T16616] [ 708.271043][T16616] dump_stack_lvl+0xe8/0x150 [ 708.271071][T16616] should_fail_ex+0x46b/0x600 [ 708.271097][T16616] should_failslab+0xa8/0x100 [ 708.271120][T16616] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 708.271138][T16616] ? __alloc_skb+0x1d0/0x7d0 [ 708.271156][T16616] ? lockdep_hardirqs_on+0x7a/0x110 [ 708.271182][T16616] __alloc_skb+0x1d0/0x7d0 [ 708.271205][T16616] netlink_sendmsg+0x5d4/0xb40 [ 708.271234][T16616] ? __pfx_netlink_sendmsg+0x10/0x10 [ 708.271256][T16616] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 708.271280][T16616] ? aa_sock_msg_perm+0x122/0x200 [ 708.271298][T16616] ? __pfx_netlink_sendmsg+0x10/0x10 [ 708.271321][T16616] sock_sendmsg_nosec+0x112/0x150 [ 708.271344][T16616] ____sys_sendmsg+0x55c/0x870 [ 708.271373][T16616] ? __pfx_____sys_sendmsg+0x10/0x10 [ 708.271406][T16616] ? import_iovec+0x73/0xa0 [ 708.271427][T16616] ___sys_sendmsg+0x2a5/0x360 [ 708.271448][T16616] ? __lock_acquire+0x6b5/0x2d10 [ 708.271472][T16616] ? __pfx____sys_sendmsg+0x10/0x10 [ 708.271525][T16616] ? __fget_files+0x2a/0x420 [ 708.271542][T16616] ? __fget_files+0x3a6/0x420 [ 708.271566][T16616] __x64_sys_sendmsg+0x1c3/0x2a0 [ 708.271591][T16616] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 708.271629][T16616] ? __pfx_ksys_write+0x10/0x10 [ 708.271656][T16616] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.271676][T16616] do_syscall_64+0x15f/0x560 [ 708.271698][T16616] ? trace_irq_disable+0x3b/0x140 [ 708.271717][T16616] ? clear_bhb_loop+0x40/0x90 [ 708.271738][T16616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.271755][T16616] RIP: 0033:0x7eff00dbce59 [ 708.271774][T16616] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 708.271789][T16616] RSP: 002b:00007efeff00e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 708.271809][T16616] RAX: ffffffffffffffda RBX: 00007eff01035fa0 RCX: 00007eff00dbce59 [ 708.271823][T16616] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000005 [ 708.271835][T16616] RBP: 00007efeff00e090 R08: 0000000000000000 R09: 0000000000000000 [ 708.271845][T16616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 708.271857][T16616] R13: 00007eff01036038 R14: 00007eff01035fa0 R15: 00007ffe6d2355a8 [ 708.271885][T16616] [ 708.272713][T13848] pwc: recv_control_msg error -32 req 02 val 2000 [ 708.273364][T13848] pwc: recv_control_msg error -32 req 02 val 2100 [ 708.274436][T13848] pwc: recv_control_msg error -32 req 04 val 1500 [ 708.277795][T13848] pwc: recv_control_msg error -32 req 02 val 2500 [ 708.279065][T13848] pwc: recv_control_msg error -32 req 02 val 2400 [ 708.280805][T13848] pwc: recv_control_msg error -32 req 02 val 2600 [ 708.486371][T13848] pwc: recv_control_msg error -71 req 02 val 2800 [ 708.493141][T13848] pwc: recv_control_msg error -71 req 04 val 1100 [ 708.502641][T13848] pwc: recv_control_msg error -71 req 04 val 1200 [ 708.512737][T13848] pwc: Registered as video103. [ 708.526752][T13848] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input92 [ 708.550976][T13848] usb 4-1: USB disconnect, device number 15 [ 709.519062][T16663] FAULT_INJECTION: forcing a failure. [ 709.519062][T16663] name failslab, interval 1, probability 0, space 0, times 0 [ 709.519097][T16663] CPU: 0 UID: 0 PID: 16663 Comm: syz.1.3846 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 709.519123][T16663] Tainted: [L]=SOFTLOCKUP [ 709.519130][T16663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 709.519140][T16663] Call Trace: [ 709.519148][T16663] [ 709.519156][T16663] dump_stack_lvl+0xe8/0x150 [ 709.519182][T16663] should_fail_ex+0x46b/0x600 [ 709.519213][T16663] should_failslab+0xa8/0x100 [ 709.519235][T16663] kmem_cache_alloc_noprof+0x87/0x680 [ 709.519255][T16663] ? skb_clone+0x212/0x3a0 [ 709.519283][T16663] skb_clone+0x212/0x3a0 [ 709.519311][T16663] __netlink_deliver_tap+0x424/0x8b0 [ 709.519346][T16663] ? netlink_deliver_tap+0x2e/0x1b0 [ 709.519371][T16663] netlink_deliver_tap+0x19c/0x1b0 [ 709.519395][T16663] netlink_unicast+0x754/0x920 [ 709.519427][T16663] netlink_sendmsg+0x813/0xb40 [ 709.519459][T16663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 709.519493][T16663] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 709.519515][T16663] ? __pfx___css_rstat_updated+0x10/0x10 [ 709.519638][T16663] ? aa_sock_msg_perm+0x122/0x200 [ 709.519656][T16663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 709.519680][T16663] sock_sendmsg_nosec+0x112/0x150 [ 709.519702][T16663] ____sys_sendmsg+0x55c/0x870 [ 709.519730][T16663] ? __pfx_____sys_sendmsg+0x10/0x10 [ 709.519762][T16663] ? import_iovec+0x73/0xa0 [ 709.519785][T16663] ___sys_sendmsg+0x2a5/0x360 [ 709.519807][T16663] ? __lock_acquire+0x6b5/0x2d10 [ 709.519832][T16663] ? __pfx____sys_sendmsg+0x10/0x10 [ 709.519862][T16663] ? finish_task_switch+0x41f/0xbe0 [ 709.519974][T16663] ? __fget_files+0x2a/0x420 [ 709.519991][T16663] ? __fget_files+0x3a6/0x420 [ 709.520018][T16663] __x64_sys_sendmsg+0x1c3/0x2a0 [ 709.520044][T16663] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 709.520067][T16663] ? sched_clock_cpu+0x74/0x440 [ 709.520153][T16663] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.520172][T16663] do_syscall_64+0x15f/0x560 [ 709.520196][T16663] ? clear_bhb_loop+0x40/0x90 [ 709.520220][T16663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.520237][T16663] RIP: 0033:0x7fd22ee5ce59 [ 709.520254][T16663] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 709.520270][T16663] RSP: 002b:00007fd22d0ae028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 709.520290][T16663] RAX: ffffffffffffffda RBX: 00007fd22f0d5fa0 RCX: 00007fd22ee5ce59 [ 709.520304][T16663] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 709.520316][T16663] RBP: 00007fd22d0ae090 R08: 0000000000000000 R09: 0000000000000000 [ 709.520328][T16663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 709.520339][T16663] R13: 00007fd22f0d6038 R14: 00007fd22f0d5fa0 R15: 00007fff5ad59a88 [ 709.520369][T16663] [ 709.520455][T16663] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3846'. [ 709.603767][ T5727] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 709.855808][ T5727] usb 4-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 709.855834][ T5727] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 709.878434][ T5727] usb 4-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 709.878463][ T5727] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 709.878481][ T5727] usb 4-1: Product: syz [ 709.878494][ T5727] usb 4-1: Manufacturer: syz [ 709.878506][ T5727] usb 4-1: SerialNumber: syz [ 709.922612][ T5727] usb 4-1: config 0 descriptor?? [ 709.939831][ T5727] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 710.177122][T16688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 710.177983][T16688] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 710.219641][ T5727] gspca_sunplus: reg_r err -71 [ 710.219733][ T5727] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 710.244305][ T5727] usb 4-1: USB disconnect, device number 16 [ 710.417687][T16698] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3659427032 (29275416256 ns) > initial count (9353363104 ns). Using initial count to start timer. [ 710.478656][T13848] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 710.647316][T13848] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 710.647350][T13848] usb 2-1: config 0 has no interface number 0 [ 710.647380][T13848] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 710.647417][T13848] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 710.647443][T13848] usb 2-1: config 0 interface 255 has no altsetting 0 [ 710.647474][T13848] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 710.647494][T13848] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 710.655658][T13848] usb 2-1: config 0 descriptor?? [ 710.662834][T13848] cp210x 2-1:0.255: cp210x converter detected [ 711.317930][T13848] cp210x 2-1:0.255: failed to get vendor val 0x000e size 3: -71 [ 711.360069][T13848] usb 2-1: cp210x converter now attached to ttyUSB0 [ 711.373383][T13848] usb 2-1: USB disconnect, device number 48 [ 711.380378][T13848] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 711.389363][T13848] cp210x 2-1:0.255: device disconnected [ 711.693796][ T5711] usb 3-1: new full-speed USB device number 37 using dummy_hcd [ 711.803838][ T4942] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 711.858560][ T5711] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 711.858591][ T5711] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 711.858606][ T5711] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 711.860742][ T5711] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 711.860771][ T5711] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 711.860790][ T5711] usb 3-1: Product: syz [ 711.860803][ T5711] usb 3-1: Manufacturer: syz [ 711.860814][ T5711] usb 3-1: SerialNumber: syz [ 711.928744][T16741] sctp: [Deprecated]: syz.3.3879 (pid 16741) Use of int in maxseg socket option. [ 711.928744][T16741] Use struct sctp_assoc_value instead [ 711.953754][ T4942] usb 1-1: Using ep0 maxpacket: 8 [ 711.956536][ T4942] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 711.956567][ T4942] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 711.956648][ T4942] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 711.956671][ T4942] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 711.956709][ T4942] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 711.956730][ T4942] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 712.110941][T16736] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 712.111277][T16736] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 712.143486][ T10] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 712.157961][ T10] hid-generic 0000:0000:0000.0030: hidraw0: HID v0.00 Device [syz1] on syz0 [ 712.219888][ T4942] usb 1-1: GET_CAPABILITIES returned 0 [ 712.219916][ T4942] usbtmc 1-1:16.0: can't read capabilities [ 712.352098][ T5711] cdc_ncm 3-1:1.0: bind() failure [ 712.384364][ T5711] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 712.387773][ T5711] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 712.417749][ T5711] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 712.462553][ T5711] usb 3-1: USB disconnect, device number 37 [ 712.581444][T16759] FAULT_INJECTION: forcing a failure. [ 712.581444][T16759] name failslab, interval 1, probability 0, space 0, times 0 [ 712.581468][T16759] CPU: 1 UID: 0 PID: 16759 Comm: syz.2.3884 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 712.581483][T16759] Tainted: [L]=SOFTLOCKUP [ 712.581487][T16759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 712.581494][T16759] Call Trace: [ 712.581499][T16759] [ 712.581504][T16759] dump_stack_lvl+0xe8/0x150 [ 712.581523][T16759] should_fail_ex+0x46b/0x600 [ 712.581541][T16759] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 712.581652][T16759] should_failslab+0xa8/0x100 [ 712.581666][T16759] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 712.581679][T16759] kmem_cache_alloc_lru_noprof+0x8b/0x680 [ 712.581691][T16759] ? mqueue_alloc_inode+0x28/0x40 [ 712.581706][T16759] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 712.581719][T16759] mqueue_alloc_inode+0x28/0x40 [ 712.581733][T16759] alloc_inode+0x6a/0x1b0 [ 712.581748][T16759] ? __pfx_mqueue_fill_super+0x10/0x10 [ 712.581762][T16759] new_inode+0x22/0x170 [ 712.581771][T16759] ? sget_fc+0x962/0xa40 [ 712.581781][T16759] ? __pfx_mqueue_fill_super+0x10/0x10 [ 712.581796][T16759] mqueue_fill_super+0xdc/0x380 [ 712.581809][T16759] ? __pfx_mqueue_fill_super+0x10/0x10 [ 712.581823][T16759] get_tree_nodev+0xbb/0x150 [ 712.581836][T16759] vfs_get_tree+0x92/0x2a0 [ 712.581849][T16759] fc_mount_longterm+0x1c/0x100 [ 712.581864][T16759] mq_init_ns+0x513/0x760 [ 712.581891][T16759] copy_ipcs+0x460/0x6c0 [ 712.581907][T16759] create_new_namespaces+0x210/0x6a0 [ 712.581924][T16759] ? bpf_lsm_capable+0x9/0x20 [ 712.581968][T16759] ? security_capable+0x7e/0x2c0 [ 712.581987][T16759] unshare_nsproxy_namespaces+0x149/0x190 [ 712.582003][T16759] ksys_unshare+0x57d/0x9f0 [ 712.582019][T16759] ? __pfx_ksys_unshare+0x10/0x10 [ 712.582029][T16759] ? __pfx_ksys_write+0x10/0x10 [ 712.582045][T16759] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.582056][T16759] __x64_sys_unshare+0x38/0x50 [ 712.582066][T16759] do_syscall_64+0x15f/0x560 [ 712.582082][T16759] ? trace_irq_disable+0x3b/0x140 [ 712.582093][T16759] ? clear_bhb_loop+0x40/0x90 [ 712.582106][T16759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.582116][T16759] RIP: 0033:0x7f32675fce59 [ 712.582127][T16759] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 712.582136][T16759] RSP: 002b:00007f3265856028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 712.582148][T16759] RAX: ffffffffffffffda RBX: 00007f3267875fa0 RCX: 00007f32675fce59 [ 712.582156][T16759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000028040680 [ 712.582163][T16759] RBP: 00007f3265856090 R08: 0000000000000000 R09: 0000000000000000 [ 712.582169][T16759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 712.582175][T16759] R13: 00007f3267876038 R14: 00007f3267875fa0 R15: 00007ffd96eac798 [ 712.582197][T16759] [ 713.253793][ T5794] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 713.253990][ T5711] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 713.343289][T16775] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3890'. [ 713.455975][ T5794] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 95, setting to 64 [ 713.456006][ T5794] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 713.456018][ T5794] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 713.458249][ T5711] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 713.458278][ T5711] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 713.458293][ T5711] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 713.460548][ T5711] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 713.460573][ T5711] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 713.460592][ T5711] usb 4-1: Product: syz [ 713.460605][ T5711] usb 4-1: Manufacturer: syz [ 713.460616][ T5711] usb 4-1: SerialNumber: syz [ 713.467165][ T5794] usb 3-1: config 0 descriptor?? [ 713.477915][ T5711] usb 4-1: config 0 descriptor?? [ 713.504925][T16773] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 713.505333][T16768] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 713.506102][T16768] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 713.508654][ T5711] usb 4-1: ucan: probing device on interface #0 [ 713.613765][ T4942] usb 2-1: new low-speed USB device number 49 using dummy_hcd [ 713.779294][ T4942] usb 2-1: unable to get BOS descriptor or descriptor too short [ 713.781818][ T4942] usb 2-1: config 8 has an invalid interface number: 242 but max is 0 [ 713.781846][ T4942] usb 2-1: config 8 has no interface number 0 [ 713.781892][ T4942] usb 2-1: config 8 interface 242 altsetting 255 endpoint 0x9 has invalid maxpacket 32, setting to 8 [ 713.781976][ T4942] usb 2-1: config 8 interface 242 has no altsetting 0 [ 713.783920][ T5794] ath6kl: Failed to submit usb control message: -71 [ 713.783967][ T5794] ath6kl: unable to send the bmi data to the device: -71 [ 713.784392][ T5794] ath6kl: Unable to send get target info: -71 [ 713.856803][ T4942] usb 2-1: string descriptor 0 read error: -22 [ 713.856922][ T4942] usb 2-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice= 1.79 [ 713.856935][ T4942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 713.912754][ T5794] ath6kl: Failed to init ath6kl core: -71 [ 713.929270][ T5794] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 713.961546][ T5794] usb 3-1: USB disconnect, device number 38 [ 714.162583][ T5711] ucan 4-1:0.0 can0: registered device [ 714.165492][ T4942] usb 2-1: USB disconnect, device number 49 [ 714.354469][ T5711] ucan 4-1:0.0 can0: firmware string: )x [ 714.561982][ T5794] usb 4-1: USB disconnect, device number 17 [ 714.577593][ T10] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 714.584680][ T4942] usb 1-1: USB disconnect, device number 56 [ 714.735929][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 714.735991][ T10] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 714.736013][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.895910][ T10] usb 3-1: config 0 descriptor?? [ 714.897673][T16803] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 714.931721][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 715.215901][T16815] FAULT_INJECTION: forcing a failure. [ 715.215901][T16815] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 715.215943][T16815] CPU: 0 UID: 0 PID: 16815 Comm: syz.0.3899 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 715.215969][T16815] Tainted: [L]=SOFTLOCKUP [ 715.215977][T16815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 715.216012][T16815] Call Trace: [ 715.216020][T16815] [ 715.216027][T16815] dump_stack_lvl+0xe8/0x150 [ 715.216053][T16815] should_fail_ex+0x46b/0x600 [ 715.216081][T16815] _copy_to_user+0x31/0xb0 [ 715.216103][T16815] simple_read_from_buffer+0xe1/0x170 [ 715.216134][T16815] proc_fail_nth_read+0x1be/0x230 [ 715.216157][T16815] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 715.216179][T16815] ? rw_verify_area+0x2ac/0x4e0 [ 715.216197][T16815] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 715.216218][T16815] vfs_read+0x212/0xa80 [ 715.216246][T16815] ? __pfx_vfs_read+0x10/0x10 [ 715.216268][T16815] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 715.216291][T16815] ? lockdep_hardirqs_on+0x7a/0x110 [ 715.216313][T16815] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 715.216335][T16815] ? mutex_lock_nested+0x152/0x1d0 [ 715.216352][T16815] ? fdget_pos+0x252/0x320 [ 715.216376][T16815] ksys_read+0x156/0x270 [ 715.216397][T16815] ? __pfx_ksys_read+0x10/0x10 [ 715.216424][T16815] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.216442][T16815] do_syscall_64+0x15f/0x560 [ 715.216462][T16815] ? trace_irq_disable+0x3b/0x140 [ 715.216480][T16815] ? clear_bhb_loop+0x40/0x90 [ 715.216500][T16815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.216517][T16815] RIP: 0033:0x7eff00d7d68e [ 715.216534][T16815] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 715.216547][T16815] RSP: 002b:00007efeff00dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 715.216566][T16815] RAX: ffffffffffffffda RBX: 00007efeff00e6c0 RCX: 00007eff00d7d68e [ 715.216579][T16815] RDX: 000000000000000f RSI: 00007efeff00e0a0 RDI: 0000000000000004 [ 715.216590][T16815] RBP: 00007efeff00e090 R08: 0000000000000000 R09: 0000000000000000 [ 715.216601][T16815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 715.216612][T16815] R13: 00007eff01036038 R14: 00007eff01035fa0 R15: 00007ffe6d2355a8 [ 715.216642][T16815] [ 715.335883][ T10] pwc: recv_control_msg error -71 req 02 val 2700 [ 715.345735][T16819] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.3902'. [ 715.390986][ T10] pwc: recv_control_msg error -71 req 02 val 2c00 [ 715.413917][ T10] pwc: recv_control_msg error -71 req 04 val 1000 [ 715.422947][ T10] pwc: recv_control_msg error -71 req 04 val 1300 [ 715.479425][ T10] pwc: recv_control_msg error -71 req 04 val 1400 [ 715.491802][ T10] pwc: recv_control_msg error -71 req 02 val 2000 [ 715.503764][ T5794] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 715.508269][ T10] pwc: recv_control_msg error -71 req 02 val 2100 [ 715.532298][ T10] pwc: recv_control_msg error -71 req 04 val 1500 [ 715.534267][ T10] pwc: recv_control_msg error -71 req 02 val 2500 [ 715.550516][ T10] pwc: recv_control_msg error -71 req 02 val 2400 [ 715.551008][ T10] pwc: recv_control_msg error -71 req 02 val 2600 [ 715.551472][ T10] pwc: recv_control_msg error -71 req 02 val 2900 [ 715.551925][ T10] pwc: recv_control_msg error -71 req 02 val 2800 [ 715.552566][ T10] pwc: recv_control_msg error -71 req 04 val 1100 [ 715.553019][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 715.597118][ T10] pwc: Registered as video103. [ 715.600329][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input93 [ 715.645102][ T10] usb 3-1: USB disconnect, device number 39 [ 715.657778][ T5794] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 715.657803][ T5794] usb 4-1: config 0 has no interface number 0 [ 715.657844][ T5794] usb 4-1: config 0 interface 1 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 715.657869][ T5794] usb 4-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 715.657891][ T5794] usb 4-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 715.657921][ T5794] usb 4-1: config 0 interface 1 has no altsetting 0 [ 715.657951][ T5794] usb 4-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 715.657972][ T5794] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 715.749309][ T5794] usb 4-1: config 0 descriptor?? [ 716.102689][T16837] FAULT_INJECTION: forcing a failure. [ 716.102689][T16837] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 716.102726][T16837] CPU: 0 UID: 0 PID: 16837 Comm: syz.2.3906 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 716.102751][T16837] Tainted: [L]=SOFTLOCKUP [ 716.102758][T16837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 716.102768][T16837] Call Trace: [ 716.102775][T16837] [ 716.102784][T16837] dump_stack_lvl+0xe8/0x150 [ 716.102811][T16837] should_fail_ex+0x46b/0x600 [ 716.102841][T16837] prepare_alloc_pages+0x22a/0x6b0 [ 716.102871][T16837] __alloc_frozen_pages_noprof+0x12f/0x380 [ 716.102896][T16837] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 716.102921][T16837] ? __pfx_policy_nodemask+0x10/0x10 [ 716.102944][T16837] ? __lock_acquire+0x6b5/0x2d10 [ 716.102971][T16837] alloc_pages_mpol+0xd1/0x380 [ 716.102996][T16837] folio_alloc_mpol_noprof+0x3b/0x1e0 [ 716.103020][T16837] vma_alloc_folio_noprof+0xe1/0x1e0 [ 716.103044][T16837] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 716.103067][T16837] ? __pte_offset_map+0x29/0x200 [ 716.103096][T16837] do_pte_missing+0x822/0x2940 [ 716.103125][T16837] ? handle_mm_fault+0xed/0x14d0 [ 716.103148][T16837] handle_mm_fault+0xdc2/0x14d0 [ 716.103170][T16837] ? handle_mm_fault+0xed/0x14d0 [ 716.103192][T16837] ? __pfx_handle_mm_fault+0x10/0x10 [ 716.103212][T16837] ? follow_page_pte+0xbe2/0xe60 [ 716.103238][T16837] ? __pfx_follow_page_pte+0x10/0x10 [ 716.103267][T16837] __get_user_pages+0x16d4/0x2620 [ 716.103389][T16837] ? __gup_longterm_locked+0xc4e/0x1630 [ 716.103426][T16837] __gup_longterm_locked+0xdcf/0x1630 [ 716.103458][T16837] ? sanity_check_pinned_pages+0x7af/0x870 [ 716.103491][T16837] gup_fast_fallback+0x1cfd/0x2040 [ 716.103546][T16837] ? __pfx_gup_fast_fallback+0x10/0x10 [ 716.103564][T16837] ? is_valid_gup_args+0x11f/0x200 [ 716.103583][T16837] ? pin_user_pages_fast+0x4d/0xb0 [ 716.103604][T16837] rds_info_getsockopt+0x20e/0x400 [ 716.103632][T16837] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 716.103654][T16837] ? __might_fault+0xaf/0x130 [ 716.103677][T16837] ? rds_getsockopt+0x17b/0x500 [ 716.103703][T16837] ? __pfx_rds_getsockopt+0x10/0x10 [ 716.103727][T16837] do_sock_getsockopt+0x51d/0x7e0 [ 716.103756][T16837] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 716.103793][T16837] ? __fget_files+0x3a6/0x420 [ 716.103811][T16837] ? __fget_files+0x2a/0x420 [ 716.103835][T16837] __x64_sys_getsockopt+0x1aa/0x250 [ 716.103863][T16837] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 716.103883][T16837] do_syscall_64+0x15f/0x560 [ 716.103906][T16837] ? trace_irq_disable+0x3b/0x140 [ 716.103926][T16837] ? clear_bhb_loop+0x40/0x90 [ 716.103948][T16837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 716.103966][T16837] RIP: 0033:0x7f32675fce59 [ 716.103984][T16837] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 716.104000][T16837] RSP: 002b:00007f3265856028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 716.104020][T16837] RAX: ffffffffffffffda RBX: 00007f3267875fa0 RCX: 00007f32675fce59 [ 716.104033][T16837] RDX: 000000000000271c RSI: 0000200000000114 RDI: 0000000000000003 [ 716.104046][T16837] RBP: 00007f3265856090 R08: 0000200000000040 R09: 0000000000000000 [ 716.104058][T16837] R10: 0000200000005ec0 R11: 0000000000000246 R12: 0000000000000002 [ 716.104069][T16837] R13: 00007f3267876038 R14: 00007f3267875fa0 R15: 00007ffd96eac798 [ 716.104097][T16837] [ 716.396547][ T5794] uclogic 0003:145F:0212.0031: pen parameters not found [ 716.396576][ T5794] uclogic 0003:145F:0212.0031: interface is invalid, ignoring [ 716.435221][ T5794] usb 4-1: USB disconnect, device number 18 [ 716.503179][T16843] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3908'. [ 716.753771][ T10] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 716.793765][ T5704] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 716.913749][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 716.917377][ T10] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 716.917404][ T10] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 716.917422][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 716.917470][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 716.917490][ T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 716.917512][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 716.917550][ T10] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 716.917571][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 716.943675][ T5704] usb 2-1: Using ep0 maxpacket: 32 [ 717.002695][ T5704] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 717.002743][ T5704] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 717.002766][ T5704] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 717.044014][ T10] usb 1-1: config 0 descriptor?? [ 717.065936][ T5704] usb 2-1: config 0 descriptor?? [ 717.313132][ T10] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 57 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 717.344107][ T10] usb 1-1: USB disconnect, device number 57 [ 717.364595][ T10] usblp0: removed [ 717.510172][ T5704] usbhid 2-1:0.0: can't add hid device: -71 [ 717.510277][ T5704] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 717.544173][ T5704] usb 2-1: USB disconnect, device number 50 [ 717.778610][T16902] FAULT_INJECTION: forcing a failure. [ 717.778610][T16902] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 717.778635][T16902] CPU: 0 UID: 0 PID: 16902 Comm: syz.2.3928 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 717.778652][T16902] Tainted: [L]=SOFTLOCKUP [ 717.778656][T16902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 717.778662][T16902] Call Trace: [ 717.778666][T16902] [ 717.778672][T16902] dump_stack_lvl+0xe8/0x150 [ 717.778688][T16902] should_fail_ex+0x46b/0x600 [ 717.778706][T16902] _copy_from_iter+0x1d3/0x1670 [ 717.778726][T16902] ? trace_kmem_cache_alloc+0x29/0xe0 [ 717.778737][T16902] ? __alloc_skb+0x27d/0x7d0 [ 717.778750][T16902] ? __pfx__copy_from_iter+0x10/0x10 [ 717.778764][T16902] ? kmem_cache_alloc_node_noprof+0x27c/0x6e0 [ 717.778774][T16902] ? __alloc_skb+0x27d/0x7d0 [ 717.778789][T16902] ? netlink_sendmsg+0x650/0xb40 [ 717.778803][T16902] ? skb_put+0x11b/0x210 [ 717.778817][T16902] netlink_sendmsg+0x6c0/0xb40 [ 717.778835][T16902] ? __pfx_netlink_sendmsg+0x10/0x10 [ 717.778850][T16902] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 717.778864][T16902] ? aa_sock_msg_perm+0x122/0x200 [ 717.778875][T16902] ? __pfx_netlink_sendmsg+0x10/0x10 [ 717.778894][T16902] sock_sendmsg_nosec+0x112/0x150 [ 717.778915][T16902] ____sys_sendmsg+0x55c/0x870 [ 717.778942][T16902] ? __pfx_____sys_sendmsg+0x10/0x10 [ 717.778971][T16902] ? import_iovec+0x73/0xa0 [ 717.778991][T16902] ___sys_sendmsg+0x2a5/0x360 [ 717.779006][T16902] ? __lock_acquire+0x6b5/0x2d10 [ 717.779025][T16902] ? __pfx____sys_sendmsg+0x10/0x10 [ 717.779055][T16902] ? __fget_files+0x2a/0x420 [ 717.779065][T16902] ? __fget_files+0x3a6/0x420 [ 717.779078][T16902] __x64_sys_sendmsg+0x1c3/0x2a0 [ 717.779094][T16902] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 717.779112][T16902] ? __pfx_ksys_write+0x10/0x10 [ 717.779129][T16902] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.779140][T16902] do_syscall_64+0x15f/0x560 [ 717.779154][T16902] ? trace_irq_disable+0x3b/0x140 [ 717.779166][T16902] ? clear_bhb_loop+0x40/0x90 [ 717.779178][T16902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.779188][T16902] RIP: 0033:0x7f32675fce59 [ 717.779198][T16902] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 717.779213][T16902] RSP: 002b:00007f3265856028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 717.779232][T16902] RAX: ffffffffffffffda RBX: 00007f3267875fa0 RCX: 00007f32675fce59 [ 717.779245][T16902] RDX: 0000000000044000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 717.779258][T16902] RBP: 00007f3265856090 R08: 0000000000000000 R09: 0000000000000000 [ 717.779268][T16902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 717.779277][T16902] R13: 00007f3267876038 R14: 00007f3267875fa0 R15: 00007ffd96eac798 [ 717.779303][T16902] [ 717.794532][ T10] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 718.083673][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 718.098135][ T10] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 718.098160][ T10] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 718.098179][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 718.098225][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 718.098245][ T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 718.098267][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 718.098305][ T10] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 718.098324][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 718.184281][ T10] usb 1-1: config 0 descriptor?? [ 718.388844][ T10] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 58 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 718.524401][ T5794] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 718.683861][ T5794] usb 2-1: Using ep0 maxpacket: 8 [ 718.687846][ T5794] usb 2-1: unable to get BOS descriptor or descriptor too short [ 718.689368][ T5794] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 718.689399][ T5794] usb 2-1: can't read configurations, error -61 [ 718.740290][T16941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 718.740842][T16941] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 718.748629][ T10] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 718.775451][T16943] netlink: 'syz.2.3948': attribute type 41 has an invalid length. [ 718.814364][ T5794] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 718.916885][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 718.916918][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 718.916959][ T10] usb 4-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 718.916981][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 718.963710][ T5794] usb 2-1: Using ep0 maxpacket: 8 [ 718.966800][ T5794] usb 2-1: unable to get BOS descriptor or descriptor too short [ 718.969356][ T5794] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 718.969387][ T5794] usb 2-1: can't read configurations, error -61 [ 718.969938][ T5794] usb usb2-port1: attempt power cycle [ 719.002711][ T10] usb 4-1: config 0 descriptor?? [ 719.326272][ T5794] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 719.344642][ T5794] usb 2-1: Using ep0 maxpacket: 8 [ 719.348004][ T5794] usb 2-1: unable to get BOS descriptor or descriptor too short [ 719.352697][ T5794] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 719.352731][ T5794] usb 2-1: can't read configurations, error -61 [ 719.417844][ T10] betop 0003:11C2:2208.0032: unexpected long global item [ 719.418613][ T10] betop 0003:11C2:2208.0032: parse failed [ 719.418702][ T10] betop 0003:11C2:2208.0032: probe with driver betop failed with error -22 [ 719.484824][ T5794] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 719.505123][ T5794] usb 2-1: Using ep0 maxpacket: 8 [ 719.508963][ T5794] usb 2-1: unable to get BOS descriptor or descriptor too short [ 719.512065][ T5794] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 719.512100][ T5794] usb 2-1: can't read configurations, error -61 [ 719.513286][ T5794] usb usb2-port1: unable to enumerate USB device [ 719.617659][ T5794] usb 4-1: USB disconnect, device number 19 [ 719.913311][ T5794] usb 1-1: USB disconnect, device number 58 [ 719.927054][ T5794] usblp0: removed [ 720.105466][T16993] netlink: 172 bytes leftover after parsing attributes in process `syz.2.3970'. [ 720.355052][ T5794] usb 1-1: new full-speed USB device number 59 using dummy_hcd [ 720.475590][T17021] FAULT_INJECTION: forcing a failure. [ 720.475590][T17021] name failslab, interval 1, probability 0, space 0, times 0 [ 720.475615][T17021] CPU: 0 UID: 0 PID: 17021 Comm: syz.2.3980 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 720.475630][T17021] Tainted: [L]=SOFTLOCKUP [ 720.475634][T17021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 720.475641][T17021] Call Trace: [ 720.475646][T17021] [ 720.475651][T17021] dump_stack_lvl+0xe8/0x150 [ 720.475671][T17021] should_fail_ex+0x46b/0x600 [ 720.475689][T17021] should_failslab+0xa8/0x100 [ 720.475704][T17021] __kmalloc_noprof+0xdf/0x7b0 [ 720.475716][T17021] ? kfree+0x4d/0x6c0 [ 720.475725][T17021] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 720.475740][T17021] tomoyo_realpath_from_path+0xe3/0x5d0 [ 720.475752][T17021] ? tomoyo_domain+0xd7/0x130 [ 720.475765][T17021] ? tomoyo_path_number_perm+0x219/0x630 [ 720.475780][T17021] tomoyo_path_number_perm+0x246/0x630 [ 720.475794][T17021] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 720.475808][T17021] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 720.475823][T17021] ? register_lock_class+0x31/0x2e0 [ 720.475853][T17021] ? __pfx_from_kgid+0x10/0x10 [ 720.475953][T17021] security_path_chown+0x139/0x340 [ 720.475967][T17021] chown_common+0x40c/0x6c0 [ 720.475987][T17021] ? __pfx_chown_common+0x10/0x10 [ 720.476007][T17021] ? mnt_get_write_access+0x262/0x2d0 [ 720.476025][T17021] do_fchownat+0x14c/0x250 [ 720.476040][T17021] ? __pfx_do_fchownat+0x10/0x10 [ 720.476054][T17021] ? __pfx_ksys_write+0x10/0x10 [ 720.476068][T17021] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.476079][T17021] __x64_sys_chown+0x82/0xa0 [ 720.476094][T17021] do_syscall_64+0x15f/0x560 [ 720.476116][T17021] ? trace_irq_disable+0x3b/0x140 [ 720.476127][T17021] ? clear_bhb_loop+0x40/0x90 [ 720.476140][T17021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.476150][T17021] RIP: 0033:0x7f32675fce59 [ 720.476161][T17021] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 720.476170][T17021] RSP: 002b:00007f3265856028 EFLAGS: 00000246 ORIG_RAX: 000000000000005c [ 720.476183][T17021] RAX: ffffffffffffffda RBX: 00007f3267875fa0 RCX: 00007f32675fce59 [ 720.476190][T17021] RDX: 000000000000ee01 RSI: 0000000000000000 RDI: 00002000000003c0 [ 720.476197][T17021] RBP: 00007f3265856090 R08: 0000000000000000 R09: 0000000000000000 [ 720.476204][T17021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 720.476210][T17021] R13: 00007f3267876038 R14: 00007f3267875fa0 R15: 00007ffd96eac798 [ 720.476226][T17021] [ 720.476231][T17021] ERROR: Out of memory at tomoyo_realpath_from_path. [ 720.515490][ T5711] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 720.518997][ T5794] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 720.519122][ T5794] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 16 [ 720.520765][ T5794] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 720.520793][ T5794] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 720.520813][ T5794] usb 1-1: SerialNumber: syz [ 720.539663][ T5794] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 720.675969][ T5711] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 720.675994][ T5711] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 720.678810][ T5711] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 720.678837][ T5711] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 720.678855][ T5711] usb 4-1: SerialNumber: syz [ 720.719245][ T5711] usb 4-1: 0:2 : does not exist [ 721.267243][ T5711] usb 1-1: USB disconnect, device number 59 [ 721.298796][T17046] FAULT_INJECTION: forcing a failure. [ 721.298796][T17046] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 721.298830][T17046] CPU: 1 UID: 0 PID: 17046 Comm: syz.2.3992 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 721.298855][T17046] Tainted: [L]=SOFTLOCKUP [ 721.298862][T17046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 721.298872][T17046] Call Trace: [ 721.298880][T17046] [ 721.298888][T17046] dump_stack_lvl+0xe8/0x150 [ 721.298916][T17046] should_fail_ex+0x46b/0x600 [ 721.298945][T17046] _copy_to_user+0x31/0xb0 [ 721.298968][T17046] simple_read_from_buffer+0xe1/0x170 [ 721.299072][T17046] proc_fail_nth_read+0x1be/0x230 [ 721.299097][T17046] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 721.299119][T17046] ? rw_verify_area+0x2ac/0x4e0 [ 721.299136][T17046] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 721.299156][T17046] vfs_read+0x212/0xa80 [ 721.299187][T17046] ? __pfx_vfs_read+0x10/0x10 [ 721.299208][T17046] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 721.299240][T17046] ? lockdep_hardirqs_on+0x7a/0x110 [ 721.299263][T17046] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 721.299286][T17046] ? mutex_lock_nested+0x152/0x1d0 [ 721.299304][T17046] ? fdget_pos+0x252/0x320 [ 721.299331][T17046] ksys_read+0x156/0x270 [ 721.299354][T17046] ? __pfx_ksys_read+0x10/0x10 [ 721.299386][T17046] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.299407][T17046] do_syscall_64+0x15f/0x560 [ 721.299429][T17046] ? trace_irq_disable+0x3b/0x140 [ 721.299449][T17046] ? clear_bhb_loop+0x40/0x90 [ 721.299472][T17046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.299490][T17046] RIP: 0033:0x7f32675bd68e [ 721.299508][T17046] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 721.299524][T17046] RSP: 002b:00007f3265834fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 721.299545][T17046] RAX: ffffffffffffffda RBX: 00007f32658356c0 RCX: 00007f32675bd68e [ 721.299559][T17046] RDX: 000000000000000f RSI: 00007f32658350a0 RDI: 0000000000000004 [ 721.299574][T17046] RBP: 00007f3265835090 R08: 0000000000000000 R09: 0000000000000000 [ 721.299585][T17046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 721.299596][T17046] R13: 00007f3267876128 R14: 00007f3267876090 R15: 00007ffd96eac798 [ 721.299623][T17046] [ 721.664590][T17058] overlay: filesystem on ./file0 not supported as upperdir [ 721.758424][T17067] FAULT_INJECTION: forcing a failure. [ 721.758424][T17067] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 721.758449][T17067] CPU: 1 UID: 0 PID: 17067 Comm: syz.2.4003 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 721.758464][T17067] Tainted: [L]=SOFTLOCKUP [ 721.758469][T17067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 721.758476][T17067] Call Trace: [ 721.758481][T17067] [ 721.758486][T17067] dump_stack_lvl+0xe8/0x150 [ 721.758504][T17067] should_fail_ex+0x46b/0x600 [ 721.758523][T17067] _copy_to_user+0x31/0xb0 [ 721.758538][T17067] kvm_arch_dev_ioctl+0x68a/0x9e0 [ 721.758630][T17067] ? do_vfs_ioctl+0x117b/0x1540 [ 721.758645][T17067] ? __pfx_kvm_arch_dev_ioctl+0x10/0x10 [ 721.758657][T17067] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 721.758683][T17067] kvm_dev_ioctl+0x606/0x1610 [ 721.758738][T17067] ? __fget_files+0x2a/0x420 [ 721.758749][T17067] ? __fget_files+0x2a/0x420 [ 721.758759][T17067] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 721.758771][T17067] ? __fget_files+0x2a/0x420 [ 721.758782][T17067] ? bpf_lsm_file_ioctl+0x9/0x20 [ 721.758797][T17067] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 721.758810][T17067] __se_sys_ioctl+0xff/0x170 [ 721.758822][T17067] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.758834][T17067] do_syscall_64+0x15f/0x560 [ 721.758848][T17067] ? trace_irq_disable+0x3b/0x140 [ 721.758860][T17067] ? clear_bhb_loop+0x40/0x90 [ 721.758872][T17067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.758882][T17067] RIP: 0033:0x7f32675fce59 [ 721.758893][T17067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 721.758904][T17067] RSP: 002b:00007f3265856028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 721.758919][T17067] RAX: ffffffffffffffda RBX: 00007f3267875fa0 RCX: 00007f32675fce59 [ 721.758930][T17067] RDX: 00002000000000c0 RSI: 00000000c008aec1 RDI: 0000000000000003 [ 721.758941][T17067] RBP: 00007f3265856090 R08: 0000000000000000 R09: 0000000000000000 [ 721.758952][T17067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 721.758965][T17067] R13: 00007f3267876038 R14: 00007f3267875fa0 R15: 00007ffd96eac798 [ 721.758991][T17067] [ 721.953469][ T5711] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 722.155991][ T5711] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 722.156047][ T5711] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 722.156069][ T5711] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 722.159690][ T5711] usb 2-1: config 0 descriptor?? [ 722.199770][ T5711] pwc: Askey VC010 type 2 USB webcam detected. [ 722.383914][ T5794] usb 1-1: new low-speed USB device number 60 using dummy_hcd [ 722.533918][ T5794] usb 1-1: Invalid ep0 maxpacket: 64 [ 722.570325][ T5711] pwc: recv_control_msg error -32 req 02 val 2b00 [ 722.571014][ T5711] pwc: recv_control_msg error -32 req 02 val 2700 [ 722.571560][ T5711] pwc: recv_control_msg error -32 req 02 val 2c00 [ 722.572087][ T5711] pwc: recv_control_msg error -32 req 04 val 1000 [ 722.572646][ T5711] pwc: recv_control_msg error -32 req 04 val 1300 [ 722.573171][ T5711] pwc: recv_control_msg error -32 req 04 val 1400 [ 722.668564][ T5711] pwc: recv_control_msg error -32 req 02 val 2000 [ 722.669101][ T5711] pwc: recv_control_msg error -32 req 02 val 2100 [ 722.669990][ T5711] pwc: recv_control_msg error -32 req 04 val 1500 [ 722.671047][ T5711] pwc: recv_control_msg error -32 req 02 val 2500 [ 722.673772][ T5794] usb 1-1: new low-speed USB device number 61 using dummy_hcd [ 722.847782][ T5711] pwc: recv_control_msg error -71 req 02 val 2400 [ 722.848355][ T5711] pwc: recv_control_msg error -71 req 02 val 2600 [ 722.848810][ T5711] pwc: recv_control_msg error -71 req 02 val 2900 [ 722.849324][ T5711] pwc: recv_control_msg error -71 req 02 val 2800 [ 722.849973][ T5711] pwc: recv_control_msg error -71 req 04 val 1100 [ 722.850467][ T5711] pwc: recv_control_msg error -71 req 04 val 1200 [ 722.852872][ T5711] pwc: Registered as video103. [ 722.898750][ T5794] usb 1-1: Invalid ep0 maxpacket: 64 [ 722.900626][ T5794] usb usb1-port1: attempt power cycle [ 722.910594][ T5711] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input94 [ 722.936004][ T5711] usb 2-1: USB disconnect, device number 55 [ 723.110203][ T3430] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 723.233822][ T5794] usb 1-1: new low-speed USB device number 62 using dummy_hcd [ 723.245816][ T5711] usb 4-1: USB disconnect, device number 20 [ 723.254447][ T5794] usb 1-1: Invalid ep0 maxpacket: 64 [ 723.393843][ T5794] usb 1-1: new low-speed USB device number 63 using dummy_hcd [ 723.417284][ T5794] usb 1-1: Invalid ep0 maxpacket: 64 [ 723.417615][ T5794] usb usb1-port1: unable to enumerate USB device [ 723.485672][T17091] overlay: filesystem on ./file0 not supported as upperdir [ 723.763752][ T5727] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 723.789181][T17100] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4012'. [ 723.913757][ T5727] usb 4-1: Using ep0 maxpacket: 8 [ 723.916067][ T5727] usb 4-1: unable to get BOS descriptor or descriptor too short [ 723.918034][ T5727] usb 4-1: config 3 has an invalid interface number: 31 but max is 0 [ 723.918061][ T5727] usb 4-1: config 3 has no interface number 0 [ 723.918099][ T5727] usb 4-1: config 3 interface 31 altsetting 95 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 723.918113][ T5727] usb 4-1: config 3 interface 31 altsetting 95 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 723.918126][ T5727] usb 4-1: config 3 interface 31 altsetting 95 has a duplicate endpoint with address 0x4, skipping [ 723.918137][ T5727] usb 4-1: config 3 interface 31 altsetting 95 has an invalid descriptor for endpoint zero, skipping [ 723.918148][ T5727] usb 4-1: config 3 interface 31 altsetting 95 has a duplicate endpoint with address 0x3, skipping [ 723.918161][ T5727] usb 4-1: config 3 interface 31 has no altsetting 0 [ 723.945825][ T5727] usb 4-1: New USB device found, idVendor=17cc, idProduct=0839, bcdDevice=a1.8f [ 723.945853][ T5727] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 723.945871][ T5727] usb 4-1: Product: syz [ 723.945884][ T5727] usb 4-1: Manufacturer: syz [ 723.945897][ T5727] usb 4-1: SerialNumber: syz [ 724.209531][ T5727] snd-usb-caiaq 4-1:3.31: can't set alt interface. [ 724.209625][ T5727] usb 4-1: unable to init card! (ret=-5) [ 724.236307][ T5727] snd-usb-caiaq 4-1:3.31: probe with driver snd-usb-caiaq failed with error -5 [ 724.267597][ T5727] usb 4-1: USB disconnect, device number 21 [ 725.066829][T17118] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 725.524083][ T5727] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 725.678955][ T5727] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 725.678984][ T5727] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 725.679002][ T5727] usb 1-1: Product: syz [ 725.679015][ T5727] usb 1-1: Manufacturer: syz [ 725.679027][ T5727] usb 1-1: SerialNumber: syz [ 725.742379][ T5727] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 725.841988][ T5725] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 726.043002][ C0] usb 1-1: ath: unknown panic pattern! [ 726.276351][ T5711] usb 1-1: USB disconnect, device number 64 [ 726.723813][ T5727] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 726.784108][T17122] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 726.784492][T17122] block device autoloading is deprecated and will be removed. [ 726.834284][T17122] [ 726.834297][T17122] ====================================================== [ 726.834306][T17122] WARNING: possible circular locking dependency detected [ 726.834394][T17122] syzkaller #0 Tainted: G L [ 726.834406][T17122] ------------------------------------------------------ [ 726.834413][T17122] syz.3.4023/17122 is trying to acquire lock: [ 726.834423][T17122] ffff888072efc4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0 [ 726.834578][T17122] [ 726.834578][T17122] but task is already holding lock: [ 726.834585][T17122] ffffffff8e0756d8 (system_transition_mutex){+.+.}-{4:4}, at: software_resume+0x47/0x4c0 [ 726.834667][T17122] [ 726.834667][T17122] which lock already depends on the new lock. [ 726.834667][T17122] [ 726.834673][T17122] [ 726.834673][T17122] the existing dependency chain (in reverse order) is: [ 726.834680][T17122] [ 726.834680][T17122] -> #4 (system_transition_mutex){+.+.}-{4:4}: [ 726.834743][T17122] mutex_lock_nested+0x5a/0x1d0 [ 726.834765][T17122] pm_test_store+0x95/0x480 [ 726.834783][T17122] kernfs_fop_write_iter+0x3b0/0x540 [ 726.834805][T17122] iter_file_splice_write+0x9a6/0x10f0 [ 726.834821][T17122] direct_splice_actor+0x104/0x160 [ 726.834836][T17122] splice_direct_to_actor+0x545/0xc80 [ 726.834851][T17122] do_splice_direct+0x19b/0x2a0 [ 726.834865][T17122] do_sendfile+0x547/0x7e0 [ 726.834885][T17122] __se_sys_sendfile64+0xdf/0x1a0 [ 726.834902][T17122] do_syscall_64+0x15f/0x560 [ 726.834921][T17122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.834936][T17122] [ 726.834936][T17122] -> #3 (&of->mutex){+.+.}-{4:4}: [ 726.834958][T17122] mutex_lock_nested+0x5a/0x1d0 [ 726.834972][T17122] kernfs_fop_write_iter+0x1df/0x540 [ 726.834991][T17122] lo_rw_aio+0xc80/0xf00 [ 726.835068][T17122] loop_process_work+0x637/0x11b0 [ 726.835087][T17122] process_one_work+0x98b/0x1630 [ 726.835108][T17122] worker_thread+0xb49/0x1140 [ 726.835129][T17122] kthread+0x388/0x470 [ 726.835144][T17122] ret_from_fork+0x514/0xb70 [ 726.835161][T17122] ret_from_fork_asm+0x1a/0x30 [ 726.835182][T17122] [ 726.835182][T17122] -> #2 ((work_completion)(&worker->work)){+.+.}-{0:0}: [ 726.835206][T17122] process_one_work+0x8d7/0x1630 [ 726.835227][T17122] worker_thread+0xb49/0x1140 [ 726.835247][T17122] kthread+0x388/0x470 [ 726.835263][T17122] ret_from_fork+0x514/0xb70 [ 726.835278][T17122] ret_from_fork_asm+0x1a/0x30 [ 726.835296][T17122] [ 726.835296][T17122] -> #1 ((wq_completion)loop5){+.+.}-{0:0}: [ 726.835319][T17122] touch_wq_lockdep_map+0xcb/0x180 [ 726.835335][T17122] __flush_workqueue+0x14b/0x14f0 [ 726.835350][T17122] drain_workqueue+0xd3/0x390 [ 726.835365][T17122] lo_release+0x287/0x8f0 [ 726.835383][T17122] bdev_release+0x541/0x660 [ 726.835404][T17122] blkdev_release+0x15/0x20 [ 726.835425][T17122] __fput+0x461/0xa70 [ 726.835438][T17122] task_work_run+0x1d9/0x270 [ 726.835457][T17122] exit_to_user_mode_loop+0xf3/0x4d0 [ 726.835475][T17122] do_syscall_64+0x33e/0x560 [ 726.835494][T17122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.835509][T17122] [ 726.835509][T17122] -> #0 (&disk->open_mutex){+.+.}-{4:4}: [ 726.835533][T17122] __lock_acquire+0x15a5/0x2d10 [ 726.835552][T17122] lock_acquire+0x106/0x350 [ 726.835571][T17122] mutex_lock_nested+0x5a/0x1d0 [ 726.835588][T17122] bdev_open+0xe0/0xcc0 [ 726.835609][T17122] bdev_file_open_by_dev+0x1be/0x240 [ 726.835639][T17122] swsusp_check+0x56/0x490 [ 726.835658][T17122] software_resume+0x51/0x4c0 [ 726.835682][T17122] resume_store+0x333/0x4f0 [ 726.835697][T17122] kernfs_fop_write_iter+0x3b0/0x540 [ 726.835718][T17122] vfs_write+0x629/0xba0 [ 726.835736][T17122] ksys_write+0x156/0x270 [ 726.835752][T17122] do_syscall_64+0x15f/0x560 [ 726.835774][T17122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.835790][T17122] [ 726.835790][T17122] other info that might help us debug this: [ 726.835790][T17122] [ 726.835797][T17122] Chain exists of: [ 726.835797][T17122] &disk->open_mutex --> &of->mutex --> system_transition_mutex [ 726.835797][T17122] [ 726.835824][T17122] Possible unsafe locking scenario: [ 726.835824][T17122] [ 726.835876][T17122] CPU0 CPU1 [ 726.835882][T17122] ---- ---- [ 726.835913][T17122] lock(system_transition_mutex); [ 726.835926][T17122] lock(&of->mutex); [ 726.835940][T17122] lock(system_transition_mutex); [ 726.835952][T17122] lock(&disk->open_mutex); [ 726.835962][T17122] [ 726.835962][T17122] *** DEADLOCK *** [ 726.835962][T17122] [ 726.835966][T17122] 5 locks held by syz.3.4023/17122: [ 726.835976][T17122] #0: ffff88802745cf28 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x252/0x320 [ 726.836016][T17122] #1: ffff888036800480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 726.836065][T17122] #2: ffff88803b739c78 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 726.836107][T17122] #3: ffff88801f2a0f08 (kn->active#65){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 726.836153][T17122] #4: ffffffff8e0756d8 (system_transition_mutex){+.+.}-{4:4}, at: software_resume+0x47/0x4c0 [ 726.836197][T17122] [ 726.836197][T17122] stack backtrace: [ 726.836211][T17122] CPU: 1 UID: 0 PID: 17122 Comm: syz.3.4023 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 726.836235][T17122] Tainted: [L]=SOFTLOCKUP [ 726.836241][T17122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 726.836254][T17122] Call Trace: [ 726.836261][T17122] [ 726.836270][T17122] dump_stack_lvl+0xe8/0x150 [ 726.836291][T17122] print_circular_bug+0x2e1/0x300 [ 726.836317][T17122] check_noncircular+0x12e/0x150 [ 726.836343][T17122] __lock_acquire+0x15a5/0x2d10 [ 726.836366][T17122] ? do_raw_spin_lock+0x12b/0x2f0 [ 726.836388][T17122] ? bdev_open+0xe0/0xcc0 [ 726.836410][T17122] lock_acquire+0x106/0x350 [ 726.836430][T17122] ? bdev_open+0xe0/0xcc0 [ 726.836453][T17122] ? bdev_open+0xe0/0xcc0 [ 726.836476][T17122] ? bdev_open+0xe0/0xcc0 [ 726.836497][T17122] mutex_lock_nested+0x5a/0x1d0 [ 726.836515][T17122] ? bdev_open+0xe0/0xcc0 [ 726.836539][T17122] bdev_open+0xe0/0xcc0 [ 726.836565][T17122] bdev_file_open_by_dev+0x1be/0x240 [ 726.836590][T17122] swsusp_check+0x56/0x490 [ 726.836609][T17122] software_resume+0x51/0x4c0 [ 726.836644][T17122] resume_store+0x333/0x4f0 [ 726.836661][T17122] ? sysfs_file_kobj+0x1a/0x230 [ 726.836684][T17122] ? __pfx_resume_store+0x10/0x10 [ 726.836703][T17122] ? sysfs_file_kobj+0x1a/0x230 [ 726.836728][T17122] ? sysfs_file_kobj+0x1e4/0x230 [ 726.836752][T17122] ? sysfs_kf_write+0x166/0x260 [ 726.836770][T17122] ? __pfx_sysfs_kf_write+0x10/0x10 [ 726.836785][T17122] kernfs_fop_write_iter+0x3b0/0x540 [ 726.836810][T17122] vfs_write+0x629/0xba0 [ 726.836832][T17122] ? __pfx_vfs_write+0x10/0x10 [ 726.836851][T17122] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 726.836873][T17122] ? lockdep_hardirqs_on+0x7a/0x110 [ 726.836896][T17122] ? mutex_lock_nested+0x152/0x1d0 [ 726.836914][T17122] ? fdget_pos+0x252/0x320 [ 726.836932][T17122] ksys_write+0x156/0x270 [ 726.836951][T17122] ? __pfx_ksys_write+0x10/0x10 [ 726.836972][T17122] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.836989][T17122] do_syscall_64+0x15f/0x560 [ 726.837010][T17122] ? trace_irq_disable+0x3b/0x140 [ 726.837029][T17122] ? clear_bhb_loop+0x40/0x90 [ 726.837046][T17122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.837064][T17122] RIP: 0033:0x7f973b56ce59 [ 726.837081][T17122] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 726.837097][T17122] RSP: 002b:00007f97397c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 726.837115][T17122] RAX: ffffffffffffffda RBX: 00007f973b7e5fa0 RCX: 00007f973b56ce59 [ 726.837130][T17122] RDX: 0000000000000012 RSI: 0000200000000040 RDI: 0000000000000006 [ 726.837142][T17122] RBP: 00007f973b602d6f R08: 0000000000000000 R09: 0000000000000000 [ 726.837154][T17122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 726.837164][T17122] R13: 00007f973b7e6038 R14: 00007f973b7e5fa0 R15: 00007ffcef69ed08 [ 726.837182][T17122] [ 726.837480][T17122] PM: Image not found (code -5) [ 726.881703][T17164] overlay: filesystem on ./file0 not supported as upperdir [ 727.010108][ T5725] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 727.057455][T17151] PM: Image not found (code -6) [ 727.284544][ T5725] ath9k_htc: Failed to initialize the device [ 727.285055][ T5711] usb 1-1: ath9k_htc: USB layer deinitialized