last executing test programs: 2m18.173160963s ago: executing program 2 (id=193): socket$igmp6(0xa, 0x3, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000c40), 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000200)=0x1, 0x12) write$cgroup_pid(r3, &(0x7f0000000140), 0x12) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = getpid() kcmp(r6, r5, 0x300, 0xffffffffffffffff, 0xffffffffffffffff) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x58, 0x22, 0xa01, 0x0, 0x0, {0x80}, [@nested={0x40, 0x5, 0x0, 0x1, [@nested={0x10, 0xb6, 0x0, 0x1, [@typed={0xc, 0x29, 0x0, 0x0, @u64=0x10000}]}, @nested={0x24, 0xc7, 0x0, 0x1, [@typed={0x5, 0x137, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0xaa, 0x0, 0x0, @pid=r5}, @nested={0x4, 0x1a}, @typed={0x8, 0xa0, 0x0, 0x0, @ipv4=@empty}, @nested={0x4, 0x91}]}, @typed={0x8, 0x15d, 0x0, 0x0, @fd=r4}]}, @typed={0x4, 0x125}]}, 0x58}, 0x1, 0x0, 0x0, 0xc000}, 0x24000000) getsockopt$MRT6(r4, 0x29, 0xcf, 0x0, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newae={0x64, 0x1e, 0x77c59de70026b015, 0x70bd2d, 0x25dfdbff, {{@in=@multicast1, 0x4d3, 0x0, 0x32}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x8, 0x3500}, [@lifetime_val={0x24, 0x9, {0x3, 0x7, 0xa, 0x100000000}}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x20040004) socket$igmp6(0xa, 0x3, 0x2) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) (async) write$cgroup_pid(r1, &(0x7f0000000c40), 0x12) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000200)=0x1, 0x12) (async) write$cgroup_pid(r3, &(0x7f0000000140), 0x12) (async) socket(0x10, 0x3, 0x0) (async) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) (async) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) getpid() (async) kcmp(r6, r5, 0x300, 0xffffffffffffffff, 0xffffffffffffffff) (async) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x58, 0x22, 0xa01, 0x0, 0x0, {0x80}, [@nested={0x40, 0x5, 0x0, 0x1, [@nested={0x10, 0xb6, 0x0, 0x1, [@typed={0xc, 0x29, 0x0, 0x0, @u64=0x10000}]}, @nested={0x24, 0xc7, 0x0, 0x1, [@typed={0x5, 0x137, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0xaa, 0x0, 0x0, @pid=r5}, @nested={0x4, 0x1a}, @typed={0x8, 0xa0, 0x0, 0x0, @ipv4=@empty}, @nested={0x4, 0x91}]}, @typed={0x8, 0x15d, 0x0, 0x0, @fd=r4}]}, @typed={0x4, 0x125}]}, 0x58}, 0x1, 0x0, 0x0, 0xc000}, 0x24000000) (async) getsockopt$MRT6(r4, 0x29, 0xcf, 0x0, 0x0) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newae={0x64, 0x1e, 0x77c59de70026b015, 0x70bd2d, 0x25dfdbff, {{@in=@multicast1, 0x4d3, 0x0, 0x32}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x8, 0x3500}, [@lifetime_val={0x24, 0x9, {0x3, 0x7, 0xa, 0x100000000}}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x20040004) (async) 2m17.070060961s ago: executing program 2 (id=195): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x480000, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r0, 0xc0044dff, &(0x7f0000000040)=0x4) timer_create(0x3, &(0x7f0000000240)={0x0, 0x1a, 0x2, @thr={&(0x7f0000000080)="1261d89c626309dee06fbfa386b3cb3faaea43201aeaa8a593ae2525f00394d0c88385264ae43c251177a1ab659a49a5597aa8bef8f8ce4111b5a3c5e1fdd6337d11f180d5a14be38acf9fe027050b21600575af8556136ed1210904be747927f13ec300a84e89e16ae9c5dc6a67ed5e0415432efe695219971934ef90095b020ed1176491583ebdc6b76512c24c7a", &(0x7f0000000140)="15d4d2b749747ae9ff1f365e154e552f6cf540547251013c833142fefb5eca8ebcb3308693aae98707fd11b708086c7ad881f2f93c5f04614a7a746d6bf581b3cb8c60bfe3803e05bf759e39cfe9662a8d3c74c898d763afbe7a08dc05ac815002b7ca813e4e8357c0854cb75efebd0b0f791af4953d57eca1ad1101dcd1a9e58355e6bca8272ba5e3e8aa9021d43c502e79d3d85b81ef532a06a1f1233406ff9c5184445390fb6d827ba1b6d7ef0dd5bf8481451ca1c3a76aa20f7df7d5e9212f58d77c4223442c6c"}}, &(0x7f0000000280)=0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f0000000300)={{0x0, 0x989680}, {r2, r3+60000000}}, &(0x7f0000000340)) nanosleep(&(0x7f0000000380)={0x77359400}, &(0x7f00000003c0)) write$P9_ROPEN(r0, &(0x7f0000000400)={0x18, 0x71, 0x2, {{0x20, 0x2}, 0xc}}, 0x18) r4 = semget$private(0x0, 0x2, 0x0) semtimedop(r4, &(0x7f0000000440)=[{0x4, 0x7, 0x1000}], 0x1, &(0x7f0000000480)={0x0, 0x3938700}) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) futex_waitv(&(0x7f0000000a80)=[{0x8, &(0x7f00000004c0)=0x7fff, 0x2}, {0xd9, &(0x7f0000000500)=0x8, 0x82}, {0x9, &(0x7f0000000540)=0x9}, {0x7, &(0x7f0000000580)=0x2, 0x2}, {0x7, &(0x7f00000005c0)=0x211, 0x2}, {0x4, &(0x7f0000000600)=0x8, 0x82}, {0x5, &(0x7f0000000640)=0x8, 0x82}, {0x419, &(0x7f0000000680)=0x56e49635, 0x2}, {0x0, &(0x7f00000006c0)=0x8000000000000001, 0x82}, {0x0, &(0x7f0000000700)=0x100000000, 0x82}, {0x1ff, &(0x7f0000000740)=0x6, 0x82}, {0xfffffffffffffffb, &(0x7f0000000780), 0x82}, {0x8b, &(0x7f00000007c0)=0x2, 0x82}, {0x2, &(0x7f0000000800)=0x1590, 0x2}, {0x8, &(0x7f0000000840)=0x4, 0x80}, {0x4, &(0x7f0000000880)=0xfffffffffffffffe, 0x82}, {0x7f, &(0x7f00000008c0)=0x86a, 0x82}, {0x5, &(0x7f0000000900)=0x5, 0x82}, {0xc32b, &(0x7f0000000940)=0x400, 0x82}, {0xdb89, &(0x7f0000000980)=0x9, 0x82}, {0x1, &(0x7f00000009c0)=0x3, 0x82}, {0x2, &(0x7f0000000a00)=0x1, 0x82}, {0x2, &(0x7f0000000a40)=0x4, 0x2}], 0x17, 0x0, &(0x7f0000000cc0)={0x0, 0x3938700}, 0x1) r5 = mq_open(&(0x7f0000000d00)='{\x00', 0x800, 0x80, &(0x7f0000000d40)={0x7, 0x9, 0x0, 0x1}) mq_timedreceive(r5, &(0x7f0000000d80)=""/8, 0x8, 0x2, &(0x7f0000000dc0)) futex_waitv(&(0x7f0000002240)=[{0x10000, &(0x7f0000000e00)=0x8000000000000000, 0x2}, {0x400, &(0x7f0000000e40)=0x8, 0x82}, {0x3, &(0x7f0000000e80), 0x82}, {0x1, &(0x7f0000000ec0)=0x97ac, 0x2}, {0x7, &(0x7f0000000f00)=0x5, 0x82}, {0x8000, &(0x7f0000000f40)=0xffffffffffff1cca, 0x82}, {0x80, &(0x7f0000000f80)=0x9, 0x82}, {0x2, &(0x7f0000000fc0)=0xfffffffffffffc01, 0x82}, {0x6, &(0x7f0000001000)=0x5e21, 0x82}, {0x4, &(0x7f0000001040), 0x2}, {0x1ff, &(0x7f0000001080)=0x92, 0x82}, {0x7, &(0x7f00000010c0)=0x9, 0x184}, {0x7, &(0x7f0000001100)=0x9, 0x82}, {0x5, &(0x7f0000001140)=0x3, 0x82}, {0x3, &(0x7f0000001180)=0x2, 0x82}, {0x9, &(0x7f00000011c0)=0xe5fb, 0x2}, {0x7, &(0x7f0000001200)=0x6, 0x2}, {0x4, &(0x7f0000001240), 0x2}, {0x4, &(0x7f0000001280)=0x4, 0x82}, {0x5, &(0x7f00000012c0)=0x4}, {0x7a, &(0x7f0000001300)=0x4, 0x2}, {0x8000, &(0x7f0000001340)=0x2, 0x82}, {0xc31, &(0x7f0000001380)=0x200, 0x2}, {0x1000, &(0x7f00000013c0)=0x6, 0x2}, {0x0, &(0x7f0000001400)=0x3ff, 0x2}, {0x6, &(0x7f0000001440)=0x7, 0x82}, {0x9, &(0x7f0000001480)=0x6, 0x82}, {0x100000000, &(0x7f00000014c0)=0x3, 0x2}, {0x8104, &(0x7f0000001500)=0x80000000, 0x82}, {0x4, &(0x7f0000001540)=0x5, 0x82}, {0x200, &(0x7f0000001580)=0x7, 0x82}, {0x7f, &(0x7f00000015c0), 0x2}, {0x0, &(0x7f0000001600), 0x2}, {0x101, &(0x7f0000001640)=0x6, 0x2}, {0x2, &(0x7f0000001680)=0xcba8, 0x2}, {0x8, &(0x7f00000016c0), 0x2}, {0x100000001, &(0x7f0000001700)=0x7, 0x2}, {0x0, &(0x7f0000001740)=0x8001, 0x2}, {0xd1, &(0x7f0000001780)=0x8000000000000000, 0x2}, {0xffffffff, &(0x7f00000017c0)=0xd, 0x80}, {0x10000, &(0x7f0000001800)=0x6, 0x2}, {0x2198, &(0x7f0000001840)=0x7, 0x2}, {0x101, &(0x7f0000001880)=0x7f, 0x2}, {0x7, &(0x7f00000018c0)=0x4, 0x82}, {0x100, &(0x7f0000001900)=0x5, 0x82}, {0x5, &(0x7f0000001940)=0x9dd368a, 0x2}, {0x8, &(0x7f0000001980)=0x10000, 0x82}, {0xf94, &(0x7f00000019c0)=0x100, 0x2}, {0x0, &(0x7f0000001a00)=0x3, 0x2}, {0x7, &(0x7f0000001a40)=0x3ff, 0x2}, {0x7f, &(0x7f0000001a80)=0x8000000000000001, 0x82}, {0x4, &(0x7f0000001ac0)=0x800, 0x82}, {0x2, &(0x7f0000001b00)=0x67e, 0x82}, {0x6, &(0x7f0000001b40)=0x28, 0x82}, {0x5, &(0x7f0000001b80)=0x5, 0x2}, {0x1000, &(0x7f0000001bc0)=0xffffffff, 0x82}, {0x1000, &(0x7f0000001c00)=0x4, 0x2}, {0x3, &(0x7f0000001c40)=0x24e2, 0x82}, {0x8, &(0x7f0000001c80)=0x2, 0x2}, {0xfff, &(0x7f0000001cc0)=0xf3c8, 0x2}, {0x6, &(0x7f0000001d00)=0x8, 0x2}, {0x6, &(0x7f0000001d40)=0x4e41, 0x2}, {0x1, &(0x7f0000001d80)=0x14b4, 0x82}, {0x1, &(0x7f0000001dc0)=0x4, 0x82}, {0xa28, &(0x7f0000001e00)=0xffffffffffffffff, 0x2}, {0x7365, &(0x7f0000001e40)=0x1ec, 0x2}, {0x7ff, &(0x7f0000001e80)=0x7, 0x2}, {0xe3, &(0x7f0000001ec0)=0x4, 0x2}, {0x8, &(0x7f0000001f00)=0xd006, 0x82}, {0xf91f, &(0x7f0000001f40)=0x2}, {0x9, &(0x7f0000001f80)=0x3, 0x82}, {0x3, &(0x7f0000001fc0)=0x17b55987, 0x82}, {0x7, &(0x7f0000002000)=0x54f0, 0x82}, {0x8000000000000001, &(0x7f0000002040)=0x3ff, 0x82}, {0x8, &(0x7f0000002080)=0x1a, 0x82}, {0x0, &(0x7f00000020c0)=0x8, 0x82}, {0x8000000000000001, &(0x7f0000002100)=0x80000000, 0x2}, {0x2400000, &(0x7f0000002140)=0x9, 0x82}, {0xb4b4, &(0x7f0000002180)=0x2, 0x2}, {0x100000001000, &(0x7f00000021c0)=0x2, 0x2}, {0xffffffffffffffff, &(0x7f0000002200)=0x8, 0x82}], 0x51, 0x0, &(0x7f0000002a00)={0x0, 0x989680}, 0x0) clock_gettime(0x0, &(0x7f0000002a40)={0x0, 0x0}) timer_settime(r1, 0x1, &(0x7f0000002a80)={{r6, r7+60000000}, {0x0, 0x989680}}, &(0x7f0000002ac0)) timer_create(0x6, &(0x7f0000002b00)={0x0, 0x22, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000002b40)=0x0) timer_settime(r8, 0x0, &(0x7f0000002b80)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000002bc0)) timerfd_settime(0xffffffffffffffff, 0x2, &(0x7f0000002c00), &(0x7f0000002c40)) r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002c80), 0x408000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r9, 0xc0605345, &(0x7f0000002cc0)={0x0, 0x2, {0xffffffffffffffff, 0x3, 0x6, 0x2, 0xac13}}) mq_timedsend(r5, &(0x7f0000002d40)="69bb95d089fe2e113889f11842f23c9dd0ed34dfb758f501356f2c9f1cbfb2cdf81482a2e8e4b633e620fde6601eccb99060a9869cd5724b44468894ec8a3eda591441cb01bf785bc6", 0x49, 0xfffffffffffffff8, &(0x7f0000002dc0)={0x77359400}) poll(&(0x7f0000002e00)=[{r5, 0x2100}, {r9, 0x1000}, {r9, 0x24c0}, {r5, 0x8831}, {r0, 0x600}], 0x5, 0x0) clock_settime(0x7, &(0x7f0000002e40)={0x0, 0x3938700}) timer_getoverrun(r1) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r9, 0x40189429, &(0x7f0000002e80)={0x0, 0x8, 0xffffffffffffffff}) r10 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) readv(r0, &(0x7f0000002fc0)=[{&(0x7f0000002ec0)=""/193, 0xc1}], 0x1) r11 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000003000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) poll(&(0x7f00000030c0)=[{r9}, {r11, 0x5000}, {r9, 0x41}, {0xffffffffffffffff, 0x1}, {r10}, {r5, 0x1260a}, {r10, 0x4033}, {r5, 0x40}, {}], 0x9, 0x100) 2m16.12808267s ago: executing program 2 (id=200): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ef"}) timer_settime(0x0, 0x0, &(0x7f0000002300)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000002c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000380)={r4, r5, r6, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000240)={0x0, 0x0, r5, r7, 0x2, 0x104, 0x2, 0xdc43, {0xac78, 0x1, 0x200, 0x69, 0xf4b, 0xfffc, 0x401, 0x45, 0x412f, 0xe154, 0x20, 0xe, 0xb2bb, 0x3, "fe1d00003413000000000000000caa000000008000000000000004b427180010"}}) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="02c9208a00860901001105093200000006030f0002020200020201000501010610010003008c0000000800000006000000010201fc040903023dcd000008ff000202040002000200042036000f00ff070202050001020000061000020200040000000400000006000000050101061003010600ff7f1e000007000000ff7f0000050100"/143], 0x8f) 2m15.783128601s ago: executing program 2 (id=204): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000a40)=ANY=[@ANYBLOB="12010000e3ddef20501da1604fa1010203010902120001000000"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000680)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac2(r0, &(0x7f00000004c0)={0x14, &(0x7f0000000280)={0x40, 0x0, 0xac, {0xac, 0x10, "3a2f689b67e039c4b1365302376217026db69cdeedd2df57446114a01f1f42019e5ee0af0146eadddc1e47a5d20099309cc1fd183002f457562391d924bc845366c9022d7c52fdc79bce5d366dfb55e6d161a137f70b2f1ff0abec1d7b3c4858974404fc3da5f1c556d9823283d493b2547eb1f85ceead2aeb10cc033ffb20e916f4f3aaebd87388347409bc60335a17270a66cf9c101279b535c3b6f9b3aeadcf7cf974904e230e1d12"}}, &(0x7f0000000340)={0x0, 0x3, 0x8f, @string={0x8f, 0x3, "8809efbe8b7101b3be028025478831308f2251233462afdb19f0fda01b95000ba4a1641364b62f13111922b182178ced9e8b66bdbdfc7c4ee48e9d2ce1e3651a24ad05d3003fb4f9a37b7b4a4e9c0376962b747e626c604e13a853ce0394ad77eb140ffeb98e5b2e349e0b1d4980cdbff590bd83d1aed11577f3a10af2cf390f572c7e860abf27ef76fc5e1d1a"}}}, &(0x7f0000000800)={0x44, &(0x7f0000000500)=ANY=[@ANYBLOB="400ba8000000c65be50ee0a64094ee6e3dd4ff890c0ee08e1838fb790ab0c889bf5394096fb8dca82d50e04ae1199e9f35b95bad5ed46f3861b64bfd850865f1c9e29a71abd654f6bb888b76a1c0af14b73030c7b0267c6ec7908e9f51101cfbeba99419817766f8845d836f39194e92d3e9ff8d63c2bfb3a26c7301116f5d361f6a5445a7f2631283411003abe1e09de31746cd6a62cbec2a4c2df3c3d719d058b479ecbf555d383360209d6d1a"], &(0x7f00000005c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x10}, &(0x7f0000000640)={0x20, 0x81, 0x2, "79eb"}, &(0x7f0000000700)={0x20, 0x82, 0x2, 'P$'}, &(0x7f0000000740)={0x20, 0x83, 0x3, 'q#{'}, &(0x7f0000000780)={0x20, 0x84, 0x2, "2bed"}, &(0x7f00000007c0)={0x20, 0x85, 0x3, "385ee2"}}) syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2m11.988203808s ago: executing program 2 (id=214): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000009c0)={0x3c, r2, 0x1, 0x78bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa5}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x3}]}, 0x3c}}, 0x20) (fail_nth: 7) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 2m10.876215226s ago: executing program 2 (id=217): r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x45) r2 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) readv(r2, &(0x7f0000000140)=[{&(0x7f0000000600)=""/152, 0x98}], 0x1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x9, 0xfffffffe}, 0x10) r4 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000100)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x44e, 0x120b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, "", [{{0x9, 0x4, 0x0, 0x6, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x4, 0xc, 0x1, {0x22, 0x28}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xc1, 0x9, 0xfe}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f0000000780)={0x2c, &(0x7f0000000540)={0x0, 0x23, 0x29, {0x8a, 0x18d6b649f3f7835a, "d6ef47cde06f27b341dce73219069f4555c6201db32f9552d9873dff2108759016b2ac82dfd1ab"}}, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000900)={0x20, 0x0, 0x4, {0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)={0x40, 0x19, 0x2, "a0df"}, 0x0, &(0x7f0000000b80)={0x40, 0x1c, 0x1}, &(0x7f0000000bc0)={0x40, 0x1e, 0x1, 0xa6}, 0x0}) write(r3, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000001000000000000000800090002000000", 0x24) recvmmsg(r2, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4004004}}], 0x1, 0xc000) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001d80)=ANY=[@ANYBLOB="4c060000", @ANYRES16=r0, @ANYBLOB="01002dbd7000fedbdf2501000000140002007767320000000000000000000000000024000300000000000000000000000000000000000000000000000000000000000000000000060880300000800800030007000000240001"], 0x64c}, 0x1, 0x0, 0x0, 0xc004}, 0x40001) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x249, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8, 0x80, 0x0, "", [{{0x9, 0x4, 0x0, 0x5, 0x1, 0x3, 0x1, 0x2, 0xf, {0x9, 0x21, 0x9, 0x36, 0x1, {0x22, 0xf44}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x4, 0x0, 0x2}}}}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0}) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') lseek(r5, 0x8000000000000002, 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_TRIM(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x3f6, 0x4, 0x70bd2b, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x8040}, 0x4000000) writev(r6, &(0x7f0000000200), 0x20) 1m55.720999283s ago: executing program 32 (id=217): r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x45) r2 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) readv(r2, &(0x7f0000000140)=[{&(0x7f0000000600)=""/152, 0x98}], 0x1) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x9, 0xfffffffe}, 0x10) r4 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000100)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x44e, 0x120b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, "", [{{0x9, 0x4, 0x0, 0x6, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x4, 0xc, 0x1, {0x22, 0x28}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xc1, 0x9, 0xfe}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f0000000780)={0x2c, &(0x7f0000000540)={0x0, 0x23, 0x29, {0x8a, 0x18d6b649f3f7835a, "d6ef47cde06f27b341dce73219069f4555c6201db32f9552d9873dff2108759016b2ac82dfd1ab"}}, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000900)={0x20, 0x0, 0x4, {0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)={0x40, 0x19, 0x2, "a0df"}, 0x0, &(0x7f0000000b80)={0x40, 0x1c, 0x1}, &(0x7f0000000bc0)={0x40, 0x1e, 0x1, 0xa6}, 0x0}) write(r3, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000001000000000000000800090002000000", 0x24) recvmmsg(r2, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4004004}}], 0x1, 0xc000) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001d80)=ANY=[@ANYBLOB="4c060000", @ANYRES16=r0, @ANYBLOB="01002dbd7000fedbdf2501000000140002007767320000000000000000000000000024000300000000000000000000000000000000000000000000000000000000000000000000060880300000800800030007000000240001"], 0x64c}, 0x1, 0x0, 0x0, 0xc004}, 0x40001) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x249, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8, 0x80, 0x0, "", [{{0x9, 0x4, 0x0, 0x5, 0x1, 0x3, 0x1, 0x2, 0xf, {0x9, 0x21, 0x9, 0x36, 0x1, {0x22, 0xf44}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x4, 0x0, 0x2}}}}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0}) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') lseek(r5, 0x8000000000000002, 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_TRIM(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x3f6, 0x4, 0x70bd2b, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x8040}, 0x4000000) writev(r6, &(0x7f0000000200), 0x20) 8.153926685s ago: executing program 4 (id=719): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0) fcntl$lock(r0, 0x24, &(0x7f00000000c0)={0x2, 0x0, 0x4007, 0xfffffffffffffffb}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r0) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000740)=ANY=[@ANYBLOB="fc0000001900010031bd700000000000ac1e00010000000000000000000000006401010200000000000000000000000000000000000000000a00000000000e99", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000feffffffff7f40000200000000000008ffffffff00000000010006000000000044000500ffffffff000000000000000000000000000000013c"], 0xfc}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040)={0xd}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x7, 0x1000000000, 0x0, 0x200000000000043, 0x2000004, 0x0, 0x2004cb, 0x0, 0xa7c, 0x68ff, 0x7, 0x8000000009, 0x803, 0x0, 0x9], 0xeeee8000, 0x202}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0x1, 0x8, 0x8, 0xb, 0xe6, 0x40, 0x0, 0x0, 0x81, 0x80}, {0x5000, 0x3000, 0x10, 0x0, 0x42, 0x5, 0x75, 0x3, 0x36, 0xfe, 0x2, 0x87}, {0x0, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x8}, {0x1, 0xeeee0000, 0x19, 0x6, 0x5, 0x42, 0x0, 0xff, 0x0, 0x7, 0x6}, {0xf000, 0xd000, 0xf, 0x3, 0x16, 0x7, 0xaa, 0x8, 0x9, 0x9, 0xfa, 0x97}, {0xeeefa000, 0xdddd0000, 0xd, 0xa0, 0x1, 0x8, 0x1, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0xb000, 0xf, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xdddd0000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0x5, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0x8000000, 0x9}, 0x80000031, 0x0, 0x40000, 0x2024, 0x800000a, 0xc001, 0x100000, [0xe5b5, 0x4, 0x3, 0x8]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 7.364000265s ago: executing program 4 (id=725): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000a40)=ANY=[@ANYBLOB="12010000e3ddef20501da1604fa1010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000680)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000000800)={0x44, 0x0, &(0x7f00000005c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x10}, &(0x7f0000000640)={0x20, 0x81, 0x2, "79eb"}, &(0x7f0000000700)={0x20, 0x82, 0x2, 'P$'}, &(0x7f0000000740)={0x20, 0x83, 0x3, 'q#{'}, &(0x7f0000000780)={0x20, 0x84, 0x2, "2bed"}, &(0x7f00000007c0)={0x20, 0x85, 0x3, "385ee2"}}) syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.986644304s ago: executing program 1 (id=737): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x49f9, 0x4}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000100)={0x0, 0x0, 0x2, 0xc, 0x1, 0x3, 0x5, 0x1, r1}, &(0x7f0000000180)=0x20) (async, rerun: 32) sendmmsg$inet_sctp(r0, &(0x7f0000003f40)=[{&(0x7f0000000000)=@in={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000040)="1c", 0x1}], 0x1, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000084"], 0x18, 0x48060}], 0x1, 0x200000d0) (rerun: 32) 4.908665601s ago: executing program 1 (id=738): futex_waitv(&(0x7f0000002240)=[{0x10000, &(0x7f0000000e00)=0x8000000000000000, 0x2}, {0x400, &(0x7f0000000e40)=0x8, 0x82}, {0x3, &(0x7f0000000e80), 0x82}, {0x1, &(0x7f0000000ec0)=0x97ac, 0x2}, {0x7, &(0x7f0000000f00)=0x5, 0x82}, {0x8000, &(0x7f0000000f40)=0xffffffffffff1cca, 0x82}, {0x80, &(0x7f0000000f80)=0x9, 0x82}, {0x2, &(0x7f0000000fc0)=0xfffffffffffffc01, 0x82}, {0x6, &(0x7f0000001000)=0x5e21, 0x82}, {0x4, &(0x7f0000001040), 0x2}, {0x1ff, &(0x7f0000001080)=0x92, 0x82}, {0x7, &(0x7f00000010c0)=0x9, 0x184}, {0x7, &(0x7f0000001100)=0x9, 0x82}, {0x1, 0x0, 0x82}], 0xe, 0x0, &(0x7f0000002a00)={0x0, 0x989680}, 0x0) 4.720781902s ago: executing program 1 (id=739): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) r2 = socket$kcm(0x1e, 0x1, 0x0) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@id={0x1e, 0x3, 0x3, {0x4e24}}, 0x80, 0x0}, 0x0) recvmsg(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000080)=""/248, 0xf8}], 0x1, 0x0, 0x18}, 0x10100) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) eventfd2(0x400e5c, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3) r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0) syz_usb_control_io(r5, 0x0, 0x0) syz_usb_control_io$hid(r5, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0) syz_usb_control_io(r5, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r5, 0x0, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x2c, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0}) sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r6], 0x1c}}, 0x840) write$nci(0xffffffffffffffff, 0x0, 0x0) eventfd2(0x42000006, 0x801) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r7) 4.674217858s ago: executing program 0 (id=740): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca000905060200020d0006090582020002"], 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008103e00f80ecdb4cb9f207c804a00d000000880802fb0a0002000a0ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0) syz_usb_connect(0x4, 0x90c, &(0x7f0000000980)={{0x12, 0x1, 0x250, 0xd5, 0xd0, 0x64, 0x10, 0x411, 0x1a2, 0xad2c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8fa, 0x3, 0x40, 0x7, 0xa0, 0x2, "", [{{0x9, 0x4, 0xd0, 0x79, 0x9, 0xea, 0x5b, 0x96, 0x6, [@cdc_ncm={{0x6, 0x24, 0x6, 0x0, 0x1, "ad"}, {0x5, 0x24, 0x0, 0xb0b}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x6, 0x1ff, 0xb}, {0x6, 0x24, 0x1a, 0x443a}, [@network_terminal={0x7, 0x24, 0xa, 0x7, 0x4a, 0xd, 0x8}]}, @cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "d0f6114a82"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0xcce, 0x8000, 0x5, 0x6}, [@obex={0x5, 0x24, 0x15, 0xb680}, @ncm={0x6, 0x24, 0x1a, 0x226a}]}], [{{0x9, 0x5, 0xf, 0x0, 0x40, 0x1e, 0xf, 0x5, [@generic={0xb7, 0xe, "ed96d0a35b3adbf6a49c35be24ce42539a09e1307d350fd5843ec8dd246d0b4ac12a19c2e58ef468b807a93005f2f7bd74c0a7b8d6405eb3c4c386f153daa2f06aa4ad8b8ccfa7bc70f8f2fd2c7e3c6e4a103a15d974da9469b8a8a2e7061773f96cd073add20cdc767e24efed3a67ee8ad64e8d5abe5b82be2f36b9afe163b7a41aa0aad3a57e0f6b5452d1cf7676f8645d6dc5323c1d87a0bf2b4905ebe4bd831a101e858bc6eb9b06602692345d3955431bed6a"}]}}, {{0x9, 0x5, 0xd, 0x10, 0x20, 0x9, 0x6, 0x5, [@generic={0x4b, 0x9, "d986a87ddd84f8bd7e306f7ccf435edbcc702c4722a3878732f2028d6e5c13c4cce2f375ffaa90d8de2bd561749344b2f95bce0eef823a8a2c15f24463f1dd859fdcf71a2f9b61c4b2"}, @generic={0xcf, 0x6, "9619b68eb524ea55a179ce0306d7f1b67cf83d47ad822e6e631ec14978a00c3a204746a441e6921ad8f4c162371341b4ac14fe59c45b2e3c79134ee4ce867d25415191a2a8337722c8116cdb0a7f44067eff88b3fc12eb02f0792baa9a5d7ecd596e7397b8946e4e32a0ee8bcd217765b751dd05135d18ce2fda83265d729e5f100ad173f4b9917773f237aab45e8ba2b8dd983bd40f9ae6d251c989bd707264cadb20f4c93839684da55972e1e2f67487862fcca40ef5fee18b5aab3eeb6347db13b46b6df8f87612de2afbcb"}]}}, {{0x9, 0x5, 0x5, 0x3, 0x20, 0x4, 0x3, 0x4, [@generic={0x42, 0x31, "5ddae1497ebd169468bd00ea09b985b3c1ce4cdcc8b84a02244a5ade454f5f88bf752d199cc85c505d0857a6a9020b6b909409ffcb6670bc5625c803b433431a"}]}}, {{0x9, 0x5, 0xa, 0x1, 0x400, 0x78, 0x8, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0x3, 0x6}]}}, {{0x9, 0x5, 0xb, 0x2, 0x20, 0x5, 0xe, 0x2}}, {{0x9, 0x5, 0x5, 0x0, 0x3ff, 0x20, 0x7f, 0x4, [@generic={0xa4, 0x23, "90d40ac6a8cad2a2c29a70345fab87e5402ea19b848a015781dd5409f778fef0f14e4ac65955a6429d73526ba7bd96c8c68b227224199f4f2a7b13863164b6c1b6ef6931cc61d7c27b2775af00dcba58bd19ba51df77a1a59c0f49831ad256d191e308eeac6ac6c3b025c01de6394fc3068c4876c9ba4db1078055b9d7ad88ad3a542fa1743c4050e3824f0be5150616d03873887efe76f7489b81fb2a774777f613"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x3ff, 0x77, 0x5, 0x98, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x4, 0x2}]}}, {{0x9, 0x5, 0x80, 0x10, 0x400, 0x2, 0x3, 0x9}}, {{0x9, 0x5, 0x80, 0x0, 0x0, 0x8, 0x8, 0x7}}]}}, {{0x9, 0x4, 0xd5, 0xb, 0x10, 0xff, 0xff, 0xff, 0x3, [], [{{0x9, 0x5, 0xf, 0x10, 0x8, 0xa, 0xfc, 0x3}}, {{0x9, 0x5, 0x3, 0xa, 0x400, 0x3, 0x4}}, {{0x9, 0x5, 0x5, 0x10, 0x8, 0x4, 0x80, 0x6d}}, {{0x9, 0x5, 0xa, 0x1, 0x400, 0x7, 0x1, 0x96}}, {{0x9, 0x5, 0xd, 0x0, 0x40, 0x0, 0xd5, 0x8, [@generic={0x4b, 0x10, "925733bb726d0a7b80a0a03dc40d9969645633b30f53666e54ffefee7e9e36e2fc24ddf290c5acf609f6af5457ba5e938a5229a8be24ab5aada7dbcbcdda1d26893c073d1e97028e01"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x0, 0x1, 0x80, 0x4}}, {{0x9, 0x5, 0x8e, 0xc, 0x8, 0xa, 0x4, 0x80}}, {{0x9, 0x5, 0x6, 0x8, 0x3ff, 0x8, 0x9, 0x7, [@generic={0xc9, 0x0, "1aae090e5a3fc648c08c74cb8552c1bc04c4989b932fcc7a3cc7611b9cf83af927969d0e11c14ddaf83050071fed59a3a22371a0783954ddbfa1fd22e465438e21070d75ac6d82e408e32cec6eec57a965fbfff88e65a9c2f9a8f7b3beeefed0ab8653ca2369a1d8deb1b2854aaf09d6fa1a65c5152cf646024191192af316f211df35999321601f282e4393530c2420d16d979aadff2d2a12aceb49bb9ad798bed29304835447768a32f8c0c8e0a75602d92702da281b4a2ffcc3d69223b06de189ed8588290f"}]}}, {{0x9, 0x5, 0x6, 0x0, 0x7e7, 0x4, 0xe, 0x81, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x5}, @generic={0xab, 0xa, "c71717ec380a7d2518c16562750424812366f4b0c2c3a0b1afe08873c105cf9702f95a34c0a0203638dce331706a0491e2fef2b6927faf26d9403fbe6bdc1b0df89d144bda999986b0d2bbeb3f33195332186aebde49cd78d59f70a4c13d8274c641669492ff3f57fe440ff1b1442c03d0a4ce127545c10c36eafdebd95e634636f9f737c637c89b8f2fb37a91c7ec276ba7b74872414fc2ee405660e5851af5c43c3b78d683e02c6d"}]}}, {{0x9, 0x5, 0x5, 0x3, 0x0, 0x3, 0xc, 0x9}}, {{0x9, 0x5, 0x2, 0x0, 0x8, 0xa, 0x0, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x10, 0x68}, @generic={0x20, 0x10, "4dee7849b44f2bdb50a0cc5e9448bd8c7eafbeab47c870c239729b8bd618"}]}}, {{0x9, 0x5, 0x1, 0xf, 0x20, 0xaa, 0x85, 0x56, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xc7, 0x9}]}}, {{0x9, 0x5, 0xe, 0x3, 0x10, 0x6, 0x4, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0x7, 0x1}]}}, {{0x9, 0x5, 0xb, 0x2, 0x8, 0x6, 0x5, 0x2, [@generic={0xd1, 0x21, "1213bb5ebdb45b14c2511c437139de2898024f09dc38d8e4c20de6fe294d04950ebf892ddd20cf0e39f2dab1a9468d8bdc1d4f3aced8ec63e48e2b3ff7d3d76d7933a467ddaf7d81dc8689f330285331b51a9edb2dcf1a4220c2859a20f9d17fb68a5fb9362f01930042730569f59f9e6838a7457825befe000daee881ce46b68da01bb0112527d3e23f5b56ea7b599c5b03e75a574f4a6af7b7337a1eb8dec19bd498176fac21b24c9080e8f1ee8862f772c57020f5e921e6615708e3a75813c9edff7ca49d67efd12ee1397609c1"}, @generic={0xb9, 0x22, "049aa497324f2895413015dbb23cb95b18c836fc2f4b65462efc7d8f7326922e49e3e0d9f1e50dbf7b8549339aa9e479e5c1c562b3d85b5d47c3fd53ef7711e6747ead2f6611e90e7d993cc48d8b51ff1a4a579fe63e814c48a50071ce59e0f073dd4c672073b67d7889c8f7ae9d140fe55b1b55620792630620f4c46b53051a253924f8ca42f3179388160023f52394577e9998087b4c66b92a31b5fa3e955f1d749787f47dc7da76eb61746607e8f25a1760cfe72ccd"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x400, 0x6, 0x4, 0x3b}}, {{0x9, 0x5, 0x4a229287f8753dc, 0x0, 0x10, 0x7, 0xfc, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x80, 0xff}, @generic={0x23, 0x30, "34be8c26a1e42d524a772b00bf82832e79d9d8af54b649dfe0b9c430d0db76d777"}]}}]}}, {{0x9, 0x4, 0x19, 0x2, 0x4, 0xe, 0x33, 0xf1, 0x9, [@hid_hid={0x9, 0x21, 0x0, 0xf8, 0x1, {0x22, 0xae6}}, @uac_control={{0xa, 0x24, 0x1, 0xe, 0x18}, [@output_terminal={0x9, 0x24, 0x3, 0x2, 0x405, 0x6, 0x1, 0x4}, @selector_unit={0x5, 0x24, 0x5, 0x3, 0x4}]}], [{{0x9, 0x5, 0x4, 0x10, 0x20, 0x6, 0x4, 0x6}}, {{0x9, 0x5, 0x6, 0x1, 0x10, 0x8, 0xfe, 0x8}}, {{0x9, 0x5, 0xa, 0x2, 0x3ff, 0x5, 0x2d, 0x2}}, {{0x9, 0x5, 0x8, 0x0, 0x3ff, 0xf5, 0x3, 0x0, [@generic={0xf0, 0x29bf663b55cf8af7, "ae82869f3a5afa45979c2c776d0c26b3a8ed2445ed1539b91ae6b3ef74856099c41b19e476eb4e250a7df24ab99e441e0211f0475c7669956f60a1b61f593e6d4a3d0e38153c77cd29d1edcf7ca525a20dcc0e6f21a26f6fe96f2a36501c804cadf5bf133e111a527fe120accfe0b4c2c473f9e4a040c388385107cd343abe9516f621480549efb4fb9540675cc629825274e0ffb3aacb824fd02732856dc45f746ccbc9940622988ba6bc7952129fb5ec5a65ac2f5ce952ae044bd643a2c78876eb82b8720b8280e5776fbce8b883dc7e8ae939574ed9a6f23da6a7591f0a5a555141801e027c42de0be09efc29"}]}}]}}]}}]}}, &(0x7f00000014c0)={0xa, &(0x7f00000012c0)={0xa, 0x6, 0x110, 0x6, 0x8, 0x1, 0x40, 0xc}, 0x111, &(0x7f0000001300)={0x5, 0xf, 0x111, 0x6, [@ss_container_id={0x14, 0x10, 0x4, 0x9, "d0af0b78ce89230a88d4e40f5f80e44e"}, @generic={0xcc, 0x10, 0x4, "18406a61848d0d41d24e1d5bcf18ae7152aa345bc565121f71b33fa2adf7174295fbd6f87dfacced6957fa8eddb50b3a1b61f76c6365c9aae1e02f530e2d9b9d234e9be91fa341fc82d8a9aa1136332f17739eec126999e7698d7a36e6f6131ef81b7f52655a730e1683fea641289eea74b9df4be06c86e84d08ebe4c237fc95414b56ee5d3e2a30d23f66dd3b2e36995d9c5d44253ecf67c6756be4c1c522d459191e18d7471a4c67b624f5952436a7d4612f37dff2984774e4bf18d97aadf14147299e279026eb91"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x1, 0x41, 0x9}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0xf, 0x7, 0x7}, @ssp_cap={0x18, 0x10, 0xa, 0x9, 0x3, 0x8, 0xf, 0x7, [0xff3fff, 0xff0030, 0xff0000]}]}, 0x2, [{0x4, &(0x7f0000001440)=@lang_id={0x4, 0x3, 0x3c01}}, {0x4, &(0x7f0000001480)=@lang_id={0x4, 0x3, 0x1001}}]}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000480)={0x84, &(0x7f0000000940)={0x40, 0xa, 0x4, "a0e763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000200)={0x0, 0xf, 0x4, "da9483aa"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f0000001500)=ANY=[@ANYBLOB="40313e0000003e081e795e2c852f0fb746b6ce8a8a7da55ed759a6ef6fd09ba324d180ef42f79baea03eb5ab0432d2804a83494de0566f42b82214ed220102025221863e7342682daf16ba3c3b86b6e533a0d8f4c3228e1abeefc24eca9d4567a07ff3ef1d5efdb2cafa9e604da7951de8a0a787aaf679e28b1976969032fe07790c72522457e263e64cf820d310ce223c9467143a03d30cc3ea9b2717427fed23e85409910171686852d06b9955c0c7f65ecec5d4139d70a312f0d69571c1d5b81b1b74b92b2539"], &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x403}}, &(0x7f0000000140)={0x0, 0xf, 0x76, {0x5, 0xf, 0x76, 0x6, [@ssp_cap={0x18, 0x10, 0xa, 0xcf, 0x3, 0xf5, 0xff00, 0x8, [0xff00, 0x30, 0xff0000]}, @ssp_cap={0x10, 0x10, 0xa, 0x79, 0x1, 0x7c52, 0x0, 0x6, [0x3fc0]}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x1000, 0xff0f, 0x7, [0x81e91849cda636de, 0x3f00, 0xff3f00, 0xc000, 0xf, 0x3f00]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x9, 0x4, 0x1, 0x3}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x9, 0x7, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "a93d6fa8251c0a813ff825e17fc74471"}]}}, &(0x7f00000001c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0xfe, 0x2, 0x5d, 0x8, "e0a5a535", "4a60013e"}}, &(0x7f0000000240)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4, 0x2, 0x4, 0x7, 0x9e, 0xd, 0x2}}}, &(0x7f0000000840)={0x84, &(0x7f00000002c0)={0x40, 0xd, 0xb4, "3b55139dc4e6b79817fd0681c5c3f4fe9db12ff4092a646e634a5c5e79693337d1329c5fec852bbf1683d5aa7faea4b96dd2160352acaf98a2104b11bf30be41a1da843c36ff2e8a829715f7b7e38eb23f04f35b75749d6e0975ff425797fb65654679dff62d0f1a5889d7d047ef8a016b4c33be3f1a26980e0cec2a3f4f1bba6a7c8fd822f71114ad1cc38c38a52491ece3339757737e282d11792e945e17a260d0ddb35ba3186de9d46df0839d7f00a47c9f20"}, &(0x7f0000000380)={0x0, 0xa, 0x1}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x4, 0x2}}, &(0x7f0000000440)={0x20, 0x0, 0x8, {0x0, 0x8, [0xff0]}}, &(0x7f0000000580)={0x40, 0x7, 0x2, 0x4}, &(0x7f00000005c0)={0x40, 0x9, 0x1, 0xf2}, &(0x7f0000000600)={0x40, 0xb, 0x2, "36b0"}, &(0x7f0000000640)={0x40, 0xf, 0x2}, &(0x7f0000000680)={0x40, 0x13, 0x6, @broadcast}, &(0x7f00000006c0)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x38}}, &(0x7f0000000700)={0x40, 0x19, 0x2, "1c0c"}, &(0x7f0000000740)={0x40, 0x1a, 0x2, 0xfff1}, &(0x7f0000000780)={0x40, 0x1c, 0x1, 0x5}, &(0x7f00000007c0)={0x40, 0x1e, 0x1, 0x3}, &(0x7f0000000800)={0x40, 0x21, 0x1, 0x6}}) 4.590063892s ago: executing program 3 (id=741): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04224705000000000000074049b70e050002ffffffffffff030139f18e0000ebaaaaaaaaaa100201eec91b0c000d000000000000050813a050410604000000000000bcbebd959c070006"], 0x4a) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) 4.49691916s ago: executing program 3 (id=742): kexec_load(0x3, 0x2, &(0x7f00000005c0)=[{&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82baa911f236f959fb9227524d4fe6b621a19823457d04c399283edbac755852623c82f7206d26e918a2981c", 0x57, 0x5, 0xffffffff}, {0x0, 0x0, 0x7, 0x2}], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002840)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x20}, 0x1c, 0x0}}], 0x1, 0x14018891) sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{0x0}, {0x0}, {&(0x7f0000000740)="747516464293f8e8eec3ccb7dd473a382a0d368ad8a1242abe3b11d915f3eb582e10ff9b8afa9a3d6fa9075032a573688f84e342bf19f200379d5291489fa5151a46ed483044e784cb8f430cbcd5a6145d72a2d2b2b6aa78add2ab0812de906e5545585d6aadca938d5a62632604101886bd45bc15550815c5dcec420b547b43f88b56489e54d47307371d68817c7eca00a16bce0ea94917082d", 0x9a}], 0x3}, 0x41) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48001}, 0x4044050) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0xc0400) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x8000000) 4.297648947s ago: executing program 4 (id=743): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000340)={0x0, 0x0, 0x100, 0xfffffffe, 0x1e5}, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, r4, &(0x7f0000000280)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r0, 0x0, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0, 0x40002102, 0x1, {0x3}}) syz_ublk_add_dev(r1, r2, r3, r4, &(0x7f00000003c0)={0x2e, 0x5, 0xf5, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x4, 0xd74, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10}}}, &(0x7f0000000440)) 4.105213329s ago: executing program 4 (id=744): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x4b8, 0x202, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x48, 0x50, 0x7f, "", [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x7, 0x1, 0x1, 0xc, "", {{{0x9, 0x5, 0x1, 0x2, 0x200, 0x3, 0x10, 0xa}}, [{{0x9, 0x5, 0x82, 0x2, 0x40, 0x1, 0xe, 0x9}}]}}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x200, 0x0, 0x2, 0xb, 0x20, 0x5}, 0xea, &(0x7f0000000240)={0x5, 0xf, 0xea, 0x6, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0xc, 0x8, 0x30}, @generic={0xffffffffffffff53, 0x10, 0x4, "8793c833fc45bee5faac312d9cd1e10234f1cc70d1757b4d45a6eeee1254a1f28b45821e0f6c6c30af65540fe45faa380ab3c879766ad0ce383df5db5fc08b53f2f7426861fe548855024c62cc7127571c0470c2bde909982fb3bcebbb0547fffce5854c21e9f5c4c5759111db1e37517741ca8cb842ef28f078cb5668b335f0112fbece5cbf3b0eea5f86527e64ffb550f820e561134a9dc6ec29fe675c3a0037711506c18a2df32793d28f28795ce83f8cb5c843e4b242"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xb, 0x3, 0x9, 0x3}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0x0, 0x1, 0x1, 0x9ff8177cd42f3977, 0x200, [0x3f30]}]}, 0x5, [{0x0, 0x0}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x41e}}, {0x51, &(0x7f00000005c0)=@string={0x51, 0x3, "797f34fd078483e2722d816e9d43978bbfe660313085d3b2a21aaa7f4aaa0874e1b4e26f8d65174d233d9dea3be9c5c083618d1e66fbf17a22f119ccbdc379a1ccf47b623240b4e9d0864b9c53c6d8"}}, {0x10, &(0x7f00000003c0)=@string={0x10, 0x3, "cda2736f117f06354f5c5b270ac9"}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x430}}]}) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="100000000914ed37"], 0x10}, 0x1, 0x0, 0x0, 0x40040}, 0x20004080) syz_usb_control_io$printer(r0, 0x0, 0x0) 3.31714157s ago: executing program 3 (id=745): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000200)='.\x00', 0x10000a0) lsetxattr$system_posix_acl(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180)='system.posix_acl_access\x00', 0x0, 0xff8c, 0x2) 3.116889278s ago: executing program 3 (id=746): r0 = socket$kcm(0x29, 0x5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x10, 0x3}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff000) 2.558520672s ago: executing program 0 (id=747): futex_waitv(&(0x7f0000002240)=[{0x10000, &(0x7f0000000e00)=0x8000000000000000, 0x2}, {0x400, &(0x7f0000000e40)=0x8, 0x82}, {0x3, &(0x7f0000000e80), 0x82}, {0x1, &(0x7f0000000ec0)=0x97ac, 0x2}, {0x7, &(0x7f0000000f00)=0x5, 0x82}, {0x8000, &(0x7f0000000f40)=0xffffffffffff1cca, 0x82}, {0x80, &(0x7f0000000f80)=0x9, 0x82}, {0x2, &(0x7f0000000fc0)=0xfffffffffffffc01, 0x82}, {0x6, &(0x7f0000001000)=0x5e21, 0x82}, {0x4, &(0x7f0000001040), 0x2}, {0x1ff, &(0x7f0000001080)=0x92, 0x82}, {0x7, &(0x7f00000010c0)=0x9, 0x184}, {0x1, 0x0, 0x82}], 0xd, 0x0, &(0x7f0000002a00)={0x0, 0x989680}, 0x0) 2.435517484s ago: executing program 0 (id=748): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_STATION(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022cbd7000fddbdf2511000000180011800400070004000600040002000400060005007400cc5bce1208a3f49f57941c744100000000050019000000000bac00b0792a0092f0323fe7248bb1fe788d1083b4de66d3a2cdd4dffd7b466831e7fca47a29eea51c59199f1c072f193eb51abd"], 0x3c}}, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) mount$cgroup2(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x2018008, &(0x7f0000004200)={[{}, {@pids_localevents}, {@memory_localevents}]}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000400408050000000000000000a78e4d5d83a39c39158c28288e0002000002f7ff0100000000000003002f000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000ffdbdf2501000000000000000841003794"], 0x30}, 0x1, 0x0, 0x0, 0x20008054}, 0x24000040) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r5, 0xc018620b, &(0x7f0000000080)={0x3}) io_submit(0x0, 0x1, &(0x7f00000007c0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)="34f22897761c01bbb77c5277e7cb3cd0789aeb0c3bc53775fe871d9991c7d9b5c6117e3a196862290bb6bd26d8f4a99ce67912edc0817e99b571d32592a10dd8d8", 0x41, 0x0, 0x0, 0x3}]) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) r7 = socket$nl_rdma(0x10, 0x3, 0x14) r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r11, 0xc040aed5, &(0x7f0000000240)={0x0, 0x107000}) ioctl$KVM_GET_DIRTY_LOG(r10, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000/0x3000)=nil}) close_range(r8, 0xffffffffffffffff, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r6, 0x84, 0x1, &(0x7f0000000140)={0x0, 0x1, 0x1, 0x6, 0x4, 0x5}, &(0x7f0000000180)=0x14) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYRES32=r5, @ANYRESOCT=r4, @ANYBLOB="010000000000000000008100000008000300", @ANYRES32=r4, @ANYBLOB="0a0006000802110000010000060066008e8800001c0033"], 0x4c}, 0x1, 0x0, 0x0, 0x20004000}, 0x8048804) r12 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x88000, 0x0) execveat(r12, &(0x7f0000000380)='./file0\x00', &(0x7f00000005c0)={[&(0x7f00000003c0)='nsdelegate', &(0x7f0000000440)='-\x00', &(0x7f0000000480)='\x00', &(0x7f00000004c0)='\x00', &(0x7f0000000500)='pids_localevents', &(0x7f0000000540)=')&%)[\x00', &(0x7f0000000580)='\\$]]%{#(-}(\x00']}, &(0x7f0000000640)={[&(0x7f0000000600)='wlan0\x00']}, 0x800) 2.435201184s ago: executing program 4 (id=749): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000340)={0x0, 0x0, 0x100, 0xfffffffe, 0x1e5}, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, r4, &(0x7f0000000280)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r0, 0x0, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0, 0x40002102, 0x1, {0x3}}) syz_ublk_add_dev(r1, r2, r3, r4, &(0x7f00000003c0)={0x2e, 0x5, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x4, 0xd74, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10}}}, &(0x7f0000000440)) (fail_nth: 8) 2.360969923s ago: executing program 3 (id=750): syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04224705000000000000074049b70e050002ffffffffffff030139f18e0000ebaaaaaaaaaa100201eec91b0c000d000000000000050813a050410604000000000000bcbebd959c070006"], 0x4a) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) 2.235173175s ago: executing program 4 (id=751): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000a40)=ANY=[@ANYBLOB="12010000e3ddef20501da1604fa1010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000680)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000000800)={0x44, 0x0, &(0x7f00000005c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x10}, &(0x7f0000000640)={0x20, 0x81, 0x2, "79eb"}, &(0x7f0000000700)={0x20, 0x82, 0x2, 'P$'}, &(0x7f0000000740)={0x20, 0x83, 0x3, 'q#{'}, &(0x7f0000000780)={0x20, 0x84, 0x2, "2bed"}, &(0x7f00000007c0)={0x20, 0x85, 0x3, "385ee2"}}) syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.83708151s ago: executing program 0 (id=752): r0 = socket$kcm(0x10, 0x2, 0x0) (async) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x280801, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ipvlan1\x00', 0x10}) (async) r2 = socket$inet6(0xa, 0x80802, 0x0) fcntl$setstatus(r2, 0x4, 0x42c00) (async) sendmmsg$inet6(r2, &(0x7f0000007240)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0x6, @mcast2, 0x7}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000012c0)="1ce02c7a", 0xfe60}], 0x1}}, {{0x0, 0x0, &(0x7f0000000000), 0x1}}], 0x3, 0x1c000) (async) ppoll(&(0x7f0000000140)=[{r2, 0x5}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$FE_DISHNETWORK_SEND_LEGACY_CMD(0xffffffffffffffff, 0x6f50, 0x6) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)="d8000000140081044e81f782db44b9040a1d080201000000040000a118000200ff030000000100000000000000000001a80016ea1f000840032e5f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f722f054f55153c6f94007134cf6ee08000a09108e8d8ef075c0100000000000000cb090000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e0060000000000000580bb9ad809d5e1cace81b341139fe3cd4032e8edb12d", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x4040c04) 1.64429405s ago: executing program 3 (id=753): syz_open_dev$media(0x0, 0x0, 0x20004) r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_usb_connect(0x5, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="120100003d2ab420720c0d009b27010203010902120001000000000904"], 0x0) syz_usb_control_io$uac3(r1, 0x0, &(0x7f0000000a40)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="001200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000140)=ANY=[@ANYBLOB="06000000", @ANYRES16, @ANYBLOB="0100ffefff7f000000043e0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000032ff8200736f757263655f6d61635f69735f6d756c746963617374000500820000000000"], 0x58}}, 0x20000054) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x17}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x10000, 0x1cc, 0x12d61, 0x1}}, 0x44) syz_usb_control_io$rtl8150(r1, 0xfffffffffffffffe, &(0x7f0000000840)={0x2c, &(0x7f0000000480)=ANY=[@ANYBLOB="0016ae0000006c93d8afe9d7012be65da2c43c8f477c82a93055d7477831d52486d835cffe406f3d13b6c0a5515a0ba219dfedc803ac315550cccd86c391984a7b827859fa7d8e31a54fba6244896cf2dbc8e9fa7b44b6e6a0ea315aeeaff570b4f3996d7852d5637aa93abfc1bbc11844258392383f3d734fc78b7adc0e765619a5b7f13be01d5896e5bfff728fd1816f37f30bace70dbaa5bd3e044f5da7864a81d88b41a68e029e9686a807872666e5e60071"], &(0x7f0000000540)={0x0, 0xa, 0x1, 0x41}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x3}, &(0x7f00000002c0)=ANY=[@ANYBLOB="802b6fd3329814874b88bdc215091b95c0052cb00000"], &(0x7f0000000800)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00']}) socket$inet_udp(0x2, 0x2, 0x0) 1.225802697s ago: executing program 1 (id=754): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000980)="91f8a9849519def28691bbc4173c3d6f357d0272b7e95a136b3ffec75b73e6937b7b22a1319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000f2ffffff2e3591ceb1757de97fb25500620d0d30506e7429fa5337b74945da657f794d5b5bf89588e07b14a17f069912dc0c3f201bff8b9a687b85baa11244632642a9be7b42b6b5882b738f05eba73221490e2d5c17cf406be2796eec488a5b5268f507ee8d6f3dd1d64abc785708eb9bd24e352a984b2b", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000001500)="24acadd7f04daaa04e88680351d9ce53f67fd2afefe557d4bd561f02df2570f175951d4bdd97ec433ec583c79fa668922a61c8662e0890ce06996f5ba401e582dfb5197822bee50c6cd4b3a6f9d14f1fde9b1698ad6847d4fde0458282ece396a1e212cd02e6fb62599df5ecb5984843ee04e96eb26fa2a8100a0b7b2d032fff965485ded83b39d6c9835416a8db5414a6c54101693e6b05e652b49fceaf4a0cc2b7898034ff0eb5150b3e85b9ff5658ba346d0b6b5a3a71eb084311606cf6b8ccf7c45a79b319a201e9c5ae9f0aab5c4dd7a77de7f5ae2edb307892dbfa8377446d8cabb9302b27250c66ddaeb3988933", 0xf1}], 0x1}}], 0x2, 0x2090) close_range(r0, 0xffffffffffffffff, 0x300) 1.081270802s ago: executing program 0 (id=755): r0 = socket$kcm(0x29, 0x5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff000) (fail_nth: 8) 777.715267ms ago: executing program 1 (id=756): futex_waitv(&(0x7f0000002240)=[{0x10000, &(0x7f0000000e00)=0x8000000000000000, 0x2}, {0x400, &(0x7f0000000e40)=0x8, 0x82}, {0x3, &(0x7f0000000e80), 0x82}, {0x1, &(0x7f0000000ec0)=0x97ac, 0x2}, {0x7, &(0x7f0000000f00)=0x5, 0x82}, {0x8000, &(0x7f0000000f40)=0xffffffffffff1cca, 0x82}, {0x80, &(0x7f0000000f80)=0x9, 0x82}, {0x2, &(0x7f0000000fc0)=0xfffffffffffffc01, 0x82}, {0x6, &(0x7f0000001000)=0x5e21, 0x82}, {0x4, &(0x7f0000001040), 0x2}, {0x1ff, &(0x7f0000001080)=0x92, 0x82}, {0x1, 0x0, 0x82}], 0xc, 0x0, &(0x7f0000002a00)={0x0, 0x989680}, 0x0) 500.374395ms ago: executing program 1 (id=757): socket$alg(0x26, 0x5, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000d00)=""/4096, &(0x7f0000001d00)=0x1000) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000000000500140008000000050005000a000000050001000600000011000300686173683a69702c706f7274"], 0x60}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYRESOCT=r1], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x8090) r2 = epoll_create1(0x80000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x2000001c}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000000)={0xa0000001}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="48000000030e03000000000000000000010000030900020073797a3100000000050001000700000005000100070000000500010007000000050001000700000405000100e4ffffff"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x800) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0)=0x0) fcntl$setownex(r7, 0xf, &(0x7f0000000100)={0x0, r8}) close_range(r6, 0xffffffffffffffff, 0x0) r9 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r10, 0xc0605345, &(0x7f0000000080)={0x0, 0x1, {0x2, 0x3, 0x5, 0x1}, 0x7f}) fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0) fsmount(r9, 0x1, 0x0) r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r11, &(0x7f0000000080)=[{&(0x7f0000000040)=""/48, 0x30}], 0x1, 0xffffffea, 0x6) 0s ago: executing program 0 (id=758): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'dummy0\x00', 0x0}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = userfaultfd(0x80801) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x60000008}) r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, &(0x7f0000000540)) epoll_pwait(r1, &(0x7f0000001680)=[{}], 0x1, 0x771b, 0x0, 0x0) kernel console output (not intermixed with test programs): 216.398435][ T7320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 216.398450][ T7320] RSP: 002b:00007f1354776028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 216.398478][ T7320] RAX: ffffffffffffffda RBX: 00007f1356795fa0 RCX: 00007f135651ce59 [ 216.398491][ T7320] RDX: 0000000000002716 RSI: 0000200000000114 RDI: 0000000000000003 [ 216.398503][ T7320] RBP: 00007f1354776090 R08: 0000200000000000 R09: 0000000000000000 [ 216.398513][ T7320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 216.398523][ T7320] R13: 00007f1356796038 R14: 00007f1356795fa0 R15: 00007ffd44badda8 [ 216.398549][ T7320] [ 217.072608][ T5815] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 217.113027][ T5884] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 217.219707][ T5815] usb 4-1: Using ep0 maxpacket: 8 [ 217.239398][ T5815] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 217.239429][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.239449][ T5815] usb 4-1: Product: syz [ 217.239463][ T5815] usb 4-1: Manufacturer: syz [ 217.239478][ T5815] usb 4-1: SerialNumber: syz [ 217.250742][ T5815] usb 4-1: config 0 descriptor?? [ 217.349019][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 217.375079][ T5884] usb 2-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 217.375107][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.375124][ T5884] usb 2-1: Product: syz [ 217.375135][ T5884] usb 2-1: Manufacturer: syz [ 217.375146][ T5884] usb 2-1: SerialNumber: syz [ 217.407991][ T5884] usb 2-1: config 0 descriptor?? [ 217.417451][ T5884] hub 2-1:0.0: bad descriptor, ignoring hub [ 217.417491][ T5884] hub 2-1:0.0: probe with driver hub failed with error -5 [ 217.438231][ T5884] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 217.493031][ T5815] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 217.803978][ T5884] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 217.940073][ T5645] udevd[5645]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 218.617269][ T7345] FAULT_INJECTION: forcing a failure. [ 218.617269][ T7345] name failslab, interval 1, probability 0, space 0, times 0 [ 218.617307][ T7345] CPU: 1 UID: 0 PID: 7345 Comm: syz.4.423 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 218.617329][ T7345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 218.617343][ T7345] Call Trace: [ 218.617350][ T7345] [ 218.617358][ T7345] dump_stack_lvl+0xe8/0x150 [ 218.617388][ T7345] should_fail_ex+0x46b/0x600 [ 218.617421][ T7345] should_failslab+0xa8/0x100 [ 218.617549][ T7345] kmem_cache_alloc_noprof+0x87/0x680 [ 218.617582][ T7345] ? __kvm_mmu_topup_memory_cache+0x1b4/0x610 [ 218.617611][ T7345] __kvm_mmu_topup_memory_cache+0x1b4/0x610 [ 218.617646][ T7345] mmu_topup_memory_caches+0x21/0x170 [ 218.617674][ T7345] kvm_mmu_load+0x9d/0x2320 [ 218.617697][ T7345] ? kvm_msr_allowed+0x9a/0x490 [ 218.617726][ T7345] ? kvm_msr_allowed+0x9a/0x490 [ 218.617751][ T7345] ? kvm_msr_allowed+0x3f4/0x490 [ 218.617777][ T7345] ? kvm_msr_allowed+0x9a/0x490 [ 218.617805][ T7345] ? kvm_apic_has_interrupt+0x73c/0x770 [ 218.617964][ T7345] ? vmx_recalc_intercepts+0xec4/0x1b10 [ 218.618004][ T7345] vcpu_run+0x5c68/0x7830 [ 218.618021][ T7345] ? kvm_sched_in+0x7c/0xe0 [ 218.618107][ T7345] ? __pfx_vcpu_run+0x10/0x10 [ 218.618137][ T7345] ? kvm_x86_vcpu_pre_run+0xa5/0x140 [ 218.618163][ T7345] kvm_arch_vcpu_ioctl_run+0x11e6/0x20d0 [ 218.618195][ T7345] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 218.618215][ T7345] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 218.618239][ T7345] ? do_raw_spin_lock+0x12b/0x2f0 [ 218.618269][ T7345] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 218.618309][ T7345] ? lockdep_hardirqs_on+0x7a/0x110 [ 218.618335][ T7345] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 218.618357][ T7345] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 218.618381][ T7345] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 218.618405][ T7345] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 218.618426][ T7345] ? lockdep_hardirqs_on+0x7a/0x110 [ 218.618448][ T7345] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 218.618486][ T7345] ? rt_write_unlock+0x190/0x230 [ 218.618510][ T7345] kvm_vcpu_ioctl+0xa65/0xfe0 [ 218.618544][ T7345] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 218.618590][ T7345] ? __fget_files+0x2a/0x420 [ 218.618617][ T7345] ? __fget_files+0x2a/0x420 [ 218.618637][ T7345] ? __fget_files+0x3a6/0x420 [ 218.618659][ T7345] ? __fget_files+0x2a/0x420 [ 218.618683][ T7345] ? bpf_lsm_file_ioctl+0x9/0x20 [ 218.618711][ T7345] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 218.618737][ T7345] __se_sys_ioctl+0xff/0x170 [ 218.618765][ T7345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.618786][ T7345] do_syscall_64+0x174/0x580 [ 218.618813][ T7345] ? trace_irq_disable+0x3b/0x140 [ 218.618842][ T7345] ? clear_bhb_loop+0x40/0x90 [ 218.618866][ T7345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.618885][ T7345] RIP: 0033:0x7f135651ce59 [ 218.618905][ T7345] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 218.618920][ T7345] RSP: 002b:00007f1354776028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 218.618940][ T7345] RAX: ffffffffffffffda RBX: 00007f1356795fa0 RCX: 00007f135651ce59 [ 218.618954][ T7345] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 218.618967][ T7345] RBP: 00007f1354776090 R08: 0000000000000000 R09: 0000000000000000 [ 218.618978][ T7345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.618988][ T7345] R13: 00007f1356796038 R14: 00007f1356795fa0 R15: 00007ffd44badda8 [ 218.619015][ T7345] [ 218.891576][ T5884] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 219.021673][ T5815] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 219.024759][ T5815] usb 4-1: USB disconnect, device number 30 [ 219.059242][ T5884] usb 1-1: Using ep0 maxpacket: 16 [ 219.065641][ T5884] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 167, changing to 7 [ 219.068541][ T5884] usb 1-1: New USB device found, idVendor=1235, idProduct=8004, bcdDevice= 0.40 [ 219.068573][ T5884] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.068591][ T5884] usb 1-1: Product: syz [ 219.068605][ T5884] usb 1-1: Manufacturer: syz [ 219.068619][ T5884] usb 1-1: SerialNumber: syz [ 219.368582][ T5884] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 219.370486][ T5884] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 219.370995][ T5884] usb 1-1: unit 1 not found! [ 219.454113][ T9] usb 2-1: USB disconnect, device number 25 [ 219.617238][ T5884] usb 1-1: USB disconnect, device number 22 [ 219.747468][ T5653] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 219.802109][ T5815] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 219.919227][ T5653] usb 5-1: Using ep0 maxpacket: 8 [ 219.935004][ T5653] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 219.935071][ T5653] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 219.935094][ T5653] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.970047][ T5815] usb 4-1: Using ep0 maxpacket: 16 [ 219.980004][ T5815] usb 4-1: unable to get BOS descriptor or descriptor too short [ 220.018930][ T5653] usb 5-1: config 0 descriptor?? [ 220.035411][ T5815] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=36.87 [ 220.035440][ T5815] usb 4-1: New USB device strings: Mfr=5, Product=2, SerialNumber=3 [ 220.035458][ T5815] usb 4-1: Product: syz [ 220.035471][ T5815] usb 4-1: Manufacturer: syz [ 220.035485][ T5815] usb 4-1: SerialNumber: syz [ 220.038496][ T5653] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 220.060230][ T7373] netlink: 2 bytes leftover after parsing attributes in process `syz.0.428'. [ 220.060794][ T7373] xfrm0: entered promiscuous mode [ 220.262500][ T7379] binder: 7377:7379 ioctl c0306201 200000000080 returned -14 [ 220.266631][ T7379] binder: 7377:7379 ioctl c0306201 2000000003c0 returned -14 [ 221.065715][ T7400] FAULT_INJECTION: forcing a failure. [ 221.065715][ T7400] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.065802][ T7400] CPU: 1 UID: 0 PID: 7400 Comm: syz.1.433 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 221.065823][ T7400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 221.065835][ T7400] Call Trace: [ 221.065842][ T7400] [ 221.065850][ T7400] dump_stack_lvl+0xe8/0x150 [ 221.065878][ T7400] should_fail_ex+0x46b/0x600 [ 221.065911][ T7400] _copy_to_user+0x31/0xb0 [ 221.065934][ T7400] simple_read_from_buffer+0xe1/0x170 [ 221.065994][ T7400] proc_fail_nth_read+0x1be/0x230 [ 221.066019][ T7400] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 221.066044][ T7400] ? rw_verify_area+0x2ac/0x4e0 [ 221.066068][ T7400] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 221.066113][ T7400] vfs_read+0x212/0xa80 [ 221.066163][ T7400] ? __pfx_vfs_read+0x10/0x10 [ 221.066190][ T7400] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 221.066217][ T7400] ? lockdep_hardirqs_on+0x7a/0x110 [ 221.066243][ T7400] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 221.066270][ T7400] ? mutex_lock_nested+0x152/0x1d0 [ 221.066289][ T7400] ? fdget_pos+0x252/0x320 [ 221.066319][ T7400] ksys_read+0x156/0x270 [ 221.066344][ T7400] ? __pfx_ksys_read+0x10/0x10 [ 221.066383][ T7400] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.066404][ T7400] do_syscall_64+0x174/0x580 [ 221.066432][ T7400] ? clear_bhb_loop+0x40/0x90 [ 221.066455][ T7400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.066472][ T7400] RIP: 0033:0x7f5c0082d68e [ 221.066489][ T7400] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 221.066505][ T7400] RSP: 002b:00007f5bfeabdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 221.066525][ T7400] RAX: ffffffffffffffda RBX: 00007f5bfeabe6c0 RCX: 00007f5c0082d68e [ 221.066539][ T7400] RDX: 000000000000000f RSI: 00007f5bfeabe0a0 RDI: 0000000000000005 [ 221.066550][ T7400] RBP: 00007f5bfeabe090 R08: 0000000000000000 R09: 0000000000000000 [ 221.066561][ T7400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 221.066572][ T7400] R13: 00007f5c00ae6038 R14: 00007f5c00ae5fa0 R15: 00007ffc090fa408 [ 221.066603][ T7400] [ 221.248048][ T5653] gspca_vc032x: reg_w err -110 [ 221.248129][ T5653] vc032x 5-1:0.0: probe with driver vc032x failed with error -110 [ 221.633182][ T5815] usb usb4-port1: Cannot enable. Maybe the USB cable is bad? [ 221.743843][ T7411] netlink: 12 bytes leftover after parsing attributes in process `syz.1.436'. [ 221.869293][ T5815] usb 4-1: reset high-speed USB device number 31 using dummy_hcd [ 221.941063][ T9] usb 5-1: USB disconnect, device number 4 [ 222.391356][ T5815] usb 4-1: USB disconnect, device number 31 [ 222.569441][ T5815] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 222.721311][ T5815] usb 4-1: Using ep0 maxpacket: 16 [ 222.723035][ T5815] usb 4-1: too many configurations: 67, using maximum allowed: 8 [ 222.725622][ T5815] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 222.725659][ T5815] usb 4-1: can't read configurations, error -61 [ 222.836291][ T7431] trusted_key: encrypted_key: insufficient parameters specified [ 222.849293][ T5815] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 223.009292][ T5815] usb 4-1: Using ep0 maxpacket: 16 [ 223.010270][ T5815] usb 4-1: too many configurations: 67, using maximum allowed: 8 [ 223.012341][ T5815] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 223.012370][ T5815] usb 4-1: can't read configurations, error -61 [ 223.012807][ T5815] usb usb4-port1: attempt power cycle [ 223.189300][ T32] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 223.340335][ T32] usb 5-1: Using ep0 maxpacket: 8 [ 223.354276][ T32] usb 5-1: unable to get BOS descriptor or descriptor too short [ 223.355402][ T32] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 223.355459][ T32] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 223.355480][ T32] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 223.409230][ T5815] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 223.434813][ T32] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 223.434841][ T32] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.434859][ T32] usb 5-1: Product: syz [ 223.434872][ T32] usb 5-1: Manufacturer: syz [ 223.434885][ T32] usb 5-1: SerialNumber: syz [ 223.444874][ T32] usb 5-1: config 0 descriptor?? [ 223.479755][ T5815] usb 4-1: Using ep0 maxpacket: 16 [ 223.480571][ T5815] usb 4-1: too many configurations: 67, using maximum allowed: 8 [ 223.484261][ T5815] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 223.484295][ T5815] usb 4-1: can't read configurations, error -61 [ 223.499773][ T32] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 223.614905][ T5815] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 223.627701][ T7462] FAULT_INJECTION: forcing a failure. [ 223.627701][ T7462] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.627734][ T7462] CPU: 1 UID: 0 PID: 7462 Comm: syz.1.444 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 223.627755][ T7462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 223.627765][ T7462] Call Trace: [ 223.627772][ T7462] [ 223.627779][ T7462] dump_stack_lvl+0xe8/0x150 [ 223.627807][ T7462] should_fail_ex+0x46b/0x600 [ 223.627839][ T7462] _copy_from_user+0x2d/0xb0 [ 223.627860][ T7462] __copy_msghdr+0x3c5/0x5b0 [ 223.627891][ T7462] ___sys_sendmsg+0x213/0x360 [ 223.627917][ T7462] ? __lock_acquire+0x6b5/0x2d10 [ 223.627942][ T7462] ? __pfx____sys_sendmsg+0x10/0x10 [ 223.627998][ T7462] ? __fget_files+0x2a/0x420 [ 223.628019][ T7462] ? __fget_files+0x3a6/0x420 [ 223.628047][ T7462] __x64_sys_sendmsg+0x1c3/0x2a0 [ 223.628077][ T7462] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 223.628112][ T7462] ? __pfx_ksys_write+0x10/0x10 [ 223.628143][ T7462] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.628163][ T7462] do_syscall_64+0x174/0x580 [ 223.628188][ T7462] ? trace_irq_disable+0x3b/0x140 [ 223.628208][ T7462] ? clear_bhb_loop+0x40/0x90 [ 223.628230][ T7462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.628248][ T7462] RIP: 0033:0x7f5c0086ce59 [ 223.628265][ T7462] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 223.628280][ T7462] RSP: 002b:00007f5bfeabe028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 223.628299][ T7462] RAX: ffffffffffffffda RBX: 00007f5c00ae5fa0 RCX: 00007f5c0086ce59 [ 223.628312][ T7462] RDX: 0000000020000000 RSI: 0000200000000800 RDI: 0000000000000003 [ 223.628324][ T7462] RBP: 00007f5bfeabe090 R08: 0000000000000000 R09: 0000000000000000 [ 223.628336][ T7462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.628349][ T7462] R13: 00007f5c00ae6038 R14: 00007f5c00ae5fa0 R15: 00007ffc090fa408 [ 223.628377][ T7462] [ 223.630445][ T5815] usb 4-1: Using ep0 maxpacket: 16 [ 223.631317][ T5815] usb 4-1: too many configurations: 67, using maximum allowed: 8 [ 223.633128][ T5815] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 223.633159][ T5815] usb 4-1: can't read configurations, error -61 [ 223.633537][ T5815] usb usb4-port1: unable to enumerate USB device [ 224.434418][ T32] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 224.462818][ T32] usb 5-1: USB disconnect, device number 5 [ 224.738491][ T5658] udevd[5658]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 224.929276][ T32] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 225.089664][ T32] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 225.089693][ T32] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 225.089739][ T32] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt [ 225.089760][ T32] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 225.089782][ T32] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 225.089822][ T32] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 225.089845][ T32] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.124308][ T32] usbtmc 5-1:16.0: bulk endpoints not found [ 225.343913][ T7474] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 225.646982][ T7490] netlink: 'syz.0.453': attribute type 10 has an invalid length. [ 225.767852][ T7490] team0: Device dummy0 is up. Set it down before adding it as a team port [ 225.913771][ T7505] netlink: 4 bytes leftover after parsing attributes in process `syz.3.458'. [ 225.949514][ T5884] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 225.976963][ T7505] RDS: rds_bind could not find a transport for ::ffff:172.30.0.4, load rds_tcp or rds_rdma? [ 226.113526][ T5884] usb 2-1: Using ep0 maxpacket: 8 [ 226.162739][ T5884] usb 2-1: unable to get BOS descriptor or descriptor too short [ 226.172952][ T5884] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 226.173005][ T5884] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 226.173025][ T5884] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 226.191334][ T5884] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 226.191366][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.191385][ T5884] usb 2-1: Product: syz [ 226.191398][ T5884] usb 2-1: Manufacturer: syz [ 226.191411][ T5884] usb 2-1: SerialNumber: syz [ 226.212780][ T5884] usb 2-1: config 0 descriptor?? [ 226.284304][ T5884] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 226.355493][ T5884] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 226.401659][ T5665] udevd[5665]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 226.432037][ T5884] usb 2-1: USB disconnect, device number 26 [ 227.394970][ T7529] cgroup: release_agent respecified [ 227.419599][ T7529] netlink: 12 bytes leftover after parsing attributes in process `syz.3.464'. [ 227.419645][ T7529] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 227.480282][ T9] usb 5-1: USB disconnect, device number 6 [ 227.516083][ T5648] Bluetooth: hci1: Malformed Event: 0x02 [ 227.714942][ T5756] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 227.889236][ T5756] usb 2-1: Using ep0 maxpacket: 8 [ 227.898459][ T5756] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 227.898490][ T5756] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.898509][ T5756] usb 2-1: Product: syz [ 227.898522][ T5756] usb 2-1: Manufacturer: syz [ 227.898534][ T5756] usb 2-1: SerialNumber: syz [ 228.035235][ T5756] usb 2-1: config 0 descriptor?? [ 228.048990][ T5756] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 228.473175][ T5756] gspca_sonixj: reg_r err -32 [ 228.473261][ T5756] sonixj 2-1:0.0: probe with driver sonixj failed with error -32 [ 228.859590][ T5884] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 228.908064][ T7555] orangefs_devreq_open: device cannot be opened in blocking mode [ 229.030880][ T5884] usb 5-1: Using ep0 maxpacket: 32 [ 229.060882][ T5884] usb 5-1: New USB device found, idVendor=2a39, idProduct=3fd3, bcdDevice= 0.40 [ 229.060913][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.060931][ T5884] usb 5-1: Product: syz [ 229.060943][ T5884] usb 5-1: Manufacturer: syz [ 229.060956][ T5884] usb 5-1: SerialNumber: syz [ 229.337429][ T7550] netlink: 8 bytes leftover after parsing attributes in process `syz.4.468'. [ 229.967266][ T7570] netlink: 'syz.3.476': attribute type 1 has an invalid length. [ 230.102161][ T7576] netlink: zone id is out of range [ 230.102258][ T7576] netlink: del zone limit has 8 unknown bytes [ 230.280401][ T32] usb 2-1: USB disconnect, device number 27 [ 230.999312][ T32] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 231.170734][ T32] usb 2-1: Using ep0 maxpacket: 32 [ 231.198798][ T32] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 231.198822][ T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.198842][ T32] usb 2-1: Product: syz [ 231.198855][ T32] usb 2-1: Manufacturer: syz [ 231.198882][ T32] usb 2-1: SerialNumber: syz [ 231.223858][ T32] usb 2-1: config 0 descriptor?? [ 231.552304][ T5755] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 231.608797][ T5884] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 231.663991][ T5884] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 231.741051][ T5755] usb 4-1: Using ep0 maxpacket: 32 [ 231.745989][ T5755] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 231.746041][ T5755] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.746061][ T5755] usb 4-1: Product: syz [ 231.746073][ T5755] usb 4-1: Manufacturer: syz [ 231.746085][ T5755] usb 4-1: SerialNumber: syz [ 231.802582][ T5755] usb 4-1: config 0 descriptor?? [ 231.921905][ T5884] usb 5-1: USB disconnect, device number 7 [ 232.085398][ T32] peak_usb 2-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 232.085431][ T32] peak_usb 2-1:0.0 can0: sending command failure: -22 [ 232.085484][ T32] peak_usb 2-1:0.0 can0: sending command failure: -22 [ 232.245892][ T5755] airspy 4-1:0.0: Board ID: 00 [ 232.245914][ T5755] airspy 4-1:0.0: Firmware version: [ 232.423669][ T32] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -22 [ 232.448937][ T5755] airspy 4-1:0.0: usb_control_msg() failed -32 request 11 [ 232.523985][ T32] usb 2-1: USB disconnect, device number 28 [ 232.533428][ T5755] airspy 4-1:0.0: Registered as swradio24 [ 232.533449][ T5755] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 233.034315][ T7606] FAULT_INJECTION: forcing a failure. [ 233.034315][ T7606] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 233.034337][ T7606] CPU: 1 UID: 0 PID: 7606 Comm: syz.1.486 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 233.034349][ T7606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 233.034356][ T7606] Call Trace: [ 233.034360][ T7606] [ 233.034364][ T7606] dump_stack_lvl+0xe8/0x150 [ 233.034382][ T7606] should_fail_ex+0x46b/0x600 [ 233.034400][ T7606] _copy_to_user+0x31/0xb0 [ 233.034413][ T7606] hci_get_dev_list+0x2da/0x380 [ 233.034428][ T7606] sock_do_ioctl+0x101/0x320 [ 233.034441][ T7606] ? __pfx_sock_do_ioctl+0x10/0x10 [ 233.034459][ T7606] sock_ioctl+0x5c9/0x7f0 [ 233.034470][ T7606] ? __pfx_sock_ioctl+0x10/0x10 [ 233.034484][ T7606] ? __fget_files+0x2a/0x420 [ 233.034496][ T7606] ? __fget_files+0x3a6/0x420 [ 233.034506][ T7606] ? __fget_files+0x2a/0x420 [ 233.034519][ T7606] ? bpf_lsm_file_ioctl+0x9/0x20 [ 233.034534][ T7606] ? __pfx_sock_ioctl+0x10/0x10 [ 233.034544][ T7606] __se_sys_ioctl+0xff/0x170 [ 233.034558][ T7606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.034569][ T7606] do_syscall_64+0x174/0x580 [ 233.034584][ T7606] ? trace_irq_disable+0x3b/0x140 [ 233.034595][ T7606] ? clear_bhb_loop+0x40/0x90 [ 233.034608][ T7606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.034617][ T7606] RIP: 0033:0x7f5c0086ce59 [ 233.034628][ T7606] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 233.034643][ T7606] RSP: 002b:00007f5bfeabe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.034660][ T7606] RAX: ffffffffffffffda RBX: 00007f5c00ae5fa0 RCX: 00007f5c0086ce59 [ 233.034673][ T7606] RDX: 0000200000000000 RSI: 00000000800448d2 RDI: 0000000000000004 [ 233.034684][ T7606] RBP: 00007f5bfeabe090 R08: 0000000000000000 R09: 0000000000000000 [ 233.034694][ T7606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.034704][ T7606] R13: 00007f5c00ae6038 R14: 00007f5c00ae5fa0 R15: 00007ffc090fa408 [ 233.034737][ T7606] [ 233.631014][ T32] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 233.779579][ T32] usb 2-1: Using ep0 maxpacket: 8 [ 233.784895][ T32] usb 2-1: unable to get BOS descriptor or descriptor too short [ 233.786532][ T32] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 233.786586][ T32] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 233.786614][ T32] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 233.786636][ T32] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 233.786890][ T32] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 5 [ 233.791130][ T32] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 233.791159][ T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.791179][ T32] usb 2-1: Product: syz [ 233.791193][ T32] usb 2-1: Manufacturer: syz [ 233.791207][ T32] usb 2-1: SerialNumber: syz [ 233.804599][ T32] usb 2-1: config 0 descriptor?? [ 233.820175][ T32] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 234.009833][ T5815] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 234.084157][ T7619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.084650][ T7619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.121063][ T32] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 234.138031][ T32] usb 2-1: USB disconnect, device number 29 [ 234.159206][ T5815] usb 1-1: Using ep0 maxpacket: 16 [ 234.165343][ T5815] usb 1-1: config 0 has an invalid interface number: 49 but max is 0 [ 234.165371][ T5815] usb 1-1: config 0 has no interface number 0 [ 234.165411][ T5815] usb 1-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16 [ 234.170041][ T5815] usb 1-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7 [ 234.170072][ T5815] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.170091][ T5815] usb 1-1: Product: syz [ 234.170121][ T5815] usb 1-1: Manufacturer: syz [ 234.170135][ T5815] usb 1-1: SerialNumber: syz [ 234.178246][ T5665] udevd[5665]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 234.273241][ T5815] usb 1-1: config 0 descriptor?? [ 234.274847][ T7616] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 234.343126][ T5755] usb 4-1: USB disconnect, device number 36 [ 234.399316][ T5884] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 234.507023][ T7615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.507825][ T7615] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.578071][ T5815] usb 1-1: USB disconnect, device number 23 [ 234.640661][ T5884] usb 5-1: unable to get BOS descriptor or descriptor too short [ 234.682675][ T5884] usb 5-1: not running at top speed; connect to a high speed hub [ 234.701963][ T5884] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 234.702001][ T5884] usb 5-1: can't read configurations, error -61 [ 234.909783][ T5884] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 235.101795][ T5884] usb 5-1: unable to get BOS descriptor or descriptor too short [ 235.102352][ T5884] usb 5-1: not running at top speed; connect to a high speed hub [ 235.104153][ T5884] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 235.104194][ T5884] usb 5-1: can't read configurations, error -61 [ 235.106876][ T5884] usb usb5-port1: attempt power cycle [ 235.109290][ T5653] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 235.259441][ T5653] usb 2-1: Using ep0 maxpacket: 32 [ 235.264142][ T5653] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 235.264171][ T5653] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.264190][ T5653] usb 2-1: Product: syz [ 235.264204][ T5653] usb 2-1: Manufacturer: syz [ 235.264225][ T5653] usb 2-1: SerialNumber: syz [ 235.309857][ T5653] usb 2-1: config 0 descriptor?? [ 235.449446][ T5884] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 235.475767][ T5884] usb 5-1: unable to get BOS descriptor or descriptor too short [ 235.477052][ T5884] usb 5-1: not running at top speed; connect to a high speed hub [ 235.478708][ T5884] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 235.478738][ T5884] usb 5-1: can't read configurations, error -61 [ 235.624943][ T5884] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 235.655725][ T5884] usb 5-1: unable to get BOS descriptor or descriptor too short [ 235.656395][ T5884] usb 5-1: not running at top speed; connect to a high speed hub [ 235.658738][ T5884] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 235.658773][ T5884] usb 5-1: can't read configurations, error -61 [ 235.660868][ T5884] usb usb5-port1: unable to enumerate USB device [ 235.895910][ T7640] netlink: 4 bytes leftover after parsing attributes in process `syz.0.496'. [ 235.966736][ T5653] peak_usb 2-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 235.966771][ T5653] peak_usb 2-1:0.0 can0: sending command failure: -22 [ 235.966827][ T5653] peak_usb 2-1:0.0 can0: sending command failure: -22 [ 236.031760][ T7641] Process accounting resumed [ 236.284352][ T5653] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -22 [ 236.303147][ T5653] usb 2-1: USB disconnect, device number 30 [ 237.244054][ T7655] JFS: discard option not supported on device [ 237.416667][ T7657] FAULT_INJECTION: forcing a failure. [ 237.416667][ T7657] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 237.416699][ T7657] CPU: 0 UID: 0 PID: 7657 Comm: syz.0.503 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 237.416721][ T7657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 237.416732][ T7657] Call Trace: [ 237.416739][ T7657] [ 237.416747][ T7657] dump_stack_lvl+0xe8/0x150 [ 237.416773][ T7657] should_fail_ex+0x46b/0x600 [ 237.416855][ T7657] _copy_to_user+0x31/0xb0 [ 237.416879][ T7657] simple_read_from_buffer+0xe1/0x170 [ 237.416907][ T7657] proc_fail_nth_read+0x1be/0x230 [ 237.416933][ T7657] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 237.416958][ T7657] ? rw_verify_area+0x2ac/0x4e0 [ 237.416988][ T7657] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 237.417010][ T7657] vfs_read+0x212/0xa80 [ 237.417043][ T7657] ? __pfx_vfs_read+0x10/0x10 [ 237.417077][ T7657] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 237.417105][ T7657] ? lockdep_hardirqs_on+0x7a/0x110 [ 237.417132][ T7657] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 237.417158][ T7657] ? mutex_lock_nested+0x152/0x1d0 [ 237.417178][ T7657] ? fdget_pos+0x252/0x320 [ 237.417209][ T7657] ksys_read+0x156/0x270 [ 237.417236][ T7657] ? __pfx_ksys_read+0x10/0x10 [ 237.417287][ T7657] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.417310][ T7657] do_syscall_64+0x174/0x580 [ 237.417337][ T7657] ? clear_bhb_loop+0x40/0x90 [ 237.417359][ T7657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.417374][ T7657] RIP: 0033:0x7f489642d68e [ 237.417391][ T7657] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 237.417423][ T7657] RSP: 002b:00007f48946bdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 237.417442][ T7657] RAX: ffffffffffffffda RBX: 00007f48946be6c0 RCX: 00007f489642d68e [ 237.417456][ T7657] RDX: 000000000000000f RSI: 00007f48946be0a0 RDI: 0000000000000005 [ 237.417469][ T7657] RBP: 00007f48946be090 R08: 0000000000000000 R09: 0000000000000000 [ 237.417480][ T7657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 237.417491][ T7657] R13: 00007f48966e6038 R14: 00007f48966e5fa0 R15: 00007ffd231156a8 [ 237.417521][ T7657] [ 237.445374][ T7655] Mount JFS Failure: -22 [ 237.445393][ T7655] jfs_mount failed w/return code = -22 [ 237.785804][ T7664] binder: 7663:7664 ioctl c0306201 0 returned -14 [ 237.855704][ T7669] FAULT_INJECTION: forcing a failure. [ 237.855704][ T7669] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 237.855738][ T7669] CPU: 1 UID: 0 PID: 7669 Comm: syz.0.508 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 237.855760][ T7669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 237.855771][ T7669] Call Trace: [ 237.855778][ T7669] [ 237.855786][ T7669] dump_stack_lvl+0xe8/0x150 [ 237.855814][ T7669] should_fail_ex+0x46b/0x600 [ 237.855847][ T7669] _copy_from_user+0x2d/0xb0 [ 237.855869][ T7669] binder_ioctl_write_read+0x167/0xa490 [ 237.855896][ T7669] ? kernel_text_address+0xa5/0xe0 [ 237.855920][ T7669] ? __kernel_text_address+0xd/0x30 [ 237.855941][ T7669] ? unwind_get_return_address+0x4d/0x90 [ 237.855975][ T7669] ? try_to_take_rt_mutex+0x840/0xb00 [ 237.856011][ T7669] ? __lock_acquire+0x6b5/0x2d10 [ 237.856039][ T7669] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 237.856067][ T7669] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.856103][ T7669] ? do_raw_spin_lock+0x12b/0x2f0 [ 237.856133][ T7669] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 237.856159][ T7669] ? lockdep_hardirqs_on+0x7a/0x110 [ 237.856187][ T7669] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 237.856212][ T7669] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 237.856247][ T7669] ? reacquire_held_locks+0x104/0x190 [ 237.856273][ T7669] ? rt_spin_lock+0x1e0/0x400 [ 237.856295][ T7669] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 237.856334][ T7669] ? rt_spin_unlock+0x14f/0x200 [ 237.856364][ T7669] ? binder_get_thread+0x595/0x6d0 [ 237.856432][ T7669] binder_ioctl+0x426/0x1b10 [ 237.856457][ T7669] ? tomoyo_path_number_perm+0x219/0x630 [ 237.856487][ T7669] ? tomoyo_path_number_perm+0x219/0x630 [ 237.856517][ T7669] ? do_vfs_ioctl+0x117b/0x1540 [ 237.856543][ T7669] ? __pfx_binder_ioctl+0x10/0x10 [ 237.856568][ T7669] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 237.856625][ T7669] ? __fget_files+0x2a/0x420 [ 237.856649][ T7669] ? __fget_files+0x2a/0x420 [ 237.856669][ T7669] ? __fget_files+0x3a6/0x420 [ 237.856689][ T7669] ? __fget_files+0x2a/0x420 [ 237.856713][ T7669] ? bpf_lsm_file_ioctl+0x9/0x20 [ 237.856740][ T7669] ? __pfx_binder_ioctl+0x10/0x10 [ 237.856770][ T7669] __se_sys_ioctl+0xff/0x170 [ 237.856796][ T7669] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.856823][ T7669] do_syscall_64+0x174/0x580 [ 237.856849][ T7669] ? trace_irq_disable+0x3b/0x140 [ 237.856870][ T7669] ? clear_bhb_loop+0x40/0x90 [ 237.856893][ T7669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.856911][ T7669] RIP: 0033:0x7f489646ce59 [ 237.856928][ T7669] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 237.856945][ T7669] RSP: 002b:00007f48946be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 237.856965][ T7669] RAX: ffffffffffffffda RBX: 00007f48966e5fa0 RCX: 00007f489646ce59 [ 237.856979][ T7669] RDX: 0000200000000000 RSI: 00000000c0306201 RDI: 0000000000000003 [ 237.856991][ T7669] RBP: 00007f48946be090 R08: 0000000000000000 R09: 0000000000000000 [ 237.857003][ T7669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 237.857014][ T7669] R13: 00007f48966e6038 R14: 00007f48966e5fa0 R15: 00007ffd231156a8 [ 237.857043][ T7669] [ 237.857310][ T7669] binder: 7667:7669 ioctl c0306201 200000000000 returned -14 [ 238.241037][ T7678] netlink: 12 bytes leftover after parsing attributes in process `syz.0.512'. [ 238.419895][ T32] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 238.571254][ T32] usb 4-1: config 1 has an invalid interface number: 7 but max is 0 [ 238.571282][ T32] usb 4-1: config 1 has no interface number 0 [ 238.571346][ T32] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 8 [ 238.571359][ T32] usb 4-1: config 1 interface 7 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 238.573713][ T32] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 238.573742][ T32] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.573762][ T32] usb 4-1: Product: syz [ 238.573775][ T32] usb 4-1: Manufacturer: syz [ 238.573789][ T32] usb 4-1: SerialNumber: syz [ 238.578449][ T7674] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 238.580095][ T5815] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 238.586361][ T32] usb 4-1: Expected 3 endpoints, found: 2 [ 238.709493][ T5815] usb 5-1: device descriptor read/64, error -71 [ 238.953928][ T5755] usb 4-1: USB disconnect, device number 37 [ 238.959309][ T5815] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 239.102556][ T5815] usb 5-1: device descriptor read/64, error -71 [ 239.211001][ T5815] usb usb5-port1: attempt power cycle [ 239.550191][ T5815] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 239.572358][ T5815] usb 5-1: device descriptor read/8, error -71 [ 239.810243][ T5815] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 239.833285][ T5815] usb 5-1: device descriptor read/8, error -71 [ 239.940580][ T5815] usb usb5-port1: unable to enumerate USB device [ 240.050831][ T7700] FAULT_INJECTION: forcing a failure. [ 240.050831][ T7700] name failslab, interval 1, probability 0, space 0, times 0 [ 240.050864][ T7700] CPU: 1 UID: 0 PID: 7700 Comm: syz.3.519 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 240.050886][ T7700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 240.050897][ T7700] Call Trace: [ 240.050905][ T7700] [ 240.050912][ T7700] dump_stack_lvl+0xe8/0x150 [ 240.050959][ T7700] should_fail_ex+0x46b/0x600 [ 240.050991][ T7700] should_failslab+0xa8/0x100 [ 240.051017][ T7700] kmem_cache_alloc_noprof+0x87/0x680 [ 240.051040][ T7700] ? anon_vma_clone+0x3e5/0x9f0 [ 240.051066][ T7700] anon_vma_clone+0x3e5/0x9f0 [ 240.051094][ T7700] copy_vma+0x6ae/0x9e0 [ 240.051130][ T7700] ? __pfx_copy_vma+0x10/0x10 [ 240.051179][ T7700] ? rcu_is_watching+0x15/0xb0 [ 240.051203][ T7700] ? percpu_counter_add_batch+0xea/0x1d0 [ 240.051233][ T7700] move_vma+0x89a/0x1900 [ 240.051274][ T7700] ? arch_get_unmapped_area_topdown+0x264/0xb70 [ 240.051296][ T7700] ? __pfx_move_vma+0x10/0x10 [ 240.051327][ T7700] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 240.051348][ T7700] ? mtree_load+0x12a/0x780 [ 240.051381][ T7700] ? cap_mmap_addr+0xaf/0x100 [ 240.051407][ T7700] ? bpf_lsm_mmap_addr+0x9/0x50 [ 240.051442][ T7700] mremap_to+0x7b7/0x880 [ 240.051475][ T7700] ? mtree_range_walk+0x6fc/0x8b0 [ 240.051494][ T7700] ? __pfx_mremap_to+0x10/0x10 [ 240.051527][ T7700] ? check_prep_vma+0x7a5/0xbd0 [ 240.051565][ T7700] __se_sys_mremap+0xbaa/0x11e0 [ 240.051615][ T7700] ? __pfx___se_sys_mremap+0x10/0x10 [ 240.051654][ T7700] ? ksys_write+0x248/0x270 [ 240.051681][ T7700] ? __pfx_ksys_write+0x10/0x10 [ 240.051718][ T7700] ? __x64_sys_mremap+0x20/0xc0 [ 240.051744][ T7700] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.051764][ T7700] do_syscall_64+0x174/0x580 [ 240.051789][ T7700] ? trace_irq_disable+0x3b/0x140 [ 240.051810][ T7700] ? clear_bhb_loop+0x40/0x90 [ 240.051833][ T7700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.051851][ T7700] RIP: 0033:0x7ff98e2ace59 [ 240.051868][ T7700] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 240.051883][ T7700] RSP: 002b:00007ff98c4fe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 240.051903][ T7700] RAX: ffffffffffffffda RBX: 00007ff98e525fa0 RCX: 00007ff98e2ace59 [ 240.051915][ T7700] RDX: 0000000000600002 RSI: 0000000000600002 RDI: 0000200000000000 [ 240.051926][ T7700] RBP: 00007ff98c4fe090 R08: 0000200000a00000 R09: 0000000000000000 [ 240.051937][ T7700] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 240.051948][ T7700] R13: 00007ff98e526038 R14: 00007ff98e525fa0 R15: 00007ffc6eb7acf8 [ 240.051978][ T7700] [ 240.466675][ T7704] netlink: 8 bytes leftover after parsing attributes in process `syz.0.521'. [ 240.896975][ T7719] tc_dump_action: action bad kind [ 240.898282][ T7719] netlink: 36 bytes leftover after parsing attributes in process `syz.3.524'. [ 241.019298][ T5756] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 241.170170][ T5756] usb 2-1: Using ep0 maxpacket: 32 [ 241.175326][ T5756] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 241.175355][ T5756] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.175365][ T5756] usb 2-1: Product: syz [ 241.175373][ T5756] usb 2-1: Manufacturer: syz [ 241.175380][ T5756] usb 2-1: SerialNumber: syz [ 241.180498][ T5884] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 241.238976][ T5756] usb 2-1: config 0 descriptor?? [ 241.349533][ T5884] usb 4-1: Using ep0 maxpacket: 32 [ 241.358863][ T5884] usb 4-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01 [ 241.358893][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.409276][ T5884] usb 4-1: config 0 descriptor?? [ 241.444394][ T5884] gspca_main: xirlink-cit-2.14.0 probing 0545:8080 [ 241.521293][ T5884] input: xirlink-cit as /devices/platform/dummy_hcd.3/usb4/4-1/input/input9 [ 241.992372][ T5756] peak_usb 2-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 241.992410][ T5756] peak_usb 2-1:0.0 can0: sending command failure: -22 [ 241.992471][ T5756] peak_usb 2-1:0.0 can0: sending command failure: -22 [ 242.319856][ T5756] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -22 [ 242.423464][ T5756] usb 2-1: USB disconnect, device number 31 [ 243.029391][ T7762] binder: 7760:7762 ioctl c0306201 200000000080 returned -14 [ 243.065369][ T7762] binder: 7760:7762 ioctl 40086200 200000000040 returned -22 [ 243.102618][ T7764] netlink: 'syz.1.534': attribute type 13 has an invalid length. [ 243.102642][ T7764] netlink: 172 bytes leftover after parsing attributes in process `syz.1.534'. [ 244.016767][ T5756] usb 4-1: USB disconnect, device number 38 [ 244.359552][ T5815] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 244.401562][ T7798] netlink: 'syz.3.542': attribute type 46 has an invalid length. [ 244.442616][ T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 244.500223][ T5815] usb 2-1: device descriptor read/64, error -71 [ 244.609659][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 244.618493][ T9] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 244.618521][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.618539][ T9] usb 1-1: Product: syz [ 244.618551][ T9] usb 1-1: Manufacturer: syz [ 244.618564][ T9] usb 1-1: SerialNumber: syz [ 244.627146][ T9] usb 1-1: config 0 descriptor?? [ 244.812547][ T5815] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 244.877427][ T7794] netlink: 132 bytes leftover after parsing attributes in process `syz.0.541'. [ 244.939256][ T5815] usb 2-1: device descriptor read/64, error -71 [ 245.052145][ T5815] usb usb2-port1: attempt power cycle [ 245.401799][ T5815] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 245.423319][ T5815] usb 2-1: device descriptor read/8, error -71 [ 245.661570][ T5815] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 245.681282][ T5815] usb 2-1: device descriptor read/8, error -71 [ 245.729780][ T9] dvb_usb_rtl28xxu 1-1:0.0: chip type detection failed -110 [ 245.729870][ T9] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 245.763363][ T9] usb 1-1: USB disconnect, device number 24 [ 245.798111][ T5815] usb usb2-port1: unable to enumerate USB device [ 246.658071][ T5648] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 247.089294][ T5815] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 247.249890][ T5815] usb 1-1: Using ep0 maxpacket: 16 [ 247.252151][ T5815] usb 1-1: config 166 has an invalid interface number: 177 but max is 1 [ 247.252178][ T5815] usb 1-1: config 166 has an invalid interface number: 34 but max is 1 [ 247.252198][ T5815] usb 1-1: config 166 has no interface number 0 [ 247.252212][ T5815] usb 1-1: config 166 has no interface number 1 [ 247.252270][ T5815] usb 1-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 247.252291][ T5815] usb 1-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 247.252324][ T5815] usb 1-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 247.252347][ T5815] usb 1-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 247.252370][ T5815] usb 1-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 247.252394][ T5815] usb 1-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 247.252417][ T5815] usb 1-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 247.252441][ T5815] usb 1-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0 [ 247.252462][ T5815] usb 1-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 247.252487][ T5815] usb 1-1: config 166 interface 177 has no altsetting 0 [ 247.252504][ T5815] usb 1-1: config 166 interface 34 has no altsetting 0 [ 247.270974][ T5815] usb 1-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12 [ 247.271003][ T5815] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.271021][ T5815] usb 1-1: Product: syz [ 247.271034][ T5815] usb 1-1: Manufacturer: syz [ 247.271047][ T5815] usb 1-1: SerialNumber: syz [ 247.608977][ T7850] netlink: 'syz.3.560': attribute type 17 has an invalid length. [ 247.943580][ T7854] FAULT_INJECTION: forcing a failure. [ 247.943580][ T7854] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 247.943611][ T7854] CPU: 0 UID: 0 PID: 7854 Comm: syz.3.561 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 247.943627][ T7854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 247.943651][ T7854] Call Trace: [ 247.943657][ T7854] [ 247.943664][ T7854] dump_stack_lvl+0xe8/0x150 [ 247.943687][ T7854] should_fail_ex+0x46b/0x600 [ 247.943710][ T7854] _copy_from_iter+0x1d3/0x1670 [ 247.943729][ T7854] ? trace_kmem_cache_alloc+0x29/0xe0 [ 247.943747][ T7854] ? __alloc_skb+0x27d/0x7d0 [ 247.943766][ T7854] ? __pfx__copy_from_iter+0x10/0x10 [ 247.943777][ T7854] ? kmem_cache_alloc_node_noprof+0x27c/0x6e0 [ 247.943792][ T7854] ? __alloc_skb+0x27d/0x7d0 [ 247.943821][ T7854] ? netlink_sendmsg+0x650/0xb40 [ 247.943834][ T7854] ? skb_put+0x11b/0x210 [ 247.943854][ T7854] netlink_sendmsg+0x6c0/0xb40 [ 247.943872][ T7854] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.943885][ T7854] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 247.943905][ T7854] ? aa_sock_msg_perm+0x122/0x200 [ 247.943920][ T7854] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.943932][ T7854] sock_sendmsg_nosec+0x13a/0x180 [ 247.943949][ T7854] ____sys_sendmsg+0x55c/0x870 [ 247.943973][ T7854] ? __pfx_____sys_sendmsg+0x10/0x10 [ 247.943998][ T7854] ? import_iovec+0x73/0xa0 [ 247.944015][ T7854] ___sys_sendmsg+0x2a5/0x360 [ 247.944033][ T7854] ? __lock_acquire+0x6b5/0x2d10 [ 247.944052][ T7854] ? __pfx____sys_sendmsg+0x10/0x10 [ 247.944092][ T7854] ? __fget_files+0x2a/0x420 [ 247.944108][ T7854] ? __fget_files+0x3a6/0x420 [ 247.944128][ T7854] __x64_sys_sendmsg+0x1c3/0x2a0 [ 247.944149][ T7854] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 247.944175][ T7854] ? __pfx_ksys_write+0x10/0x10 [ 247.944199][ T7854] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.944214][ T7854] do_syscall_64+0x174/0x580 [ 247.944234][ T7854] ? trace_irq_disable+0x3b/0x140 [ 247.944248][ T7854] ? clear_bhb_loop+0x40/0x90 [ 247.944264][ T7854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.944277][ T7854] RIP: 0033:0x7ff98e2ace59 [ 247.944290][ T7854] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 247.944303][ T7854] RSP: 002b:00007ff98c4fe028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 247.944320][ T7854] RAX: ffffffffffffffda RBX: 00007ff98e525fa0 RCX: 00007ff98e2ace59 [ 247.944330][ T7854] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004 [ 247.944338][ T7854] RBP: 00007ff98c4fe090 R08: 0000000000000000 R09: 0000000000000000 [ 247.944346][ T7854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 247.944353][ T7854] R13: 00007ff98e526038 R14: 00007ff98e525fa0 R15: 00007ffc6eb7acf8 [ 247.944374][ T7854] [ 248.373527][ T5648] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 248.633247][ T7863] netlink: 8 bytes leftover after parsing attributes in process `syz.3.564'. [ 249.029286][ T5884] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 249.179671][ T5884] usb 4-1: device descriptor read/64, error -71 [ 249.401780][ T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 249.435031][ T5884] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 249.559232][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 249.566084][ T9] usb 5-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 249.566115][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.566135][ T9] usb 5-1: Product: syz [ 249.566150][ T9] usb 5-1: Manufacturer: syz [ 249.566170][ T9] usb 5-1: SerialNumber: syz [ 249.579246][ T5884] usb 4-1: device descriptor read/64, error -71 [ 249.608944][ T9] usb 5-1: config 0 descriptor?? [ 249.699689][ T5884] usb usb4-port1: attempt power cycle [ 250.079261][ T5884] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 250.123231][ T5884] usb 4-1: device descriptor read/8, error -71 [ 250.250659][ T7879] netlink: 'syz.1.571': attribute type 58 has an invalid length. [ 250.262047][ T9] peak_usb 5-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 250.262082][ T9] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 250.262146][ T9] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 250.262673][ T7879] FAULT_INJECTION: forcing a failure. [ 250.262673][ T7879] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 250.262700][ T7879] CPU: 0 UID: 0 PID: 7879 Comm: syz.1.571 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 250.262720][ T7879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 250.262731][ T7879] Call Trace: [ 250.262738][ T7879] [ 250.262746][ T7879] dump_stack_lvl+0xe8/0x150 [ 250.262771][ T7879] should_fail_ex+0x46b/0x600 [ 250.262807][ T7879] _copy_to_user+0x31/0xb0 [ 250.262830][ T7879] simple_read_from_buffer+0xe1/0x170 [ 250.262857][ T7879] proc_fail_nth_read+0x1be/0x230 [ 250.262883][ T7879] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 250.262907][ T7879] ? rw_verify_area+0x2ac/0x4e0 [ 250.262932][ T7879] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 250.262955][ T7879] vfs_read+0x212/0xa80 [ 250.262986][ T7879] ? __pfx_vfs_read+0x10/0x10 [ 250.263013][ T7879] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 250.263050][ T7879] ? lockdep_hardirqs_on+0x7a/0x110 [ 250.263076][ T7879] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 250.263102][ T7879] ? mutex_lock_nested+0x152/0x1d0 [ 250.263123][ T7879] ? fdget_pos+0x252/0x320 [ 250.263152][ T7879] ksys_read+0x156/0x270 [ 250.263178][ T7879] ? __pfx_ksys_read+0x10/0x10 [ 250.263211][ T7879] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.263231][ T7879] do_syscall_64+0x174/0x580 [ 250.263259][ T7879] ? clear_bhb_loop+0x40/0x90 [ 250.263282][ T7879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.263300][ T7879] RIP: 0033:0x7f5c0082d68e [ 250.263316][ T7879] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 250.263333][ T7879] RSP: 002b:00007f5bfeabdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 250.263352][ T7879] RAX: ffffffffffffffda RBX: 00007f5bfeabe6c0 RCX: 00007f5c0082d68e [ 250.263364][ T7879] RDX: 000000000000000f RSI: 00007f5bfeabe0a0 RDI: 0000000000000004 [ 250.263375][ T7879] RBP: 00007f5bfeabe090 R08: 0000000000000000 R09: 0000000000000000 [ 250.263386][ T7879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.263396][ T7879] R13: 00007f5c00ae6038 R14: 00007f5c00ae5fa0 R15: 00007ffc090fa408 [ 250.263424][ T7879] [ 250.499315][ T5884] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 250.550087][ T5884] usb 4-1: device descriptor read/8, error -71 [ 250.661996][ T5884] usb usb4-port1: unable to enumerate USB device [ 250.746195][ T5648] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 250.791365][ T9] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -22 [ 250.827772][ T9] usb 5-1: USB disconnect, device number 16 [ 251.175450][ T7887] FAULT_INJECTION: forcing a failure. [ 251.175450][ T7887] name failslab, interval 1, probability 0, space 0, times 0 [ 251.175483][ T7887] CPU: 0 UID: 0 PID: 7887 Comm: syz.4.575 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 251.175505][ T7887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 251.175515][ T7887] Call Trace: [ 251.175523][ T7887] [ 251.175530][ T7887] dump_stack_lvl+0xe8/0x150 [ 251.175559][ T7887] should_fail_ex+0x46b/0x600 [ 251.175593][ T7887] should_failslab+0xa8/0x100 [ 251.175619][ T7887] __kmalloc_cache_noprof+0x84/0x690 [ 251.175642][ T7887] ? sctp_add_bind_addr+0x8c/0x370 [ 251.175672][ T7887] sctp_add_bind_addr+0x8c/0x370 [ 251.175700][ T7887] sctp_copy_local_addr_list+0x314/0x4f0 [ 251.175728][ T7887] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 251.175753][ T7887] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 251.175779][ T7887] ? sctp_v6_is_any+0x64/0x80 [ 251.175806][ T7887] ? sctp_copy_one_addr+0x93/0x360 [ 251.175834][ T7887] sctp_bind_addr_copy+0xb3/0x3c0 [ 251.175859][ T7887] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 251.175894][ T7887] sctp_connect_new_asoc+0x2ff/0x6b0 [ 251.175915][ T7887] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 251.175937][ T7887] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 251.175964][ T7887] ? lockdep_hardirqs_on+0x7a/0x110 [ 251.175993][ T7887] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 251.176018][ T7887] ? security_sctp_bind_connect+0x7e/0x2c0 [ 251.176048][ T7887] sctp_sendmsg+0x14f2/0x29b0 [ 251.176090][ T7887] ? __pfx_sctp_sendmsg+0x10/0x10 [ 251.176125][ T7887] ? aa_sk_perm+0x703/0x950 [ 251.176149][ T7887] ? __pfx_aa_sk_perm+0x10/0x10 [ 251.176164][ T7887] ? sock_rps_record_flow+0x19/0x350 [ 251.176190][ T7887] ? inet_sendmsg+0x2f4/0x370 [ 251.176215][ T7887] ? __pfx_inet_sendmsg+0x10/0x10 [ 251.176236][ T7887] sock_sendmsg_nosec+0x10e/0x180 [ 251.176260][ T7887] ____sys_sendmsg+0x55c/0x870 [ 251.176293][ T7887] ? __pfx_____sys_sendmsg+0x10/0x10 [ 251.176329][ T7887] ? import_iovec+0x73/0xa0 [ 251.176353][ T7887] ___sys_sendmsg+0x2a5/0x360 [ 251.176380][ T7887] ? __lock_acquire+0x6b5/0x2d10 [ 251.176407][ T7887] ? __pfx____sys_sendmsg+0x10/0x10 [ 251.176477][ T7887] ? __fget_files+0x2a/0x420 [ 251.176498][ T7887] ? __fget_files+0x3a6/0x420 [ 251.176525][ T7887] __x64_sys_sendmsg+0x1c3/0x2a0 [ 251.176555][ T7887] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 251.176605][ T7887] ? __pfx_ksys_write+0x10/0x10 [ 251.176639][ T7887] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.176659][ T7887] do_syscall_64+0x174/0x580 [ 251.176685][ T7887] ? trace_irq_disable+0x3b/0x140 [ 251.176707][ T7887] ? clear_bhb_loop+0x40/0x90 [ 251.176730][ T7887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.176748][ T7887] RIP: 0033:0x7f135651ce59 [ 251.176766][ T7887] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 251.176781][ T7887] RSP: 002b:00007f1354776028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 251.176801][ T7887] RAX: ffffffffffffffda RBX: 00007f1356795fa0 RCX: 00007f135651ce59 [ 251.176814][ T7887] RDX: 0000000000040040 RSI: 00002000000003c0 RDI: 0000000000000003 [ 251.176826][ T7887] RBP: 00007f1354776090 R08: 0000000000000000 R09: 0000000000000000 [ 251.176838][ T7887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.176850][ T7887] R13: 00007f1356796038 R14: 00007f1356795fa0 R15: 00007ffd44badda8 [ 251.176880][ T7887] [ 251.665288][ T7889] netlink: 'syz.0.576': attribute type 46 has an invalid length. [ 252.381498][ T7910] netlink: 'syz.1.586': attribute type 46 has an invalid length. [ 252.404232][ T5815] ums-realtek 1-1:166.177: USB Mass Storage device detected [ 252.563694][ T5815] ums-realtek 1-1:166.34: USB Mass Storage device detected [ 252.622444][ T7919] FAULT_INJECTION: forcing a failure. [ 252.622444][ T7919] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 252.630075][ T7919] CPU: 0 UID: 0 PID: 7919 Comm: syz.1.587 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 252.630104][ T7919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 252.630115][ T7919] Call Trace: [ 252.630123][ T7919] [ 252.630131][ T7919] dump_stack_lvl+0xe8/0x150 [ 252.630160][ T7919] should_fail_ex+0x46b/0x600 [ 252.630193][ T7919] _copy_to_iter+0x589/0x17d0 [ 252.630223][ T7919] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 252.630247][ T7919] ? __pfx__copy_to_iter+0x10/0x10 [ 252.630262][ T7919] ? rt_spin_lock+0x1e0/0x400 [ 252.630282][ T7919] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 252.630313][ T7919] __skb_datagram_iter+0xf8/0x980 [ 252.630342][ T7919] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 252.630369][ T7919] skb_copy_datagram_iter+0xb5/0x240 [ 252.630392][ T7919] netlink_recvmsg+0x2c3/0xa50 [ 252.630419][ T7919] ? __pfx_netlink_recvmsg+0x10/0x10 [ 252.630439][ T7919] ? __pfx_aa_sk_perm+0x10/0x10 [ 252.630463][ T7919] ? aa_sock_msg_perm+0x122/0x200 [ 252.630482][ T7919] ? __pfx_netlink_recvmsg+0x10/0x10 [ 252.630501][ T7919] sock_recvmsg_nosec+0x130/0x170 [ 252.630527][ T7919] ____sys_recvmsg+0x23d/0x4f0 [ 252.630553][ T7919] ? __pfx_____sys_recvmsg+0x10/0x10 [ 252.630585][ T7919] ? import_iovec+0x73/0xa0 [ 252.630608][ T7919] ___sys_recvmsg+0x215/0x590 [ 252.630631][ T7919] ? __pfx____sys_recvmsg+0x10/0x10 [ 252.630654][ T7919] ? __fget_files+0x2a/0x420 [ 252.630691][ T7919] ? __fget_files+0x3a6/0x420 [ 252.630719][ T7919] do_recvmmsg+0x33a/0x800 [ 252.630744][ T7919] ? __pfx_do_recvmmsg+0x10/0x10 [ 252.630774][ T7919] ? _copy_from_user+0x94/0xb0 [ 252.630807][ T7919] __x64_sys_recvmmsg+0x1b7/0x250 [ 252.630826][ T7919] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 252.630850][ T7919] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.630872][ T7919] do_syscall_64+0x174/0x580 [ 252.630895][ T7919] ? trace_irq_disable+0x3b/0x140 [ 252.630914][ T7919] ? clear_bhb_loop+0x40/0x90 [ 252.630936][ T7919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.630952][ T7919] RIP: 0033:0x7f5c0086ce59 [ 252.630969][ T7919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 252.630985][ T7919] RSP: 002b:00007f5bfeabe028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 252.631006][ T7919] RAX: ffffffffffffffda RBX: 00007f5c00ae5fa0 RCX: 00007f5c0086ce59 [ 252.631019][ T7919] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 252.631031][ T7919] RBP: 00007f5bfeabe090 R08: 0000200000003700 R09: 0000000000000000 [ 252.631044][ T7919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.631055][ T7919] R13: 00007f5c00ae6038 R14: 00007f5c00ae5fa0 R15: 00007ffc090fa408 [ 252.631089][ T7919] [ 252.652809][ T7921] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 252.653431][ T7921] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 253.029621][ T5815] ums-realtek 1-1:166.34: probe with driver ums-realtek failed with error -5 [ 253.122129][ T5815] uvcvideo 1-1:166.34: Found UVC 0.00 device syz (0bda:0138) [ 253.122152][ T5815] uvcvideo 1-1:166.34: No valid video chain found. [ 253.325054][ T7932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.325579][ T7932] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 253.459794][ T5815] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 253.589211][ T5815] usb 5-1: device descriptor read/64, error -71 [ 253.799764][ T5756] usb 1-1: USB disconnect, device number 25 [ 253.812652][ T7938] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 253.831005][ T5815] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 253.928383][ T7940] pic_ioport_write: 2 callbacks suppressed [ 253.928402][ T7940] kvm: pic: level sensitive irq not supported [ 253.928458][ T7940] picdev_read: 2 callbacks suppressed [ 253.928466][ T7940] kvm: pic: non byte read [ 253.935208][ T7940] kvm: pic: level sensitive irq not supported [ 253.935269][ T7940] kvm: pic: non byte read [ 253.936625][ T7940] kvm: pic: level sensitive irq not supported [ 253.936939][ T7940] kvm: pic: non byte read [ 253.937361][ T7940] kvm: pic: level sensitive irq not supported [ 253.937415][ T7940] kvm: pic: non byte read [ 253.938055][ T7940] kvm: pic: level sensitive irq not supported [ 253.938380][ T7940] kvm: pic: non byte read [ 253.938782][ T7940] kvm: pic: level sensitive irq not supported [ 253.938834][ T7940] kvm: pic: non byte read [ 253.940654][ T7940] kvm: pic: level sensitive irq not supported [ 253.941189][ T7940] kvm: pic: non byte read [ 253.941837][ T7940] kvm: pic: level sensitive irq not supported [ 253.942161][ T7940] kvm: pic: non byte read [ 253.942602][ T7940] kvm: pic: level sensitive irq not supported [ 253.942656][ T7940] kvm: pic: non byte read [ 253.943379][ T7940] kvm: pic: level sensitive irq not supported [ 253.943431][ T7940] kvm: pic: non byte read [ 253.979357][ T5815] usb 5-1: device descriptor read/64, error -71 [ 254.092249][ T5815] usb usb5-port1: attempt power cycle [ 254.451697][ T5815] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 254.470848][ T5815] usb 5-1: device descriptor read/8, error -71 [ 254.517898][ T7949] FAULT_INJECTION: forcing a failure. [ 254.517898][ T7949] name failslab, interval 1, probability 0, space 0, times 0 [ 254.518025][ T7949] CPU: 1 UID: 0 PID: 7949 Comm: syz.0.600 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 254.518049][ T7949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 254.518059][ T7949] Call Trace: [ 254.518066][ T7949] [ 254.518074][ T7949] dump_stack_lvl+0xe8/0x150 [ 254.518100][ T7949] should_fail_ex+0x46b/0x600 [ 254.518133][ T7949] should_failslab+0xa8/0x100 [ 254.518159][ T7949] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 254.518180][ T7949] ? __alloc_skb+0x1d0/0x7d0 [ 254.518203][ T7949] ? lockdep_hardirqs_on+0x7a/0x110 [ 254.518235][ T7949] __alloc_skb+0x1d0/0x7d0 [ 254.518265][ T7949] netlink_dump+0x1d8/0xe10 [ 254.518303][ T7949] ? __pfx_netlink_dump+0x10/0x10 [ 254.518342][ T7949] ? genl_start+0x499/0x6c0 [ 254.518372][ T7949] __netlink_dump_start+0x5cb/0x7e0 [ 254.518407][ T7949] genl_family_rcv_msg_dumpit+0x213/0x310 [ 254.518442][ T7949] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 254.518464][ T7949] ? genl_get_cmd+0x6cb/0x960 [ 254.518490][ T7949] ? __pfx_genl_start+0x10/0x10 [ 254.518510][ T7949] ? __pfx_genl_dumpit+0x10/0x10 [ 254.518530][ T7949] ? __pfx_genl_done+0x10/0x10 [ 254.518554][ T7949] ? lockdep_hardirqs_on+0x7a/0x110 [ 254.518580][ T7949] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 254.518613][ T7949] genl_rcv_msg+0x5e8/0x7a0 [ 254.518642][ T7949] ? __pfx_genl_rcv_msg+0x10/0x10 [ 254.518661][ T7949] ? ref_tracker_free+0x673/0x820 [ 254.518694][ T7949] ? __pfx_nl802154_dump_wpan_phy+0x10/0x10 [ 254.518720][ T7949] ? __pfx_nl802154_dump_wpan_phy_done+0x10/0x10 [ 254.518747][ T7949] ? ____sys_sendmsg+0x55c/0x870 [ 254.518772][ T7949] ? ___sys_sendmsg+0x2a5/0x360 [ 254.518809][ T7949] netlink_rcv_skb+0x232/0x4b0 [ 254.518835][ T7949] ? __pfx_genl_rcv_msg+0x10/0x10 [ 254.518860][ T7949] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 254.518908][ T7949] genl_rcv+0x28/0x40 [ 254.518929][ T7949] netlink_unicast+0x780/0x920 [ 254.518965][ T7949] netlink_sendmsg+0x813/0xb40 [ 254.518992][ T7949] ? __pfx_netlink_sendmsg+0x10/0x10 [ 254.519013][ T7949] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 254.519041][ T7949] ? aa_sock_msg_perm+0x122/0x200 [ 254.519062][ T7949] ? __pfx_netlink_sendmsg+0x10/0x10 [ 254.519076][ T7949] sock_sendmsg_nosec+0x13a/0x180 [ 254.519099][ T7949] ____sys_sendmsg+0x55c/0x870 [ 254.519129][ T7949] ? __pfx_____sys_sendmsg+0x10/0x10 [ 254.519164][ T7949] ? import_iovec+0x73/0xa0 [ 254.519188][ T7949] ___sys_sendmsg+0x2a5/0x360 [ 254.519213][ T7949] ? __lock_acquire+0x6b5/0x2d10 [ 254.519239][ T7949] ? __pfx____sys_sendmsg+0x10/0x10 [ 254.519299][ T7949] ? __fget_files+0x2a/0x420 [ 254.519321][ T7949] ? __fget_files+0x3a6/0x420 [ 254.519351][ T7949] __x64_sys_sendmsg+0x1c3/0x2a0 [ 254.519382][ T7949] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 254.519420][ T7949] ? __pfx_ksys_write+0x10/0x10 [ 254.519455][ T7949] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.519476][ T7949] do_syscall_64+0x174/0x580 [ 254.519502][ T7949] ? trace_irq_disable+0x3b/0x140 [ 254.519523][ T7949] ? clear_bhb_loop+0x40/0x90 [ 254.519546][ T7949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.519564][ T7949] RIP: 0033:0x7f489646ce59 [ 254.519582][ T7949] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 254.519598][ T7949] RSP: 002b:00007f48946be028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 254.519618][ T7949] RAX: ffffffffffffffda RBX: 00007f48966e5fa0 RCX: 00007f489646ce59 [ 254.519632][ T7949] RDX: 0000000004004000 RSI: 0000200000000100 RDI: 0000000000000003 [ 254.519644][ T7949] RBP: 00007f48946be090 R08: 0000000000000000 R09: 0000000000000000 [ 254.519656][ T7949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.519667][ T7949] R13: 00007f48966e6038 R14: 00007f48966e5fa0 R15: 00007ffd231156a8 [ 254.519703][ T7949] [ 254.763916][ T5815] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 254.817132][ T5815] usb 5-1: device descriptor read/8, error -71 [ 254.919543][ T5815] usb usb5-port1: unable to enumerate USB device [ 255.091587][ T38] audit: type=1326 audit(1780513940.026:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7952 comm="syz.3.603" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff98e2ace59 code=0x0 [ 255.157848][ T7957] netlink: 'syz.1.604': attribute type 46 has an invalid length. [ 255.489259][ T5756] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 255.492311][ T7963] mmap: syz.0.606 (7963) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 255.522205][ T7963] C: renamed from veth1_to_team (while UP) [ 255.561576][ T7963] netlink: 'syz.0.606': attribute type 3 has an invalid length. [ 255.561592][ T7963] netlink: 128 bytes leftover after parsing attributes in process `syz.0.606'. [ 255.639381][ T5756] usb 2-1: Using ep0 maxpacket: 8 [ 255.641808][ T5756] usb 2-1: unable to get BOS descriptor or descriptor too short [ 255.654688][ T5756] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 255.654742][ T5756] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 255.654769][ T5756] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 255.654791][ T5756] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024 [ 255.654816][ T5756] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 255.654839][ T5756] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 255.654860][ T5756] usb 2-1: config 0 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 255.668463][ T5756] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 255.669968][ T5756] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.669996][ T5756] usb 2-1: Product: syz [ 255.670011][ T5756] usb 2-1: Manufacturer: syz [ 255.670025][ T5756] usb 2-1: SerialNumber: syz [ 255.790673][ T5756] usb 2-1: config 0 descriptor?? [ 255.792147][ T7961] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 255.820395][ T5756] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 255.942724][ T5756] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 256.042886][ T5658] udevd[5658]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 256.043210][ T5884] usb 2-1: USB disconnect, device number 36 [ 256.347630][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.347725][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.805200][ T7986] faux_driver vkms: [drm] Unknown color mode 9; guessing buffer size. [ 257.159193][ T5884] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 257.319230][ T5884] usb 2-1: Using ep0 maxpacket: 32 [ 257.323649][ T5884] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 257.323678][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.323697][ T5884] usb 2-1: Product: syz [ 257.323710][ T5884] usb 2-1: Manufacturer: syz [ 257.323720][ T5884] usb 2-1: SerialNumber: syz [ 257.335588][ T5884] usb 2-1: config 0 descriptor?? [ 257.901512][ T8008] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 257.952010][ T5884] peak_usb 2-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 257.952043][ T5884] peak_usb 2-1:0.0 can0: sending command failure: -22 [ 257.952111][ T5884] peak_usb 2-1:0.0 can0: sending command failure: -22 [ 258.336406][ T8022] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 258.343462][ T5884] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -22 [ 258.363242][ T8022] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 258.385666][ T5884] usb 2-1: USB disconnect, device number 37 [ 258.859289][ T5756] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 259.019796][ T5756] usb 5-1: Using ep0 maxpacket: 16 [ 259.032042][ T5756] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 167, changing to 7 [ 259.036296][ T5756] usb 5-1: New USB device found, idVendor=1235, idProduct=8004, bcdDevice= 0.40 [ 259.036324][ T5756] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.036343][ T5756] usb 5-1: Product: syz [ 259.036356][ T5756] usb 5-1: Manufacturer: syz [ 259.036369][ T5756] usb 5-1: SerialNumber: syz [ 259.257444][ T5648] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 259.315319][ T5756] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 259.322038][ T5756] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 259.373978][ T8040] syzkaller1: entered promiscuous mode [ 259.374003][ T8040] syzkaller1: entered allmulticast mode [ 259.505523][ T5756] usb 5-1: USB disconnect, device number 21 [ 259.662179][ T5888] udevd[5888]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 259.779402][ T5884] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 259.902390][ T8053] fuse: Bad value for 'fd' [ 259.959444][ T5884] usb 1-1: Using ep0 maxpacket: 32 [ 259.976187][ T5884] usb 1-1: New USB device found, idVendor=2a39, idProduct=3fd3, bcdDevice= 0.40 [ 259.976216][ T5884] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.976234][ T5884] usb 1-1: Product: syz [ 259.976248][ T5884] usb 1-1: Manufacturer: syz [ 259.976261][ T5884] usb 1-1: SerialNumber: syz [ 260.339127][ T8048] netlink: 8 bytes leftover after parsing attributes in process `syz.0.639'. [ 260.443204][ T5648] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 260.519284][ T5815] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 260.669405][ T5815] usb 4-1: Using ep0 maxpacket: 32 [ 260.688572][ T5815] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 260.688600][ T5815] usb 4-1: config 0 has no interface number 0 [ 260.688645][ T5815] usb 4-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 260.688667][ T5815] usb 4-1: config 0 interface 89 has no altsetting 0 [ 260.725198][ T5815] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 260.725227][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.725244][ T5815] usb 4-1: Product: syz [ 260.725257][ T5815] usb 4-1: Manufacturer: syz [ 260.725270][ T5815] usb 4-1: SerialNumber: syz [ 260.769277][ T5815] usb 4-1: config 0 descriptor?? [ 260.784541][ T5815] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 260.784572][ T5815] em28xx 4-1:0.89: Video interface 89 found: [ 261.204216][ T8079] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 261.375746][ T5815] em28xx 4-1:0.89: unknown em28xx chip ID (0) [ 261.719266][ T32] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 261.929248][ T32] usb 2-1: Using ep0 maxpacket: 16 [ 261.933277][ T32] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 261.933329][ T32] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 261.933566][ T32] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 261.933590][ T32] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 261.933612][ T32] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 261.933629][ T32] usb 2-1: config 1 interface 0 has no altsetting 0 [ 261.933656][ T32] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 261.933893][ T32] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.989648][ T32] ums-sddr09 2-1:1.0: USB Mass Storage device detected [ 262.186004][ T8082] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000..2150000) [ 262.203606][ T32] scsi host1: usb-storage 2-1:1.0 [ 262.498709][ T5884] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 262.499047][ T32] usb 2-1: USB disconnect, device number 38 [ 262.500996][ T5884] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 262.610517][ T5815] em28xx 4-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 262.610547][ T5815] em28xx 4-1:0.89: board has no eeprom [ 262.669271][ T5815] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67) [ 262.669300][ T5815] em28xx 4-1:0.89: analog set to bulk mode. [ 262.699361][ T5756] em28xx 4-1:0.89: Registering V4L2 extension [ 262.705126][ T5815] usb 4-1: USB disconnect, device number 43 [ 262.717332][ T5815] em28xx 4-1:0.89: Disconnecting em28xx [ 262.736993][ T5884] usb 1-1: USB disconnect, device number 26 [ 262.827375][ T5888] udevd[5888]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 262.951963][ T5756] em28xx 4-1:0.89: Config register raw data: 0xffffffed [ 262.951988][ T5756] em28xx 4-1:0.89: AC97 chip type couldn't be determined [ 262.952001][ T5756] em28xx 4-1:0.89: No AC97 audio processor [ 262.961510][ T5756] usb 4-1: Decoder not found [ 262.961528][ T5756] em28xx 4-1:0.89: failed to create media graph [ 262.961556][ T5756] em28xx 4-1:0.89: V4L2 device video103 deregistered [ 263.180700][ T8104] netlink: 88 bytes leftover after parsing attributes in process `syz.3.660'. [ 263.322860][ T5756] em28xx 4-1:0.89: Registering snapshot button... [ 263.356333][ T5756] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input10 [ 263.412743][ T5756] em28xx 4-1:0.89: Remote control support is not available for this card. [ 263.413901][ T5815] em28xx 4-1:0.89: Closing input extension [ 263.413926][ T5815] em28xx 4-1:0.89: Deregistering snapshot button [ 263.489254][ T823] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 263.628471][ T5815] em28xx 4-1:0.89: Freeing device [ 263.639224][ T823] usb 1-1: Using ep0 maxpacket: 32 [ 263.648348][ T823] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 263.648378][ T823] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.648399][ T823] usb 1-1: Product: syz [ 263.648413][ T823] usb 1-1: Manufacturer: syz [ 263.648435][ T823] usb 1-1: SerialNumber: syz [ 263.672920][ T823] usb 1-1: config 0 descriptor?? [ 263.779677][ T10] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 263.939188][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 263.946228][ T10] usb 5-1: New USB device found, idVendor=2a39, idProduct=3fd3, bcdDevice= 0.40 [ 263.946259][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.946278][ T10] usb 5-1: Product: syz [ 263.946293][ T10] usb 5-1: Manufacturer: syz [ 263.946306][ T10] usb 5-1: SerialNumber: syz [ 264.099965][ T823] airspy 1-1:0.0: Board ID: 00 [ 264.099987][ T823] airspy 1-1:0.0: Firmware version: [ 264.316150][ T8121] netlink: 8 bytes leftover after parsing attributes in process `syz.4.661'. [ 264.501409][ T823] airspy 1-1:0.0: usb_control_msg() failed -32 request 0e [ 264.522357][ T823] airspy 1-1:0.0: Registered as swradio24 [ 264.522381][ T823] airspy 1-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 264.611433][ T5815] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 264.759276][ T5815] usb 4-1: Using ep0 maxpacket: 8 [ 264.761256][ T5815] usb 4-1: config 112 has an invalid interface number: 181 but max is 3 [ 264.761285][ T5815] usb 4-1: config 112 has an invalid interface number: 28 but max is 3 [ 264.761305][ T5815] usb 4-1: config 112 contains an unexpected descriptor of type 0x2, skipping [ 264.761323][ T5815] usb 4-1: config 112 has an invalid interface number: 45 but max is 3 [ 264.761343][ T5815] usb 4-1: config 112 has an invalid interface number: 55 but max is 3 [ 264.761361][ T5815] usb 4-1: config 112 contains an unexpected descriptor of type 0x1, skipping [ 264.761379][ T5815] usb 4-1: config 112 has no interface number 0 [ 264.761394][ T5815] usb 4-1: config 112 has no interface number 1 [ 264.761409][ T5815] usb 4-1: config 112 has no interface number 2 [ 264.761422][ T5815] usb 4-1: config 112 has no interface number 3 [ 264.761510][ T5815] usb 4-1: config 112 interface 28 altsetting 8 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 264.761537][ T5815] usb 4-1: config 112 interface 28 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 264.761556][ T5815] usb 4-1: config 112 interface 28 altsetting 8 endpoint 0x3 has an invalid bInterval 248, changing to 11 [ 264.761570][ T5815] usb 4-1: config 112 interface 28 altsetting 8 endpoint 0x1 has invalid maxpacket 1007, setting to 64 [ 264.761600][ T5815] usb 4-1: config 112 interface 45 altsetting 5 has a duplicate endpoint with address 0xD, skipping [ 264.761622][ T5815] usb 4-1: config 112 interface 45 altsetting 5 has an endpoint descriptor with address 0x34, changing to 0x4 [ 264.761645][ T5815] usb 4-1: config 112 interface 45 altsetting 5 has a duplicate endpoint with address 0x4, skipping [ 264.761667][ T5815] usb 4-1: config 112 interface 45 altsetting 5 has a duplicate endpoint with address 0xC, skipping [ 264.761691][ T5815] usb 4-1: config 112 interface 45 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 264.761712][ T5815] usb 4-1: config 112 interface 45 altsetting 5 has a duplicate endpoint with address 0xD, skipping [ 264.761727][ T5815] usb 4-1: config 112 interface 45 altsetting 5 has a duplicate endpoint with address 0x3, skipping [ 264.761746][ T5815] usb 4-1: config 112 interface 55 altsetting 127 has a duplicate endpoint with address 0x7, skipping [ 264.761757][ T5815] usb 4-1: config 112 interface 55 altsetting 127 has a duplicate endpoint with address 0xD, skipping [ 264.761771][ T5815] usb 4-1: config 112 interface 55 altsetting 127 has a duplicate endpoint with address 0x7, skipping [ 264.761790][ T5815] usb 4-1: config 112 interface 55 altsetting 127 has a duplicate endpoint with address 0xD, skipping [ 264.761811][ T5815] usb 4-1: config 112 interface 55 altsetting 127 has a duplicate endpoint with address 0x6, skipping [ 264.761834][ T5815] usb 4-1: config 112 interface 55 altsetting 127 has an invalid descriptor for endpoint zero, skipping [ 264.761854][ T5815] usb 4-1: config 112 interface 55 altsetting 127 has a duplicate endpoint with address 0x4, skipping [ 264.761877][ T5815] usb 4-1: config 112 interface 55 altsetting 127 has an endpoint descriptor with address 0xB1, changing to 0x81 [ 264.761898][ T5815] usb 4-1: config 112 interface 55 altsetting 127 has a duplicate endpoint with address 0x81, skipping [ 264.761909][ T5815] usb 4-1: config 112 interface 55 altsetting 127 has an invalid descriptor for endpoint zero, skipping [ 264.761923][ T5815] usb 4-1: config 112 interface 55 altsetting 127 has a duplicate endpoint with address 0x9, skipping [ 264.761954][ T5815] usb 4-1: config 112 interface 181 has no altsetting 0 [ 264.761971][ T5815] usb 4-1: config 112 interface 28 has no altsetting 0 [ 264.761987][ T5815] usb 4-1: config 112 interface 45 has no altsetting 0 [ 264.762002][ T5815] usb 4-1: config 112 interface 55 has no altsetting 0 [ 264.765246][ T5815] usb 4-1: New USB device found, idVendor=0403, idProduct=f449, bcdDevice=2c.44 [ 264.765282][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.765307][ T5815] usb 4-1: Product: ఉ [ 264.765321][ T5815] usb 4-1: Manufacturer: 鼁ꇱꊒ了퐌쁎뿒ퟓ咚璵뚷膞⑺ꨧ貧굀 [ 264.765338][ T5815] usb 4-1: SerialNumber: х [ 264.839305][ T823] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 264.992835][ T823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 264.993078][ T823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 264.993117][ T823] usb 2-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 264.993140][ T823] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.025145][ T823] usb 2-1: config 0 descriptor?? [ 265.327379][ T5815] ftdi_sio 4-1:112.181: FTDI USB Serial Device converter detected [ 265.405224][ T5815] ftdi_sio ttyUSB0: unknown device type: 0x2c44 [ 265.446353][ T5815] ftdi_sio 4-1:112.28: FTDI USB Serial Device converter detected [ 265.448743][ T5815] ftdi_sio ttyUSB1: unknown device type: 0x2c44 [ 265.495280][ T5815] ftdi_sio 4-1:112.45: FTDI USB Serial Device converter detected [ 265.497787][ T5815] ftdi_sio ttyUSB2: unknown device type: 0x2c44 [ 265.582065][ T8127] netlink: 'syz.1.667': attribute type 4 has an invalid length. [ 265.598670][ T5815] ftdi_sio 4-1:112.55: FTDI USB Serial Device converter detected [ 265.669990][ T5815] ftdi_sio ttyUSB3: unknown device type: 0x2c44 [ 265.745708][ T5815] usb 4-1: USB disconnect, device number 44 [ 265.837347][ T5815] ftdi_sio 4-1:112.181: device disconnected [ 266.033800][ T5815] ftdi_sio 4-1:112.28: device disconnected [ 266.054390][ T5815] ftdi_sio 4-1:112.45: device disconnected [ 266.073813][ T5815] ftdi_sio 4-1:112.55: device disconnected [ 266.138011][ T823] hkems 0003:2006:0118.0008: hidraw0: USB HID v0.00 Device [HID 2006:0118] on usb-dummy_hcd.1-1/input0 [ 266.138630][ T823] hkems 0003:2006:0118.0008: no inputs found [ 266.138646][ T823] hkems 0003:2006:0118.0008: force feedback init failed [ 266.297451][ T5815] usb 1-1: USB disconnect, device number 27 [ 266.541498][ T8138] netlink: 72 bytes leftover after parsing attributes in process `syz.0.670'. [ 266.553409][ T10] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 266.566823][ T823] usb 2-1: USB disconnect, device number 39 [ 266.567815][ T10] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 267.004499][ T8145] netlink: 20 bytes leftover after parsing attributes in process `syz.0.672'. [ 267.111120][ T10] usb 5-1: USB disconnect, device number 22 [ 267.749255][ T10] usb 5-1: new low-speed USB device number 23 using dummy_hcd [ 267.913834][ T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 267.913888][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 267.913913][ T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 267.913940][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 267.913966][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 267.915497][ T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 267.915637][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 267.915665][ T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 267.915691][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 267.915716][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 267.917109][ T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 267.917158][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 267.917185][ T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 267.917210][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 267.917236][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 267.949257][ T823] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 267.987495][ T10] usb 5-1: string descriptor 0 read error: -22 [ 267.987598][ T10] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 267.987611][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.099346][ T823] usb 1-1: Using ep0 maxpacket: 32 [ 268.109216][ T823] usb 1-1: New USB device found, idVendor=2a39, idProduct=3fd3, bcdDevice= 0.40 [ 268.109245][ T823] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.109264][ T823] usb 1-1: Product: syz [ 268.109277][ T823] usb 1-1: Manufacturer: syz [ 268.109291][ T823] usb 1-1: SerialNumber: syz [ 268.278974][ T10] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 268.429280][ T5815] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 268.548165][ T8179] netlink: 8 bytes leftover after parsing attributes in process `syz.0.679'. [ 268.629418][ T5815] usb 2-1: Using ep0 maxpacket: 32 [ 268.632822][ T5815] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 268.632848][ T5815] usb 2-1: config 0 has no interface number 0 [ 268.632883][ T5815] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 268.632948][ T5815] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 268.635786][ T5815] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 268.635814][ T5815] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.635831][ T5815] usb 2-1: Product: syz [ 268.635974][ T5815] usb 2-1: Manufacturer: syz [ 268.635988][ T5815] usb 2-1: SerialNumber: syz [ 268.655364][ T5815] usb 2-1: config 0 descriptor?? [ 268.677267][ T10] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 268.729654][ T5756] usb 5-1: USB disconnect, device number 23 [ 268.859038][ T5815] radio-si470x 2-1:0.35: this is not a si470x device. [ 268.890622][ T5815] radio-raremono 2-1:0.35: this is not Thanko's Raremono. [ 268.901821][ T5815] usb 2-1: USB disconnect, device number 40 [ 268.917394][ T10] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 268.917424][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.973569][ T10] usb 4-1: config 0 descriptor?? [ 269.010181][ T10] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 269.406739][ T10] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 269.821066][ T10] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0) [ 269.928927][ T8197] netlink: 57 bytes leftover after parsing attributes in process `syz.1.687'. [ 270.096451][ T8203] netlink: 'syz.3.682': attribute type 1 has an invalid length. [ 270.096475][ T8203] netlink: 224 bytes leftover after parsing attributes in process `syz.3.682'. [ 270.096510][ T8203] NCSI netlink: No device for ifindex 0 [ 270.295331][ T10] usb 4-1: USB disconnect, device number 45 [ 270.596801][ T823] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 270.597899][ T823] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 270.786884][ T8213] vxfs: WRONG superblock magic 00000000 at 1 [ 270.787447][ T8213] vxfs: WRONG superblock magic 00000000 at 8 [ 270.787467][ T8213] vxfs: can't find superblock. [ 270.895173][ T823] usb 1-1: USB disconnect, device number 28 [ 271.134852][ T5888] udevd[5888]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 271.292838][ T8232] FAULT_INJECTION: forcing a failure. [ 271.292838][ T8232] name failslab, interval 1, probability 0, space 0, times 0 [ 271.292871][ T8232] CPU: 0 UID: 0 PID: 8232 Comm: syz.1.695 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 271.292891][ T8232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 271.292901][ T8232] Call Trace: [ 271.292907][ T8232] [ 271.292914][ T8232] dump_stack_lvl+0xe8/0x150 [ 271.292936][ T8232] should_fail_ex+0x46b/0x600 [ 271.292961][ T8232] should_failslab+0xa8/0x100 [ 271.292981][ T8232] __kvmalloc_node_noprof+0x170/0x8e0 [ 271.293001][ T8232] ? traverse+0xde/0x580 [ 271.293029][ T8232] traverse+0xde/0x580 [ 271.293048][ T8232] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 271.293071][ T8232] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 271.293092][ T8232] ? seq_read_iter+0xb8/0xe20 [ 271.293114][ T8232] seq_read_iter+0xd09/0xe20 [ 271.293141][ T8232] ? __asan_memset+0x22/0x50 [ 271.293159][ T8232] seq_read+0x36a/0x490 [ 271.293185][ T8232] ? __pfx_seq_read+0x10/0x10 [ 271.293211][ T8232] ? apparmor_file_permission+0x1f4/0x300 [ 271.293236][ T8232] ? __pfx_seq_read+0x10/0x10 [ 271.293255][ T8232] proc_reg_read+0x1f6/0x2f0 [ 271.293277][ T8232] vfs_readv+0x597/0x850 [ 271.293293][ T8232] ? __pfx_proc_reg_read+0x10/0x10 [ 271.293314][ T8232] ? __pfx_vfs_readv+0x10/0x10 [ 271.293338][ T8232] ? __fget_files+0x2a/0x420 [ 271.293357][ T8232] ? __fget_files+0x3a6/0x420 [ 271.293373][ T8232] ? __fget_files+0x2a/0x420 [ 271.293427][ T8232] __x64_sys_preadv+0x1a2/0x2b0 [ 271.293451][ T8232] ? __pfx___x64_sys_preadv+0x10/0x10 [ 271.293477][ T8232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.293492][ T8232] do_syscall_64+0x174/0x580 [ 271.293512][ T8232] ? trace_irq_disable+0x3b/0x140 [ 271.293529][ T8232] ? clear_bhb_loop+0x40/0x90 [ 271.293546][ T8232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.293559][ T8232] RIP: 0033:0x7f5c0086ce59 [ 271.293573][ T8232] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 271.293586][ T8232] RSP: 002b:00007f5bfeabe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 271.293601][ T8232] RAX: ffffffffffffffda RBX: 00007f5c00ae5fa0 RCX: 00007f5c0086ce59 [ 271.293613][ T8232] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000007 [ 271.293622][ T8232] RBP: 00007f5bfeabe090 R08: 0000000000003b16 R09: 0000000000000000 [ 271.293631][ T8232] R10: 000000000000008f R11: 0000000000000246 R12: 0000000000000001 [ 271.293640][ T8232] R13: 00007f5c00ae6038 R14: 00007f5c00ae5fa0 R15: 00007ffc090fa408 [ 271.293662][ T8232] [ 271.868929][ T8249] FAULT_INJECTION: forcing a failure. [ 271.868929][ T8249] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 271.868952][ T8249] CPU: 0 UID: 0 PID: 8249 Comm: syz.4.700 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 271.868964][ T8249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 271.868971][ T8249] Call Trace: [ 271.868975][ T8249] [ 271.868985][ T8249] dump_stack_lvl+0xe8/0x150 [ 271.869008][ T8249] should_fail_ex+0x46b/0x600 [ 271.869027][ T8249] prepare_alloc_pages+0x22a/0x6b0 [ 271.869046][ T8249] __alloc_frozen_pages_noprof+0x12f/0x380 [ 271.869070][ T8249] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 271.869095][ T8249] ? __pfx_policy_nodemask+0x10/0x10 [ 271.869121][ T8249] ? is_bpf_text_address+0x26/0x2b0 [ 271.869145][ T8249] alloc_pages_mpol+0xd1/0x380 [ 271.869169][ T8249] ___kmalloc_large_node+0x4e/0x120 [ 271.869194][ T8249] __kmalloc_large_node_noprof+0x18/0x90 [ 271.869217][ T8249] __kmalloc_noprof+0x4a3/0x7b0 [ 271.869239][ T8249] ? vc_do_resize+0x349/0x1540 [ 271.869263][ T8249] vc_do_resize+0x349/0x1540 [ 271.869282][ T8249] ? stack_trace_save+0xa9/0x100 [ 271.869312][ T8249] ? __lock_acquire+0x6b5/0x2d10 [ 271.869337][ T8249] ? __pfx_vc_do_resize+0x10/0x10 [ 271.869354][ T8249] ? security_file_ioctl+0xc3/0x2a0 [ 271.869379][ T8249] ? __se_sys_ioctl+0x47/0x170 [ 271.869403][ T8249] ? do_syscall_64+0x174/0x580 [ 271.869429][ T8249] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.869458][ T8249] fbcon_do_set_font+0xa15/0x13c0 [ 271.869504][ T8249] con_font_op+0x82a/0xfa0 [ 271.869528][ T8249] ? kasan_quarantine_put+0xbb/0x1f0 [ 271.869551][ T8249] ? __pfx_con_font_op+0x10/0x10 [ 271.869574][ T8249] ? __might_fault+0xaf/0x130 [ 271.869618][ T8249] vt_ioctl+0x1bb6/0x20c0 [ 271.869649][ T8249] ? __pfx_vt_ioctl+0x10/0x10 [ 271.869689][ T8249] ? __fget_files+0x2a/0x420 [ 271.869715][ T8249] ? __fget_files+0x3a6/0x420 [ 271.869735][ T8249] ? __fget_files+0x2a/0x420 [ 271.869758][ T8249] tty_ioctl+0x92e/0xde0 [ 271.869780][ T8249] ? __pfx_tty_ioctl+0x10/0x10 [ 271.869801][ T8249] __se_sys_ioctl+0xff/0x170 [ 271.869826][ T8249] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.869844][ T8249] do_syscall_64+0x174/0x580 [ 271.869868][ T8249] ? trace_irq_disable+0x3b/0x140 [ 271.869889][ T8249] ? clear_bhb_loop+0x40/0x90 [ 271.869912][ T8249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.869930][ T8249] RIP: 0033:0x7f135651ce59 [ 271.869948][ T8249] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 271.869964][ T8249] RSP: 002b:00007f1354776028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 271.869983][ T8249] RAX: ffffffffffffffda RBX: 00007f1356795fa0 RCX: 00007f135651ce59 [ 271.869996][ T8249] RDX: 0000200000000240 RSI: 0000000000004b72 RDI: 0000000000000003 [ 271.870015][ T8249] RBP: 00007f1354776090 R08: 0000000000000000 R09: 0000000000000000 [ 271.870028][ T8249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 271.870039][ T8249] R13: 00007f1356796038 R14: 00007f1356795fa0 R15: 00007ffd44badda8 [ 271.870069][ T8249] [ 272.023228][ T8252] tmpfs: Bad value for 'grpquota_inode_hardlimit' [ 272.431882][ T8263] binder: Bad value for 'max' [ 273.831711][ T8288] netlink: 'syz.0.710': attribute type 3 has an invalid length. [ 274.599911][ T5755] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 274.732165][ T8294] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 274.769334][ T5755] usb 4-1: Using ep0 maxpacket: 8 [ 274.776556][ T5755] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 274.776586][ T5755] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.776668][ T5755] usb 4-1: Product: syz [ 274.776682][ T5755] usb 4-1: Manufacturer: syz [ 274.776696][ T5755] usb 4-1: SerialNumber: syz [ 274.862411][ T5755] usb 4-1: config 0 descriptor?? [ 274.869021][ T5755] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 275.786381][ T8315] netlink: 'syz.1.721': attribute type 4 has an invalid length. [ 276.029858][ T8319] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 276.520403][ T8327] FAULT_INJECTION: forcing a failure. [ 276.520403][ T8327] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 276.520435][ T8327] CPU: 1 UID: 0 PID: 8327 Comm: syz.0.726 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 276.520460][ T8327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 276.520471][ T8327] Call Trace: [ 276.520478][ T8327] [ 276.520486][ T8327] dump_stack_lvl+0xe8/0x150 [ 276.520514][ T8327] should_fail_ex+0x46b/0x600 [ 276.520544][ T8327] strncpy_from_user+0x36/0x2b0 [ 276.520571][ T8327] do_getname+0x77/0x250 [ 276.520593][ T8327] do_sys_openat2+0xcc/0x200 [ 276.520617][ T8327] ? __pfx_do_sys_openat2+0x10/0x10 [ 276.520639][ T8327] ? ksys_write+0x248/0x270 [ 276.520666][ T8327] ? __pfx_ksys_write+0x10/0x10 [ 276.520694][ T8327] __x64_sys_openat+0x138/0x170 [ 276.520718][ T8327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.520737][ T8327] do_syscall_64+0x174/0x580 [ 276.520764][ T8327] ? trace_irq_disable+0x3b/0x140 [ 276.520786][ T8327] ? clear_bhb_loop+0x40/0x90 [ 276.520808][ T8327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.520826][ T8327] RIP: 0033:0x7f489646ce59 [ 276.520843][ T8327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 276.520859][ T8327] RSP: 002b:00007f48946be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 276.520880][ T8327] RAX: ffffffffffffffda RBX: 00007f48966e5fa0 RCX: 00007f489646ce59 [ 276.520893][ T8327] RDX: 000000000000275a RSI: 0000200000000080 RDI: ffffffffffffff9c [ 276.520906][ T8327] RBP: 00007f48946be090 R08: 0000000000000000 R09: 0000000000000000 [ 276.520918][ T8327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 276.520930][ T8327] R13: 00007f48966e6038 R14: 00007f48966e5fa0 R15: 00007ffd231156a8 [ 276.520958][ T8327] [ 276.680118][ T5755] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 276.869244][ T5755] usb 5-1: Using ep0 maxpacket: 32 [ 276.875490][ T5755] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 276.875519][ T5755] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.875530][ T5755] usb 5-1: Product: syz [ 276.875538][ T5755] usb 5-1: Manufacturer: syz [ 276.875545][ T5755] usb 5-1: SerialNumber: syz [ 276.887274][ T5755] usb 5-1: config 0 descriptor?? [ 277.311865][ T5755] airspy 5-1:0.0: Board ID: 00 [ 277.311879][ T5755] airspy 5-1:0.0: Firmware version: [ 277.322613][ T9] usb 4-1: USB disconnect, device number 46 [ 277.381631][ T8338] netlink: 56 bytes leftover after parsing attributes in process `syz.3.731'. [ 277.714131][ T5755] airspy 5-1:0.0: usb_control_msg() failed -32 request 0e [ 277.717033][ T5755] airspy 5-1:0.0: Registered as swradio24 [ 277.717054][ T5755] airspy 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 277.849495][ T9] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 277.994963][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 278.010106][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10 [ 278.010142][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 278.010183][ T9] usb 4-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.00 [ 278.010206][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.024298][ T9] usb 4-1: config 0 descriptor?? [ 278.273015][ T8338] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.273578][ T8338] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.282233][ T9] usb 4-1: string descriptor 0 read error: -71 [ 278.293653][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 278.293768][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 278.298140][ T9] usb 4-1: USB disconnect, device number 47 [ 279.219947][ T5756] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 279.309262][ T5755] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 279.324466][ T823] usb 5-1: USB disconnect, device number 24 [ 279.369191][ T5756] usb 1-1: Using ep0 maxpacket: 32 [ 279.379828][ T5756] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 279.379854][ T5756] usb 1-1: config 0 has no interface number 0 [ 279.379898][ T5756] usb 1-1: config 0 interface 184 has no altsetting 0 [ 279.394537][ T5756] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 279.394566][ T5756] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.394582][ T5756] usb 1-1: Product: syz [ 279.394596][ T5756] usb 1-1: Manufacturer: syz [ 279.394610][ T5756] usb 1-1: SerialNumber: syz [ 279.415615][ T5756] usb 1-1: config 0 descriptor?? [ 279.550601][ T5755] usb 2-1: Using ep0 maxpacket: 8 [ 279.558211][ T5755] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 279.558240][ T5755] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.558260][ T5755] usb 2-1: Product: syz [ 279.558274][ T5755] usb 2-1: Manufacturer: syz [ 279.558287][ T5755] usb 2-1: SerialNumber: syz [ 279.607558][ T5755] usb 2-1: config 0 descriptor?? [ 279.631153][ T5755] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 279.682023][ T8359] netlink: 830 bytes leftover after parsing attributes in process `syz.0.740'. [ 279.939241][ T5855] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 280.102972][ T5756] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 280.103001][ T5756] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 280.159208][ T5855] usb 5-1: Using ep0 maxpacket: 16 [ 280.161718][ T5855] usb 5-1: descriptor type invalid, skip [ 280.181380][ T5855] usb 5-1: config 1 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 280.181640][ T5855] usb 5-1: config 1 interface 0 has no altsetting 0 [ 280.185511][ T5855] usb 5-1: string descriptor 0 read error: -22 [ 280.185700][ T5855] usb 5-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 280.185715][ T5855] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.250861][ T8370] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 280.524376][ T5756] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71 [ 280.524409][ T5756] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71 [ 280.524428][ T5756] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 280.524719][ T5756] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 280.548016][ T5756] usb 1-1: USB disconnect, device number 29 [ 280.744621][ T5855] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 25 if 0 alt 1 proto 1 vid 0x04B8 pid 0x0202 [ 280.767537][ T5855] usb 5-1: USB disconnect, device number 25 [ 280.824530][ T5855] usblp0: removed [ 281.326335][ T8384] FAULT_INJECTION: forcing a failure. [ 281.326335][ T8384] name failslab, interval 1, probability 0, space 0, times 0 [ 281.326367][ T8384] CPU: 1 UID: 0 PID: 8384 Comm: syz.4.749 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 281.326384][ T8384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 281.326392][ T8384] Call Trace: [ 281.326399][ T8384] [ 281.326406][ T8384] dump_stack_lvl+0xe8/0x150 [ 281.326430][ T8384] should_fail_ex+0x46b/0x600 [ 281.326455][ T8384] should_failslab+0xa8/0x100 [ 281.326475][ T8384] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 281.326493][ T8384] ? alloc_vmap_area+0x229/0x1480 [ 281.326513][ T8384] alloc_vmap_area+0x229/0x1480 [ 281.326538][ T8384] ? __pfx_alloc_vmap_area+0x10/0x10 [ 281.326554][ T8384] ? __kmalloc_cache_node_noprof+0x27d/0x6c0 [ 281.326572][ T8384] ? __get_vm_area_node+0x13f/0x300 [ 281.326586][ T8384] ? copy_process+0x837/0x43d0 [ 281.326607][ T8384] __get_vm_area_node+0x1f8/0x300 [ 281.326626][ T8384] __vmalloc_node_range_noprof+0x36a/0x1750 [ 281.326642][ T8384] ? copy_process+0x837/0x43d0 [ 281.326659][ T8384] ? percpu_ref_get_many+0x19/0x140 [ 281.326698][ T8384] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 281.326717][ T8384] ? rcu_is_watching+0x15/0xb0 [ 281.326735][ T8384] ? memcpy_and_pad+0x48/0x80 [ 281.326757][ T8384] __vmalloc_node_noprof+0xc2/0x100 [ 281.326773][ T8384] ? copy_process+0x837/0x43d0 [ 281.326790][ T8384] ? copy_process+0x837/0x43d0 [ 281.326810][ T8384] dup_task_struct+0x298/0x860 [ 281.326830][ T8384] ? rt_spin_unlock+0x160/0x200 [ 281.326850][ T8384] copy_process+0x837/0x43d0 [ 281.326875][ T8384] ? io_req_normal_work_add+0x221/0x400 [ 281.326894][ T8384] ? kasan_save_track+0x4f/0x80 [ 281.326909][ T8384] ? kasan_save_track+0x3e/0x80 [ 281.326922][ T8384] ? __kasan_kmalloc+0x93/0xb0 [ 281.326935][ T8384] ? __kmalloc_cache_noprof+0x3a6/0x690 [ 281.326950][ T8384] ? create_io_worker+0xab/0x5c0 [ 281.326968][ T8384] ? io_wq_enqueue+0x675/0x8a0 [ 281.326983][ T8384] ? io_handle_tw_list+0x3db/0x540 [ 281.326996][ T8384] ? tctx_task_work_run+0x55/0x300 [ 281.327010][ T8384] ? __se_sys_io_uring_enter+0x595/0x1c40 [ 281.327028][ T8384] ? do_syscall_64+0x174/0x580 [ 281.327047][ T8384] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.327063][ T8384] ? __pfx_copy_process+0x10/0x10 [ 281.327086][ T8384] ? __pfx_io_wq_worker+0x10/0x10 [ 281.327108][ T8384] ? __pfx_io_wq_worker+0x10/0x10 [ 281.327128][ T8384] create_io_thread+0xfc/0x170 [ 281.327151][ T8384] ? __pfx_create_io_thread+0x10/0x10 [ 281.327176][ T8384] ? __pfx_io_wq_worker+0x10/0x10 [ 281.327198][ T8384] ? __raw_spin_lock_init+0x45/0x100 [ 281.327213][ T8384] ? __init_swait_queue_head+0xa9/0x150 [ 281.327235][ T8384] ? create_io_worker+0x27/0x5c0 [ 281.327254][ T8384] create_io_worker+0x181/0x5c0 [ 281.327276][ T8384] io_wq_enqueue+0x675/0x8a0 [ 281.327293][ T8384] ? io_wq_enqueue+0x332/0x8a0 [ 281.327308][ T8384] ? __pfx_io_wq_work_match_item+0x10/0x10 [ 281.327337][ T8384] ? __pfx_io_req_task_submit+0x10/0x10 [ 281.327354][ T8384] io_handle_tw_list+0x3db/0x540 [ 281.327373][ T8384] tctx_task_work_run+0x55/0x300 [ 281.327388][ T8384] tctx_task_work+0x3f/0x90 [ 281.327402][ T8384] task_work_run+0x1d9/0x270 [ 281.327420][ T8384] ? __pfx_task_work_run+0x10/0x10 [ 281.327437][ T8384] ? preempt_count_add+0x91/0x190 [ 281.327457][ T8384] ? try_to_wake_up+0x7f2/0x1380 [ 281.327473][ T8384] ? io_run_task_work+0x397/0x560 [ 281.327486][ T8384] io_run_task_work+0x3e4/0x560 [ 281.327502][ T8384] ? __pfx_io_run_task_work+0x10/0x10 [ 281.327517][ T8384] ? __lock_acquire+0x6b5/0x2d10 [ 281.327537][ T8384] io_cqring_wait+0x1f7/0x2010 [ 281.327551][ T8384] ? __pfx_io_async_queue_proc+0x10/0x10 [ 281.327574][ T8384] ? io_req_normal_work_add+0x279/0x400 [ 281.327591][ T8384] ? __pfx_io_req_normal_work_add+0x10/0x10 [ 281.327605][ T8384] ? io_arm_poll_handler+0x208/0x2a0 [ 281.327628][ T8384] ? do_raw_spin_lock+0x12b/0x2f0 [ 281.327646][ T8384] ? __pfx_io_cqring_wait+0x10/0x10 [ 281.327665][ T8384] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 281.327685][ T8384] ? lockdep_hardirqs_on+0x7a/0x110 [ 281.327705][ T8384] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 281.327723][ T8384] ? rt_mutex_slowunlock+0x1cb/0x300 [ 281.327739][ T8384] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 281.327764][ T8384] __se_sys_io_uring_enter+0x595/0x1c40 [ 281.327789][ T8384] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 281.327810][ T8384] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 281.327852][ T8384] ? fput+0xa0/0xd0 [ 281.327868][ T8384] ? ksys_write+0x248/0x270 [ 281.327894][ T8384] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 281.327912][ T8384] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.327927][ T8384] do_syscall_64+0x174/0x580 [ 281.327946][ T8384] ? trace_irq_disable+0x3b/0x140 [ 281.327961][ T8384] ? clear_bhb_loop+0x40/0x90 [ 281.327977][ T8384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.327991][ T8384] RIP: 0033:0x7f135651ce59 [ 281.328006][ T8384] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 281.328018][ T8384] RSP: 002b:00007f1354775fb8 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 281.328035][ T8384] RAX: ffffffffffffffda RBX: 0000200000000200 RCX: 00007f135651ce59 [ 281.328046][ T8384] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 0000000000000004 [ 281.328056][ T8384] RBP: 0000200000000440 R08: 0000000000000000 R09: 0000000000000008 [ 281.328067][ T8384] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 281.328075][ T8384] R13: 00007f1356796038 R14: 00007f1356795fa0 R15: 00007ffd44badda8 [ 281.328097][ T8384] [ 281.340452][ T8384] syz.4.749: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 281.340629][ T8384] CPU: 1 UID: 0 PID: 8384 Comm: syz.4.749 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 281.340651][ T8384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 281.340662][ T8384] Call Trace: [ 281.340669][ T8384] [ 281.340676][ T8384] dump_stack_lvl+0xe8/0x150 [ 281.340705][ T8384] warn_alloc+0x24c/0x270 [ 281.340729][ T8384] ? kasan_quarantine_put+0xbb/0x1f0 [ 281.340752][ T8384] ? __pfx_warn_alloc+0x10/0x10 [ 281.340774][ T8384] ? __get_vm_area_node+0x211/0x300 [ 281.340793][ T8384] ? __get_vm_area_node+0x13f/0x300 [ 281.340813][ T8384] ? copy_process+0x837/0x43d0 [ 281.340839][ T8384] ? __get_vm_area_node+0x211/0x300 [ 281.340866][ T8384] __vmalloc_node_range_noprof+0x38f/0x1750 [ 281.340886][ T8384] ? percpu_ref_get_many+0x19/0x140 [ 281.340938][ T8384] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 281.340963][ T8384] ? rcu_is_watching+0x15/0xb0 [ 281.340988][ T8384] ? memcpy_and_pad+0x48/0x80 [ 281.341013][ T8384] __vmalloc_node_noprof+0xc2/0x100 [ 281.341034][ T8384] ? copy_process+0x837/0x43d0 [ 281.341058][ T8384] ? copy_process+0x837/0x43d0 [ 281.341085][ T8384] dup_task_struct+0x298/0x860 [ 281.341109][ T8384] ? rt_spin_unlock+0x160/0x200 [ 281.341134][ T8384] copy_process+0x837/0x43d0 [ 281.341167][ T8384] ? io_req_normal_work_add+0x221/0x400 [ 281.341191][ T8384] ? kasan_save_track+0x4f/0x80 [ 281.341209][ T8384] ? kasan_save_track+0x3e/0x80 [ 281.341227][ T8384] ? __kasan_kmalloc+0x93/0xb0 [ 281.341246][ T8384] ? __kmalloc_cache_noprof+0x3a6/0x690 [ 281.341267][ T8384] ? create_io_worker+0xab/0x5c0 [ 281.341291][ T8384] ? io_wq_enqueue+0x675/0x8a0 [ 281.341320][ T8384] ? io_handle_tw_list+0x3db/0x540 [ 281.341335][ T8384] ? tctx_task_work_run+0x55/0x300 [ 281.341352][ T8384] ? __se_sys_io_uring_enter+0x595/0x1c40 [ 281.341374][ T8384] ? do_syscall_64+0x174/0x580 [ 281.341397][ T8384] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.341417][ T8384] ? __pfx_copy_process+0x10/0x10 [ 281.341447][ T8384] ? __pfx_io_wq_worker+0x10/0x10 [ 281.341471][ T8384] ? __pfx_io_wq_worker+0x10/0x10 [ 281.341496][ T8384] create_io_thread+0xfc/0x170 [ 281.341525][ T8384] ? __pfx_create_io_thread+0x10/0x10 [ 281.341561][ T8384] ? __pfx_io_wq_worker+0x10/0x10 [ 281.341590][ T8384] ? __raw_spin_lock_init+0x45/0x100 [ 281.341609][ T8384] ? __init_swait_queue_head+0xa9/0x150 [ 281.341638][ T8384] ? create_io_worker+0x27/0x5c0 [ 281.341663][ T8384] create_io_worker+0x181/0x5c0 [ 281.341691][ T8384] io_wq_enqueue+0x675/0x8a0 [ 281.341713][ T8384] ? io_wq_enqueue+0x332/0x8a0 [ 281.341733][ T8384] ? __pfx_io_wq_work_match_item+0x10/0x10 [ 281.341759][ T8384] ? __pfx_io_req_task_submit+0x10/0x10 [ 281.341782][ T8384] io_handle_tw_list+0x3db/0x540 [ 281.341806][ T8384] tctx_task_work_run+0x55/0x300 [ 281.341826][ T8384] tctx_task_work+0x3f/0x90 [ 281.341845][ T8384] task_work_run+0x1d9/0x270 [ 281.341869][ T8384] ? __pfx_task_work_run+0x10/0x10 [ 281.341895][ T8384] ? preempt_count_add+0x91/0x190 [ 281.341919][ T8384] ? try_to_wake_up+0x7f2/0x1380 [ 281.341940][ T8384] ? io_run_task_work+0x397/0x560 [ 281.341959][ T8384] io_run_task_work+0x3e4/0x560 [ 281.341980][ T8384] ? __pfx_io_run_task_work+0x10/0x10 [ 281.342000][ T8384] ? __lock_acquire+0x6b5/0x2d10 [ 281.342027][ T8384] io_cqring_wait+0x1f7/0x2010 [ 281.342045][ T8384] ? __pfx_io_async_queue_proc+0x10/0x10 [ 281.342075][ T8384] ? io_req_normal_work_add+0x279/0x400 [ 281.342096][ T8384] ? __pfx_io_req_normal_work_add+0x10/0x10 [ 281.342115][ T8384] ? io_arm_poll_handler+0x208/0x2a0 [ 281.342144][ T8384] ? do_raw_spin_lock+0x12b/0x2f0 [ 281.342167][ T8384] ? __pfx_io_cqring_wait+0x10/0x10 [ 281.342190][ T8384] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 281.342215][ T8384] ? lockdep_hardirqs_on+0x7a/0x110 [ 281.342240][ T8384] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 281.342266][ T8384] ? rt_mutex_slowunlock+0x1cb/0x300 [ 281.342286][ T8384] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 281.342326][ T8384] __se_sys_io_uring_enter+0x595/0x1c40 [ 281.342356][ T8384] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 281.342383][ T8384] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 281.342408][ T8384] ? fput+0xa0/0xd0 [ 281.342426][ T8384] ? ksys_write+0x248/0x270 [ 281.342457][ T8384] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 281.342481][ T8384] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.342499][ T8384] do_syscall_64+0x174/0x580 [ 281.342523][ T8384] ? trace_irq_disable+0x3b/0x140 [ 281.342543][ T8384] ? clear_bhb_loop+0x40/0x90 [ 281.342564][ T8384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.342582][ T8384] RIP: 0033:0x7f135651ce59 [ 281.342598][ T8384] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 281.342613][ T8384] RSP: 002b:00007f1354775fb8 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 281.342632][ T8384] RAX: ffffffffffffffda RBX: 0000200000000200 RCX: 00007f135651ce59 [ 281.342644][ T8384] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 0000000000000004 [ 281.342654][ T8384] RBP: 0000200000000440 R08: 0000000000000000 R09: 0000000000000008 [ 281.342665][ T8384] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 281.342676][ T8384] R13: 00007f1356796038 R14: 00007f1356795fa0 R15: 00007ffd44badda8 [ 281.342704][ T8384] [ 281.349394][ T8384] Mem-Info: [ 281.349410][ T8384] active_anon:10272 inactive_anon:0 isolated_anon:0 [ 281.349410][ T8384] active_file:0 inactive_file:54115 isolated_file:0 [ 281.349410][ T8384] unevictable:768 dirty:90 writeback:0 [ 281.349410][ T8384] slab_reclaimable:11417 slab_unreclaimable:96775 [ 281.349410][ T8384] mapped:25688 shmem:4797 pagetables:1323 [ 281.349410][ T8384] sec_pagetables:0 bounce:0 [ 281.349410][ T8384] kernel_misc_reclaimable:0 [ 281.349410][ T8384] free:1326859 free_pcp:2222 free_cma:0 [ 281.349485][ T8384] Node 0 active_anon:41088kB inactive_anon:0kB active_file:0kB inactive_file:216260kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102752kB dirty:360kB writeback:0kB shmem:17652kB kernel_stack:14048kB pagetables:5136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 281.349531][ T8384] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 281.349573][ T8384] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 281.349631][ T8384] lowmem_reserve[]: 0 2492 2492 2492 2492 [ 281.349662][ T8384] Node 0 DMA32 free:1344868kB boost:0kB min:3912kB low:6436kB high:8960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:41088kB inactive_anon:0kB active_file:0kB inactive_file:216260kB unevictable:1536kB writepending:360kB zspages:0kB present:3129332kB managed:2551952kB mlocked:0kB bounce:0kB free_pcp:8880kB local_pcp:4888kB free_cma:0kB [ 281.349713][ T8384] lowmem_reserve[]: 0 0 0 0 0 [ 281.349741][ T8384] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:856kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 281.349792][ T8384] lowmem_reserve[]: 0 0 0 0 0 [ 281.349820][ T8384] Node 1 Normal free:3947208kB boost:0kB min:6372kB low:10480kB high:14588kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111096kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 281.349878][ T8384] lowmem_reserve[]: 0 0 0 0 0 [ 281.349906][ T8384] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 281.350524][ T8384] Node 0 DMA32: 241*4kB (UME) 113*8kB (UME) 453*16kB (UME) 213*32kB (UME) 154*64kB (UME) 141*128kB (UME) 32*256kB (UME) 21*512kB (ME) 10*1024kB (ME) 7*2048kB (M) 307*4096kB (UM) = 1344828kB [ 281.350665][ T8384] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 281.350753][ T8384] Node 1 Normal: 2*4kB (M) 4*8kB (UM) 8*16kB (UM) 9*32kB (UM) 8*64kB (UM) 4*128kB (UM) 1*256kB (M) 2*512kB (M) 2*1024kB (UM) 1*2048kB (U) 962*4096kB (M) = 3947208kB [ 281.354112][ T8384] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 281.354141][ T8384] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 281.354157][ T8384] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 281.354171][ T8384] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 281.354185][ T8384] 58908 total pagecache pages [ 281.354201][ T8384] 0 pages in swap cache [ 281.354208][ T8384] Free swap = 124996kB [ 281.354215][ T8384] Total swap = 124996kB [ 281.354223][ T8384] 2097051 pages RAM [ 281.354229][ T8384] 0 pages HighMem/MovableOnly [ 281.354235][ T8384] 427235 pages reserved [ 281.354241][ T8384] 0 pages cma reserved [ 281.679257][ T32] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 281.806954][ T8389] netlink: 132 bytes leftover after parsing attributes in process `syz.0.752'. [ 281.842911][ T32] usb 5-1: Using ep0 maxpacket: 32 [ 281.874891][ T32] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 281.874922][ T32] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.874941][ T32] usb 5-1: Product: syz [ 281.874954][ T32] usb 5-1: Manufacturer: syz [ 281.874968][ T32] usb 5-1: SerialNumber: syz [ 281.902007][ T32] usb 5-1: config 0 descriptor?? [ 282.353148][ T32] airspy 5-1:0.0: Board ID: 00 [ 282.353171][ T32] airspy 5-1:0.0: Firmware version: [ 282.364827][ T823] usb 2-1: USB disconnect, device number 41 [ 282.736917][ T5815] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 282.766838][ T32] airspy 5-1:0.0: usb_control_msg() failed -32 request 0e [ 282.769873][ T32] airspy 5-1:0.0: Registered as swradio24 [ 282.769893][ T32] airspy 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 282.879302][ T5815] usb 4-1: Using ep0 maxpacket: 32 [ 282.906065][ T5815] usb 4-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 282.906096][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.906114][ T5815] usb 4-1: Product: syz [ 282.906127][ T5815] usb 4-1: Manufacturer: syz [ 282.906140][ T5815] usb 4-1: SerialNumber: syz [ 282.936645][ T5815] usb 4-1: config 0 descriptor?? [ 282.960431][ T8400] FAULT_INJECTION: forcing a failure. [ 282.960431][ T8400] name failslab, interval 1, probability 0, space 0, times 0 [ 282.960475][ T8400] CPU: 1 UID: 0 PID: 8400 Comm: syz.0.755 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 282.960498][ T8400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 282.960511][ T8400] Call Trace: [ 282.960519][ T8400] [ 282.960527][ T8400] dump_stack_lvl+0xe8/0x150 [ 282.960558][ T8400] should_fail_ex+0x46b/0x600 [ 282.960593][ T8400] should_failslab+0xa8/0x100 [ 282.960622][ T8400] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 282.960646][ T8400] ? __alloc_skb+0x1d0/0x7d0 [ 282.960670][ T8400] ? lockdep_hardirqs_on+0x7a/0x110 [ 282.960704][ T8400] __alloc_skb+0x1d0/0x7d0 [ 282.960734][ T8400] kcm_sendmsg+0x97f/0x29f0 [ 282.960794][ T8400] ? __pfx_kcm_sendmsg+0x10/0x10 [ 282.960821][ T8400] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 282.960851][ T8400] ? aa_sock_msg_perm+0x122/0x200 [ 282.960873][ T8400] ? __pfx_kcm_sendmsg+0x10/0x10 [ 282.960899][ T8400] sock_sendmsg_nosec+0x13a/0x180 [ 282.960924][ T8400] sock_sendmsg+0x1ca/0x2d0 [ 282.960941][ T8400] ? __lock_acquire+0x6b5/0x2d10 [ 282.960962][ T8400] ? __pfx_sock_sendmsg+0x10/0x10 [ 282.960993][ T8400] ? __asan_memset+0x22/0x50 [ 282.961010][ T8400] ? iov_iter_bvec+0xb8/0x180 [ 282.961033][ T8400] splice_to_socket+0xae5/0x11f0 [ 282.961077][ T8400] ? __pfx_splice_to_socket+0x10/0x10 [ 282.961097][ T8400] ? current_time+0x22a/0x370 [ 282.961143][ T8400] ? touch_atime+0xf1/0x6b0 [ 282.961186][ T8400] ? __pfx_splice_to_socket+0x10/0x10 [ 282.961209][ T8400] direct_splice_actor+0x104/0x160 [ 282.961236][ T8400] splice_direct_to_actor+0x545/0xc80 [ 282.961270][ T8400] ? __pfx_direct_splice_actor+0x10/0x10 [ 282.961411][ T8400] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 282.961446][ T8400] do_splice_direct+0x19b/0x2a0 [ 282.961474][ T8400] ? __pfx_do_splice_direct+0x10/0x10 [ 282.961510][ T8400] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 282.961541][ T8400] ? rw_verify_area+0x25b/0x4e0 [ 282.961569][ T8400] do_sendfile+0x547/0x7e0 [ 282.961589][ T8400] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 282.961623][ T8400] ? __pfx_do_sendfile+0x10/0x10 [ 282.961654][ T8400] __se_sys_sendfile64+0x144/0x1a0 [ 282.961676][ T8400] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 282.961709][ T8400] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.961735][ T8400] do_syscall_64+0x174/0x580 [ 282.961765][ T8400] ? trace_irq_disable+0x3b/0x140 [ 282.961785][ T8400] ? clear_bhb_loop+0x40/0x90 [ 282.961808][ T8400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.961827][ T8400] RIP: 0033:0x7f489646ce59 [ 282.961847][ T8400] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 282.961862][ T8400] RSP: 002b:00007f489469d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 282.961883][ T8400] RAX: ffffffffffffffda RBX: 00007f48966e6090 RCX: 00007f489646ce59 [ 282.961896][ T8400] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 282.961907][ T8400] RBP: 00007f489469d090 R08: 0000000000000000 R09: 0000000000000000 [ 282.961918][ T8400] R10: 00000ffffffff000 R11: 0000000000000246 R12: 0000000000000001 [ 282.961930][ T8400] R13: 00007f48966e6128 R14: 00007f48966e6090 R15: 00007ffd231156a8 [ 282.961981][ T8400] [ 283.557085][ T5815] peak_usb 4-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 283.557107][ T5815] peak_usb 4-1:0.0 can0: sending command failure: -22 [ 283.557145][ T5815] peak_usb 4-1:0.0 can0: sending command failure: -22 [ 283.832846][ T8407] ================================================================== [ 283.832864][ T8407] BUG: KASAN: slab-use-after-free in reverse_path_check_proc+0x5b/0x240 [ 283.832901][ T8407] Read of size 8 at addr ffff88802bf810c0 by task syz.1.757/8407 [ 283.832918][ T8407] [ 283.832930][ T8407] CPU: 1 UID: 0 PID: 8407 Comm: syz.1.757 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 283.832953][ T8407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 283.832966][ T8407] Call Trace: [ 283.832974][ T8407] [ 283.832982][ T8407] dump_stack_lvl+0xe8/0x150 [ 283.833008][ T8407] print_address_description+0x55/0x1e0 [ 283.833035][ T8407] ? reverse_path_check_proc+0x5b/0x240 [ 283.833060][ T8407] print_report+0x58/0x70 [ 283.833083][ T8407] kasan_report+0x117/0x150 [ 283.833132][ T8407] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 283.833164][ T8407] ? reverse_path_check_proc+0x5b/0x240 [ 283.833195][ T8407] ? ep_insert+0xbbb/0x1820 [ 283.833220][ T8407] reverse_path_check_proc+0x5b/0x240 [ 283.833251][ T8407] ? ep_insert+0xbbb/0x1820 [ 283.833274][ T8407] ep_insert+0xc6c/0x1820 [ 283.833305][ T8407] ? __pfx_ep_insert+0x10/0x10 [ 283.833332][ T8407] ? lockdep_hardirqs_on+0x7a/0x110 [ 283.833361][ T8407] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 283.833389][ T8407] ? mutex_lock_nested+0x152/0x1d0 [ 283.833410][ T8407] ? do_epoll_ctl_file+0xc69/0xed0 [ 283.833437][ T8407] do_epoll_ctl_file+0x8bb/0xed0 [ 283.833464][ T8407] ? do_epoll_ctl_file+0xac3/0xed0 [ 283.833491][ T8407] ? __pfx_do_epoll_ctl_file+0x10/0x10 [ 283.833606][ T8407] ? __fget_files+0x3a6/0x420 [ 283.833627][ T8407] ? __fget_files+0x2a/0x420 [ 283.833651][ T8407] __se_sys_epoll_ctl+0x14e/0x210 [ 283.833676][ T8407] ? __pfx___se_sys_epoll_ctl+0x10/0x10 [ 283.833702][ T8407] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.833721][ T8407] do_syscall_64+0x174/0x580 [ 283.833750][ T8407] ? trace_irq_disable+0x3b/0x140 [ 283.833771][ T8407] ? clear_bhb_loop+0x40/0x90 [ 283.833791][ T8407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.833809][ T8407] RIP: 0033:0x7f5c0086ce59 [ 283.833830][ T8407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 283.833848][ T8407] RSP: 002b:00007f5bfea7c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 283.833879][ T8407] RAX: ffffffffffffffda RBX: 00007f5c00ae6180 RCX: 00007f5c0086ce59 [ 283.833895][ T8407] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000009 [ 283.833906][ T8407] RBP: 00007f5c00902d6f R08: 0000000000000000 R09: 0000000000000000 [ 283.833918][ T8407] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 283.833931][ T8407] R13: 00007f5c00ae6218 R14: 00007f5c00ae6180 R15: 00007ffc090fa408 [ 283.833953][ T8407] [ 283.833960][ T8407] [ 283.833964][ T8407] Allocated by task 8406: [ 283.833973][ T8407] kasan_save_track+0x3e/0x80 [ 283.833993][ T8407] __kasan_slab_alloc+0x6c/0x80 [ 283.834013][ T8407] kmem_cache_alloc_noprof+0x33b/0x680 [ 283.834033][ T8407] ep_insert+0x512/0x1820 [ 283.834055][ T8407] do_epoll_ctl_file+0x8bb/0xed0 [ 283.834083][ T8407] __se_sys_epoll_ctl+0x14e/0x210 [ 283.834106][ T8407] do_syscall_64+0x174/0x580 [ 283.834133][ T8407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.834151][ T8407] [ 283.834155][ T8407] Freed by task 8406: [ 283.834163][ T8407] kasan_save_track+0x3e/0x80 [ 283.834182][ T8407] kasan_save_free_info+0x46/0x50 [ 283.834208][ T8407] __kasan_slab_free+0x5c/0x80 [ 283.834229][ T8407] kmem_cache_free+0x187/0x6c0 [ 283.834250][ T8407] eventpoll_release_file+0xc2/0x240 [ 283.834271][ T8407] __fput+0x83c/0xa70 [ 283.834288][ T8407] task_work_run+0x1d9/0x270 [ 283.834306][ T8407] exit_to_user_mode_loop+0x193/0x680 [ 283.834326][ T8407] do_syscall_64+0x353/0x580 [ 283.834347][ T8407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.834362][ T8407] [ 283.834366][ T8407] The buggy address belongs to the object at ffff88802bf810c0 [ 283.834366][ T8407] which belongs to the cache ep_head of size 16 [ 283.834379][ T8407] The buggy address is located 0 bytes inside of [ 283.834379][ T8407] freed 16-byte region [ffff88802bf810c0, ffff88802bf810d0) [ 283.834396][ T8407] [ 283.834401][ T8407] The buggy address belongs to the physical page: [ 283.834425][ T8407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802bf81080 pfn:0x2bf81 [ 283.834444][ T8407] memcg:ffff888060773001 [ 283.834453][ T8407] flags: 0x80000000000200(workingset|node=0|zone=1) [ 283.834469][ T8407] page_type: f5(slab) [ 283.834487][ T8407] raw: 0080000000000200 ffff888021695dc0 ffff88801b374088 ffffea0000edf8d0 [ 283.834515][ T8407] raw: ffff88802bf81080 0000000800800033 00000000f5000000 ffff888060773001 [ 283.834526][ T8407] page dumped because: kasan: bad access detected [ 283.834542][ T8407] page_owner tracks the page as allocated [ 283.834549][ T8407] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5018, tgid 5018 (udevd), ts 36636958873, free_ts 36631346291 [ 283.834581][ T8407] post_alloc_hook+0x1f9/0x250 [ 283.834602][ T8407] get_page_from_freelist+0x265c/0x26e0 [ 283.834626][ T8407] __alloc_frozen_pages_noprof+0x18d/0x380 [ 283.834650][ T8407] allocate_slab+0x74/0x5e0 [ 283.834675][ T8407] refill_objects+0x33c/0x3d0 [ 283.834697][ T8407] __pcs_replace_empty_main+0x373/0x720 [ 283.834722][ T8407] kmem_cache_alloc_noprof+0x433/0x680 [ 283.834739][ T8407] ep_insert+0x512/0x1820 [ 283.834754][ T8407] do_epoll_ctl_file+0x8bb/0xed0 [ 283.834766][ T8407] __se_sys_epoll_ctl+0x14e/0x210 [ 283.834777][ T8407] do_syscall_64+0x174/0x580 [ 283.834791][ T8407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.834800][ T8407] page last free pid 29 tgid 29 stack trace: [ 283.834806][ T8407] __free_frozen_pages+0x10af/0x1190 [ 283.834817][ T8407] tlb_remove_table_rcu+0x85/0x100 [ 283.834833][ T8407] rcu_cpu_kthread+0x99e/0x1470 [ 283.834852][ T8407] smpboot_thread_fn+0x541/0xa50 [ 283.834867][ T8407] kthread+0x388/0x470 [ 283.834883][ T8407] ret_from_fork+0x514/0xb70 [ 283.834903][ T8407] ret_from_fork_asm+0x1a/0x30 [ 283.834926][ T8407] [ 283.834930][ T8407] Memory state around the buggy address: [ 283.834940][ T8407] ffff88802bf80f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.834953][ T8407] ffff88802bf81000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 283.834966][ T8407] >ffff88802bf81080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 283.834976][ T8407] ^ [ 283.834987][ T8407] ffff88802bf81100: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 283.834997][ T8407] ffff88802bf81180: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 283.835006][ T8407] ================================================================== [ 283.835054][ T8407] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 283.835071][ T8407] CPU: 1 UID: 0 PID: 8407 Comm: syz.1.757 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 283.835094][ T8407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 283.835106][ T8407] Call Trace: [ 283.835114][ T8407] [ 283.835123][ T8407] vpanic+0x56c/0xa60 [ 283.835153][ T8407] ? __pfx_vpanic+0x10/0x10 [ 283.835178][ T8407] panic+0xc5/0xd0 [ 283.835193][ T8407] ? __pfx_panic+0x10/0x10 [ 283.835208][ T8407] ? preempt_schedule_thunk+0x16/0x40 [ 283.835225][ T8407] ? preempt_schedule_thunk+0x16/0x40 [ 283.835262][ T8407] ? reverse_path_check_proc+0x5b/0x240 [ 283.835277][ T8407] check_panic_on_warn+0x89/0xb0 [ 283.835290][ T8407] ? reverse_path_check_proc+0x5b/0x240 [ 283.835305][ T8407] end_report+0x73/0x170 [ 283.835319][ T8407] ? reverse_path_check_proc+0x5b/0x240 [ 283.835333][ T8407] kasan_report+0x128/0x150 [ 283.835345][ T8407] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 283.835374][ T8407] ? reverse_path_check_proc+0x5b/0x240 [ 283.835405][ T8407] ? ep_insert+0xbbb/0x1820 [ 283.835429][ T8407] reverse_path_check_proc+0x5b/0x240 [ 283.835460][ T8407] ? ep_insert+0xbbb/0x1820 [ 283.835483][ T8407] ep_insert+0xc6c/0x1820 [ 283.835499][ T8407] ? __pfx_ep_insert+0x10/0x10 [ 283.835520][ T8407] ? lockdep_hardirqs_on+0x7a/0x110 [ 283.835535][ T8407] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 283.835550][ T8407] ? mutex_lock_nested+0x152/0x1d0 [ 283.835562][ T8407] ? do_epoll_ctl_file+0xc69/0xed0 [ 283.835576][ T8407] do_epoll_ctl_file+0x8bb/0xed0 [ 283.835589][ T8407] ? do_epoll_ctl_file+0xac3/0xed0 [ 283.835604][ T8407] ? __pfx_do_epoll_ctl_file+0x10/0x10 [ 283.835617][ T8407] ? __fget_files+0x3a6/0x420 [ 283.835629][ T8407] ? __fget_files+0x2a/0x420 [ 283.835642][ T8407] __se_sys_epoll_ctl+0x14e/0x210 [ 283.835655][ T8407] ? __pfx___se_sys_epoll_ctl+0x10/0x10 [ 283.835670][ T8407] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.835681][ T8407] do_syscall_64+0x174/0x580 [ 283.835695][ T8407] ? trace_irq_disable+0x3b/0x140 [ 283.835706][ T8407] ? clear_bhb_loop+0x40/0x90 [ 283.835717][ T8407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.835727][ T8407] RIP: 0033:0x7f5c0086ce59 [ 283.835738][ T8407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 283.835749][ T8407] RSP: 002b:00007f5bfea7c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 283.835770][ T8407] RAX: ffffffffffffffda RBX: 00007f5c00ae6180 RCX: 00007f5c0086ce59 [ 283.835785][ T8407] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000009 [ 283.835796][ T8407] RBP: 00007f5c00902d6f R08: 0000000000000000 R09: 0000000000000000 [ 283.835808][ T8407] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 283.835821][ T8407] R13: 00007f5c00ae6218 R14: 00007f5c00ae6180 R15: 00007ffc090fa408 [ 283.835842][ T8407] [ 283.836367][ T8407] Kernel Offset: disabled