last executing test programs: 5m2.248751243s ago: executing program 2 (id=1477): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0xbf48ce7, "1803c809800000000800000000000000000000000000d63175876b4c69a600", 0xffffffffffffffff}) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000000)={0x2, "fa02c80a3a1e9d4b9aaf000000008d674fe69b5b7638dd031dd7504fe5809639", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r1, 0xffffffffffffffff}) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0x6, "34e6498c25f58dad9987ffe93bbabd18cf504a2700", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f00000000c0)={"0e337b42cc00d331ff0007000003000000001a00", r6}) 5m2.248587395s ago: executing program 2 (id=1478): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f018581c0bc0065666765f36f0f33f0100a660f3a0cb9000000752066b9800000c00f3a32c632c6004000a50f01d70f0901", 0x32}], 0x1, 0x54, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x696e6549) 5m2.236449715s ago: executing program 2 (id=1479): sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x8004) r0 = syz_open_dev$vbi(&(0x7f0000001040), 0x0, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000031c0)={0xfffffffd, 0xc2, 0x1, {0x6, @sliced={0xd, [0x8001, 0x5, 0x1, 0x9, 0x4, 0x7, 0xc7e, 0x1, 0xf000, 0x8, 0x3, 0x7, 0x1, 0x7, 0x7fff, 0x7, 0x49d, 0x5, 0x400, 0x1, 0x8, 0x4, 0xfff, 0x100, 0x7, 0x7, 0x4, 0x6, 0x7865, 0xa2, 0x3, 0xff, 0x0, 0x8000, 0x1, 0x200, 0x6, 0xe375, 0x80, 0x4, 0x4, 0x0, 0xfff, 0x1ff, 0x6, 0x1, 0x2, 0x1], 0x6}}, 0x10000}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x5, 0x0, 0x3}, [@NFQA_CFG_CMD={0x8, 0x1, {0x4, 0x0, 0x2}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4040000) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0xf80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x20011, r2, 0xd6baf000) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) connect$inet(r4, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f00000000c0)={0x2f01, 0x0}) 5m2.134376898s ago: executing program 2 (id=1482): openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) (async) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) (async) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000) syz_open_dev$dri(0x0, 0x1, 0x0) syz_usb_disconnect(r1) (async) syz_usb_disconnect(r1) writev(r2, &(0x7f0000000340), 0x0) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23, @remote}, 0x10) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r3, 0x8ee4a000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r3, 0x8ee4a000) sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000000f060104000000000000000002000002050001f406000000050001000700000006000b0004000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) (async) sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000000f060104000000000000000002000002050001f406000000050001000700000006000b0004000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) memfd_create(&(0x7f0000000000)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06F\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xdeL\x1d\x98Zq\xcc%\x98\xb0Yc\xec\xb7\xb5m(9\xde\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47}%)\xb9\xbf{\xce\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]\x1e\x88\xecif\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1d2\xb8\x80Z\xf7\x06\xbe\xc9[L\xc5\xc9\xb5\xd6{\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x8fXeT\'0.\x85\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\xacH\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d#\xea\xd2\xa8\xfb^\x8c\x87#\x10', 0x7) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x300000e, 0x2010, r0, 0x2d9cf000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) 5m1.392136258s ago: executing program 2 (id=1487): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000200)="da467702e2520108dcebc5560e4f93142974b51221138c2cdf5b4d5781b800c423ace69c1eba8d", 0x27}], 0x1, 0x0, 0x0, 0x4000}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$inet(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x20048050) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="930200007d00000005f0000000000000040000000000000000000000000000000000000000000000000000000000000000001f00206e6f6465767b6376666f7892ffffff8102000000000031ffcebc920000003800704a86cec602007dfa673effeb09b5351f5bde05f700000000187b8200b500003b595fcb14034354b9fd9ef196a51cd5157adc8106b494e11200cfc2001000000000000000000000f313f6005500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8d489da649a37002c016f6465762d6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b17dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9"], 0x232) sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x20040000) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r0, 0x0, 0x0) 5m1.192666069s ago: executing program 2 (id=1488): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, &(0x7f0000000080)={@hyper}) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) close_range(r0, 0xffffffffffffffff, 0xd0070000) 5m1.070503992s ago: executing program 32 (id=1488): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, &(0x7f0000000080)={@hyper}) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) close_range(r0, 0xffffffffffffffff, 0xd0070000) 5.586670819s ago: executing program 3 (id=3503): r0 = syz_usb_connect(0x3, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b02, 0x0) (fail_nth: 8) 3.527180354s ago: executing program 1 (id=3535): writev(0xffffffffffffffff, 0x0, 0x0) userfaultfd(0x80001) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) 3.364665437s ago: executing program 1 (id=3539): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) 2.583763017s ago: executing program 4 (id=3548): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2) r1 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000100)={r1, 0x0, 0x0, 0x1000}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000140)=0x1) 2.548841404s ago: executing program 4 (id=3549): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x4, 0x10000) 2.476553505s ago: executing program 3 (id=3550): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa8f94000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x109}], {0x14}}, 0x3c}}, 0x0) 2.476405984s ago: executing program 1 (id=3551): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) 2.469916995s ago: executing program 4 (id=3552): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ptrace$ARCH_SHSTK_STATUS(0x1e, 0x0, 0x0, 0x5005) bind$inet(r3, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000001080)='dctcp\x00', 0x6) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x24040ffd, &(0x7f0000000440)={0x2, 0x4e23, @local}, 0x10) 1.539061713s ago: executing program 1 (id=3559): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r0, 0x0) r1 = accept4$unix(r0, 0x0, 0x0, 0x0) recvfrom$unix(r1, &(0x7f0000000680)=""/250, 0xfffffffffffffea1, 0x20, 0x0, 0x0) 1.488617985s ago: executing program 4 (id=3560): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) 1.244524017s ago: executing program 3 (id=3564): r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="89070404", 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$inet(r0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 1.108564627s ago: executing program 4 (id=3567): r0 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000002c40)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000140)={r1, &(0x7f00000001c0)=[{}, {0x80000000}], 0x0}) ioctl$MEDIA_IOC_ENUM_ENTITIES(r0, 0xc1007c01, &(0x7f00000004c0)={r2}) 683.415948ms ago: executing program 4 (id=3570): ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448c9, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r0, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 620.779453ms ago: executing program 1 (id=3571): openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x301001, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') ptrace(0x10, r0) ptrace$poke(0x5, r0, &(0x7f0000000080), 0x0) 574.92232ms ago: executing program 1 (id=3574): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x536, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) 492.637899ms ago: executing program 0 (id=3575): setuid(0xee00) setreuid(0xffffffffffffffff, 0xffffffffffffffff) 492.48935ms ago: executing program 0 (id=3576): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1e5) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="ff", 0x1}], 0x1, 0x6, 0x1, 0x81) 455.723985ms ago: executing program 0 (id=3577): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/netfilter\x00') r1 = fanotify_init(0x40, 0x40000) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1) fanotify_mark(r1, 0x1, 0x40001019, r0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 395.830828ms ago: executing program 3 (id=3578): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) pwritev(0xffffffffffffffff, 0x0, 0x0, 0xffffffff, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 56.749137ms ago: executing program 3 (id=3579): fanotify_init(0x200, 0x0) 56.583042ms ago: executing program 3 (id=3580): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000700)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000580)=""/36, 0x24}], 0x1}, 0x1}], 0x1, 0x2003, 0x0) sendmsg$NL80211_CMD_REGISTER_FRAME(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000840)=ANY=[], 0xfc}, 0x1, 0x0, 0x0, 0x4800}, 0x24020000) 56.480388ms ago: executing program 0 (id=3581): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd16", 0x8}], 0x1}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000440)=""/71, 0x47}], 0x1}, 0x40002141) 27.338681ms ago: executing program 0 (id=3582): openat(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x0, 0x0) 0s ago: executing program 0 (id=3583): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 0s ago: executing program 0 (id=3585): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304, 0x36}, "1a88ef816c4b42ed", "a5fdeb69a751e94df50ad7e9fb434d1665e9298b01e49419567b443803cf578f", "6d02cd81", "066580001e00"}, 0x38) setsockopt$inet6_tcp_int(r0, 0x11a, 0x4, &(0x7f0000000140), 0x2) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r2 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f0000000200)=ANY=[@ANYRES32=r1]) kernel console output (not intermixed with test programs): from eth2 [ 523.386146][T15041] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 523.508053][T15041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 523.545098][T15041] 8021q: adding VLAN 0 to HW filter on device team0 [ 523.573486][ T1082] bridge0: port 1(bridge_slave_0) entered blocking state [ 523.581482][ T1082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 523.598471][ T1082] bridge0: port 2(bridge_slave_1) entered blocking state [ 523.606729][ T1082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 523.929469][T15041] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 523.965787][ T10] usb 5-1: USB disconnect, device number 98 [ 524.027613][T15041] veth0_vlan: entered promiscuous mode [ 524.044796][T15041] veth1_vlan: entered promiscuous mode [ 524.087066][T15041] veth0_macvtap: entered promiscuous mode [ 524.110918][T15041] veth1_macvtap: entered promiscuous mode [ 524.160123][T15041] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 524.195564][T15041] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 524.245242][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.266963][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.288048][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.326716][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.463471][ T6524] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 524.482257][ T6524] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 524.547561][ T1082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 524.571191][ T1082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 524.753933][ T10] usb 5-1: new low-speed USB device number 99 using dummy_hcd [ 524.844083][ T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 524.851846][ T5860] Bluetooth: hci1: command tx timeout [ 524.914281][ T10] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 524.926297][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.936948][ T10] usb 5-1: config 0 descriptor?? [ 525.001187][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 525.007930][ T9] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 525.016414][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 525.021227][ T24] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 525.026415][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 525.045106][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 525.055824][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 525.070522][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 525.079706][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.149154][T15173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 525.158871][T15173] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 525.168467][ T10] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 525.202263][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 525.209098][ T24] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 525.218292][ T24] usb 4-1: config 0 has no interfaces? [ 525.229823][ T24] usb 4-1: config 0 has no interfaces? [ 525.237567][ T24] usb 4-1: config 0 has no interfaces? [ 525.246200][ T24] usb 4-1: config 0 has no interfaces? [ 525.254093][ T24] usb 4-1: config 0 has no interfaces? [ 525.263287][ T24] usb 4-1: config 0 has no interfaces? [ 525.274262][ T24] usb 4-1: config 0 has no interfaces? [ 525.282788][ T24] usb 4-1: config 0 has no interfaces? [ 525.293024][ T24] usb 4-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 525.299340][ T9] usb 2-1: usb_control_msg returned -32 [ 525.305333][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.328048][ T24] usb 4-1: Product: syz [ 525.328094][ T9] usbtmc 2-1:16.0: can't read capabilities [ 525.333495][ T24] usb 4-1: Manufacturer: syz [ 525.351438][ T24] usb 4-1: SerialNumber: syz [ 525.359651][ T24] usb 4-1: config 0 descriptor?? [ 525.370657][T15173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 525.380747][T15173] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 525.392490][ T10] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 525.407662][ T10] asix 5-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffc3 [ 525.419344][ T10] asix 5-1:0.0: probe with driver asix failed with error -61 [ 525.569946][ T10] usb 4-1: USB disconnect, device number 28 [ 525.838233][T15204] FAULT_INJECTION: forcing a failure. [ 525.838233][T15204] name failslab, interval 1, probability 0, space 0, times 0 [ 525.851399][T15204] CPU: 0 UID: 0 PID: 15204 Comm: syz.0.3217 Not tainted syzkaller #0 PREEMPT(full) [ 525.851428][T15204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 525.851442][T15204] Call Trace: [ 525.851451][T15204] [ 525.851459][T15204] dump_stack_lvl+0x189/0x250 [ 525.851495][T15204] ? __pfx____ratelimit+0x10/0x10 [ 525.851521][T15204] ? __pfx_dump_stack_lvl+0x10/0x10 [ 525.851552][T15204] ? __pfx__printk+0x10/0x10 [ 525.851581][T15204] ? __pfx___might_resched+0x10/0x10 [ 525.851604][T15204] ? lock_acquire+0x5f/0x360 [ 525.851625][T15204] should_fail_ex+0x414/0x560 [ 525.851655][T15204] should_failslab+0xa8/0x100 [ 525.851676][T15204] kmem_cache_alloc_node_noprof+0x76/0x390 [ 525.851706][T15204] ? __alloc_skb+0x112/0x2d0 [ 525.851735][T15204] __alloc_skb+0x112/0x2d0 [ 525.851763][T15204] alloc_skb_with_frags+0xca/0x890 [ 525.851795][T15204] ? rcu_is_watching+0x15/0xb0 [ 525.851818][T15204] ? lock_release+0x4b/0x3e0 [ 525.851835][T15204] ? __might_fault+0xb0/0x130 [ 525.851866][T15204] sock_alloc_send_pskb+0x857/0x990 [ 525.851892][T15204] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 525.851912][T15204] ? rcu_is_watching+0x15/0xb0 [ 525.851935][T15204] ? lock_release+0x4b/0x3e0 [ 525.851953][T15204] ? lock_release+0x4b/0x3e0 [ 525.851971][T15204] ? iov_iter_advance+0x8b/0x1c0 [ 525.851993][T15204] tun_get_user+0xa43/0x3e20 [ 525.852022][T15204] ? rcu_is_watching+0x15/0xb0 [ 525.852044][T15204] ? lock_release+0x4b/0x3e0 [ 525.852066][T15204] ? aa_file_perm+0x44d/0x1550 [ 525.852094][T15204] ? __pfx_tun_get_user+0x10/0x10 [ 525.852119][T15204] ? _parse_integer_limit+0x1ae/0x1f0 [ 525.852152][T15204] ? kstrtoull+0x12f/0x1d0 [ 525.852195][T15204] ? ref_tracker_alloc+0x318/0x460 [ 525.852224][T15204] ? get_pid_task+0x20/0x1f0 [ 525.852252][T15204] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 525.852283][T15204] ? tun_get+0x1c/0x2f0 [ 525.852306][T15204] ? tun_get+0x1c/0x2f0 [ 525.852330][T15204] ? rcu_is_watching+0x15/0xb0 [ 525.852352][T15204] ? tun_get+0x1c/0x2f0 [ 525.852375][T15204] ? lock_release+0x4b/0x3e0 [ 525.852393][T15204] ? common_file_perm+0x1b5/0x230 [ 525.852419][T15204] ? tun_get+0x1c/0x2f0 [ 525.852445][T15204] tun_chr_write_iter+0x113/0x200 [ 525.852471][T15204] vfs_write+0x5c9/0xb30 [ 525.852493][T15204] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 525.852519][T15204] ? __pfx_vfs_write+0x10/0x10 [ 525.852543][T15204] ? __fget_files+0x2a/0x420 [ 525.852570][T15204] ksys_write+0x145/0x250 [ 525.852592][T15204] ? __pfx_ksys_write+0x10/0x10 [ 525.852613][T15204] ? rcu_is_watching+0x15/0xb0 [ 525.852637][T15204] do_syscall_64+0xfa/0xfa0 [ 525.852665][T15204] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.852684][T15204] ? clear_bhb_loop+0x60/0xb0 [ 525.852706][T15204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.852724][T15204] RIP: 0033:0x7f58bcd8ebe9 [ 525.852738][T15204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 525.852751][T15204] RSP: 002b:00007f58bdb58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 525.852768][T15204] RAX: ffffffffffffffda RBX: 00007f58bcfb5fa0 RCX: 00007f58bcd8ebe9 [ 525.852779][T15204] RDX: 0000000000000ffe RSI: 00002000000000c0 RDI: 0000000000000003 [ 525.852789][T15204] RBP: 00007f58bdb58090 R08: 0000000000000000 R09: 0000000000000000 [ 525.852798][T15204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 525.852807][T15204] R13: 00007f58bcfb6038 R14: 00007f58bcfb5fa0 R15: 00007ffe7cfd2678 [ 525.852824][T15204] [ 526.206324][ C0] vkms_vblank_simulate: vblank timer overrun [ 526.227861][T15206] usbtmc 2-1:16.0: INITIATE_CLEAR returned 0 [ 526.605361][T15212] geneve1: entered allmulticast mode [ 526.931275][ T5860] Bluetooth: hci1: command tx timeout [ 527.590981][ T10] usb 5-1: USB disconnect, device number 99 [ 527.637875][ T9] usb 2-1: USB disconnect, device number 14 [ 527.971265][ T5978] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 528.001195][ T5900] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 528.052852][ T24] usb 5-1: new full-speed USB device number 100 using dummy_hcd [ 528.141603][ T5978] usb 1-1: Using ep0 maxpacket: 16 [ 528.148371][ T5978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 528.159692][ T5978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 528.170465][ T5900] usb 4-1: Using ep0 maxpacket: 32 [ 528.177318][ T5978] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 528.191169][ T5900] usb 4-1: no configurations [ 528.195828][ T5900] usb 4-1: can't read configurations, error -22 [ 528.204577][ T5978] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 528.214603][ T5978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.226537][ T5978] usb 1-1: config 0 descriptor?? [ 528.232929][ T24] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 528.246192][ T24] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 528.257134][ T24] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 10 [ 528.270469][ T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 528.279625][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.288633][ T24] usb 5-1: Product: syz [ 528.292926][ T24] usb 5-1: Manufacturer: syz [ 528.297566][ T24] usb 5-1: SerialNumber: syz [ 528.305283][T15247] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 528.351192][ T5900] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 528.441290][ T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 528.501146][ T5900] usb 4-1: Using ep0 maxpacket: 32 [ 528.506818][ T5900] usb 4-1: no configurations [ 528.511525][ T5900] usb 4-1: can't read configurations, error -22 [ 528.518176][ T5900] usb usb4-port1: attempt power cycle [ 528.519461][T15247] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 528.612298][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 528.618881][ T9] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 528.627269][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 528.637296][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 528.647300][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 528.657329][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 528.673355][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 528.679966][ T5978] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.004E/input/input20 [ 528.684453][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.721197][ T5978] microsoft 0003:045E:07DA.004E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 528.859563][T15240] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 528.864670][ T5900] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 528.868618][T15240] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 528.892599][T15240] can0: slcan on ttyS3. [ 528.894967][ T5900] usb 4-1: Using ep0 maxpacket: 32 [ 528.909150][ T5900] usb 4-1: no configurations [ 528.915039][ T5900] usb 4-1: can't read configurations, error -22 [ 528.917637][ T9] usb 2-1: usb_control_msg returned -32 [ 528.928189][ T9] usbtmc 2-1:16.0: can't read capabilities [ 528.973582][T15240] can0 (unregistered): slcan off ttyS3. [ 529.001408][ T5860] Bluetooth: hci1: command tx timeout [ 529.011806][T15259] block nbd0: server does not support multiple connections per device. [ 529.021789][T15259] block nbd0: shutting down sockets [ 529.065397][ T5900] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 529.074048][ T9] usb 1-1: USB disconnect, device number 61 [ 529.103591][ T5900] usb 4-1: Using ep0 maxpacket: 32 [ 529.109721][ T5900] usb 4-1: no configurations [ 529.116269][ T5900] usb 4-1: can't read configurations, error -22 [ 529.125932][ T5900] usb usb4-port1: unable to enumerate USB device [ 529.135878][T15247] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 529.358606][T15247] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 529.365178][T15247] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 529.398616][ T24] cdc_ncm 5-1:1.0: bind() failure [ 529.417077][ T24] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 529.428292][ T24] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 529.439319][ T24] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 529.456607][ T24] usb 5-1: USB disconnect, device number 100 [ 529.625920][T15289] usbtmc 2-1:16.0: INITIATE_CLEAR returned 0 [ 530.741440][ T951] usb 1-1: new low-speed USB device number 62 using dummy_hcd [ 530.877386][T15306] tmpfs: Unknown parameter 'gardlimit' [ 530.902709][ T951] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 530.912155][ T951] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.925595][ T951] usb 1-1: config 0 descriptor?? [ 531.194224][T15325] pvfs2: Unknown parameter '/dev/rnullb0' [ 531.224871][ T5978] usb 2-1: USB disconnect, device number 15 [ 531.303133][T15335] /dev/sg0: Can't lookup blockdev [ 531.348948][T15338] FAULT_INJECTION: forcing a failure. [ 531.348948][T15338] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 531.362721][T15338] CPU: 1 UID: 0 PID: 15338 Comm: syz.4.3255 Not tainted syzkaller #0 PREEMPT(full) [ 531.362761][T15338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 531.362776][T15338] Call Trace: [ 531.362784][T15338] [ 531.362792][T15338] dump_stack_lvl+0x189/0x250 [ 531.362830][T15338] ? __pfx____ratelimit+0x10/0x10 [ 531.362856][T15338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 531.362886][T15338] ? __pfx__printk+0x10/0x10 [ 531.362916][T15338] ? lock_acquire+0x5f/0x360 [ 531.362939][T15338] should_fail_ex+0x414/0x560 [ 531.362971][T15338] prepare_alloc_pages+0x213/0x610 [ 531.362996][T15338] __alloc_frozen_pages_noprof+0x123/0x370 [ 531.363022][T15338] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 531.363049][T15338] ? rcu_is_watching+0x15/0xb0 [ 531.363073][T15338] ? policy_nodemask+0x27c/0x720 [ 531.363108][T15338] alloc_pages_mpol+0x232/0x4a0 [ 531.363129][T15338] alloc_pages_noprof+0xa9/0x190 [ 531.363149][T15338] alloc_skb_with_frags+0x233/0x890 [ 531.363186][T15338] sock_alloc_send_pskb+0x857/0x990 [ 531.363216][T15338] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 531.363237][T15338] ? rcu_is_watching+0x15/0xb0 [ 531.363260][T15338] ? lock_release+0x4b/0x3e0 [ 531.363278][T15338] ? lock_release+0x4b/0x3e0 [ 531.363298][T15338] ? iov_iter_advance+0x8b/0x1c0 [ 531.363319][T15338] tun_get_user+0xa43/0x3e20 [ 531.363348][T15338] ? rcu_is_watching+0x15/0xb0 [ 531.363371][T15338] ? lock_release+0x4b/0x3e0 [ 531.363394][T15338] ? aa_file_perm+0x44d/0x1550 [ 531.363423][T15338] ? __pfx_tun_get_user+0x10/0x10 [ 531.363447][T15338] ? _parse_integer_limit+0x1ae/0x1f0 [ 531.363480][T15338] ? kstrtoull+0x12f/0x1d0 [ 531.363512][T15338] ? ref_tracker_alloc+0x318/0x460 [ 531.363542][T15338] ? get_pid_task+0x20/0x1f0 [ 531.363570][T15338] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 531.363601][T15338] ? tun_get+0x1c/0x2f0 [ 531.363625][T15338] ? tun_get+0x1c/0x2f0 [ 531.363649][T15338] ? rcu_is_watching+0x15/0xb0 [ 531.363670][T15338] ? tun_get+0x1c/0x2f0 [ 531.363693][T15338] ? lock_release+0x4b/0x3e0 [ 531.363711][T15338] ? common_file_perm+0x1b5/0x230 [ 531.363736][T15338] ? tun_get+0x1c/0x2f0 [ 531.363771][T15338] tun_chr_write_iter+0x113/0x200 [ 531.363797][T15338] vfs_write+0x5c9/0xb30 [ 531.363820][T15338] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 531.363845][T15338] ? __pfx_vfs_write+0x10/0x10 [ 531.363870][T15338] ? __fget_files+0x2a/0x420 [ 531.363898][T15338] ksys_write+0x145/0x250 [ 531.363920][T15338] ? __pfx_ksys_write+0x10/0x10 [ 531.363942][T15338] ? rcu_is_watching+0x15/0xb0 [ 531.363966][T15338] do_syscall_64+0xfa/0xfa0 [ 531.363994][T15338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.364014][T15338] ? clear_bhb_loop+0x60/0xb0 [ 531.364037][T15338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.364057][T15338] RIP: 0033:0x7fa17398ebe9 [ 531.364076][T15338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.364094][T15338] RSP: 002b:00007fa174886038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 531.364117][T15338] RAX: ffffffffffffffda RBX: 00007fa173bb5fa0 RCX: 00007fa17398ebe9 [ 531.364133][T15338] RDX: 0000000000000ffe RSI: 00002000000000c0 RDI: 0000000000000003 [ 531.364146][T15338] RBP: 00007fa174886090 R08: 0000000000000000 R09: 0000000000000000 [ 531.364159][T15338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 531.364172][T15338] R13: 00007fa173bb6038 R14: 00007fa173bb5fa0 R15: 00007fff4e8ab368 [ 531.364196][T15338] [ 531.771220][ T24] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 531.937869][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 531.956951][ T24] usb 4-1: no configurations [ 531.963928][ T24] usb 4-1: can't read configurations, error -22 [ 531.972709][T15356] binder: BINDER_SET_CONTEXT_MGR already set [ 531.978836][T15356] binder: 15354:15356 ioctl 4018620d 200000004a80 returned -16 [ 532.092869][ T24] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 532.251236][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 532.256980][ T24] usb 4-1: no configurations [ 532.264273][ T24] usb 4-1: can't read configurations, error -22 [ 532.270775][ T24] usb usb4-port1: attempt power cycle [ 532.321864][ T5862] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 532.471222][ T10] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 532.492961][ T5862] usb 2-1: Using ep0 maxpacket: 8 [ 532.500575][ T5862] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 532.509103][ T5862] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 532.518926][ T5862] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 532.528800][ T5862] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 532.539187][ T5862] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 532.552597][ T5862] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 532.561765][ T5862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.611172][ T24] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 532.631552][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 532.637176][ T24] usb 4-1: no configurations [ 532.641229][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 532.642131][ T24] usb 4-1: can't read configurations, error -22 [ 532.651108][ T10] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 532.662504][ T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 532.672666][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 532.682685][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 532.692704][ T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 532.705769][ T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 532.715107][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.752906][ T951] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 532.763207][ T951] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 532.774545][ T951] asix 1-1:0.0: probe with driver asix failed with error -71 [ 532.784226][ T5862] usb 2-1: usb_control_msg returned -32 [ 532.789872][ T5862] usbtmc 2-1:16.0: can't read capabilities [ 532.796058][ T951] usb 1-1: USB disconnect, device number 62 [ 532.801265][ T24] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 532.832541][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 532.838693][ T24] usb 4-1: no configurations [ 532.844424][ T24] usb 4-1: can't read configurations, error -22 [ 532.851725][ T24] usb usb4-port1: unable to enumerate USB device [ 532.927756][ T10] usb 5-1: usb_control_msg returned -32 [ 532.934354][ T10] usbtmc 5-1:16.0: can't read capabilities [ 533.484894][T15376] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 533.621883][ T951] usb 1-1: new high-speed USB device number 63 using dummy_hcd [ 533.631648][T15377] FAULT_INJECTION: forcing a failure. [ 533.631648][T15377] name failslab, interval 1, probability 0, space 0, times 0 [ 533.644363][T15377] CPU: 0 UID: 0 PID: 15377 Comm: syz.4.3268 Not tainted syzkaller #0 PREEMPT(full) [ 533.644390][T15377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 533.644404][T15377] Call Trace: [ 533.644423][T15377] [ 533.644433][T15377] dump_stack_lvl+0x189/0x250 [ 533.644461][T15377] ? __pfx____ratelimit+0x10/0x10 [ 533.644481][T15377] ? __pfx_dump_stack_lvl+0x10/0x10 [ 533.644503][T15377] ? __pfx__printk+0x10/0x10 [ 533.644525][T15377] ? __pfx___might_resched+0x10/0x10 [ 533.644547][T15377] ? lock_acquire+0x5f/0x360 [ 533.644562][T15377] should_fail_ex+0x414/0x560 [ 533.644585][T15377] should_failslab+0xa8/0x100 [ 533.644600][T15377] __kmalloc_noprof+0xcb/0x4b0 [ 533.644622][T15377] ? kfree+0x4d/0x440 [ 533.644640][T15377] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 533.644663][T15377] tomoyo_realpath_from_path+0xe3/0x5d0 [ 533.644685][T15377] ? tomoyo_domain+0xd9/0x130 [ 533.644707][T15377] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 533.644723][T15377] tomoyo_path_number_perm+0x1e8/0x5a0 [ 533.644739][T15377] ? lock_release+0x4b/0x3e0 [ 533.644753][T15377] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 533.644770][T15377] ? rcu_is_watching+0x15/0xb0 [ 533.644788][T15377] ? lock_release+0x4b/0x3e0 [ 533.644802][T15377] ? vfs_write+0x956/0xb30 [ 533.644818][T15377] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 533.644851][T15377] ? __fget_files+0x3a0/0x420 [ 533.644868][T15377] ? __fget_files+0x2a/0x420 [ 533.644886][T15377] security_file_ioctl+0xcb/0x2d0 [ 533.644902][T15377] __se_sys_ioctl+0x47/0x170 [ 533.644925][T15377] do_syscall_64+0xfa/0xfa0 [ 533.644945][T15377] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.644960][T15377] ? clear_bhb_loop+0x60/0xb0 [ 533.644976][T15377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.644991][T15377] RIP: 0033:0x7fa17398ebe9 [ 533.645003][T15377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 533.645016][T15377] RSP: 002b:00007fa174844038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 533.645032][T15377] RAX: ffffffffffffffda RBX: 00007fa173bb6180 RCX: 00007fa17398ebe9 [ 533.645043][T15377] RDX: 0000000000000000 RSI: 0000000000005b02 RDI: 0000000000000004 [ 533.645052][T15377] RBP: 00007fa174844090 R08: 0000000000000000 R09: 0000000000000000 [ 533.645062][T15377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 533.645071][T15377] R13: 00007fa173bb6218 R14: 00007fa173bb6180 R15: 00007fff4e8ab368 [ 533.645088][T15377] [ 533.645096][T15377] ERROR: Out of memory at tomoyo_realpath_from_path. [ 533.685948][ T44] usb 2-1: USB disconnect, device number 16 [ 533.686397][T15377] usbtmc 2-1:16.0: usb_control_msg returned -19 [ 533.841745][ C0] vkms_vblank_simulate: vblank timer overrun [ 534.011117][ T951] usb 1-1: Using ep0 maxpacket: 8 [ 534.017464][ T951] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 534.026371][ T951] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 534.036284][ T951] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 534.046260][ T951] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 534.056301][ T951] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 534.069361][ T951] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 534.078518][ T951] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.299937][ T951] usb 1-1: usb_control_msg returned -32 [ 534.307386][ T951] usbtmc 1-1:16.0: can't read capabilities [ 534.387144][T15391] FAULT_INJECTION: forcing a failure. [ 534.387144][T15391] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 534.400546][T15391] CPU: 0 UID: 0 PID: 15391 Comm: syz.3.3275 Not tainted syzkaller #0 PREEMPT(full) [ 534.400576][T15391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 534.400590][T15391] Call Trace: [ 534.400598][T15391] [ 534.400606][T15391] dump_stack_lvl+0x189/0x250 [ 534.400643][T15391] ? __pfx____ratelimit+0x10/0x10 [ 534.400670][T15391] ? __pfx_dump_stack_lvl+0x10/0x10 [ 534.400701][T15391] ? __pfx__printk+0x10/0x10 [ 534.400728][T15391] ? __might_fault+0xb0/0x130 [ 534.400763][T15391] ? rcu_is_watching+0x15/0xb0 [ 534.400789][T15391] should_fail_ex+0x414/0x560 [ 534.400819][T15391] _copy_from_iter+0x1de/0x1790 [ 534.400840][T15391] ? skb_set_owner_w+0x25b/0x3a0 [ 534.400874][T15391] ? sock_alloc_send_pskb+0x875/0x990 [ 534.400896][T15391] ? __pfx__copy_from_iter+0x10/0x10 [ 534.400921][T15391] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 534.400943][T15391] skb_copy_datagram_from_iter+0xf5/0x720 [ 534.400966][T15391] ? lock_release+0x4b/0x3e0 [ 534.400986][T15391] ? skb_put+0x11b/0x210 [ 534.401015][T15391] tun_get_user+0x1691/0x3e20 [ 534.401049][T15391] ? rcu_is_watching+0x15/0xb0 [ 534.401072][T15391] ? lock_release+0x4b/0x3e0 [ 534.401093][T15391] ? aa_file_perm+0x44d/0x1550 [ 534.401120][T15391] ? __pfx_tun_get_user+0x10/0x10 [ 534.401145][T15391] ? _parse_integer_limit+0x1ae/0x1f0 [ 534.401176][T15391] ? kstrtoull+0x12f/0x1d0 [ 534.401208][T15391] ? ref_tracker_alloc+0x318/0x460 [ 534.401237][T15391] ? get_pid_task+0x20/0x1f0 [ 534.401265][T15391] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 534.401296][T15391] ? tun_get+0x1c/0x2f0 [ 534.401319][T15391] ? tun_get+0x1c/0x2f0 [ 534.401342][T15391] ? rcu_is_watching+0x15/0xb0 [ 534.401365][T15391] ? tun_get+0x1c/0x2f0 [ 534.401386][T15391] ? lock_release+0x4b/0x3e0 [ 534.401403][T15391] ? common_file_perm+0x1b5/0x230 [ 534.401428][T15391] ? tun_get+0x1c/0x2f0 [ 534.401453][T15391] tun_chr_write_iter+0x113/0x200 [ 534.401486][T15391] vfs_write+0x5c9/0xb30 [ 534.401507][T15391] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 534.401533][T15391] ? __pfx_vfs_write+0x10/0x10 [ 534.401556][T15391] ? __fget_files+0x2a/0x420 [ 534.401585][T15391] ksys_write+0x145/0x250 [ 534.401605][T15391] ? __pfx_ksys_write+0x10/0x10 [ 534.401628][T15391] ? rcu_is_watching+0x15/0xb0 [ 534.401651][T15391] do_syscall_64+0xfa/0xfa0 [ 534.401680][T15391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 534.401701][T15391] ? clear_bhb_loop+0x60/0xb0 [ 534.401724][T15391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 534.401744][T15391] RIP: 0033:0x7f19f158ebe9 [ 534.401762][T15391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 534.401780][T15391] RSP: 002b:00007f19f24cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 534.401801][T15391] RAX: ffffffffffffffda RBX: 00007f19f17b5fa0 RCX: 00007f19f158ebe9 [ 534.401816][T15391] RDX: 0000000000000ffe RSI: 00002000000000c0 RDI: 0000000000000003 [ 534.401829][T15391] RBP: 00007f19f24cc090 R08: 0000000000000000 R09: 0000000000000000 [ 534.401842][T15391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 534.401853][T15391] R13: 00007f19f17b6038 R14: 00007f19f17b5fa0 R15: 00007ffd3bba9ef8 [ 534.401876][T15391] [ 534.715873][ C0] vkms_vblank_simulate: vblank timer overrun [ 535.027780][T15407] overlayfs: missing 'lowerdir' [ 535.085515][T15410] usbtmc 1-1:16.0: INITIATE_CLEAR returned 0 [ 535.152512][ T9] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 535.170247][T15412] binder: 15411:15412 ioctl c0306201 200000000200 returned -14 [ 535.229439][ T951] usb 5-1: USB disconnect, device number 101 [ 535.311225][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 535.320421][ T9] usb 4-1: no configurations [ 535.327365][ T9] usb 4-1: can't read configurations, error -22 [ 535.461313][ T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 535.611260][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 535.617341][ T9] usb 4-1: no configurations [ 535.622429][ T951] usb 5-1: new low-speed USB device number 102 using dummy_hcd [ 535.630370][ T9] usb 4-1: can't read configurations, error -22 [ 535.638901][ T9] usb usb4-port1: attempt power cycle [ 535.782647][ T951] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 535.792079][ T951] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.801970][ T951] usb 5-1: config 0 descriptor?? [ 535.851185][ T5978] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 536.001175][ T5978] usb 2-1: Using ep0 maxpacket: 8 [ 536.001298][ T9] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 536.024942][ T5978] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 536.027315][ T951] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 536.037407][ T5978] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 536.052092][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 536.057521][ T5978] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 536.069773][ T9] usb 4-1: no configurations [ 536.073426][ T5978] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 536.073454][ T5978] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 536.073500][ T5978] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 536.078541][ T9] usb 4-1: can't read configurations, error -22 [ 536.095799][ T5978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.231293][ T9] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 536.262970][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 536.271464][ T9] usb 4-1: no configurations [ 536.276779][ T9] usb 4-1: can't read configurations, error -22 [ 536.284064][ T9] usb usb4-port1: unable to enumerate USB device [ 536.356162][ T5978] usb 2-1: usb_control_msg returned -32 [ 536.362152][ T5978] usbtmc 2-1:16.0: can't read capabilities [ 536.406765][ T5978] usb 1-1: USB disconnect, device number 63 [ 536.861192][ T5978] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 536.893185][T15434] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 536.913419][T15434] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 537.021183][ T5978] usb 1-1: Using ep0 maxpacket: 32 [ 537.027819][ T5978] usb 1-1: config 0 has an invalid interface number: 86 but max is 0 [ 537.036166][ T5978] usb 1-1: config 0 has no interface number 0 [ 537.042416][ T5978] usb 1-1: config 0 interface 86 has no altsetting 0 [ 537.051033][ T5978] usb 1-1: New USB device found, idVendor=0af0, idProduct=7801, bcdDevice=c6.25 [ 537.060222][ T5978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.068484][ T5978] usb 1-1: Product: syz [ 537.074217][ T5978] usb 1-1: Manufacturer: syz [ 537.079028][ T5978] usb 1-1: SerialNumber: syz [ 537.085912][ T5978] usb 1-1: config 0 descriptor?? [ 537.092856][ T5978] hso 1-1:0.86: Not our interface [ 537.540684][ T951] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 537.672942][ T951] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 537.691556][ T951] asix 5-1:0.0: probe with driver asix failed with error -71 [ 537.702866][ T951] usb 5-1: USB disconnect, device number 102 [ 538.091233][T15443] FAULT_INJECTION: forcing a failure. [ 538.091233][T15443] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 538.112305][T15443] CPU: 0 UID: 0 PID: 15443 Comm: syz.3.3294 Not tainted syzkaller #0 PREEMPT(full) [ 538.112335][T15443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 538.112349][T15443] Call Trace: [ 538.112357][T15443] [ 538.112366][T15443] dump_stack_lvl+0x189/0x250 [ 538.112401][T15443] ? __pfx____ratelimit+0x10/0x10 [ 538.112428][T15443] ? __pfx_dump_stack_lvl+0x10/0x10 [ 538.112459][T15443] ? __pfx__printk+0x10/0x10 [ 538.112486][T15443] ? __might_fault+0xb0/0x130 [ 538.112518][T15443] ? policy_nodemask+0x27c/0x720 [ 538.112550][T15443] ? rcu_is_watching+0x15/0xb0 [ 538.112575][T15443] should_fail_ex+0x414/0x560 [ 538.112605][T15443] _copy_from_iter+0x1de/0x1790 [ 538.112625][T15443] ? __might_fault+0xb0/0x130 [ 538.112654][T15443] ? __might_fault+0xcc/0x130 [ 538.112685][T15443] ? _copy_from_iter+0x24f/0x1790 [ 538.112707][T15443] ? __pfx__copy_from_iter+0x10/0x10 [ 538.112726][T15443] ? sock_alloc_send_pskb+0x875/0x990 [ 538.112750][T15443] ? __pfx__copy_from_iter+0x10/0x10 [ 538.112771][T15443] ? page_copy_sane+0x4e/0x280 [ 538.112792][T15443] copy_page_from_iter+0xdd/0x170 [ 538.112815][T15443] skb_copy_datagram_from_iter+0x306/0x720 [ 538.112843][T15443] tun_get_user+0x1691/0x3e20 [ 538.112872][T15443] ? rcu_is_watching+0x15/0xb0 [ 538.112894][T15443] ? lock_release+0x4b/0x3e0 [ 538.112917][T15443] ? aa_file_perm+0x44d/0x1550 [ 538.112945][T15443] ? __pfx_tun_get_user+0x10/0x10 [ 538.112970][T15443] ? _parse_integer_limit+0x1ae/0x1f0 [ 538.113002][T15443] ? kstrtoull+0x12f/0x1d0 [ 538.113035][T15443] ? ref_tracker_alloc+0x318/0x460 [ 538.113064][T15443] ? get_pid_task+0x20/0x1f0 [ 538.113093][T15443] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 538.113125][T15443] ? tun_get+0x1c/0x2f0 [ 538.113149][T15443] ? tun_get+0x1c/0x2f0 [ 538.113173][T15443] ? rcu_is_watching+0x15/0xb0 [ 538.113195][T15443] ? tun_get+0x1c/0x2f0 [ 538.113218][T15443] ? lock_release+0x4b/0x3e0 [ 538.113236][T15443] ? common_file_perm+0x1b5/0x230 [ 538.113271][T15443] ? tun_get+0x1c/0x2f0 [ 538.113301][T15443] tun_chr_write_iter+0x113/0x200 [ 538.113327][T15443] vfs_write+0x5c9/0xb30 [ 538.113350][T15443] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 538.113376][T15443] ? __pfx_vfs_write+0x10/0x10 [ 538.113401][T15443] ? __fget_files+0x2a/0x420 [ 538.113430][T15443] ksys_write+0x145/0x250 [ 538.113451][T15443] ? __pfx_ksys_write+0x10/0x10 [ 538.113473][T15443] ? rcu_is_watching+0x15/0xb0 [ 538.113505][T15443] do_syscall_64+0xfa/0xfa0 [ 538.113534][T15443] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 538.113555][T15443] ? clear_bhb_loop+0x60/0xb0 [ 538.113578][T15443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 538.113598][T15443] RIP: 0033:0x7f19f158ebe9 [ 538.113617][T15443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 538.113636][T15443] RSP: 002b:00007f19f24cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 538.113658][T15443] RAX: ffffffffffffffda RBX: 00007f19f17b5fa0 RCX: 00007f19f158ebe9 [ 538.113674][T15443] RDX: 0000000000000ffe RSI: 00002000000000c0 RDI: 0000000000000003 [ 538.113687][T15443] RBP: 00007f19f24cc090 R08: 0000000000000000 R09: 0000000000000000 [ 538.113700][T15443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 538.113712][T15443] R13: 00007f19f17b6038 R14: 00007f19f17b5fa0 R15: 00007ffd3bba9ef8 [ 538.113735][T15443] [ 538.451041][ C0] vkms_vblank_simulate: vblank timer overrun [ 538.578834][T15445] /dev/rnullb0: Can't open blockdev [ 538.634565][ T951] usb 2-1: USB disconnect, device number 17 [ 539.167637][T15463] binder: 15462:15463 ioctl c0306201 200000000200 returned -14 [ 539.201433][ T951] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 539.306421][T15465] /dev/rnullb0: Can't open blockdev [ 539.361227][ T951] usb 5-1: Using ep0 maxpacket: 32 [ 539.381787][ T951] usb 5-1: too many configurations: 17, using maximum allowed: 8 [ 539.421596][ T951] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 539.429570][ T951] usb 5-1: can't read configurations, error -61 [ 539.581640][ T951] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 539.589772][ T9] usb 1-1: USB disconnect, device number 64 [ 539.731992][ T5862] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 539.761620][ T951] usb 5-1: Using ep0 maxpacket: 32 [ 539.767545][ T951] usb 5-1: too many configurations: 17, using maximum allowed: 8 [ 539.777805][ T951] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 539.786057][ T951] usb 5-1: can't read configurations, error -61 [ 539.792912][ T951] usb usb5-port1: attempt power cycle [ 539.891418][ T5862] usb 4-1: Using ep0 maxpacket: 8 [ 539.898073][ T5862] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 539.906495][ T5862] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 539.916319][ T5862] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 539.926267][ T5862] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 539.936599][ T5862] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 539.950028][ T5862] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 539.959199][ T5862] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.001225][ T24] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 540.061128][ T9] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 540.141195][ T951] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 540.151190][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 540.158308][ T24] usb 2-1: config 0 descriptor has 1 excess byte, ignoring [ 540.162818][ T951] usb 5-1: Using ep0 maxpacket: 32 [ 540.167598][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 65516, setting to 1024 [ 540.172359][ T5862] usb 4-1: usb_control_msg returned -32 [ 540.183395][ T24] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 540.187609][ T5862] usbtmc 4-1:16.0: can't read capabilities [ 540.197440][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 540.204582][ T951] usb 5-1: too many configurations: 17, using maximum allowed: 8 [ 540.221279][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 540.222553][ T24] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 540.237579][ T9] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 540.238381][ T24] usb 2-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 540.248610][ T951] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 540.257920][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.267832][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 540.273263][ T24] usb 2-1: Product: syz [ 540.287320][ T951] usb 5-1: can't read configurations, error -61 [ 540.287569][ T24] usb 2-1: Manufacturer: syz [ 540.294221][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 540.298542][ T24] usb 2-1: SerialNumber: syz [ 540.309394][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 540.324133][ T24] usb 2-1: config 0 descriptor?? [ 540.329354][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 540.329944][T15477] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 540.343010][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 540.359152][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.378067][ T24] mcba_usb 2-1:0.0 can0: couldn't setup read URBs [ 540.385057][ T24] mcba_usb 2-1:0.0 can0: couldn't start device: -90 [ 540.431204][ T951] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 540.442289][ T24] mcba_usb 2-1:0.0: probe with driver mcba_usb failed with error -90 [ 540.452836][ T951] usb 5-1: Using ep0 maxpacket: 32 [ 540.461306][ T951] usb 5-1: too many configurations: 17, using maximum allowed: 8 [ 540.470940][ T951] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 540.479803][ T951] usb 5-1: can't read configurations, error -61 [ 540.487448][ T951] usb usb5-port1: unable to enumerate USB device [ 540.572775][ T9] usb 1-1: usb_control_msg returned -32 [ 540.578589][ T9] usbtmc 1-1:16.0: can't read capabilities [ 540.588797][ T24] usb 2-1: USB disconnect, device number 18 [ 540.876263][T15479] FAULT_INJECTION: forcing a failure. [ 540.876263][T15479] name failslab, interval 1, probability 0, space 0, times 0 [ 540.889181][T15479] CPU: 1 UID: 0 PID: 15479 Comm: syz.3.3304 Not tainted syzkaller #0 PREEMPT(full) [ 540.889210][T15479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 540.889223][T15479] Call Trace: [ 540.889231][T15479] [ 540.889240][T15479] dump_stack_lvl+0x189/0x250 [ 540.889276][T15479] ? __pfx____ratelimit+0x10/0x10 [ 540.889303][T15479] ? __pfx_dump_stack_lvl+0x10/0x10 [ 540.889334][T15479] ? __pfx__printk+0x10/0x10 [ 540.889361][T15479] ? read_seqbegin+0x1ac/0x250 [ 540.889386][T15479] ? __pfx___might_resched+0x10/0x10 [ 540.889403][T15479] ? lock_acquire+0x5f/0x360 [ 540.889418][T15479] should_fail_ex+0x414/0x560 [ 540.889440][T15479] should_failslab+0xa8/0x100 [ 540.889455][T15479] __kmalloc_noprof+0xcb/0x4b0 [ 540.889477][T15479] ? tomoyo_encode+0x28b/0x550 [ 540.889506][T15479] tomoyo_encode+0x28b/0x550 [ 540.889527][T15479] tomoyo_realpath_from_path+0x58d/0x5d0 [ 540.889551][T15479] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 540.889567][T15479] tomoyo_path_number_perm+0x1e8/0x5a0 [ 540.889583][T15479] ? lock_release+0x4b/0x3e0 [ 540.889597][T15479] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 540.889619][T15479] ? rcu_is_watching+0x15/0xb0 [ 540.889635][T15479] ? lock_release+0x4b/0x3e0 [ 540.889647][T15479] ? vfs_write+0x956/0xb30 [ 540.889663][T15479] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 540.889694][T15479] ? __fget_files+0x3a0/0x420 [ 540.889711][T15479] ? __fget_files+0x2a/0x420 [ 540.889729][T15479] security_file_ioctl+0xcb/0x2d0 [ 540.889745][T15479] __se_sys_ioctl+0x47/0x170 [ 540.889767][T15479] do_syscall_64+0xfa/0xfa0 [ 540.889787][T15479] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.889802][T15479] ? clear_bhb_loop+0x60/0xb0 [ 540.889817][T15479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.889832][T15479] RIP: 0033:0x7f19f158ebe9 [ 540.889845][T15479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 540.889858][T15479] RSP: 002b:00007f19f248a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 540.889874][T15479] RAX: ffffffffffffffda RBX: 00007f19f17b6180 RCX: 00007f19f158ebe9 [ 540.889894][T15479] RDX: 0000000000000000 RSI: 0000000000005b02 RDI: 0000000000000004 [ 540.889904][T15479] RBP: 00007f19f248a090 R08: 0000000000000000 R09: 0000000000000000 [ 540.889913][T15479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 540.889922][T15479] R13: 00007f19f17b6218 R14: 00007f19f17b6180 R15: 00007ffd3bba9ef8 [ 540.889940][T15479] [ 540.889965][T15479] ERROR: Out of memory at tomoyo_realpath_from_path. [ 541.147246][T15479] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 541.541131][ T5900] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 541.693254][ T5900] usb 2-1: not running at top speed; connect to a high speed hub [ 541.702020][ T5900] usb 2-1: config index 0 descriptor too short (expected 32914, got 146) [ 541.710581][ T5900] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 541.721596][ T5900] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 541.730583][ T5900] usb 2-1: config 1 has no interface number 1 [ 541.736808][ T5900] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 541.749759][ T5900] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 541.762956][ T5900] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 541.772089][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.780114][ T5900] usb 2-1: Product: syz [ 541.784941][ T5900] usb 2-1: Manufacturer: syz [ 541.789619][ T5900] usb 2-1: SerialNumber: syz [ 541.967035][T15493] FAULT_INJECTION: forcing a failure. [ 541.967035][T15493] name failslab, interval 1, probability 0, space 0, times 0 [ 541.979757][T15493] CPU: 1 UID: 0 PID: 15493 Comm: syz.4.3314 Not tainted syzkaller #0 PREEMPT(full) [ 541.979786][T15493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 541.979799][T15493] Call Trace: [ 541.979809][T15493] [ 541.979818][T15493] dump_stack_lvl+0x189/0x250 [ 541.979855][T15493] ? __pfx____ratelimit+0x10/0x10 [ 541.979882][T15493] ? __pfx_dump_stack_lvl+0x10/0x10 [ 541.979912][T15493] ? __pfx__printk+0x10/0x10 [ 541.979940][T15493] ? rcu_read_lock_held+0xa/0x50 [ 541.979963][T15493] ? __rt6_find_exception_rcu+0x127/0x4c0 [ 541.979991][T15493] should_fail_ex+0x414/0x560 [ 541.980012][T15493] should_failslab+0xa8/0x100 [ 541.980027][T15493] ? __pfx_ip6_dst_gc+0x10/0x10 [ 541.980057][T15493] kmem_cache_alloc_noprof+0x73/0x390 [ 541.980087][T15493] ? dst_alloc+0x105/0x170 [ 541.980106][T15493] ? __pfx_ip6_dst_gc+0x10/0x10 [ 541.980140][T15493] dst_alloc+0x105/0x170 [ 541.980161][T15493] ip6_pol_route+0xa21/0x1180 [ 541.980175][T15493] ? ip6_pol_route+0x162/0x1180 [ 541.980189][T15493] ? __pfx_ip6_pol_route+0x10/0x10 [ 541.980211][T15493] ? page_table_check_set+0x18d/0x730 [ 541.980242][T15493] ? skb_copy_bits+0x420/0x8f0 [ 541.980270][T15493] ? __asan_memcpy+0x40/0x70 [ 541.980294][T15493] fib6_rule_lookup+0x52f/0x6f0 [ 541.980310][T15493] ? __pfx_ip6_pol_route_input+0x10/0x10 [ 541.980323][T15493] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 541.980337][T15493] ? run_filter+0x23/0x270 [ 541.980356][T15493] ? rcu_is_watching+0x15/0xb0 [ 541.980380][T15493] ? run_filter+0x23/0x270 [ 541.980398][T15493] ? rcu_is_watching+0x15/0xb0 [ 541.980418][T15493] ? run_filter+0x23/0x270 [ 541.980438][T15493] ? lock_release+0x4b/0x3e0 [ 541.980455][T15493] ip6_route_input+0x6de/0xad0 [ 541.980471][T15493] ? __pfx_ip6_route_input+0x10/0x10 [ 541.980487][T15493] ? __asan_memcpy+0x40/0x70 [ 541.980515][T15493] ? NF_HOOK+0x9a/0x3a0 [ 541.980538][T15493] ? rcu_is_watching+0x15/0xb0 [ 541.980561][T15493] ? ip6_rcv_finish_core+0x222/0x420 [ 541.980588][T15493] ip6_rcv_finish+0x141/0x2e0 [ 541.980607][T15493] NF_HOOK+0x309/0x3a0 [ 541.980623][T15493] ? skb_orphan+0x4c/0xd0 [ 541.980641][T15493] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 541.980666][T15493] ? NF_HOOK+0x9a/0x3a0 [ 541.980690][T15493] ? __pfx_NF_HOOK+0x10/0x10 [ 541.980713][T15493] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 541.980741][T15493] __netif_receive_skb+0xd3/0x380 [ 541.980758][T15493] ? _copy_from_iter+0x24f/0x1790 [ 541.980771][T15493] ? __might_fault+0xb0/0x130 [ 541.980794][T15493] ? netif_receive_skb+0x115/0x790 [ 541.980818][T15493] netif_receive_skb+0x1cb/0x790 [ 541.980840][T15493] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 541.980863][T15493] ? __pfx_netif_receive_skb+0x10/0x10 [ 541.980888][T15493] ? tun_rx_batched+0x160/0x730 [ 541.980908][T15493] tun_rx_batched+0x1b9/0x730 [ 541.980928][T15493] ? __pfx_tun_rx_batched+0x10/0x10 [ 541.980946][T15493] ? tun_get_user+0x266c/0x3e20 [ 541.980972][T15493] ? rcu_is_watching+0x15/0xb0 [ 541.980994][T15493] ? lock_acquire+0x5f/0x360 [ 541.981011][T15493] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 541.981038][T15493] tun_get_user+0x2aa2/0x3e20 [ 541.981070][T15493] ? rcu_is_watching+0x15/0xb0 [ 541.981092][T15493] ? lock_release+0x4b/0x3e0 [ 541.981110][T15493] ? tun_get_user+0x266c/0x3e20 [ 541.981140][T15493] ? aa_file_perm+0x44d/0x1550 [ 541.981168][T15493] ? __pfx_tun_get_user+0x10/0x10 [ 541.981196][T15493] ? kstrtoull+0x12f/0x1d0 [ 541.981227][T15493] ? ref_tracker_alloc+0x318/0x460 [ 541.981254][T15493] ? get_pid_task+0x20/0x1f0 [ 541.981281][T15493] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 541.981311][T15493] ? tun_get+0x1c/0x2f0 [ 541.981333][T15493] ? tun_get+0x1c/0x2f0 [ 541.981356][T15493] ? rcu_is_watching+0x15/0xb0 [ 541.981376][T15493] ? tun_get+0x1c/0x2f0 [ 541.981396][T15493] ? lock_release+0x4b/0x3e0 [ 541.981412][T15493] ? common_file_perm+0x1b5/0x230 [ 541.981437][T15493] ? tun_get+0x1c/0x2f0 [ 541.981461][T15493] tun_chr_write_iter+0x113/0x200 [ 541.981487][T15493] vfs_write+0x5c9/0xb30 [ 541.981509][T15493] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 541.981534][T15493] ? __pfx_vfs_write+0x10/0x10 [ 541.981558][T15493] ? __fget_files+0x2a/0x420 [ 541.981586][T15493] ksys_write+0x145/0x250 [ 541.981606][T15493] ? __pfx_ksys_write+0x10/0x10 [ 541.981627][T15493] ? rcu_is_watching+0x15/0xb0 [ 541.981651][T15493] do_syscall_64+0xfa/0xfa0 [ 541.981681][T15493] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.981701][T15493] ? clear_bhb_loop+0x60/0xb0 [ 541.981723][T15493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.981743][T15493] RIP: 0033:0x7fa17398ebe9 [ 541.981762][T15493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.981781][T15493] RSP: 002b:00007fa174886038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 541.981804][T15493] RAX: ffffffffffffffda RBX: 00007fa173bb5fa0 RCX: 00007fa17398ebe9 [ 541.981821][T15493] RDX: 0000000000000ffe RSI: 00002000000000c0 RDI: 0000000000000003 [ 541.981835][T15493] RBP: 00007fa174886090 R08: 0000000000000000 R09: 0000000000000000 [ 541.981848][T15493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.981860][T15493] R13: 00007fa173bb6038 R14: 00007fa173bb5fa0 R15: 00007fff4e8ab368 [ 541.981882][T15493] [ 542.822187][ T951] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 542.981127][ T951] usb 5-1: Using ep0 maxpacket: 8 [ 542.987915][ T951] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 542.996241][ T951] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 543.006244][ T951] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 543.016414][ T951] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 543.026426][ T951] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 543.039705][ T951] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 543.049808][ T951] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.268616][ T951] usb 5-1: usb_control_msg returned -32 [ 543.275230][ T951] usbtmc 5-1:16.0: can't read capabilities [ 544.278509][ T5900] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor [ 544.288120][ T5900] usb 2-1: 2:1 : format type 0 is detected, processed as PCM [ 544.312628][ T5900] usb 2-1: USB disconnect, device number 19 [ 544.350138][T15500] exFAT-fs (rnullb0): invalid boot record signature [ 544.350877][ T7464] udevd[7464]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 544.358792][T15500] exFAT-fs (rnullb0): failed to read boot sector [ 544.380229][T15500] exFAT-fs (rnullb0): failed to recognize exfat type [ 544.921270][ T951] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 545.071163][ T951] usb 2-1: Using ep0 maxpacket: 32 [ 545.076924][ T951] usb 2-1: too many configurations: 17, using maximum allowed: 8 [ 545.086299][ T951] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 545.094196][ T951] usb 2-1: can't read configurations, error -61 [ 545.222329][ T951] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 545.391279][ T951] usb 2-1: Using ep0 maxpacket: 32 [ 545.397029][ T951] usb 2-1: too many configurations: 17, using maximum allowed: 8 [ 545.406561][ T951] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 545.414305][ T951] usb 2-1: can't read configurations, error -61 [ 545.420809][ T951] usb usb2-port1: attempt power cycle [ 545.771199][ T951] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 545.791585][ T951] usb 2-1: Using ep0 maxpacket: 32 [ 545.797168][ T951] usb 2-1: too many configurations: 17, using maximum allowed: 8 [ 545.806833][ T951] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 545.814809][ T951] usb 2-1: can't read configurations, error -61 [ 545.961174][ T951] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 545.991929][ T951] usb 2-1: Using ep0 maxpacket: 32 [ 545.997644][ T951] usb 2-1: too many configurations: 17, using maximum allowed: 8 [ 546.006788][ T951] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 546.014497][ T951] usb 2-1: can't read configurations, error -61 [ 546.021342][ T951] usb usb2-port1: unable to enumerate USB device [ 546.281441][T15487] usbtmc 4-1:16.0: usb_control_msg returned -110 [ 546.296903][ T5978] usb 4-1: USB disconnect, device number 41 [ 546.319513][ T951] usb 5-1: USB disconnect, device number 107 [ 546.332891][ T5900] usb 1-1: USB disconnect, device number 65 [ 546.406824][T15515] binder: 15514:15515 ioctl c0306201 200000000200 returned -14 [ 546.593532][T15529] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 547.141281][ T5978] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 547.201242][ T5900] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 547.291231][ T5978] usb 1-1: Using ep0 maxpacket: 8 [ 547.297806][ T5978] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 547.307954][ T5978] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 547.318885][ T5978] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 547.332425][ T5900] usb 5-1: device descriptor read/64, error -71 [ 547.339154][ T5978] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 547.349546][ T5978] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 547.365438][ T5978] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 547.377006][ T5978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.571172][ T5900] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 547.591305][ T5978] usb 1-1: usb_control_msg returned -32 [ 547.599614][ T5978] usbtmc 1-1:16.0: can't read capabilities [ 547.668123][T15557] binder: 15556:15557 ioctl c0306201 200000000200 returned -14 [ 547.703276][ T5900] usb 5-1: device descriptor read/64, error -71 [ 547.821435][ T5900] usb usb5-port1: attempt power cycle [ 547.909051][T15574] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3347'. [ 548.161297][ T5900] usb 5-1: new high-speed USB device number 110 using dummy_hcd [ 548.169710][ T5978] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 548.191554][ T5900] usb 5-1: device descriptor read/8, error -71 [ 548.301160][ T5978] usb 2-1: device descriptor read/64, error -71 [ 548.304727][T15579] FAULT_INJECTION: forcing a failure. [ 548.304727][T15579] name failslab, interval 1, probability 0, space 0, times 0 [ 548.307523][ T44] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 548.320259][T15579] CPU: 0 UID: 0 PID: 15579 Comm: syz.0.3336 Not tainted syzkaller #0 PREEMPT(full) [ 548.320291][T15579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 548.320307][T15579] Call Trace: [ 548.320317][T15579] [ 548.320326][T15579] dump_stack_lvl+0x189/0x250 [ 548.320383][T15579] ? __pfx____ratelimit+0x10/0x10 [ 548.320414][T15579] ? __pfx_dump_stack_lvl+0x10/0x10 [ 548.320449][T15579] ? __pfx__printk+0x10/0x10 [ 548.320484][T15579] ? __pfx___might_resched+0x10/0x10 [ 548.320510][T15579] ? lock_acquire+0x5f/0x360 [ 548.320532][T15579] should_fail_ex+0x414/0x560 [ 548.320567][T15579] should_failslab+0xa8/0x100 [ 548.320591][T15579] __kmalloc_cache_noprof+0x70/0x3a0 [ 548.320624][T15579] ? usbtmc_ioctl_clear+0xd9/0x880 [ 548.320661][T15579] usbtmc_ioctl_clear+0xd9/0x880 [ 548.320695][T15579] ? __pfx___mutex_lock+0x10/0x10 [ 548.320732][T15579] ? __pfx_usbtmc_ioctl_clear+0x10/0x10 [ 548.320768][T15579] ? __fget_files+0x3a0/0x420 [ 548.320798][T15579] usbtmc_ioctl+0x50c/0x720 [ 548.320831][T15579] ? __pfx_usbtmc_ioctl+0x10/0x10 [ 548.320864][T15579] __se_sys_ioctl+0xf9/0x170 [ 548.320899][T15579] do_syscall_64+0xfa/0xfa0 [ 548.320929][T15579] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.320952][T15579] ? clear_bhb_loop+0x60/0xb0 [ 548.320977][T15579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.321001][T15579] RIP: 0033:0x7f58bcd8ebe9 [ 548.321021][T15579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.321048][T15579] RSP: 002b:00007f58bdb16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 548.321073][T15579] RAX: ffffffffffffffda RBX: 00007f58bcfb6180 RCX: 00007f58bcd8ebe9 [ 548.321089][T15579] RDX: 0000000000000000 RSI: 0000000000005b02 RDI: 0000000000000004 [ 548.321104][T15579] RBP: 00007f58bdb16090 R08: 0000000000000000 R09: 0000000000000000 [ 548.321120][T15579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 548.321133][T15579] R13: 00007f58bcfb6218 R14: 00007f58bcfb6180 R15: 00007ffe7cfd2678 [ 548.321159][T15579] [ 548.661170][ T5900] usb 5-1: new high-speed USB device number 111 using dummy_hcd [ 548.681210][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 548.687168][ T5900] usb 5-1: device descriptor read/8, error -71 [ 548.693678][ T44] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 548.702752][ T44] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 548.710413][ T44] usb 4-1: can't read configurations, error -61 [ 548.781242][ T5978] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 548.811298][ T5900] usb usb5-port1: unable to enumerate USB device [ 548.841146][ T44] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 548.911249][ T5978] usb 2-1: device descriptor read/64, error -71 [ 548.991202][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 548.996902][ T44] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 549.006150][ T44] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 549.013852][ T44] usb 4-1: can't read configurations, error -61 [ 549.020394][ T44] usb usb4-port1: attempt power cycle [ 549.026229][ T5978] usb usb2-port1: attempt power cycle [ 549.371255][ T44] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 549.378918][ T5978] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 549.402060][ T5978] usb 2-1: device descriptor read/8, error -71 [ 549.408398][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 549.414040][ T44] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 549.423384][ T44] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 549.431005][ T44] usb 4-1: can't read configurations, error -61 [ 549.561287][ T44] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 549.591830][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 549.597555][ T44] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 549.606587][ T44] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 549.614293][ T44] usb 4-1: can't read configurations, error -61 [ 549.620847][ T44] usb usb4-port1: unable to enumerate USB device [ 549.651132][ T5978] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 549.671840][ T5978] usb 2-1: device descriptor read/8, error -71 [ 549.781936][ T5978] usb usb2-port1: unable to enumerate USB device [ 549.905663][ T5862] usb 1-1: USB disconnect, device number 66 [ 549.933804][T15581] FAULT_INJECTION: forcing a failure. [ 549.933804][T15581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 549.947169][T15581] CPU: 0 UID: 0 PID: 15581 Comm: syz.0.3349 Not tainted syzkaller #0 PREEMPT(full) [ 549.947198][T15581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 549.947211][T15581] Call Trace: [ 549.947221][T15581] [ 549.947229][T15581] dump_stack_lvl+0x189/0x250 [ 549.947266][T15581] ? __pfx____ratelimit+0x10/0x10 [ 549.947292][T15581] ? __pfx_dump_stack_lvl+0x10/0x10 [ 549.947323][T15581] ? __pfx__printk+0x10/0x10 [ 549.947355][T15581] ? rcu_is_watching+0x15/0xb0 [ 549.947379][T15581] should_fail_ex+0x414/0x560 [ 549.947409][T15581] _copy_to_user+0x31/0xb0 [ 549.947434][T15581] simple_read_from_buffer+0xe1/0x170 [ 549.947467][T15581] proc_fail_nth_read+0x1b3/0x220 [ 549.947498][T15581] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 549.947528][T15581] ? rw_verify_area+0x2a6/0x4d0 [ 549.947547][T15581] ? tun_chr_write_iter+0x18a/0x200 [ 549.947571][T15581] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 549.947600][T15581] vfs_read+0x200/0xa30 [ 549.947618][T15581] ? fdget_pos+0x247/0x320 [ 549.947643][T15581] ? __pfx___mutex_lock+0x10/0x10 [ 549.947673][T15581] ? __pfx_vfs_read+0x10/0x10 [ 549.947696][T15581] ? __fget_files+0x3a0/0x420 [ 549.947720][T15581] ? __fget_files+0x2a/0x420 [ 549.947748][T15581] ksys_read+0x145/0x250 [ 549.947768][T15581] ? __pfx_ksys_read+0x10/0x10 [ 549.947790][T15581] ? rcu_is_watching+0x15/0xb0 [ 549.947814][T15581] do_syscall_64+0xfa/0xfa0 [ 549.947841][T15581] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.947861][T15581] ? clear_bhb_loop+0x60/0xb0 [ 549.947884][T15581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.947904][T15581] RIP: 0033:0x7f58bcd8d5fc [ 549.947923][T15581] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 549.947941][T15581] RSP: 002b:00007f58bdb58030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 549.947963][T15581] RAX: ffffffffffffffda RBX: 00007f58bcfb5fa0 RCX: 00007f58bcd8d5fc [ 549.947979][T15581] RDX: 000000000000000f RSI: 00007f58bdb580a0 RDI: 0000000000000005 [ 549.947992][T15581] RBP: 00007f58bdb58090 R08: 0000000000000000 R09: 0000000000000000 [ 549.948005][T15581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 549.948017][T15581] R13: 00007f58bcfb6038 R14: 00007f58bcfb5fa0 R15: 00007ffe7cfd2678 [ 549.948040][T15581] [ 550.179209][ C0] vkms_vblank_simulate: vblank timer overrun [ 550.443205][T15601] NILFS (rnullb0): couldn't find nilfs on the device [ 550.922493][ T44] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 550.962099][ T951] usb 5-1: new high-speed USB device number 112 using dummy_hcd [ 551.071297][ T44] usb 1-1: Using ep0 maxpacket: 8 [ 551.077690][ T44] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 551.089954][ T44] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 551.102219][ T44] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 551.112380][ T44] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 551.122801][ T44] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 551.135884][ T44] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 551.145034][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.161230][ T44] usb 1-1: usb_control_msg returned -32 [ 552.166883][ T44] usbtmc 1-1:16.0: can't read capabilities [ 552.223723][ T951] usb 5-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 552.289974][ T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 552.415371][ T951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.433888][ T951] usb 5-1: Product: syz [ 552.447145][ T951] usb 5-1: Manufacturer: syz [ 552.451867][ T951] usb 5-1: SerialNumber: syz [ 552.458209][ T951] usb 5-1: config 0 descriptor?? [ 552.547106][T15637] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3371'. [ 552.567567][T15637] ./file0: Can't lookup blockdev [ 552.615658][ T9] usb 2-1: config 0 has no interfaces? [ 552.624375][ T9] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 552.635288][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.649877][ T9] usb 2-1: Product: syz [ 552.654550][ T9] usb 2-1: Manufacturer: syz [ 552.659335][ T9] usb 2-1: SerialNumber: syz [ 552.668560][ T9] usb 2-1: config 0 descriptor?? [ 552.749516][T15648] FAULT_INJECTION: forcing a failure. [ 552.749516][T15648] name failslab, interval 1, probability 0, space 0, times 0 [ 552.775361][T15648] CPU: 1 UID: 0 PID: 15648 Comm: syz.0.3363 Not tainted syzkaller #0 PREEMPT(full) [ 552.775392][T15648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 552.775405][T15648] Call Trace: [ 552.775413][T15648] [ 552.775421][T15648] dump_stack_lvl+0x189/0x250 [ 552.775458][T15648] ? __pfx____ratelimit+0x10/0x10 [ 552.775484][T15648] ? __pfx_dump_stack_lvl+0x10/0x10 [ 552.775515][T15648] ? __pfx__printk+0x10/0x10 [ 552.775546][T15648] ? __pfx___might_resched+0x10/0x10 [ 552.775568][T15648] ? lock_acquire+0x5f/0x360 [ 552.775588][T15648] should_fail_ex+0x414/0x560 [ 552.775618][T15648] should_failslab+0xa8/0x100 [ 552.775636][T15648] __kmalloc_cache_noprof+0x70/0x3a0 [ 552.775667][T15648] ? usb_control_msg+0x73/0x3e0 [ 552.775698][T15648] usb_control_msg+0x73/0x3e0 [ 552.775724][T15648] ? __kmalloc_cache_noprof+0x21c/0x3a0 [ 552.775755][T15648] usbtmc_ioctl_clear+0x14d/0x880 [ 552.775788][T15648] ? __pfx___mutex_lock+0x10/0x10 [ 552.775821][T15648] ? __pfx_usbtmc_ioctl_clear+0x10/0x10 [ 552.775854][T15648] ? __fget_files+0x3a0/0x420 [ 552.775879][T15648] usbtmc_ioctl+0x50c/0x720 [ 552.775908][T15648] ? __pfx_usbtmc_ioctl+0x10/0x10 [ 552.775938][T15648] __se_sys_ioctl+0xf9/0x170 [ 552.775981][T15648] do_syscall_64+0xfa/0xfa0 [ 552.776010][T15648] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.776031][T15648] ? clear_bhb_loop+0x60/0xb0 [ 552.776054][T15648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.776074][T15648] RIP: 0033:0x7f58bcd8ebe9 [ 552.776093][T15648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 552.776110][T15648] RSP: 002b:00007f58bdb16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 552.776132][T15648] RAX: ffffffffffffffda RBX: 00007f58bcfb6180 RCX: 00007f58bcd8ebe9 [ 552.776147][T15648] RDX: 0000000000000000 RSI: 0000000000005b02 RDI: 0000000000000004 [ 552.776160][T15648] RBP: 00007f58bdb16090 R08: 0000000000000000 R09: 0000000000000000 [ 552.776173][T15648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 552.776185][T15648] R13: 00007f58bcfb6218 R14: 00007f58bcfb6180 R15: 00007ffe7cfd2678 [ 552.776209][T15648] [ 552.776223][T15648] usbtmc 1-1:16.0: usb_control_msg returned -12 [ 552.870169][T15620] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 552.885603][T15624] fuse: Bad value for 'user_id' [ 552.899426][T15620] UDF-fs: Scanning with blocksize 4096 failed [ 552.900483][T15624] fuse: Bad value for 'user_id' [ 552.907829][ T951] mos7840 5-1:0.0: required endpoints missing [ 553.008490][T15652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 553.026343][ T951] usb 5-1: USB disconnect, device number 112 [ 553.054470][T15652] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 553.067829][T15652] usbtmc 1-1:16.0: usb_control_msg returned -32 [ 553.109902][ T5978] usb 2-1: USB disconnect, device number 28 [ 553.268603][ T951] usb 1-1: USB disconnect, device number 67 [ 553.761216][ T951] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 553.921210][ T951] usb 4-1: Using ep0 maxpacket: 32 [ 553.928540][ T951] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 553.937568][ T951] usb 4-1: config 0 has no interfaces? [ 553.945871][ T951] usb 4-1: config 0 has no interfaces? [ 553.951717][T14959] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 553.961877][ T951] usb 4-1: config 0 has no interfaces? [ 553.968805][ T951] usb 4-1: config 0 has no interfaces? [ 553.975869][ T951] usb 4-1: config 0 has no interfaces? [ 553.983172][ T951] usb 4-1: config 0 has no interfaces? [ 553.989969][ T951] usb 4-1: config 0 has no interfaces? [ 553.997056][ T951] usb 4-1: config 0 has no interfaces? [ 554.005230][ T951] usb 4-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 554.014995][ T951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.023823][ T951] usb 4-1: Product: syz [ 554.028253][ T951] usb 4-1: Manufacturer: syz [ 554.033275][ T951] usb 4-1: SerialNumber: syz [ 554.041705][ T951] usb 4-1: config 0 descriptor?? [ 554.101131][T14959] usb 2-1: Using ep0 maxpacket: 32 [ 554.106909][T14959] usb 2-1: too many configurations: 17, using maximum allowed: 8 [ 554.115125][ T9] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 554.128534][T14959] usb 2-1: config 0 has no interfaces? [ 554.139437][T14959] usb 2-1: config 0 has no interfaces? [ 554.146378][T14959] usb 2-1: config 0 has no interfaces? [ 554.153245][T14959] usb 2-1: config 0 has no interfaces? [ 554.159880][T14959] usb 2-1: config 0 has no interfaces? [ 554.166903][T14959] usb 2-1: config 0 has no interfaces? [ 554.174735][T14959] usb 2-1: config 0 has no interfaces? [ 554.181416][T14959] usb 2-1: config 0 has no interfaces? [ 554.189416][T14959] usb 2-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 554.198904][T14959] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.208284][T14959] usb 2-1: Product: syz [ 554.212890][T14959] usb 2-1: Manufacturer: syz [ 554.217578][T14959] usb 2-1: SerialNumber: syz [ 554.224408][T14959] usb 2-1: config 0 descriptor?? [ 554.257473][T14959] usb 4-1: USB disconnect, device number 46 [ 554.281402][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 554.288198][ T9] usb 1-1: config 2 has an invalid interface number: 20 but max is 0 [ 554.297599][ T9] usb 1-1: config 2 has no interface number 0 [ 554.305712][ T9] usb 1-1: config 2 interface 20 altsetting 3 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 554.317325][ T9] usb 1-1: config 2 interface 20 has no altsetting 0 [ 554.324818][ T9] usb 1-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=60.93 [ 554.334331][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.363639][T15675] vxfs: WRONG superblock magic 00000000 at 1 [ 554.369862][T15675] vxfs: WRONG superblock magic 00000000 at 8 [ 554.377885][T15675] vxfs: can't find superblock. [ 554.434536][T15668] FAULT_INJECTION: forcing a failure. [ 554.434536][T15668] name failslab, interval 1, probability 0, space 0, times 0 [ 554.447521][T15668] CPU: 1 UID: 0 PID: 15668 Comm: syz.1.3382 Not tainted syzkaller #0 PREEMPT(full) [ 554.447549][T15668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 554.447565][T15668] Call Trace: [ 554.447571][T15668] [ 554.447578][T15668] dump_stack_lvl+0x189/0x250 [ 554.447612][T15668] ? __pfx____ratelimit+0x10/0x10 [ 554.447640][T15668] ? __pfx_dump_stack_lvl+0x10/0x10 [ 554.447669][T15668] ? __pfx__printk+0x10/0x10 [ 554.447697][T15668] ? fs_reclaim_acquire+0x7d/0x100 [ 554.447713][T15668] ? __pfx___might_resched+0x10/0x10 [ 554.447729][T15668] ? lock_acquire+0x5f/0x360 [ 554.447761][T15668] should_fail_ex+0x414/0x560 [ 554.447791][T15668] ? __pfx_sock_alloc_inode+0x10/0x10 [ 554.447821][T15668] should_failslab+0xa8/0x100 [ 554.447841][T15668] ? __pfx_sock_alloc_inode+0x10/0x10 [ 554.447856][T15668] kmem_cache_alloc_lru_noprof+0x78/0x390 [ 554.447878][T15668] ? sock_alloc_inode+0x28/0xc0 [ 554.447894][T15668] ? __pfx_sock_alloc_inode+0x10/0x10 [ 554.447917][T15668] sock_alloc_inode+0x28/0xc0 [ 554.447939][T15668] alloc_inode+0x67/0x1b0 [ 554.447960][T15668] do_accept+0x111/0x680 [ 554.447985][T15668] ? rcu_is_watching+0x15/0xb0 [ 554.448007][T15668] ? __pfx_do_accept+0x10/0x10 [ 554.448032][T15668] __sys_accept4+0x11c/0x1c0 [ 554.448052][T15668] ? __pfx___sys_accept4+0x10/0x10 [ 554.448080][T15668] ? __pfx_ksys_write+0x10/0x10 [ 554.448103][T15668] __x64_sys_accept+0x7d/0x90 [ 554.448127][T15668] do_syscall_64+0xfa/0xfa0 [ 554.448153][T15668] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.448168][T15668] ? clear_bhb_loop+0x60/0xb0 [ 554.448184][T15668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.448199][T15668] RIP: 0033:0x7f6ee4b8ebe9 [ 554.448218][T15668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 554.448238][T15668] RSP: 002b:00007f6ee5a3b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 554.448258][T15668] RAX: ffffffffffffffda RBX: 00007f6ee4db5fa0 RCX: 00007f6ee4b8ebe9 [ 554.448273][T15668] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 554.448284][T15668] RBP: 00007f6ee5a3b090 R08: 0000000000000000 R09: 0000000000000000 [ 554.448298][T15668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 554.448307][T15668] R13: 00007f6ee4db6038 R14: 00007f6ee4db5fa0 R15: 00007ffd23a33c18 [ 554.448324][T15668] [ 554.449311][ T951] usb 2-1: USB disconnect, device number 29 [ 554.868925][T15689] Can't find a SQUASHFS superblock on rnullb0 [ 554.968208][T15695] netlink: 'syz.3.3394': attribute type 4 has an invalid length. [ 555.040691][T15695] exFAT-fs (rnullb0): invalid boot record signature [ 555.052982][T15695] exFAT-fs (rnullb0): failed to read boot sector [ 555.059432][T15695] exFAT-fs (rnullb0): failed to recognize exfat type [ 555.070500][T15703] netlink: 'syz.3.3394': attribute type 4 has an invalid length. [ 555.283600][T15717] netlink: 'syz.3.3401': attribute type 21 has an invalid length. [ 555.292406][T15717] netlink: 164 bytes leftover after parsing attributes in process `syz.3.3401'. [ 555.371232][ T5978] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 555.421160][ T44] usb 5-1: new high-speed USB device number 113 using dummy_hcd [ 555.521142][ T5978] usb 2-1: Using ep0 maxpacket: 8 [ 555.529714][ T5978] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 555.538406][ T5978] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 555.548334][ T5978] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 555.558560][ T5978] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 555.568753][ T5978] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 555.582102][ T5978] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 555.591346][ T5978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.601134][ T44] usb 5-1: Using ep0 maxpacket: 8 [ 555.609992][ T44] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 555.618340][ T44] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 555.628209][ T44] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 555.638101][ T44] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 555.648174][ T44] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 555.661251][ T44] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 555.670340][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.761139][ T951] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 555.813671][ T5978] usb 2-1: usb_control_msg returned -32 [ 555.819338][ T5978] usbtmc 2-1:16.0: can't read capabilities [ 555.884034][ T44] usb 5-1: usb_control_msg returned -32 [ 555.889780][ T44] usbtmc 5-1:16.0: can't read capabilities [ 555.931525][ T951] usb 4-1: Using ep0 maxpacket: 32 [ 555.937232][ T951] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 555.946006][ T951] usb 4-1: config 0 has no interfaces? [ 555.953015][ T951] usb 4-1: config 0 has no interfaces? [ 555.959498][ T951] usb 4-1: config 0 has no interfaces? [ 555.966107][ T951] usb 4-1: config 0 has no interfaces? [ 555.975142][ T951] usb 4-1: config 0 has no interfaces? [ 555.981962][ T951] usb 4-1: config 0 has no interfaces? [ 555.988466][ T951] usb 4-1: config 0 has no interfaces? [ 555.995106][ T951] usb 4-1: config 0 has no interfaces? [ 556.003050][ T951] usb 4-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 556.012218][ T951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.020536][ T951] usb 4-1: Product: syz [ 556.024826][ T951] usb 4-1: Manufacturer: syz [ 556.029483][ T951] usb 4-1: SerialNumber: syz [ 556.036082][ T951] usb 4-1: config 0 descriptor?? [ 556.248221][T14959] usb 4-1: USB disconnect, device number 47 [ 556.519305][T15728] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 556.588671][T15729] FAULT_INJECTION: forcing a failure. [ 556.588671][T15729] name failslab, interval 1, probability 0, space 0, times 0 [ 556.601691][T15729] CPU: 1 UID: 0 PID: 15729 Comm: syz.4.3399 Not tainted syzkaller #0 PREEMPT(full) [ 556.601718][T15729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 556.601730][T15729] Call Trace: [ 556.601739][T15729] [ 556.601747][T15729] dump_stack_lvl+0x189/0x250 [ 556.601782][T15729] ? __pfx____ratelimit+0x10/0x10 [ 556.601807][T15729] ? __pfx_dump_stack_lvl+0x10/0x10 [ 556.601838][T15729] ? __pfx__printk+0x10/0x10 [ 556.601868][T15729] ? fs_reclaim_acquire+0x7d/0x100 [ 556.601889][T15729] ? __pfx___might_resched+0x10/0x10 [ 556.601910][T15729] ? lock_acquire+0x5f/0x360 [ 556.601930][T15729] should_fail_ex+0x414/0x560 [ 556.601961][T15729] should_failslab+0xa8/0x100 [ 556.601982][T15729] __kmalloc_noprof+0xcb/0x4b0 [ 556.602009][T15729] ? __kasan_kmalloc+0x93/0xb0 [ 556.602039][T15729] ? usb_alloc_urb+0x46/0x150 [ 556.602060][T15729] usb_alloc_urb+0x46/0x150 [ 556.602078][T15729] usb_control_msg+0x118/0x3e0 [ 556.602102][T15729] ? __kmalloc_cache_noprof+0x21c/0x3a0 [ 556.602135][T15729] usbtmc_ioctl_clear+0x14d/0x880 [ 556.602166][T15729] ? __pfx___mutex_lock+0x10/0x10 [ 556.602197][T15729] ? __pfx_usbtmc_ioctl_clear+0x10/0x10 [ 556.602220][T15729] ? __fget_files+0x3a0/0x420 [ 556.602238][T15729] usbtmc_ioctl+0x50c/0x720 [ 556.602267][T15729] ? __pfx_usbtmc_ioctl+0x10/0x10 [ 556.602295][T15729] __se_sys_ioctl+0xf9/0x170 [ 556.602326][T15729] do_syscall_64+0xfa/0xfa0 [ 556.602351][T15729] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.602365][T15729] ? clear_bhb_loop+0x60/0xb0 [ 556.602382][T15729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.602396][T15729] RIP: 0033:0x7fa17398ebe9 [ 556.602422][T15729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 556.602441][T15729] RSP: 002b:00007fa174844038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 556.602463][T15729] RAX: ffffffffffffffda RBX: 00007fa173bb6180 RCX: 00007fa17398ebe9 [ 556.602478][T15729] RDX: 0000000000000000 RSI: 0000000000005b02 RDI: 0000000000000004 [ 556.602491][T15729] RBP: 00007fa174844090 R08: 0000000000000000 R09: 0000000000000000 [ 556.602501][T15729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 556.602510][T15729] R13: 00007fa173bb6218 R14: 00007fa173bb6180 R15: 00007fff4e8ab368 [ 556.602527][T15729] [ 556.602667][T15729] usbtmc 2-1:16.0: usb_control_msg returned -12 [ 556.846043][ T951] usb 2-1: USB disconnect, device number 30 [ 556.863433][ T9] usb 1-1: string descriptor 0 read error: -71 [ 556.893459][T15731] qnx4: no qnx4 filesystem (no root dir). [ 556.903522][ T9] usb 1-1: USB disconnect, device number 68 [ 557.331331][ T9] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 557.393188][ T5978] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 557.501137][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 557.507586][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 557.517992][ T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 557.528677][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 557.537950][ T9] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 557.546737][ T9] usb 1-1: Manufacturer: syz [ 557.551517][ T5978] usb 4-1: Using ep0 maxpacket: 32 [ 557.554587][ T5978] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 557.567568][ T9] usb 1-1: config 0 descriptor?? [ 557.567587][ T5978] usb 4-1: config 0 has no interfaces? [ 557.582957][ T5978] usb 4-1: config 0 has no interfaces? [ 557.589638][ T5978] usb 4-1: config 0 has no interfaces? [ 557.597044][ T5978] usb 4-1: config 0 has no interfaces? [ 557.605332][ T5978] usb 4-1: config 0 has no interfaces? [ 557.612087][ T5978] usb 4-1: config 0 has no interfaces? [ 557.618426][ T5978] usb 4-1: config 0 has no interfaces? [ 557.625941][ T5978] usb 4-1: config 0 has no interfaces? [ 557.633225][ T5978] usb 4-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 557.643722][ T5978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 557.651855][ T5978] usb 4-1: Product: syz [ 557.657056][ T5978] usb 4-1: Manufacturer: syz [ 557.665451][ T5978] usb 4-1: SerialNumber: syz [ 557.673329][ T5978] usb 4-1: config 0 descriptor?? [ 557.786356][T15739] netlink: 17223 bytes leftover after parsing attributes in process `syz.0.3408'. [ 557.797206][ T5978] usb 1-1: USB disconnect, device number 69 [ 557.846602][T15762] /dev/nullb0: Can't open blockdev [ 557.879675][T15743] FAULT_INJECTION: forcing a failure. [ 557.879675][T15743] name failslab, interval 1, probability 0, space 0, times 0 [ 557.893592][T15743] CPU: 1 UID: 0 PID: 15743 Comm: syz.3.3410 Not tainted syzkaller #0 PREEMPT(full) [ 557.893620][T15743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 557.893634][T15743] Call Trace: [ 557.893642][T15743] [ 557.893651][T15743] dump_stack_lvl+0x189/0x250 [ 557.893687][T15743] ? __pfx____ratelimit+0x10/0x10 [ 557.893714][T15743] ? __pfx_dump_stack_lvl+0x10/0x10 [ 557.893745][T15743] ? __pfx__printk+0x10/0x10 [ 557.893775][T15743] ? fs_reclaim_acquire+0x7d/0x100 [ 557.893797][T15743] ? __pfx___might_resched+0x10/0x10 [ 557.893819][T15743] ? lock_acquire+0x5f/0x360 [ 557.893839][T15743] should_fail_ex+0x414/0x560 [ 557.893869][T15743] should_failslab+0xa8/0x100 [ 557.893888][T15743] kmem_cache_alloc_noprof+0x73/0x390 [ 557.893918][T15743] ? security_inode_alloc+0x39/0x330 [ 557.893947][T15743] security_inode_alloc+0x39/0x330 [ 557.893975][T15743] inode_init_always_gfp+0x9ed/0xdc0 [ 557.894001][T15743] ? __pfx_sock_alloc_inode+0x10/0x10 [ 557.894025][T15743] alloc_inode+0x82/0x1b0 [ 557.894048][T15743] do_accept+0x111/0x680 [ 557.894073][T15743] ? rcu_is_watching+0x15/0xb0 [ 557.894097][T15743] ? __pfx_do_accept+0x10/0x10 [ 557.894132][T15743] __sys_accept4+0x11c/0x1c0 [ 557.894159][T15743] ? __pfx___sys_accept4+0x10/0x10 [ 557.894184][T15743] ? __pfx_ksys_write+0x10/0x10 [ 557.894207][T15743] __x64_sys_accept+0x7d/0x90 [ 557.894231][T15743] do_syscall_64+0xfa/0xfa0 [ 557.894251][T15743] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.894266][T15743] ? clear_bhb_loop+0x60/0xb0 [ 557.894282][T15743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.894296][T15743] RIP: 0033:0x7f19f158ebe9 [ 557.894309][T15743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.894322][T15743] RSP: 002b:00007f19f24cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 557.894338][T15743] RAX: ffffffffffffffda RBX: 00007f19f17b5fa0 RCX: 00007f19f158ebe9 [ 557.894349][T15743] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 557.894357][T15743] RBP: 00007f19f24cc090 R08: 0000000000000000 R09: 0000000000000000 [ 557.894366][T15743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 557.894375][T15743] R13: 00007f19f17b6038 R14: 00007f19f17b5fa0 R15: 00007ffd3bba9ef8 [ 557.894398][T15743] [ 557.895267][ T24] usb 4-1: USB disconnect, device number 48 [ 558.198221][ T5978] usb 5-1: USB disconnect, device number 113 [ 558.482411][ T9] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 558.591154][ T5978] usb 5-1: new high-speed USB device number 114 using dummy_hcd [ 558.641127][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 558.647002][ T9] usb 2-1: too many configurations: 17, using maximum allowed: 8 [ 558.655674][ T9] usb 2-1: config 0 has no interfaces? [ 558.662136][ T9] usb 2-1: config 0 has no interfaces? [ 558.668448][ T9] usb 2-1: config 0 has no interfaces? [ 558.676567][ T9] usb 2-1: config 0 has no interfaces? [ 558.684268][ T9] usb 2-1: config 0 has no interfaces? [ 558.690605][ T9] usb 2-1: config 0 has no interfaces? [ 558.697044][ T9] usb 2-1: config 0 has no interfaces? [ 558.704192][ T9] usb 2-1: config 0 has no interfaces? [ 558.711478][ T9] usb 2-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 558.720583][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.728863][ T9] usb 2-1: Product: syz [ 558.733256][ T9] usb 2-1: Manufacturer: syz [ 558.737882][ T9] usb 2-1: SerialNumber: syz [ 558.741166][ T5978] usb 5-1: Using ep0 maxpacket: 32 [ 558.748554][ T9] usb 2-1: config 0 descriptor?? [ 558.751442][ T5978] usb 5-1: too many configurations: 17, using maximum allowed: 8 [ 558.762675][ T5978] usb 5-1: config 0 has no interfaces? [ 558.769099][ T5978] usb 5-1: config 0 has no interfaces? [ 558.775625][ T5978] usb 5-1: config 0 has no interfaces? [ 558.783079][ T5978] usb 5-1: config 0 has no interfaces? [ 558.789516][ T5978] usb 5-1: config 0 has no interfaces? [ 558.797058][ T5978] usb 5-1: config 0 has no interfaces? [ 558.803477][ T5978] usb 5-1: config 0 has no interfaces? [ 558.809762][ T5978] usb 5-1: config 0 has no interfaces? [ 558.817777][ T5978] usb 5-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 558.826956][ T44] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 558.834651][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.842935][ T5978] usb 5-1: Product: syz [ 558.847313][ T5978] usb 5-1: Manufacturer: syz [ 558.852056][ T5978] usb 5-1: SerialNumber: syz [ 558.857866][ T5978] usb 5-1: config 0 descriptor?? [ 559.001227][ T44] usb 1-1: Using ep0 maxpacket: 8 [ 559.007788][ T44] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 559.016736][ T44] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 559.026655][ T44] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 559.036532][ T44] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 559.046501][ T44] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 559.059687][ T44] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 559.071118][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.073608][ T9] usb 5-1: USB disconnect, device number 114 [ 559.286481][T15784] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 559.295658][T15784] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 559.308300][ T44] usb 1-1: usb_control_msg returned -32 [ 559.314254][ T44] usbtmc 1-1:16.0: can't read capabilities [ 559.634751][T15802] Can't find a SQUASHFS superblock on rnullb0 [ 559.861180][ T44] usb 5-1: new high-speed USB device number 115 using dummy_hcd [ 560.011144][ T44] usb 5-1: Using ep0 maxpacket: 8 [ 560.017833][ T44] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 560.021958][T14959] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 560.027165][ T44] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 560.043698][ T44] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 560.053697][ T44] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 560.063800][T15809] usbtmc 1-1:16.0: usb_control_msg returned -32 [ 560.070118][ T44] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 560.083201][ T44] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 560.092290][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.181143][T14959] usb 4-1: Using ep0 maxpacket: 32 [ 560.187123][T14959] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 560.195841][T14959] usb 4-1: config 0 has no interfaces? [ 560.202646][T14959] usb 4-1: config 0 has no interfaces? [ 560.209089][T14959] usb 4-1: config 0 has no interfaces? [ 560.215966][T14959] usb 4-1: config 0 has no interfaces? [ 560.223362][T14959] usb 4-1: config 0 has no interfaces? [ 560.229786][T14959] usb 4-1: config 0 has no interfaces? [ 560.236218][T14959] usb 4-1: config 0 has no interfaces? [ 560.242743][T14959] usb 4-1: config 0 has no interfaces? [ 560.250905][ T5978] usb 1-1: USB disconnect, device number 70 [ 560.259534][T14959] usb 4-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 560.269876][T14959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.278057][T14959] usb 4-1: Product: syz [ 560.282966][T14959] usb 4-1: Manufacturer: syz [ 560.287611][T14959] usb 4-1: SerialNumber: syz [ 560.294967][T14959] usb 4-1: config 0 descriptor?? [ 560.303459][ T44] usb 5-1: usb_control_msg returned -32 [ 560.313368][ T44] usbtmc 5-1:16.0: can't read capabilities [ 560.501426][T15807] FAULT_INJECTION: forcing a failure. [ 560.501426][T15807] name failslab, interval 1, probability 0, space 0, times 0 [ 560.514366][T15807] CPU: 0 UID: 0 PID: 15807 Comm: syz.3.3436 Not tainted syzkaller #0 PREEMPT(full) [ 560.514395][T15807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 560.514409][T15807] Call Trace: [ 560.514418][T15807] [ 560.514426][T15807] dump_stack_lvl+0x189/0x250 [ 560.514464][T15807] ? __pfx____ratelimit+0x10/0x10 [ 560.514490][T15807] ? __pfx_dump_stack_lvl+0x10/0x10 [ 560.514521][T15807] ? __pfx__printk+0x10/0x10 [ 560.514552][T15807] ? fs_reclaim_acquire+0x7d/0x100 [ 560.514582][T15807] ? __pfx___might_resched+0x10/0x10 [ 560.514605][T15807] ? lock_acquire+0x5f/0x360 [ 560.514625][T15807] should_fail_ex+0x414/0x560 [ 560.514654][T15807] should_failslab+0xa8/0x100 [ 560.514675][T15807] kmem_cache_alloc_lru_noprof+0x78/0x390 [ 560.514706][T15807] ? __d_alloc+0x36/0x7a0 [ 560.514735][T15807] __d_alloc+0x36/0x7a0 [ 560.514764][T15807] d_alloc_pseudo+0x21/0xc0 [ 560.514792][T15807] alloc_file_pseudo+0xcc/0x210 [ 560.514821][T15807] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 560.514849][T15807] ? evm_inode_alloc_security+0x40/0xb0 [ 560.514869][T15807] ? security_inode_alloc+0xd5/0x330 [ 560.514902][T15807] sock_alloc_file+0xb8/0x2e0 [ 560.514925][T15807] do_accept+0x34b/0x680 [ 560.514952][T15807] ? rcu_is_watching+0x15/0xb0 [ 560.514976][T15807] ? __pfx_do_accept+0x10/0x10 [ 560.515012][T15807] __sys_accept4+0x11c/0x1c0 [ 560.515039][T15807] ? __pfx___sys_accept4+0x10/0x10 [ 560.515065][T15807] ? __pfx_ksys_write+0x10/0x10 [ 560.515088][T15807] __x64_sys_accept+0x7d/0x90 [ 560.515114][T15807] do_syscall_64+0xfa/0xfa0 [ 560.515142][T15807] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.515162][T15807] ? clear_bhb_loop+0x60/0xb0 [ 560.515185][T15807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.515205][T15807] RIP: 0033:0x7f19f158ebe9 [ 560.515223][T15807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 560.515243][T15807] RSP: 002b:00007f19f24cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 560.515266][T15807] RAX: ffffffffffffffda RBX: 00007f19f17b5fa0 RCX: 00007f19f158ebe9 [ 560.515281][T15807] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 560.515294][T15807] RBP: 00007f19f24cc090 R08: 0000000000000000 R09: 0000000000000000 [ 560.515306][T15807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 560.515317][T15807] R13: 00007f19f17b6038 R14: 00007f19f17b5fa0 R15: 00007ffd3bba9ef8 [ 560.515343][T15807] [ 560.516107][ T5978] usb 4-1: USB disconnect, device number 49 [ 561.007605][T15819] FAULT_INJECTION: forcing a failure. [ 561.007605][T15819] name failslab, interval 1, probability 0, space 0, times 0 [ 561.022517][T15819] CPU: 1 UID: 0 PID: 15819 Comm: syz.4.3435 Not tainted syzkaller #0 PREEMPT(full) [ 561.022552][T15819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 561.022565][T15819] Call Trace: [ 561.022573][T15819] [ 561.022582][T15819] dump_stack_lvl+0x189/0x250 [ 561.022619][T15819] ? __pfx____ratelimit+0x10/0x10 [ 561.022646][T15819] ? __pfx_dump_stack_lvl+0x10/0x10 [ 561.022677][T15819] ? __pfx__printk+0x10/0x10 [ 561.022709][T15819] ? __pfx___might_resched+0x10/0x10 [ 561.022731][T15819] ? lock_acquire+0x5f/0x360 [ 561.022751][T15819] should_fail_ex+0x414/0x560 [ 561.022782][T15819] should_failslab+0xa8/0x100 [ 561.022801][T15819] __kmalloc_cache_noprof+0x70/0x3a0 [ 561.022832][T15819] ? dummy_urb_enqueue+0x7c/0x780 [ 561.022856][T15819] dummy_urb_enqueue+0x7c/0x780 [ 561.022875][T15819] ? usb_hcd_map_urb_for_dma+0x44f/0xd80 [ 561.022901][T15819] usb_hcd_submit_urb+0x322/0x1aa0 [ 561.022928][T15819] usb_start_wait_urb+0x114/0x4c0 [ 561.022960][T15819] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 561.022999][T15819] usb_control_msg+0x232/0x3e0 [ 561.023028][T15819] usbtmc_ioctl_clear+0x14d/0x880 [ 561.023062][T15819] ? __pfx___mutex_lock+0x10/0x10 [ 561.023094][T15819] ? __pfx_usbtmc_ioctl_clear+0x10/0x10 [ 561.023126][T15819] ? __fget_files+0x3a0/0x420 [ 561.023152][T15819] usbtmc_ioctl+0x50c/0x720 [ 561.023182][T15819] ? __pfx_usbtmc_ioctl+0x10/0x10 [ 561.023284][T15819] __se_sys_ioctl+0xf9/0x170 [ 561.023316][T15819] do_syscall_64+0xfa/0xfa0 [ 561.023343][T15819] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.023363][T15819] ? clear_bhb_loop+0x60/0xb0 [ 561.023382][T15819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.023397][T15819] RIP: 0033:0x7fa17398ebe9 [ 561.023410][T15819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 561.023423][T15819] RSP: 002b:00007fa174844038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 561.023440][T15819] RAX: ffffffffffffffda RBX: 00007fa173bb6180 RCX: 00007fa17398ebe9 [ 561.023451][T15819] RDX: 0000000000000000 RSI: 0000000000005b02 RDI: 0000000000000004 [ 561.023460][T15819] RBP: 00007fa174844090 R08: 0000000000000000 R09: 0000000000000000 [ 561.023470][T15819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 561.023479][T15819] R13: 00007fa173bb6218 R14: 00007fa173bb6180 R15: 00007fff4e8ab368 [ 561.023496][T15819] [ 561.023551][T15819] usbtmc 5-1:16.0: usb_control_msg returned -12 [ 561.115080][T15821] binder: 15820:15821 ioctl c00c6211 0 returned -14 [ 561.298289][T14959] usb 2-1: USB disconnect, device number 31 [ 561.542604][T15843] hpfs: Bad magic ... probably not HPFS [ 561.565969][T15845] netlink: 260 bytes leftover after parsing attributes in process `syz.3.3449'. [ 561.871145][ T951] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 561.911192][ T5978] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 562.031143][ T951] usb 1-1: Using ep0 maxpacket: 32 [ 562.036852][ T951] usb 1-1: too many configurations: 17, using maximum allowed: 8 [ 562.046062][ T951] usb 1-1: config 0 has no interfaces? [ 562.053434][ T951] usb 1-1: config 0 has no interfaces? [ 562.060630][ T951] usb 1-1: config 0 has no interfaces? [ 562.067285][ T951] usb 1-1: config 0 has no interfaces? [ 562.071230][ T5978] usb 2-1: Using ep0 maxpacket: 8 [ 562.074634][ T951] usb 1-1: config 0 has no interfaces? [ 562.081166][ T5978] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 562.084836][ T951] usb 1-1: config 0 has no interfaces? [ 562.093289][ T5978] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 562.098344][ T951] usb 1-1: config 0 has no interfaces? [ 562.106980][ T24] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 562.113798][ T951] usb 1-1: config 0 has no interfaces? [ 562.122356][ T5978] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 562.128141][ T951] usb 1-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 562.136878][ T5978] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 562.144877][ T951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.156165][ T5978] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 562.163316][ T951] usb 1-1: Product: syz [ 562.180433][ T951] usb 1-1: Manufacturer: syz [ 562.185729][ T5978] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 562.186018][ T951] usb 1-1: SerialNumber: syz [ 562.195703][ T5978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.202309][ T951] usb 1-1: config 0 descriptor?? [ 562.281196][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 562.287732][ T24] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 562.298853][ T24] usb 4-1: config 0 has no interfaces? [ 562.305267][ T24] usb 4-1: config 0 has no interfaces? [ 562.312973][ T24] usb 4-1: config 0 has no interfaces? [ 562.319286][ T24] usb 4-1: config 0 has no interfaces? [ 562.325853][ T24] usb 4-1: config 0 has no interfaces? [ 562.332278][ T24] usb 4-1: config 0 has no interfaces? [ 562.338571][ T24] usb 4-1: config 0 has no interfaces? [ 562.344970][ T24] usb 4-1: config 0 has no interfaces? [ 562.353657][ T24] usb 4-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 562.362900][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.371632][ T24] usb 4-1: Product: syz [ 562.375936][ T24] usb 4-1: Manufacturer: syz [ 562.380557][ T24] usb 4-1: SerialNumber: syz [ 562.387609][ T24] usb 4-1: config 0 descriptor?? [ 562.418919][ T5978] usb 2-1: usb_control_msg returned -32 [ 562.424677][ T5978] usbtmc 2-1:16.0: can't read capabilities [ 562.594065][T15861] FAULT_INJECTION: forcing a failure. [ 562.594065][T15861] name failslab, interval 1, probability 0, space 0, times 0 [ 562.607200][T15861] CPU: 1 UID: 0 PID: 15861 Comm: syz.3.3455 Not tainted syzkaller #0 PREEMPT(full) [ 562.607230][T15861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 562.607243][T15861] Call Trace: [ 562.607251][T15861] [ 562.607259][T15861] dump_stack_lvl+0x189/0x250 [ 562.607295][T15861] ? __pfx____ratelimit+0x10/0x10 [ 562.607404][T15861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 562.607436][T15861] ? __pfx__printk+0x10/0x10 [ 562.607465][T15861] ? fs_reclaim_acquire+0x7d/0x100 [ 562.607487][T15861] ? __pfx___might_resched+0x10/0x10 [ 562.607508][T15861] ? lock_acquire+0x5f/0x360 [ 562.607529][T15861] should_fail_ex+0x414/0x560 [ 562.607559][T15861] should_failslab+0xa8/0x100 [ 562.607578][T15861] kmem_cache_alloc_noprof+0x73/0x390 [ 562.607608][T15861] ? alloc_empty_file+0x55/0x1d0 [ 562.607637][T15861] alloc_empty_file+0x55/0x1d0 [ 562.607665][T15861] alloc_file_pseudo+0x13d/0x210 [ 562.607695][T15861] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 562.607723][T15861] ? evm_inode_alloc_security+0x40/0xb0 [ 562.607743][T15861] ? security_inode_alloc+0xd5/0x330 [ 562.607775][T15861] sock_alloc_file+0xb8/0x2e0 [ 562.607798][T15861] do_accept+0x34b/0x680 [ 562.607854][T15861] ? rcu_is_watching+0x15/0xb0 [ 562.607878][T15861] ? __pfx_do_accept+0x10/0x10 [ 562.607913][T15861] __sys_accept4+0x11c/0x1c0 [ 562.607940][T15861] ? __pfx___sys_accept4+0x10/0x10 [ 562.607965][T15861] ? __pfx_ksys_write+0x10/0x10 [ 562.607988][T15861] __x64_sys_accept+0x7d/0x90 [ 562.608016][T15861] do_syscall_64+0xfa/0xfa0 [ 562.608121][T15861] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.608142][T15861] ? clear_bhb_loop+0x60/0xb0 [ 562.608172][T15861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.608192][T15861] RIP: 0033:0x7f19f158ebe9 [ 562.608212][T15861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.608231][T15861] RSP: 002b:00007f19f24cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 562.608254][T15861] RAX: ffffffffffffffda RBX: 00007f19f17b5fa0 RCX: 00007f19f158ebe9 [ 562.608270][T15861] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 562.608282][T15861] RBP: 00007f19f24cc090 R08: 0000000000000000 R09: 0000000000000000 [ 562.608295][T15861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 562.608307][T15861] R13: 00007f19f17b6038 R14: 00007f19f17b5fa0 R15: 00007ffd3bba9ef8 [ 562.608332][T15861] [ 562.611192][ T951] usb 4-1: USB disconnect, device number 50 [ 562.672384][ T5978] usb 5-1: USB disconnect, device number 115 [ 563.125052][T15874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 563.141382][T15874] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 563.164949][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.172515][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.640695][ T9] usb 1-1: USB disconnect, device number 71 [ 564.681297][ T44] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 564.699021][T14959] usb 2-1: USB disconnect, device number 32 [ 564.831283][ T5978] usb 5-1: new high-speed USB device number 116 using dummy_hcd [ 564.841267][ T44] usb 4-1: Using ep0 maxpacket: 8 [ 564.847651][ T44] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 564.856068][ T44] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 564.865916][ T44] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 564.876097][ T44] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 564.886100][ T44] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 564.899194][ T44] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 564.908656][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.991218][ T5978] usb 5-1: Using ep0 maxpacket: 16 [ 564.999201][ T5978] usb 5-1: config 9 has an invalid interface number: 104 but max is 0 [ 565.007744][ T5978] usb 5-1: config 9 has no interface number 0 [ 565.015722][ T5978] usb 5-1: config 9 interface 104 altsetting 216 endpoint 0x1 has invalid wMaxPacketSize 0 [ 565.027730][ T5978] usb 5-1: config 9 interface 104 altsetting 216 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 565.041368][ T5978] usb 5-1: config 9 interface 104 altsetting 216 has a duplicate endpoint with address 0x1, skipping [ 565.053588][ T5978] usb 5-1: config 9 interface 104 altsetting 216 has an invalid descriptor for endpoint zero, skipping [ 565.064723][ T5978] usb 5-1: config 9 interface 104 altsetting 216 has an invalid descriptor for endpoint zero, skipping [ 565.075946][ T5978] usb 5-1: config 9 interface 104 has no altsetting 0 [ 565.084927][ T5978] usb 5-1: New USB device found, idVendor=413c, idProduct=8172, bcdDevice=5b.23 [ 565.094977][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.103105][ T5978] usb 5-1: Product: щ [ 565.107237][ T5978] usb 5-1: Manufacturer: 碪嵲⣃텉돃릹筈ⴖǑ吪饎옄삾漠৺尌喯䲪뤵ᵗ찬ׇ䶩䄣꺐불꽐쭛뙈᩿禢㑩㔿낶擥⏖⎝梲긝ඪ㑟魒径癨⤦ [ 565.124598][ T5978] usb 5-1: SerialNumber: 홐ය㱂ﱥ昁 [ 565.131375][T14959] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 565.132133][ T44] usb 4-1: usb_control_msg returned -32 [ 565.145697][ T44] usbtmc 4-1:16.0: can't read capabilities [ 565.291186][T14959] usb 2-1: Using ep0 maxpacket: 32 [ 565.296879][T14959] usb 2-1: too many configurations: 17, using maximum allowed: 8 [ 565.307006][T14959] usb 2-1: config 0 has no interfaces? [ 565.315053][T14959] usb 2-1: config 0 has no interfaces? [ 565.322705][T14959] usb 2-1: config 0 has no interfaces? [ 565.329005][T14959] usb 2-1: config 0 has no interfaces? [ 565.335729][T14959] usb 2-1: config 0 has no interfaces? [ 565.343293][T14959] usb 2-1: config 0 has no interfaces? [ 565.349670][T14959] usb 2-1: config 0 has no interfaces? [ 565.356417][T14959] usb 2-1: config 0 has no interfaces? [ 565.363709][T14959] usb 2-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 565.371331][ T5978] usb 5-1: USB disconnect, device number 116 [ 565.373120][T14959] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.388186][T14959] usb 2-1: Product: syz [ 565.393174][T14959] usb 2-1: Manufacturer: syz [ 565.397909][T14959] usb 2-1: SerialNumber: syz [ 565.411639][T14959] usb 2-1: config 0 descriptor?? [ 565.617981][T15907] FAULT_INJECTION: forcing a failure. [ 565.617981][T15907] name failslab, interval 1, probability 0, space 0, times 0 [ 565.630808][T15907] CPU: 1 UID: 0 PID: 15907 Comm: syz.1.3473 Not tainted syzkaller #0 PREEMPT(full) [ 565.630836][T15907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 565.630850][T15907] Call Trace: [ 565.630858][T15907] [ 565.630866][T15907] dump_stack_lvl+0x189/0x250 [ 565.630930][T15907] ? __pfx____ratelimit+0x10/0x10 [ 565.630949][T15907] ? __pfx_dump_stack_lvl+0x10/0x10 [ 565.630971][T15907] ? __pfx__printk+0x10/0x10 [ 565.630993][T15907] ? __pfx___might_resched+0x10/0x10 [ 565.631009][T15907] ? lock_acquire+0x5f/0x360 [ 565.631029][T15907] should_fail_ex+0x414/0x560 [ 565.631072][T15907] should_failslab+0xa8/0x100 [ 565.631092][T15907] kmem_cache_alloc_noprof+0x73/0x390 [ 565.631121][T15907] ? security_file_alloc+0x34/0x330 [ 565.631144][T15907] security_file_alloc+0x34/0x330 [ 565.631165][T15907] init_file+0x93/0x2f0 [ 565.631193][T15907] alloc_empty_file+0x6e/0x1d0 [ 565.631220][T15907] alloc_file_pseudo+0x13d/0x210 [ 565.631249][T15907] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 565.631277][T15907] ? evm_inode_alloc_security+0x40/0xb0 [ 565.631297][T15907] ? security_inode_alloc+0xd5/0x330 [ 565.631328][T15907] sock_alloc_file+0xb8/0x2e0 [ 565.631352][T15907] do_accept+0x34b/0x680 [ 565.631378][T15907] ? rcu_is_watching+0x15/0xb0 [ 565.631401][T15907] ? __pfx_do_accept+0x10/0x10 [ 565.631436][T15907] __sys_accept4+0x11c/0x1c0 [ 565.631462][T15907] ? __pfx___sys_accept4+0x10/0x10 [ 565.631487][T15907] ? __pfx_ksys_write+0x10/0x10 [ 565.631511][T15907] __x64_sys_accept+0x7d/0x90 [ 565.631537][T15907] do_syscall_64+0xfa/0xfa0 [ 565.631566][T15907] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.631586][T15907] ? clear_bhb_loop+0x60/0xb0 [ 565.631608][T15907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.631628][T15907] RIP: 0033:0x7f6ee4b8ebe9 [ 565.631647][T15907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.631665][T15907] RSP: 002b:00007f6ee5a3b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 565.631687][T15907] RAX: ffffffffffffffda RBX: 00007f6ee4db5fa0 RCX: 00007f6ee4b8ebe9 [ 565.631701][T15907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 565.631713][T15907] RBP: 00007f6ee5a3b090 R08: 0000000000000000 R09: 0000000000000000 [ 565.631726][T15907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 565.631738][T15907] R13: 00007f6ee4db6038 R14: 00007f6ee4db5fa0 R15: 00007ffd23a33c18 [ 565.631761][T15907] [ 565.883087][ T5978] usb 2-1: USB disconnect, device number 33 [ 565.889592][T15925] FAULT_INJECTION: forcing a failure. [ 565.889592][T15925] name failslab, interval 1, probability 0, space 0, times 0 [ 565.902523][T15925] CPU: 0 UID: 0 PID: 15925 Comm: syz.3.3468 Not tainted syzkaller #0 PREEMPT(full) [ 565.902551][T15925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 565.902565][T15925] Call Trace: [ 565.902573][T15925] [ 565.902587][T15925] dump_stack_lvl+0x189/0x250 [ 565.902622][T15925] ? __pfx____ratelimit+0x10/0x10 [ 565.902647][T15925] ? __pfx_dump_stack_lvl+0x10/0x10 [ 565.902676][T15925] ? __pfx__printk+0x10/0x10 [ 565.902705][T15925] ? __pfx___might_resched+0x10/0x10 [ 565.902727][T15925] ? lock_acquire+0x5f/0x360 [ 565.902748][T15925] should_fail_ex+0x414/0x560 [ 565.902779][T15925] should_failslab+0xa8/0x100 [ 565.902799][T15925] __kmalloc_cache_noprof+0x70/0x3a0 [ 565.902830][T15925] ? usb_control_msg+0x73/0x3e0 [ 565.902860][T15925] usb_control_msg+0x73/0x3e0 [ 565.902900][T15925] usbtmc_ioctl_clear+0x243/0x880 [ 565.902932][T15925] ? __pfx___mutex_lock+0x10/0x10 [ 565.902964][T15925] ? __pfx_usbtmc_ioctl_clear+0x10/0x10 [ 565.902996][T15925] ? __fget_files+0x3a0/0x420 [ 565.903022][T15925] usbtmc_ioctl+0x50c/0x720 [ 565.903052][T15925] ? __pfx_usbtmc_ioctl+0x10/0x10 [ 565.903081][T15925] __se_sys_ioctl+0xf9/0x170 [ 565.903113][T15925] do_syscall_64+0xfa/0xfa0 [ 565.903139][T15925] ? rcu_is_watching+0x15/0xb0 [ 565.903163][T15925] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.903183][T15925] ? clear_bhb_loop+0x60/0xb0 [ 565.903205][T15925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.903224][T15925] RIP: 0033:0x7f19f158ebe9 [ 565.903243][T15925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.903260][T15925] RSP: 002b:00007f19f248a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 565.903282][T15925] RAX: ffffffffffffffda RBX: 00007f19f17b6180 RCX: 00007f19f158ebe9 [ 565.903298][T15925] RDX: 0000000000000000 RSI: 0000000000005b02 RDI: 0000000000000004 [ 565.903310][T15925] RBP: 00007f19f248a090 R08: 0000000000000000 R09: 0000000000000000 [ 565.903322][T15925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 565.903334][T15925] R13: 00007f19f17b6218 R14: 00007f19f17b6180 R15: 00007ffd3bba9ef8 [ 565.903357][T15925] [ 565.903398][T15925] usbtmc 4-1:16.0: usb_control_msg returned -12 [ 566.150529][T15927] Mount JFS Failure: -22 [ 566.229070][T15933] erofs (device rnullb0): cannot find valid erofs superblock [ 566.511320][ T5978] usb 5-1: new high-speed USB device number 117 using dummy_hcd [ 566.561353][T14959] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 566.661188][ T5978] usb 5-1: Using ep0 maxpacket: 8 [ 566.668189][ T5978] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 566.676680][ T5978] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 566.686541][ T5978] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 566.696348][ T5978] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 566.706352][ T5978] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 566.719388][ T5978] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 566.721165][T14959] usb 1-1: Using ep0 maxpacket: 32 [ 566.728526][ T5978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.736724][T14959] usb 1-1: too many configurations: 17, using maximum allowed: 8 [ 566.751004][T14959] usb 1-1: config index 0 descriptor too short (expected 8192, got 36) [ 566.763652][T14959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 566.774375][T14959] usb 1-1: config 0 has no interfaces? [ 566.780806][T14959] usb 1-1: config index 1 descriptor too short (expected 8192, got 36) [ 566.789435][T14959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 566.799620][T14959] usb 1-1: config 0 has no interfaces? [ 566.806039][T14959] usb 1-1: config index 2 descriptor too short (expected 8192, got 36) [ 566.814401][T14959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 566.824611][T14959] usb 1-1: config 0 has no interfaces? [ 566.830981][T14959] usb 1-1: config index 3 descriptor too short (expected 8192, got 36) [ 566.839351][T14959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 566.849564][T14959] usb 1-1: config 0 has no interfaces? [ 566.856452][T14959] usb 1-1: config index 4 descriptor too short (expected 8192, got 36) [ 566.864840][T14959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 566.875449][T14959] usb 1-1: config 0 has no interfaces? [ 566.882550][T14959] usb 1-1: config index 5 descriptor too short (expected 8192, got 36) [ 566.890870][T14959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 566.901280][T14959] usb 1-1: config 0 has no interfaces? [ 566.907646][T14959] usb 1-1: config index 6 descriptor too short (expected 8192, got 36) [ 566.915997][T14959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 566.926416][T14959] usb 1-1: config 0 has no interfaces? [ 566.932857][T14959] usb 1-1: config index 7 descriptor too short (expected 8192, got 36) [ 566.941241][T14959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 566.951392][T14959] usb 1-1: config 0 has no interfaces? [ 566.958852][T14959] usb 1-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 566.965370][ T5978] usb 5-1: usb_control_msg returned -32 [ 566.968082][T14959] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.982007][ T5978] usbtmc 5-1:16.0: can't read capabilities [ 566.983991][T14959] usb 1-1: Product: syz [ 566.994168][T14959] usb 1-1: Manufacturer: syz [ 566.998962][T14959] usb 1-1: SerialNumber: syz [ 567.007159][T14959] usb 1-1: config 0 descriptor?? [ 567.222639][T14959] usb 1-1: USB disconnect, device number 72 [ 567.457244][T14959] usb 4-1: USB disconnect, device number 51 [ 567.711828][T15958] 8021q: VLANs not supported on vcan0 [ 567.756864][T15963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 567.778776][T15963] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 568.078658][T15982] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3499'. [ 568.471161][ T9] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 568.621272][T14959] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 568.641328][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 568.647355][ T9] usb 2-1: too many configurations: 17, using maximum allowed: 8 [ 568.658149][ T9] usb 2-1: config 0 has no interfaces? [ 568.665284][ T9] usb 2-1: config 0 has no interfaces? [ 568.671931][ T9] usb 2-1: config 0 has no interfaces? [ 568.678708][ T9] usb 2-1: config 0 has no interfaces? [ 568.687043][ T9] usb 2-1: config 0 has no interfaces? [ 568.693848][ T9] usb 2-1: config 0 has no interfaces? [ 568.700475][ T9] usb 2-1: config 0 has no interfaces? [ 568.707955][ T9] usb 2-1: config 0 has no interfaces? [ 568.716488][ T9] usb 2-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 568.725986][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.734312][ T9] usb 2-1: Product: syz [ 568.738671][ T9] usb 2-1: Manufacturer: syz [ 568.743670][ T9] usb 2-1: SerialNumber: syz [ 568.750035][ T9] usb 2-1: config 0 descriptor?? [ 568.781125][T14959] usb 4-1: Using ep0 maxpacket: 8 [ 568.788116][T14959] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 568.797160][T14959] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 568.807354][T14959] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 568.818571][T14959] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 568.828952][T14959] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 568.842377][T14959] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 568.851723][T14959] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.869948][T16013] delete_channel: no stack [ 568.961820][T15984] FAULT_INJECTION: forcing a failure. [ 568.961820][T15984] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 568.976748][T15984] CPU: 0 UID: 0 PID: 15984 Comm: syz.1.3500 Not tainted syzkaller #0 PREEMPT(full) [ 568.976778][T15984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 568.976791][T15984] Call Trace: [ 568.976801][T15984] [ 568.976808][T15984] dump_stack_lvl+0x189/0x250 [ 568.976844][T15984] ? __pfx____ratelimit+0x10/0x10 [ 568.976874][T15984] ? __pfx_dump_stack_lvl+0x10/0x10 [ 568.976904][T15984] ? __pfx__printk+0x10/0x10 [ 568.976935][T15984] ? rcu_is_watching+0x15/0xb0 [ 568.976960][T15984] should_fail_ex+0x414/0x560 [ 568.976991][T15984] _copy_to_user+0x31/0xb0 [ 568.977015][T15984] simple_read_from_buffer+0xe1/0x170 [ 568.977040][T15984] proc_fail_nth_read+0x1b3/0x220 [ 568.977070][T15984] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 568.977100][T15984] ? rw_verify_area+0x2a6/0x4d0 [ 568.977120][T15984] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 568.977148][T15984] vfs_read+0x200/0xa30 [ 568.977166][T15984] ? fdget_pos+0x247/0x320 [ 568.977191][T15984] ? __pfx___mutex_lock+0x10/0x10 [ 568.977219][T15984] ? __pfx_vfs_read+0x10/0x10 [ 568.977243][T15984] ? __fget_files+0x3a0/0x420 [ 568.977267][T15984] ? __fget_files+0x2a/0x420 [ 568.977295][T15984] ksys_read+0x145/0x250 [ 568.977315][T15984] ? __pfx_ksys_read+0x10/0x10 [ 568.977337][T15984] ? rcu_is_watching+0x15/0xb0 [ 568.977360][T15984] do_syscall_64+0xfa/0xfa0 [ 568.977388][T15984] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.977410][T15984] ? clear_bhb_loop+0x60/0xb0 [ 568.977433][T15984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.977453][T15984] RIP: 0033:0x7f6ee4b8d5fc [ 568.977470][T15984] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 568.977489][T15984] RSP: 002b:00007f6ee5a3b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 568.977510][T15984] RAX: ffffffffffffffda RBX: 00007f6ee4db5fa0 RCX: 00007f6ee4b8d5fc [ 568.977526][T15984] RDX: 000000000000000f RSI: 00007f6ee5a3b0a0 RDI: 0000000000000006 [ 568.977538][T15984] RBP: 00007f6ee5a3b090 R08: 0000000000000000 R09: 0000000000000000 [ 568.977551][T15984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.977562][T15984] R13: 00007f6ee4db6038 R14: 00007f6ee4db5fa0 R15: 00007ffd23a33c18 [ 568.977585][T15984] [ 569.204017][ C0] vkms_vblank_simulate: vblank timer overrun [ 569.220130][T14959] usb 4-1: usb_control_msg returned -32 [ 569.226229][T14959] usbtmc 4-1:16.0: can't read capabilities [ 569.235888][ T5978] usb 2-1: USB disconnect, device number 34 [ 569.300744][ T951] usb 5-1: USB disconnect, device number 117 [ 569.604055][T16042] netlink: 'syz.1.3527': attribute type 3 has an invalid length. [ 569.613471][T16042] netlink: 1656 bytes leftover after parsing attributes in process `syz.1.3527'. [ 569.961460][T16052] FAULT_INJECTION: forcing a failure. [ 569.961460][T16052] name failslab, interval 1, probability 0, space 0, times 0 [ 570.081738][T16052] CPU: 0 UID: 0 PID: 16052 Comm: syz.3.3503 Not tainted syzkaller #0 PREEMPT(full) [ 570.081776][T16052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 570.081791][T16052] Call Trace: [ 570.081799][T16052] [ 570.081808][T16052] dump_stack_lvl+0x189/0x250 [ 570.081844][T16052] ? __pfx____ratelimit+0x10/0x10 [ 570.081871][T16052] ? __pfx_dump_stack_lvl+0x10/0x10 [ 570.081902][T16052] ? __pfx__printk+0x10/0x10 [ 570.081932][T16052] ? fs_reclaim_acquire+0x7d/0x100 [ 570.081955][T16052] ? __pfx___might_resched+0x10/0x10 [ 570.081977][T16052] ? lock_acquire+0x5f/0x360 [ 570.081998][T16052] should_fail_ex+0x414/0x560 [ 570.082028][T16052] should_failslab+0xa8/0x100 [ 570.082049][T16052] __kmalloc_noprof+0xcb/0x4b0 [ 570.082079][T16052] ? __kasan_kmalloc+0x93/0xb0 [ 570.082108][T16052] ? usb_alloc_urb+0x46/0x150 [ 570.082136][T16052] usb_alloc_urb+0x46/0x150 [ 570.082162][T16052] usb_control_msg+0x118/0x3e0 [ 570.082192][T16052] usbtmc_ioctl_clear+0x243/0x880 [ 570.082229][T16052] ? __pfx_usbtmc_ioctl_clear+0x10/0x10 [ 570.082260][T16052] ? usbtmc_ioctl+0xe4/0x720 [ 570.082289][T16052] ? __sanitizer_cov_trace_switch+0x8f/0x130 [ 570.082322][T16052] usbtmc_ioctl+0x50c/0x720 [ 570.082351][T16052] ? __pfx_usbtmc_ioctl+0x10/0x10 [ 570.082380][T16052] __se_sys_ioctl+0xf9/0x170 [ 570.082413][T16052] do_syscall_64+0xfa/0xfa0 [ 570.082445][T16052] ? rcu_is_watching+0x15/0xb0 [ 570.082467][T16052] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.082488][T16052] ? clear_bhb_loop+0x60/0xb0 [ 570.082511][T16052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.082531][T16052] RIP: 0033:0x7f19f158ebe9 [ 570.082549][T16052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 570.082567][T16052] RSP: 002b:00007f19f248a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 570.082590][T16052] RAX: ffffffffffffffda RBX: 00007f19f17b6180 RCX: 00007f19f158ebe9 [ 570.082606][T16052] RDX: 0000000000000000 RSI: 0000000000005b02 RDI: 0000000000000004 [ 570.082618][T16052] RBP: 00007f19f248a090 R08: 0000000000000000 R09: 0000000000000000 [ 570.082631][T16052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 570.082643][T16052] R13: 00007f19f17b6218 R14: 00007f19f17b6180 R15: 00007ffd3bba9ef8 [ 570.082666][T16052] [ 570.141703][T16052] usbtmc 4-1:16.0: usb_control_msg returned -12 [ 570.146701][ C0] vkms_vblank_simulate: vblank timer overrun [ 570.610423][T16073] "syz.0.3540" (16073) uses obsolete ecb(arc4) skcipher [ 571.388996][ T5978] usb 4-1: USB disconnect, device number 52 [ 572.583549][T16133] netlink: 388 bytes leftover after parsing attributes in process `syz.0.3563'. [ 573.984013][ C1] ------------[ cut here ]------------ [ 573.989574][ C1] WARNING: ./include/linux/skbuff.h:1165 at nf_send_reset6+0xb3a/0xde0, CPU#1: syz.0.3585/16188 [ 574.000127][ C1] Modules linked in: [ 574.004080][ C1] CPU: 1 UID: 0 PID: 16188 Comm: syz.0.3585 Not tainted syzkaller #0 PREEMPT(full) [ 574.013555][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 574.023735][ C1] RIP: 0010:nf_send_reset6+0xb3a/0xde0 [ 574.029284][ C1] Code: 00 fc ff df 4c 8b 64 24 18 4c 89 e7 31 f6 e8 8d ff 1c ff e9 67 f6 ff ff e8 43 29 6f f7 31 ff 4c 89 e6 eb b1 e8 37 29 6f f7 90 <0f> 0b 90 e9 2f f8 ff ff e8 29 29 6f f7 90 0f 0b 90 e9 0f f9 ff ff [ 574.049014][ C1] RSP: 0018:ffffc90000a083c0 EFLAGS: 00010246 [ 574.055167][ C1] RAX: ffffffff8a51a599 RBX: 1ffff1100c0fcdb9 RCX: ffff88802f159e00 [ 574.063208][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 574.071283][ C1] RBP: ffffc90000a08568 R08: ffff8880320b7043 R09: 1ffff11006416e08 [ 574.079290][ C1] R10: dffffc0000000000 R11: ffffed1006416e09 R12: ffff8880607e6dc8 [ 574.087324][ C1] R13: ffff888024aa6e01 R14: 0000000000000000 R15: 0000000000000001 [ 574.095361][ C1] FS: 00007f58bdb586c0(0000) GS:ffff8881258c4000(0000) knlGS:0000000000000000 [ 574.104350][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 574.110960][ C1] CR2: 0000200000000200 CR3: 0000000055a5c000 CR4: 00000000003526f0 [ 574.118997][ C1] DR0: 0000000000000006 DR1: 0000000000000001 DR2: 0000000000000098 [ 574.127024][ C1] DR3: 0000000000000003 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 574.135059][ C1] Call Trace: [ 574.138397][ C1] [ 574.141299][ C1] ? __pfx_nf_send_reset6+0x10/0x10 [ 574.146536][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.151364][ C1] ? __resched_curr+0x202/0x3e0 [ 574.156256][ C1] ? unwind_next_frame+0xa5/0x2390 [ 574.161438][ C1] nft_reject_inet_eval+0x32e/0x690 [ 574.166808][ C1] nft_do_chain+0x40c/0x1920 [ 574.171467][ C1] ? unwind_next_frame+0xa5/0x2390 [ 574.176615][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.181540][ C1] ? unwind_next_frame+0xa5/0x2390 [ 574.186693][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 574.191774][ C1] ? ipv6_find_hdr+0xc78/0x1050 [ 574.196671][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.201523][ C1] ? lock_release+0x4b/0x3e0 [ 574.206158][ C1] ? is_bpf_text_address+0x292/0x2b0 [ 574.211516][ C1] nft_do_chain_inet+0x25d/0x340 [ 574.216491][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 574.222033][ C1] ? NF_HOOK+0x9a/0x3a0 [ 574.226322][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.231158][ C1] ? lock_acquire+0x5f/0x360 [ 574.235777][ C1] ? ip_sabotage_in+0x57/0x270 [ 574.240577][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 574.246111][ C1] nf_hook_slow+0xc5/0x220 [ 574.250575][ C1] NF_HOOK+0x206/0x3a0 [ 574.254698][ C1] ? skb_orphan+0xaf/0xd0 [ 574.259057][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 574.264318][ C1] ? NF_HOOK+0x9a/0x3a0 [ 574.268520][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 574.273172][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 574.278402][ C1] __netif_receive_skb+0xd3/0x380 [ 574.283487][ C1] ? process_backlog+0x2d5/0x14f0 [ 574.288546][ C1] process_backlog+0x60e/0x14f0 [ 574.293456][ C1] ? __pfx_process_backlog+0x10/0x10 [ 574.298770][ C1] ? net_rx_action+0x51b/0xe30 [ 574.303591][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.308387][ C1] __napi_poll+0xc4/0x360 [ 574.312781][ C1] net_rx_action+0x707/0xe30 [ 574.317424][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.322248][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 574.327390][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 574.333687][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 574.338920][ C1] ? __pfx_sched_clock_cpu+0x10/0x10 [ 574.344260][ C1] handle_softirqs+0x283/0x870 [ 574.349053][ C1] ? do_softirq+0xec/0x180 [ 574.353537][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 574.358849][ C1] ? __dev_queue_xmit+0x27b/0x3b50 [ 574.364009][ C1] do_softirq+0xec/0x180 [ 574.368279][ C1] [ 574.371249][ C1] [ 574.374199][ C1] ? __pfx_do_softirq+0x10/0x10 [ 574.379080][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.383902][ C1] __local_bh_enable_ip+0x17d/0x1c0 [ 574.389126][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 574.394897][ C1] ? __dev_queue_xmit+0x27b/0x3b50 [ 574.400029][ C1] ? lock_release+0x4b/0x3e0 [ 574.404685][ C1] ? __dev_queue_xmit+0x27b/0x3b50 [ 574.409821][ C1] ? __dev_queue_xmit+0x27b/0x3b50 [ 574.415068][ C1] __dev_queue_xmit+0x1d79/0x3b50 [ 574.420137][ C1] ? __dev_queue_xmit+0x27b/0x3b50 [ 574.425320][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 574.430725][ C1] ? nf_hook+0x9d/0x380 [ 574.434931][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.439731][ C1] ? ip6_xmit+0x107a/0x1840 [ 574.444282][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.449078][ C1] ? ip6_xmit+0x107a/0x1840 [ 574.453634][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.458431][ C1] ? ip6_xmit+0x107a/0x1840 [ 574.462980][ C1] ? ip6_finish_output2+0xf99/0x16a0 [ 574.468301][ C1] ip6_finish_output2+0x11bc/0x16a0 [ 574.473614][ C1] ? ip6_finish_output2+0x701/0x16a0 [ 574.479011][ C1] ? __pfx_ip6_finish_output2+0x10/0x10 [ 574.484697][ C1] ? ip6_mtu+0x7d/0x3f0 [ 574.488952][ C1] ? ip6_finish_output+0x2ef/0x4e0 [ 574.494193][ C1] ip6_xmit+0x107a/0x1840 [ 574.498596][ C1] ? __pfx_ip6_xmit+0x10/0x10 [ 574.503415][ C1] ? inet6_csk_xmit+0x1d4/0x780 [ 574.508346][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.513237][ C1] ? lock_acquire+0x5f/0x360 [ 574.517897][ C1] ? inet6_csk_xmit+0x406/0x780 [ 574.522865][ C1] inet6_csk_xmit+0x4db/0x780 [ 574.527623][ C1] ? inet6_csk_xmit+0x1d4/0x780 [ 574.532580][ C1] ? __pfx_inet6_csk_xmit+0x10/0x10 [ 574.537851][ C1] ? tcp_syn_options+0x5a4/0xaa0 [ 574.542908][ C1] ? csum_ipv6_magic+0x1ea/0x2f0 [ 574.547926][ C1] ? __pfx_inet6_csk_xmit+0x10/0x10 [ 574.553236][ C1] __tcp_transmit_skb+0x1db8/0x3680 [ 574.558508][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.563404][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.568251][ C1] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 574.573923][ C1] ? __asan_memset+0x22/0x50 [ 574.578592][ C1] ? tcp_rbtree_insert+0x11e/0x170 [ 574.583801][ C1] ? tcp_connect+0x1e69/0x4ef0 [ 574.588649][ C1] tcp_connect+0x1f76/0x4ef0 [ 574.593375][ C1] ? __pfx_tcp_connect+0x10/0x10 [ 574.598416][ C1] ? __asan_memset+0x22/0x50 [ 574.603125][ C1] ? __pfx_tcp_fastopen_defer_connect+0x10/0x10 [ 574.609452][ C1] ? inet6_hash_connect+0xd8/0x170 [ 574.614686][ C1] tcp_v6_connect+0x11f7/0x1870 [ 574.619620][ C1] ? __pfx_tcp_v6_connect+0x10/0x10 [ 574.624951][ C1] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 574.630441][ C1] ? __pfx___might_resched+0x10/0x10 [ 574.635858][ C1] __inet_stream_connect+0x2ab/0xe80 [ 574.641252][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.646069][ C1] ? __pfx___inet_stream_connect+0x10/0x10 [ 574.652029][ C1] ? inet_stream_connect+0x51/0xa0 [ 574.657242][ C1] ? __local_bh_enable_ip+0x12d/0x1c0 [ 574.662713][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 574.668514][ C1] inet_stream_connect+0x66/0xa0 [ 574.673555][ C1] __sys_connect+0x316/0x440 [ 574.678267][ C1] ? __pfx___sys_connect+0x10/0x10 [ 574.683500][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.688336][ C1] __x64_sys_connect+0x7a/0x90 [ 574.693214][ C1] do_syscall_64+0xfa/0xfa0 [ 574.697793][ C1] ? rcu_is_watching+0x15/0xb0 [ 574.702671][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.708816][ C1] ? clear_bhb_loop+0x60/0xb0 [ 574.713619][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.719583][ C1] RIP: 0033:0x7f58bcd8ebe9 [ 574.724125][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 574.743854][ C1] RSP: 002b:00007f58bdb58038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 574.752412][ C1] RAX: ffffffffffffffda RBX: 00007f58bcfb5fa0 RCX: 00007f58bcd8ebe9 [ 574.760472][ C1] RDX: 000000000000001c RSI: 0000200000000200 RDI: 0000000000000004 [ 574.768571][ C1] RBP: 00007f58bce11e19 R08: 0000000000000000 R09: 0000000000000000 [ 574.776619][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 574.784787][ C1] R13: 00007f58bcfb6038 R14: 00007f58bcfb5fa0 R15: 00007ffe7cfd2678 [ 574.792923][ C1] [ 574.796043][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 574.803357][ C1] CPU: 1 UID: 0 PID: 16188 Comm: syz.0.3585 Not tainted syzkaller #0 PREEMPT(full) [ 574.812738][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 574.822811][ C1] Call Trace: [ 574.826108][ C1] [ 574.828968][ C1] dump_stack_lvl+0x99/0x250 [ 574.833583][ C1] ? __asan_memcpy+0x40/0x70 [ 574.838196][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 574.843412][ C1] ? __pfx__printk+0x10/0x10 [ 574.848024][ C1] vpanic+0x281/0x750 [ 574.852026][ C1] ? __pfx_vpanic+0x10/0x10 [ 574.856566][ C1] ? is_bpf_text_address+0x292/0x2b0 [ 574.862209][ C1] ? is_bpf_text_address+0x26/0x2b0 [ 574.867416][ C1] panic+0xb9/0xc0 [ 574.871152][ C1] ? __pfx_panic+0x10/0x10 [ 574.875589][ C1] __warn+0x334/0x4c0 [ 574.879582][ C1] ? nf_send_reset6+0xb3a/0xde0 [ 574.884451][ C1] ? nf_send_reset6+0xb3a/0xde0 [ 574.889315][ C1] report_bug+0x2be/0x4f0 [ 574.893654][ C1] ? nf_send_reset6+0xb3a/0xde0 [ 574.898516][ C1] ? nf_send_reset6+0xb3a/0xde0 [ 574.903378][ C1] ? nf_send_reset6+0xb3c/0xde0 [ 574.908237][ C1] handle_bug+0x84/0x160 [ 574.912498][ C1] exc_invalid_op+0x1a/0x50 [ 574.917035][ C1] asm_exc_invalid_op+0x1a/0x20 [ 574.921914][ C1] RIP: 0010:nf_send_reset6+0xb3a/0xde0 [ 574.927391][ C1] Code: 00 fc ff df 4c 8b 64 24 18 4c 89 e7 31 f6 e8 8d ff 1c ff e9 67 f6 ff ff e8 43 29 6f f7 31 ff 4c 89 e6 eb b1 e8 37 29 6f f7 90 <0f> 0b 90 e9 2f f8 ff ff e8 29 29 6f f7 90 0f 0b 90 e9 0f f9 ff ff [ 574.947006][ C1] RSP: 0018:ffffc90000a083c0 EFLAGS: 00010246 [ 574.953144][ C1] RAX: ffffffff8a51a599 RBX: 1ffff1100c0fcdb9 RCX: ffff88802f159e00 [ 574.961400][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 574.969444][ C1] RBP: ffffc90000a08568 R08: ffff8880320b7043 R09: 1ffff11006416e08 [ 574.977445][ C1] R10: dffffc0000000000 R11: ffffed1006416e09 R12: ffff8880607e6dc8 [ 574.985426][ C1] R13: ffff888024aa6e01 R14: 0000000000000000 R15: 0000000000000001 [ 574.993411][ C1] ? nf_send_reset6+0xb39/0xde0 [ 574.998285][ C1] ? __pfx_nf_send_reset6+0x10/0x10 [ 575.003494][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.008283][ C1] ? __resched_curr+0x202/0x3e0 [ 575.013145][ C1] ? unwind_next_frame+0xa5/0x2390 [ 575.018271][ C1] nft_reject_inet_eval+0x32e/0x690 [ 575.023497][ C1] nft_do_chain+0x40c/0x1920 [ 575.028118][ C1] ? unwind_next_frame+0xa5/0x2390 [ 575.033254][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.038043][ C1] ? unwind_next_frame+0xa5/0x2390 [ 575.043173][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 575.048206][ C1] ? ipv6_find_hdr+0xc78/0x1050 [ 575.053076][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.057853][ C1] ? lock_release+0x4b/0x3e0 [ 575.062451][ C1] ? is_bpf_text_address+0x292/0x2b0 [ 575.067755][ C1] nft_do_chain_inet+0x25d/0x340 [ 575.072699][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 575.078181][ C1] ? NF_HOOK+0x9a/0x3a0 [ 575.082343][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.087117][ C1] ? lock_acquire+0x5f/0x360 [ 575.091714][ C1] ? ip_sabotage_in+0x57/0x270 [ 575.096494][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 575.101957][ C1] nf_hook_slow+0xc5/0x220 [ 575.106393][ C1] NF_HOOK+0x206/0x3a0 [ 575.110470][ C1] ? skb_orphan+0xaf/0xd0 [ 575.114809][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 575.120015][ C1] ? NF_HOOK+0x9a/0x3a0 [ 575.124180][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 575.128778][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 575.133994][ C1] __netif_receive_skb+0xd3/0x380 [ 575.139035][ C1] ? process_backlog+0x2d5/0x14f0 [ 575.144069][ C1] process_backlog+0x60e/0x14f0 [ 575.148935][ C1] ? __pfx_process_backlog+0x10/0x10 [ 575.154233][ C1] ? net_rx_action+0x51b/0xe30 [ 575.159024][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.163802][ C1] __napi_poll+0xc4/0x360 [ 575.168187][ C1] net_rx_action+0x707/0xe30 [ 575.172797][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.177616][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 575.182744][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 575.189003][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 575.194304][ C1] ? __pfx_sched_clock_cpu+0x10/0x10 [ 575.199601][ C1] handle_softirqs+0x283/0x870 [ 575.204378][ C1] ? do_softirq+0xec/0x180 [ 575.208807][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 575.214114][ C1] ? __dev_queue_xmit+0x27b/0x3b50 [ 575.219235][ C1] do_softirq+0xec/0x180 [ 575.223496][ C1] [ 575.226430][ C1] [ 575.229361][ C1] ? __pfx_do_softirq+0x10/0x10 [ 575.234220][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.239020][ C1] __local_bh_enable_ip+0x17d/0x1c0 [ 575.244227][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 575.249955][ C1] ? __dev_queue_xmit+0x27b/0x3b50 [ 575.255099][ C1] ? lock_release+0x4b/0x3e0 [ 575.259697][ C1] ? __dev_queue_xmit+0x27b/0x3b50 [ 575.264812][ C1] ? __dev_queue_xmit+0x27b/0x3b50 [ 575.269931][ C1] __dev_queue_xmit+0x1d79/0x3b50 [ 575.274996][ C1] ? __dev_queue_xmit+0x27b/0x3b50 [ 575.280125][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 575.285513][ C1] ? nf_hook+0x9d/0x380 [ 575.289692][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.294464][ C1] ? ip6_xmit+0x107a/0x1840 [ 575.298972][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.303752][ C1] ? ip6_xmit+0x107a/0x1840 [ 575.308270][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.313048][ C1] ? ip6_xmit+0x107a/0x1840 [ 575.317559][ C1] ? ip6_finish_output2+0xf99/0x16a0 [ 575.322860][ C1] ip6_finish_output2+0x11bc/0x16a0 [ 575.328071][ C1] ? ip6_finish_output2+0x701/0x16a0 [ 575.333372][ C1] ? __pfx_ip6_finish_output2+0x10/0x10 [ 575.338937][ C1] ? ip6_mtu+0x7d/0x3f0 [ 575.343102][ C1] ? ip6_finish_output+0x2ef/0x4e0 [ 575.348225][ C1] ip6_xmit+0x107a/0x1840 [ 575.352580][ C1] ? __pfx_ip6_xmit+0x10/0x10 [ 575.357267][ C1] ? inet6_csk_xmit+0x1d4/0x780 [ 575.362134][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.366908][ C1] ? lock_acquire+0x5f/0x360 [ 575.371510][ C1] ? inet6_csk_xmit+0x406/0x780 [ 575.376379][ C1] inet6_csk_xmit+0x4db/0x780 [ 575.381074][ C1] ? inet6_csk_xmit+0x1d4/0x780 [ 575.385938][ C1] ? __pfx_inet6_csk_xmit+0x10/0x10 [ 575.391153][ C1] ? tcp_syn_options+0x5a4/0xaa0 [ 575.396105][ C1] ? csum_ipv6_magic+0x1ea/0x2f0 [ 575.401060][ C1] ? __pfx_inet6_csk_xmit+0x10/0x10 [ 575.406278][ C1] __tcp_transmit_skb+0x1db8/0x3680 [ 575.411490][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.416278][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.421055][ C1] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 575.426616][ C1] ? __asan_memset+0x22/0x50 [ 575.431221][ C1] ? tcp_rbtree_insert+0x11e/0x170 [ 575.436345][ C1] ? tcp_connect+0x1e69/0x4ef0 [ 575.441127][ C1] tcp_connect+0x1f76/0x4ef0 [ 575.445753][ C1] ? __pfx_tcp_connect+0x10/0x10 [ 575.450708][ C1] ? __asan_memset+0x22/0x50 [ 575.455311][ C1] ? __pfx_tcp_fastopen_defer_connect+0x10/0x10 [ 575.461574][ C1] ? inet6_hash_connect+0xd8/0x170 [ 575.466707][ C1] tcp_v6_connect+0x11f7/0x1870 [ 575.471569][ C1] ? __pfx_tcp_v6_connect+0x10/0x10 [ 575.476780][ C1] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 575.482170][ C1] ? __pfx___might_resched+0x10/0x10 [ 575.487470][ C1] __inet_stream_connect+0x2ab/0xe80 [ 575.492771][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.497542][ C1] ? __pfx___inet_stream_connect+0x10/0x10 [ 575.503355][ C1] ? inet_stream_connect+0x51/0xa0 [ 575.508476][ C1] ? __local_bh_enable_ip+0x12d/0x1c0 [ 575.513954][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 575.519692][ C1] inet_stream_connect+0x66/0xa0 [ 575.524640][ C1] __sys_connect+0x316/0x440 [ 575.529249][ C1] ? __pfx___sys_connect+0x10/0x10 [ 575.534373][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.539167][ C1] __x64_sys_connect+0x7a/0x90 [ 575.543964][ C1] do_syscall_64+0xfa/0xfa0 [ 575.548511][ C1] ? rcu_is_watching+0x15/0xb0 [ 575.553284][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.559359][ C1] ? clear_bhb_loop+0x60/0xb0 [ 575.564046][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.569944][ C1] RIP: 0033:0x7f58bcd8ebe9 [ 575.574370][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.593988][ C1] RSP: 002b:00007f58bdb58038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 575.602416][ C1] RAX: ffffffffffffffda RBX: 00007f58bcfb5fa0 RCX: 00007f58bcd8ebe9 [ 575.610399][ C1] RDX: 000000000000001c RSI: 0000200000000200 RDI: 0000000000000004 [ 575.618384][ C1] RBP: 00007f58bce11e19 R08: 0000000000000000 R09: 0000000000000000 [ 575.626381][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 575.634360][ C1] R13: 00007f58bcfb6038 R14: 00007f58bcfb5fa0 R15: 00007ffe7cfd2678 [ 575.642357][ C1] [ 575.645664][ C1] Kernel Offset: disabled [ 575.650024][ C1] Rebooting in 86400 seconds..