last executing test programs: 10m59.813189128s ago: executing program 1 (id=178): syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x250, 0xf1, 0x64, 0x96, 0x40, 0x7c0, 0x158b, 0xd9d2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x40, 0x4, 0xe0, 0x1, "", [{{0x9, 0x4, 0x2c, 0x7, 0x0, 0xa7, 0x3a, 0x30, 0x6}}]}}]}}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0}) r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\"'], 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0xde, 0xc9, 0x70, 0x10, 0x35bc, 0x107, 0xb8da, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x7f, 0x4, 0x50, 0x0, "", [{{0x9, 0x4, 0xd0, 0xb, 0x0, 0xff, 0xff, 0xff}}]}}]}}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_usb_disconnect(r1) read$hidraw(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x963b01) ioctl$EVIOCSFF(r2, 0x40304580, &(0x7f00000003c0)={0x55, 0x8000, 0xfffd, {0x0, 0x1}, {0x53, 0x2}, @cond=[{0x1ff, 0x5388, 0x6f5, 0x800, 0xc7, 0x7}, {0xffff, 0x5, 0x1, 0x46, 0x6, 0xfd}]}) r3 = syz_open_dev$evdev(&(0x7f0000000200), 0x200, 0x0) ioctl$EVIOCSCLOCKID(r3, 0x40084503, &(0x7f0000ffcffc)) write$char_usb(r2, &(0x7f0000000040)="e2", 0x2250) 10m56.248086359s ago: executing program 1 (id=191): syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) close(r3) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008dffff"}) ioctl$SIOCSIFHWADDR(r3, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @remote}) r5 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) ioctl$EVIOCGRAB(r5, 0x40044590, 0x0) 10m53.107013373s ago: executing program 1 (id=205): r0 = syz_open_dev$cec(0x0, 0x0, 0x8800) ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000040)={0xd0, 0xfffffffffffffffe, 0x1000000}) ioctl$CEC_DQEVENT(r0, 0xc0506107, &(0x7f00000000c0)={0x0, 0x0, 0x0, @lost_msgs}) 10m52.995379305s ago: executing program 1 (id=207): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20940, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) setrlimit(0xf, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r3, 0xffffffffffffffff, 0x0) 10m52.418160895s ago: executing program 1 (id=208): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1, 0x2000000, 0x5}}, 0x30) 10m51.280010212s ago: executing program 1 (id=211): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000b40)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xe) 10m36.148121681s ago: executing program 32 (id=211): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000b40)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xe) 9m18.856698598s ago: executing program 2 (id=723): r0 = socket$xdp(0x2c, 0x3, 0x0) (async, rerun: 64) r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) (rerun: 64) ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f0000000040)={0x7, 0xc3, 0x4f4, 0x8}) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x4000, 0x4) (async, rerun: 32) mmap$xdp(&(0x7f0000eae000/0x3000)=nil, 0x3000, 0x5000004, 0x13, r0, 0x180000000) (rerun: 32) dup(r0) 9m18.690779024s ago: executing program 2 (id=725): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet(0x2, 0xa, 0x1) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000600)={{0x2, 0x4e22, @local}, {0x1, @broadcast}, 0x12, {0x2, 0x4e20, @remote}, 'hsr0\x00'}) eventfd(0xfffffff9) r1 = syz_ublk_setup_io_uring(0x1d, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x158}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0, &(0x7f0000000140)=0x0) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x2, [{0xfe, 0x80000500}, {0xfffffff9}]}}) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$dri(&(0x7f00000002c0), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)) syz_ublk_add_dev(r1, r2, r3, r4, &(0x7f0000000480)={0x2e, 0x0, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000440)=@new_dev={0x4, 0xc1e, 0x0, 0x0, 0x1000, 0xffffffff, 0x0, 0x0, 0xec}}}, &(0x7f0000000300)=0x0) syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x141000) socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)) r9 = dup(r8) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x34, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x6}, 0x0, 0x0, 0x0}) syz_ublk_setup_queues(r9, r7, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x253, 0x0, r9}, &(0x7f0000000800)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0xbcaa, 0x4, 0x1000000, 0xb5}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x200, 0x0, 0x1f6, 0x0, r1}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x6b8a, 0x80, 0x0, 0x0, 0x0, r1}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x9fac, 0x2000, 0x1, 0xfffffffd}}], 0x1, &(0x7f0000001000)={0x2e, 0xa, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x0, {}, 0x0, r6, '\x00', {0xfffd, 0x5, 0x0, 0x0}}, 0x0) 9m16.304664912s ago: executing program 2 (id=732): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x7, 0x1, 0x41, 0xc3d, 0x0, 0x2004cb, 0xffffffffffffffff, 0xa1d, 0x7, 0x5, 0x79, 0x3, 0x2], 0x3332d000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x1, 0x4, 0x5, 0x0, 0x5, 0x1, 0x2, 0x9, 0xff, 0xf6, 0x5, 0x9, 0x0, 0x1, 0x5, 0x1, 0x2, 0x4, 0xff, '\x00', 0xdc, 0xe8}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0xe000, 0x0, 0x77, 0x0, 0x3, 0xcb, 0x9, 0x0, 0x6, 0x6}, {0xeeee0000, 0x9000, 0x3, 0xeb, 0x2, 0x0, 0x0, 0xff, 0x7, 0x0, 0x3}, {0xeeee0000, 0x1000, 0x0, 0x0, 0x7, 0xc4, 0x5, 0x1, 0x45, 0x3, 0x4, 0xfc}, {0x1, 0x0, 0x9, 0x4, 0x81, 0x0, 0x8, 0x0, 0x5, 0x0, 0x9}, {0x0, 0xffff1000, 0x3, 0x4, 0x0, 0x4, 0x0, 0x6, 0x2, 0x34, 0x4}, {0xffff1000, 0x1, 0x0, 0x78, 0x8, 0x0, 0x2, 0x1c, 0xa3, 0xff, 0x5}, {0xeeee8000, 0x80a0000, 0xa, 0x4, 0x0, 0x0, 0x7, 0x6}, {0x0, 0x6000, 0xa, 0x0, 0xa4, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0xfe}, {0x80a0000, 0x3}, {0x3000, 0xfffd}, 0xddf8ffdb, 0x0, 0x25000, 0x120, 0x0, 0xf801, 0xdddd1000, [0x80000001, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r2, 0xae80, 0x20) 9m15.583851498s ago: executing program 2 (id=738): r0 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb\\0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc088cf2, 0x196, &(0x7f0000000440)={0x2000000000001ffe, 0x1, 0x56, 0x3}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x51) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x81899, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount(0x0, &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)='./file0/../file0\x00', 0x0, 0x18f881, 0x0) mount$tmpfs(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000100)='./file0\x00', 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x9, 0x0) 9m15.338911164s ago: executing program 2 (id=740): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000100)={@val={0x8, 0xf6}, @val={0x6, 0x0, 0x6, 0xfffd, 0x14}, @ipv4=@icmp={{0x17, 0x4, 0x0, 0x9, 0x70, 0x65, 0x0, 0x3, 0x1, 0x0, @rand_addr=0x64010101, @local, {[@timestamp={0x44, 0x1c, 0x46, 0x0, 0x7, [0x2, 0x7, 0x7, 0x7, 0x7, 0xfffffff1]}, @lsrr={0x83, 0x2b, 0x5c, [@local, @broadcast, @private=0xa010101, @empty, @remote, @loopback, @empty, @remote, @multicast1, @remote]}]}}, @timestamp_reply={0xe, 0x0, 0x0, 0x0, 0xe, 0xffff, 0x7fffffff, 0xd8}}}, 0x7e) 9m14.676418491s ago: executing program 2 (id=749): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x8200, 0x0) (async) r1 = socket$inet6(0xa, 0x6, 0x0) (async, rerun: 64) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x20100) (async, rerun: 64) syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000004c0)}, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r2, 0x40a85321, &(0x7f00000000c0)={{0x9b, 0x51}, 'port0\x00', 0x10, 0x10, 0x7f, 0x7, 0x6, 0x536, 0xafc4}) (async) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x6e23, 0x5, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4}, 0x18) (async) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000300)={0xc000003, 0xf, &(0x7f0000000040)=[0x138a, 0x1000004, 0x5002, 0xffff32eb, 0x8, 0xffffdff9, 0x2d7b, 0x401, 0x0, 0x5, 0x0, 0x1, 0x6, 0xce, 0x80000002], 0x0, 0x4000003}) (async) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203fe020d00000000000000000000000300060000200000020000000000000001000000000000000200010000000000000009007fffffff030005000000000002000000ac1414aa0000000000000000020008000800000034000000000000000100140035000000"], 0x68}, 0x1, 0x7}, 0x0) 9m14.489724968s ago: executing program 33 (id=749): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x8200, 0x0) (async) r1 = socket$inet6(0xa, 0x6, 0x0) (async, rerun: 64) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x20100) (async, rerun: 64) syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000004c0)}, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r2, 0x40a85321, &(0x7f00000000c0)={{0x9b, 0x51}, 'port0\x00', 0x10, 0x10, 0x7f, 0x7, 0x6, 0x536, 0xafc4}) (async) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x6e23, 0x5, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4}, 0x18) (async) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000300)={0xc000003, 0xf, &(0x7f0000000040)=[0x138a, 0x1000004, 0x5002, 0xffff32eb, 0x8, 0xffffdff9, 0x2d7b, 0x401, 0x0, 0x5, 0x0, 0x1, 0x6, 0xce, 0x80000002], 0x0, 0x4000003}) (async) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203fe020d00000000000000000000000300060000200000020000000000000001000000000000000200010000000000000009007fffffff030005000000000002000000ac1414aa0000000000000000020008000800000034000000000000000100140035000000"], 0x68}, 0x1, 0x7}, 0x0) 2m34.830796852s ago: executing program 4 (id=3486): r0 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) ioctl$FE_SET_PROPERTY(r0, 0x40106f52, &(0x7f0000000000)={0x2c, &(0x7f00000002c0)=[{0x11, '\x00', @st={0x4, [{0x1, @uvalue=0x7c4}, {0x2, @svalue=0x1}, {0x2, @uvalue=0x7f}, {0x1, @svalue=0xe}]}, 0x9}]}) (fail_nth: 3) 2m34.51177923s ago: executing program 4 (id=3489): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)="5c00000015006b05c84e21000ab16d6e230675f8027b5fb2bf49311f000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) accept4(r0, &(0x7f00000000c0)=@nl=@unspec, &(0x7f0000000140)=0x80, 0x800) 2m34.415739995s ago: executing program 4 (id=3490): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYRES8=r0, @ANYRES32=r0, @ANYRES16=r0], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='timers\x00') r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r2) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1}) r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_QBUF(r3, 0xc058565d, &(0x7f0000000580)=@multiplanar_userptr={0x10000, 0x4, 0x4, 0x80, 0x7, {0x0, 0x2710}, {0x3, 0x1, 0x3, 0x3, 0xfe, 0x6, "ea3cf4d2"}, 0x3, 0x2, {&(0x7f00000006c0)=[{0x3, 0xef4e, {&(0x7f0000000600)}, 0x10001}, {0x8, 0x8, {&(0x7f0000000640)}, 0x2000000}]}, 0x0, 0x0, r1}) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$inet(r1, &(0x7f0000000540)={&(0x7f0000000480)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x16, 0x0, 0xffffffffffffff56}, 0x40) sendmsg$rds(r4, &(0x7f0000000140)={&(0x7f0000000500)={0x2, 0x4e21, @private=0xa010102}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x4040014) ioctl$VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000001c0)={0x10b8, 0x5, 0x4, 0x0, 0x7f}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000880)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0x1000}) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r5, 0x0, 0x17, &(0x7f0000000300)=0x2f, 0x4) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/245, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) r6 = syz_open_dev$dri(&(0x7f0000000140), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r7}) r8 = syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000206d049cc20000000000010902a400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io(r8, 0x0, 0x0) syz_usb_control_io(r8, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB='@0\''], 0x0, 0x0, 0x0, 0x0}, 0x0) 2m31.287440639s ago: executing program 4 (id=3499): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x80, @dev={0xac, 0x14, 0x14, 0x12}}], 0x10) 2m31.270162223s ago: executing program 4 (id=3500): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, 0x0, 0x0, 0x0) pipe2(0x0, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000080)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8, @ANYBLOB="05"], 0x0) 2m29.795353116s ago: executing program 4 (id=3509): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$unix(0x1, 0x2, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc1105518, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat(0xffffffffffffff9c, 0x0, 0x20842, 0x63) write$P9_RLERRORu(r2, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x10) write$P9_RGETATTR(r2, 0x0, 0x0) ioctl$PIO_CMAP(r2, 0x4b71, &(0x7f00000000c0)={0x7, 0x0, 0x3, 0xaf, 0x1, 0xf60b}) r3 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000001c0), 0x12) sync() 2m14.522687332s ago: executing program 34 (id=3509): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$unix(0x1, 0x2, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc1105518, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat(0xffffffffffffff9c, 0x0, 0x20842, 0x63) write$P9_RLERRORu(r2, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x10) write$P9_RGETATTR(r2, 0x0, 0x0) ioctl$PIO_CMAP(r2, 0x4b71, &(0x7f00000000c0)={0x7, 0x0, 0x3, 0xaf, 0x1, 0xf60b}) r3 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000001c0), 0x12) sync() 6.349228844s ago: executing program 0 (id=4399): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @private}, 0x89}) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000a40)=ANY=[@ANYBLOB="12010000e3ddef20501da1604fa101020301090212"], 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r1], 0xc4}}, 0x0) 5.14137178s ago: executing program 0 (id=4407): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) syz_clone3(&(0x7f0000000480)={0x802800, &(0x7f0000000140), &(0x7f0000000180)=0x0, &(0x7f00000001c0), {0x2d}, &(0x7f0000000300)=""/239, 0xef, &(0x7f0000000400)=""/24, &(0x7f0000000440)=[0x0], 0x1}, 0x58) prctl$PR_SCHED_CORE(0x3e, 0x0, r0, 0x1, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) syz_usb_disconnect(r1) syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000087d1e222e0000000000010902"], 0x0) ioctl$EVIOCSCLOCKID(r1, 0x400445a0, &(0x7f0000000100)=0xfffffffd) 4.564609044s ago: executing program 6 (id=4408): socket$inet(0x2, 0x4000000000000001, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) socket$inet6(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = landlock_create_ruleset(&(0x7f0000000080)={0x10}, 0x10, 0x0) landlock_restrict_self(r4, 0x0) landlock_restrict_self(r4, 0x0) landlock_restrict_self(r4, 0x0) landlock_restrict_self(r4, 0x0) landlock_restrict_self(r4, 0x0) landlock_create_ruleset(&(0x7f00000000c0)={0x8152}, 0x18, 0x0) sendto$inet6(r1, &(0x7f0000000280)="020409fcec074802010e0200c52cf7c20675e005b02f0800eb2b2ff0dac8897c6b112002faffffff3066090cb600c5471d130a66321a54e7df305f80a88161b6fd8f24286a57c3feffff", 0xfc13, 0x800, 0x0, 0x2f) 4.465660422s ago: executing program 6 (id=4409): socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000500000008000600", @ANYRES32=r1, @ANYBLOB="080003", @ANYRES32=r3], 0x34}, 0x1, 0x0, 0x0, 0x40400b0}, 0x0) 4.359056489s ago: executing program 6 (id=4410): socket$nl_generic(0x10, 0x3, 0x10) openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup.net/cgroup.procs\x00', 0x0, 0x82) close(0x3) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e13d6a206419010015d4010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) r2 = syz_open_dev$I2C(&(0x7f0000000040), 0x5, 0x2603) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000280)={0x1, 0x1, 0x3, &(0x7f0000000080)={0x52, "c2ba2cdddf96c2d905bd4296ce341591ddc08dbe750690648bd79a7fbf3d4cefc6"}}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0xa, "152a02000000000000002d860900"}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x0, &(0x7f0000000380)}) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000080), 0x8041, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x0, r3}) syz_open_dev$video(&(0x7f0000000040), 0x0, 0x161580) ioctl$VIDIOC_S_CROP(r5, 0x4014563c, &(0x7f0000000240)={0xe, {0x7, 0x3ff, 0x8c, 0xa}}) ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') r6 = userfaultfd(0x80001) r7 = socket$unix(0x1, 0x5, 0x0) bind$unix(r7, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) shutdown(r7, 0x0) listen(r7, 0x0) r8 = socket$unix(0x1, 0x5, 0x0) connect$unix(r8, &(0x7f0000000440)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x129}) ioctl$UFFDIO_WAKE(r6, 0x8010aa02, &(0x7f00000003c0)={&(0x7f0000000000/0x800000)=nil, 0x800000}) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000380)={0x0, &(0x7f00000000c0)}) ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r4, 0x8002f515, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000200)={0x3, &(0x7f0000000180)=[{0x3, 0xfc, 0x8b, 0x2}, {0xff, 0x6, 0x44, 0x1ea}, {0x1ff, 0xe, 0xa, 0x8}]}) close_range(r9, 0xffffffffffffffff, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffac1e01011c0000000000ff"], 0x10) 4.23990809s ago: executing program 5 (id=4411): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="90000000", @ANYRES16=r1, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r2, @ANYBLOB="7400028038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003"], 0x90}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840) (fail_nth: 4) 4.119684863s ago: executing program 5 (id=4412): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="1400000010000100e81cbcde000000000000000a20000000000a05000000000000000000050000000900010073797a30000000002c000000030a01010000000000000000050000000900010073797a30000000000900030073797a300000000078000000060a010400000000000000000500000008000b400000000050000480240001800b00010074756e6e656c000014000280080001400000000108000240000000092800018008000100667764001c0002800800024000000017080003400000000a08000140000000090900010073797a30"], 0xec}}, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000280)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00102d0c60e46c2d301a2353c092a4ae698f51700b1b9e305825846a95c14f5ec793a3e50e8232500a1361b9cd10fd09e397553f5ce7db0df3a4892894c294ec817c91f1c288c7ccc1d43f881e144e2e3fbeb211ccd60f5f40cc872fcf01c2cdddbc1c462a201ab074f5d8a57cf256c12b8f0caba5aa554ddef01946c36300"/137], 0x0, 0x0, 0x0, 0x0}, 0x0) 3.689369859s ago: executing program 0 (id=4413): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000600)={0x24, 0x0, &(0x7f0000002780)=ANY=[@ANYBLOB="00031200000002037701"], 0x0, 0x0}, 0x0) 2.813244185s ago: executing program 6 (id=4414): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, 0x0) 2.729206896s ago: executing program 6 (id=4415): socket$inet_tcp(0x2, 0x1, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000a40)=ANY=[@ANYBLOB="12010000e3ddef20501da1604fa101020301090212"], 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r0], 0xc4}}, 0x0) 2.652079305s ago: executing program 3 (id=4416): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x3}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}, 0x1, 0x0, 0x0, 0x40010}, 0x0) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000140)={0xfc}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x1, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x8, 0x50, 0x0, 0x1, 0x2, 0x4, 0x6, 0x99, 0xb, 0x4, 0x7, 0x3, 0xd1, 0x5, 0x8, 0x5}}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x0, 0x20, 0x3, 0x0, 0x106c, 0x80000001, 0x8000000000000, 0x80000004000080, 0x0, 0x8, 0x0, 0x4, 0x9, 0x8001], 0x1, 0x3c4210}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="90000000", @ANYRES16=r2, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r6, @ANYBLOB="7400028038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003"], 0x90}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840) 2.512838097s ago: executing program 5 (id=4417): sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0xf00) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000600)={0x24, 0x0, &(0x7f0000002780)=ANY=[@ANYBLOB="000312000000020377"], 0x0, 0x0}, 0x0) 1.873845636s ago: executing program 3 (id=4418): socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000500000008000600", @ANYBLOB="08000300", @ANYRES32=r3], 0x34}, 0x1, 0x0, 0x0, 0x40400b0}, 0x0) 1.781061805s ago: executing program 3 (id=4419): syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000093e1ad40402010726b5b010203010902240001010740000904bcd1010101c1e70a240104000902"], 0x0) 1.569983553s ago: executing program 0 (id=4420): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff) r0 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000340)={0x0, 0x0, 0x1000, 0x40002, 0x1e5}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_ublk_add_dev(0xffffffffffffffff, r1, r2, r3, &(0x7f0000000180)={0x2e, 0x0, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f00000000c0)=@new_dev={0x3, 0xf14, 0x0, 0x0, 0x1000, 0xffffffff, 0x0, 0x0, 0x124}}}, &(0x7f0000000280)=0x0) sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="37031c00", 0x4, 0x4000800, 0x0, 0x47) syz_ublk_setup_queues(r0, r5, &(0x7f0000000200)={0x0, 0x1463, 0x10700, 0x2, 0xb2, 0x0, r0}, &(0x7f0000000d40)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x4485, 0x10002, 0x401, 0x31c, 0x0, r0}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x7682, 0x8000, 0x1, 0x2000008, 0x0, r0}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x1, 0x10, 0x1, 0x902c4, 0x0, r0}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xb8e9, 0x20, 0x2, 0x40021a, 0x0, r0}}], 0x4, &(0x7f0000001540)={0x2e, 0x6, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x72ccfb459c83c565, {0x6}, 0x0, r4, '\x00', {0x3, 0x48b, 0x0, 0x0}}, 0x0) 1.248128611s ago: executing program 6 (id=4421): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) syz_clone3(&(0x7f0000000480)={0x802800, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0), {0x2d}, &(0x7f0000000300)=""/239, 0xef, &(0x7f0000000400)=""/24, &(0x7f0000000440)=[0x0], 0x1}, 0x58) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000087d1e222e0000000000010902"], 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000100)=0xfffffffd) 1.00864987s ago: executing program 5 (id=4422): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x1a) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x1d7) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r1, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x40010) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x40, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$SG_SET_RESERVED_SIZE(r3, 0x5761, 0x0) unlinkat(r3, &(0x7f0000000000)='./file0\x00', 0x0) r4 = syz_open_dev$vcsu(&(0x7f0000000040), 0x9, 0x80000) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r6 = fcntl$dupfd(r5, 0x406, r5) ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) renameat2(r4, &(0x7f0000000140)='./file0\x00', r6, &(0x7f0000000180)='./bus\x00', 0x3) 564.527112ms ago: executing program 0 (id=4423): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, 0x0) 456.943445ms ago: executing program 3 (id=4424): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x40000000e, 0x2) ioctl$AUTOFS_IOC_EXPIRE(r1, 0x810c9365, &(0x7f0000000440)={{0x3, 0xe681}, 0x100, './file0\x00'}) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f00000000c0)={0x3, 0x2, 0x457f1c9146f8f874, "4649f6441214bd00100000007f9d0000310fa145d5fbffffff00", 0xb5315241}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000000)={0xffff, 0x8, 0x4}) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x74}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000890) 403.909337ms ago: executing program 0 (id=4425): pipe2$watch_queue(&(0x7f0000000280)={0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f00000002c0)) (async) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="130100002add1e20ef050a023691010203010902240001000000000904000002ea1998000905a6a70000000000090507", @ANYRES32], 0x0) syz_usb_control_io$uac3(r1, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x0, 0x9, 0xab, 0x3}, {0x5, 0x8, 0x8, 0x40}, {0x1ff, 0xee, 0x5}]}, 0x10) (async) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)=0x0) move_pages(r2, 0x0, &(0x7f00000001c0), &(0x7f0000000180), 0x0, 0x2) syz_open_dev$audion(&(0x7f0000000000), 0xd911, 0x400) 332.266443ms ago: executing program 5 (id=4426): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006067c09e8fe55a10a0015400400142603600e120800060000001001a8001600a4000140", 0x38}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104685fa3aa7143a0f8c81ded0b25000000e8fe09a118001500060014ea000000120800030043000040a8002b", 0x33}], 0x1}, 0x20000880) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xd8) 264.895005ms ago: executing program 3 (id=4427): socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000500000008000600", @ANYBLOB="08000300", @ANYRES32=r3], 0x34}, 0x1, 0x0, 0x0, 0x40400b0}, 0x0) 225.445684ms ago: executing program 3 (id=4428): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_connect$uac1(0x3, 0x0, 0x0, &(0x7f0000000540)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x110, 0x9, 0x6, 0x8, 0x10, 0x3}, 0x63, &(0x7f00000003c0)={0x5, 0xf, 0x63, 0x6, [@wireless={0xb, 0x10, 0x1, 0xe, 0x81, 0x70, 0x8, 0x81, 0x7}, @generic={0x31, 0x10, 0xa, "5913a7ecf4cac0e741d6202a80605443366a5ee486fd1a9e2274e1a3872cd1098f4cbfcc9a38d29bc206108a0d80"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x92, 0x10, 0x22, 0x109, 0xa}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xb, 0x1, 0x5, 0xb13b}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x3, 0x8, 0x7, 0x5}, @ptm_cap={0x3}]}, 0x3, [{0xca, &(0x7f0000000d00)=@string={0xca, 0x3, "5284a139e25d2303f1cf57ab9d6e0c37ede33971da0a27918cfb6204cc31c8233861a9152ae99eda46859305e50fe67628891b5bc6682c735a43f5865b76171045e7ed7ac63118db3c2ef760510fc19a1589643d6a86bb46b7babe91a16da019f57543dc0c024d1446903aaf3d887b54fbc50712e69945767c485ef9158f40025f7722c33e38dbbe7352092d157177f886a9bf3dfbcff8114c837d95d251a1c1f1953df6e6394612464da75ba636c200fdfe0027f60253cf32031a450ec7f7f9bdcd4baba013672f"}}, {0xeb, &(0x7f0000000380)=ANY=[]}, {0x2, &(0x7f00000004c0)=@string={0x2}}]}) mkdir(&(0x7f0000000540)='./file0\x00', 0x108) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x24, r2, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x3c}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x4000, &(0x7f0000000000)={[{@name={'name', 0x3d, 'noprefix'}}]}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000006c0)={0x24, &(0x7f00000002c0)={0x20, 0x0, 0x89, {0x89, 0x30, "7771878c1021aa5c126d05c47d592f296dbff3ec62c4e4c21b7ac76392c6f30dd2a89d8811f6c40a15702ee717b119c6ce75e36840a99bc46e11731c35b71342f202ac3e80ad685052a500f16bc0057d660600af1672e003c83d5b5355841d22d44c34323b0468a1881217b88b3327575acbe49b6c316a3ca902e200b7a6b2ab3088c73b9a14ae"}}, &(0x7f0000000580)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x458}}, &(0x7f0000000140)={0x0, 0x22, 0xe, {[@main=@item_012={0x2, 0x0, 0xc, "ab86"}, @main=@item_012={0x2, 0x0, 0x9, "9dcc"}, @main=@item_012={0x2, 0x0, 0x8, '< '}, @local=@item_4={0x3, 0x2, 0x9, "64d17389"}]}}, &(0x7f0000000680)={0x0, 0x21, 0x9, {0x9, 0x21, 0x69e7, 0x6, 0x1, {0x22, 0x7a6}}}}, &(0x7f0000000940)={0x2c, &(0x7f0000000700)={0x0, 0xb, 0xe8, "7000917fbc4b029388c245ed7bf205523367206a3e62f963ea4659dc08b4c849cb14169eee44e7f838c8c513a939850549e0e811094002488f5a0e31c698c765316a738d6a2fc69ad1e3b5928ef295dcf3d82a70b6e7908f10074f7e0d748ede18786022f353c04d04840c35744461a207814be2ceadd645592053a4a721523985a4a9cf9c9faf35c50588ac345326ed4bc1f97d7726c35f3a5d466533333cd6427d6aef6726002fdf844fdabc8fab42a6972dd0f8ef1331ff0ca84baf57bb294644daae26c364d580d4457617f589df473a21e2fef81a2610fe863bfadded45ed2743a6823e5616"}, &(0x7f0000000800)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000840)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000880)={0x20, 0x1, 0x40, "0dca833a1aa054b053bc32e91658164299821a7877f102ef88406116c54f9cd87e8155fc0f29c6064559076d49bc7fd7a3030000000000000000000000001800"}, &(0x7f0000000900)={0x20, 0x3, 0x1, 0x6}}) 0s ago: executing program 5 (id=4429): socket$kcm(0x10, 0x2, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000a40)=ANY=[@ANYBLOB="12010000e3ddef20501da1604fa101020301090212"], 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r0], 0xc4}}, 0x0) kernel console output (not intermixed with test programs): 753.459027][T17435] security_file_ioctl+0xc3/0x2a0 [ 753.459057][T17435] __se_sys_ioctl+0x47/0x170 [ 753.459085][T17435] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.459106][T17435] do_syscall_64+0x174/0x580 [ 753.459135][T17435] ? trace_irq_disable+0x3b/0x140 [ 753.459158][T17435] ? clear_bhb_loop+0x40/0x90 [ 753.459182][T17435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.459201][T17435] RIP: 0033:0x7f19fc4cce59 [ 753.459219][T17435] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 753.459236][T17435] RSP: 002b:00007f19fa71e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 753.459258][T17435] RAX: ffffffffffffffda RBX: 00007f19fc745fa0 RCX: 00007f19fc4cce59 [ 753.459273][T17435] RDX: 00002000000000c0 RSI: 0000000040085503 RDI: 0000000000000004 [ 753.459287][T17435] RBP: 00007f19fa71e090 R08: 0000000000000000 R09: 0000000000000000 [ 753.459300][T17435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 753.459312][T17435] R13: 00007f19fc746038 R14: 00007f19fc745fa0 R15: 00007ffff8ff9698 [ 753.459342][T17435] [ 753.462162][T17435] ERROR: Out of memory at tomoyo_realpath_from_path. [ 753.477695][ T32] usb 7-1: USB disconnect, device number 34 [ 753.528320][T13542] usb 1-1: config 0 has no interfaces? [ 753.528358][T13542] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 753.528382][T13542] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 753.574887][T13542] usb 1-1: config 0 descriptor?? [ 753.730693][T17454] netlink: 10 bytes leftover after parsing attributes in process `syz.5.4159'. [ 753.780215][ T32] usb 1-1: USB disconnect, device number 44 [ 753.974341][ T38] usb 6-1: new high-speed USB device number 106 using dummy_hcd [ 754.125098][ T38] usb 6-1: Using ep0 maxpacket: 32 [ 754.126871][ T38] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 754.126897][ T38] usb 6-1: config 0 has no interfaces? [ 754.130880][ T38] usb 6-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 754.130911][ T38] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.130931][ T38] usb 6-1: Product: syz [ 754.130945][ T38] usb 6-1: Manufacturer: syz [ 754.130959][ T38] usb 6-1: SerialNumber: syz [ 754.140457][ T38] usb 6-1: config 0 descriptor?? [ 754.407720][ T5619] usb 6-1: USB disconnect, device number 106 [ 754.578116][ T5602] usb 7-1: new full-speed USB device number 35 using dummy_hcd [ 754.668113][T17473] FAULT_INJECTION: forcing a failure. [ 754.668113][T17473] name failslab, interval 1, probability 0, space 0, times 0 [ 754.668137][T17473] CPU: 1 UID: 0 PID: 17473 Comm: syz.3.4168 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 754.668153][T17473] Tainted: [L]=SOFTLOCKUP [ 754.668157][T17473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 754.668164][T17473] Call Trace: [ 754.668168][T17473] [ 754.668174][T17473] dump_stack_lvl+0xe8/0x150 [ 754.668191][T17473] should_fail_ex+0x46b/0x600 [ 754.668211][T17473] should_failslab+0xa8/0x100 [ 754.668226][T17473] __kmalloc_noprof+0xdf/0x7b0 [ 754.668239][T17473] ? tomoyo_encode+0x28b/0x550 [ 754.668255][T17473] tomoyo_encode+0x28b/0x550 [ 754.668269][T17473] tomoyo_realpath_from_path+0x58d/0x5d0 [ 754.668287][T17473] ? tomoyo_path_number_perm+0x219/0x630 [ 754.668303][T17473] tomoyo_path_number_perm+0x246/0x630 [ 754.668320][T17473] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 754.668335][T17473] ? __lock_acquire+0x6b5/0x2d10 [ 754.668349][T17473] ? do_raw_spin_lock+0x12b/0x2f0 [ 754.668375][T17473] ? __fget_files+0x2a/0x420 [ 754.668389][T17473] ? __fget_files+0x2a/0x420 [ 754.668400][T17473] ? __fget_files+0x3a6/0x420 [ 754.668411][T17473] ? __fget_files+0x2a/0x420 [ 754.668425][T17473] security_file_ioctl+0xc3/0x2a0 [ 754.668441][T17473] __se_sys_ioctl+0x47/0x170 [ 754.668456][T17473] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.668468][T17473] do_syscall_64+0x174/0x580 [ 754.668484][T17473] ? trace_irq_disable+0x3b/0x140 [ 754.668496][T17473] ? clear_bhb_loop+0x40/0x90 [ 754.668509][T17473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.668520][T17473] RIP: 0033:0x7f217a94ce59 [ 754.668531][T17473] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 754.668540][T17473] RSP: 002b:00007f2178b9e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 754.668552][T17473] RAX: ffffffffffffffda RBX: 00007f217abc5fa0 RCX: 00007f217a94ce59 [ 754.668560][T17473] RDX: 0000000000000000 RSI: 0000000040084146 RDI: 0000000000000003 [ 754.668567][T17473] RBP: 00007f2178b9e090 R08: 0000000000000000 R09: 0000000000000000 [ 754.668573][T17473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 754.668581][T17473] R13: 00007f217abc6038 R14: 00007f217abc5fa0 R15: 00007ffc87a21238 [ 754.668599][T17473] [ 754.668612][T17473] ERROR: Out of memory at tomoyo_realpath_from_path. [ 754.715709][ T38] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 754.806628][ T5602] usb 7-1: config index 0 descriptor too short (expected 52867, got 27) [ 754.806658][ T5602] usb 7-1: config 29 has too many interfaces: 227, using maximum allowed: 32 [ 754.806677][ T5602] usb 7-1: config 29 has an invalid descriptor of length 171, skipping remainder of the config [ 754.806697][ T5602] usb 7-1: config 29 has 0 interfaces, different from the descriptor's value: 227 [ 754.812129][ T5602] usb 7-1: string descriptor 0 read error: -22 [ 754.812261][ T5602] usb 7-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 754.812286][ T5602] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.894281][ T38] usb 1-1: Using ep0 maxpacket: 16 [ 754.896518][ T38] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 754.896550][ T38] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 754.896574][ T38] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 754.896613][ T38] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 754.896637][ T38] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.920443][ T38] usb 1-1: config 0 descriptor?? [ 755.077616][T17464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 755.081605][T17464] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 755.140223][T17468] cgroup: No subsys list or none specified [ 755.199268][ T5602] usb 7-1: USB disconnect, device number 35 [ 755.322820][T17486] netlink: 'syz.5.4173': attribute type 23 has an invalid length. [ 755.546289][T17468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 755.546917][T17468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 755.551021][ T38] usbhid 1-1:0.0: can't add hid device: -71 [ 755.551138][ T38] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 755.558001][ T38] usb 1-1: USB disconnect, device number 45 [ 755.983004][T17501] netlink: 10 bytes leftover after parsing attributes in process `syz.3.4179'. [ 756.019813][T17497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 756.022561][T17497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 756.218774][T17508] FAULT_INJECTION: forcing a failure. [ 756.218774][T17508] name failslab, interval 1, probability 0, space 0, times 0 [ 756.218796][T17508] CPU: 1 UID: 0 PID: 17508 Comm: syz.0.4182 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 756.218811][T17508] Tainted: [L]=SOFTLOCKUP [ 756.218816][T17508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 756.218823][T17508] Call Trace: [ 756.218827][T17508] [ 756.218832][T17508] dump_stack_lvl+0xe8/0x150 [ 756.218849][T17508] should_fail_ex+0x46b/0x600 [ 756.218873][T17508] should_failslab+0xa8/0x100 [ 756.218889][T17508] __kmalloc_cache_noprof+0x84/0x690 [ 756.218903][T17508] ? drm_atomic_commit_alloc+0xa9/0x100 [ 756.218917][T17508] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.218934][T17508] drm_atomic_commit_alloc+0xa9/0x100 [ 756.218952][T17508] drm_mode_atomic_ioctl+0x4ae/0xdd0 [ 756.218980][T17508] ? do_raw_spin_lock+0x12b/0x2f0 [ 756.219009][T17508] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 756.219051][T17508] ? rt_spin_unlock+0x14f/0x200 [ 756.219079][T17508] ? rt_spin_unlock+0x160/0x200 [ 756.219103][T17508] ? drm_is_current_master+0x1a2/0x210 [ 756.219132][T17508] drm_ioctl_kernel+0x2e2/0x3b0 [ 756.219160][T17508] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 756.219186][T17508] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 756.219217][T17508] drm_ioctl+0x6c0/0xb80 [ 756.219245][T17508] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 756.219277][T17508] ? __pfx_drm_ioctl+0x10/0x10 [ 756.219297][T17508] ? __fget_files+0x2a/0x420 [ 756.219312][T17508] ? bpf_lsm_file_ioctl+0x9/0x20 [ 756.219327][T17508] ? __pfx_drm_ioctl+0x10/0x10 [ 756.219340][T17508] __se_sys_ioctl+0xff/0x170 [ 756.219355][T17508] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.219367][T17508] do_syscall_64+0x174/0x580 [ 756.219381][T17508] ? trace_irq_disable+0x3b/0x140 [ 756.219394][T17508] ? clear_bhb_loop+0x40/0x90 [ 756.219406][T17508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.219417][T17508] RIP: 0033:0x7f5a1a2bce59 [ 756.219436][T17508] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 756.219446][T17508] RSP: 002b:00007f5a1850e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 756.219458][T17508] RAX: ffffffffffffffda RBX: 00007f5a1a535fa0 RCX: 00007f5a1a2bce59 [ 756.219466][T17508] RDX: 0000200000000580 RSI: 00000000c03864bc RDI: 0000000000000003 [ 756.219474][T17508] RBP: 00007f5a1850e090 R08: 0000000000000000 R09: 0000000000000000 [ 756.219480][T17508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 756.219487][T17508] R13: 00007f5a1a536038 R14: 00007f5a1a535fa0 R15: 00007ffdbfa7b1b8 [ 756.219503][T17508] [ 756.254324][ T5602] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 756.254479][ T38] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 756.404285][ T5602] usb 4-1: Using ep0 maxpacket: 32 [ 756.404444][ T38] usb 7-1: Using ep0 maxpacket: 8 [ 756.413448][ T5602] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 756.413474][ T5602] usb 4-1: config 0 has no interfaces? [ 756.413673][ T38] usb 7-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=f9.64 [ 756.413698][ T38] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67 [ 756.413793][ T38] usb 7-1: Product: syz [ 756.413808][ T38] usb 7-1: Manufacturer: syz [ 756.413822][ T38] usb 7-1: SerialNumber: syz [ 756.421455][ T5602] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 756.421485][ T5602] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.421506][ T5602] usb 4-1: Product: syz [ 756.421520][ T5602] usb 4-1: Manufacturer: syz [ 756.421536][ T5602] usb 4-1: SerialNumber: syz [ 756.433823][ T38] usb 7-1: config 0 descriptor?? [ 756.435758][ T5602] usb 4-1: config 0 descriptor?? [ 756.457296][ T38] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 756.574617][ T32] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 756.647751][ T38] gspca_sn9c2028: read1 error -71 [ 756.650188][ T38] gspca_sn9c2028: read1 error -71 [ 756.650741][ T38] gspca_sn9c2028: read1 error -71 [ 756.650824][ T38] sn9c2028 7-1:0.0: probe with driver sn9c2028 failed with error -71 [ 756.679393][ T38] usb 7-1: USB disconnect, device number 36 [ 756.729672][ T32] usb 1-1: unable to get BOS descriptor or descriptor too short [ 756.731513][ T32] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 756.731537][ T32] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 756.740607][ T32] usb 1-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice= 0.40 [ 756.740635][ T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.740655][ T32] usb 1-1: Product: syz [ 756.740669][ T32] usb 1-1: Manufacturer: syz [ 756.740684][ T32] usb 1-1: SerialNumber: syz [ 756.790094][ T5619] usb 4-1: USB disconnect, device number 25 [ 757.066625][ T32] usb 1-1: USB disconnect, device number 46 [ 757.130121][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 757.652298][T17539] FAULT_INJECTION: forcing a failure. [ 757.652298][T17539] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 757.652321][T17539] CPU: 1 UID: 0 PID: 17539 Comm: syz.6.4193 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 757.652337][T17539] Tainted: [L]=SOFTLOCKUP [ 757.652341][T17539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 757.652348][T17539] Call Trace: [ 757.652352][T17539] [ 757.652358][T17539] dump_stack_lvl+0xe8/0x150 [ 757.652383][T17539] should_fail_ex+0x46b/0x600 [ 757.652403][T17539] _copy_to_user+0x31/0xb0 [ 757.652417][T17539] simple_read_from_buffer+0xe1/0x170 [ 757.652432][T17539] proc_fail_nth_read+0x1be/0x230 [ 757.652447][T17539] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 757.652461][T17539] ? rw_verify_area+0x2ac/0x4e0 [ 757.652476][T17539] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 757.652488][T17539] vfs_read+0x212/0xa80 [ 757.652506][T17539] ? __pfx_vfs_read+0x10/0x10 [ 757.652522][T17539] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 757.652539][T17539] ? lockdep_hardirqs_on+0x7a/0x110 [ 757.652557][T17539] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 757.652582][T17539] ? mutex_lock_nested+0x152/0x1d0 [ 757.652602][T17539] ? fdget_pos+0x252/0x320 [ 757.652631][T17539] ksys_read+0x156/0x270 [ 757.652657][T17539] ? __pfx_ksys_read+0x10/0x10 [ 757.652679][T17539] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 757.652710][T17539] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.652730][T17539] do_syscall_64+0x174/0x580 [ 757.652753][T17539] ? trace_irq_disable+0x3b/0x140 [ 757.652766][T17539] ? clear_bhb_loop+0x40/0x90 [ 757.652779][T17539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.652790][T17539] RIP: 0033:0x7f19fc48d68e [ 757.652801][T17539] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 757.652810][T17539] RSP: 002b:00007f19fa71dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 757.652822][T17539] RAX: ffffffffffffffda RBX: 00007f19fa71e6c0 RCX: 00007f19fc48d68e [ 757.652830][T17539] RDX: 000000000000000f RSI: 00007f19fa71e0a0 RDI: 0000000000000006 [ 757.652837][T17539] RBP: 00007f19fa71e090 R08: 0000000000000000 R09: 0000000000000000 [ 757.652843][T17539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 757.652850][T17539] R13: 00007f19fc746038 R14: 00007f19fc745fa0 R15: 00007ffff8ff9698 [ 757.652869][T17539] [ 757.657247][ T5766] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 757.804271][ T5766] usb 4-1: Using ep0 maxpacket: 16 [ 757.810315][ T5766] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 757.810347][ T5766] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 757.810378][ T5766] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 757.810421][ T5766] usb 4-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 757.810447][ T5766] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 757.820017][ T5766] usb 4-1: config 0 descriptor?? [ 758.038364][T17534] cgroup: No subsys list or none specified [ 758.233084][T17541] FAULT_INJECTION: forcing a failure. [ 758.233084][T17541] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 758.233107][T17541] CPU: 1 UID: 0 PID: 17541 Comm: syz.6.4194 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 758.233122][T17541] Tainted: [L]=SOFTLOCKUP [ 758.233127][T17541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 758.233133][T17541] Call Trace: [ 758.233138][T17541] [ 758.233143][T17541] dump_stack_lvl+0xe8/0x150 [ 758.233162][T17541] should_fail_ex+0x46b/0x600 [ 758.233182][T17541] _copy_to_user+0x31/0xb0 [ 758.233196][T17541] simple_read_from_buffer+0xe1/0x170 [ 758.233211][T17541] proc_fail_nth_read+0x1be/0x230 [ 758.233226][T17541] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 758.233240][T17541] ? rw_verify_area+0x2ac/0x4e0 [ 758.233254][T17541] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 758.233267][T17541] vfs_read+0x212/0xa80 [ 758.233292][T17541] ? __pfx_vfs_read+0x10/0x10 [ 758.233307][T17541] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 758.233323][T17541] ? lockdep_hardirqs_on+0x7a/0x110 [ 758.233338][T17541] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 758.233352][T17541] ? mutex_lock_nested+0x152/0x1d0 [ 758.233364][T17541] ? fdget_pos+0x252/0x320 [ 758.233380][T17541] ksys_read+0x156/0x270 [ 758.233395][T17541] ? __pfx_ksys_read+0x10/0x10 [ 758.233413][T17541] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 758.233425][T17541] do_syscall_64+0x174/0x580 [ 758.233449][T17541] ? trace_irq_disable+0x3b/0x140 [ 758.233471][T17541] ? clear_bhb_loop+0x40/0x90 [ 758.233493][T17541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 758.233511][T17541] RIP: 0033:0x7f19fc48d68e [ 758.233527][T17541] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 758.233543][T17541] RSP: 002b:00007f19fa71dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 758.233562][T17541] RAX: ffffffffffffffda RBX: 00007f19fa71e6c0 RCX: 00007f19fc48d68e [ 758.233570][T17541] RDX: 000000000000000f RSI: 00007f19fa71e0a0 RDI: 0000000000000006 [ 758.233577][T17541] RBP: 00007f19fa71e090 R08: 0000000000000000 R09: 0000000000000000 [ 758.233583][T17541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 758.233590][T17541] R13: 00007f19fc746038 R14: 00007f19fc745fa0 R15: 00007ffff8ff9698 [ 758.233606][T17541] [ 758.482268][T17543] netlink: 'syz.5.4195': attribute type 40 has an invalid length. [ 758.515929][T17534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 758.516506][T17534] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 758.543363][ T5766] shield 0003:0955:7214.0035: collection stack underflow [ 758.543383][ T5766] shield 0003:0955:7214.0035: item 0 2 0 12 parsing failed [ 758.546472][ T5766] shield 0003:0955:7214.0035: Parse failed [ 758.546550][ T5766] shield 0003:0955:7214.0035: probe with driver shield failed with error -22 [ 758.731618][ T5766] usb 4-1: USB disconnect, device number 26 [ 758.766884][T17550] netlink: 10 bytes leftover after parsing attributes in process `syz.6.4197'. [ 759.104437][ T5602] usb 6-1: new low-speed USB device number 107 using dummy_hcd [ 759.259147][ T5602] usb 6-1: config 0 has no interfaces? [ 759.259187][ T5602] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 759.259211][ T5602] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 759.270378][ T5602] usb 6-1: config 0 descriptor?? [ 759.294556][ T5766] usb 7-1: new high-speed USB device number 37 using dummy_hcd [ 759.446057][ T5766] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 759.446109][ T5766] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 759.446130][ T5766] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 759.450971][ T5766] usb 7-1: config 0 descriptor?? [ 759.525286][ T38] usb 6-1: USB disconnect, device number 107 [ 759.574836][ T5619] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 759.736171][ T5619] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 759.736205][ T5619] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 759.737298][ T5619] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 759.737327][ T5619] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 759.737347][ T5619] usb 4-1: Manufacturer: syz [ 759.742003][ T5619] usb 4-1: config 0 descriptor?? [ 759.804283][ T32] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 759.862243][ T5766] keytouch 0003:0926:3333.0036: fixing up Keytouch IEC report descriptor [ 759.884222][ T5766] input: HID 0926:3333 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0926:3333.0036/input/input123 [ 759.960474][ T32] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 759.960563][ T32] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 759.989993][ T32] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 759.990026][ T32] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 759.990047][ T32] usb 1-1: Manufacturer: syz [ 760.017988][ T32] usb 1-1: config 0 descriptor?? [ 760.313753][ T5766] keytouch 0003:0926:3333.0036: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.6-1/input0 [ 760.321523][ T5766] usb 7-1: USB disconnect, device number 37 [ 760.547134][T17567] fido_id[17567]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory [ 760.594774][ T5619] input: syz Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0037/input/input124 [ 760.859260][ T5619] input: syz Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0037/input/input125 [ 760.874697][ T32] input: syz Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0038/input/input128 [ 760.929778][ T5619] input: syz Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0037/input/input126 [ 760.953176][ T32] input: syz Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0038/input/input129 [ 760.983105][ T5619] input: syz Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0037/input/input127 [ 761.011334][ T32] input: syz Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0038/input/input130 [ 761.058749][ T5619] uclogic 0003:256C:006D.0037: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.3-1/input0 [ 761.078596][ T32] input: syz Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0038/input/input131 [ 761.079890][ T5619] usb 4-1: USB disconnect, device number 27 [ 761.157084][ T32] uclogic 0003:256C:006D.0038: input,hidraw1: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.0-1/input0 [ 761.298108][T17573] netlink: 10 bytes leftover after parsing attributes in process `syz.6.4207'. [ 761.683172][T17574] fido_id[17574]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 761.800434][T17581] FAULT_INJECTION: forcing a failure. [ 761.800434][T17581] name failslab, interval 1, probability 0, space 0, times 0 [ 761.800470][T17581] CPU: 0 UID: 0 PID: 17581 Comm: syz.3.4210 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 761.800497][T17581] Tainted: [L]=SOFTLOCKUP [ 761.800504][T17581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 761.800515][T17581] Call Trace: [ 761.800523][T17581] [ 761.800532][T17581] dump_stack_lvl+0xe8/0x150 [ 761.800562][T17581] should_fail_ex+0x46b/0x600 [ 761.800604][T17581] should_failslab+0xa8/0x100 [ 761.800632][T17581] __kmalloc_noprof+0xdf/0x7b0 [ 761.800654][T17581] ? kfree+0x4d/0x6c0 [ 761.800670][T17581] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 761.800700][T17581] tomoyo_realpath_from_path+0xe3/0x5d0 [ 761.800725][T17581] ? tomoyo_domain+0xd7/0x130 [ 761.800752][T17581] ? tomoyo_path_number_perm+0x219/0x630 [ 761.800779][T17581] tomoyo_path_number_perm+0x246/0x630 [ 761.800810][T17581] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 761.800842][T17581] ? sb_end_write+0xe9/0x1c0 [ 761.800862][T17581] ? vfs_write+0x9ce/0xba0 [ 761.800914][T17581] ? ksys_write+0x202/0x270 [ 761.800946][T17581] security_file_ioctl+0xc3/0x2a0 [ 761.800975][T17581] __se_sys_ioctl+0x47/0x170 [ 761.801003][T17581] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.801023][T17581] do_syscall_64+0x174/0x580 [ 761.801051][T17581] ? trace_irq_disable+0x3b/0x140 [ 761.801072][T17581] ? clear_bhb_loop+0x40/0x90 [ 761.801095][T17581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.801114][T17581] RIP: 0033:0x7f217a94ce59 [ 761.801132][T17581] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 761.801148][T17581] RSP: 002b:00007f2178b9e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 761.801169][T17581] RAX: ffffffffffffffda RBX: 00007f217abc5fa0 RCX: 00007f217a94ce59 [ 761.801183][T17581] RDX: 0000000000000000 RSI: 000000000000b702 RDI: 0000000000000004 [ 761.801194][T17581] RBP: 00007f2178b9e090 R08: 0000000000000000 R09: 0000000000000000 [ 761.801210][T17581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 761.801223][T17581] R13: 00007f217abc6038 R14: 00007f217abc5fa0 R15: 00007ffc87a21238 [ 761.801251][T17581] [ 761.801282][T17581] ERROR: Out of memory at tomoyo_realpath_from_path. [ 762.194868][T11725] usb 1-1: USB disconnect, device number 47 [ 762.404524][T11726] usb 7-1: new high-speed USB device number 38 using dummy_hcd [ 762.614257][T11726] usb 7-1: Using ep0 maxpacket: 32 [ 762.618486][T11726] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 762.618520][T11726] usb 7-1: can't read configurations, error -61 [ 762.684296][ T5602] usb 6-1: new high-speed USB device number 108 using dummy_hcd [ 762.764370][T11726] usb 7-1: new high-speed USB device number 39 using dummy_hcd [ 762.837585][ T5602] usb 6-1: unable to get BOS descriptor or descriptor too short [ 762.838740][ T5602] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 762.838764][ T5602] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 762.840908][ T5602] usb 6-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice= 0.40 [ 762.840935][ T5602] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 762.840956][ T5602] usb 6-1: Product: syz [ 762.840970][ T5602] usb 6-1: Manufacturer: syz [ 762.840985][ T5602] usb 6-1: SerialNumber: syz [ 762.866393][ T5619] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 762.934308][T11726] usb 7-1: Using ep0 maxpacket: 32 [ 762.943170][T11726] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 762.943207][T11726] usb 7-1: can't read configurations, error -61 [ 762.943595][T11726] usb usb7-port1: attempt power cycle [ 763.014252][ T5619] usb 4-1: Using ep0 maxpacket: 16 [ 763.016620][ T5619] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 763.016681][ T5619] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 763.016704][ T5619] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 763.016745][ T5619] usb 4-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 763.016767][ T5619] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 763.023613][ T5619] usb 4-1: config 0 descriptor?? [ 763.240781][T17587] cgroup: No subsys list or none specified [ 763.242470][ T5602] usb 6-1: USB disconnect, device number 108 [ 763.287364][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 763.354521][T11726] usb 7-1: new high-speed USB device number 40 using dummy_hcd [ 763.385586][T11726] usb 7-1: Using ep0 maxpacket: 32 [ 763.393804][T11726] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 763.393862][T11726] usb 7-1: can't read configurations, error -61 [ 763.454604][T11725] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 763.524295][T11726] usb 7-1: new high-speed USB device number 41 using dummy_hcd [ 763.546881][T11726] usb 7-1: Using ep0 maxpacket: 32 [ 763.553841][T11726] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 763.553878][T11726] usb 7-1: can't read configurations, error -61 [ 763.554490][T11726] usb usb7-port1: unable to enumerate USB device [ 763.654873][T11725] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 763.654907][T11725] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 763.659712][T11725] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 763.659742][T11725] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 763.659763][T11725] usb 1-1: Manufacturer: syz [ 763.681858][ T5619] shield 0003:0955:7214.0039: collection stack underflow [ 763.681892][ T5619] shield 0003:0955:7214.0039: item 0 2 0 12 parsing failed [ 763.682581][ T5619] shield 0003:0955:7214.0039: Parse failed [ 763.682651][ T5619] shield 0003:0955:7214.0039: probe with driver shield failed with error -22 [ 763.705034][T11725] usb 1-1: config 0 descriptor?? [ 763.827077][T17599] netlink: 10 bytes leftover after parsing attributes in process `syz.5.4218'. [ 763.870430][ T5619] usb 4-1: USB disconnect, device number 28 [ 764.394267][ T5766] usb 6-1: new high-speed USB device number 109 using dummy_hcd [ 764.519671][T11725] uclogic 0003:256C:006D.003A: failed retrieving string descriptor #200: -71 [ 764.519732][T11725] uclogic 0003:256C:006D.003A: failed retrieving pen parameters: -71 [ 764.519751][T11725] uclogic 0003:256C:006D.003A: failed probing pen v2 parameters: -71 [ 764.519803][T11725] uclogic 0003:256C:006D.003A: failed probing parameters: -71 [ 764.519931][T11725] uclogic 0003:256C:006D.003A: probe with driver uclogic failed with error -71 [ 764.574614][T17589] Bluetooth: hci0: command 0x0406 tx timeout [ 764.580715][T11725] usb 1-1: USB disconnect, device number 48 [ 764.595944][ T5766] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 764.595977][ T5766] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 764.598013][ T5766] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 764.598040][ T5766] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 764.598059][ T5766] usb 6-1: Manufacturer: syz [ 764.604797][ T5766] usb 6-1: config 0 descriptor?? [ 765.324307][ T5619] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 765.384332][ T5602] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 765.420352][ T5766] input: syz Pen as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:256C:006D.003B/input/input132 [ 765.479304][ T5766] input: syz Pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:256C:006D.003B/input/input133 [ 765.490383][ T5766] input: syz Touch Strip as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:256C:006D.003B/input/input134 [ 765.503882][ T5766] input: syz Dial as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:256C:006D.003B/input/input135 [ 765.520950][ T5619] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 765.520983][ T5619] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 765.521601][ T5766] uclogic 0003:256C:006D.003B: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.5-1/input0 [ 765.524057][ T5619] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 765.565270][ T5619] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 765.565297][ T5619] usb 4-1: Manufacturer: syz [ 765.572764][ T5602] usb 1-1: unable to get BOS descriptor or descriptor too short [ 765.574913][ T5602] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 765.574937][ T5602] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 765.579223][ T5602] usb 1-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice= 0.40 [ 765.579251][ T5602] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.579272][ T5602] usb 1-1: Product: syz [ 765.579286][ T5602] usb 1-1: Manufacturer: syz [ 765.579301][ T5602] usb 1-1: SerialNumber: syz [ 765.647577][ T5619] usb 4-1: config 0 descriptor?? [ 766.160903][ T5602] usb 1-1: USB disconnect, device number 49 [ 766.306862][ T6562] udevd[6562]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 766.462164][ T5766] usb 6-1: USB disconnect, device number 109 [ 766.506605][ T5619] input: syz Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.003C/input/input136 [ 766.580511][T17624] netlink: 10 bytes leftover after parsing attributes in process `syz.0.4227'. [ 766.598706][ T5619] input: syz Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.003C/input/input137 [ 766.641702][ T5619] input: syz Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.003C/input/input138 [ 766.663406][ T5619] input: syz Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.003C/input/input139 [ 766.700035][ T5619] uclogic 0003:256C:006D.003C: input,hidraw1: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.3-1/input0 [ 766.854693][T11726] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 767.014314][T11726] usb 1-1: Using ep0 maxpacket: 32 [ 767.019770][T11726] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 767.019796][T11726] usb 1-1: config 0 has no interfaces? [ 767.056359][T11726] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 767.056389][T11726] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.056409][T11726] usb 1-1: Product: syz [ 767.056422][T11726] usb 1-1: Manufacturer: syz [ 767.056437][T11726] usb 1-1: SerialNumber: syz [ 767.156469][T11726] usb 1-1: config 0 descriptor?? [ 767.234344][T11725] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 767.397455][T11725] usb 7-1: Using ep0 maxpacket: 16 [ 767.406704][T11725] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 767.406736][T11725] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 767.406760][T11725] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 767.406803][T11725] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 767.406828][T11725] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 767.413236][T17639] program syz.5.4234 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 767.482091][ T5602] usb 1-1: USB disconnect, device number 50 [ 767.513168][ T5766] usb 4-1: USB disconnect, device number 29 [ 767.579412][T11725] usb 7-1: config 0 descriptor?? [ 767.806228][T17631] cgroup: No subsys list or none specified [ 768.216329][T11725] shield 0003:0955:7214.003D: collection stack underflow [ 768.216368][T11725] shield 0003:0955:7214.003D: item 0 2 0 12 parsing failed [ 768.218428][T11725] shield 0003:0955:7214.003D: Parse failed [ 768.218504][T11725] shield 0003:0955:7214.003D: probe with driver shield failed with error -22 [ 768.412461][T11725] usb 7-1: USB disconnect, device number 42 [ 768.574444][ T5766] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 768.736528][ T5766] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 768.736556][ T5766] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 768.736585][ T5766] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 768.736598][ T5766] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 768.744512][ T5766] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 768.744541][ T5766] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 768.744560][ T5766] usb 4-1: SerialNumber: syz [ 769.020612][ T5766] usb 4-1: 0:2 : does not exist [ 769.020699][ T5766] usb 4-1: unit 5 not found! [ 769.098136][ T5766] usb 4-1: USB disconnect, device number 30 [ 769.149046][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 769.354459][ T5619] usb 7-1: new high-speed USB device number 43 using dummy_hcd [ 769.526755][ T5619] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 769.526790][ T5619] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 769.527859][ T5619] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 769.527887][ T5619] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 769.527907][ T5619] usb 7-1: Manufacturer: syz [ 769.532357][ T5619] usb 7-1: config 0 descriptor?? [ 769.929057][T11726] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 770.100507][T11726] usb 4-1: Using ep0 maxpacket: 32 [ 770.107362][T11726] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 770.107388][T11726] usb 4-1: config 0 has no interfaces? [ 770.115411][T11726] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 770.115440][T11726] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.116165][T11726] usb 4-1: Product: syz [ 770.116184][T11726] usb 4-1: Manufacturer: syz [ 770.116199][T11726] usb 4-1: SerialNumber: syz [ 770.143641][T11726] usb 4-1: config 0 descriptor?? [ 770.364034][ T5619] input: syz Pen as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:256C:006D.003E/input/input140 [ 770.383033][ T5619] input: syz Pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:256C:006D.003E/input/input141 [ 770.412665][ T5619] input: syz Touch Strip as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:256C:006D.003E/input/input142 [ 770.479804][ T38] usb 4-1: USB disconnect, device number 31 [ 770.508357][ T5619] input: syz Dial as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:256C:006D.003E/input/input143 [ 770.549544][ T5619] uclogic 0003:256C:006D.003E: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.6-1/input0 [ 770.587149][ T5619] usb 7-1: USB disconnect, device number 43 [ 770.707488][T17681] fido_id[17681]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory [ 771.175258][T17685] binder: 17684:17685 ioctl c0306201 200000000080 returned -14 [ 771.178443][T17685] binder: 17684:17685 ioctl c0306201 2000000003c0 returned -14 [ 771.614993][T17166] usb 6-1: new high-speed USB device number 110 using dummy_hcd [ 771.767790][T17166] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 771.767818][T17166] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 771.767871][T17166] usb 6-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 771.767894][T17166] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 771.776705][T17166] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 771.776733][T17166] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 771.776753][T17166] usb 6-1: SerialNumber: syz [ 771.884492][ T5619] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 772.014776][T17166] usb 6-1: 0:2 : does not exist [ 772.014823][T17166] usb 6-1: unit 5 not found! [ 772.099905][ T5619] usb 7-1: Using ep0 maxpacket: 32 [ 772.117716][ T5619] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 772.117732][ T5619] usb 7-1: config 0 has no interfaces? [ 772.119977][ T5619] usb 7-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 772.120007][ T5619] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 772.120025][ T5619] usb 7-1: Product: syz [ 772.120033][ T5619] usb 7-1: Manufacturer: syz [ 772.120041][ T5619] usb 7-1: SerialNumber: syz [ 772.130579][ T5619] usb 7-1: config 0 descriptor?? [ 772.267003][T17166] usb 6-1: USB disconnect, device number 110 [ 772.333835][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 772.440168][ T5766] usb 7-1: USB disconnect, device number 44 [ 772.597242][T17711] FAULT_INJECTION: forcing a failure. [ 772.597242][T17711] name failslab, interval 1, probability 0, space 0, times 0 [ 772.597277][T17711] CPU: 0 UID: 0 PID: 17711 Comm: syz.0.4264 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 772.597302][T17711] Tainted: [L]=SOFTLOCKUP [ 772.597310][T17711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 772.597322][T17711] Call Trace: [ 772.597329][T17711] [ 772.597337][T17711] dump_stack_lvl+0xe8/0x150 [ 772.597375][T17711] should_fail_ex+0x46b/0x600 [ 772.597406][T17711] should_failslab+0xa8/0x100 [ 772.597428][T17711] __kmalloc_cache_noprof+0x84/0x690 [ 772.597452][T17711] ? getname_long+0x50/0x130 [ 772.597475][T17711] getname_long+0x50/0x130 [ 772.597502][T17711] do_getname+0x181/0x250 [ 772.597522][T17711] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 772.597541][T17711] __se_sys_symlinkat+0x2e/0x2b0 [ 772.597560][T17711] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 772.597580][T17711] do_syscall_64+0x174/0x580 [ 772.597607][T17711] ? trace_irq_disable+0x3b/0x140 [ 772.597629][T17711] ? clear_bhb_loop+0x40/0x90 [ 772.597652][T17711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 772.597670][T17711] RIP: 0033:0x7f5a1a2bce59 [ 772.597689][T17711] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 772.597704][T17711] RSP: 002b:00007f5a1850e028 EFLAGS: 00000246 ORIG_RAX: 000000000000010a [ 772.597724][T17711] RAX: ffffffffffffffda RBX: 00007f5a1a535fa0 RCX: 00007f5a1a2bce59 [ 772.597737][T17711] RDX: 0000200000000340 RSI: 0000000000000003 RDI: 0000200000000440 [ 772.597750][T17711] RBP: 00007f5a1850e090 R08: 0000000000000000 R09: 0000000000000000 [ 772.597763][T17711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 772.597775][T17711] R13: 00007f5a1a536038 R14: 00007f5a1a535fa0 R15: 00007ffdbfa7b1b8 [ 772.597804][T17711] [ 772.894469][ T38] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 773.025424][ T38] usb 4-1: device descriptor read/64, error -71 [ 773.176777][T17726] binder: 17724:17726 ioctl c0306201 200000000080 returned -14 [ 773.264211][ T38] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 773.394376][ T38] usb 4-1: device descriptor read/64, error -71 [ 773.505391][ T38] usb usb4-port1: attempt power cycle [ 773.617435][T17731] xt_l2tp: v2 sid > 0xffff: 1114112 [ 773.733445][T17732] netlink: 'syz.5.4271': attribute type 1 has an invalid length. [ 773.733467][T17732] netlink: 'syz.5.4271': attribute type 3 has an invalid length. [ 773.733481][T17732] netlink: 224 bytes leftover after parsing attributes in process `syz.5.4271'. [ 773.844317][ T38] usb 4-1: new full-speed USB device number 34 using dummy_hcd [ 773.867443][ T38] usb 4-1: device descriptor read/8, error -71 [ 773.935074][T17736] binder: 17735:17736 ioctl c0306201 200000000080 returned -14 [ 773.971910][T17736] binder: 17735:17736 ioctl c0306201 2000000003c0 returned -14 [ 773.972383][T17736] binder_alloc: 17735: binder_alloc_buf, no vma [ 774.056583][ T58] block nbd0: Possible stuck request ffff888027fb5080: control (read@0,1024B). Runtime 390 seconds [ 774.056627][ T58] block nbd0: Possible stuck request ffff888027fb5240: control (read@1024,1024B). Runtime 390 seconds [ 774.056656][ T58] block nbd0: Possible stuck request ffff888027fb5400: control (read@2048,1024B). Runtime 390 seconds [ 774.056684][ T58] block nbd0: Possible stuck request ffff888027fb55c0: control (read@3072,1024B). Runtime 390 seconds [ 774.108617][ T38] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 774.125034][ T38] usb 4-1: device descriptor read/8, error -71 [ 774.234564][ T38] usb usb4-port1: unable to enumerate USB device [ 774.244313][T17166] usb 6-1: new high-speed USB device number 111 using dummy_hcd [ 774.348355][T11725] usb 7-1: new high-speed USB device number 45 using dummy_hcd [ 774.354378][ T5766] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 774.406548][T17166] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 774.406571][T17166] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 774.406592][T17166] usb 6-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 774.406604][T17166] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 774.407798][T17166] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 774.407826][T17166] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 774.407847][T17166] usb 6-1: SerialNumber: syz [ 774.504333][ T5766] usb 1-1: Using ep0 maxpacket: 32 [ 774.508008][ T5766] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 774.508035][ T5766] usb 1-1: config 0 has no interfaces? [ 774.511717][ T5766] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 774.511746][ T5766] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 774.511767][ T5766] usb 1-1: Product: syz [ 774.511781][ T5766] usb 1-1: Manufacturer: syz [ 774.511796][ T5766] usb 1-1: SerialNumber: syz [ 774.528247][ T5766] usb 1-1: config 0 descriptor?? [ 774.566049][T11725] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 774.566071][T11725] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 774.567177][T11725] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 774.567192][T11725] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 774.567202][T11725] usb 7-1: Manufacturer: syz [ 774.631757][T17166] usb 6-1: 0:2 : does not exist [ 774.631852][T17166] usb 6-1: unit 5 not found! [ 774.633420][T11725] usb 7-1: config 0 descriptor?? [ 774.694060][T17166] usb 6-1: USB disconnect, device number 111 [ 774.769869][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 774.791341][ T5619] usb 1-1: USB disconnect, device number 51 [ 775.458452][T11725] input: syz Pen as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:256C:006D.003F/input/input144 [ 775.542281][T11725] input: syz Pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:256C:006D.003F/input/input145 [ 775.566680][T11725] input: syz Touch Strip as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:256C:006D.003F/input/input146 [ 775.591280][T11725] input: syz Dial as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:256C:006D.003F/input/input147 [ 775.614900][T11725] uclogic 0003:256C:006D.003F: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.6-1/input0 [ 775.659601][T11725] usb 7-1: USB disconnect, device number 45 [ 775.716872][T17759] binder: 17758:17759 ioctl c0306201 200000000080 returned -14 [ 775.866317][T17760] fido_id[17760]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory [ 775.964331][ T5619] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 776.114249][ T5619] usb 4-1: Using ep0 maxpacket: 16 [ 776.116752][ T5619] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 776.116783][ T5619] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 776.116806][ T5619] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 776.116831][ T5619] usb 4-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 776.116843][ T5619] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 776.120694][ T5619] usb 4-1: config 0 descriptor?? [ 776.317122][ T60] Bluetooth: hci2: Invalid handle: 0xff16 > 0x0eff [ 776.333650][T17757] cgroup: No subsys list or none specified [ 776.592885][T17766] netlink: 100 bytes leftover after parsing attributes in process `syz.5.4285'. [ 776.593690][T17766] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4285'. [ 776.704305][T11725] usb 7-1: new high-speed USB device number 46 using dummy_hcd [ 776.748757][ T5619] shield 0003:0955:7214.0040: collection stack underflow [ 776.748790][ T5619] shield 0003:0955:7214.0040: item 0 2 0 12 parsing failed [ 776.750158][ T5619] shield 0003:0955:7214.0040: Parse failed [ 776.750201][ T5619] shield 0003:0955:7214.0040: probe with driver shield failed with error -22 [ 776.846377][T11725] usb 7-1: device descriptor read/64, error -71 [ 776.874236][ T822] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 776.944588][ T38] usb 4-1: USB disconnect, device number 36 [ 777.026153][ T822] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 777.026180][ T822] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 777.027250][ T822] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 777.027278][ T822] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 777.027299][ T822] usb 1-1: SerialNumber: syz [ 777.094303][T11725] usb 7-1: new high-speed USB device number 47 using dummy_hcd [ 777.224239][T11725] usb 7-1: device descriptor read/64, error -71 [ 777.258142][ T822] usb 1-1: 0:2 : does not exist [ 777.258231][ T822] usb 1-1: unit 5 not found! [ 777.301405][ T822] usb 1-1: USB disconnect, device number 52 [ 777.335147][T11725] usb usb7-port1: attempt power cycle [ 777.343174][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 777.694325][T11725] usb 7-1: new high-speed USB device number 48 using dummy_hcd [ 777.714461][ T38] usb 6-1: new high-speed USB device number 112 using dummy_hcd [ 777.725447][T11725] usb 7-1: device descriptor read/8, error -71 [ 777.844274][ T822] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 777.887973][ T38] usb 6-1: Using ep0 maxpacket: 32 [ 777.889749][ T38] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 777.889773][ T38] usb 6-1: config 0 has no interfaces? [ 777.923879][ T38] usb 6-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 777.923909][ T38] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.923930][ T38] usb 6-1: Product: syz [ 777.923945][ T38] usb 6-1: Manufacturer: syz [ 777.923960][ T38] usb 6-1: SerialNumber: syz [ 777.931575][ T38] usb 6-1: config 0 descriptor?? [ 777.984232][T11725] usb 7-1: new high-speed USB device number 49 using dummy_hcd [ 778.015264][T11725] usb 7-1: device descriptor read/8, error -71 [ 778.021551][ T822] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 778.021577][ T822] usb 4-1: config 0 has no interfaces? [ 778.034946][ T822] usb 4-1: New USB device found, idVendor=2040, idProduct=7210, bcdDevice=5b.6b [ 778.034976][ T822] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 778.034996][ T822] usb 4-1: Product: syz [ 778.035011][ T822] usb 4-1: Manufacturer: syz [ 778.035026][ T822] usb 4-1: SerialNumber: syz [ 778.040295][ T822] usb 4-1: config 0 descriptor?? [ 778.054298][ T32] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 778.125550][T11725] usb usb7-port1: unable to enumerate USB device [ 778.197398][T11725] usb 6-1: USB disconnect, device number 112 [ 778.219502][ T32] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 778.220307][ T32] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 778.220335][ T32] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 778.229380][ T32] usb 1-1: config 0 descriptor?? [ 778.250767][ T32] pwc: Askey VC010 type 2 USB webcam detected. [ 778.270180][ T5619] usb 4-1: USB disconnect, device number 37 [ 778.670134][ T32] pwc: recv_control_msg error -32 req 02 val 2b00 [ 778.670715][ T32] pwc: recv_control_msg error -32 req 02 val 2700 [ 778.671640][ T32] pwc: recv_control_msg error -32 req 02 val 2c00 [ 778.732595][ T32] pwc: recv_control_msg error -32 req 04 val 1000 [ 778.737708][ T32] pwc: recv_control_msg error -32 req 04 val 1300 [ 778.739196][ T32] pwc: recv_control_msg error -32 req 04 val 1400 [ 778.740621][ T32] pwc: recv_control_msg error -32 req 02 val 2000 [ 778.743970][ T32] pwc: recv_control_msg error -32 req 02 val 2100 [ 779.085658][T17789] FAULT_INJECTION: forcing a failure. [ 779.085658][T17789] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 779.085694][T17789] CPU: 0 UID: 0 PID: 17789 Comm: syz.3.4293 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 779.085720][T17789] Tainted: [L]=SOFTLOCKUP [ 779.085728][T17789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 779.085739][T17789] Call Trace: [ 779.085747][T17789] [ 779.085758][T17789] dump_stack_lvl+0xe8/0x150 [ 779.085787][T17789] should_fail_ex+0x46b/0x600 [ 779.085821][T17789] _copy_to_user+0x31/0xb0 [ 779.085847][T17789] simple_read_from_buffer+0xe1/0x170 [ 779.085875][T17789] proc_fail_nth_read+0x1be/0x230 [ 779.085908][T17789] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 779.085932][T17789] ? rw_verify_area+0x2ac/0x4e0 [ 779.085957][T17789] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 779.085981][T17789] vfs_read+0x212/0xa80 [ 779.086014][T17789] ? __pfx_vfs_read+0x10/0x10 [ 779.086040][T17789] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 779.086067][T17789] ? lockdep_hardirqs_on+0x7a/0x110 [ 779.086095][T17789] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 779.086122][T17789] ? mutex_lock_nested+0x152/0x1d0 [ 779.086143][T17789] ? fdget_pos+0x252/0x320 [ 779.086174][T17789] ksys_read+0x156/0x270 [ 779.086200][T17789] ? __pfx_ksys_read+0x10/0x10 [ 779.086223][T17789] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 779.086251][T17789] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 779.086272][T17789] do_syscall_64+0x174/0x580 [ 779.086299][T17789] ? trace_irq_disable+0x3b/0x140 [ 779.086320][T17789] ? clear_bhb_loop+0x40/0x90 [ 779.086343][T17789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 779.086361][T17789] RIP: 0033:0x7f217a90d68e [ 779.086380][T17789] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 779.086395][T17789] RSP: 002b:00007f2178b9dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 779.086414][T17789] RAX: ffffffffffffffda RBX: 00007f2178b9e6c0 RCX: 00007f217a90d68e [ 779.086428][T17789] RDX: 000000000000000f RSI: 00007f2178b9e0a0 RDI: 0000000000000005 [ 779.086440][T17789] RBP: 00007f2178b9e090 R08: 0000000000000000 R09: 0000000000000000 [ 779.086453][T17789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 779.086464][T17789] R13: 00007f217abc6038 R14: 00007f217abc5fa0 R15: 00007ffc87a21238 [ 779.086495][T17789] [ 779.188759][ T32] pwc: recv_control_msg error -71 req 02 val 2400 [ 779.189248][ T32] pwc: recv_control_msg error -71 req 02 val 2600 [ 779.190099][ T32] pwc: recv_control_msg error -71 req 02 val 2900 [ 779.191483][ T32] pwc: recv_control_msg error -71 req 02 val 2800 [ 779.193655][ T32] pwc: recv_control_msg error -71 req 04 val 1100 [ 779.195579][ T32] pwc: recv_control_msg error -71 req 04 val 1200 [ 779.367840][ T32] pwc: Registered as video103. [ 779.414254][T11725] usb 6-1: new high-speed USB device number 113 using dummy_hcd [ 779.494540][ T32] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input148 [ 779.521406][ T32] usb 1-1: USB disconnect, device number 53 [ 779.578527][T11725] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 779.578569][T11725] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 779.582880][T11725] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 779.582912][T11725] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 779.582934][T11725] usb 6-1: Manufacturer: syz [ 779.651566][T11725] usb 6-1: config 0 descriptor?? [ 780.184312][ T32] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 780.347742][ T32] usb 1-1: unable to get BOS descriptor or descriptor too short [ 780.349153][ T32] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 780.349177][ T32] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 780.349213][ T32] usb 1-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 780.351984][ T32] usb 1-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice= 0.40 [ 780.352012][ T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 780.352033][ T32] usb 1-1: Product: syz [ 780.352047][ T32] usb 1-1: Manufacturer: syz [ 780.352062][ T32] usb 1-1: SerialNumber: syz [ 780.471162][T11725] uclogic 0003:256C:006D.0041: failed retrieving string descriptor #200: -71 [ 780.471223][T11725] uclogic 0003:256C:006D.0041: failed retrieving pen parameters: -71 [ 780.471242][T11725] uclogic 0003:256C:006D.0041: failed probing pen v2 parameters: -71 [ 780.471292][T11725] uclogic 0003:256C:006D.0041: failed probing parameters: -71 [ 780.471405][T11725] uclogic 0003:256C:006D.0041: probe with driver uclogic failed with error -71 [ 780.484234][ T5619] usb 7-1: new high-speed USB device number 50 using dummy_hcd [ 780.534242][T11725] usb 6-1: USB disconnect, device number 113 [ 780.644430][ T5619] usb 7-1: Using ep0 maxpacket: 16 [ 780.656208][ T5619] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 780.656241][ T5619] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 780.656264][ T5619] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 780.656306][ T5619] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 780.656339][ T5619] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.724464][ T5619] usb 7-1: config 0 descriptor?? [ 780.728720][ T32] usb 1-1: USB disconnect, device number 54 [ 780.808087][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 780.950157][T17816] cgroup: No subsys list or none specified [ 781.205209][ T32] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 781.344483][ T822] usb 6-1: new high-speed USB device number 114 using dummy_hcd [ 781.372460][ T32] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 781.372488][ T32] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 781.373711][ T32] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 781.373738][ T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 781.373757][ T32] usb 4-1: SerialNumber: syz [ 781.422118][ T5619] shield 0003:0955:7214.0042: collection stack underflow [ 781.422151][ T5619] shield 0003:0955:7214.0042: item 0 2 0 12 parsing failed [ 781.440841][ T5619] shield 0003:0955:7214.0042: Parse failed [ 781.440920][ T5619] shield 0003:0955:7214.0042: probe with driver shield failed with error -22 [ 781.456433][ T5766] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 781.494991][ T822] usb 6-1: Using ep0 maxpacket: 32 [ 781.497251][ T822] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 781.497268][ T822] usb 6-1: config 0 has no interfaces? [ 781.500208][ T822] usb 6-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 781.500226][ T822] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 781.500236][ T822] usb 6-1: Product: syz [ 781.500244][ T822] usb 6-1: Manufacturer: syz [ 781.500439][ T822] usb 6-1: SerialNumber: syz [ 781.515993][ T822] usb 6-1: config 0 descriptor?? [ 781.567326][ T822] usb 7-1: USB disconnect, device number 50 [ 781.608877][ T5766] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 781.608895][ T5766] usb 1-1: config 0 has no interfaces? [ 781.615696][ T5766] usb 1-1: New USB device found, idVendor=2040, idProduct=7210, bcdDevice=5b.6b [ 781.615726][ T5766] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 781.617560][ T5766] usb 1-1: Product: syz [ 781.617579][ T5766] usb 1-1: Manufacturer: syz [ 781.617594][ T5766] usb 1-1: SerialNumber: syz [ 781.688637][ T5766] usb 1-1: config 0 descriptor?? [ 781.693270][ T32] usb 4-1: 0:2 : does not exist [ 781.693352][ T32] usb 4-1: unit 5 not found! [ 781.744004][ T32] usb 4-1: USB disconnect, device number 38 [ 781.779051][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 781.828371][ T5619] usb 6-1: USB disconnect, device number 114 [ 781.892874][T11726] usb 1-1: USB disconnect, device number 55 [ 782.317822][T17851] FAULT_INJECTION: forcing a failure. [ 782.317822][T17851] name failslab, interval 1, probability 0, space 0, times 0 [ 782.317857][T17851] CPU: 1 UID: 0 PID: 17851 Comm: syz.3.4305 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 782.317873][T17851] Tainted: [L]=SOFTLOCKUP [ 782.317878][T17851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 782.317885][T17851] Call Trace: [ 782.317890][T17851] [ 782.317895][T17851] dump_stack_lvl+0xe8/0x150 [ 782.317913][T17851] should_fail_ex+0x46b/0x600 [ 782.317932][T17851] should_failslab+0xa8/0x100 [ 782.317948][T17851] __kmalloc_cache_noprof+0x84/0x690 [ 782.317962][T17851] ? vhost_task_create+0x123/0x380 [ 782.317978][T17851] vhost_task_create+0x123/0x380 [ 782.317990][T17851] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 782.318006][T17851] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 782.318022][T17851] ? __pfx_vhost_task_create+0x10/0x10 [ 782.318038][T17851] ? __pfx_vhost_task_fn+0x10/0x10 [ 782.318052][T17851] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 782.318068][T17851] ? lockdep_hardirqs_on+0x7a/0x110 [ 782.318083][T17851] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 782.318098][T17851] ? mutex_lock_nested+0x152/0x1d0 [ 782.318109][T17851] ? kvm_mmu_post_init_vm+0x8f/0x2d0 [ 782.318128][T17851] kvm_mmu_post_init_vm+0x147/0x2d0 [ 782.318145][T17851] kvm_arch_vcpu_ioctl_run+0x106/0x20d0 [ 782.318165][T17851] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 782.318181][T17851] ? do_raw_spin_lock+0x12b/0x2f0 [ 782.318198][T17851] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 782.318213][T17851] ? lockdep_hardirqs_on+0x7a/0x110 [ 782.318228][T17851] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 782.318243][T17851] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 782.318258][T17851] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 782.318272][T17851] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 782.318286][T17851] ? lockdep_hardirqs_on+0x7a/0x110 [ 782.318301][T17851] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 782.318316][T17851] ? rt_write_unlock+0x190/0x230 [ 782.318329][T17851] kvm_vcpu_ioctl+0xa65/0xfe0 [ 782.318348][T17851] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 782.318373][T17851] ? __fget_files+0x2a/0x420 [ 782.318387][T17851] ? __fget_files+0x2a/0x420 [ 782.318398][T17851] ? __fget_files+0x3a6/0x420 [ 782.318409][T17851] ? __fget_files+0x2a/0x420 [ 782.318423][T17851] ? bpf_lsm_file_ioctl+0x9/0x20 [ 782.318439][T17851] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 782.318453][T17851] __se_sys_ioctl+0xff/0x170 [ 782.318468][T17851] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 782.318480][T17851] do_syscall_64+0x174/0x580 [ 782.318494][T17851] ? trace_irq_disable+0x3b/0x140 [ 782.318506][T17851] ? clear_bhb_loop+0x40/0x90 [ 782.318520][T17851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 782.318530][T17851] RIP: 0033:0x7f217a94ce59 [ 782.318541][T17851] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 782.318551][T17851] RSP: 002b:00007f2178b9e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 782.318563][T17851] RAX: ffffffffffffffda RBX: 00007f217abc5fa0 RCX: 00007f217a94ce59 [ 782.318571][T17851] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 782.318577][T17851] RBP: 00007f2178b9e090 R08: 0000000000000000 R09: 0000000000000000 [ 782.318584][T17851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 782.318590][T17851] R13: 00007f217abc6038 R14: 00007f217abc5fa0 R15: 00007ffc87a21238 [ 782.318607][T17851] [ 782.874347][ T32] usb 6-1: new high-speed USB device number 115 using dummy_hcd [ 782.986643][ T822] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 783.029308][ T32] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 783.029342][ T32] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 783.029372][ T32] usb 6-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 783.029385][ T32] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.033344][ T32] usb 6-1: config 0 descriptor?? [ 783.139320][ T822] usb 4-1: unable to get BOS descriptor or descriptor too short [ 783.141410][ T822] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 783.141436][ T822] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 783.149477][ T822] usb 4-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice= 0.40 [ 783.149506][ T822] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 783.149527][ T822] usb 4-1: Product: syz [ 783.149541][ T822] usb 4-1: Manufacturer: syz [ 783.149603][ T822] usb 4-1: SerialNumber: syz [ 783.234267][T11726] usb 7-1: new high-speed USB device number 51 using dummy_hcd [ 783.384214][T11726] usb 7-1: Using ep0 maxpacket: 16 [ 783.387148][T11726] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 783.387182][T11726] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 783.387205][T11726] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 783.387246][T11726] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 783.387270][T11726] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.451017][T11726] usb 7-1: config 0 descriptor?? [ 783.482204][ T32] hkems 0003:2006:0118.0043: item fetching failed at offset 5/7 [ 783.482824][ T32] hkems 0003:2006:0118.0043: parse failed [ 783.482890][ T32] hkems 0003:2006:0118.0043: probe with driver hkems failed with error -22 [ 783.582233][ T822] usb 4-1: selecting invalid altsetting 1 [ 783.582257][ T822] snd-usb-us122l 4-1:1.1: usb_set_interface error [ 783.582629][ T822] snd-usb-us122l 4-1:1.1: probe with driver snd-usb-us122l failed with error -22 [ 783.589511][ T822] usb 4-1: USB disconnect, device number 39 [ 783.647786][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 783.699925][T17869] cgroup: No subsys list or none specified [ 783.890116][ T822] usb 6-1: USB disconnect, device number 115 [ 783.984271][ T32] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 784.011224][T17874] tipc: Started in network mode [ 784.011283][T17874] tipc: Node identity ac14140f, cluster identity 4711 [ 784.072288][T17874] tipc: New replicast peer: 255.255.255.255 [ 784.102089][T17874] tipc: Enabled bearer , priority 10 [ 784.121000][T11726] shield 0003:0955:7214.0044: collection stack underflow [ 784.121032][T11726] shield 0003:0955:7214.0044: item 0 2 0 12 parsing failed [ 784.121757][T11726] shield 0003:0955:7214.0044: Parse failed [ 784.121827][T11726] shield 0003:0955:7214.0044: probe with driver shield failed with error -22 [ 784.162734][ T32] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 784.162761][ T32] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 784.163922][ T32] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 784.163948][ T32] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 784.163968][ T32] usb 1-1: SerialNumber: syz [ 784.316042][ T822] usb 7-1: USB disconnect, device number 51 [ 784.433718][ T32] usb 1-1: 0:2 : does not exist [ 784.433774][ T32] usb 1-1: unit 5 not found! [ 784.444513][ T5766] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 784.472572][ T32] usb 1-1: USB disconnect, device number 56 [ 784.509536][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 784.535019][T11726] usb 6-1: new high-speed USB device number 116 using dummy_hcd [ 784.594587][ T5766] usb 4-1: Using ep0 maxpacket: 32 [ 784.597153][ T5766] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 784.597178][ T5766] usb 4-1: config 0 has no interfaces? [ 784.599374][ T5766] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 784.599401][ T5766] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 784.599422][ T5766] usb 4-1: Product: syz [ 784.599436][ T5766] usb 4-1: Manufacturer: syz [ 784.599444][ T5766] usb 4-1: SerialNumber: syz [ 784.605300][ T5766] usb 4-1: config 0 descriptor?? [ 784.744297][T11726] usb 6-1: Using ep0 maxpacket: 16 [ 784.746425][T11726] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 784.746516][T11726] usb 6-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.00 [ 784.746540][T11726] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.750497][T11726] usb 6-1: config 0 descriptor?? [ 784.806521][T11726] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input149 [ 784.921888][ T32] usb 4-1: USB disconnect, device number 40 [ 784.957696][ T4963] bcm5974 6-1:0.0: could not read from device [ 785.028996][T11726] usb 6-1: USB disconnect, device number 116 [ 785.064273][ T5619] tipc: Node number set to 2886997007 [ 785.079128][T10157] udevd[10157]: Error opening device "/dev/input/event4": No such file or directory [ 785.079226][T10157] udevd[10157]: Unable to EVIOCGABS device "/dev/input/event4" [ 785.079308][T10157] udevd[10157]: Unable to EVIOCGABS device "/dev/input/event4" [ 785.079418][T10157] udevd[10157]: Unable to EVIOCGABS device "/dev/input/event4" [ 785.080243][T10157] udevd[10157]: Unable to EVIOCGABS device "/dev/input/event4" [ 785.225630][T11725] usb 7-1: new high-speed USB device number 52 using dummy_hcd [ 785.467000][T11725] usb 7-1: config 1 has an invalid interface number: 188 but max is 0 [ 785.467028][T11725] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 785.467049][T11725] usb 7-1: config 1 has no interface number 0 [ 785.467093][T11725] usb 7-1: config 1 interface 188 altsetting 209 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 785.467119][T11725] usb 7-1: config 1 interface 188 has no altsetting 0 [ 785.469279][T11725] usb 7-1: New USB device found, idVendor=2040, idProduct=7210, bcdDevice=5b.6b [ 785.469308][T11725] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.469328][T11725] usb 7-1: Product: syz [ 785.469343][T11725] usb 7-1: Manufacturer: syz [ 785.469356][T11725] usb 7-1: SerialNumber: syz [ 785.779924][T11725] usb 7-1: USB disconnect, device number 52 [ 785.964249][ T32] usb 6-1: new low-speed USB device number 117 using dummy_hcd [ 786.116432][ T32] usb 6-1: config index 0 descriptor too short (expected 6427, got 27) [ 786.116463][ T32] usb 6-1: config 0 has an invalid interface number: 21 but max is 0 [ 786.116483][ T32] usb 6-1: config 0 has no interface number 0 [ 786.116520][ T32] usb 6-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 786.116534][ T32] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 786.116549][ T32] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 786.116570][ T32] usb 6-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 786.116582][ T32] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.120824][ T32] usb 6-1: config 0 descriptor?? [ 786.169711][T11726] usb 4-1: new low-speed USB device number 41 using dummy_hcd [ 786.321548][T11726] usb 4-1: config 0 has no interfaces? [ 786.321585][T11726] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 786.321610][T11726] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.360155][T11726] usb 4-1: config 0 descriptor?? [ 786.542026][ T32] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.21/input/input150 [ 786.566613][ T5766] usb 4-1: USB disconnect, device number 41 [ 786.574381][ T38] usb 7-1: new high-speed USB device number 53 using dummy_hcd [ 786.594381][ T32] input: failed to attach handler kbd to device input150, error: -5 [ 786.729610][ T38] usb 7-1: unable to get BOS descriptor or descriptor too short [ 786.731294][ T38] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 786.731328][ T38] usb 7-1: can't read configurations, error -71 [ 786.755824][ T5766] usb 6-1: USB disconnect, device number 117 [ 787.294749][ T60] Bluetooth: hci5: command 0x1003 tx timeout [ 787.309513][T17589] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 787.612372][T17910] FAULT_INJECTION: forcing a failure. [ 787.612372][T17910] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 787.612395][T17910] CPU: 1 UID: 0 PID: 17910 Comm: syz.0.4329 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 787.612410][T17910] Tainted: [L]=SOFTLOCKUP [ 787.612415][T17910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 787.612422][T17910] Call Trace: [ 787.612426][T17910] [ 787.612431][T17910] dump_stack_lvl+0xe8/0x150 [ 787.612450][T17910] should_fail_ex+0x46b/0x600 [ 787.612468][T17910] _copy_to_user+0x31/0xb0 [ 787.612482][T17910] simple_read_from_buffer+0xe1/0x170 [ 787.612497][T17910] proc_fail_nth_read+0x1be/0x230 [ 787.612512][T17910] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 787.612526][T17910] ? rw_verify_area+0x2ac/0x4e0 [ 787.612540][T17910] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 787.612553][T17910] vfs_read+0x212/0xa80 [ 787.612571][T17910] ? __pfx_vfs_read+0x10/0x10 [ 787.612586][T17910] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 787.612601][T17910] ? lockdep_hardirqs_on+0x7a/0x110 [ 787.612616][T17910] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 787.612630][T17910] ? mutex_lock_nested+0x152/0x1d0 [ 787.612641][T17910] ? fdget_pos+0x252/0x320 [ 787.612658][T17910] ksys_read+0x156/0x270 [ 787.612673][T17910] ? __pfx_ksys_read+0x10/0x10 [ 787.612691][T17910] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.612702][T17910] do_syscall_64+0x174/0x580 [ 787.612716][T17910] ? trace_irq_disable+0x3b/0x140 [ 787.612728][T17910] ? clear_bhb_loop+0x40/0x90 [ 787.612741][T17910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.612752][T17910] RIP: 0033:0x7f5a1a27d68e [ 787.612762][T17910] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 787.612772][T17910] RSP: 002b:00007f5a1850dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 787.612784][T17910] RAX: ffffffffffffffda RBX: 00007f5a1850e6c0 RCX: 00007f5a1a27d68e [ 787.612791][T17910] RDX: 000000000000000f RSI: 00007f5a1850e0a0 RDI: 0000000000000005 [ 787.612798][T17910] RBP: 00007f5a1850e090 R08: 0000000000000000 R09: 0000000000000000 [ 787.612804][T17910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 787.612811][T17910] R13: 00007f5a1a536038 R14: 00007f5a1a535fa0 R15: 00007ffdbfa7b1b8 [ 787.612827][T17910] [ 787.624313][ T5766] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 787.734261][T11725] usb 6-1: new high-speed USB device number 118 using dummy_hcd [ 787.764252][ T38] usb 7-1: new high-speed USB device number 54 using dummy_hcd [ 787.779269][ T5766] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 787.779302][ T5766] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 787.781552][ T5766] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 787.781581][ T5766] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 787.781601][ T5766] usb 4-1: Manufacturer: syz [ 787.789550][ T5766] usb 4-1: config 0 descriptor?? [ 787.914238][ T38] usb 7-1: Using ep0 maxpacket: 16 [ 787.917042][ T38] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 787.917074][ T38] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 787.917147][ T38] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 787.917187][ T38] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 787.917209][ T38] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 787.951905][ T38] usb 7-1: config 0 descriptor?? [ 787.992406][T11725] usb 6-1: Using ep0 maxpacket: 32 [ 788.000090][T11725] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 788.000116][T11725] usb 6-1: config 0 has no interfaces? [ 788.003710][T11725] usb 6-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 788.003738][T11725] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.003760][T11725] usb 6-1: Product: syz [ 788.003776][T11725] usb 6-1: Manufacturer: syz [ 788.003791][T11725] usb 6-1: SerialNumber: syz [ 788.073114][T11725] usb 6-1: config 0 descriptor?? [ 788.187944][T17902] cgroup: No subsys list or none specified [ 788.326391][ T5867] usb 6-1: USB disconnect, device number 118 [ 788.600372][ T5766] uclogic 0003:256C:006D.0045: failed retrieving string descriptor #200: -71 [ 788.600486][ T5766] uclogic 0003:256C:006D.0045: failed retrieving pen parameters: -71 [ 788.600504][ T5766] uclogic 0003:256C:006D.0045: failed probing pen v2 parameters: -71 [ 788.600554][ T5766] uclogic 0003:256C:006D.0045: failed probing parameters: -71 [ 788.600700][ T5766] uclogic 0003:256C:006D.0045: probe with driver uclogic failed with error -71 [ 788.645525][ T5766] usb 4-1: USB disconnect, device number 42 [ 788.688141][ T38] shield 0003:0955:7214.0046: collection stack underflow [ 788.688174][ T38] shield 0003:0955:7214.0046: item 0 2 0 12 parsing failed [ 788.688700][ T38] shield 0003:0955:7214.0046: Parse failed [ 788.688758][ T38] shield 0003:0955:7214.0046: probe with driver shield failed with error -22 [ 788.870542][ T38] usb 7-1: USB disconnect, device number 54 [ 789.204275][T17166] usb 6-1: new low-speed USB device number 119 using dummy_hcd [ 789.388773][T17166] usb 6-1: config 0 has no interfaces? [ 789.388812][T17166] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 789.388835][T17166] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 789.432645][T17166] usb 6-1: config 0 descriptor?? [ 789.497489][T11725] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 789.666801][ T5867] usb 6-1: USB disconnect, device number 119 [ 789.683671][T11725] usb 1-1: unable to get BOS descriptor or descriptor too short [ 789.692602][T11725] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 789.692639][T11725] usb 1-1: can't read configurations, error -71 [ 789.822364][T17932] netlink: 'syz.6.4338': attribute type 1 has an invalid length. [ 790.225928][ T5867] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 790.344868][ T5766] usb 7-1: new high-speed USB device number 55 using dummy_hcd [ 790.374307][ T5867] usb 4-1: Using ep0 maxpacket: 32 [ 790.376234][ T5867] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 790.376260][ T5867] usb 4-1: config 0 has no interfaces? [ 790.378508][ T5867] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 790.378537][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 790.378558][ T5867] usb 4-1: Product: syz [ 790.378573][ T5867] usb 4-1: Manufacturer: syz [ 790.378582][ T5867] usb 4-1: SerialNumber: syz [ 790.382928][ T5867] usb 4-1: config 0 descriptor?? [ 790.504421][ T5619] usb 6-1: new high-speed USB device number 120 using dummy_hcd [ 790.513856][ T5766] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 790.513889][ T5766] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 790.535316][ T5766] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 790.535347][ T5766] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 790.535369][ T5766] usb 7-1: Manufacturer: syz [ 790.560687][ T5766] usb 7-1: config 0 descriptor?? [ 790.653377][ T5867] usb 4-1: USB disconnect, device number 43 [ 790.654407][ T5619] usb 6-1: Using ep0 maxpacket: 16 [ 790.666815][ T5619] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 790.666843][ T5619] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 790.666864][ T5619] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 790.666898][ T5619] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 790.666917][ T5619] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 790.727085][ T5619] usb 6-1: config 0 descriptor?? [ 790.943793][T17942] cgroup: No subsys list or none specified [ 790.967778][ C1] raw-gadget.1 gadget.6: ignoring, device is not running [ 790.968362][ T5766] usbhid 7-1:0.0: can't add hid device: -71 [ 790.968487][ T5766] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 790.999115][ T5766] usb 7-1: USB disconnect, device number 55 [ 791.360233][ T5619] shield 0003:0955:7214.0047: collection stack underflow [ 791.360265][ T5619] shield 0003:0955:7214.0047: item 0 2 0 12 parsing failed [ 791.360931][ T5619] shield 0003:0955:7214.0047: Parse failed [ 791.361004][ T5619] shield 0003:0955:7214.0047: probe with driver shield failed with error -22 [ 791.553684][T17166] usb 6-1: USB disconnect, device number 120 [ 791.604271][ T5766] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 791.756214][ T5766] usb 1-1: Using ep0 maxpacket: 16 [ 791.762202][ T5766] usb 1-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 791.762250][ T5766] usb 1-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 791.762296][ T5766] usb 1-1: config 253 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 791.763904][ T5766] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 791.763932][ T5766] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 791.763952][ T5766] usb 1-1: SerialNumber: syz [ 791.998435][ T5766] rndis_host 1-1:253.0: skipping garbage [ 791.998459][ T5766] rndis_host 1-1:253.0: rndis: master #0/ffff888039612000 slave #1/0000000000000000 [ 792.013236][ T5766] usb 1-1: USB disconnect, device number 59 [ 792.424438][T17166] usb 6-1: new high-speed USB device number 121 using dummy_hcd [ 792.582055][T17166] usb 6-1: unable to get BOS descriptor or descriptor too short [ 792.583784][T17166] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 792.583823][T17166] usb 6-1: can't read configurations, error -71 [ 792.664293][ T5766] usb 4-1: new low-speed USB device number 44 using dummy_hcd [ 792.774305][ T38] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 792.818160][ T5766] usb 4-1: config 0 has no interfaces? [ 792.818197][ T5766] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 792.818215][ T5766] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 792.822217][ T5766] usb 4-1: config 0 descriptor?? [ 792.925531][ T38] usb 1-1: Using ep0 maxpacket: 32 [ 792.928008][ T38] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 792.928034][ T38] usb 1-1: config 0 has no interfaces? [ 792.930187][ T38] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 792.930215][ T38] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 792.930235][ T38] usb 1-1: Product: syz [ 792.930250][ T38] usb 1-1: Manufacturer: syz [ 792.930258][ T38] usb 1-1: SerialNumber: syz [ 792.936322][ T38] usb 1-1: config 0 descriptor?? [ 793.030091][ T5619] usb 4-1: USB disconnect, device number 44 [ 793.222401][ T5766] usb 1-1: USB disconnect, device number 60 [ 793.474184][T17166] usb 6-1: new high-speed USB device number 122 using dummy_hcd [ 793.648114][T17166] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 793.648151][T17166] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 793.649323][T17166] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 793.649352][T17166] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 793.649374][T17166] usb 6-1: Manufacturer: syz [ 793.700114][T17166] usb 6-1: config 0 descriptor?? [ 793.873492][T17988] nvme_fabrics: missing parameter 'transport=%s' [ 793.873509][T17988] nvme_fabrics: missing parameter 'nqn=%s' [ 793.995233][ T38] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 794.108098][T17992] FAULT_INJECTION: forcing a failure. [ 794.108098][T17992] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 794.108121][T17992] CPU: 0 UID: 0 PID: 17992 Comm: syz.6.4360 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 794.108137][T17992] Tainted: [L]=SOFTLOCKUP [ 794.108141][T17992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 794.108151][T17992] Call Trace: [ 794.108156][T17992] [ 794.108162][T17992] dump_stack_lvl+0xe8/0x150 [ 794.108180][T17992] should_fail_ex+0x46b/0x600 [ 794.108200][T17992] _copy_to_user+0x31/0xb0 [ 794.108214][T17992] simple_read_from_buffer+0xe1/0x170 [ 794.108230][T17992] proc_fail_nth_read+0x1be/0x230 [ 794.108245][T17992] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 794.108259][T17992] ? rw_verify_area+0x2ac/0x4e0 [ 794.108274][T17992] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 794.108287][T17992] vfs_read+0x212/0xa80 [ 794.108305][T17992] ? __pfx_vfs_read+0x10/0x10 [ 794.108320][T17992] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 794.108337][T17992] ? lockdep_hardirqs_on+0x7a/0x110 [ 794.108352][T17992] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 794.108367][T17992] ? mutex_lock_nested+0x152/0x1d0 [ 794.108378][T17992] ? fdget_pos+0x252/0x320 [ 794.108395][T17992] ksys_read+0x156/0x270 [ 794.108410][T17992] ? __pfx_ksys_read+0x10/0x10 [ 794.108427][T17992] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.108446][T17992] do_syscall_64+0x174/0x580 [ 794.108462][T17992] ? clear_bhb_loop+0x40/0x90 [ 794.108475][T17992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.108485][T17992] RIP: 0033:0x7f19fc48d68e [ 794.108496][T17992] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 794.108505][T17992] RSP: 002b:00007f19fa71dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 794.108517][T17992] RAX: ffffffffffffffda RBX: 00007f19fa71e6c0 RCX: 00007f19fc48d68e [ 794.108525][T17992] RDX: 000000000000000f RSI: 00007f19fa71e0a0 RDI: 0000000000000005 [ 794.108532][T17992] RBP: 00007f19fa71e090 R08: 0000000000000000 R09: 0000000000000000 [ 794.108539][T17992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 794.108545][T17992] R13: 00007f19fc746038 R14: 00007f19fc745fa0 R15: 00007ffff8ff9698 [ 794.108561][T17992] [ 794.112397][ C0] raw-gadget.0 gadget.5: ignoring, device is not running [ 794.114058][T17166] usbhid 6-1:0.0: can't add hid device: -71 [ 794.116424][T17166] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 794.124453][ T5867] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 794.144246][ T38] usb 4-1: Using ep0 maxpacket: 16 [ 794.205784][ T38] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 794.205818][ T38] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 794.205845][ T38] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 794.205885][ T38] usb 4-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 794.205916][ T38] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.213440][ T38] usb 4-1: config 0 descriptor?? [ 794.254812][ T5867] usb 1-1: device descriptor read/64, error -71 [ 794.445441][T17166] usb 6-1: USB disconnect, device number 122 [ 794.469938][T17986] cgroup: No subsys list or none specified [ 794.487460][T17994] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4361'. [ 794.506209][ T5867] usb 1-1: new high-speed USB device number 62 using dummy_hcd [ 794.634302][ T5867] usb 1-1: device descriptor read/64, error -71 [ 794.744800][ T5867] usb usb1-port1: attempt power cycle [ 794.754382][ T5766] usb 7-1: new high-speed USB device number 56 using dummy_hcd [ 794.881620][ T38] shield 0003:0955:7214.0048: collection stack underflow [ 794.881653][ T38] shield 0003:0955:7214.0048: item 0 2 0 12 parsing failed [ 794.882426][ T38] shield 0003:0955:7214.0048: Parse failed [ 794.882498][ T38] shield 0003:0955:7214.0048: probe with driver shield failed with error -22 [ 794.916363][ T5766] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 794.916392][ T5766] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.928983][ T5766] usb 7-1: config 0 descriptor?? [ 794.942218][ T5766] cp210x 7-1:0.0: cp210x converter detected [ 795.079496][ T5619] usb 4-1: USB disconnect, device number 45 [ 795.094270][ T5867] usb 1-1: new high-speed USB device number 63 using dummy_hcd [ 795.119664][ T5867] usb 1-1: device descriptor read/8, error -71 [ 795.174372][T11726] usb 6-1: new low-speed USB device number 123 using dummy_hcd [ 795.327490][T11726] usb 6-1: config 0 has no interfaces? [ 795.327518][T11726] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 795.327542][T11726] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 795.333055][T11726] usb 6-1: config 0 descriptor?? [ 795.342576][T17994] comedi comedi1: mpc624: a I/O base address must be specified [ 795.354243][ T5867] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 795.369145][ T5766] cp210x 7-1:0.0: failed to get vendor val 0x0010 size 3: -71 [ 795.384806][ T5867] usb 1-1: device descriptor read/8, error -71 [ 795.393222][ T5766] cp210x 7-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 795.393278][ T5766] cp210x 7-1:0.0: GPIO initialisation failed: -71 [ 795.428238][ T5766] usb 7-1: cp210x converter now attached to ttyUSB0 [ 795.434836][ T5766] usb 7-1: USB disconnect, device number 56 [ 795.469151][ T5766] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 795.469809][ T5766] cp210x 7-1:0.0: device disconnected [ 795.494701][ T5867] usb usb1-port1: unable to enumerate USB device [ 795.537542][ T5867] usb 6-1: USB disconnect, device number 123 [ 795.763265][T18002] FAULT_INJECTION: forcing a failure. [ 795.763265][T18002] name failslab, interval 1, probability 0, space 0, times 0 [ 795.763288][T18002] CPU: 0 UID: 0 PID: 18002 Comm: syz.3.4365 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 795.763304][T18002] Tainted: [L]=SOFTLOCKUP [ 795.763307][T18002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 795.763314][T18002] Call Trace: [ 795.763319][T18002] [ 795.763324][T18002] dump_stack_lvl+0xe8/0x150 [ 795.763341][T18002] should_fail_ex+0x46b/0x600 [ 795.763360][T18002] should_failslab+0xa8/0x100 [ 795.763376][T18002] __kmalloc_noprof+0xdf/0x7b0 [ 795.763389][T18002] ? memcg_list_lru_alloc+0x286/0x870 [ 795.763412][T18002] memcg_list_lru_alloc+0x286/0x870 [ 795.763426][T18002] ? bdev_file_open_by_dev+0x181/0x240 [ 795.763442][T18002] ? disk_scan_partitions+0x1c1/0x2c0 [ 795.763488][T18002] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 795.763508][T18002] ? __memcg_slab_post_alloc_hook+0x204/0xf70 [ 795.763522][T18002] __memcg_slab_post_alloc_hook+0x3bb/0xf70 [ 795.763536][T18002] ? __memcg_slab_post_alloc_hook+0x204/0xf70 [ 795.763554][T18002] kmem_cache_alloc_lru_noprof+0x3f6/0x680 [ 795.763567][T18002] ? __d_alloc+0x37/0x6f0 [ 795.763582][T18002] __d_alloc+0x37/0x6f0 [ 795.763598][T18002] d_alloc_pseudo+0x21/0xc0 [ 795.763612][T18002] alloc_file_pseudo_noaccount+0xdd/0x310 [ 795.763626][T18002] ? __pfx_alloc_file_pseudo_noaccount+0x10/0x10 [ 795.763640][T18002] ? ilookup+0x169/0x1c0 [ 795.763657][T18002] bdev_file_open_by_dev+0x181/0x240 [ 795.763673][T18002] disk_scan_partitions+0x1c1/0x2c0 [ 795.763687][T18002] blkdev_common_ioctl+0x1ce4/0x3240 [ 795.763701][T18002] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 795.763712][T18002] ? kasan_quarantine_put+0xbb/0x1f0 [ 795.763727][T18002] ? tomoyo_path_number_perm+0x219/0x630 [ 795.763745][T18002] ? tomoyo_path_number_perm+0x219/0x630 [ 795.763761][T18002] ? do_vfs_ioctl+0x117b/0x1540 [ 795.763777][T18002] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 795.763809][T18002] blkdev_ioctl+0x52b/0x750 [ 795.763821][T18002] ? __pfx_blkdev_ioctl+0x10/0x10 [ 795.763830][T18002] ? __fget_files+0x2a/0x420 [ 795.763844][T18002] ? bpf_lsm_file_ioctl+0x9/0x20 [ 795.763858][T18002] ? __pfx_blkdev_ioctl+0x10/0x10 [ 795.763869][T18002] __se_sys_ioctl+0xff/0x170 [ 795.763883][T18002] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.763906][T18002] do_syscall_64+0x174/0x580 [ 795.763922][T18002] ? trace_irq_disable+0x3b/0x140 [ 795.763936][T18002] ? clear_bhb_loop+0x40/0x90 [ 795.763956][T18002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.763974][T18002] RIP: 0033:0x7f217a94ce59 [ 795.763991][T18002] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.764006][T18002] RSP: 002b:00007f2178b9e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 795.764026][T18002] RAX: ffffffffffffffda RBX: 00007f217abc5fa0 RCX: 00007f217a94ce59 [ 795.764038][T18002] RDX: 0000000000000000 RSI: 000000000000125f RDI: 0000000000000005 [ 795.764050][T18002] RBP: 00007f2178b9e090 R08: 0000000000000000 R09: 0000000000000000 [ 795.764062][T18002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 795.764077][T18002] R13: 00007f217abc6038 R14: 00007f217abc5fa0 R15: 00007ffc87a21238 [ 795.764102][T18002] [ 796.114003][T18010] FAULT_INJECTION: forcing a failure. [ 796.114003][T18010] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 796.114038][T18010] CPU: 0 UID: 0 PID: 18010 Comm: syz.6.4369 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 796.114065][T18010] Tainted: [L]=SOFTLOCKUP [ 796.114075][T18010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 796.114086][T18010] Call Trace: [ 796.114092][T18010] [ 796.114100][T18010] dump_stack_lvl+0xe8/0x150 [ 796.114129][T18010] should_fail_ex+0x46b/0x600 [ 796.114161][T18010] _copy_from_user+0x2d/0xb0 [ 796.114183][T18010] kvm_vm_ioctl+0x85a/0xd50 [ 796.114207][T18010] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 796.114245][T18010] ? kasan_quarantine_put+0xbb/0x1f0 [ 796.114274][T18010] ? tomoyo_path_number_perm+0x219/0x630 [ 796.114310][T18010] ? do_vfs_ioctl+0x117b/0x1540 [ 796.114339][T18010] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 796.114394][T18010] ? __fget_files+0x2a/0x420 [ 796.114419][T18010] ? __fget_files+0x2a/0x420 [ 796.114438][T18010] ? __fget_files+0x3a6/0x420 [ 796.114458][T18010] ? __fget_files+0x2a/0x420 [ 796.114482][T18010] ? bpf_lsm_file_ioctl+0x9/0x20 [ 796.114510][T18010] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 796.114533][T18010] __se_sys_ioctl+0xff/0x170 [ 796.114559][T18010] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.114579][T18010] do_syscall_64+0x174/0x580 [ 796.114605][T18010] ? trace_irq_disable+0x3b/0x140 [ 796.114627][T18010] ? clear_bhb_loop+0x40/0x90 [ 796.114649][T18010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.114668][T18010] RIP: 0033:0x7f19fc4cce59 [ 796.114685][T18010] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 796.114702][T18010] RSP: 002b:00007f19fa71e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 796.114723][T18010] RAX: ffffffffffffffda RBX: 00007f19fc745fa0 RCX: 00007f19fc4cce59 [ 796.114738][T18010] RDX: 0000200000000000 RSI: 000000004010ae42 RDI: 0000000000000004 [ 796.114749][T18010] RBP: 00007f19fa71e090 R08: 0000000000000000 R09: 0000000000000000 [ 796.114761][T18010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 796.114772][T18010] R13: 00007f19fc746038 R14: 00007f19fc745fa0 R15: 00007ffff8ff9698 [ 796.114800][T18010] [ 796.184240][ T38] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 796.344565][ T38] usb 4-1: Using ep0 maxpacket: 32 [ 796.347012][ T38] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 796.347038][ T38] usb 4-1: config 0 has no interfaces? [ 796.350203][ T38] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 796.350231][ T38] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 796.350250][ T38] usb 4-1: Product: syz [ 796.350265][ T38] usb 4-1: Manufacturer: syz [ 796.350279][ T38] usb 4-1: SerialNumber: syz [ 796.362409][ T38] usb 4-1: config 0 descriptor?? [ 796.626765][ T5619] usb 4-1: USB disconnect, device number 46 [ 796.685319][ T38] usb 6-1: new high-speed USB device number 124 using dummy_hcd [ 796.774315][T11726] usb 7-1: new high-speed USB device number 57 using dummy_hcd [ 796.835996][ T38] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 796.836030][ T38] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 796.837430][ T38] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 796.837451][ T38] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 796.837462][ T38] usb 6-1: Manufacturer: syz [ 796.842196][ T38] usb 6-1: config 0 descriptor?? [ 796.964218][T11726] usb 7-1: Using ep0 maxpacket: 16 [ 796.966677][T11726] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 796.966709][T11726] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 796.966732][T11726] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 796.966782][T11726] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 796.966813][T11726] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 796.972337][T11726] usb 7-1: config 0 descriptor?? [ 797.202493][T18019] cgroup: No subsys list or none specified [ 797.440013][T11726] shield 0003:0955:7214.004A: collection stack underflow [ 797.440048][T11726] shield 0003:0955:7214.004A: item 0 2 0 12 parsing failed [ 797.457095][T11726] shield 0003:0955:7214.004A: Parse failed [ 797.457171][T11726] shield 0003:0955:7214.004A: probe with driver shield failed with error -22 [ 797.630774][ T5766] usb 7-1: USB disconnect, device number 57 [ 797.662701][ T38] uclogic 0003:256C:006D.0049: failed retrieving string descriptor #200: -71 [ 797.662762][ T38] uclogic 0003:256C:006D.0049: failed retrieving pen parameters: -71 [ 797.662779][ T38] uclogic 0003:256C:006D.0049: failed probing pen v2 parameters: -71 [ 797.662830][ T38] uclogic 0003:256C:006D.0049: failed probing parameters: -71 [ 797.662941][ T38] uclogic 0003:256C:006D.0049: probe with driver uclogic failed with error -71 [ 797.681863][ T38] usb 6-1: USB disconnect, device number 124 [ 797.774550][T11726] usb 1-1: new full-speed USB device number 65 using dummy_hcd [ 797.949757][T11726] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 797.949792][T11726] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 797.949823][T11726] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 797.949835][T11726] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.952610][T11726] usb 1-1: config 0 descriptor?? [ 798.004291][ T32] usb 4-1: new low-speed USB device number 47 using dummy_hcd [ 798.157217][T11726] ath6kl: Failed to submit usb control message: -71 [ 798.157258][T11726] ath6kl: unable to send the bmi data to the device: -71 [ 798.157270][T11726] ath6kl: Unable to send get target info: -71 [ 798.220898][ T32] usb 4-1: config 0 has no interfaces? [ 798.220923][ T32] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 798.220936][ T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 798.222533][T11726] ath6kl: Failed to init ath6kl core: -71 [ 798.223944][T11726] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 798.296223][T11726] usb 1-1: USB disconnect, device number 65 [ 798.359453][ T32] usb 4-1: config 0 descriptor?? [ 798.561601][T18041] netlink: 628 bytes leftover after parsing attributes in process `syz.5.4381'. [ 798.567699][ T5766] usb 4-1: USB disconnect, device number 47 [ 798.896199][T11726] usb 6-1: new high-speed USB device number 125 using dummy_hcd [ 798.938513][T18045] netlink: 'syz.0.4383': attribute type 28 has an invalid length. [ 799.054453][T11726] usb 6-1: Using ep0 maxpacket: 32 [ 799.057374][T11726] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 799.057398][T11726] usb 6-1: config 0 has no interfaces? [ 799.060104][T11726] usb 6-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 799.060131][T11726] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 799.060151][T11726] usb 6-1: Product: syz [ 799.060165][T11726] usb 6-1: Manufacturer: syz [ 799.060180][T11726] usb 6-1: SerialNumber: syz [ 799.067854][T11726] usb 6-1: config 0 descriptor?? [ 799.348504][T11726] usb 6-1: USB disconnect, device number 125 [ 799.381954][T18055] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4384'. [ 799.684272][T11725] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 799.803576][T18066] FAULT_INJECTION: forcing a failure. [ 799.803576][T18066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 799.803599][T18066] CPU: 1 UID: 0 PID: 18066 Comm: syz.3.4389 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 799.803615][T18066] Tainted: [L]=SOFTLOCKUP [ 799.803619][T18066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 799.803626][T18066] Call Trace: [ 799.803631][T18066] [ 799.803636][T18066] dump_stack_lvl+0xe8/0x150 [ 799.803654][T18066] should_fail_ex+0x46b/0x600 [ 799.803673][T18066] _copy_to_user+0x31/0xb0 [ 799.803687][T18066] simple_read_from_buffer+0xe1/0x170 [ 799.803703][T18066] proc_fail_nth_read+0x1be/0x230 [ 799.803718][T18066] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 799.803732][T18066] ? rw_verify_area+0x2ac/0x4e0 [ 799.803746][T18066] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 799.803759][T18066] vfs_read+0x212/0xa80 [ 799.803777][T18066] ? __pfx_vfs_read+0x10/0x10 [ 799.803791][T18066] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 799.803808][T18066] ? lockdep_hardirqs_on+0x7a/0x110 [ 799.803824][T18066] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 799.803838][T18066] ? mutex_lock_nested+0x152/0x1d0 [ 799.803850][T18066] ? fdget_pos+0x252/0x320 [ 799.803867][T18066] ksys_read+0x156/0x270 [ 799.803882][T18066] ? __pfx_ksys_read+0x10/0x10 [ 799.803899][T18066] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.803911][T18066] do_syscall_64+0x174/0x580 [ 799.803926][T18066] ? trace_irq_disable+0x3b/0x140 [ 799.803938][T18066] ? clear_bhb_loop+0x40/0x90 [ 799.803951][T18066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.803962][T18066] RIP: 0033:0x7f217a90d68e [ 799.803972][T18066] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 799.803981][T18066] RSP: 002b:00007f2178b9dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 799.803993][T18066] RAX: ffffffffffffffda RBX: 00007f2178b9e6c0 RCX: 00007f217a90d68e [ 799.804000][T18066] RDX: 000000000000000f RSI: 00007f2178b9e0a0 RDI: 0000000000000004 [ 799.804007][T18066] RBP: 00007f2178b9e090 R08: 0000000000000000 R09: 0000000000000000 [ 799.804014][T18066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 799.804020][T18066] R13: 00007f217abc6038 R14: 00007f217abc5fa0 R15: 00007ffc87a21238 [ 799.804036][T18066] [ 799.844321][T11725] usb 1-1: Using ep0 maxpacket: 8 [ 799.904263][ T5766] usb 7-1: new high-speed USB device number 58 using dummy_hcd [ 799.992865][T11725] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0201, bcdDevice= 0.40 [ 799.992897][T11725] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 799.992916][T11725] usb 1-1: Product: syz [ 799.992931][T11725] usb 1-1: Manufacturer: syz [ 799.992945][T11725] usb 1-1: SerialNumber: syz [ 800.093093][ T5766] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 800.093128][ T5766] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 800.117902][ T5766] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 800.117935][ T5766] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 800.117956][ T5766] usb 7-1: Manufacturer: syz [ 800.149599][ T5766] usb 7-1: config 0 descriptor?? [ 800.189678][T18069] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4390'. [ 800.239358][T11725] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 800.240012][T11725] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 800.338123][T11725] usb 1-1: USB disconnect, device number 66 [ 800.414660][ T60] Bluetooth: hci2: command 0x0406 tx timeout [ 800.598031][ T5766] usbhid 7-1:0.0: can't add hid device: -71 [ 800.598255][ T5766] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 800.731679][ T5766] usb 7-1: USB disconnect, device number 58 [ 800.944235][T11726] usb 4-1: new low-speed USB device number 48 using dummy_hcd [ 801.117516][T11726] usb 4-1: config 0 has no interfaces? [ 801.117554][T11726] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 801.117579][T11726] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 801.131050][T11726] usb 4-1: config 0 descriptor?? [ 801.242159][T18084] fuse: Unknown parameter 'rootm d e' [ 801.363922][ T5766] usb 4-1: USB disconnect, device number 48 [ 802.067346][T18099] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4400'. [ 802.174831][T11726] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 802.266848][T18106] netlink: 204 bytes leftover after parsing attributes in process `syz.3.4401'. [ 802.324269][T11726] usb 1-1: Using ep0 maxpacket: 32 [ 802.328084][T11726] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 802.328109][T11726] usb 1-1: config 0 has no interfaces? [ 802.331016][T11726] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 802.331044][T11726] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 802.331064][T11726] usb 1-1: Product: syz [ 802.331078][T11726] usb 1-1: Manufacturer: syz [ 802.331093][T11726] usb 1-1: SerialNumber: syz [ 802.342740][T11726] usb 1-1: config 0 descriptor?? [ 802.534334][ T5867] usb 7-1: new high-speed USB device number 59 using dummy_hcd [ 802.565728][ T32] usb 1-1: USB disconnect, device number 67 [ 802.691098][ T5867] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 802.691132][ T5867] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 802.705814][ T5867] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 802.705832][ T5867] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 802.705844][ T5867] usb 7-1: Manufacturer: syz [ 802.742756][ T5867] usb 7-1: config 0 descriptor?? [ 803.064370][ T32] usb 6-1: new high-speed USB device number 126 using dummy_hcd [ 803.156415][ T5867] usbhid 7-1:0.0: can't add hid device: -71 [ 803.156530][ T5867] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 803.163950][ T5867] usb 7-1: USB disconnect, device number 59 [ 803.217392][ T32] usb 6-1: config 1 has an invalid interface number: 188 but max is 0 [ 803.217421][ T32] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 803.217440][ T32] usb 6-1: config 1 has no interface number 0 [ 803.217481][ T32] usb 6-1: config 1 interface 188 altsetting 209 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 803.217511][ T32] usb 6-1: config 1 interface 188 has no altsetting 0 [ 803.219649][ T32] usb 6-1: New USB device found, idVendor=2040, idProduct=7210, bcdDevice=5b.6b [ 803.219676][ T32] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 803.219697][ T32] usb 6-1: Product: syz [ 803.219711][ T32] usb 6-1: Manufacturer: syz [ 803.219725][ T32] usb 6-1: SerialNumber: syz [ 803.482359][ T32] usb 6-1: unknown interface protocol 0xc1, assuming v1 [ 803.482385][ T32] usb 6-1: skipping empty audio interface (v1) [ 803.536853][ T32] snd-usb-audio 6-1:1.188: probe with driver snd-usb-audio failed with error -22 [ 803.549488][ T32] usb 6-1: USB disconnect, device number 126 [ 803.572474][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.188/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 803.644222][T11725] usb 1-1: new low-speed USB device number 68 using dummy_hcd [ 803.818314][T11725] usb 1-1: config 0 has no interfaces? [ 803.818352][T11725] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 803.818375][T11725] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 803.821609][T18118] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4409'. [ 803.824363][T11725] usb 1-1: config 0 descriptor?? [ 804.032557][ T5867] usb 1-1: USB disconnect, device number 68 [ 804.049285][T18122] FAULT_INJECTION: forcing a failure. [ 804.049285][T18122] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 804.049320][T18122] CPU: 1 UID: 0 PID: 18122 Comm: syz.5.4411 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 804.049347][T18122] Tainted: [L]=SOFTLOCKUP [ 804.049355][T18122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 804.049367][T18122] Call Trace: [ 804.049375][T18122] [ 804.049383][T18122] dump_stack_lvl+0xe8/0x150 [ 804.049411][T18122] should_fail_ex+0x46b/0x600 [ 804.049444][T18122] _copy_from_iter+0x1d3/0x1670 [ 804.049472][T18122] ? trace_kmem_cache_alloc+0x29/0xe0 [ 804.049494][T18122] ? __alloc_skb+0x27d/0x7d0 [ 804.049522][T18122] ? __pfx__copy_from_iter+0x10/0x10 [ 804.049540][T18122] ? kmem_cache_alloc_node_noprof+0x27c/0x6e0 [ 804.049562][T18122] ? __alloc_skb+0x27d/0x7d0 [ 804.049590][T18122] ? netlink_sendmsg+0x650/0xb40 [ 804.049607][T18122] ? skb_put+0x11b/0x210 [ 804.049634][T18122] netlink_sendmsg+0x6c0/0xb40 [ 804.049661][T18122] ? __pfx_netlink_sendmsg+0x10/0x10 [ 804.049682][T18122] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 804.049708][T18122] ? aa_sock_msg_perm+0x122/0x200 [ 804.049731][T18122] ? __pfx_netlink_sendmsg+0x10/0x10 [ 804.049748][T18122] sock_sendmsg_nosec+0x13a/0x180 [ 804.049773][T18122] ____sys_sendmsg+0x55c/0x870 [ 804.049807][T18122] ? __pfx_____sys_sendmsg+0x10/0x10 [ 804.049844][T18122] ? import_iovec+0x73/0xa0 [ 804.049869][T18122] ___sys_sendmsg+0x2a5/0x360 [ 804.049895][T18122] ? __lock_acquire+0x6b5/0x2d10 [ 804.049922][T18122] ? __pfx____sys_sendmsg+0x10/0x10 [ 804.049981][T18122] ? __fget_files+0x2a/0x420 [ 804.050003][T18122] ? __fget_files+0x3a6/0x420 [ 804.050034][T18122] __x64_sys_sendmsg+0x1c3/0x2a0 [ 804.050066][T18122] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 804.050103][T18122] ? __pfx_ksys_write+0x10/0x10 [ 804.050138][T18122] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.050159][T18122] do_syscall_64+0x174/0x580 [ 804.050187][T18122] ? trace_irq_disable+0x3b/0x140 [ 804.050209][T18122] ? clear_bhb_loop+0x40/0x90 [ 804.050232][T18122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.050250][T18122] RIP: 0033:0x7f4181e7ce59 [ 804.050276][T18122] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 804.050293][T18122] RSP: 002b:00007f41800d6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 804.050313][T18122] RAX: ffffffffffffffda RBX: 00007f41820f5fa0 RCX: 00007f4181e7ce59 [ 804.050327][T18122] RDX: 0000000024040840 RSI: 00002000000001c0 RDI: 0000000000000003 [ 804.050340][T18122] RBP: 00007f41800d6090 R08: 0000000000000000 R09: 0000000000000000 [ 804.050352][T18122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 804.050364][T18122] R13: 00007f41820f6038 R14: 00007f41820f5fa0 R15: 00007ffe14db3f88 [ 804.050394][T18122] [ 804.154375][ T58] block nbd0: Possible stuck request ffff888027fb5080: control (read@0,1024B). Runtime 420 seconds [ 804.154414][ T58] block nbd0: Possible stuck request ffff888027fb5240: control (read@1024,1024B). Runtime 420 seconds [ 804.154439][ T58] block nbd0: Possible stuck request ffff888027fb5400: control (read@2048,1024B). Runtime 420 seconds [ 804.154463][ T58] block nbd0: Possible stuck request ffff888027fb55c0: control (read@3072,1024B). Runtime 420 seconds [ 804.164171][T11725] usb 7-1: new high-speed USB device number 60 using dummy_hcd [ 804.364458][T11725] usb 7-1: Using ep0 maxpacket: 32 [ 804.400718][T11725] usb 7-1: config 0 has an invalid interface number: 99 but max is 0 [ 804.400746][T11725] usb 7-1: config 0 has no interface number 0 [ 804.403024][T11725] usb 7-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 804.403053][T11725] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 804.403073][T11725] usb 7-1: Product: syz [ 804.403084][T11725] usb 7-1: Manufacturer: syz [ 804.403092][T11725] usb 7-1: SerialNumber: syz [ 804.434269][ T5867] usb 6-1: new high-speed USB device number 127 using dummy_hcd [ 804.461071][T11725] usb 7-1: config 0 descriptor?? [ 804.586721][ T5867] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 804.586775][ T5867] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 804.586799][ T5867] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 804.586820][ T5867] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 804.588047][ T5867] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 804.588074][ T5867] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 804.588096][ T5867] usb 6-1: Manufacturer: syz [ 804.601869][ T5867] usb 6-1: config 0 descriptor?? [ 804.691040][T11725] RobotFuzz Open Source InterFace, OSIF 7-1:0.99: version d4.15 found at bus 007 address 060 [ 804.844558][T17166] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 804.875971][T11725] usb 7-1: USB disconnect, device number 60 [ 805.006237][T17166] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 805.006271][T17166] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 805.007408][T17166] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 805.007436][T17166] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 805.007457][T17166] usb 1-1: Manufacturer: syz [ 805.012382][T17166] usb 1-1: config 0 descriptor?? [ 805.212738][ T5867] usbhid 6-1:0.0: can't add hid device: -71 [ 805.212854][ T5867] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 805.239546][ T5867] usb 6-1: USB disconnect, device number 127 [ 805.794461][ T5867] usb 7-1: new high-speed USB device number 61 using dummy_hcd [ 805.801583][T18133] kvm: pic: level sensitive irq not supported [ 805.801974][T18133] kvm: pic: non byte write [ 805.802733][T18133] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4416'. [ 805.802751][T18133] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4416'. [ 805.802843][T18133] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4416'. [ 805.855625][T17166] input: syz Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.004B/input/input152 [ 805.865761][T17166] input: syz Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.004B/input/input153 [ 805.886380][T17166] input: syz Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.004B/input/input154 [ 805.901862][T17166] input: syz Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.004B/input/input155 [ 805.912489][T17166] uclogic 0003:256C:006D.004B: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.0-1/input0 [ 805.975064][ T5867] usb 7-1: Using ep0 maxpacket: 32 [ 805.981257][ T5867] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 805.981284][ T5867] usb 7-1: config 0 has no interfaces? [ 806.008136][ T5867] usb 7-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 806.008165][ T5867] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.008184][ T5867] usb 7-1: Product: syz [ 806.008198][ T5867] usb 7-1: Manufacturer: syz [ 806.008215][ T5867] usb 7-1: SerialNumber: syz [ 806.024213][ T32] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 806.110627][ T5867] usb 7-1: config 0 descriptor?? [ 806.140134][T11725] usb 1-1: USB disconnect, device number 69 [ 806.182400][ T32] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 806.182436][ T32] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 806.202193][ T32] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 806.202222][ T32] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 806.202243][ T32] usb 6-1: Manufacturer: syz [ 806.272100][ T32] usb 6-1: config 0 descriptor?? [ 806.279509][T18139] fido_id[18139]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 806.386794][T17166] usb 7-1: USB disconnect, device number 61 [ 806.438316][T18141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4418'. [ 806.684973][ T32] usbhid 6-1:0.0: can't add hid device: -71 [ 806.685103][ T32] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 806.711288][ T32] usb 6-1: USB disconnect, device number 2 [ 806.744454][T11726] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 806.909198][T11726] usb 4-1: config 1 has an invalid interface number: 188 but max is 0 [ 806.909226][T11726] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 806.909246][T11726] usb 4-1: config 1 has no interface number 0 [ 806.909280][T11726] usb 4-1: config 1 interface 188 altsetting 209 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 806.909295][T11726] usb 4-1: config 1 interface 188 has no altsetting 0 [ 806.939306][T11726] usb 4-1: New USB device found, idVendor=2040, idProduct=7210, bcdDevice=5b.6b [ 806.939336][T11726] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.939356][T11726] usb 4-1: Product: syz [ 806.939371][T11726] usb 4-1: Manufacturer: syz [ 806.939385][T11726] usb 4-1: SerialNumber: syz [ 807.206455][T11726] usb 4-1: unknown interface protocol 0xc1, assuming v1 [ 807.206480][T11726] usb 4-1: skipping empty audio interface (v1) [ 807.397629][T11726] snd-usb-audio 4-1:1.188: probe with driver snd-usb-audio failed with error -22 [ 807.410421][T11726] usb 4-1: USB disconnect, device number 49 [ 807.452579][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.188/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 807.584278][T17166] usb 7-1: new low-speed USB device number 62 using dummy_hcd [ 807.788166][T17166] usb 7-1: config 0 has no interfaces? [ 807.788205][T17166] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 807.788231][T17166] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 807.796904][T17166] usb 7-1: config 0 descriptor?? [ 807.996485][T18163] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4427'. [ 808.023126][T11726] usb 7-1: USB disconnect, device number 62 [ 808.133782][T18167] C: renamed from veth1_to_team (while UP) [ 808.134333][T17166] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 808.165553][T18167] netlink: 'syz.5.4426': attribute type 1 has an invalid length. [ 808.165591][T18167] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 808.284311][ T32] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 808.296287][T17166] usb 1-1: Using ep0 maxpacket: 32 [ 808.301217][T17166] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 808.301251][T17166] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 808.301276][T17166] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 808.301299][T17166] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 808.301325][T17166] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 808.303980][T17166] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 808.304008][T17166] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 808.304029][T17166] usb 1-1: Product: syz [ 808.304042][T17166] usb 1-1: Manufacturer: syz [ 808.304057][T17166] usb 1-1: SerialNumber: syz [ 808.313767][T17166] usb 1-1: config 0 descriptor?? [ 808.474193][ T32] usb 4-1: Using ep0 maxpacket: 16 [ 808.476164][ T32] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 808.476195][ T32] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 808.476218][ T32] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 808.476261][ T32] usb 4-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 808.476284][ T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 808.480998][ T32] usb 4-1: config 0 descriptor?? [ 808.548034][ T5766] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 808.581117][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.590801][ T39] INFO: task syz.4.3509:15877 blocked for more than 143 seconds. [ 808.590828][ T39] Tainted: G L syzkaller #0 [ 808.590891][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 808.590901][ T39] task:syz.4.3509 state:D stack:27104 pid:15877 tgid:15876 ppid:11534 task_flags:0x400040 flags:0x00080002 [ 808.590960][ T39] Call Trace: [ 808.590968][ T39] [ 808.590980][ T39] __schedule+0x16f9/0x5500 [ 808.591084][ T39] ? irqentry_exit+0x218/0x8b0 [ 808.591114][ T39] ? trace_irq_disable+0x3b/0x140 [ 808.591140][ T39] ? __pfx___schedule+0x10/0x10 [ 808.591212][ T39] ? rt_mutex_slowlock_block+0x2e9/0x680 [ 808.591251][ T39] rt_mutex_schedule+0x76/0xf0 [ 808.591280][ T39] rt_mutex_slowlock_block+0x508/0x680 [ 808.591314][ T39] ? rt_mutex_slowlock_block+0x2e9/0x680 [ 808.591388][ T39] rt_mutex_slowlock+0x2dc/0x780 [ 808.591415][ T39] ? rt_mutex_slowlock+0x1fd/0x780 [ 808.591440][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 808.591479][ T39] ? sync_bdevs+0x27e/0x470 [ 808.591562][ T39] ? sync_bdevs+0x27e/0x470 [ 808.591596][ T39] ? sync_bdevs+0x27e/0x470 [ 808.591622][ T39] mutex_lock_nested+0x168/0x1d0 [ 808.591651][ T39] sync_bdevs+0x27e/0x470 [ 808.591731][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 808.591755][ T39] __ia32_sys_sync+0xc5/0x120 [ 808.591783][ T39] ? __pfx___ia32_sys_sync+0x10/0x10 [ 808.591814][ T39] ? do_syscall_64+0x9d/0x580 [ 808.591895][ T39] do_syscall_64+0x174/0x580 [ 808.591924][ T39] ? trace_irq_disable+0x3b/0x140 [ 808.591945][ T39] ? clear_bhb_loop+0x40/0x90 [ 808.591969][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 808.591989][ T39] RIP: 0033:0x7f3309ecce59 [ 808.592056][ T39] RSP: 002b:00007f330811e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 [ 808.592078][ T39] RAX: ffffffffffffffda RBX: 00007f330a145fa0 RCX: 00007f3309ecce59 [ 808.592093][ T39] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 808.592105][ T39] RBP: 00007f330a145fa0 R08: 0000000000000000 R09: 0000000000000000 [ 808.592119][ T39] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 808.592130][ T39] R13: 00007f330a146038 R14: 00007f330a145fa0 R15: 00007ffecdabecf8 [ 808.592214][ T39] [ 808.592251][ T39] [ 808.592251][ T39] Showing all locks held in the system: [ 808.592260][ T39] 4 locks held by pr/legacy/17: [ 808.592272][ T39] #0: ffffffff8e1bccc0 (console_lock){+.+.}-{0:0}, at: legacy_kthread_func+0x1a3/0x250 [ 808.592374][ T39] #1: ffffffff8e0a45b8 (console_srcu){....}-{0:0}, at: console_flush_one_record+0xfa/0xb90 [ 808.592422][ T39] #2: ffffffff99e10018 (&port_lock_key){+.+.}-{3:3}, at: serial8250_console_write+0x178/0x1b50 [ 808.593616][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.600820][ T39] #3: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 808.601023][ T39] 5 locks held by ktimers/1/30: [ 808.601037][ T39] #0: ffff8880b873b8a0 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 [ 808.601145][ T39] #1: ffff8880b8724500 (psi_seq){-...}-{0:0}, at: __local_bh_disable_ip+0x3c/0x420 [ 808.601247][ T39] #2: ffff8880b8728478 (_T->lock){....}-{2:2}, at: rt_mutex_slowunlock+0xbf/0x8b0 [ 808.601295][ T39] #3: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 808.601342][ T39] #4: ffff8880b8728418 (hrtimer_bases.lock){-...}-{2:2}, at: __hrtimer_run_queues+0x4b1/0xb10 [ 808.608164][ T39] 5 locks held by kworker/1:0/32: [ 808.608178][ T39] #0: ffff88801af28538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 808.608284][ T39] #1: ffffc90000a6fc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 808.608337][ T39] #2: ffff88802a8d6210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60 [ 808.608518][ T39] #3: ffff888027536210 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 808.608620][ T39] #4: ffff88806750b1d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 808.608670][ T39] 5 locks held by kworker/1:1/38: [ 808.609735][ T39] #0: ffff88823bf0cf38 ((wq_completion)mm_percpu_wq){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 808.610694][ T39] #1: ffffc90000af7c40 ((work_completion)(work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 808.610751][ T39] #2: ffff8880b8733e28 ((lock)#2){+.+.}-{3:3}, at: lru_add_drain_per_cpu+0x136/0x400 [ 808.612607][ T39] #3: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 808.612655][ T39] #4: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 808.615277][ T39] 1 lock held by khungtaskd/39: [ 808.615666][ T39] #0: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 808.617803][ T39] 9 locks held by aoe_tx0/1337: [ 808.617818][ T39] #0: ffffffff8e0613c0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 808.617873][ T39] #1: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: psi_task_switch+0x53/0x880 [ 808.622055][ T39] #2: ffffffff99e412d8 (_T->lock){....}-{2:2}, at: rt_mutex_slowunlock+0xbf/0x8b0 [ 808.623598][ T39] #3: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 808.623702][ T39] #4: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 808.623749][ T39] #5: ffff88805ac9e558 (_T->lock){....}-{2:2}, at: rt_mutex_slowunlock+0xbf/0x8b0 [ 808.623846][ T39] #6: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 808.623889][ T39] #7: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: nsim_start_xmit+0xbb/0xd50 [ 808.623991][ T39] #8: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 808.624787][ T39] 2 locks held by getty/5371: [ 808.624802][ T39] #0: ffff888036db40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 808.624906][ T39] #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 [ 808.624959][ T39] 7 locks held by syz-executor/5600: [ 808.624971][ T39] #0: ffff88802be961d8 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x21/0x50 [ 808.628798][ T39] #1: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: __ip_queue_xmit+0x5c/0x1bb0 [ 808.629404][ T39] #2: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: ip_output+0x5b/0x450 [ 808.629465][ T39] #3: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: ip_finish_output2+0x3c2/0x10b0 [ 808.630911][ T39] #4: ffffffff8e0613c0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 808.631981][ T39] #5: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 808.632041][ T39] #6: ffffffff8e1cacc0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2b3/0x3900 [ 808.633165][ T39] 6 locks held by kworker/1:5/5766: [ 808.633180][ T39] #0: ffff88801af28538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 808.633606][ T39] #1: ffffc90005117c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 808.633671][ T39] #2: ffff88802a9de210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60 [ 808.635369][ T39] #3: ffff88802aa3a658 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b0/0x4f60 [ 808.635416][ T39] #4: ffff88802a8c4258 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e0/0x4f60 [ 808.636661][ T39] #5: ffffffff8ee53c20 (ehci_cf_port_reset_rwsem){.+.+}-{4:4}, at: hub_port_reset+0x14e/0x1820 [ 808.636710][ T39] 5 locks held by kworker/u8:20/5813: [ 808.636721][ T39] #0: ffff88813fe54138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 808.642119][ T39] #1: ffffc900051f7c40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 808.642225][ T39] #2: ffff88805b1aa310 (&devlink->lock_key#8){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0 [ 808.642290][ T39] #3: ffff88805a599120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0 [ 808.642385][ T39] #4: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 808.650063][ T39] 7 locks held by kworker/u8:56/6822: [ 808.650214][ T39] #0: ffff88813fe54138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 808.650323][ T39] #1: ffffc900061ffc40 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 808.650374][ T39] #2: ffffffff8e059d50 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_disable+0x12/0x20 [ 808.650667][ T39] #3: ffffffff8e29f878 (jump_label_mutex){+.+.}-{4:4}, at: static_key_disable_cpuslocked+0x8d/0x1a0 [ 808.650782][ T39] #4: ffffffff8e070458 (text_mutex){+.+.}-{4:4}, at: arch_jump_label_transform_apply+0x17/0x30 [ 808.650832][ T39] #5: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x29/0x200 [ 808.650878][ T39] #6: ffff88813fe4cc58 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: pte_offset_map_lock+0x13d/0x210 [ 808.650989][ T39] 4 locks held by udevd/10157: [ 808.651000][ T39] #0: ffff88802646c838 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb8/0xe20 [ 808.651117][ T39] #1: ffff88805c8b6078 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420 [ 808.651177][ T39] #2: ffff88801d32c5a8 (kn->active#26){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x420 [ 808.651282][ T39] #3: ffff88803ddb6210 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 [ 808.651461][ T39] 1 lock held by udevd/10158: [ 808.651473][ T39] #0: ffff888027ea84c8 (&disk->open_mutex#5){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0 [ 808.651539][ T39] 1 lock held by syz.4.3509/15877: [ 808.651551][ T39] #0: ffff888027ea84c8 (&disk->open_mutex#5){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470 [ 808.651697][ T39] 2 locks held by syz-executor/16087: [ 808.651709][ T39] #0: ffffffff8e311470 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 808.652449][ T39] #1: ffff8880b863b8a0 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 [ 808.652506][ T39] 5 locks held by kworker/0:2/17166: [ 808.653700][ T39] #0: ffff88801af28538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 808.653760][ T39] #1: ffffc9000738fc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 808.653878][ T39] #2: ffff88802a7f4210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60 [ 808.653935][ T39] #3: ffff88803ddb6210 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 808.660234][ T39] #4: ffff88805cf801d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 808.660340][ T39] 1 lock held by syz.0.4425/18161: [ 808.660352][ T39] #0: ffffffff8e2ad938 (lock#3){+.+.}-{4:4}, at: __lru_add_drain_all+0x6b/0x5e0 [ 808.660413][ T39] [ 808.660467][ T39] ============================================= [ 808.660467][ T39] [ 808.660491][ T39] NMI backtrace for cpu 0 [ 808.660509][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 808.660535][ T39] Tainted: [L]=SOFTLOCKUP [ 808.660543][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 808.660554][ T39] Call Trace: [ 808.660563][ T39] [ 808.660571][ T39] dump_stack_lvl+0xe8/0x150 [ 808.660599][ T39] nmi_cpu_backtrace+0x274/0x2d0 [ 808.660694][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 808.660729][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x380 [ 808.660756][ T39] sys_info+0x135/0x170 [ 808.660777][ T39] watchdog+0xfd3/0x1030 [ 808.660811][ T39] ? watchdog+0x1c9/0x1030 [ 808.660836][ T39] kthread+0x388/0x470 [ 808.660858][ T39] ? __pfx_watchdog+0x10/0x10 [ 808.660876][ T39] ? __pfx_kthread+0x10/0x10 [ 808.660898][ T39] ret_from_fork+0x514/0xb70 [ 808.660924][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 808.660947][ T39] ? __switch_to+0xc79/0x1410 [ 808.660968][ T39] ? __pfx_kthread+0x10/0x10 [ 808.660990][ T39] ret_from_fork_asm+0x1a/0x30 [ 808.661028][ T39] [ 808.661065][ T39] Sending NMI from CPU 0 to CPUs 1: [ 808.661095][ C1] NMI backtrace for cpu 1 [ 808.661111][ C1] CPU: 1 UID: 0 PID: 30 Comm: ktimers/1 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 808.661134][ C1] Tainted: [L]=SOFTLOCKUP [ 808.661140][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 808.661149][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x80 [ 808.661168][ C1] Code: 8b 3d b4 d5 db 0b 48 89 de 5b e9 83 47 5f 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0d 58 85 d4 10 65 8b 35 79 85 d4 10 81 e6 00 00 ff 00 ba [ 808.661181][ C1] RSP: 0018:ffffc90000a4fa38 EFLAGS: 00000097 [ 808.661196][ C1] RAX: ffffffff81b2672c RBX: 000000bc3dac5b6b RCX: ffff88801e2d1f00 [ 808.661209][ C1] RDX: 0000000040000000 RSI: 0000000000000001 RDI: 0000000000000007 [ 808.661220][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 808.661230][ C1] R10: dffffc0000000000 R11: fffff52000149f3c R12: ffff8880b87284e8 [ 808.661242][ C1] R13: ffff88801e2d1f00 R14: 0000000000000001 R15: 000000bc3dac5b6b [ 808.661253][ C1] FS: 0000000000000000(0000) GS:ffff888125d7e000(0000) knlGS:0000000000000000 [ 808.661267][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 808.661278][ C1] CR2: 0000555588b704e8 CR3: 0000000037be4000 CR4: 00000000003526f0 [ 808.661293][ C1] Call Trace: [ 808.661301][ C1] [ 808.661307][ C1] hrtimer_rearm_event+0x3c/0x200 [ 808.661325][ C1] __hrtimer_rearm_deferred+0x273/0x460 [ 808.661350][ C1] finish_task_switch+0x3f0/0xbe0 [ 808.661374][ C1] __schedule+0x1701/0x5500 [ 808.661402][ C1] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 808.661425][ C1] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 808.661444][ C1] ? rt_spin_lock+0x1e0/0x400 [ 808.661465][ C1] ? __pfx___schedule+0x10/0x10 [ 808.661484][ C1] ? schedule+0x90/0x360 [ 808.661508][ C1] ? schedule+0x90/0x360 [ 808.661529][ C1] schedule+0x164/0x360 [ 808.661614][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 808.661632][ C1] smpboot_thread_fn+0x5bc/0xa50 [ 808.661648][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 808.661672][ C1] kthread+0x388/0x470 [ 808.661690][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 808.661705][ C1] ? __pfx_kthread+0x10/0x10 [ 808.661723][ C1] ret_from_fork+0x514/0xb70 [ 808.661743][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 808.661761][ C1] ? __switch_to+0xc79/0x1410 [ 808.661777][ C1] ? __pfx_kthread+0x10/0x10 [ 808.661795][ C1] ret_from_fork_asm+0x1a/0x30 [ 808.661822][ C1] [ 808.673801][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 808.673820][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 808.673841][ T39] Tainted: [L]=SOFTLOCKUP [ 808.673846][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 808.673855][ T39] Call Trace: [ 808.673862][ T39] [ 808.673869][ T39] vpanic+0x56c/0xa60 [ 808.673897][ T39] ? __pfx___schedule+0x10/0x10 [ 808.673918][ T39] ? __pfx_vpanic+0x10/0x10 [ 808.673944][ T39] panic+0xc5/0xd0 [ 808.673964][ T39] ? __pfx_panic+0x10/0x10 [ 808.673985][ T39] ? preempt_schedule_thunk+0x16/0x40 [ 808.674011][ T39] ? nmi_trigger_cpumask_backtrace+0x319/0x380 [ 808.674032][ T39] watchdog+0x102c/0x1030 [ 808.674052][ T39] ? watchdog+0x1c9/0x1030 [ 808.674071][ T39] kthread+0x388/0x470 [ 808.674094][ T39] ? __pfx_watchdog+0x10/0x10 [ 808.674110][ T39] ? __pfx_kthread+0x10/0x10 [ 808.674130][ T39] ret_from_fork+0x514/0xb70 [ 808.674155][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 808.674176][ T39] ? __switch_to+0xc79/0x1410 [ 808.674196][ T39] ? __pfx_kthread+0x10/0x10 [ 808.674217][ T39] ret_from_fork_asm+0x1a/0x30 [ 808.674254][ T39] [ 808.680064][ T39] Kernel Offset: disabled