last executing test programs: 7.777949479s ago: executing program 4 (id=617): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = userfaultfd(0x80001) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x2}, 0x20) ioctl$UFFDIO_COPY(r2, 0xc028aa05, 0x0) move_pages(0x0, 0x1, &(0x7f0000000180)=[&(0x7f0000002000/0x2000)=nil], 0x0, 0x0, 0x2) r4 = syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(r1, r0, &(0x7f000001f000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000000)="b842068ec80f79c666b9800000c00f326635008000000f30658b9299ebf000bfaa80260fc731baf80c66efbafc0c66b8f5ee91dd66efbaf80c66b8c076cd8066efbafc0c66b80000000066ef0f22666466f30f09", 0x54}], 0x1, 0x41, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 6.394219704s ago: executing program 0 (id=629): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r1, &(0x7f0000000500)="0be515c7a2555b0798693d6f8bf379d27f14d0e5e2ef83b9bf932f6d6328ce62c087c43316b934d0626ac8679f4911ac29f3898708970000000000000001145875296eac016f90879f235b5b037239f1dc0485bcff11c3909fff26666f2bc0a9ec7b86a34285afb97f53556fd33d9f53fbe2cf06fa91cffff9a6a88b9aed74aabbb3473b19c066e7b77ae3bf72222b910a0cad4f89c3209043", 0x99, 0x400c085, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000d40)=[@window={0x3, 0x6, 0x7}, @mss={0x2, 0xd900}, @sack_perm, @sack_perm, @timestamp, @sack_perm, @sack_perm, @mss={0x2, 0x3}], 0x8) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) timer_create(0x2, 0x0, 0x0) read$char_usb(0xffffffffffffffff, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 6.087480279s ago: executing program 0 (id=630): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x13ec, 0x6, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xff, 0x0, 0x1, "", [{{0x9, 0x4, 0x0, 0xb, 0x2, 0x3, 0x1, 0x1, 0x7, {0x9, 0x21, 0xff7f, 0x77, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x3, 0x5b, 0x2}}}}}]}}]}}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)={0x0, 0x22, 0x2, {0x2, 0x23}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 5.912171573s ago: executing program 3 (id=631): r0 = syz_usb_connect$uac2(0x5, 0x83, &(0x7f0000000400)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x582, 0x25, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x71, 0x3, 0x1, 0xf8, 0x10, 0x5, {0x8, 0xb, 0x2, 0x0, 0x1, 0x5, 0x20, 0x8}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0xfffd, 0xa, 0x11, 0x47}, [@source_unit={0x8, 0x24, 0xa, 0x0, 0x0, 0xb, 0x7f}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x2, 0x4, 0xd8, {0x8, 0x25, 0x1, 0x2, 0x30, 0xcc}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0xd, 0x7, 0x0, {0x8, 0x25, 0x1, 0x1, 0xf, 0x4, 0x10}}}}}}}}]}}, 0x0) syz_usb_control_io$uac2(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io$uac2(r0, 0x0, 0x0) syz_usb_control_io$uac2(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 4.232772509s ago: executing program 4 (id=638): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) 4.160688872s ago: executing program 0 (id=639): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x324, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xd0, 0x5, "", [{{0x9, 0x4, 0x0, 0xa, 0xc, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xb, 0x0, 0x1, {0x22, 0x29}}, {{{0x9, 0x5, 0x81, 0x3, 0xba7, 0xd, 0xfc, 0x1}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.069670695s ago: executing program 1 (id=640): symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}]}) chdir(&(0x7f00000003c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x0) 3.976683464s ago: executing program 4 (id=641): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, 0x0) 3.736926383s ago: executing program 3 (id=642): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x2, 0x4, 0x8, 0xf}, 0x50) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500)={r1}, 0x4) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffbfffff01"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x19, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r2, r0}, 0xc) 3.540309607s ago: executing program 3 (id=643): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000240)=@gcm_256={{0x303, 0x36}, "1a88ef816c4b42ed", "a5fdebd3e9fb434d1665e9048b01e49419567b443803cf578f00", "6d02cd81", "066580001e00"}, 0x38) writev(r0, &(0x7f00000001c0)=[{&(0x7f00000005c0)='h', 0x1}], 0x1) 3.537883552s ago: executing program 1 (id=644): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r2, &(0x7f00000001c0)='\\', 0x1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000200)=0xfe) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000009280)={0xfffffffffffffff7, 0x0}) readv(r0, &(0x7f0000000700)=[{&(0x7f0000000100)=""/76, 0x4c}], 0x1) 3.422010341s ago: executing program 4 (id=645): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) r0 = socket(0x8, 0x0, 0x8000) unshare(0x22020400) bind$netlink(r0, &(0x7f0000000680)={0x10, 0x0, 0x25dfdbfc, 0x800000}, 0xc) 2.734653789s ago: executing program 2 (id=646): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(0x0, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x60e03, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)) r0 = open(&(0x7f0000000300)='.\x00', 0x20000, 0x0) lseek(r0, 0xfffffffffffffffa, 0x0) 2.631738658s ago: executing program 3 (id=647): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0xbc) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x8, 0xffffffffd24b2432, 0x83, 0xffff, 0x0, 0xabe6, 0x0, 0x0, 0x80, 0x8001}}, 0x50) syz_fuse_handle_req(r0, &(0x7f000000a340)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x1, {0x0, 0x28}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) syz_fuse_handle_req(r0, &(0x7f0000006340)="48bb868f146fd98b843d9c4777283a34ee3bc9233fe6732a9de75da653d6db5e546c36bf7c5e27d5e88490f0899332e7ef67fc3d8672b0e7fdeb3315de1aa6ddae54f6908453c3138b2af2b8f8c1c7ea7576051b4afa3b019d30c7b15fd201752ee33bcb6447d32579d45afeffa22397e9b7cd6c6af7a7f5d7a2b8c0a337315e3933e8356e06c900625da1decdebcc8c6ec831ab15ead64c22bd238a974e1bfadddee8b01ed5c7a7dd860bbb00f3276ad22ec944c386dc9044bae18c93359a16a6459847b6322f9f62943dfbe0f81c7b6299a99954d3a157e7e09a4b011eff6d1fd048f9cdfe51683850100b4cc37453bca75aaaddac7bbeec08a8aa082835ec17798f27beca19a4a02da63247ef063da9d9afbec62c8b5b5bca90308c354e886b95d3514fa513f621ddc8946bebc9d94633d2207a183d2009e205d0e976d39b893a4adc676ce8b9d72d366f5fe0d2dccd92b14caad8c69af389192ec311178f92a5cbca60e52e44d544a616aae2d39f624630ebddb3bd86ec3d7fdfaa1233da4749e3dfa63bbb2280f52d68d504da9c6a17890044fd87455de93090bf77c445a421960eaf931be8fdb1a755740b081aeae604cd281fbfe7a8d16dabdbbed10e8e28224ca5b0dd50456423c608cca47d066c306b72b3b7d2990028ba213867b4f950e57e12050e8d850b57cb1bf7ea8ee0292db3e1b0447b3c67a79ee0cc434158d15c7357e2d8ae6714fac16a4ae08fd9265cbc73692ffc3acd57f33bf542cceb061574bb7f349a4506a70ade4e39b3232d5302aab051898c1b0498f721a0d48376770474150fcdfe332adb368dc076e09ab97153fa176783626f69a928801a985322c6bc83634bd790d19157fe4506ca5cc90ab1d40fcc2b32ebf9ed8541270c9905ad4a0489a50a7d2e0973dcf9224144876a525722b90eb40a0b827ce189f061a80e54081113704fa22951876239bbaa3ce008eb95b918c5630628768037fe26b16815fc4439bc02d06c4dff56bac55b948d434ca5b5f2fd24c7fd3a2bddb0efa29f723bb31a303bdef6a5edc5d57c2afcfb68e852314aa995ee1a37f2c76cc9d94c88a95722014723a8910737166f211520fa33721c6849a08ef7046187d5726e12eea208919178c837eb5870a465959f69475cd71b7adf51a929ddbc58836b262101fc198ada9d27505c6b755d7cde2155b1efd4fcd5a7de32036b7ad7ef70c2783b6c9fb7952a94b758af6629f44712e8f347dfbf1568c05dc7a586b19c9ead19b0c5ca31aaf4c756e5b65e885bdeb97fc687259287104d187f4678825d8c20eed73b10fae644236aeb5558af1ca1ad52e61aa2059c8a7e653a6916f4df86759dc5372f6bfebedb0de9fb16e37d2f128f1bd28231773ce27a7f80da9d04a93b3ac8fe6f26aa1f66facbd8d695f53aefe69cf980110461cb9e6e69336af71238ac8e84d150e3f2fe0af92251ddad7197026c489000f36ef2ff666315c53e926ebbd0d783b7808c10a95a9b8267f406dde0c6a675a292b932ea70520c69f44b13b16e56ea5d26d1ab6da1146c9c82b11f08d1467755f1813c071d9fadcd2ed9517837899e3b10d069487de4fb53fe4b2c35e16b69da84ed1dcfac9a7c513009bccd6827e124c5bd739eac0058aadeefa058ca014e574cae8cbe78858be2fed3e32e95d55524c6b1eb84a540bd591d17fd74e9eea2945c56aecc926b6ff0033e686ad64a657a956d1bd564806fe151a9912771d5035b9eeab8c8922b23227d83dc5c94a5788daea545565778a31be18b138d91ebb77ddab52be876ad61c7f79d4843efae0cf060a68a1c25d0a3ee1434f34197243ee91546f927807a5950035fdaacffb1814d03c4db3fffbc1ddb20d220b108768d75b5a5540de38578325696a5501c79c1a5dd71b0d8d736288893f0467b9ac1873506bbc0c5a494dcd8665cfda8b12968789c1529ce0e54b61cee44f94baca9a60785b05e604dde6bd0c66c5e1bd8eafcfa534d2509281d3ee2e7cf73032a3f425c0317679d7c6858dc160510a254e38c29f573ffe829ede308c12028941e69d22acba4e4efef1f18adc9df8f39e088a537bef10e067cf995643815265bb1b5097be356cbe27aeb310c7ffec241ec3c06ad4f65419d7ff1b37e003603a3e4b938ff9dfbbdc59ccffb01a8027aeac8a2e59ec2fe20173dcf5d7e69a5ef2f5e92b3a97adf0cc5863cc5837589d1b978c78f3ca8f053e223975ed78015eff67e81e2f889e53f5ac0d95a21855c0de8b0789d38951ba020e6b91b6e6c467d42499c8bc506a90f1e420aa0209bcc9dd5ff6c116b2705c5bae8f6718a4afd5e69f142295ce78f149031241af5af5d00c9232f6126939559b9fccf4560d6a44d24c14d8d8eb48537955c3487322dfa81e159149d682eaf8408b1e805da8d350de2e8cc397eaa317a1c88d6ba12e113995f1ebca5e2fb34ec61d3eb7316f8f51471a44a632a24dcc1bba0f84bc66df4e28f8293d9ce3956f577e2d39510fb20578d433b93525cdb23b9230bd3b251e465987939defeb1888063055a281819a57663d96b3742f570cab383adc060bdd10fc579c40d481796b47145f61e162c06b0428e7c222d2761b9e50d46b9db5a5d72839bf60f909ece3b96d364f53cad99e99fd368f578edc10317ce4780120bb58a6cf0568deb6c90c635efe5f9b4548f0d34fa3d5626b1202c4634424774ea24a95d1a728f2c20c3cf134d4fff3ac7cf0e0940b1a517cce8a33c3f74029cf67cf4699e83f36b00645d0fcb85bc1b2374751ca3e149a424ee75299c8ec16b378adebf0b5044d693d40089713ef3a957da5e4509c4c42b935a953a3f3fbb39835711ec5ca144b67849e5e9d8deda3295e0f80dcfc4f0dde6a0f472df3bafab160cc3ab71d06489c55bc44ca6071395d27a7983024b64a9a296786f831e07f2f7a9df56eb7ea2f534047647ac1911f975e42cc17b823ff09fe2782f5c77029d15ef489d7f942a729268ff39d6c1c5ba125d00573dd3f6ac8c5c94d866ce669d3e2884b242b907b7760dd841e62bc6eab7fbe4e8ffa3ff08ca79564c72b4686e3e264985fc8a7afe1705034fdd9319c78ad91a28dffc6b18125f1e8feca8718596d5b8bf81dde93b336c0889f65ae36fe374be3d062948f9141082a01a6ca558e7c0497588b44d71a9eaa95d1f0d180b6895f4cf0134ad2c65a76531ad8b33a20657a482756beb58c0ec139109859f92ded17bd33aea30f93bb0df421e6011082c16c251216c2d1e8c6aa9a55ae4163de124eeab77aa4e0fba40784c23611af4a86bd99740a72d5fde8ff74b5bf63500e80c1b84a14ea9c7d2f6bf1740f7df7eed5873ae5454517947945a5a03f188fdbe6c7c8cd812e7864eb6212344aa73179e77f679901bd1a7350cbf99338fe77f43b48b5d1d79fcfd2841c05beea68b83bbc6c05dad0cec169e7fea9b4290cb9575ef69d8011eb8a160d1eb1196976e7324fd5cb51fee8d09e74ef6f1f4e2e41e1e80748c287655d6fc3783d6d1776dee246de0ae949415b58ada4672851320fae7f4f544b3dedaff91d631de9f6682023012f30e419061cdf034bbb380adc6fb721561e4331b82b740642953060c22960fd23a1a562d55305d99bfabc7da7b357ca23265336b10510d019346341c504dc8bfe3f9fcbc81e1e4bbc9ea8b160b71ce07b1e35c05d3c0ba73ca378b1730b957f9f97725e6052111b8e098f61b29745fe6654272443137193b063996b39c9e0a8118ed5c3d9bace21202c82a573f459117fbf8c4f5c5743ead7c43b83a81df28220b77dcc06e31019e886d75ff9f0168e7873bdfedfc8bf917af4612452ee184bd8ce86d2b914b0a5f0ac1d25b5180d124549a88159b1a667b265dc05a7f2346a232b6452f2ecbe4d4786a01976124e90956df52939ce02fe027b827ee825f20307af2ce2eddf20495250f71b82d0ddb4a3ad30bada9742d0ec4a85bf1325dd12ad5e2c21d56b52448ed1fade97b050acd1041439f276940e039da176c3262f6c618ba1980ddba3bb65eb3534c28b8e2bc8ee42ea9e9e68949ed7676bfb912c97289264f475d93adce05d3bd2ba90f8ad3cc346155df40d1f1fafef80723558b213887af9f63bda2c3e1611eacf07dc2f82d9098aa4c56ed5b5e252a444ce7b16baf3ca0f255a30435f9d839ed3b69ec43a6acc685884127c0b6c964547e8d59db96dc903166441f5372b2389a42ec4d004965fb54b2df012b824e6c4573f0f8c79de5b65abdd027261559eca7dac2d7d2ff4f30422d560da53066118d1b1debaa6603ec3eaa3b5f197c6a49f283f74e8a097b1186d03dc3efa6bca6e02c520a38ff59c198b791c22300b88a401050de45b6fd5917f353eca81fbe971ad7a072eb7ca4d55954b2448652bfee38671a57ec0bcb99f47f6f906d94fe1ad64e58cad6cad0759077d91b45fd6d233dbb2b282a57bd41d1ff9df7d6210be0dfc2b8e1c5ed2361b7863cda919dc1d8743da0f8bd876bf3bff171bf3609157e6ef9b83ca6f1294c198c3112b645ea3c36b61aef624e0b4173b30f17ce6d84ef6aa69362e5bbcc92cba799f90758ace48dc8dd74bf1e0821c168807f268c0865d5394c6e66eea5a2970194f104f4ada6ac8b0408f4c062da7bcefb7ea469cd946e8602e5e349db109f732ef59512a566b08e840473e646f0e8c9a3520e608faf77d308b4db7276a7a2d1da9dcdb17818f761fd765ed2886f5cb21d0ce880c0130a6357f210fcfc2d87e3d82865122156f93fc1a9c8cbce38723984936c3f79ae7097884bd1ded9fa76e78404b57c06b748e32aa305a9d57d1f04a4e8dfed585f569b8c56fd0c19da988723e6e5f6cff55be5cc86f20631c28921c61d146cb42e0bd734671078a1ecd0792d281de95d62a627dc75cb8b20d33600167bff2dbca9f5487f8d79899d539e0760dd1da22bb0987930662f191d22710c798bf40651b408e354ffac46cda8857f0a436187abb45552fc459bf68750efedeef0502a1ef2f2943d6fb7306154301fd331777ca3bbcfd772468c8f0f6198e09aeeac5f77fae43ee85f9b507677572ce9f6c4c0982af2642108fe406dca5981d206201c1ebe8be759c5144389e22c2dda4422426d68edcc3b29f2602c3e5adef07d58cb23ae72162b6b10ccb70de2ae989d0fd6886c3268e612544def60cab3aa74ab7222e6e49aed63a35e6b6e34b0c6c8e898789870a679d20dfb6631ceeb74cb06a48deacdfb57b80296dc8a173b654d70d45bed95252e2072dc11966c3f099abd1c0433b1fff2b2409b01b04a101b5b786d50f9642171a9e537cb6f523cff37ff28820b72515bf654527bd4a8aee60b28b5dfc5f1a9dc118618398d9af73e404d77051aad0e8fa336c443a0dc21ffa4363a6654a80d839fbec371d4084036a19ffc6b0d61623a58025822da0832daa247584405c3c1b3a77ea37238e0d7ac1083cd256d633ed287f7a4e304ccee72d7facdc2ca4a8ff04d85761e04b128ab7eadefd7dbeef0b21e72cd70cbb289d4868ffe32d43df61a9f5156bda0d78600a7fe9e85ff403a1dc184caf49131a5517825248a1947e1104c362bcec82152bdae49a8ac82fcc8998acf0929ee14a613d9de27fa86298ea52084d1cf4ec39bced28ce982cc841d7000ff4cd6887df044bf16c4d44c17dba2f75c151820b4eff8fb49d0cca694f1776fb6fe1163f77622e42ece1edef03fd84dfd861405f56ecbfb77dce4ea9c2611ec8a27050a07c7205c2aaad9ac428a835b2e569879a0f39cfed1f2e35c9d279afc285b1610dc691d5344caac048792c96a721f7b94e681bdcea8990c4de817c15fee4b4cf7b8eb1b0e982f817bc060836d7e7ef4d3f2badec20119bfb45e87fea77ee6cb4f23855a23fa50aaa7b261373eae822e09ac4c7780e506f816132556b5efc8ce14cdc07cc56897c9776361431b01f2954d1304ab719443e21501a1a62590bf0efbf5fb96dff1b610994f37f18beafc4884cd05246ca502d66d9d55fab5ed3cdfb2fc5c39dea81456b4346b2fc44defaca13c2764ef3138aab8e6053e4556c7844dd07ab7e094c1693d4d0ec3846b1c30e04f6b422888bcb8ebd947f7dbe4d9112c405bbc3bcfd2ca7910cb4783c89bbe714a1161de792fde8aab343cc3f62f06e289bc4e146c22ec487d0fd18033f4cb694cdba01c7cc7d51f56e2881ebceef32343cd8ce584885ffef6c428477828d8e7eff72c68859e4a2f8a5003ba32c11fd1f4f25e14fc676e68c1e227bc6bf0bbd38f5a27f920655e0c0aedba3997d15c373b86efbfd92a0bbcd8c6cdd4596101aeec7ad1ff928e042cb636e93abfe5f7613b85dba53e560e2da4f1ee2c9bafc3c023a17a44cfc891ff8a015664595bc7fa0da18cb46bd8d61464b8f44b0baaddb638fd04377c2d1396ee512cb48f4181dd468d9f8a13bb52f199f7517471248fa5a08d29008940436605e698928e940b4487634520508343e17a7e687cadb328d5c70f2d4825529e4f9781cb46cf9f243b628ed078a24d7bf5664d2c99d90f50bad281b897e538c98139f57e887e4557c2df6fc0cfea9ba5c55e2e3086a4d1f3e9920fc804c26872fc2508b1b36f7d32e0ae0f5357135e4a8cb90eab3111ca3bc0c490f13006e0c30b8f5cde50188100973cacae6bc4cd6ae69fd3572c58126543b8f8549858e677f4d39926bb20a659b99a0888692f140ac58d3aa368b9b4b8ea1b1a48ddbefe0b6db4a3996d1367fee7457dc574947a704461c14004e788647447852271ba64eeea39ba6ee414dabfaa77b4c36cce45a577f8316c2ea7248f94e2f2fe33cef5d15492401de2347f1f85a1366d1ab79ada939df772838ed619d84aabcfeb2226f1e037743355b88c65253100edd65c7b07d3bac74619357b416062c77d02b04c0562fba59382605d5d20358a624c584e76168ffc79e9a5ae26a62e2198498ba3867e0d5609145fb6fe34454e4a98d68ce183c76c8b794e2dee7cf110edcd86f1e9f6c1f6d1a26118adc47c13a45d53f328411a61dc1244e3ea4d73ddc92b329aecc0c828f2141b4c36a81044ddd820b8e56eb9fce19ee3f88e48b0c6700d077944941590f4d629d886acdc7a2e45442c66cd4fdb60045dce3b8d416c77e5daf3867a321bfad8d544bfa0fa3644fc9cc620c7b0078fc7451589ab2548b456fbd3725baee16c2c139f85cb1abd973d8add237546816db891f74043271b7a3ce3489a6495f35ccbdf56d1267ad65f3bc3f93a55982bbf3fff95429d2236386a037012f624e67cd65ab65987ed025290be033e9e5a4d1a04a7f003fdae5e8bec8d9cb47bfd288f087eb0f3ad097342e8ccce8500fd75d2b6c7888bc543729670ea75db790593b25b197369510ac1898f1a01e74f44ed90abb1b1d37f4635aa89961c74623699e95b579ba6cabc33acb4c6d75f4aeef8ae97e60e35c8b7d948a04193b40a766aaf511b16d83c57041d836c5105fea2c1c206a064984a3cceab35260838f62a2e2b78865d66773af0d83bb244d9264e894852eb3b8777984fcf9de213bbf461d6c2af6e9fce23b3adb1e36a0598ff95524925e1cb89a1e5639a563b964ad719e0ee80208fdf85c1ed900fb6538dfb25d5f8435344ca18ac9c481aa0b1e374100610d319bf40b952e6a206b0a9e80a28911423faea4b3b7aeb3620868f58d0df772f4e84c676a4341b784286673052736fab1dde97883e58d95e640fbeafbc7431cb8b422dadbdc63149f3ecf14895404cace8d75ad3cb1987c43adb1f64e2f4d76ff0090ed20809a98203d80c33045eb0828e0a7e42d4eb547d38574c566da1f80d0e4de4427a1602711f2d23177c7602e4fe7e0a92c94d45d1a3755547c6f57463231e4e29155ee12bfe284f49535707406f5c71aada55031b0ad69f05a24e409e639e21e498bc7628f055c78175f04274a6a8fce77fe924bbb85daf99ae908a2873fd6778661b14a8df83a2639ab379e44b4e5b1c20f238d26b023dcebf1720aecd8712e4c54ff099e4e1c179947c9fce56e9a26a6501073c9ed9230496ec94be28c380b665f91129c1fea9059e524c30c045c40a9dc0af585c8b21cbc546cf3a8a73b0be0214b815225e4a1347e83471cb2184cbd0f3fe9b4d63fee76d7cbc22079f31e2c0ce6b18823d1abebe300edb16e10d0c806694950fa08d88312ceeb8013ffe2b4c472d3c4906dd4d54e374aed496d8aa86edad735c94089c1c0f285dfe71e75b9d8bd7d4eba55ca58bb3852014d5f1cd704a086bc21a9cb180ec4163980b023b670e02b8e1e235e9f39bfcd88472d4ea9b72041669830ad1f7e09f9390bc81393f8307a8280a62ad3b6f5290c9d896b2b535c649cfe8bc988ec9def26ba9b5d35611ca7485b0dc631c495f7299080e897c141e8e7bf89db5da6a3e4f3df5b7c51e13b3eaa7a372239ae836ba9ff34d229cc89468645748811e7e41cc504f2549cb8a50bf0fb0181cf19b3e128ece3ec86a9f5dd2b5d441be244ef8088b8a623e1db696044bf64c090ffe91e01cf2ea6c5cac048c9e1295eb9d365f5c5fdd57b2409cdfd71c76d0e0fba0d80b9799c73c8426a6924b08b699c286aefff102439570b736a05f4ddd9edd68bc11355844b374255011b00b0a3f996323752923a7fad719cc0c44cf4ea010306fcf6e164dd626bb8b3a102e39a38beba80a2569b54f009ee424438c9a8647fac49d129a4e4b878455ab1d7d5229a2b0d276af1702ab109661c5711e320ff0950a4e4fdc548f285a2cd54b24b57eb25ce7c311bbeca745f23d0fe4427912a51ddfe4f73adc36af42cf6b47563c20b32411a9b8066cb33eb07174eb07bbe33498638c1bab6c453c045dbbc24d7ed73411490c99a0b303185b3841b3764dd53bc31c4ef12df5c83f24f334de6ffae2f5a4bcb9a49da850666ed5c58a4817343dea6620a224e7f572f0f43c623d429526cbdb627f4757ca513c3bc8f0951bfd81f6f77a2176cd14896e5283045e354a1b998ac4b0663b0582e03dd24fcac9c96fa83e3a57372f28616caedcacd2577fcdfee8710e6c429a1e54f8d541ed7c8d86ff9a7ca0fe133b3cae1240b94c29b7967057c30efaf6ebd65e5941507a22dedd27d0e74ba1e572f6190223e00ed0b2fc31f8a2595217bb9d2a130eb8800ea819ae346c35e6a588194a09a792ef1471f244b06fa178741cbab7eaf776aa03789005b5da824eb921e905f9415ca8a049ac128bcf36d17fc2560779e36c9eb19a219384e215a82a2f1837eab439502c284079125944a8f313dbf20f9ad7509295cb2b5e5cadf1c04419fbd73a1dd3c936b37eb7b770c76eb37fc3af04ec7a59333065dd6931be10c26aae0ff19c32543f4b7aff830483b4eaca1f739e7950674549ac7aa7b69bd398b2866cdce4e5b567ffcf059e18aee970c54043ca527cb35320a50a800ad6a9c6c0c5e744ddf7873e1435fe8c7fe49484f2734e718e96eb062052818d1c53ad6b1126700a4c5ab9bc41009dfa0bf39cbc8bc32547f22eafe1e26c0166b9a7293e772865233cf1249994c1b85ad5ea35a627fd6e4d332d755b6bb7e2c309efc3fba110620875c8d3a629637c65f184fac9b84aca6b5f8fb790deb661daab8b60a71d83ddc408211d63f70857969e025070225646cff7b363d145205e099421dfa356aa5e57f1147145badcd5166219a4fef48b6fc342d8b6fdce170bd263dc0daab7dd7f71516b528d457971770ae4c2281da2f0c368ea07900368c9f0b0fa4bf40fbe53520d74335ce906661e455feb3906874cf724fc19f35166efa8c200a35c61ba7ca5079512d91efb088ac761a0fb03fb8ed7daf8f508340caf20024cf81df245f752d0c4e1079fab1632f357582f4b4ef9bfd416232964803bf4313b1cfd283a9fd1194aae7cdfcbdd10d3fc41479370fea611b87faa982f3e5959e9267254393e279a5ce50bccc37af0bdffdb9a5afa51b28297a6b0cdf94ac707d6f6f0e2ba6daa7a3041b4c2d659ba2cc346fed23091954516c936112c758d7c438a69bb2cfdd9be0b255516f58f0082083d9a5a41a2d401f58d014b6fb657641c3a8d03eecccc6be22163105ae642a4e29f64b131c0eb0f02067321ca5c861f3414da5f085729149412480a16c20d99a40d27e71e592ba2a009fe884762130f05a30434dec26acaee32cd72081d5f6f30b3231f10be692061c8423efc653948d7240aa912ed2b0a2f384083348fb4a3b737c33c66e471a337092bb31a53cdcdc6ef0ab6b82adea48a7d23f86a1f53a31aabe13d6c04f24dcc9dcf21ea4be7e67cc3010d7ab5db9e98f694e097bbbd3ded6d19e5a3abccbe8562055d4d5096446b6becc0ca049e0d3c54e8b16bf356bba39381b307015fd929112420c43d13625501be273854ce8769b05ef8ca874a78b1e9b2672a7930063367900df8b899ef4503deaabc49179dd59bb664c7d5a8dc5ee5f3d8cd5a2c5b22730019723491cd048abce88ef5c90c2c65fe7c7960fa8870a53630a5d74edd776557686820562e794863d246764a4014e5c4da5d5ec52db4049890a4a1044281eb01e47ddb813b7ddb6b019f810fd573ef0ebcb0736f1e0a0041ad9ad5551511bf3ca94c2440aeefac468190b8f2e6d694f2311a39982cb800f69203af4fdabe7ecf89e712e15347760c9bba120c875fa6bcca2a7413498778c6fd9b5290d493a12ba090b7be09360b605edcf67c91a08c02b1747f43ee9c9ab63bba89d9b43166b968ed602591d7a0bcbc53d81ba987a6f1f0fed4100fa39d952f25de66860714498d3624e0349e233eeca651138dec3f335487e87699cbdf5ed9fc6fccaf448669b0af8fdc7fd24fc8ad4578d55c9dd736d6732d615414035ced79243bdfd663772af106dc3e13da60622d7e965a02cd7b4df868a25e6b13a3a4741a7840cd15313491b5c2e1684207875c710ce764e4fc5bcac07f63dae28d9cc28a9112dbe711d8193693a432e45f4a05c3eaea275ac9526b59bee5bb169365dabb5b92efd41d3a942e499ed0bd35d4556e7a3d0d8bf0d7a7468212076a961d5a24326e50a2e5b83063bceb6d9222d9ebc65cbf0cd324602f445b7541f948c7434e99b49acb401d04424c0adea7516e66992d6432555e23874003403db8de28c04526e84756c8db3ce6bb8dd2a5aa10e4017dff7d9bf5e149f462cea2b709e198731099f0f29d81a51e2de104b8a028dd9a7d09032c38d4a4054b7f125403cfafa551ff6dc2f8fa14868fb756d32b954248aca490355b42b23c7f8e27c5428adc5e85c9c293da73069158e8624abe5fee8bb84ddb847af9093a9221c75b1ad5e288cd2f5a64fe6e905c8d84ed97ca1c928b97be78d9648b3913be03496915052153a0614f7fc23272c187372d1fe8d9db25fb6f78b4af7b985a5bfda2684ed97659b0fb290e6f6eb32882ffee726c359f6af9a65e5e5f952ba082c6ebaf40bcaf40db6e7f497d71846ff34a21877bd87f353470498dfd5b569d6e050ad53a551db673ece301df463569944ab74a54983acdcc868e0321f24f4f2f430599a3466275d510a0a93b859907fe98d90316e6d81404b026f2a31201e90c", 0x2000, &(0x7f0000000c80)={&(0x7f0000000140)={0x50, 0xffffffffffffffda, 0x1ff, {0x7, 0x2d, 0xfffffffb, 0x0, 0x5, 0x400, 0x8, 0x4, 0x0, 0x0, 0x20, 0x4}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) dup3(r0, r2, 0x6700000000000000) 2.465514777s ago: executing program 2 (id=648): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x800, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r3, 0xffffffffffffffff}) close_range(r0, r1, 0x0) poll(&(0x7f0000000380)=[{r4, 0x10}], 0x1, 0x5) 2.344324746s ago: executing program 0 (id=649): socket$inet(0x2, 0x3, 0x4) syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000b3838108480b0310547b01020301090212000100000000090401"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f00000001c0)=[{0x518, 0x10, 0x3a, &(0x7f00000000c0)="70898e78ebe4c4d2694e03e4e24992d04bea124867a94cd763bdea7d3e4fafabbe4613bbd33975bbc1c1b7739b597cac9055bf769a694ff9eb4a"}], 0x1}) 2.238064811s ago: executing program 2 (id=650): write$char_usb(0xffffffffffffffff, &(0x7f0000000080)="d6f5fbcf8c5f6b1eab996ddbb1a3fa9e7faef2c7e9b975084ebb6f5557284549957db0e43ddd82283e9404df9f48beef3bbdd77a64dd1807932d9fc1530c25d99c0108e15f903702feb5de78597f9aa52ffbbaa5b0228712aba726a32334d84e12920ffc0f4553e561dc7b6570bcaca912b5e63022bbf50cdbee9d0cc9586939fe7d49ccbde680e7e0cd18997741457262cdba41de28c9e3a6e1fe79bd5c5c2459f4f619fc95346792b3f20155bbaaa9a07248026b6159c403bea11fa2b5e85ba3e189f96d08063e2d3fc85078655058cd151e6e60ed04bd487becfe0ec08c6af41bd54fe99c4b94c18fa34940161469afcd05e1c1cd5a98ba5f28d768fcec333f2cb041afc799c8eea8f460e58de122899d699da77dcb9655b52b93be558a36c317426b69e9240d73f87776a10bec23122eeb4dee2bb94c9fed02d69693935ca436bdc62cfb19aa3c7d2be9c561eca2", 0x150) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x48d, 0xce50, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x1, 0x33, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x38d707d343173689, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0) syz_usb_control_io$uac3(0xffffffffffffffff, 0x0, &(0x7f0000000440)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x20, 0x82, 0x3, "90873a"}, &(0x7f0000000300)={0x20, 0x83, 0x1, "d2"}, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f0000000840)={0x44, 0x0, &(0x7f0000000340)={0x0, 0xa, 0x1, 0xc1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.132524543s ago: executing program 1 (id=651): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) request_key(0x0, 0x0, 0x0, 0xfffffffffffffff8) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@wrmsr={0x65, 0x20, {0x40000000, 0x3}}, @wrmsr={0x65, 0x20, {0x40000001, 0x3f}}], 0x40}) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x7, 0x7fffffffffffffff, 0x2, 0x949, 0x9, 0x9, 0x1ff, 0x10, 0x4, 0x8000000000000000, 0x2, 0xffffffffffff986b, 0x3, 0x5, 0xc0000000000, 0x1], 0x0, 0x190980}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.465654608s ago: executing program 3 (id=652): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x123f41, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) write$binfmt_aout(r0, &(0x7f0000000280)=ANY=[], 0xff2e) ioctl$TCFLSH(r0, 0x540b, 0x2) 1.082363408s ago: executing program 1 (id=653): ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000080)={'8255\x00', [0x7, 0x100001, 0xa3d, 0xd, 0x5, 0x1, 0x10001, 0x3, 0x40, 0x6, 0xe8, 0xdf, 0x2, 0x7fff, 0x0, 0x8, 0x5, 0x174, 0x7, 0x0, 0x0, 0x8, 0x0, 0x21, 0x3, 0x400, 0x7, 0x6, 0xa, 0x4, 0xff]}) 841.997818ms ago: executing program 0 (id=654): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000bd6fa0d28e21a144000008000300", @ANYRES32=r2, @ANYBLOB="d50633"], 0x6f4}}, 0x0) 784.192847ms ago: executing program 4 (id=655): r0 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x80) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000000c0)={"ae42ffff", 0xffff, 0x5, 0x4, 0x102, 0x803, "000000ffff20001b10000000000800", '\x00', "05030401", "0200", ['\x00', "6cf8ffff18f0f0ff00000100", "f0ffffffffebffff00000010", "fdffffffa240b82dc44d00"]}) 783.990085ms ago: executing program 1 (id=656): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x336) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r2, 0xffffffffffffffff, 0x100000000000000) 769.227128ms ago: executing program 3 (id=657): r0 = accept$ax25(0xffffffffffffffff, 0x0, 0x0) ioctl$SIOCAX25NOUID(r0, 0x89e3, 0x0) syz_open_dev$dri(0x0, 0x1f, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000005b574e69622bf85eda07b3"], 0x0}, 0x0) r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r2, 0xc018480b, &(0x7f00000000c0)={0x3, 0xffffffff, 0x7f, 0x9, 0x7, 0xf}) 698.392967ms ago: executing program 0 (id=658): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000680)}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0)}}], 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000280)={0x3, 0x0, [{0x885, 0x0, 0x5}, {0xb14, 0x0, 0x8}, {0x401, 0x0, 0x5}]}) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 605.984366ms ago: executing program 4 (id=659): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f00000004c0)="6766c7442400f23700006766c7442402000001006766c744240600000000670f011424b804018ed00f72d5060fc7b70080baf80c66b8680d1e8466efbafc0c66ed66b9800000c00f326635010000000f300f1a880070baf80c66b8849a4e8566efbafc0c66ed0f01cfbad004ec", 0x50}], 0x1, 0x0, 0x0, 0x50) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 474.594901ms ago: executing program 2 (id=660): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x20, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000180000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000180100002020782500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000957500008500000006000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 352.17096ms ago: executing program 2 (id=661): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x18deecdb1de52879, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff) r1 = syz_usb_connect(0x0, 0x1cb, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000040)) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000080)={0x18, 0x0, {0x3, @local, 'geneve0\x00'}}, 0x1e) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f0000000100)=0x1) ioctl$PPPIOCCONNECT(r5, 0x4004743a, &(0x7f0000000380)) read(r3, 0x0, 0x2) close_range(r2, 0xffffffffffffffff, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$sierra_net(r1, 0x0, 0x0) syz_usb_control_io$rtl8150(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) 181.601142ms ago: executing program 1 (id=662): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x30d4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x48, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x7ffd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x5, 0xa, 0x70}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 2 (id=663): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) pipe2$9p(0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$phonet(0x23, 0x2, 0x1) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r1, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): 64_after_hwframe+0x77/0x7f [ 207.470467][ T7017] RIP: 0033:0x7f505a26c819 [ 207.470488][ T7017] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 207.470507][ T7017] RSP: 002b:00007f50584c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.470530][ T7017] RAX: ffffffffffffffda RBX: 00007f505a4e5fa0 RCX: 00007f505a26c819 [ 207.470546][ T7017] RDX: 0000200000000000 RSI: 0000000000008b0f RDI: 0000000000000003 [ 207.470560][ T7017] RBP: 00007f50584c6090 R08: 0000000000000000 R09: 0000000000000000 [ 207.470572][ T7017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.470585][ T7017] R13: 00007f505a4e6038 R14: 00007f505a4e5fa0 R15: 00007ffdd04c61a8 [ 207.470620][ T7017] [ 207.470643][ T7017] ERROR: Out of memory at tomoyo_realpath_from_path. [ 207.570453][ T1244] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.570513][ T1244] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 207.570538][ T1244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.608608][ T5928] usb 5-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.7f [ 207.608640][ T5928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.651247][ T5928] usb 5-1: config 0 descriptor?? [ 207.683212][ T1244] usb 3-1: config 0 descriptor?? [ 207.935214][ T5876] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 207.938062][ T37] audit: type=1326 audit(1775457398.358:2487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7003 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 207.949340][ T37] audit: type=1326 audit(1775457398.358:2488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7003 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 207.955922][ T37] audit: type=1326 audit(1775457398.368:2489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7003 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 207.963221][ T37] audit: type=1326 audit(1775457398.378:2490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7003 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 207.966081][ T37] audit: type=1326 audit(1775457398.378:2491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7003 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 207.968984][ T37] audit: type=1326 audit(1775457398.388:2492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7003 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 207.974796][ T37] audit: type=1326 audit(1775457398.388:2493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7003 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 207.974850][ T37] audit: type=1326 audit(1775457398.388:2494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7003 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 207.980328][ T37] audit: type=1326 audit(1775457398.398:2495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7003 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 208.015183][ T37] audit: type=1326 audit(1775457398.398:2496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7003 comm="syz.4.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 208.130088][ T7005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.141440][ T7005] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.177208][ T7023] netlink: 28 bytes leftover after parsing attributes in process `syz.3.352'. [ 208.187111][ T5876] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 208.187197][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.187219][ T5876] usb 2-1: Product: syz [ 208.187235][ T5876] usb 2-1: Manufacturer: syz [ 208.187250][ T5876] usb 2-1: SerialNumber: syz [ 209.064225][ T1244] ath6kl: Failed to submit usb control message: -110 [ 209.064395][ T1244] ath6kl: unable to send the bmi data to the device: -110 [ 209.064413][ T1244] ath6kl: Unable to send get target info: -110 [ 209.259172][ T1244] ath6kl: Failed to init ath6kl core: -110 [ 209.260954][ T1244] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 211.211630][ T5928] usb 5-1: string descriptor 0 read error: -71 [ 211.212098][ T5928] ldusb 5-1:0.0: Interrupt in endpoint not found [ 211.286911][ T5876] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 211.286985][ T5876] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 211.295751][ T5876] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 211.295809][ T5876] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 211.297214][ T809] usb 3-1: USB disconnect, device number 13 [ 211.425281][ T5876] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 211.431036][ T5928] usb 5-1: USB disconnect, device number 16 [ 211.554354][ T7048] @: renamed from veth0_vlan (while UP) [ 211.557415][ T5876] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 211.665072][ T5876] usb 2-1: USB disconnect, device number 18 [ 212.195119][ T1244] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 212.334764][ T1244] usb 4-1: device descriptor read/64, error -71 [ 212.457387][ T7063] netlink: 28 bytes leftover after parsing attributes in process `syz.4.363'. [ 212.559022][ T7068] FAULT_INJECTION: forcing a failure. [ 212.559022][ T7068] name failslab, interval 1, probability 0, space 0, times 0 [ 212.559058][ T7068] CPU: 0 UID: 0 PID: 7068 Comm: syz.4.366 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 212.559081][ T7068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 212.559093][ T7068] Call Trace: [ 212.559101][ T7068] [ 212.559109][ T7068] dump_stack_lvl+0xe8/0x150 [ 212.559147][ T7068] should_fail_ex+0x46b/0x600 [ 212.559181][ T7068] should_failslab+0xa8/0x100 [ 212.559206][ T7068] __kmalloc_cache_node_noprof+0x8a/0x6c0 [ 212.559229][ T7068] ? __get_vm_area_node+0x171/0x350 [ 212.559264][ T7068] __get_vm_area_node+0x171/0x350 [ 212.559298][ T7068] __vmalloc_node_range_noprof+0x372/0x1730 [ 212.559330][ T7068] ? bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 212.559374][ T7068] ? __lock_acquire+0x6b5/0x2cf0 [ 212.559404][ T7068] ? kernel_text_address+0xa5/0xe0 [ 212.559430][ T7068] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 212.559459][ T7068] ? arch_stack_walk+0xfb/0x150 [ 212.559490][ T7068] ? bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 212.559526][ T7068] __vmalloc_noprof+0xd2/0x120 [ 212.559558][ T7068] ? bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 212.559589][ T7068] bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 212.559623][ T7068] bpf_prog_alloc+0x3c/0x1a0 [ 212.559653][ T7068] bpf_prog_load+0x7ba/0x1ae0 [ 212.559698][ T7068] ? __pfx_bpf_prog_load+0x10/0x10 [ 212.559749][ T7068] ? bpf_lsm_bpf+0x9/0x20 [ 212.559771][ T7068] ? security_bpf+0x7e/0x2d0 [ 212.559799][ T7068] __sys_bpf+0x618/0x950 [ 212.559829][ T7068] ? __pfx___sys_bpf+0x10/0x10 [ 212.559853][ T7068] ? rt_mutex_slowunlock+0x1cb/0x300 [ 212.559903][ T7068] ? ksys_write+0x248/0x270 [ 212.559938][ T7068] ? __pfx_ksys_write+0x10/0x10 [ 212.559973][ T7068] __x64_sys_bpf+0x7c/0x90 [ 212.559999][ T7068] do_syscall_64+0x14d/0xf80 [ 212.560021][ T7068] ? trace_irq_disable+0x3b/0x150 [ 212.560044][ T7068] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.560065][ T7068] ? clear_bhb_loop+0x40/0x90 [ 212.560089][ T7068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.560109][ T7068] RIP: 0033:0x7f165b1ec819 [ 212.560129][ T7068] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 212.560146][ T7068] RSP: 002b:00007f165943e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 212.560169][ T7068] RAX: ffffffffffffffda RBX: 00007f165b465fa0 RCX: 00007f165b1ec819 [ 212.560184][ T7068] RDX: 0000000000000022 RSI: 0000200000000900 RDI: 0000000000000005 [ 212.560196][ T7068] RBP: 00007f165943e090 R08: 0000000000000000 R09: 0000000000000000 [ 212.560208][ T7068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.560221][ T7068] R13: 00007f165b466038 R14: 00007f165b465fa0 R15: 00007ffe67926108 [ 212.560253][ T7068] [ 212.620380][ T1244] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 212.875115][ T809] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 213.049946][ T809] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 213.049985][ T809] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 213.050014][ T809] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 213.050040][ T809] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 213.050067][ T809] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 213.053527][ T809] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 213.053558][ T809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.053580][ T809] usb 2-1: Product: syz [ 213.053595][ T809] usb 2-1: Manufacturer: syz [ 213.053608][ T809] usb 2-1: SerialNumber: syz [ 213.082387][ T1244] usb 4-1: device descriptor read/64, error -71 [ 213.114852][ T809] usb 2-1: config 0 descriptor?? [ 213.121137][ T809] iguanair 2-1:0.0: probe with driver iguanair failed with error -12 [ 213.187038][ T1244] usb usb4-port1: attempt power cycle [ 213.234811][ T5876] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 213.332428][ T5928] usb 2-1: USB disconnect, device number 19 [ 213.405263][ T5876] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 213.405375][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.405396][ T5876] usb 1-1: Product: syz [ 213.405412][ T5876] usb 1-1: Manufacturer: syz [ 213.405426][ T5876] usb 1-1: SerialNumber: syz [ 213.524792][ T1244] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 213.546425][ T1244] usb 4-1: device descriptor read/8, error -71 [ 213.584857][ T7079] FAULT_INJECTION: forcing a failure. [ 213.584857][ T7079] name failslab, interval 1, probability 0, space 0, times 0 [ 213.584900][ T7079] CPU: 1 UID: 0 PID: 7079 Comm: syz.2.369 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 213.584925][ T7079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 213.584938][ T7079] Call Trace: [ 213.584946][ T7079] [ 213.584955][ T7079] dump_stack_lvl+0xe8/0x150 [ 213.584991][ T7079] should_fail_ex+0x46b/0x600 [ 213.585025][ T7079] should_failslab+0xa8/0x100 [ 213.585050][ T7079] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 213.585084][ T7079] ? __alloc_skb+0x1d0/0x7d0 [ 213.585104][ T7079] ? lockdep_hardirqs_on+0x7a/0x110 [ 213.585134][ T7079] __alloc_skb+0x1d0/0x7d0 [ 213.585160][ T7079] netlink_sendmsg+0x5d4/0xb40 [ 213.585210][ T7079] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.585243][ T7079] ? unwind_get_return_address+0x4d/0x90 [ 213.585277][ T7079] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 213.585311][ T7079] ____sys_sendmsg+0x94c/0x9c0 [ 213.585342][ T7079] ? __pfx_____sys_sendmsg+0x10/0x10 [ 213.585375][ T7079] ? import_iovec+0x73/0xa0 [ 213.585401][ T7079] ___sys_sendmsg+0x2a5/0x360 [ 213.585431][ T7079] ? __pfx____sys_sendmsg+0x10/0x10 [ 213.585495][ T7079] ? __fget_files+0x2a/0x420 [ 213.585522][ T7079] ? __fget_files+0x3a6/0x420 [ 213.585561][ T7079] __x64_sys_sendmsg+0x1c3/0x2a0 [ 213.585589][ T7079] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 213.585625][ T7079] ? __pfx_ksys_write+0x10/0x10 [ 213.585671][ T7079] do_syscall_64+0x14d/0xf80 [ 213.585694][ T7079] ? trace_irq_disable+0x3b/0x150 [ 213.585718][ T7079] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.585740][ T7079] ? clear_bhb_loop+0x40/0x90 [ 213.585765][ T7079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.585786][ T7079] RIP: 0033:0x7faa01ffc819 [ 213.585806][ T7079] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 213.585824][ T7079] RSP: 002b:00007faa0024e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 213.585847][ T7079] RAX: ffffffffffffffda RBX: 00007faa02275fa0 RCX: 00007faa01ffc819 [ 213.585862][ T7079] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003 [ 213.585875][ T7079] RBP: 00007faa0024e090 R08: 0000000000000000 R09: 0000000000000000 [ 213.585887][ T7079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 213.585900][ T7079] R13: 00007faa02276038 R14: 00007faa02275fa0 R15: 00007ffd8392d338 [ 213.585933][ T7079] [ 213.845105][ T5928] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 213.974900][ T1244] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 214.000397][ T1244] usb 4-1: device descriptor read/8, error -71 [ 214.032003][ T7084] netlink: 64 bytes leftover after parsing attributes in process `syz.1.372'. [ 214.032026][ T7084] tipc: Invalid UDP bearer configuration [ 214.032072][ T7084] tipc: Enabling of bearer rejected, failed to enable media [ 214.033577][ T5928] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 214.033637][ T5928] usb 5-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 214.033722][ T5928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.106568][ T1244] usb usb4-port1: unable to enumerate USB device [ 214.108416][ T5928] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 214.171918][ T7087] netlink: 28 bytes leftover after parsing attributes in process `syz.1.373'. [ 214.200023][ T5876] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 214.200097][ T5876] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 214.200609][ T5876] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 214.200668][ T5876] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 214.201566][ T5876] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 214.294801][ T5876] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71 [ 214.316395][ T7087] binder: 7086:7087 ioctl c0306201 2000000004c0 returned -14 [ 215.544689][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 216.068758][ T5876] usb 1-1: USB disconnect, device number 23 [ 216.262176][ T7087] binder: 7086:7087 ioctl c0306201 0 returned -14 [ 216.596922][ T5928] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -71 [ 216.596948][ T5928] stv0680 5-1:4.0: STV(e): camera ping failed!! [ 216.597376][ T5928] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 216.597396][ T5928] stv0680 5-1:4.0: last error: 0, command = 0x0 [ 216.616128][ T5928] usb 5-1: USB disconnect, device number 17 [ 217.290440][ T809] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 217.949566][ T809] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 217.949605][ T809] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.958006][ T809] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 217.958036][ T809] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 217.958055][ T809] usb 1-1: Manufacturer: syz [ 217.976215][ T809] usb 1-1: config 0 descriptor?? [ 219.283667][ T809] cougar 0003:060B:700A.0003: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 219.420104][ T1244] usb 1-1: USB disconnect, device number 24 [ 221.502195][ T7124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.502861][ T7124] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.539565][ T7122] fido_id[7122]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 221.984862][ T7131] netlink: 260 bytes leftover after parsing attributes in process `syz.4.377'. [ 222.100121][ T7037] usb 2-1: new low-speed USB device number 20 using dummy_hcd [ 222.355187][ T7037] usb 2-1: device descriptor read/64, error -71 [ 222.604993][ T7137] netlink: 8 bytes leftover after parsing attributes in process `syz.4.386'. [ 222.634802][ T7037] usb 2-1: new low-speed USB device number 21 using dummy_hcd [ 222.634962][ T5876] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 222.765196][ T5876] usb 1-1: device descriptor read/64, error -71 [ 222.765270][ T7037] usb 2-1: device descriptor read/64, error -71 [ 222.846940][ T7145] 9pnet_fd: Insufficient options for proto=fd [ 222.887629][ T7037] usb usb2-port1: attempt power cycle [ 222.904848][ T1244] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 223.024840][ T5876] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 223.033838][ T7147] binder: 7146:7147 ioctl c0306201 2000000004c0 returned -14 [ 223.050656][ T7147] binder: 7146:7147 ioctl c0286415 200000000140 returned -22 [ 223.109073][ T1244] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 223.109150][ T1244] usb 3-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 223.109176][ T1244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.151681][ T1244] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 223.387317][ T7037] usb 2-1: new low-speed USB device number 22 using dummy_hcd [ 223.391386][ T5876] usb 1-1: device descriptor read/64, error -71 [ 223.759880][ T7037] usb 2-1: device descriptor read/8, error -71 [ 223.778773][ T5876] usb usb1-port1: attempt power cycle [ 224.618233][ T7037] usb 2-1: new low-speed USB device number 23 using dummy_hcd [ 224.855126][ T5876] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 224.876003][ T5876] usb 1-1: device descriptor read/8, error -71 [ 225.111487][ T7037] usb 2-1: device descriptor read/8, error -71 [ 225.116352][ T1244] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -110 [ 225.116382][ T1244] stv0680 3-1:4.0: STV(e): camera ping failed!! [ 225.116832][ T1244] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32 [ 225.116852][ T1244] stv0680 3-1:4.0: last error: 0, command = 0x0 [ 225.279994][ T5876] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 225.283926][ T7037] usb usb2-port1: unable to enumerate USB device [ 225.466990][ T5876] usb 1-1: device descriptor read/8, error -71 [ 225.576696][ T5876] usb usb1-port1: unable to enumerate USB device [ 225.684897][ T7037] IPVS: starting estimator thread 0... [ 225.785195][ T7163] IPVS: using max 7 ests per chain, 16800 per kthread [ 225.851109][ T5964] usb 3-1: USB disconnect, device number 14 [ 226.075293][ T7167] netlink: 12 bytes leftover after parsing attributes in process `syz.1.394'. [ 226.162151][ T7169] FAULT_INJECTION: forcing a failure. [ 226.162151][ T7169] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 226.162185][ T7169] CPU: 0 UID: 0 PID: 7169 Comm: syz.0.398 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 226.162206][ T7169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 226.162216][ T7169] Call Trace: [ 226.162223][ T7169] [ 226.162230][ T7169] dump_stack_lvl+0xe8/0x150 [ 226.162264][ T7169] should_fail_ex+0x46b/0x600 [ 226.162294][ T7169] _copy_from_user+0x2d/0xb0 [ 226.162312][ T7169] core_sys_select+0x6ff/0xc30 [ 226.162366][ T7169] ? __pfx_core_sys_select+0x10/0x10 [ 226.162410][ T7169] ? __pfx_set_user_sigmask+0x10/0x10 [ 226.162434][ T7169] ? rt_mutex_slowunlock+0x1cb/0x300 [ 226.162460][ T7169] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 226.162492][ T7169] __se_sys_pselect6+0x267/0x320 [ 226.162518][ T7169] ? __pfx___se_sys_pselect6+0x10/0x10 [ 226.162538][ T7169] ? __pfx_ksys_write+0x10/0x10 [ 226.162568][ T7169] ? __x64_sys_pselect6+0x21/0xf0 [ 226.162591][ T7169] do_syscall_64+0x14d/0xf80 [ 226.162609][ T7169] ? trace_irq_disable+0x3b/0x150 [ 226.162628][ T7169] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.162646][ T7169] ? clear_bhb_loop+0x40/0x90 [ 226.162666][ T7169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.162682][ T7169] RIP: 0033:0x7feae969c819 [ 226.162699][ T7169] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 226.162714][ T7169] RSP: 002b:00007feae78ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 226.162734][ T7169] RAX: ffffffffffffffda RBX: 00007feae9915fa0 RCX: 00007feae969c819 [ 226.162747][ T7169] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000040 [ 226.162758][ T7169] RBP: 00007feae78ee090 R08: 0000000000000000 R09: 0000000000000000 [ 226.162769][ T7169] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001 [ 226.162780][ T7169] R13: 00007feae9916038 R14: 00007feae9915fa0 R15: 00007ffd2dcd48a8 [ 226.162809][ T7169] [ 226.395440][ T7173] FAULT_INJECTION: forcing a failure. [ 226.395440][ T7173] name failslab, interval 1, probability 0, space 0, times 0 [ 226.395477][ T7173] CPU: 0 UID: 0 PID: 7173 Comm: syz.3.399 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 226.395502][ T7173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 226.395515][ T7173] Call Trace: [ 226.395523][ T7173] [ 226.395532][ T7173] dump_stack_lvl+0xe8/0x150 [ 226.395570][ T7173] should_fail_ex+0x46b/0x600 [ 226.395605][ T7173] should_failslab+0xa8/0x100 [ 226.395630][ T7173] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 226.395662][ T7173] ? __alloc_skb+0x1d0/0x7d0 [ 226.395683][ T7173] ? lockdep_hardirqs_on+0x7a/0x110 [ 226.395713][ T7173] __alloc_skb+0x1d0/0x7d0 [ 226.395740][ T7173] sock_wmalloc+0xb2/0x130 [ 226.395771][ T7173] pppoe_sendmsg+0x2b4/0x7c0 [ 226.395811][ T7173] ? __pfx_pppoe_sendmsg+0x10/0x10 [ 226.395849][ T7173] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 226.395886][ T7173] ____sys_sendmsg+0x94c/0x9c0 [ 226.395918][ T7173] ? __pfx_____sys_sendmsg+0x10/0x10 [ 226.395965][ T7173] ? import_iovec+0x73/0xa0 [ 226.395990][ T7173] ___sys_sendmsg+0x2a5/0x360 [ 226.396018][ T7173] ? __pfx____sys_sendmsg+0x10/0x10 [ 226.396046][ T7173] ? kstrtouint+0x6e/0xe0 [ 226.396097][ T7173] ? __fget_files+0x2a/0x420 [ 226.396125][ T7173] ? __fget_files+0x3a6/0x420 [ 226.396164][ T7173] __sys_sendmmsg+0x282/0x4e0 [ 226.396194][ T7173] ? __pfx___sys_sendmmsg+0x10/0x10 [ 226.396230][ T7173] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 226.396276][ T7173] ? ksys_write+0x248/0x270 [ 226.396309][ T7173] ? __pfx_ksys_write+0x10/0x10 [ 226.396414][ T7173] __x64_sys_sendmmsg+0xa0/0xc0 [ 226.396443][ T7173] do_syscall_64+0x14d/0xf80 [ 226.396473][ T7173] ? trace_irq_disable+0x3b/0x150 [ 226.396506][ T7173] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.396539][ T7173] ? clear_bhb_loop+0x40/0x90 [ 226.396572][ T7173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.396593][ T7173] RIP: 0033:0x7f505a26c819 [ 226.396614][ T7173] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 226.396631][ T7173] RSP: 002b:00007f50584c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 226.396656][ T7173] RAX: ffffffffffffffda RBX: 00007f505a4e5fa0 RCX: 00007f505a26c819 [ 226.396670][ T7173] RDX: 0000000000034000 RSI: 00002000000008c0 RDI: 0000000000000003 [ 226.396684][ T7173] RBP: 00007f50584c6090 R08: 0000000000000000 R09: 0000000000000000 [ 226.396698][ T7173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.396711][ T7173] R13: 00007f505a4e6038 R14: 00007f505a4e5fa0 R15: 00007ffdd04c61a8 [ 226.396746][ T7173] [ 226.415981][ T5964] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 226.594808][ T5964] usb 5-1: Using ep0 maxpacket: 16 [ 226.601310][ T5964] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 226.601345][ T5964] usb 5-1: config 0 has no interface number 0 [ 226.601388][ T5964] usb 5-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 226.611548][ T5964] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 226.611578][ T5964] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 226.611605][ T5964] usb 5-1: Product: syz [ 226.611618][ T5964] usb 5-1: SerialNumber: syz [ 226.630717][ T5964] usb 5-1: config 0 descriptor?? [ 226.650319][ T5964] usbhid 5-1:0.8: couldn't find an input interrupt endpoint [ 226.687225][ T7176] netlink: 12 bytes leftover after parsing attributes in process `syz.1.401'. [ 227.369877][ T7184] FAULT_INJECTION: forcing a failure. [ 227.369877][ T7184] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.369917][ T7184] CPU: 1 UID: 0 PID: 7184 Comm: syz.1.401 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 227.369941][ T7184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 227.369954][ T7184] Call Trace: [ 227.369963][ T7184] [ 227.369972][ T7184] dump_stack_lvl+0xe8/0x150 [ 227.370009][ T7184] should_fail_ex+0x46b/0x600 [ 227.370055][ T7184] _copy_from_user+0x2d/0xb0 [ 227.370076][ T7184] kstrtouint_from_user+0xd6/0x180 [ 227.370108][ T7184] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 227.370144][ T7184] ? __lock_acquire+0x6b5/0x2cf0 [ 227.370176][ T7184] proc_fail_nth_write+0x8e/0x210 [ 227.370204][ T7184] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 227.370237][ T7184] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 227.370266][ T7184] vfs_write+0x2a3/0xba0 [ 227.370308][ T7184] ? __pfx_vfs_write+0x10/0x10 [ 227.370342][ T7184] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 227.370367][ T7184] ? lockdep_hardirqs_on+0x7a/0x110 [ 227.370390][ T7184] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 227.370414][ T7184] ? mutex_lock_nested+0x152/0x1d0 [ 227.370442][ T7184] ? fdget_pos+0x252/0x320 [ 227.370480][ T7184] ksys_write+0x156/0x270 [ 227.370515][ T7184] ? __pfx_ksys_write+0x10/0x10 [ 227.370560][ T7184] do_syscall_64+0x14d/0xf80 [ 227.370585][ T7184] ? trace_irq_disable+0x3b/0x150 [ 227.370611][ T7184] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.370633][ T7184] ? clear_bhb_loop+0x40/0x90 [ 227.370660][ T7184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.370681][ T7184] RIP: 0033:0x7faa8da4d04e [ 227.370701][ T7184] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 227.370720][ T7184] RSP: 002b:00007faa8bca3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 227.370742][ T7184] RAX: ffffffffffffffda RBX: 00007faa8bca46c0 RCX: 00007faa8da4d04e [ 227.370757][ T7184] RDX: 0000000000000001 RSI: 00007faa8bca40a0 RDI: 0000000000000007 [ 227.370771][ T7184] RBP: 00007faa8bca4090 R08: 0000000000000000 R09: 0000000000000000 [ 227.370784][ T7184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.370797][ T7184] R13: 00007faa8dd06218 R14: 00007faa8dd06180 R15: 00007ffe43d7d968 [ 227.370833][ T7184] [ 227.503213][ T7171] netlink: 20 bytes leftover after parsing attributes in process `syz.4.397'. [ 227.780277][ T7189] netlink: 52 bytes leftover after parsing attributes in process `syz.3.404'. [ 227.887818][ T5964] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 227.923166][ T5808] Bluetooth: hci1: command 0x0406 tx timeout [ 227.923213][ T5808] Bluetooth: hci2: command 0x0406 tx timeout [ 227.923241][ T5808] Bluetooth: hci0: command 0x0406 tx timeout [ 228.015449][ T5976] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 228.020959][ T7196] FAULT_INJECTION: forcing a failure. [ 228.020959][ T7196] name failslab, interval 1, probability 0, space 0, times 0 [ 228.020996][ T7196] CPU: 1 UID: 0 PID: 7196 Comm: syz.3.406 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 228.021029][ T7196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 228.021043][ T7196] Call Trace: [ 228.021052][ T7196] [ 228.021060][ T7196] dump_stack_lvl+0xe8/0x150 [ 228.021098][ T7196] should_fail_ex+0x46b/0x600 [ 228.021133][ T7196] should_failslab+0xa8/0x100 [ 228.021157][ T7196] kmem_cache_alloc_noprof+0x87/0x680 [ 228.021190][ T7196] ? mas_alloc_nodes+0x291/0x350 [ 228.021217][ T7196] mas_alloc_nodes+0x291/0x350 [ 228.021243][ T7196] mas_preallocate+0x2d6/0x640 [ 228.021272][ T7196] ? __pfx_mas_preallocate+0x10/0x10 [ 228.021307][ T7196] ? __mas_set_range+0x12f/0x3c0 [ 228.021340][ T7196] __split_vma+0x33d/0xa30 [ 228.021377][ T7196] ? __pfx___split_vma+0x10/0x10 [ 228.021415][ T7196] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 228.021440][ T7196] ? lockdep_hardirqs_on+0x7a/0x110 [ 228.021465][ T7196] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 228.021495][ T7196] vms_gather_munmap_vmas+0x32d/0x1370 [ 228.021526][ T7196] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 228.021565][ T7196] ? mtree_range_walk+0x6aa/0x840 [ 228.021596][ T7196] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 228.021636][ T7196] ? mas_find+0xa7d/0xd30 [ 228.021667][ T7196] mmap_region+0x87f/0x2230 [ 228.021706][ T7196] ? __lock_acquire+0x6b5/0x2cf0 [ 228.021731][ T7196] ? do_raw_spin_lock+0x12b/0x2f0 [ 228.021762][ T7196] ? __pfx_mmap_region+0x10/0x10 [ 228.021788][ T7196] ? __lock_acquire+0x6b5/0x2cf0 [ 228.021815][ T7196] ? __lock_acquire+0x6b5/0x2cf0 [ 228.021837][ T7196] ? __lock_acquire+0x6b5/0x2cf0 [ 228.021867][ T7196] ? unwind_next_frame+0xa5/0x23c0 [ 228.021946][ T7196] ? __lock_acquire+0x6b5/0x2cf0 [ 228.021986][ T7196] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 228.022040][ T7196] ? cap_mmap_addr+0xaf/0x100 [ 228.022064][ T7196] ? bpf_lsm_mmap_addr+0x9/0x50 [ 228.022086][ T7196] ? security_mmap_addr+0x71/0x240 [ 228.022112][ T7196] ? shmem_mapping+0xd/0x50 [ 228.022141][ T7196] ? memfd_check_seals_mmap+0x16e/0x210 [ 228.022174][ T7196] do_mmap+0xc2f/0x10c0 [ 228.022209][ T7196] ? lockdep_hardirqs_on+0x7a/0x110 [ 228.022233][ T7196] ? __pfx_do_mmap+0x10/0x10 [ 228.022261][ T7196] ? rwbase_write_lock+0x568/0x730 [ 228.022300][ T7196] vm_mmap_pgoff+0x2cc/0x4f0 [ 228.022339][ T7196] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 228.022378][ T7196] ? __fget_files+0x2a/0x420 [ 228.022404][ T7196] ? __fget_files+0x3a6/0x420 [ 228.022428][ T7196] ? __fget_files+0x2a/0x420 [ 228.022469][ T7196] ksys_mmap_pgoff+0x4e8/0x720 [ 228.022498][ T7196] ? __x64_sys_mmap+0x7f/0x140 [ 228.022533][ T7196] do_syscall_64+0x14d/0xf80 [ 228.022554][ T7196] ? trace_irq_disable+0x3b/0x150 [ 228.022577][ T7196] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.022597][ T7196] ? clear_bhb_loop+0x40/0x90 [ 228.022624][ T7196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.022643][ T7196] RIP: 0033:0x7f505a26c819 [ 228.022663][ T7196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 228.022682][ T7196] RSP: 002b:00007f50584c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 228.022707][ T7196] RAX: ffffffffffffffda RBX: 00007f505a4e5fa0 RCX: 00007f505a26c819 [ 228.022722][ T7196] RDX: 0000000000000001 RSI: 0000000000001000 RDI: 0000200000ffc000 [ 228.022735][ T7196] RBP: 00007f50584c6090 R08: 0000000000000004 R09: 0000000000000000 [ 228.022748][ T7196] R10: 0000000000010012 R11: 0000000000000246 R12: 0000000000000001 [ 228.022762][ T7196] R13: 00007f505a4e6038 R14: 00007f505a4e5fa0 R15: 00007ffdd04c61a8 [ 228.022799][ T7196] [ 228.034875][ T5964] usb 1-1: Using ep0 maxpacket: 8 [ 228.076358][ T5964] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 228.076390][ T5964] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 228.076412][ T5964] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 228.076470][ T5964] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 228.139999][ T5964] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 228.140021][ T5964] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.140032][ T5964] usb 1-1: Product: syz [ 228.140042][ T5964] usb 1-1: Manufacturer: syz [ 228.140050][ T5964] usb 1-1: SerialNumber: syz [ 228.254997][ T5976] usb 3-1: Using ep0 maxpacket: 32 [ 228.328571][ T5976] usb 3-1: config 1 interface 0 altsetting 106 bulk endpoint 0x82 has invalid maxpacket 1023 [ 228.328596][ T5976] usb 3-1: config 1 interface 0 altsetting 106 bulk endpoint 0x3 has invalid maxpacket 1023 [ 228.328610][ T5976] usb 3-1: config 1 interface 0 has no altsetting 0 [ 228.356846][ T5964] usb 1-1: config 0 descriptor?? [ 228.484872][ T5976] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 228.484907][ T5976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.484926][ T5976] usb 3-1: Product: ఁ [ 228.484942][ T5976] usb 3-1: Manufacturer: „鉼캼緄㺯㐇掆࿞﬙Ⴜ额ﮄ偆ꚛ浍薜䢓Ⴇೇ굾暻낸魧뫨ᵲꜨ➭喝ɋ婽顭障ڵ࠰ﰼ끘푰G᷀鶩缗杍칣蔀풗僮힐漠떄嵕坦瓶餒ҧ㨏㌿鑓悲舶횵蔰騑牳斜榠屯ႲႪ偔﫠礏㔙朑䐧ࢦ [ 228.484970][ T5976] usb 3-1: SerialNumber: Ї [ 228.609331][ T5964] hub 1-1:0.0: bad descriptor, ignoring hub [ 228.609376][ T5964] hub 1-1:0.0: probe with driver hub failed with error -5 [ 228.618232][ T7191] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 228.618361][ T7191] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 228.653990][ T5964] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input19 [ 228.733693][ T5964] usb 1-1: USB disconnect, device number 29 [ 228.880959][ T5976] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 228.963709][ T5976] usb 3-1: USB disconnect, device number 15 [ 229.175574][ T7202] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input20 [ 229.238159][ T7208] netlink: 'syz.1.410': attribute type 2 has an invalid length. [ 230.120216][ T5928] usb 5-1: USB disconnect, device number 18 [ 231.615727][ T37] kauditd_printk_skb: 142 callbacks suppressed [ 231.615749][ T37] audit: type=1326 audit(1775457422.038:2639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7227 comm="syz.1.417" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faa8da8c819 code=0x0 [ 231.824873][ T5928] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 231.925101][ T9] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 231.997549][ T5928] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 231.997612][ T5928] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 231.997639][ T5928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.046302][ T5928] usb 5-1: config 0 descriptor?? [ 232.174798][ T5976] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 232.197459][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 232.197491][ T9] usb 2-1: config 0 has no interface number 0 [ 232.197541][ T9] usb 2-1: config 0 interface 1 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 232.197571][ T9] usb 2-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 232.197596][ T9] usb 2-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 232.197625][ T9] usb 2-1: config 0 interface 1 has no altsetting 0 [ 232.197662][ T9] usb 2-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 232.197688][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.417192][ T5876] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 233.006629][ T5876] usb 4-1: Using ep0 maxpacket: 32 [ 233.008182][ T9] usb 2-1: config 0 descriptor?? [ 233.085664][ T5976] usb 3-1: Using ep0 maxpacket: 32 [ 233.131679][ T5976] usb 3-1: config 1 interface 0 altsetting 106 bulk endpoint 0x82 has invalid maxpacket 1023 [ 233.131925][ T5976] usb 3-1: config 1 interface 0 altsetting 106 bulk endpoint 0x3 has invalid maxpacket 1023 [ 233.131952][ T5976] usb 3-1: config 1 interface 0 has no altsetting 0 [ 233.134277][ T7241] input: syz1 as /devices/virtual/input/input21 [ 233.223299][ T5976] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 233.223443][ T5976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.223466][ T5976] usb 3-1: Product: ఁ [ 233.223481][ T5976] usb 3-1: Manufacturer: „鉼캼緄㺯㐇掆࿞﬙Ⴜ额ﮄ偆ꚛ浍薜䢓Ⴇೇ굾暻낸魧뫨ᵲꜨ➭喝ɋ婽顭障ڵ࠰ﰼ끘푰G᷀鶩缗杍칣蔀풗僮힐漠떄嵕坦瓶餒ҧ㨏㌿鑓悲舶횵蔰騑牳斜榠屯ႲႪ偔﫠礏㔙朑䐧ࢦ [ 233.223800][ T5976] usb 3-1: SerialNumber: Ї [ 233.400193][ T5928] ath6kl: Failed to submit usb control message: -110 [ 233.409240][ T5928] ath6kl: unable to send the bmi data to the device: -110 [ 233.409268][ T5928] ath6kl: Unable to send get target info: -110 [ 233.481946][ T5876] usb 4-1: config 1 interface 0 altsetting 106 bulk endpoint 0x82 has invalid maxpacket 1023 [ 233.481985][ T5876] usb 4-1: config 1 interface 0 altsetting 106 bulk endpoint 0x3 has invalid maxpacket 1023 [ 233.482110][ T5876] usb 4-1: config 1 interface 0 has no altsetting 0 [ 233.629252][ T5928] ath6kl: Failed to init ath6kl core: -110 [ 233.655306][ T5928] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 233.726945][ T5876] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 233.726979][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.727000][ T5876] usb 4-1: Product: ఁ [ 233.727015][ T5876] usb 4-1: Manufacturer: „鉼캼緄㺯㐇掆࿞﬙Ⴜ额ﮄ偆ꚛ浍薜䢓Ⴇೇ굾暻낸魧뫨ᵲꜨ➭喝ɋ婽顭障ڵ࠰ﰼ끘푰G᷀鶩缗杍칣蔀풗僮힐漠떄嵕坦瓶餒ҧ㨏㌿鑓悲舶횵蔰騑牳斜榠屯ႲႪ偔﫠礏㔙朑䐧ࢦ [ 233.727043][ T5876] usb 4-1: SerialNumber: Ї [ 233.770558][ T7231] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 233.789974][ T9] hid (null): invalid report_count 252767622 [ 233.793580][ T7231] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 234.479792][ T7229] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 234.910956][ T5976] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 236.691488][ T5976] usb 3-1: USB disconnect, device number 16 [ 237.827780][ T9] input: HID 145f:0212 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:145F:0212.0004/input/input22 [ 238.106584][ T5928] usb 5-1: USB disconnect, device number 19 [ 238.134189][ T5876] usb 4-1: can't set config #1, error -71 [ 238.189859][ T7260] FAULT_INJECTION: forcing a failure. [ 238.189859][ T7260] name failslab, interval 1, probability 0, space 0, times 0 [ 238.189906][ T7260] CPU: 0 UID: 0 PID: 7260 Comm: syz.1.426 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 238.189931][ T7260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 238.189944][ T7260] Call Trace: [ 238.189952][ T7260] [ 238.189962][ T7260] dump_stack_lvl+0xe8/0x150 [ 238.190009][ T7260] should_fail_ex+0x46b/0x600 [ 238.190045][ T7260] should_failslab+0xa8/0x100 [ 238.190071][ T7260] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 238.190104][ T7260] ? __alloc_skb+0x1d0/0x7d0 [ 238.190123][ T7260] ? lockdep_hardirqs_on+0x7a/0x110 [ 238.190151][ T7260] __alloc_skb+0x1d0/0x7d0 [ 238.190178][ T7260] pfkey_sendmsg+0x212/0x1120 [ 238.190210][ T7260] ? unwind_next_frame+0xa5/0x23c0 [ 238.190240][ T7260] ? smack_socket_sendmsg+0x1a9/0x590 [ 238.190270][ T7260] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 238.190310][ T7260] ? __lock_acquire+0x6b5/0x2cf0 [ 238.190335][ T7260] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 238.190367][ T7260] ? __kernel_text_address+0xd/0x30 [ 238.190392][ T7260] ? unwind_get_return_address+0x4d/0x90 [ 238.190417][ T7260] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 238.190453][ T7260] ____sys_sendmsg+0x94c/0x9c0 [ 238.190486][ T7260] ? __pfx_____sys_sendmsg+0x10/0x10 [ 238.190521][ T7260] ? import_iovec+0x73/0xa0 [ 238.190548][ T7260] ___sys_sendmsg+0x2a5/0x360 [ 238.190580][ T7260] ? __pfx____sys_sendmsg+0x10/0x10 [ 238.190642][ T7260] ? __fget_files+0x2a/0x420 [ 238.190667][ T7260] ? __fget_files+0x3a6/0x420 [ 238.190705][ T7260] __x64_sys_sendmsg+0x1c3/0x2a0 [ 238.190733][ T7260] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 238.190767][ T7260] ? __pfx_ksys_write+0x10/0x10 [ 238.190811][ T7260] do_syscall_64+0x14d/0xf80 [ 238.190834][ T7260] ? trace_irq_disable+0x3b/0x150 [ 238.190859][ T7260] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.190881][ T7260] ? clear_bhb_loop+0x40/0x90 [ 238.190921][ T7260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.190943][ T7260] RIP: 0033:0x7faa8da8c819 [ 238.190964][ T7260] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 238.190983][ T7260] RSP: 002b:00007faa8bce6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 238.191007][ T7260] RAX: ffffffffffffffda RBX: 00007faa8dd05fa0 RCX: 00007faa8da8c819 [ 238.191023][ T7260] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 238.191037][ T7260] RBP: 00007faa8bce6090 R08: 0000000000000000 R09: 0000000000000000 [ 238.191050][ T7260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.191064][ T7260] R13: 00007faa8dd06038 R14: 00007faa8dd05fa0 R15: 00007ffe43d7d968 [ 238.191107][ T7260] [ 238.220894][ T7261] FAULT_INJECTION: forcing a failure. [ 238.220894][ T7261] name failslab, interval 1, probability 0, space 0, times 0 [ 238.220927][ T7261] CPU: 1 UID: 0 PID: 7261 Comm: syz.3.424 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 238.220948][ T7261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 238.220959][ T7261] Call Trace: [ 238.220966][ T7261] [ 238.220974][ T7261] dump_stack_lvl+0xe8/0x150 [ 238.221008][ T7261] should_fail_ex+0x46b/0x600 [ 238.221040][ T7261] should_failslab+0xa8/0x100 [ 238.221061][ T7261] kmem_cache_alloc_noprof+0x87/0x680 [ 238.221091][ T7261] ? delayed_getname+0x3a/0x1d0 [ 238.221117][ T7261] delayed_getname+0x3a/0x1d0 [ 238.221150][ T7261] io_unlinkat_prep+0x1fd/0x330 [ 238.221175][ T7261] io_submit_sqes+0xbf0/0x24e0 [ 238.221230][ T7261] __se_sys_io_uring_enter+0x2cc/0x1970 [ 238.221264][ T7261] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 238.221286][ T7261] ? fput+0xa0/0xd0 [ 238.221310][ T7261] ? ksys_write+0x248/0x270 [ 238.221340][ T7261] ? __pfx_ksys_write+0x10/0x10 [ 238.221374][ T7261] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 238.221398][ T7261] do_syscall_64+0x14d/0xf80 [ 238.221418][ T7261] ? trace_irq_disable+0x3b/0x150 [ 238.221441][ T7261] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.221460][ T7261] ? clear_bhb_loop+0x40/0x90 [ 238.221484][ T7261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.221502][ T7261] RIP: 0033:0x7f505a26c819 [ 238.221520][ T7261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 238.221536][ T7261] RSP: 002b:00007f5058484028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 238.221557][ T7261] RAX: ffffffffffffffda RBX: 00007f505a4e6180 RCX: 00007f505a26c819 [ 238.221571][ T7261] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000 [ 238.221583][ T7261] RBP: 00007f5058484090 R08: 0000000000000000 R09: 0000000000000000 [ 238.221595][ T7261] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001 [ 238.221606][ T7261] R13: 00007f505a4e6218 R14: 00007f505a4e6180 R15: 00007ffdd04c61a8 [ 238.221637][ T7261] [ 239.740339][ T5876] usb 4-1: USB disconnect, device number 19 [ 239.943931][ T5869] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 240.106709][ T5869] usb 1-1: Using ep0 maxpacket: 16 [ 240.109246][ T5869] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 240.109274][ T5869] usb 1-1: config 0 has no interface number 0 [ 240.109322][ T5869] usb 1-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 240.111810][ T5869] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 240.111839][ T5869] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 240.111861][ T5869] usb 1-1: Product: syz [ 240.111876][ T5869] usb 1-1: SerialNumber: syz [ 240.465374][ T5869] usb 1-1: config 0 descriptor?? [ 240.489127][ T5869] usbhid 1-1:0.8: couldn't find an input interrupt endpoint [ 240.501607][ T9] input: HID 145f:0212 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:145F:0212.0004/input/input23 [ 240.757273][ T9] uclogic 0003:145F:0212.0004: input,hidraw0: USB HID v4.06 Keypad [HID 145f:0212] on usb-dummy_hcd.1-1/input1 [ 240.859842][ T9] usb 2-1: USB disconnect, device number 24 [ 240.949640][ T7280] fido_id[7280]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 240.966434][ T7259] netlink: 20 bytes leftover after parsing attributes in process `syz.0.425'. [ 241.575165][ T7289] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input24 [ 241.724927][ T9] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 241.755470][ T809] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 241.874772][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 241.878524][ T9] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 241.878555][ T9] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 241.878575][ T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 241.878609][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 255, changing to 11 [ 241.878626][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 59391, setting to 1024 [ 241.883577][ T9] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 241.883607][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.883619][ T9] usb 2-1: Product: syz [ 241.883628][ T9] usb 2-1: Manufacturer: syz [ 241.883637][ T9] usb 2-1: SerialNumber: syz [ 241.902912][ T9] usb 2-1: config 0 descriptor?? [ 241.925885][ T7283] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 241.937116][ T809] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 241.937188][ T809] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 241.937212][ T809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.948818][ T9] hub 2-1:0.0: bad descriptor, ignoring hub [ 241.948858][ T9] hub 2-1:0.0: probe with driver hub failed with error -5 [ 242.053070][ T809] usb 5-1: config 0 descriptor?? [ 242.066165][ T9] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input25 [ 242.223556][ T9] usb 2-1: USB disconnect, device number 25 [ 242.223672][ C0] usb_acecad 2-1:0.0: can't resubmit intr, dummy_hcd.1-1/input0, status -19 [ 242.555228][ T7300] input: syz1 as /devices/virtual/input/input26 [ 243.514715][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 243.689967][ T5964] usb 1-1: USB disconnect, device number 30 [ 245.182299][ T809] ath6kl: Failed to submit usb control message: -110 [ 245.182337][ T809] ath6kl: unable to send the bmi data to the device: -110 [ 245.182346][ T809] ath6kl: Unable to send get target info: -110 [ 245.182990][ T809] ath6kl: Failed to init ath6kl core: -110 [ 245.183682][ T809] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 245.595052][ T5964] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 245.630515][ T5876] usb 5-1: USB disconnect, device number 20 [ 245.772434][ T5964] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 245.772477][ T5964] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 245.772491][ T5964] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.787837][ T5964] usb 1-1: config 0 descriptor?? [ 246.126919][ T7324] input: syz1 as /devices/virtual/input/input27 [ 246.421774][ T5876] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 246.743419][ T5876] usb 5-1: Using ep0 maxpacket: 8 [ 246.810006][ T5876] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 246.810088][ T5876] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 246.810161][ T5876] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 246.810287][ T5876] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 246.810432][ T5876] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 246.810459][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.035381][ T5964] ath6kl: Failed to submit usb control message: -110 [ 247.035444][ T5964] ath6kl: unable to send the bmi data to the device: -110 [ 247.035461][ T5964] ath6kl: Unable to send get target info: -110 [ 247.580017][ T5964] ath6kl: Failed to init ath6kl core: -110 [ 247.580637][ T5964] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 248.590502][ T5876] usb 5-1: GET_CAPABILITIES returned 0 [ 248.590784][ T5876] usbtmc 5-1:16.0: can't read capabilities [ 249.946921][ T5869] usb 1-1: USB disconnect, device number 31 [ 250.064733][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 250.074694][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 250.084699][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 250.094720][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 250.104694][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 250.114719][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 250.377710][ T5876] usb 5-1: USB disconnect, device number 21 [ 250.575218][ T1244] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 250.729624][ T1244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 250.729665][ T1244] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 250.729679][ T1244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.767531][ T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 250.824541][ T1244] usb 4-1: config 0 descriptor?? [ 250.918502][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 250.921763][ T9] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 250.921793][ T9] usb 3-1: config 0 has no interface number 0 [ 250.921839][ T9] usb 3-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 250.961553][ T9] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 250.961615][ T9] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 250.961629][ T9] usb 3-1: Product: syz [ 250.961637][ T9] usb 3-1: SerialNumber: syz [ 251.035171][ T5883] usb 1-1: new full-speed USB device number 32 using dummy_hcd [ 251.061239][ T9] usb 3-1: config 0 descriptor?? [ 251.110294][ T9] usbhid 3-1:0.8: couldn't find an input interrupt endpoint [ 251.188185][ T5883] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 251.188288][ T5883] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 251.189782][ T5883] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 251.189800][ T5883] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 251.189813][ T5883] usb 1-1: Manufacturer: syz [ 252.072438][ T7337] input: syz1 as /devices/virtual/input/input28 [ 252.075781][ T1244] ath6kl: Failed to submit usb control message: -110 [ 252.075842][ T1244] ath6kl: unable to send the bmi data to the device: -110 [ 252.075858][ T1244] ath6kl: Unable to send get target info: -110 [ 252.127576][ T1244] ath6kl: Failed to init ath6kl core: -110 [ 252.128189][ T1244] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 256.012572][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.012665][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.536093][ T5883] usb 1-1: config 0 descriptor?? [ 256.589852][ T5883] usb 1-1: can't set config #0, error -71 [ 256.594561][ T7371] FAULT_INJECTION: forcing a failure. [ 256.594561][ T7371] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 256.594596][ T7371] CPU: 1 UID: 0 PID: 7371 Comm: syz.0.454 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 256.594626][ T7371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 256.594638][ T7371] Call Trace: [ 256.594646][ T7371] [ 256.594654][ T7371] dump_stack_lvl+0xe8/0x150 [ 256.594701][ T7371] should_fail_ex+0x46b/0x600 [ 256.594728][ T7371] _copy_from_user+0x2d/0xb0 [ 256.594746][ T7371] kstrtouint_from_user+0xd6/0x180 [ 256.594771][ T7371] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 256.594797][ T7371] ? __lock_acquire+0x6b5/0x2cf0 [ 256.594824][ T7371] proc_fail_nth_write+0x8e/0x210 [ 256.594859][ T7371] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 256.594887][ T7371] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 256.594910][ T7371] vfs_write+0x2a3/0xba0 [ 256.594946][ T7371] ? __pfx_vfs_write+0x10/0x10 [ 256.594974][ T7371] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 256.594995][ T7371] ? lockdep_hardirqs_on+0x7a/0x110 [ 256.595014][ T7371] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 256.595033][ T7371] ? mutex_lock_nested+0x152/0x1d0 [ 256.595057][ T7371] ? fdget_pos+0x252/0x320 [ 256.595088][ T7371] ksys_write+0x156/0x270 [ 256.595116][ T7371] ? __pfx_ksys_write+0x10/0x10 [ 256.595154][ T7371] do_syscall_64+0x14d/0xf80 [ 256.595173][ T7371] ? trace_irq_disable+0x3b/0x150 [ 256.595199][ T7371] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.595217][ T7371] ? clear_bhb_loop+0x40/0x90 [ 256.595239][ T7371] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.595255][ T7371] RIP: 0033:0x7feae965d04e [ 256.595273][ T7371] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 256.595288][ T7371] RSP: 002b:00007feae78ccfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 256.595309][ T7371] RAX: ffffffffffffffda RBX: 00007feae78cd6c0 RCX: 00007feae965d04e [ 256.595322][ T7371] RDX: 0000000000000001 RSI: 00007feae78cd0a0 RDI: 0000000000000004 [ 256.595333][ T7371] RBP: 00007feae78cd090 R08: 0000000000000000 R09: 0000000000000000 [ 256.595344][ T7371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.595355][ T7371] R13: 00007feae9916128 R14: 00007feae9916090 R15: 00007ffd2dcd48a8 [ 256.595386][ T7371] [ 256.878864][ T1244] usb 4-1: USB disconnect, device number 20 [ 256.903774][ T9] usb 3-1: USB disconnect, device number 17 [ 257.145792][ T5883] usb 1-1: USB disconnect, device number 32 [ 258.936597][ T7399] binder: 7398:7399 ioctl c0306201 2000000002c0 returned -14 [ 262.175194][ T1244] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 262.259937][ T7419] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 262.265428][ T7423] netlink: 'syz.3.471': attribute type 30 has an invalid length. [ 262.265450][ T7423] netlink: 8 bytes leftover after parsing attributes in process `syz.3.471'. [ 262.265473][ T7423] bond0: option arp_missed_max: invalid value (0) [ 262.265490][ T7423] bond0: option arp_missed_max: allowed values 1 - 255 [ 262.556245][ T7426] binder: 7416:7426 ioctl c0306201 2000000001c0 returned -22 [ 263.184821][ T1244] usb 3-1: Using ep0 maxpacket: 16 [ 263.191463][ T1244] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 263.191493][ T1244] usb 3-1: config 0 has no interface number 0 [ 263.191539][ T1244] usb 3-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 263.196438][ T1244] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 263.196471][ T1244] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 263.196493][ T1244] usb 3-1: Product: syz [ 263.196509][ T1244] usb 3-1: SerialNumber: syz [ 263.287168][ T1244] usb 3-1: config 0 descriptor?? [ 263.361491][ T1244] usbhid 3-1:0.8: couldn't find an input interrupt endpoint [ 263.609742][ T37] audit: type=1326 audit(1775457454.028:2640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7431 comm="syz.4.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 263.620468][ T37] audit: type=1326 audit(1775457454.028:2641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7431 comm="syz.4.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 263.620521][ T37] audit: type=1326 audit(1775457454.038:2642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7431 comm="syz.4.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 263.620562][ T37] audit: type=1326 audit(1775457454.038:2643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7431 comm="syz.4.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 263.621636][ T37] audit: type=1326 audit(1775457454.038:2644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7431 comm="syz.4.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 263.621687][ T37] audit: type=1326 audit(1775457454.038:2645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7431 comm="syz.4.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 263.623129][ T37] audit: type=1326 audit(1775457454.038:2646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7431 comm="syz.4.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 263.623612][ T37] audit: type=1326 audit(1775457454.038:2647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7431 comm="syz.4.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 263.623656][ T37] audit: type=1326 audit(1775457454.038:2648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7431 comm="syz.4.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 263.625588][ T37] audit: type=1326 audit(1775457454.038:2649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7431 comm="syz.4.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f165b1ec819 code=0x7ffc0000 [ 263.724152][ T7433] netlink: 20 bytes leftover after parsing attributes in process `syz.2.468'. [ 263.906848][ T5876] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 264.094887][ T5876] usb 5-1: Using ep0 maxpacket: 8 [ 264.104124][ T5876] usb 5-1: New USB device found, idVendor=18d1, idProduct=2d04, bcdDevice= 0.40 [ 264.104158][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.104179][ T5876] usb 5-1: Product: syz [ 264.104193][ T5876] usb 5-1: Manufacturer: syz [ 264.104208][ T5876] usb 5-1: SerialNumber: syz [ 264.703044][ T5876] usb 5-1: 1:1: invalid format type 0x1002 is detected, processed as PCM [ 264.703077][ T5876] usb 5-1: 1:1 : unsupported sample bitwidth 5 in 15 bytes [ 264.717159][ T5876] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 264.828655][ T5876] usb 5-1: USB disconnect, device number 22 [ 264.930825][ T5796] udevd[5796]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 266.100699][ T5883] usb 3-1: USB disconnect, device number 18 [ 266.456389][ T7467] random: crng reseeded on system resumption [ 266.471924][ T7470] netlink: 'syz.0.486': attribute type 3 has an invalid length. [ 266.471944][ T7470] netlink: 666 bytes leftover after parsing attributes in process `syz.0.486'. [ 266.497809][ T7472] netlink: 'syz.1.485': attribute type 30 has an invalid length. [ 266.497831][ T7472] netlink: 8 bytes leftover after parsing attributes in process `syz.1.485'. [ 266.497857][ T7472] bond0: option arp_missed_max: invalid value (0) [ 266.497874][ T7472] bond0: option arp_missed_max: allowed values 1 - 255 [ 267.454980][ T7490] IPVS: length: 29 != 24 [ 267.510763][ T1244] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 268.594815][ T1244] usb 4-1: Using ep0 maxpacket: 32 [ 268.597838][ T1244] usb 4-1: config 1 interface 0 altsetting 106 bulk endpoint 0x82 has invalid maxpacket 1023 [ 268.597888][ T1244] usb 4-1: config 1 interface 0 altsetting 106 bulk endpoint 0x3 has invalid maxpacket 1023 [ 268.597914][ T1244] usb 4-1: config 1 interface 0 has no altsetting 0 [ 268.602784][ T1244] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 268.602817][ T1244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.602840][ T1244] usb 4-1: Product: ఁ [ 268.602855][ T1244] usb 4-1: Manufacturer: „鉼캼緄㺯㐇掆࿞﬙Ⴜ额ﮄ偆ꚛ浍薜䢓Ⴇೇ굾暻낸魧뫨ᵲꜨ➭喝ɋ婽顭障ڵ࠰ﰼ끘푰G᷀鶩缗杍칣蔀풗僮힐漠떄嵕坦瓶餒ҧ㨏㌿鑓悲舶횵蔰騑牳斜榠屯ႲႪ偔﫠礏㔙朑䐧ࢦ [ 268.602885][ T1244] usb 4-1: SerialNumber: Ї [ 268.791878][ T7500] FAULT_INJECTION: forcing a failure. [ 268.791878][ T7500] name failslab, interval 1, probability 0, space 0, times 0 [ 268.791916][ T7500] CPU: 1 UID: 0 PID: 7500 Comm: syz.2.495 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 268.791940][ T7500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 268.791953][ T7500] Call Trace: [ 268.791962][ T7500] [ 268.791971][ T7500] dump_stack_lvl+0xe8/0x150 [ 268.792010][ T7500] should_fail_ex+0x46b/0x600 [ 268.792048][ T7500] should_failslab+0xa8/0x100 [ 268.792074][ T7500] kmem_cache_alloc_noprof+0x87/0x680 [ 268.792108][ T7500] ? inet_bind2_bucket_create+0x34/0x510 [ 268.792141][ T7500] inet_bind2_bucket_create+0x34/0x510 [ 268.792166][ T7500] ? inet_csk_get_port+0x1b8/0x1710 [ 268.792202][ T7500] inet_csk_get_port+0xf4b/0x1710 [ 268.792246][ T7500] ? __local_bh_enable+0x1e1/0x2f0 [ 268.792283][ T7500] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 268.792334][ T7500] ? lockdep_hardirqs_on+0x7a/0x110 [ 268.792367][ T7500] __inet_bind+0x5d4/0xa90 [ 268.792400][ T7500] __sys_bind+0x2e9/0x410 [ 268.792435][ T7500] ? __pfx___sys_bind+0x10/0x10 [ 268.792481][ T7500] ? __pfx_ksys_write+0x10/0x10 [ 268.792532][ T7500] __x64_sys_bind+0x7a/0x90 [ 268.792565][ T7500] do_syscall_64+0x14d/0xf80 [ 268.792587][ T7500] ? trace_irq_disable+0x3b/0x150 [ 268.792612][ T7500] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.792633][ T7500] ? clear_bhb_loop+0x40/0x90 [ 268.792658][ T7500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.792678][ T7500] RIP: 0033:0x7faa01ffc819 [ 268.792697][ T7500] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 268.792715][ T7500] RSP: 002b:00007faa0024e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 268.792737][ T7500] RAX: ffffffffffffffda RBX: 00007faa02275fa0 RCX: 00007faa01ffc819 [ 268.792751][ T7500] RDX: 0000000000000010 RSI: 0000200000e15000 RDI: 0000000000000003 [ 268.792766][ T7500] RBP: 00007faa0024e090 R08: 0000000000000000 R09: 0000000000000000 [ 268.792779][ T7500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 268.792791][ T7500] R13: 00007faa02276038 R14: 00007faa02275fa0 R15: 00007ffd8392d338 [ 268.792828][ T7500] [ 269.850517][ T7486] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 269.850796][ T7486] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 270.128896][ T7507] dlm: non-version read from control device 143 [ 270.145362][ T1244] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 270.196406][ T1244] usb 4-1: USB disconnect, device number 21 [ 270.352786][ T7513] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 270.423666][ T7514] netlink: 12 bytes leftover after parsing attributes in process `syz.0.501'. [ 270.510161][ T7526] netlink: 'syz.1.503': attribute type 30 has an invalid length. [ 270.510186][ T7526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.503'. [ 270.534518][ T7514] 8021q: adding VLAN 0 to HW filter on device bond1 [ 270.710879][ T7525] bond1: (slave macvlan1): Enslaving as an active interface with an up link [ 270.732207][ T7526] bond0: option arp_missed_max: invalid value (0) [ 270.732238][ T7526] bond0: option arp_missed_max: allowed values 1 - 255 [ 270.808401][ T7534] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input29 [ 270.857765][ T7537] FAULT_INJECTION: forcing a failure. [ 270.857765][ T7537] name failslab, interval 1, probability 0, space 0, times 0 [ 270.857799][ T7537] CPU: 0 UID: 0 PID: 7537 Comm: syz.2.507 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 270.857823][ T7537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 270.857836][ T7537] Call Trace: [ 270.857844][ T7537] [ 270.857852][ T7537] dump_stack_lvl+0xe8/0x150 [ 270.857888][ T7537] should_fail_ex+0x46b/0x600 [ 270.857925][ T7537] should_failslab+0xa8/0x100 [ 270.857949][ T7537] __kmalloc_noprof+0xdf/0x7b0 [ 270.857970][ T7537] ? percpu_ref_get_many+0x21/0x1e0 [ 270.857991][ T7537] ? io_cache_alloc_new+0x40/0x100 [ 270.858017][ T7537] io_cache_alloc_new+0x40/0x100 [ 270.858040][ T7537] __io_prep_rw+0x2bd/0xed0 [ 270.858074][ T7537] ? __pfx___io_prep_rw+0x10/0x10 [ 270.858098][ T7537] ? __pfx___io_alloc_req_refill+0x10/0x10 [ 270.858135][ T7537] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 270.858167][ T7537] io_prep_read+0x33/0x110 [ 270.858187][ T7537] ? io_task_refs_refill+0xba/0x180 [ 270.858211][ T7537] io_submit_sqes+0xbf0/0x24e0 [ 270.858274][ T7537] __se_sys_io_uring_enter+0x2cc/0x1970 [ 270.858312][ T7537] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 270.858336][ T7537] ? fput+0xa0/0xd0 [ 270.858364][ T7537] ? ksys_write+0x248/0x270 [ 270.858400][ T7537] ? __pfx_ksys_write+0x10/0x10 [ 270.858438][ T7537] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 270.858466][ T7537] do_syscall_64+0x14d/0xf80 [ 270.858563][ T7537] ? trace_irq_disable+0x3b/0x150 [ 270.858595][ T7537] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.858619][ T7537] ? clear_bhb_loop+0x40/0x90 [ 270.858642][ T7537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.858662][ T7537] RIP: 0033:0x7faa01ffc819 [ 270.858726][ T7537] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 270.858746][ T7537] RSP: 002b:00007faa0024e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 270.858769][ T7537] RAX: ffffffffffffffda RBX: 00007faa02275fa0 RCX: 00007faa01ffc819 [ 270.858784][ T7537] RDX: 00000000000077ae RSI: 000000000000742f RDI: 0000000000000005 [ 270.858798][ T7537] RBP: 00007faa0024e090 R08: 0000000000000000 R09: 0000000000000000 [ 270.858812][ T7537] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 270.858825][ T7537] R13: 00007faa02276038 R14: 00007faa02275fa0 R15: 00007ffd8392d338 [ 270.858861][ T7537] [ 270.994862][ T809] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 271.159282][ T809] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 271.159315][ T809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.159334][ T809] usb 5-1: Product: syz [ 271.159346][ T809] usb 5-1: Manufacturer: syz [ 271.159360][ T809] usb 5-1: SerialNumber: syz [ 272.996242][ T809] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 272.996313][ T809] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 272.997829][ T809] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 272.997887][ T809] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 272.998811][ T809] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 273.083823][ T809] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 273.125858][ T1244] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 273.127743][ T809] usb 5-1: USB disconnect, device number 23 [ 273.195004][ T5813] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 273.275921][ T1244] usb 1-1: Using ep0 maxpacket: 32 [ 273.279339][ T1244] usb 1-1: config 1 interface 0 altsetting 106 bulk endpoint 0x82 has invalid maxpacket 1023 [ 273.279377][ T1244] usb 1-1: config 1 interface 0 altsetting 106 bulk endpoint 0x3 has invalid maxpacket 1023 [ 273.279391][ T1244] usb 1-1: config 1 interface 0 has no altsetting 0 [ 273.282511][ T1244] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 273.282536][ T1244] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.282548][ T1244] usb 1-1: Product: ఁ [ 273.282558][ T1244] usb 1-1: Manufacturer: „鉼캼緄㺯㐇掆࿞﬙Ⴜ额ﮄ偆ꚛ浍薜䢓Ⴇೇ굾暻낸魧뫨ᵲꜨ➭喝ɋ婽顭障ڵ࠰ﰼ끘푰G᷀鶩缗杍칣蔀풗僮힐漠떄嵕坦瓶餒ҧ㨏㌿鑓悲舶횵蔰騑牳斜榠屯ႲႪ偔﫠礏㔙朑䐧ࢦ [ 273.282576][ T1244] usb 1-1: SerialNumber: Ї [ 273.347663][ T5813] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 273.347748][ T5813] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 273.347770][ T5813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.353548][ T5813] usb 2-1: config 0 descriptor?? [ 273.385135][ T5876] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 273.395091][ T5900] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 273.429755][ T7551] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 273.430087][ T7551] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 273.557505][ T5876] usb 3-1: config 0 has an invalid descriptor of length 102, skipping remainder of the config [ 273.557573][ T5876] usb 3-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 273.557667][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.560145][ T5900] usb 4-1: Using ep0 maxpacket: 16 [ 273.591872][ T5876] usb 3-1: config 0 descriptor?? [ 273.607255][ T5900] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 273.616396][ T5900] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 273.618140][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.618165][ T5900] usb 4-1: Product: syz [ 273.618181][ T5900] usb 4-1: Manufacturer: syz [ 273.618197][ T5900] usb 4-1: SerialNumber: syz [ 273.643995][ T5876] rndis_host 3-1:0.0: skipping garbage [ 273.644019][ T5876] usb 3-1: bad CDC descriptors [ 273.735356][ T1244] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71 [ 273.737986][ T5900] usb 4-1: config 0 descriptor?? [ 274.665768][ T5813] ath6kl: Failed to submit usb control message: -110 [ 274.665827][ T5813] ath6kl: unable to send the bmi data to the device: -110 [ 274.665842][ T5813] ath6kl: Unable to send get target info: -110 [ 275.082804][ T5813] ath6kl: Failed to init ath6kl core: -110 [ 275.083453][ T5813] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 276.000557][ T5900] hub 4-1:0.0: bad descriptor, ignoring hub [ 276.001245][ T5900] hub 4-1:0.0: probe with driver hub failed with error -5 [ 276.001701][ T5876] usb 3-1: USB disconnect, device number 19 [ 276.247019][ T1244] usb 1-1: USB disconnect, device number 33 [ 276.277359][ T7565] input: syz1 as /devices/virtual/input/input30 [ 276.307900][ T5900] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input31 [ 276.517440][ T5900] usb 4-1: USB disconnect, device number 22 [ 276.885269][ T1244] usb 2-1: USB disconnect, device number 26 [ 276.942798][ T7591] netlink: 24 bytes leftover after parsing attributes in process `syz.2.526'. [ 277.094822][ T7594] capability: warning: `syz.3.527' uses deprecated v2 capabilities in a way that may be insecure [ 277.216496][ T7602] netlink: 28 bytes leftover after parsing attributes in process `syz.2.530'. [ 277.365042][ T1244] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 277.515032][ T1244] usb 2-1: Using ep0 maxpacket: 32 [ 277.518090][ T1244] usb 2-1: config 1 interface 0 altsetting 106 bulk endpoint 0x82 has invalid maxpacket 1023 [ 277.518124][ T1244] usb 2-1: config 1 interface 0 altsetting 106 bulk endpoint 0x3 has invalid maxpacket 1023 [ 277.518150][ T1244] usb 2-1: config 1 interface 0 has no altsetting 0 [ 277.568185][ T1244] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 277.568220][ T1244] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.568241][ T1244] usb 2-1: Product: ఁ [ 277.568256][ T1244] usb 2-1: Manufacturer: „鉼캼緄㺯㐇掆࿞﬙Ⴜ额ﮄ偆ꚛ浍薜䢓Ⴇೇ굾暻낸魧뫨ᵲꜨ➭喝ɋ婽顭障ڵ࠰ﰼ끘푰G᷀鶩缗杍칣蔀풗僮힐漠떄嵕坦瓶餒ҧ㨏㌿鑓悲舶횵蔰騑牳斜榠屯ႲႪ偔﫠礏㔙朑䐧ࢦ [ 277.568286][ T1244] usb 2-1: SerialNumber: Ї [ 277.639416][ T7597] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 277.639556][ T7597] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 277.907971][ T1244] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71 [ 277.975783][ T1244] usb 2-1: USB disconnect, device number 27 [ 278.377926][ T7609] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.582266][ T7620] netlink: 8 bytes leftover after parsing attributes in process `syz.3.534'. [ 278.970560][ T7630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.539'. [ 279.016279][ T5876] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 279.914894][ T5876] usb 5-1: Using ep0 maxpacket: 8 [ 279.918600][ T5876] usb 5-1: config index 0 descriptor too short (expected 1307, got 27) [ 279.918629][ T5876] usb 5-1: config 0 has an invalid interface number: 0 but max is -1 [ 279.918651][ T5876] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 279.918704][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 255, changing to 11 [ 279.918733][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 59391, setting to 1024 [ 279.922680][ T5876] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 279.922709][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.922730][ T5876] usb 5-1: Product: syz [ 279.922746][ T5876] usb 5-1: Manufacturer: syz [ 279.922761][ T5876] usb 5-1: SerialNumber: syz [ 280.028507][ T5876] usb 5-1: config 0 descriptor?? [ 280.032572][ T7624] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 280.050757][ T5876] hub 5-1:0.0: bad descriptor, ignoring hub [ 280.050799][ T5876] hub 5-1:0.0: probe with driver hub failed with error -5 [ 280.106534][ T5876] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input32 [ 280.290328][ T5876] usb 5-1: USB disconnect, device number 24 [ 280.290428][ C1] usb_acecad 5-1:0.0: can't resubmit intr, dummy_hcd.4-1/input0, status -19 [ 281.799940][ T7636] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 282.189375][ T1244] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 282.325471][ T7647] netlink: 8 bytes leftover after parsing attributes in process `syz.0.544'. [ 282.361482][ T1244] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 282.361513][ T1244] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 282.361570][ T1244] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 282.361594][ T1244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.396869][ T1244] usb 3-1: config 0 descriptor?? [ 282.622040][ T7654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.547'. [ 282.703314][ T1244] Bluetooth: Can't get state to change to load ram patch err [ 282.703330][ T1244] Bluetooth: Loading patch file failed [ 282.703355][ T1244] ath3k 3-1:0.0: probe with driver ath3k failed with error -71 [ 282.725484][ T1244] usb 3-1: USB disconnect, device number 20 [ 282.765040][ T5876] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 282.894968][ T7662] netlink: 8 bytes leftover after parsing attributes in process `syz.2.549'. [ 282.917798][ T7661] FAULT_INJECTION: forcing a failure. [ 282.917798][ T7661] name failslab, interval 1, probability 0, space 0, times 0 [ 282.917836][ T7661] CPU: 0 UID: 0 PID: 7661 Comm: syz.0.550 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 282.917861][ T7661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 282.917874][ T7661] Call Trace: [ 282.917882][ T7661] [ 282.917891][ T7661] dump_stack_lvl+0xe8/0x150 [ 282.917929][ T7661] should_fail_ex+0x46b/0x600 [ 282.917965][ T7661] should_failslab+0xa8/0x100 [ 282.917990][ T7661] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 282.918024][ T7661] ? __alloc_skb+0x1d0/0x7d0 [ 282.918044][ T7661] ? lockdep_hardirqs_on+0x7a/0x110 [ 282.918075][ T7661] __alloc_skb+0x1d0/0x7d0 [ 282.918102][ T7661] netlink_sendmsg+0x5d4/0xb40 [ 282.918144][ T7661] ? __pfx_netlink_sendmsg+0x10/0x10 [ 282.918177][ T7661] ? unwind_get_return_address+0x4d/0x90 [ 282.918215][ T7661] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 282.918252][ T7661] ____sys_sendmsg+0x94c/0x9c0 [ 282.918292][ T7661] ? __pfx_____sys_sendmsg+0x10/0x10 [ 282.918328][ T7661] ? import_iovec+0x73/0xa0 [ 282.918353][ T7661] ___sys_sendmsg+0x2a5/0x360 [ 282.918385][ T7661] ? __pfx____sys_sendmsg+0x10/0x10 [ 282.918449][ T7661] ? __fget_files+0x2a/0x420 [ 282.918476][ T7661] ? __fget_files+0x3a6/0x420 [ 282.918516][ T7661] __x64_sys_sendmsg+0x1c3/0x2a0 [ 282.918543][ T7661] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 282.918580][ T7661] ? __pfx_ksys_write+0x10/0x10 [ 282.918626][ T7661] do_syscall_64+0x14d/0xf80 [ 282.918658][ T7661] ? trace_irq_disable+0x3b/0x150 [ 282.918684][ T7661] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.918706][ T7661] ? clear_bhb_loop+0x40/0x90 [ 282.918731][ T7661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.918751][ T7661] RIP: 0033:0x7feae969c819 [ 282.918772][ T7661] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 282.918791][ T7661] RSP: 002b:00007feae78ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 282.918815][ T7661] RAX: ffffffffffffffda RBX: 00007feae9915fa0 RCX: 00007feae969c819 [ 282.918832][ T7661] RDX: 0000000000004890 RSI: 00002000000003c0 RDI: 0000000000000004 [ 282.918847][ T7661] RBP: 00007feae78ee090 R08: 0000000000000000 R09: 0000000000000000 [ 282.918860][ T7661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 282.918872][ T7661] R13: 00007feae9916038 R14: 00007feae9915fa0 R15: 00007ffd2dcd48a8 [ 282.918904][ T7661] [ 283.022269][ T5876] usb 4-1: Using ep0 maxpacket: 32 [ 283.182318][ T5876] usb 4-1: config 1 interface 0 altsetting 106 bulk endpoint 0x82 has invalid maxpacket 1023 [ 283.182358][ T5876] usb 4-1: config 1 interface 0 altsetting 106 bulk endpoint 0x3 has invalid maxpacket 1023 [ 283.182384][ T5876] usb 4-1: config 1 interface 0 has no altsetting 0 [ 283.223865][ T5876] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 283.223900][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.223920][ T5876] usb 4-1: Product: syz [ 283.223934][ T5876] usb 4-1: Manufacturer: syz [ 283.223948][ T5876] usb 4-1: SerialNumber: syz [ 283.267632][ T7652] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 283.267781][ T7652] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 283.502850][ T5876] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 283.567603][ T5876] usb 4-1: USB disconnect, device number 23 [ 283.814028][ T7673] FAULT_INJECTION: forcing a failure. [ 283.814028][ T7673] name failslab, interval 1, probability 0, space 0, times 0 [ 283.814067][ T7673] CPU: 1 UID: 0 PID: 7673 Comm: syz.4.554 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 283.814091][ T7673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 283.814104][ T7673] Call Trace: [ 283.814112][ T7673] [ 283.814121][ T7673] dump_stack_lvl+0xe8/0x150 [ 283.814158][ T7673] should_fail_ex+0x46b/0x600 [ 283.814194][ T7673] should_failslab+0xa8/0x100 [ 283.814218][ T7673] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 283.814251][ T7673] ? __alloc_skb+0x1d0/0x7d0 [ 283.814272][ T7673] ? lockdep_hardirqs_on+0x7a/0x110 [ 283.814303][ T7673] __alloc_skb+0x1d0/0x7d0 [ 283.814340][ T7673] netlink_sendmsg+0x5d4/0xb40 [ 283.814385][ T7673] ? __pfx_netlink_sendmsg+0x10/0x10 [ 283.814421][ T7673] ? unwind_get_return_address+0x4d/0x90 [ 283.814448][ T7673] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 283.814485][ T7673] ____sys_sendmsg+0x94c/0x9c0 [ 283.814518][ T7673] ? __pfx_____sys_sendmsg+0x10/0x10 [ 283.814554][ T7673] ? import_iovec+0x73/0xa0 [ 283.814579][ T7673] ___sys_sendmsg+0x2a5/0x360 [ 283.814615][ T7673] ? __pfx____sys_sendmsg+0x10/0x10 [ 283.814674][ T7673] ? __fget_files+0x2a/0x420 [ 283.814700][ T7673] ? __fget_files+0x3a6/0x420 [ 283.814737][ T7673] __x64_sys_sendmsg+0x1c3/0x2a0 [ 283.814765][ T7673] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 283.814800][ T7673] ? __pfx_ksys_write+0x10/0x10 [ 283.814845][ T7673] do_syscall_64+0x14d/0xf80 [ 283.814866][ T7673] ? trace_irq_disable+0x3b/0x150 [ 283.814899][ T7673] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.814922][ T7673] ? clear_bhb_loop+0x40/0x90 [ 283.814948][ T7673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.814970][ T7673] RIP: 0033:0x7f165b1ec819 [ 283.814991][ T7673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 283.815009][ T7673] RSP: 002b:00007f165943e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 283.815033][ T7673] RAX: ffffffffffffffda RBX: 00007f165b465fa0 RCX: 00007f165b1ec819 [ 283.815048][ T7673] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 283.815062][ T7673] RBP: 00007f165943e090 R08: 0000000000000000 R09: 0000000000000000 [ 283.815076][ T7673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 283.815089][ T7673] R13: 00007f165b466038 R14: 00007f165b465fa0 R15: 00007ffe67926108 [ 283.815123][ T7673] [ 284.384885][ T1244] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 284.414852][ T808] usb 1-1: new low-speed USB device number 34 using dummy_hcd [ 284.534834][ T1244] usb 5-1: Using ep0 maxpacket: 8 [ 284.543575][ T1244] usb 5-1: config index 0 descriptor too short (expected 1307, got 27) [ 284.543609][ T1244] usb 5-1: config 0 has an invalid interface number: 0 but max is -1 [ 284.543631][ T1244] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 284.543687][ T1244] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 255, changing to 11 [ 284.543716][ T1244] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 59391, setting to 1024 [ 284.544947][ T808] usb 1-1: device descriptor read/64, error -71 [ 284.551671][ T1244] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 284.551705][ T1244] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.551963][ T1244] usb 5-1: Product: syz [ 284.551980][ T1244] usb 5-1: Manufacturer: syz [ 284.551996][ T1244] usb 5-1: SerialNumber: syz [ 284.663241][ T1244] usb 5-1: config 0 descriptor?? [ 284.664991][ T7679] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 284.681322][ T1244] hub 5-1:0.0: bad descriptor, ignoring hub [ 284.681368][ T1244] hub 5-1:0.0: probe with driver hub failed with error -5 [ 284.702350][ T1244] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input33 [ 284.816207][ T808] usb 1-1: new low-speed USB device number 35 using dummy_hcd [ 285.735625][ T9] usb 5-1: USB disconnect, device number 25 [ 285.736113][ C1] usb_acecad 5-1:0.0: can't resubmit intr, dummy_hcd.4-1/input0, status -19 [ 285.935921][ T808] usb 1-1: device descriptor read/64, error -71 [ 286.008958][ T7693] FAULT_INJECTION: forcing a failure. [ 286.008958][ T7693] name failslab, interval 1, probability 0, space 0, times 0 [ 286.008982][ T7693] CPU: 1 UID: 0 PID: 7693 Comm: syz.1.560 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 286.008996][ T7693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 286.009004][ T7693] Call Trace: [ 286.009010][ T7693] [ 286.009015][ T7693] dump_stack_lvl+0xe8/0x150 [ 286.009038][ T7693] should_fail_ex+0x46b/0x600 [ 286.009059][ T7693] should_failslab+0xa8/0x100 [ 286.009074][ T7693] __kmalloc_noprof+0xdf/0x7b0 [ 286.009086][ T7693] ? ___neigh_create+0x722/0x2380 [ 286.009115][ T7693] ___neigh_create+0x722/0x2380 [ 286.009138][ T7693] ? __ipv6_neigh_lookup_noref+0x531/0x710 [ 286.009161][ T7693] ip6_finish_output2+0x729/0x1430 [ 286.009183][ T7693] ? ip6_output+0x126/0x550 [ 286.009196][ T7693] ip6_output+0x340/0x550 [ 286.009210][ T7693] ? ip6_send_skb+0x10f/0x390 [ 286.009225][ T7693] ip6_send_skb+0x1d5/0x390 [ 286.009242][ T7693] udp_v6_send_skb+0xc17/0x1860 [ 286.009267][ T7693] udp_v6_push_pending_frames+0xa2/0x140 [ 286.009283][ T7693] udpv6_sendmsg+0xf36/0x2560 [ 286.009303][ T7693] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 286.009325][ T7693] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 286.009343][ T7693] ? __lock_acquire+0x6b5/0x2cf0 [ 286.009356][ T7693] ? smack_socket_sendmsg+0x1a9/0x590 [ 286.009381][ T7693] ? __lock_acquire+0x6b5/0x2cf0 [ 286.009399][ T7693] ? inet_send_prepare+0x5c/0x270 [ 286.009413][ T7693] ? inet6_sendmsg+0xe4/0x120 [ 286.009433][ T7693] ____sys_sendmsg+0x5aa/0x9c0 [ 286.009452][ T7693] ? __pfx_____sys_sendmsg+0x10/0x10 [ 286.009479][ T7693] ? import_iovec+0x73/0xa0 [ 286.009493][ T7693] ___sys_sendmsg+0x2a5/0x360 [ 286.009511][ T7693] ? __pfx____sys_sendmsg+0x10/0x10 [ 286.009528][ T7693] ? kstrtouint+0x6e/0xe0 [ 286.009560][ T7693] ? __fget_files+0x2a/0x420 [ 286.009576][ T7693] ? __fget_files+0x3a6/0x420 [ 286.009598][ T7693] __sys_sendmmsg+0x282/0x4e0 [ 286.009615][ T7693] ? __pfx___sys_sendmmsg+0x10/0x10 [ 286.009635][ T7693] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 286.009663][ T7693] ? ksys_write+0x248/0x270 [ 286.009683][ T7693] ? __pfx_ksys_write+0x10/0x10 [ 286.009705][ T7693] __x64_sys_sendmmsg+0xa0/0xc0 [ 286.009720][ T7693] do_syscall_64+0x14d/0xf80 [ 286.009734][ T7693] ? trace_irq_disable+0x3b/0x150 [ 286.009748][ T7693] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.009761][ T7693] ? clear_bhb_loop+0x40/0x90 [ 286.009775][ T7693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.009788][ T7693] RIP: 0033:0x7faa8da8c819 [ 286.009805][ T7693] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 286.009820][ T7693] RSP: 002b:00007faa8bce6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 286.009841][ T7693] RAX: ffffffffffffffda RBX: 00007faa8dd05fa0 RCX: 00007faa8da8c819 [ 286.009850][ T7693] RDX: 0000000000000001 RSI: 0000200000001b40 RDI: 0000000000000003 [ 286.009858][ T7693] RBP: 00007faa8bce6090 R08: 0000000000000000 R09: 0000000000000000 [ 286.009865][ T7693] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 286.009873][ T7693] R13: 00007faa8dd06038 R14: 00007faa8dd05fa0 R15: 00007ffe43d7d968 [ 286.009892][ T7693] [ 286.054881][ T808] usb usb1-port1: attempt power cycle [ 286.555045][ T808] usb 1-1: new low-speed USB device number 36 using dummy_hcd [ 286.580779][ T808] usb 1-1: device descriptor read/8, error -71 [ 286.814890][ T808] usb 1-1: new low-speed USB device number 37 using dummy_hcd [ 286.835633][ T808] usb 1-1: device descriptor read/8, error -71 [ 286.858373][ T5900] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 286.945590][ T808] usb usb1-port1: unable to enumerate USB device [ 287.014791][ T5900] usb 2-1: Using ep0 maxpacket: 16 [ 287.015266][ T5876] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 287.020476][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 287.051057][ T5900] usb 2-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 287.051092][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.051113][ T5900] usb 2-1: Product: syz [ 287.051129][ T5900] usb 2-1: Manufacturer: syz [ 287.051144][ T5900] usb 2-1: SerialNumber: syz [ 287.077848][ T7721] FAULT_INJECTION: forcing a failure. [ 287.077848][ T7721] name failslab, interval 1, probability 0, space 0, times 0 [ 287.077882][ T7721] CPU: 1 UID: 0 PID: 7721 Comm: syz.0.569 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 287.077904][ T7721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 287.077916][ T7721] Call Trace: [ 287.077923][ T7721] [ 287.077931][ T7721] dump_stack_lvl+0xe8/0x150 [ 287.077965][ T7721] should_fail_ex+0x46b/0x600 [ 287.077996][ T7721] should_failslab+0xa8/0x100 [ 287.078018][ T7721] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 287.078046][ T7721] ? __alloc_skb+0x1d0/0x7d0 [ 287.078064][ T7721] ? lockdep_hardirqs_on+0x7a/0x110 [ 287.078090][ T7721] __alloc_skb+0x1d0/0x7d0 [ 287.078113][ T7721] pfkey_sendmsg+0x212/0x1120 [ 287.078140][ T7721] ? unwind_next_frame+0xa5/0x23c0 [ 287.078165][ T7721] ? smack_socket_sendmsg+0x1a9/0x590 [ 287.078191][ T7721] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 287.078226][ T7721] ? __lock_acquire+0x6b5/0x2cf0 [ 287.078248][ T7721] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 287.078275][ T7721] ? __kernel_text_address+0xd/0x30 [ 287.078297][ T7721] ? unwind_get_return_address+0x4d/0x90 [ 287.078319][ T7721] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 287.078350][ T7721] ____sys_sendmsg+0x94c/0x9c0 [ 287.078377][ T7721] ? __pfx_____sys_sendmsg+0x10/0x10 [ 287.078408][ T7721] ? import_iovec+0x73/0xa0 [ 287.078430][ T7721] ___sys_sendmsg+0x2a5/0x360 [ 287.078457][ T7721] ? __pfx____sys_sendmsg+0x10/0x10 [ 287.078520][ T7721] ? __fget_files+0x2a/0x420 [ 287.078543][ T7721] ? __fget_files+0x3a6/0x420 [ 287.078576][ T7721] __x64_sys_sendmsg+0x1c3/0x2a0 [ 287.078600][ T7721] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 287.078636][ T7721] ? __pfx_ksys_write+0x10/0x10 [ 287.078682][ T7721] do_syscall_64+0x14d/0xf80 [ 287.078702][ T7721] ? trace_irq_disable+0x3b/0x150 [ 287.078725][ T7721] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.078744][ T7721] ? clear_bhb_loop+0x40/0x90 [ 287.078766][ T7721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.078785][ T7721] RIP: 0033:0x7feae969c819 [ 287.078803][ T7721] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 287.078819][ T7721] RSP: 002b:00007feae78ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 287.078839][ T7721] RAX: ffffffffffffffda RBX: 00007feae9915fa0 RCX: 00007feae969c819 [ 287.078853][ T7721] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 287.078865][ T7721] RBP: 00007feae78ee090 R08: 0000000000000000 R09: 0000000000000000 [ 287.078877][ T7721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 287.078888][ T7721] R13: 00007feae9916038 R14: 00007feae9915fa0 R15: 00007ffd2dcd48a8 [ 287.078918][ T7721] [ 287.108386][ T5900] usb 2-1: config 0 descriptor?? [ 287.118418][ T5900] hub 2-1:0.0: bad descriptor, ignoring hub [ 287.118457][ T5900] hub 2-1:0.0: probe with driver hub failed with error -5 [ 287.123541][ T5900] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 287.179490][ T5876] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 287.179556][ T5876] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 287.182115][ T5876] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 287.182143][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 287.182162][ T5876] usb 4-1: SerialNumber: syz [ 287.220322][ T5876] usb 4-1: bad CDC descriptors [ 287.737215][ T5900] usb 2-1: USB disconnect, device number 28 [ 287.825599][ T37] kauditd_printk_skb: 205 callbacks suppressed [ 287.825621][ T37] audit: type=1326 audit(1775457478.248:2855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7725 comm="syz.0.570" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feae969c819 code=0x0 [ 287.921526][ T7729] FAULT_INJECTION: forcing a failure. [ 287.921526][ T7729] name failslab, interval 1, probability 0, space 0, times 0 [ 287.921562][ T7729] CPU: 0 UID: 0 PID: 7729 Comm: syz.0.570 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 287.921592][ T7729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 287.921604][ T7729] Call Trace: [ 287.921612][ T7729] [ 287.921620][ T7729] dump_stack_lvl+0xe8/0x150 [ 287.921657][ T7729] should_fail_ex+0x46b/0x600 [ 287.921691][ T7729] should_failslab+0xa8/0x100 [ 287.921713][ T7729] __kmalloc_noprof+0xdf/0x7b0 [ 287.921733][ T7729] ? percpu_ref_get_many+0x21/0x1e0 [ 287.921754][ T7729] ? io_cache_alloc_new+0x40/0x100 [ 287.921782][ T7729] io_cache_alloc_new+0x40/0x100 [ 287.921806][ T7729] __io_prep_rw+0x2bd/0xed0 [ 287.921841][ T7729] ? __pfx___io_prep_rw+0x10/0x10 [ 287.921865][ T7729] ? __pfx___io_alloc_req_refill+0x10/0x10 [ 287.921905][ T7729] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 287.921937][ T7729] io_prep_write+0x36/0x110 [ 287.921957][ T7729] ? io_task_refs_refill+0xba/0x180 [ 287.921982][ T7729] io_submit_sqes+0xbf0/0x24e0 [ 287.922043][ T7729] __se_sys_io_uring_enter+0x2cc/0x1970 [ 287.922083][ T7729] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 287.922110][ T7729] ? fput+0xa0/0xd0 [ 287.922137][ T7729] ? ksys_write+0x248/0x270 [ 287.922174][ T7729] ? __pfx_ksys_write+0x10/0x10 [ 287.922213][ T7729] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 287.922241][ T7729] do_syscall_64+0x14d/0xf80 [ 287.922287][ T7729] ? trace_irq_disable+0x3b/0x150 [ 287.922314][ T7729] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.922337][ T7729] ? clear_bhb_loop+0x40/0x90 [ 287.922365][ T7729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.922385][ T7729] RIP: 0033:0x7feae969c819 [ 287.922407][ T7729] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 287.922425][ T7729] RSP: 002b:00007feae78cd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 287.922450][ T7729] RAX: ffffffffffffffda RBX: 00007feae9916090 RCX: 00007feae969c819 [ 287.922466][ T7729] RDX: 0000000000000021 RSI: 0000000000003dbe RDI: 0000000000000004 [ 287.922479][ T7729] RBP: 00007feae78cd090 R08: 0000000000000000 R09: 0000000000000000 [ 287.922493][ T7729] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 287.922507][ T7729] R13: 00007feae9916128 R14: 00007feae9916090 R15: 00007ffd2dcd48a8 [ 287.922541][ T7729] [ 288.238812][ T7731] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input34 [ 288.596791][ T7741] netlink: 28 bytes leftover after parsing attributes in process `syz.4.575'. [ 288.655435][ T5900] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 288.781884][ T7747] netlink: 'syz.0.577': attribute type 10 has an invalid length. [ 288.815126][ T5900] usb 2-1: Using ep0 maxpacket: 16 [ 288.830475][ T5900] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 288.830504][ T5900] usb 2-1: config 0 has no interface number 0 [ 288.830555][ T5900] usb 2-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 288.836577][ T5900] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 288.836608][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 288.836627][ T5900] usb 2-1: Product: syz [ 288.836640][ T5900] usb 2-1: SerialNumber: syz [ 288.847470][ T7747] @: left promiscuous mode [ 288.850234][ T7747] @: entered promiscuous mode [ 288.861563][ T5900] usb 2-1: config 0 descriptor?? [ 288.873074][ T7747] team0: Device 4@ failed to register rx_handler [ 288.890371][ T7746] netlink: 'syz.0.577': attribute type 10 has an invalid length. [ 288.893668][ T5900] usbhid 2-1:0.8: couldn't find an input interrupt endpoint [ 288.943897][ T7746] @: left promiscuous mode [ 288.969349][ T7746] @: entered promiscuous mode [ 288.991182][ T7746] team0: Device 4@ failed to register rx_handler [ 289.054538][ T7751] netlink: 32 bytes leftover after parsing attributes in process `syz.2.578'. [ 289.203149][ T7734] netlink: 20 bytes leftover after parsing attributes in process `syz.1.573'. [ 289.297436][ T7758] netlink: 28 bytes leftover after parsing attributes in process `syz.2.579'. [ 290.340152][ T5900] usb 4-1: USB disconnect, device number 24 [ 290.529741][ T809] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 290.597146][ T7768] FAULT_INJECTION: forcing a failure. [ 290.597146][ T7768] name failslab, interval 1, probability 0, space 0, times 0 [ 290.597171][ T7768] CPU: 1 UID: 0 PID: 7768 Comm: syz.0.583 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 290.597185][ T7768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 290.597202][ T7768] Call Trace: [ 290.597207][ T7768] [ 290.597212][ T7768] dump_stack_lvl+0xe8/0x150 [ 290.597240][ T7768] should_fail_ex+0x46b/0x600 [ 290.597264][ T7768] should_failslab+0xa8/0x100 [ 290.597281][ T7768] __kmalloc_noprof+0xdf/0x7b0 [ 290.597293][ T7768] ? tomoyo_encode+0x28b/0x550 [ 290.597315][ T7768] tomoyo_encode+0x28b/0x550 [ 290.597333][ T7768] tomoyo_realpath_from_path+0x58d/0x5d0 [ 290.597355][ T7768] ? tomoyo_path_number_perm+0x219/0x630 [ 290.597370][ T7768] tomoyo_path_number_perm+0x246/0x630 [ 290.597385][ T7768] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 290.597399][ T7768] ? __lock_acquire+0x6b5/0x2cf0 [ 290.597432][ T7768] ? __fget_files+0x2a/0x420 [ 290.597453][ T7768] ? __fget_files+0x2a/0x420 [ 290.597467][ T7768] ? __fget_files+0x3a6/0x420 [ 290.597482][ T7768] ? __fget_files+0x2a/0x420 [ 290.597500][ T7768] security_file_ioctl+0xc3/0x2a0 [ 290.597515][ T7768] __se_sys_ioctl+0x47/0x170 [ 290.597529][ T7768] do_syscall_64+0x14d/0xf80 [ 290.597542][ T7768] ? trace_irq_disable+0x3b/0x150 [ 290.597557][ T7768] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.597569][ T7768] ? clear_bhb_loop+0x40/0x90 [ 290.597584][ T7768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.597597][ T7768] RIP: 0033:0x7feae969c819 [ 290.597616][ T7768] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 290.597633][ T7768] RSP: 002b:00007feae78ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 290.597657][ T7768] RAX: ffffffffffffffda RBX: 00007feae9915fa0 RCX: 00007feae969c819 [ 290.597672][ T7768] RDX: 00002000000003c0 RSI: 000000004008ae89 RDI: 0000000000000005 [ 290.597687][ T7768] RBP: 00007feae78ee090 R08: 0000000000000000 R09: 0000000000000000 [ 290.597699][ T7768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 290.597712][ T7768] R13: 00007feae9916038 R14: 00007feae9915fa0 R15: 00007ffd2dcd48a8 [ 290.597739][ T7768] [ 290.598255][ T7768] ERROR: Out of memory at tomoyo_realpath_from_path. [ 290.912486][ T809] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 290.912519][ T809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.912539][ T809] usb 5-1: Product: syz [ 290.912553][ T809] usb 5-1: Manufacturer: syz [ 290.912568][ T809] usb 5-1: SerialNumber: syz [ 290.915422][ T7770] netlink: 'syz.2.584': attribute type 4 has an invalid length. [ 291.374160][ T7776] FAULT_INJECTION: forcing a failure. [ 291.374160][ T7776] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 291.374196][ T7776] CPU: 0 UID: 0 PID: 7776 Comm: syz.2.586 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 291.374220][ T7776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 291.374232][ T7776] Call Trace: [ 291.374241][ T7776] [ 291.374250][ T7776] dump_stack_lvl+0xe8/0x150 [ 291.374289][ T7776] should_fail_ex+0x46b/0x600 [ 291.374325][ T7776] _copy_to_user+0x31/0xb0 [ 291.374349][ T7776] simple_read_from_buffer+0xe1/0x170 [ 291.374390][ T7776] proc_fail_nth_read+0x1be/0x230 [ 291.374421][ T7776] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 291.374450][ T7776] ? rw_verify_area+0x2ac/0x4e0 [ 291.374480][ T7776] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 291.374508][ T7776] vfs_read+0x212/0xa80 [ 291.374549][ T7776] ? __pfx_vfs_read+0x10/0x10 [ 291.374584][ T7776] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 291.374614][ T7776] ? lockdep_hardirqs_on+0x7a/0x110 [ 291.374637][ T7776] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 291.374661][ T7776] ? mutex_lock_nested+0x152/0x1d0 [ 291.374688][ T7776] ? fdget_pos+0x252/0x320 [ 291.374726][ T7776] ksys_read+0x156/0x270 [ 291.374760][ T7776] ? __pfx_ksys_read+0x10/0x10 [ 291.374804][ T7776] do_syscall_64+0x14d/0xf80 [ 291.374826][ T7776] ? trace_irq_disable+0x3b/0x150 [ 291.374850][ T7776] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.374872][ T7776] ? clear_bhb_loop+0x40/0x90 [ 291.374898][ T7776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.374919][ T7776] RIP: 0033:0x7faa01fbd04e [ 291.374940][ T7776] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 291.374958][ T7776] RSP: 002b:00007faa0024dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 291.374981][ T7776] RAX: ffffffffffffffda RBX: 00007faa0024e6c0 RCX: 00007faa01fbd04e [ 291.374995][ T7776] RDX: 000000000000000f RSI: 00007faa0024e0a0 RDI: 0000000000000003 [ 291.375009][ T7776] RBP: 00007faa0024e090 R08: 0000000000000000 R09: 0000000000000000 [ 291.375022][ T7776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.375035][ T7776] R13: 00007faa02276038 R14: 00007faa02275fa0 R15: 00007ffd8392d338 [ 291.375068][ T7776] [ 291.545425][ T5900] usb 2-1: USB disconnect, device number 29 [ 291.670455][ T809] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 291.670530][ T809] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 291.670968][ T809] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 291.671001][ T809] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 291.702582][ T809] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 291.777812][ T809] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 291.857937][ T809] usb 5-1: USB disconnect, device number 26 [ 291.887666][ T37] audit: type=1800 audit(1775457482.298:2856): pid=7788 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.589" name="bus" dev="tmpfs" ino=685 res=0 errno=0 [ 294.619430][ T7809] FAULT_INJECTION: forcing a failure. [ 294.619430][ T7809] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 294.619473][ T7809] CPU: 1 UID: 0 PID: 7809 Comm: syz.1.597 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 294.619497][ T7809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 294.619510][ T7809] Call Trace: [ 294.619518][ T7809] [ 294.619528][ T7809] dump_stack_lvl+0xe8/0x150 [ 294.619567][ T7809] should_fail_ex+0x46b/0x600 [ 294.619603][ T7809] _copy_to_user+0x31/0xb0 [ 294.619628][ T7809] simple_read_from_buffer+0xe1/0x170 [ 294.619661][ T7809] proc_fail_nth_read+0x1be/0x230 [ 294.619693][ T7809] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 294.619723][ T7809] ? rw_verify_area+0x2ac/0x4e0 [ 294.619753][ T7809] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 294.619778][ T7809] vfs_read+0x212/0xa80 [ 294.619810][ T7809] ? __pfx_vfs_read+0x10/0x10 [ 294.619844][ T7809] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 294.619869][ T7809] ? lockdep_hardirqs_on+0x7a/0x110 [ 294.619893][ T7809] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 294.619918][ T7809] ? mutex_lock_nested+0x152/0x1d0 [ 294.619948][ T7809] ? fdget_pos+0x252/0x320 [ 294.619984][ T7809] ksys_read+0x156/0x270 [ 294.620012][ T7809] ? __pfx_ksys_read+0x10/0x10 [ 294.620050][ T7809] do_syscall_64+0x14d/0xf80 [ 294.620069][ T7809] ? trace_irq_disable+0x3b/0x150 [ 294.620089][ T7809] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.620106][ T7809] ? clear_bhb_loop+0x40/0x90 [ 294.620128][ T7809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.620145][ T7809] RIP: 0033:0x7faa8da4d04e [ 294.620162][ T7809] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 294.620177][ T7809] RSP: 002b:00007faa8bcc4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 294.620197][ T7809] RAX: ffffffffffffffda RBX: 00007faa8bcc56c0 RCX: 00007faa8da4d04e [ 294.620210][ T7809] RDX: 000000000000000f RSI: 00007faa8bcc50a0 RDI: 0000000000000006 [ 294.620221][ T7809] RBP: 00007faa8bcc5090 R08: 0000000000000000 R09: 0000000000000000 [ 294.620231][ T7809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 294.620242][ T7809] R13: 00007faa8dd06128 R14: 00007faa8dd06090 R15: 00007ffe43d7d968 [ 294.620273][ T7809] [ 295.325447][ T808] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 296.576156][ T808] usb 2-1: Using ep0 maxpacket: 16 [ 296.584583][ T808] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 296.584720][ T808] usb 2-1: config 0 has no interface number 0 [ 296.584770][ T808] usb 2-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 296.587080][ T808] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 296.587113][ T808] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 296.587133][ T808] usb 2-1: Product: syz [ 296.587188][ T808] usb 2-1: SerialNumber: syz [ 296.699871][ T808] usb 2-1: config 0 descriptor?? [ 296.726361][ T808] usbhid 2-1:0.8: couldn't find an input interrupt endpoint [ 297.946901][ T7824] FAULT_INJECTION: forcing a failure. [ 297.946901][ T7824] name failslab, interval 1, probability 0, space 0, times 0 [ 297.946939][ T7824] CPU: 0 UID: 0 PID: 7824 Comm: syz.3.601 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 297.946963][ T7824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 297.946976][ T7824] Call Trace: [ 297.946985][ T7824] [ 297.946994][ T7824] dump_stack_lvl+0xe8/0x150 [ 297.947033][ T7824] should_fail_ex+0x46b/0x600 [ 297.947078][ T7824] should_failslab+0xa8/0x100 [ 297.947103][ T7824] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 297.947137][ T7824] ? __alloc_skb+0x1d0/0x7d0 [ 297.947157][ T7824] ? lockdep_hardirqs_on+0x7a/0x110 [ 297.947196][ T7824] __alloc_skb+0x1d0/0x7d0 [ 297.947224][ T7824] netlink_sendmsg+0x5d4/0xb40 [ 297.947267][ T7824] ? __pfx_netlink_sendmsg+0x10/0x10 [ 297.947303][ T7824] ? unwind_get_return_address+0x4d/0x90 [ 297.947329][ T7824] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 297.947366][ T7824] ____sys_sendmsg+0x94c/0x9c0 [ 297.947399][ T7824] ? __pfx_____sys_sendmsg+0x10/0x10 [ 297.947435][ T7824] ? import_iovec+0x73/0xa0 [ 297.947460][ T7824] ___sys_sendmsg+0x2a5/0x360 [ 297.947493][ T7824] ? __pfx____sys_sendmsg+0x10/0x10 [ 297.947558][ T7824] ? __fget_files+0x2a/0x420 [ 297.947586][ T7824] ? __fget_files+0x3a6/0x420 [ 297.947626][ T7824] __x64_sys_sendmsg+0x1c3/0x2a0 [ 297.947655][ T7824] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 297.947692][ T7824] ? __pfx_ksys_write+0x10/0x10 [ 297.947739][ T7824] do_syscall_64+0x14d/0xf80 [ 297.947763][ T7824] ? trace_irq_disable+0x3b/0x150 [ 297.947789][ T7824] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.947811][ T7824] ? clear_bhb_loop+0x40/0x90 [ 297.947839][ T7824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.947861][ T7824] RIP: 0033:0x7f505a26c819 [ 297.947882][ T7824] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 297.947900][ T7824] RSP: 002b:00007f50584c6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 297.947924][ T7824] RAX: ffffffffffffffda RBX: 00007f505a4e5fa0 RCX: 00007f505a26c819 [ 297.947941][ T7824] RDX: 000000002000400c RSI: 00002000000000c0 RDI: 0000000000000003 [ 297.947955][ T7824] RBP: 00007f50584c6090 R08: 0000000000000000 R09: 0000000000000000 [ 297.947969][ T7824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 297.947982][ T7824] R13: 00007f505a4e6038 R14: 00007f505a4e5fa0 R15: 00007ffdd04c61a8 [ 297.948017][ T7824] [ 298.106581][ T5900] usb 2-1: USB disconnect, device number 30 [ 298.255123][ T809] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 298.417266][ T809] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 298.417332][ T809] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 298.417369][ T809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.423956][ T809] usb 5-1: config 0 descriptor?? [ 298.833908][ T7847] input: syz1 as /devices/virtual/input/input35 [ 299.592881][ T809] ath6kl: Failed to submit usb control message: -110 [ 299.592999][ T809] ath6kl: unable to send the bmi data to the device: -110 [ 299.593050][ T809] ath6kl: Unable to send get target info: -110 [ 299.647001][ T809] ath6kl: Failed to init ath6kl core: -110 [ 299.649215][ T809] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 301.290613][ T9] usb 5-1: USB disconnect, device number 27 [ 302.068104][ T5876] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 302.165549][ T809] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 302.227453][ T5876] usb 4-1: config 1 has an invalid descriptor of length 21, skipping remainder of the config [ 302.227483][ T5876] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 302.229047][ T5876] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 302.229153][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 302.229174][ T5876] usb 4-1: SerialNumber: syz [ 302.355602][ T809] usb 2-1: Using ep0 maxpacket: 16 [ 302.361670][ T809] usb 2-1: unable to get BOS descriptor or descriptor too short [ 302.373841][ T809] usb 2-1: config 1 has an invalid interface number: 213 but max is 0 [ 302.373871][ T809] usb 2-1: config 1 has no interface number 0 [ 302.386800][ T809] usb 2-1: config 1 interface 213 has no altsetting 0 [ 302.409199][ T809] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=cf.00 [ 302.409754][ T809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.409775][ T809] usb 2-1: Product: syz [ 302.409789][ T809] usb 2-1: Manufacturer: syz [ 302.409803][ T809] usb 2-1: SerialNumber: syz [ 302.552292][ T5876] usb 4-1: 0:2 : does not exist [ 302.552588][ T5876] usb 4-1: unit 108 not found! [ 302.552605][ T5876] usb 4-1: unit 219 not found! [ 302.552619][ T5876] usb 4-1: unit 169 not found! [ 302.635104][ T5900] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 302.715958][ T809] redrat3 2-1:1.213: Couldn't find all endpoints [ 302.736664][ T809] usb 2-1: USB disconnect, device number 31 [ 302.780716][ T5876] usb 4-1: USB disconnect, device number 25 [ 302.792129][ T5900] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 302.792191][ T5900] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 250, changing to 7 [ 302.826080][ T5900] usb 3-1: New USB device found, idVendor=2b73, idProduct=003c, bcdDevice= 0.40 [ 302.826115][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.826137][ T5900] usb 3-1: Product: syz [ 302.826154][ T5900] usb 3-1: Manufacturer: syz [ 302.826169][ T5900] usb 3-1: SerialNumber: syz [ 302.949353][ T5796] udevd[5796]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 303.167838][ T5900] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 303.351103][ T5900] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 303.357591][ T808] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 303.381764][ T5900] usb 3-1: USB disconnect, device number 21 [ 303.459611][ T5796] udevd[5796]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 303.510208][ T808] usb 1-1: unable to get BOS descriptor or descriptor too short [ 303.511806][ T808] usb 1-1: config 1 interface 0 altsetting 11 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 303.511862][ T808] usb 1-1: config 1 interface 0 has no altsetting 0 [ 303.543605][ T9] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 303.554906][ T808] usb 1-1: string descriptor 0 read error: -22 [ 303.555069][ T808] usb 1-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.40 [ 303.555092][ T808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.694806][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 303.710115][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40 [ 303.720343][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.720370][ T9] usb 4-1: Product: syz [ 303.720383][ T9] usb 4-1: Manufacturer: syz [ 303.720396][ T9] usb 4-1: SerialNumber: syz [ 304.030921][ T808] zydacron 0003:13EC:0006.0005: unknown main item tag 0x0 [ 304.030979][ T808] zydacron 0003:13EC:0006.0005: unknown main item tag 0x0 [ 304.031012][ T808] zydacron 0003:13EC:0006.0005: unknown main item tag 0x0 [ 304.031043][ T808] zydacron 0003:13EC:0006.0005: unknown main item tag 0x0 [ 304.031074][ T808] zydacron 0003:13EC:0006.0005: unknown main item tag 0x0 [ 304.031106][ T808] zydacron 0003:13EC:0006.0005: unknown main item tag 0x0 [ 304.031137][ T808] zydacron 0003:13EC:0006.0005: unknown main item tag 0x0 [ 304.031169][ T808] zydacron 0003:13EC:0006.0005: unknown main item tag 0x0 [ 304.031194][ T808] zydacron 0003:13EC:0006.0005: unknown main item tag 0x0 [ 304.031220][ T808] zydacron 0003:13EC:0006.0005: unknown main item tag 0x0 [ 304.108836][ T7905] syzkaller1: entered promiscuous mode [ 304.111798][ T7905] syzkaller1: entered allmulticast mode [ 304.266956][ T808] zydacron 0003:13EC:0006.0005: hidraw0: USB HID vff.7f Device [HID 13ec:0006] on usb-dummy_hcd.0-1/input0 [ 304.327366][ T808] usb 1-1: USB disconnect, device number 38 [ 304.431578][ T9] usb 4-1: 1:1: cannot get freq (v2/v3): err -32 [ 304.550094][ T7906] fido_id[7906]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 304.640625][ T9] usb 4-1: 1:1: cannot get freq (v2/v3): err -71 [ 304.642774][ T9] usb 4-1: 2:1: cannot get freq (v2/v3): err -71 [ 304.643296][ T9] usb 4-1: 2:1: cannot set freq 44100 (v2/v3): err -71 [ 304.835476][ T5816] Bluetooth: hci1: unexpected event for opcode 0x202a [ 304.913136][ T9] usb 4-1: USB disconnect, device number 26 [ 305.035095][ T808] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 305.191104][ T808] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 305.191137][ T808] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 305.193480][ T808] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 305.193510][ T808] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 305.193532][ T808] usb 3-1: SerialNumber: syz [ 305.210804][ T5797] udevd[5797]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 305.234815][ T1244] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 305.293570][ T808] cdc_ether 3-1:1.0: skipping garbage [ 305.293596][ T808] usb 3-1: bad CDC descriptors [ 305.306039][ T808] usb-storage 3-1:1.0: USB Mass Storage device detected [ 305.312686][ T808] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 305.414861][ T1244] usb 1-1: Using ep0 maxpacket: 16 [ 305.417435][ T1244] usb 1-1: config 0 interface 0 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 305.417473][ T1244] usb 1-1: config 0 interface 0 has no altsetting 0 [ 305.417509][ T1244] usb 1-1: New USB device found, idVendor=05ac, idProduct=0324, bcdDevice= 0.00 [ 305.417534][ T1244] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.475927][ T1244] usb 1-1: config 0 descriptor?? [ 305.592833][ T5876] usb 3-1: USB disconnect, device number 22 [ 305.828275][ T37] audit: type=1326 audit(1775457496.248:2857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7933 comm="syz.1.644" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faa8da8c819 code=0x0 [ 305.982508][ T1244] magicmouse 0003:05AC:0324.0006: hidraw0: USB HID v0.0b Device [HID 05ac:0324] on usb-dummy_hcd.0-1/input0 [ 305.995134][ T5816] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 305.997749][ T5816] Bluetooth: hci3: Injecting HCI hardware error event [ 306.001187][ T5816] Bluetooth: hci3: hardware error 0x00 [ 306.128464][ T5876] usb 1-1: USB disconnect, device number 39 [ 306.440683][ T7940] fido_id[7940]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 306.647160][ T7936] lo speed is unknown, defaulting to 1000 [ 307.075149][ T9] usb 1-1: new full-speed USB device number 40 using dummy_hcd [ 307.198280][ T1244] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 307.268974][ T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 307.269002][ T9] usb 1-1: config 0 has no interface number 0 [ 307.293199][ T9] usb 1-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 307.293232][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.293253][ T9] usb 1-1: Product: syz [ 307.293268][ T9] usb 1-1: Manufacturer: syz [ 307.293282][ T9] usb 1-1: SerialNumber: syz [ 307.332044][ T9] usb 1-1: config 0 descriptor?? [ 307.360213][ T1244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9865, setting to 1024 [ 307.360277][ T1244] usb 3-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00 [ 307.360301][ T1244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.375647][ T9] usb 1-1: selecting invalid altsetting 1 [ 307.376696][ T9] dvb_ttusb_budget: ttusb_init_controller: error [ 307.376711][ T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 307.437535][ T1244] usb 3-1: config 0 descriptor?? [ 307.438402][ T7951] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 307.606612][ T9] DVB: Unable to find symbol stv0299_attach() [ 307.693422][ T9] DVB: Unable to find symbol tda8083_attach() [ 307.693436][ T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 307.719916][ T9] usb 1-1: USB disconnect, device number 40 [ 307.935264][ T1244] asus 0003:048D:CE50.0007: reserved main item tag 0xd [ 307.959786][ T1244] asus 0003:048D:CE50.0007: hidraw0: USB HID v0.01 Device [HID 048d:ce50] on usb-dummy_hcd.2-1/input0 [ 307.959824][ T1244] asus 0003:048D:CE50.0007: Asus input not registered [ 307.963087][ T1244] asus 0003:048D:CE50.0007: probe with driver asus failed with error -12 [ 308.053598][ T1244] usb 3-1: USB disconnect, device number 23 [ 308.143151][ T7961] fido_id[7961]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 308.395211][ T5816] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 308.654772][ T5876] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 308.817742][ T5876] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 308.817842][ T5876] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 308.817870][ T5876] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 308.817894][ T5876] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 308.817949][ T5876] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 308.817975][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.827981][ T5876] usb 4-1: config 0 descriptor?? [ 309.163528][ T5816] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 309.163563][ T5816] CPU: 0 UID: 0 PID: 5816 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 309.163598][ T5816] Tainted: [L]=SOFTLOCKUP [ 309.163606][ T5816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 309.163621][ T5816] Workqueue: hci0 hci_rx_work [ 309.163651][ T5816] Call Trace: [ 309.163662][ T5816] [ 309.163672][ T5816] dump_stack_lvl+0xe8/0x150 [ 309.163708][ T5816] sysfs_create_dir_ns+0x271/0x2a0 [ 309.163737][ T5816] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 309.163770][ T5816] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 309.163800][ T5816] ? rt_spin_unlock+0x160/0x200 [ 309.163835][ T5816] kobject_add_internal+0x631/0xd10 [ 309.163876][ T5816] kobject_add+0x163/0x240 [ 309.163909][ T5816] ? __pfx_kobject_add+0x10/0x10 [ 309.163962][ T5816] ? get_device_parent+0x370/0x3a0 [ 309.163995][ T5816] device_add+0x408/0xb80 [ 309.164028][ T5816] hci_conn_add_sysfs+0xd5/0x210 [ 309.164066][ T5816] le_conn_complete_evt+0x10e6/0x16b0 [ 309.164107][ T5816] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 309.164135][ T5816] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 309.164158][ T5816] ? lockdep_hardirqs_on+0x7a/0x110 [ 309.164181][ T5816] ? skb_pull_data+0xfb/0x200 [ 309.164211][ T5816] hci_le_conn_complete_evt+0x187/0x470 [ 309.164245][ T5816] hci_event_packet+0x659/0xef0 [ 309.164273][ T5816] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 309.164301][ T5816] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 309.164323][ T5816] ? __pfx_hci_event_packet+0x10/0x10 [ 309.164344][ T5816] ? rt_spin_unlock+0x14f/0x200 [ 309.164382][ T5816] ? hci_send_to_monitor+0xe2/0x590 [ 309.164415][ T5816] hci_rx_work+0x3ee/0x1030 [ 309.164446][ T5816] ? process_scheduled_works+0xa8d/0x18c0 [ 309.164478][ T5816] process_scheduled_works+0xb6e/0x18c0 [ 309.164541][ T5816] ? __pfx_process_scheduled_works+0x10/0x10 [ 309.164577][ T5816] ? assign_work+0x3d5/0x5e0 [ 309.164617][ T5816] worker_thread+0xa53/0xfc0 [ 309.164676][ T5816] kthread+0x388/0x470 [ 309.164701][ T5816] ? __pfx_worker_thread+0x10/0x10 [ 309.164727][ T5816] ? __pfx_kthread+0x10/0x10 [ 309.164750][ T5816] ret_from_fork+0x51e/0xb90 [ 309.164783][ T5816] ? __pfx_ret_from_fork+0x10/0x10 [ 309.164810][ T5816] ? __switch_to+0xc7d/0x1450 [ 309.164840][ T5816] ? __pfx_kthread+0x10/0x10 [ 309.164865][ T5816] ret_from_fork_asm+0x1a/0x30 [ 309.164903][ T5816] [ 309.173712][ T5816] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 309.173767][ T5816] Bluetooth: hci0: failed to register connection device [ 309.246669][ T5816] ================================================================== [ 309.246689][ T5816] BUG: KASAN: slab-use-after-free in l2cap_sock_ready_cb+0xe3/0x180 [ 309.246735][ T5816] Read of size 8 at addr ffff888061349200 by task kworker/u9:4/5816 [ 309.246754][ T5816] [ 309.246769][ T5816] CPU: 0 UID: 0 PID: 5816 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 309.246796][ T5816] Tainted: [L]=SOFTLOCKUP [ 309.246803][ T5816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 309.246816][ T5816] Workqueue: hci0 hci_rx_work [ 309.246838][ T5816] Call Trace: [ 309.246847][ T5816] [ 309.246856][ T5816] dump_stack_lvl+0xe8/0x150 [ 309.246885][ T5816] print_report+0xba/0x230 [ 309.246915][ T5816] ? l2cap_sock_ready_cb+0xe3/0x180 [ 309.246955][ T5816] kasan_report+0x117/0x150 [ 309.246976][ T5816] ? l2cap_sock_ready_cb+0xe3/0x180 [ 309.247009][ T5816] l2cap_sock_ready_cb+0xe3/0x180 [ 309.247039][ T5816] l2cap_le_start+0x25b/0x1960 [ 309.247073][ T5816] ? __pfx_l2cap_le_start+0x10/0x10 [ 309.247101][ T5816] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 309.247125][ T5816] ? lockdep_hardirqs_on+0x7a/0x110 [ 309.247148][ T5816] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 309.247168][ T5816] ? mutex_lock_nested+0x152/0x1d0 [ 309.247193][ T5816] ? l2cap_connect_cfm+0x894/0x1560 [ 309.247221][ T5816] l2cap_connect_cfm+0x8d5/0x1560 [ 309.247255][ T5816] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 309.247279][ T5816] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 309.247300][ T5816] ? lockdep_hardirqs_on+0x7a/0x110 [ 309.247321][ T5816] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 309.247341][ T5816] ? mutex_lock_nested+0x152/0x1d0 [ 309.247366][ T5816] ? hci_connect_cfm+0x2c/0x140 [ 309.247389][ T5816] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 309.247417][ T5816] hci_connect_cfm+0x95/0x140 [ 309.247442][ T5816] le_conn_complete_evt+0x1134/0x16b0 [ 309.247470][ T5816] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 309.247494][ T5816] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 309.247514][ T5816] ? lockdep_hardirqs_on+0x7a/0x110 [ 309.247534][ T5816] ? skb_pull_data+0xfb/0x200 [ 309.247563][ T5816] hci_le_conn_complete_evt+0x187/0x470 [ 309.247594][ T5816] hci_event_packet+0x659/0xef0 [ 309.247615][ T5816] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 309.247642][ T5816] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 309.247662][ T5816] ? __pfx_hci_event_packet+0x10/0x10 [ 309.247680][ T5816] ? rt_spin_unlock+0x14f/0x200 [ 309.247709][ T5816] ? hci_send_to_monitor+0xe2/0x590 [ 309.247740][ T5816] hci_rx_work+0x3ee/0x1030 [ 309.247764][ T5816] ? process_scheduled_works+0xa8d/0x18c0 [ 309.247791][ T5816] process_scheduled_works+0xb6e/0x18c0 [ 309.247829][ T5816] ? __pfx_process_scheduled_works+0x10/0x10 [ 309.247856][ T5816] ? assign_work+0x3d5/0x5e0 [ 309.247884][ T5816] worker_thread+0xa53/0xfc0 [ 309.247926][ T5816] kthread+0x388/0x470 [ 309.247956][ T5816] ? __pfx_worker_thread+0x10/0x10 [ 309.247980][ T5816] ? __pfx_kthread+0x10/0x10 [ 309.248000][ T5816] ret_from_fork+0x51e/0xb90 [ 309.248028][ T5816] ? __pfx_ret_from_fork+0x10/0x10 [ 309.248055][ T5816] ? __switch_to+0xc7d/0x1450 [ 309.248085][ T5816] ? __pfx_kthread+0x10/0x10 [ 309.248105][ T5816] ret_from_fork_asm+0x1a/0x30 [ 309.248131][ T5816] [ 309.248138][ T5816] [ 309.248144][ T5816] Allocated by task 7989: [ 309.248153][ T5816] kasan_save_track+0x3e/0x80 [ 309.248181][ T5816] __kasan_kmalloc+0x93/0xb0 [ 309.248209][ T5816] __kmalloc_noprof+0x3e7/0x7b0 [ 309.248228][ T5816] sk_prot_alloc+0xe7/0x210 [ 309.248248][ T5816] sk_alloc+0x3a/0x390 [ 309.248266][ T5816] bt_sock_alloc+0x3b/0x310 [ 309.248286][ T5816] l2cap_sock_create+0x147/0x330 [ 309.248311][ T5816] bt_sock_create+0x163/0x240 [ 309.248331][ T5816] __sock_create+0x4b2/0x9d0 [ 309.248355][ T5816] __sys_socket+0xd6/0x1b0 [ 309.248382][ T5816] __x64_sys_socket+0x7a/0x90 [ 309.248408][ T5816] do_syscall_64+0x14d/0xf80 [ 309.248427][ T5816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.248444][ T5816] [ 309.248449][ T5816] Freed by task 7989: [ 309.248457][ T5816] kasan_save_track+0x3e/0x80 [ 309.248480][ T5816] kasan_save_free_info+0x46/0x50 [ 309.248501][ T5816] __kasan_slab_free+0x5c/0x80 [ 309.248527][ T5816] kfree+0x1c1/0x6c0 [ 309.248554][ T5816] __sk_destruct+0x626/0x880 [ 309.248573][ T5816] l2cap_sock_release+0x1c1/0x270 [ 309.248596][ T5816] sock_close+0xc3/0x240 [ 309.248618][ T5816] __fput+0x461/0xa90 [ 309.248638][ T5816] task_work_run+0x1d9/0x270 [ 309.248656][ T5816] exit_to_user_mode_loop+0xed/0x480 [ 309.248682][ T5816] do_syscall_64+0x32d/0xf80 [ 309.248703][ T5816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.248722][ T5816] [ 309.248728][ T5816] The buggy address belongs to the object at ffff888061349000 [ 309.248728][ T5816] which belongs to the cache kmalloc-2k of size 2048 [ 309.248743][ T5816] The buggy address is located 512 bytes inside of [ 309.248743][ T5816] freed 2048-byte region [ffff888061349000, ffff888061349800) [ 309.248762][ T5816] [ 309.248767][ T5816] The buggy address belongs to the physical page: [ 309.248778][ T5816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888061348000 pfn:0x61348 [ 309.248797][ T5816] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 309.248812][ T5816] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 309.248829][ T5816] page_type: f5(slab) [ 309.248846][ T5816] raw: 0080000000000240 ffff88813fe1b000 ffffea0001847a10 ffffea0001849410 [ 309.248865][ T5816] raw: ffff888061348000 0000000800080005 00000000f5000000 0000000000000000 [ 309.248885][ T5816] head: 0080000000000240 ffff88813fe1b000 ffffea0001847a10 ffffea0001849410 [ 309.248903][ T5816] head: ffff888061348000 0000000800080005 00000000f5000000 0000000000000000 [ 309.248919][ T5816] head: 0080000000000003 ffffea000184d201 00000000ffffffff 00000000ffffffff [ 309.248934][ T5816] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 309.248952][ T5816] page dumped because: kasan: bad access detected [ 309.248961][ T5816] page_owner tracks the page as allocated [ 309.248967][ T5816] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13, tgid 13 (kworker/u8:1), ts 112630919451, free_ts 0 [ 309.248998][ T5816] post_alloc_hook+0x231/0x280 [ 309.249027][ T5816] get_page_from_freelist+0x28bb/0x2950 [ 309.249049][ T5816] __alloc_frozen_pages_noprof+0x18d/0x380 [ 309.249069][ T5816] allocate_slab+0x77/0x660 [ 309.249089][ T5816] refill_objects+0x334/0x3c0 [ 309.249110][ T5816] __pcs_replace_empty_main+0x35c/0x710 [ 309.249132][ T5816] __kmalloc_noprof+0x530/0x7b0 [ 309.249148][ T5816] ___neigh_create+0x722/0x2380 [ 309.249171][ T5816] ip6_finish_output2+0x729/0x1430 [ 309.249194][ T5816] ip6_output+0x340/0x550 [ 309.249213][ T5816] ndisc_send_skb+0xd0b/0x1670 [ 309.249239][ T5816] addrconf_dad_completed+0x6e3/0xe60 [ 309.249256][ T5816] addrconf_dad_work+0xdc4/0x1680 [ 309.249273][ T5816] process_scheduled_works+0xb6e/0x18c0 [ 309.249296][ T5816] worker_thread+0xa53/0xfc0 [ 309.249319][ T5816] kthread+0x388/0x470 [ 309.249339][ T5816] page_owner free stack trace missing [ 309.249347][ T5816] [ 309.249352][ T5816] Memory state around the buggy address: [ 309.249363][ T5816] ffff888061349100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 309.249377][ T5816] ffff888061349180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 309.249390][ T5816] >ffff888061349200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 309.249401][ T5816] ^ [ 309.249411][ T5816] ffff888061349280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 309.249426][ T5816] ffff888061349300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 309.249435][ T5816] ================================================================== [ 309.249448][ T5816] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 309.249465][ T5816] CPU: 0 UID: 0 PID: 5816 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 309.249491][ T5816] Tainted: [L]=SOFTLOCKUP [ 309.249498][ T5816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 309.249512][ T5816] Workqueue: hci0 hci_rx_work [ 309.249535][ T5816] Call Trace: [ 309.249544][ T5816] [ 309.249553][ T5816] vpanic+0x56c/0xa60 [ 309.249585][ T5816] ? __pfx_vpanic+0x10/0x10 [ 309.249619][ T5816] panic+0xc5/0xd0 [ 309.249646][ T5816] ? __pfx_panic+0x10/0x10 [ 309.249674][ T5816] ? l2cap_sock_ready_cb+0xe3/0x180 [ 309.249706][ T5816] ? rcu_is_watching+0x15/0xb0 [ 309.249732][ T5816] ? l2cap_sock_ready_cb+0xe3/0x180 [ 309.249763][ T5816] check_panic_on_warn+0x89/0xb0 [ 309.249786][ T5816] ? l2cap_sock_ready_cb+0xe3/0x180 [ 309.249815][ T5816] end_report+0x73/0x180 [ 309.249834][ T5816] ? l2cap_sock_ready_cb+0xe3/0x180 [ 309.249865][ T5816] kasan_report+0x128/0x150 [ 309.249886][ T5816] ? l2cap_sock_ready_cb+0xe3/0x180 [ 309.249918][ T5816] l2cap_sock_ready_cb+0xe3/0x180 [ 309.249961][ T5816] l2cap_le_start+0x25b/0x1960 [ 309.249991][ T5816] ? __pfx_l2cap_le_start+0x10/0x10 [ 309.250022][ T5816] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 309.250045][ T5816] ? lockdep_hardirqs_on+0x7a/0x110 [ 309.250066][ T5816] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 309.250089][ T5816] ? mutex_lock_nested+0x152/0x1d0 [ 309.250115][ T5816] ? l2cap_connect_cfm+0x894/0x1560 [ 309.250145][ T5816] l2cap_connect_cfm+0x8d5/0x1560 [ 309.250178][ T5816] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 309.250206][ T5816] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 309.250231][ T5816] ? lockdep_hardirqs_on+0x7a/0x110 [ 309.250255][ T5816] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 309.250280][ T5816] ? mutex_lock_nested+0x152/0x1d0 [ 309.250310][ T5816] ? hci_connect_cfm+0x2c/0x140 [ 309.250335][ T5816] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 309.250365][ T5816] hci_connect_cfm+0x95/0x140 [ 309.250394][ T5816] le_conn_complete_evt+0x1134/0x16b0 [ 309.250428][ T5816] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 309.250455][ T5816] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 309.250479][ T5816] ? lockdep_hardirqs_on+0x7a/0x110 [ 309.250504][ T5816] ? skb_pull_data+0xfb/0x200 [ 309.250532][ T5816] hci_le_conn_complete_evt+0x187/0x470 [ 309.250562][ T5816] hci_event_packet+0x659/0xef0 [ 309.250587][ T5816] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 309.250620][ T5816] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 309.250642][ T5816] ? __pfx_hci_event_packet+0x10/0x10 [ 309.250663][ T5816] ? rt_spin_unlock+0x14f/0x200 [ 309.250698][ T5816] ? hci_send_to_monitor+0xe2/0x590 [ 309.250727][ T5816] hci_rx_work+0x3ee/0x1030 [ 309.250752][ T5816] ? process_scheduled_works+0xa8d/0x18c0 [ 309.250785][ T5816] process_scheduled_works+0xb6e/0x18c0 [ 309.250827][ T5816] ? __pfx_process_scheduled_works+0x10/0x10 [ 309.250861][ T5816] ? assign_work+0x3d5/0x5e0 [ 309.250893][ T5816] worker_thread+0xa53/0xfc0 [ 309.250946][ T5816] kthread+0x388/0x470 [ 309.250966][ T5816] ? __pfx_worker_thread+0x10/0x10 [ 309.250995][ T5816] ? __pfx_kthread+0x10/0x10 [ 309.251019][ T5816] ret_from_fork+0x51e/0xb90 [ 309.251052][ T5816] ? __pfx_ret_from_fork+0x10/0x10 [ 309.251083][ T5816] ? __switch_to+0xc7d/0x1450 [ 309.251110][ T5816] ? __pfx_kthread+0x10/0x10 [ 309.251133][ T5816] ret_from_fork_asm+0x1a/0x30 [ 309.251162][ T5816] [ 309.251662][ T5816] Kernel Offset: disabled