last executing test programs: 3m1.443781053s ago: executing program 1 (id=402): r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$inet_int(r0, 0x0, 0x15, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) 3m1.35420966s ago: executing program 1 (id=403): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000940)=ANY=[@ANYBLOB="88010000", @ANYRES16=r0, @ANYBLOB="030228bd7000fadbdf254400000008000300", @ANYRES32=r2, @ANYBLOB="0a0018000303030303030000080070"], 0x188}, 0x1, 0x0, 0x0, 0x4e808}, 0x4000) 3m1.304178873s ago: executing program 1 (id=404): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x8, 0x2, 0x1, 0x0, 0x3ac, 0x9, 0x5, 0xffff, 0x0}, &(0x7f00000001c0)=0x20) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000240)={r1, 0x2000, 0xb51}, &(0x7f0000000280)=0x8) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) r3 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000340)={'syz_tun\x00', 0x101}) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1000, 0x80040) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6}) r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020700c0af000000000000109024e7e0100000000090400000103000000092100000001220200090581030000070000"], 0x0) syz_usb_control_io(r8, 0x0, 0x0) syz_usb_control_io$hid(r8, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f}) close_range(r4, 0xffffffffffffffff, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000023000e000a000f000000cb1f50a028c1", 0x2e}], 0x1}, 0x0) close(r2) 2m59.890389928s ago: executing program 1 (id=411): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000100)={0x0, 0x2, 0x0, 0x7}) fcntl$lock(r2, 0x24, &(0x7f00000001c0)={0x2, 0x0, 0x6f, 0x9}) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fedbdf251300000008000300", @ANYRES32=r5, @ANYBLOB="0a00060008021100000000000600120083000000e16a0146e7a27198bb741f63ab81329a708d4fa52bc7f5de0e1e8e82136603c55d22b97c4cf678c300cf718e5fe2fc132f67430ad9f24b034f7b6939ef9c1fe6041ee124eea4b575b959568f"], 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x4814) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_usb_connect(0x1, 0x2d, &(0x7f0000000680)=ANY=[@ANYRES8=r6, @ANYBLOB="8a8fbc5adf29370491a2e7810ee109e9014bb7298155b24bef33913a2b02b1ebacfdd01aab8259472aef87c51ddde78cb4cfc6228881adf5515a9ab937574ebf4fea76a21f023ade411b845f3184cfe49997a235ec9a3272d48075809dcf08cae129660c7e6c6377543981f86036fe7eecd37f5f41d6928fb0c2209bd198dd995e0a10cbeb5b29e3dc67e1f15492d8ad99", @ANYRES64=r2], 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = syz_init_net_socket$ax25(0x3, 0x2, 0x1) ioctl$SIOCAX25ADDFWD(r7, 0x89ea, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='nr_inodes=M']) r8 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r8, 0x0, 0x0) syz_usb_control_io$hid(r8, 0x0, 0x0) r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x8000000000000000) ioctl$FS_IOC_GETVERSION(r9, 0xc0105b08, &(0x7f0000000040)) r10 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) dup(r10) syz_open_dev$tty1(0xc, 0x4, 0x4) syz_open_dev$tty1(0xc, 0x4, 0x1) 2m56.685361122s ago: executing program 1 (id=426): r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) open_by_handle_at(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="0c0000000100010004"], 0x408100) (fail_nth: 2) 2m56.583409154s ago: executing program 1 (id=427): r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000) open_by_handle_at(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="0c0000000100010004"], 0x408100) 2m56.375918788s ago: executing program 32 (id=427): r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000) open_by_handle_at(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="0c0000000100010004"], 0x408100) 1m59.579519223s ago: executing program 2 (id=892): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000017c0)={&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000200)='%', 0x1}], 0x1}, 0x51) (fail_nth: 6) 1m59.490219896s ago: executing program 2 (id=893): mknod(0x0, 0x836fac3ed7542db, 0x2) r0 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6, 0x0, 0x6c}]}, 0x10) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0xc05c5340, &(0x7f0000000500)={0x8, 0x0, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3600000}}) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041) write$sndseq(r5, &(0x7f0000000080)=[{0x0, 0xfd, 0x0, 0xfd, @tick, {}, {0xe}, @connect}], 0x1c) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$kcm(0x2d, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r7, 0x11d, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) sendmsg$netlink(r6, 0x0, 0x0) sendmsg$kcm(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)="d8000000100081044e81f782db44b904021d080b01000000e8fe55a1010115000600142603600e120800060000001101a80016000a00034006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4688df216265e43bf66f282ac027812cfbd3f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40d", 0xd8}, {&(0x7f0000000280)="ca5865ba11e4d770dce7ad8a98add96b0643bc5f4c612a817bed0539077e4bfa3058ece3e02ee874b08269274453414629adbd9177ee91b0dbb13de8ea165b46bd69f41a8fef53675157f8f0f51e1b04f89d06cd6717ecb229ebc210bdefbbda85c18189952c8a4dd45fd55cd8794d943b8a7ee935f649bf758e4d1eb173a9839515d296a86d7f4644d5e75a978a702acd44c4b8af6d02017e3c0bfc215ed0be4167ff8e9a638eba1189839dd3e0e9f645fd7cdca15c95694d7fa882d81423b3b75feb799043d15768f4c249b7b49417651ef302eece734b6c15c56967bb9fd2928f828bf4df4161d0051c64d7b64a", 0xef}, {&(0x7f00000003c0)="691832c35a968656d05190ad015f77a1010cc8823452ad1086481083b22b4563f84df871c11782146230fb2ca48aa540a135ba614b73e196a50c2dace4693c40b6b0cdcd43b489a91226ff", 0x4b}, {&(0x7f0000000440)="a4af35c3084fbfe6be7e426264fb2d5ce54cf50b95643e39fddf4ba413bb4fc85e753d31effde67b2c2a1e180e1bebd6d422dd9d53edc9ac96cecebe096ead599fc4cd2c791dff1a41541189b88e", 0x4e}], 0x4}, 0x0) 1m59.395447171s ago: executing program 2 (id=894): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {r1, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @loopback}, @in={0x2, 0x4000, @multicast2}}}, 0x118) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073797a3200000000080041007278650014023300766c616e3000"/56], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x24008000) 1m59.274069154s ago: executing program 2 (id=897): r0 = socket$inet6(0xa, 0x1, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private=0xa010100, @in=@dev={0xac, 0x14, 0x14, 0x3a}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0xfffffffffffffffe}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in=@local, 0x3500, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="030900000200000091f17ae814dd859e3a7f9feebf678da56b523b38e7"], 0x10}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$IOMMU_VFIO_GET_API_VERSION(r3, 0x3b64) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000140)=0x200000000) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f00000002c0)=0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) rename(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file1\x00') write$vhost_msg_v2(r5, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r5, &(0x7f0000000540)={0x2, 0x0, {&(0x7f00000005c0)=""/133, 0xfffffffffffffc4c, 0x0, 0x2, 0x3}}, 0x48) write$vhost_msg_v2(r5, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/118, 0x76, 0x0, 0x0, 0x3}}, 0x48) sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000680)=ANY=[@ANYBLOB="380000002e000100000000000000000008000000", @ANYRES32, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0xee00, @ANYBLOB="180000801400010098d4c0b8fd27f3a45e44e813022bd729"], 0x38}], 0x1}, 0x0) r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_dev$video(&(0x7f00000000c0), 0x17b4b522, 0x0) ioctl$VIDIOC_G_OUTPUT(r3, 0x8004562e, &(0x7f0000000440)) ioctl$SW_SYNC_IOC_INC(r7, 0x40045701, &(0x7f0000000000)=0x1) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r8, 0x4008af00, 0x0) r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x40082) ioctl$USBDEVFS_CLAIM_PORT(r9, 0x80045518, &(0x7f0000000000)=0x1) close_range(r8, 0xffffffffffffffff, 0x0) socket(0x11, 0xa, 0x5) 1m58.432076865s ago: executing program 2 (id=903): futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000)=0x1, 0x0) (fail_nth: 7) 1m58.067068708s ago: executing program 2 (id=906): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r2, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001964d408861a92e03f53010203010902240001820010030904"], 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32, @ANYBLOB="33000e0080000000ffffffffffff080269808a2e02da0ba7b3110000001361068044c90000000000000000000064"], 0x68}}, 0x0) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0x260, r4, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_FRAME={0x1e9, 0x33, @mgmt_frame=@assoc_req={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x6}, @broadcast, @broadcast, @random="04c257d4f211", {0x2, 0x6}, @value=@ver_80211n={0x0, 0x1, 0x2, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1}}, 0x6912, 0x8, {0x0, 0x6, @default_ibss_ssid}, @void, @val={0x2d, 0x1a, {0x4000, 0x1, 0x1, 0x0, {0x1, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, 0x6, 0xd, 0x2}}, [{0xdd, 0xaf, "9f39bdfeb8834c04ed5599c10f67a6acaef751e608600d47cad2f26cb072bb38891d96c73bb0d07470c87633f1c24e86a333b033f54dd498c458ff65c7dab5c4549d390b3e7e6374aa15b10ab4bc6843cfb1c4b3906c2e2667e4a82c5d9617e86beb1eeda53ccf174e87cee92b177d67776b1d5d17f4b2f5b69d025ccef0785855e16e4ecba525a8b4093c37f7f509c02ae7b89db84a254089dcc95dbce9e3f1c2829889df765751c92eb17283e4c4"}, {0xdd, 0x2a, "e1ff12ac6dc04553d583d37110dc568b8712c318a9cf7a60dc9675923f1406a7c635cd10b4d26c9bb81f"}, {0xdd, 0xc2, "78f653616e4bf0ca6e635b5ce01d8d63d783238a7a23c322b9800e098006a3f20817b7a79dc31279a477e929d8ee958975db007c74fd6f480453111355398e569baa21fe5bfdbc2e91ab16440f7f04d52fc84ab63b029ecea38764cfd6b4055aee3b655b9832cae5007886ae179ad702d763d6640c66acbdf43367d558916a2a18d567f8a3d06a4e13c183f31ee377df9869789aed6f58ffe3c4d70d776af8ca2969f5b0dce6b435f182772f0b55f5514bc4978d9dd5945b6eb19138702150337355"}]}}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0xe, 0x33, @ctrl_frame=@ack={{}, {0x7}}}, @NL80211_ATTR_MAC={0xa}]}, 0x260}, 0x1, 0x0, 0x0, 0x1}, 0x11) 1m57.049576686s ago: executing program 33 (id=906): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r2, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001964d408861a92e03f53010203010902240001820010030904"], 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32, @ANYBLOB="33000e0080000000ffffffffffff080269808a2e02da0ba7b3110000001361068044c90000000000000000000064"], 0x68}}, 0x0) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0x260, r4, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_FRAME={0x1e9, 0x33, @mgmt_frame=@assoc_req={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x6}, @broadcast, @broadcast, @random="04c257d4f211", {0x2, 0x6}, @value=@ver_80211n={0x0, 0x1, 0x2, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1}}, 0x6912, 0x8, {0x0, 0x6, @default_ibss_ssid}, @void, @val={0x2d, 0x1a, {0x4000, 0x1, 0x1, 0x0, {0x1, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, 0x6, 0xd, 0x2}}, [{0xdd, 0xaf, "9f39bdfeb8834c04ed5599c10f67a6acaef751e608600d47cad2f26cb072bb38891d96c73bb0d07470c87633f1c24e86a333b033f54dd498c458ff65c7dab5c4549d390b3e7e6374aa15b10ab4bc6843cfb1c4b3906c2e2667e4a82c5d9617e86beb1eeda53ccf174e87cee92b177d67776b1d5d17f4b2f5b69d025ccef0785855e16e4ecba525a8b4093c37f7f509c02ae7b89db84a254089dcc95dbce9e3f1c2829889df765751c92eb17283e4c4"}, {0xdd, 0x2a, "e1ff12ac6dc04553d583d37110dc568b8712c318a9cf7a60dc9675923f1406a7c635cd10b4d26c9bb81f"}, {0xdd, 0xc2, "78f653616e4bf0ca6e635b5ce01d8d63d783238a7a23c322b9800e098006a3f20817b7a79dc31279a477e929d8ee958975db007c74fd6f480453111355398e569baa21fe5bfdbc2e91ab16440f7f04d52fc84ab63b029ecea38764cfd6b4055aee3b655b9832cae5007886ae179ad702d763d6640c66acbdf43367d558916a2a18d567f8a3d06a4e13c183f31ee377df9869789aed6f58ffe3c4d70d776af8ca2969f5b0dce6b435f182772f0b55f5514bc4978d9dd5945b6eb19138702150337355"}]}}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0xe, 0x33, @ctrl_frame=@ack={{}, {0x7}}}, @NL80211_ATTR_MAC={0xa}]}, 0x260}, 0x1, 0x0, 0x0, 0x1}, 0x11) 7.333215224s ago: executing program 0 (id=1441): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xe}, {&(0x7f0000000100)="a957f1f3039875384a598092df70b16f147ec1fc5206ebcb153762ac3c133aedd335d3530472d8d2", 0x28}], 0x2) 7.33284295s ago: executing program 4 (id=1442): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./bus\x00', 0x128) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000180)='./file1\x00', 0x800, 0x70) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x400, 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000200)='./file1\x00', 0x0) unlinkat(r0, &(0x7f0000000000)='./file1\x00', 0x0) unlink(&(0x7f0000000040)='./file1\x00') syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000709c3120e80401669b81010203010902120001010000000904"], 0x0) 6.040853844s ago: executing program 4 (id=1447): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1fd, 0x1, 0x0, 0x2000, &(0x7f0000bd3000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000000)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) 5.605253393s ago: executing program 4 (id=1448): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x8, 0x2, 0x1, 0x0, 0x3ac, 0x9, 0x5, 0xffff, 0x0}, &(0x7f00000001c0)=0x20) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000240)={r1, 0x2000, 0xb51}, &(0x7f0000000280)=0x8) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) r3 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000340)={'syz_tun\x00', 0x101}) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1000, 0x80040) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6}) r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020700c0af000000000000109024e7e0100000000090400000103000000092100000001220200090581030000070000"], 0x0) syz_usb_control_io(r8, 0x0, 0x0) syz_usb_control_io$hid(r8, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f}) close_range(r4, 0xffffffffffffffff, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000023000e000a000f000000cb1f50a0", 0x2c}], 0x1}, 0x0) close(r2) 4.658680016s ago: executing program 0 (id=1450): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x6, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0xa, 0xfffffffa, 0xffff2d33, 0x1dd2, 0x6, 0x7, 0x0, 0x80000000, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x3, 0x3, 0x107fff, 0x4c74, 0xfbf5, 0x0, 0xb, 0xa, 0x0, 0x71, 0x7, 0x2000007, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0x6, 0x3, 0x4, 0x4, 0x8, 0x0, 0x7f, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0x8, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0xfffff000, 0xfffffffe, 0x8, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x0, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x801, 0x8, 0x4, 0x0, 0x106, 0x2, 0x8, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x83, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xd, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0xffffffff, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x387d, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x80002, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x20005, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x2000008, 0x2], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce5, 0x1fd, 0x6, 0x5, 0x40005, 0x40000003, 0x100, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x5, 0xffffffff, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffb, 0x5, 0x8, 0xc8, 0x3, 0x3, 0x80ffff, 0x200003, 0x5, 0x80000000, 0x9602, 0xa, 0x2, 0x4, 0x10, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x3, 0x8, 0x5, 0xb1c, 0x1, 0x200, 0xffff3444, 0xfff]}, 0x45c) openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x918) getsockopt$inet6_int(r0, 0x29, 0xc8, 0x0, 0x0) r2 = memfd_create(&(0x7f0000000600)='[\v\xdbX\x00\x00\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2C\x8bd#S\xdd\xeeM\xbb\xce\x82\x1eb;(\xb5\xe1jS\xd6\x91%}l\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3\t\x00\x00\x00`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x83\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8\xf2\xfb\x86\xed,\x93Y\xf58\x1c\x1bQ=\xbd\x8e \xeb\xa9\xeaU\xa9za\x18\x87\xed\xb4I\x14\x8c\xb0\x18\x1dI{\x8e\v\xb7\xb6\xd3g\x7fM\xfb\x9bG\xe8\r\x93t\x01\x9f\xb9\x15\xca\xc1Mm\xe4\xca\xc8\x84\x80c\xea\xd4\x16@\x84\x1f|M\xd3]S\xca\r\xff\xac\x879\x85\xb4c\xa1\xe9\xe5\xc0\xdf\xc4\x12#\x11\xa9#HR!\xb2\x13\xd5 \x10\x9fyd \x15\xa5\xdb\xac\xc5k\xf2\xd9m\xab\x92\xd2\xb7z\xed^\xd20xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000a80)={0x48, r1, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c191f}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x48}}, 0x20000000) 2.274201325s ago: executing program 3 (id=1466): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0xfffffffffffffffc, 0x0, 0x1, r2, 0x1}) (fail_nth: 4) 1.865534917s ago: executing program 3 (id=1467): semget(0x2, 0x4, 0x212) (fail_nth: 3) 1.801168083s ago: executing program 3 (id=1468): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1fd, 0x1, 0x0, 0x2000, &(0x7f0000bd3000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = open_tree(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x8000) write$FUSE_POLL(r3, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x2}}, 0x18) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000000)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000) syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000022fb040d80408fdb159000000010902"], 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.690277003s ago: executing program 5 (id=1469): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)={0x44, 0x1, 0x1, 0x101, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0xd}]}]}, 0x44}}, 0x0) bind$netrom(r0, &(0x7f0000000f40)={{0x6, @rose}, [@default, @bcast, @netrom, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x48) socket$nl_xfrm(0x10, 0x3, 0x6) 1.423877555s ago: executing program 0 (id=1470): r0 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r0, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x11d, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) sendmsg$netlink(r3, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)="d8000000100081044e81f782db44b904021d080b01000000e8fe55a1010115000600142603600e120800060000001101a80016000a00034006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4688df216265e43bf66f282ac027812cfbd3f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40d", 0xd8}, {&(0x7f0000000280)="ca5865ba11e4d770dce7ad8a98add96b0643bc5f4c612a817bed0539077e4bfa3058ece3e02ee874b08269274453414629adbd9177ee91b0dbb13de8ea165b46bd69f41a8fef53675157f8f0f51e1b04f89d06cd6717ecb229ebc210bdefbbda85c18189952c8a4dd45fd55cd8794d943b8a7ee935f649bf758e4d1eb173a9839515d296a86d7f4644d5e75a978a702acd44c4b8af6d02017e3c0bfc215ed0be4167ff8e9a638eba1189839dd3e0e9f645fd7cdca15c95694d7fa882d81423b3b75feb799043d15768f4c249b7b49417651ef302eece734b6c15c56967bb9fd2928f828bf4df4161d0051c64d7b64a", 0xef}, {&(0x7f00000003c0)="691832c35a968656d05190ad015f77a1010cc8823452ad1086481083b22b4563f84df871c11782146230fb2ca48aa540a135ba614b73e196a50c2dace4693c40b6b0cdcd43b489a91226ff", 0x4b}, {&(0x7f0000000440)="a4af35c3084fbfe6be7e426264fb2d5ce54cf50b95643e39fddf4ba413bb4fc85e753d31effde67b2c2a1e180e1bebd6d422dd9d53edc9ac96cecebe096ead599fc4cd2c791dff1a41541189b88e", 0x4e}], 0x4}, 0x0) 1.392181702s ago: executing program 5 (id=1471): semget(0x2, 0x4, 0x212) 1.255455774s ago: executing program 0 (id=1472): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x6) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000099000040"]) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) ioctl$SIOCGETSGCNT_IN6(r0, 0x5411, &(0x7f0000000380)={@ipv4={'\x00', '\xff\xff', @multicast2}, @private1}) r5 = memfd_secret(0x0) timerfd_gettime(r5, 0x0) r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r7 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0xc) setresgid(0xffffffffffffffff, r8, r8) ioctl$SIOCGETSGCNT_IN6(r0, 0x89e1, &(0x7f0000000040)={@loopback, @dev={0xfe, 0x80, '\x00', 0x3b}}) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r6, 0x7a9, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c0001800600060088470000040502"], 0x528}, 0x1, 0x0, 0x0, 0x48000}, 0x400c000) 1.255294209s ago: executing program 5 (id=1473): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x20, &(0x7f0000000440)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44000}, 0x8042) 1.188421357s ago: executing program 5 (id=1474): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) mremap(&(0x7f0000064000/0x3000)=nil, 0x3000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00008fb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000eb4000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) (async) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00008fb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000eb4000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) syz_io_uring_setup(0x7688, &(0x7f0000000040)={0x0, 0x800389b, 0x4000, 0x1, 0x19e}, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x57e, 0x201e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0xc, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x3, 0xf}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f00000000c0)={0x0, 0x21, 0x78, {0x78, 0x24, "53ad60947d6f4e0627ce8208f799c5fc289ffdeebbe3770b9f1b7d1f032b7277f0f256686f8d0755fafe10763703efd1d1e8484b4869e316a45929758e71bdb2cfefff64165793b5c14818171f4a7710650b631e5ecb258eca403b892b46dc291c835e5fc027a601d47fd6e741e71eaf6c21f026e80b"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 947.077623ms ago: executing program 0 (id=1475): r0 = socket(0x10, 0x2, 0x0) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) preadv(r1, &(0x7f0000000280)=[{&(0x7f00000006c0)=""/245, 0xf5}, {&(0x7f0000000100)=""/165, 0xa5}], 0x2, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, 0x0, 0x8, 0x2}}) 682.133064ms ago: executing program 0 (id=1476): r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x40000000200, 0x101301) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0xfffffff8, 0x40, &(0x7f0000000000)={0x4b5a9da54893e123, 0x1, 0x19, 0xfffd}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x20007, 0x0}) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x100000001, 0x400000) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f00000000c0)={0xc8, 0x18, 0x3, 0x74d, "80bf77e517955162ec6e51e09ef7632a01c90426a3e651f980fd3d28ff720ace"}) 664.005799ms ago: executing program 4 (id=1477): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, 0x0, 0x8, 0x2}}) (fail_nth: 4) 467.925303ms ago: executing program 4 (id=1478): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r4, 0x0, 0x10000, 0x0, 0x207ffc, 0xac79c, 0x334e84}) r5 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000180)) ioctl$BTRFS_IOC_INO_PATHS(r5, 0xc0389423, &(0x7f00000001c0)={0x29193ddc, 0x18, [0x8, 0xfffc, 0x4, 0x5], &(0x7f0000000200)=[0x0, 0x0, 0x0]}) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000080)={0x48, 0x7, r4, 0x0, 0x10000, 0x0, 0x10008, 0x27c7f5, 0x28bc2d, 0x200000000000}) syz_clone3(&(0x7f0000000080)={0xa690b000, &(0x7f0000000040), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r6 = syz_open_procfs(0x0, &(0x7f00000006c0)='fdinfo/3\x00') syz_usb_connect(0x3, 0x24, &(0x7f0000004300)={{0x12, 0x1, 0x200, 0x47, 0x77, 0xdc, 0x20, 0xd49, 0x7000, 0x97b5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x9, 0x5, 0x80, 0x5, [{{0x9, 0x4, 0x67, 0x5, 0x0, 0x45, 0xb9, 0x9e, 0x53}}]}}]}}, 0x0) pread64(r6, &(0x7f0000000140)=""/106, 0x6a, 0x1000007) r7 = eventfd(0x40) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0xfffffffffffffffc, 0x0, 0x1, r7, 0x1}) 118.209116ms ago: executing program 3 (id=1479): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$inet6(r0, 0x0, 0x0, 0x20000090, &(0x7f0000000100)={0xa, 0x4e23, 0x4, @mcast1, 0x8}, 0x1c) (fail_nth: 4) 78.164816ms ago: executing program 3 (id=1480): r0 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r0, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x11d, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) sendmsg$netlink(r3, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)="d8000000100081044e81f782db44b904021d080b01000000e8fe55a1010115000600142603600e120800060000001101a80016000a00034006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4688df216265e43bf66f282ac027812cfbd3f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40d", 0xd8}, {&(0x7f0000000280)="ca5865ba11e4d770dce7ad8a98add96b0643bc5f4c612a817bed0539077e4bfa3058ece3e02ee874b08269274453414629adbd9177ee91b0dbb13de8ea165b46bd69f41a8fef53675157f8f0f51e1b04f89d06cd6717ecb229ebc210bdefbbda85c18189952c8a4dd45fd55cd8794d943b8a7ee935f649bf758e4d1eb173a9839515d296a86d7f4644d5e75a978a702acd44c4b8af6d02017e3c0bfc215ed0be4167ff8e9a638eba1189839dd3e0e9f645fd7cdca15c95694d7fa882d81423b3b75feb799043d15768f4c249b7b49417651ef302eece734b6c15c56967bb9fd2928f828bf4df4161d0051c64d7b64a", 0xef}, {&(0x7f00000003c0)="691832c35a968656d05190ad015f77a1010cc8823452ad1086481083b22b4563f84df871c11782146230fb2ca48aa540a135ba614b73e196a50c2dace4693c40b6b0cdcd43b489a91226ff", 0x4b}, {&(0x7f0000000440)="a4af35c3084fbfe6be7e426264fb2d5ce54cf50b95643e39fddf4ba413bb4fc85e753d31effde67b2c2a1e180e1bebd6d422dd9d53edc9ac96cecebe096ead599fc4cd2c791dff1a41541189b88e", 0x4e}], 0x4}, 0x0) 0s ago: executing program 3 (id=1481): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') symlink(0x0, 0x0) mkdir(0x0, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)={0x34, r3, 0x303, 0x0, 0x0, {0x13}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c0000003b000701000000000ce2aa66027c00000400000014000180066e", @ANYRES32=r4], 0x2c}, 0x1, 0x0, 0x0, 0x8004}, 0x24004040) r6 = socket$pppoe(0x18, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) connect$pppoe(r6, &(0x7f0000000300)={0x18, 0x0, {0x15, @remote, 'bond0\x00'}}, 0x1e) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r7, 0x40047438, &(0x7f0000000040)=0x2) ioctl$PPPIOCBRIDGECHAN(r7, 0x40047435, &(0x7f0000000200)=0x1) read$FUSE(r0, &(0x7f0000000080)={0x2020}, 0x2020) kernel console output (not intermixed with test programs): igh speed hub [ 284.846851][ T43] usb 4-1: config 3 has an invalid interface number: 106 but max is 0 [ 284.855695][ T43] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 284.867802][ T43] usb 4-1: config 3 has no interface number 0 [ 284.874041][ T43] usb 4-1: config 3 interface 106 altsetting 10 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 284.885694][ T43] usb 4-1: config 3 interface 106 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 284.899001][ T43] usb 4-1: config 3 interface 106 has no altsetting 0 [ 284.920936][ T43] usb 4-1: New USB device found, idVendor=0d46, idProduct=2011, bcdDevice=e8.8a [ 284.931916][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.941230][ T43] usb 4-1: Product: syz [ 284.945989][ T43] usb 4-1: Manufacturer: syz [ 284.951001][ T43] usb 4-1: SerialNumber: syz [ 284.962468][ T9808] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 286.180145][ T5909] gspca_spca1528: reg_r err -71 [ 286.185189][ T5909] spca1528 1-1:0.1: probe with driver spca1528 failed with error -71 [ 286.221455][ T5909] usb 1-1: USB disconnect, device number 74 [ 286.305782][ T9823] FAULT_INJECTION: forcing a failure. [ 286.305782][ T9823] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 286.326698][ T9823] CPU: 1 UID: 0 PID: 9823 Comm: syz.5.1210 Not tainted syzkaller #0 PREEMPT(full) [ 286.326731][ T9823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 286.326745][ T9823] Call Trace: [ 286.326754][ T9823] [ 286.326764][ T9823] dump_stack_lvl+0x189/0x250 [ 286.326799][ T9823] ? __pfx____ratelimit+0x10/0x10 [ 286.326822][ T9823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.326852][ T9823] ? __pfx__printk+0x10/0x10 [ 286.326883][ T9823] ? fs_reclaim_acquire+0x7d/0x100 [ 286.326915][ T9823] should_fail_ex+0x414/0x560 [ 286.326953][ T9823] prepare_alloc_pages+0x213/0x610 [ 286.326984][ T9823] __alloc_frozen_pages_noprof+0x123/0x370 [ 286.327008][ T9823] ? __lock_acquire+0xab9/0xd20 [ 286.327035][ T9823] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 286.327069][ T9823] ? policy_nodemask+0x27c/0x720 [ 286.327088][ T9823] ? __lock_acquire+0xab9/0xd20 [ 286.327118][ T9823] alloc_pages_mpol+0x232/0x4a0 [ 286.327147][ T9823] vma_alloc_folio_noprof+0xe4/0x200 [ 286.327174][ T9823] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 286.327220][ T9823] folio_prealloc+0x30/0x180 [ 286.327255][ T9823] __handle_mm_fault+0x2a8b/0x5400 [ 286.327412][ T9823] ? __pfx___handle_mm_fault+0x10/0x10 [ 286.327481][ T9823] ? find_vma+0xe7/0x160 [ 286.327513][ T9823] ? __pfx_find_vma+0x10/0x10 [ 286.327548][ T9823] handle_mm_fault+0x40a/0x8e0 [ 286.327606][ T9823] do_user_addr_fault+0x764/0x1380 [ 286.327663][ T9823] exc_page_fault+0x82/0x100 [ 286.327695][ T9823] asm_exc_page_fault+0x26/0x30 [ 286.327719][ T9823] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 286.327753][ T9823] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 3f 32 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 286.327773][ T9823] RSP: 0018:ffffc90003b3f8d8 EFLAGS: 00050202 [ 286.327796][ T9823] RAX: ffffffff84d3c401 RBX: ffff88807e5b6000 RCX: 0000000000000300 [ 286.327816][ T9823] RDX: 0000000000000000 RSI: ffff88807e5b64c0 RDI: 0000200000001000 [ 286.327833][ T9823] RBP: ffffc90003b3fa50 R08: ffff88807e5b67bf R09: 1ffff1100fcb6cf7 [ 286.327851][ T9823] R10: dffffc0000000000 R11: ffffed100fcb6cf8 R12: dffffc0000000000 [ 286.327866][ T9823] R13: 0000000000000000 R14: 00007ffffffff000 R15: 00000000000007c0 [ 286.327890][ T9823] ? _copy_to_iter+0x401/0x1790 [ 286.327928][ T9823] _copy_to_iter+0x493/0x1790 [ 286.327978][ T9823] ? __pfx__copy_to_iter+0x10/0x10 [ 286.328006][ T9823] ? m_stop+0x125/0x2d0 [ 286.328048][ T9823] ? m_stop+0x24e/0x2d0 [ 286.328086][ T9823] seq_read_iter+0xbf5/0xe20 [ 286.328154][ T9823] seq_read+0x369/0x480 [ 286.328187][ T9823] ? __pfx_seq_read+0x10/0x10 [ 286.328224][ T9823] ? rw_verify_area+0x2a6/0x4d0 [ 286.328248][ T9823] ? __lock_acquire+0xab9/0xd20 [ 286.328275][ T9823] ? __pfx_seq_read+0x10/0x10 [ 286.328300][ T9823] vfs_read+0x200/0xa30 [ 286.328340][ T9823] ? fdget_pos+0x247/0x320 [ 286.328378][ T9823] ? __pfx___mutex_lock+0x10/0x10 [ 286.328407][ T9823] ? __pfx_vfs_read+0x10/0x10 [ 286.328432][ T9823] ? __fget_files+0x2a/0x420 [ 286.328467][ T9823] ? __fget_files+0x3a0/0x420 [ 286.328494][ T9823] ? __fget_files+0x2a/0x420 [ 286.328534][ T9823] ksys_read+0x145/0x250 [ 286.328561][ T9823] ? __pfx_ksys_read+0x10/0x10 [ 286.328591][ T9823] ? do_syscall_64+0xbe/0xfa0 [ 286.328623][ T9823] do_syscall_64+0xfa/0xfa0 [ 286.328648][ T9823] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.328672][ T9823] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.328696][ T9823] ? clear_bhb_loop+0x60/0xb0 [ 286.328726][ T9823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.328748][ T9823] RIP: 0033:0x7f108d38eec9 [ 286.328770][ T9823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.328791][ T9823] RSP: 002b:00007f108b5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 286.328813][ T9823] RAX: ffffffffffffffda RBX: 00007f108d5e5fa0 RCX: 00007f108d38eec9 [ 286.328831][ T9823] RDX: 0000000000002020 RSI: 0000200000000b40 RDI: 0000000000000003 [ 286.328847][ T9823] RBP: 00007f108b5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 286.328863][ T9823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 286.328877][ T9823] R13: 00007f108d5e6038 R14: 00007f108d5e5fa0 R15: 00007ffc5c3d6728 [ 286.328916][ T9823] [ 286.929591][ T9827] tipc: Enabled bearer , priority 0 [ 287.019153][ T9828] tipc: Resetting bearer [ 287.465518][ T43] kobil_sct 4-1:3.106: KOBIL USB smart card terminal converter detected [ 287.509416][ T43] usb 4-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 287.548236][ T43] usb 4-1: USB disconnect, device number 63 [ 287.595761][ T43] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 287.632835][ T43] kobil_sct 4-1:3.106: device disconnected [ 288.362804][ T9867] FAULT_INJECTION: forcing a failure. [ 288.362804][ T9867] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.384285][ T9867] CPU: 1 UID: 0 PID: 9867 Comm: syz.0.1222 Not tainted syzkaller #0 PREEMPT(full) [ 288.384312][ T9867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 288.384325][ T9867] Call Trace: [ 288.384334][ T9867] [ 288.384344][ T9867] dump_stack_lvl+0x189/0x250 [ 288.384380][ T9867] ? __pfx____ratelimit+0x10/0x10 [ 288.384403][ T9867] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.384434][ T9867] ? __pfx__printk+0x10/0x10 [ 288.384463][ T9867] ? __might_fault+0xb0/0x130 [ 288.384503][ T9867] should_fail_ex+0x414/0x560 [ 288.384540][ T9867] _copy_from_user+0x2d/0xb0 [ 288.384568][ T9867] userfaultfd_ioctl+0x78c/0x4c80 [ 288.384593][ T9867] ? kasan_save_track+0x21/0x80 [ 288.384621][ T9867] ? __kasan_slab_free+0x5c/0x80 [ 288.384637][ T9867] ? kfree+0x19a/0x6d0 [ 288.384661][ T9867] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 288.384680][ T9867] ? security_file_ioctl+0xcb/0x2d0 [ 288.384710][ T9867] ? __se_sys_ioctl+0x47/0x170 [ 288.384739][ T9867] ? do_syscall_64+0xfa/0xfa0 [ 288.384761][ T9867] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.384790][ T9867] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 288.384846][ T9867] ? kasan_quarantine_put+0xdd/0x220 [ 288.384876][ T9867] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.384908][ T9867] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 288.384933][ T9867] ? do_vfs_ioctl+0xbe8/0x1430 [ 288.384951][ T9867] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 288.384972][ T9867] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 288.385028][ T9867] ? __fget_files+0x2a/0x420 [ 288.385059][ T9867] ? __fget_files+0x3a0/0x420 [ 288.385081][ T9867] ? __fget_files+0x2a/0x420 [ 288.385110][ T9867] ? bpf_lsm_file_ioctl+0x9/0x20 [ 288.385134][ T9867] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 288.385159][ T9867] __se_sys_ioctl+0xfc/0x170 [ 288.385178][ T9867] do_syscall_64+0xfa/0xfa0 [ 288.385197][ T9867] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.385216][ T9867] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.385233][ T9867] ? clear_bhb_loop+0x60/0xb0 [ 288.385255][ T9867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.385272][ T9867] RIP: 0033:0x7f28d558eec9 [ 288.385288][ T9867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.385305][ T9867] RSP: 002b:00007f28d6411038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 288.385324][ T9867] RAX: ffffffffffffffda RBX: 00007f28d57e5fa0 RCX: 00007f28d558eec9 [ 288.385337][ T9867] RDX: 0000200000000000 RSI: 000000008010aa01 RDI: 0000000000000003 [ 288.385349][ T9867] RBP: 00007f28d6411090 R08: 0000000000000000 R09: 0000000000000000 [ 288.385361][ T9867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.385371][ T9867] R13: 00007f28d57e6038 R14: 00007f28d57e5fa0 R15: 00007fffd2fb24c8 [ 288.385401][ T9867] [ 288.809638][ T52] Bluetooth: hci0: command 0x0405 tx timeout [ 289.114428][ T9879] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 289.253929][ T9882] FAULT_INJECTION: forcing a failure. [ 289.253929][ T9882] name failslab, interval 1, probability 0, space 0, times 0 [ 289.270103][ T9882] CPU: 0 UID: 0 PID: 9882 Comm: syz.0.1227 Not tainted syzkaller #0 PREEMPT(full) [ 289.270132][ T9882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 289.270145][ T9882] Call Trace: [ 289.270155][ T9882] [ 289.270164][ T9882] dump_stack_lvl+0x189/0x250 [ 289.270198][ T9882] ? __pfx____ratelimit+0x10/0x10 [ 289.270217][ T9882] ? __pfx_dump_stack_lvl+0x10/0x10 [ 289.270243][ T9882] ? __pfx__printk+0x10/0x10 [ 289.270286][ T9882] ? __pfx___might_resched+0x10/0x10 [ 289.270313][ T9882] ? fs_reclaim_acquire+0x7d/0x100 [ 289.270339][ T9882] should_fail_ex+0x414/0x560 [ 289.270373][ T9882] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 289.270406][ T9882] should_failslab+0xa8/0x100 [ 289.270431][ T9882] __kmalloc_cache_noprof+0x6f/0x6f0 [ 289.270461][ T9882] ? trace_contention_end+0x39/0x120 [ 289.270488][ T9882] ? vhost_task_create+0xf0/0x350 [ 289.270517][ T9882] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 289.270550][ T9882] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 289.270581][ T9882] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 289.270612][ T9882] vhost_task_create+0xf0/0x350 [ 289.270646][ T9882] ? __pfx_vhost_task_create+0x10/0x10 [ 289.270684][ T9882] ? __pfx_vhost_task_fn+0x10/0x10 [ 289.270735][ T9882] kvm_mmu_post_init_vm+0x14c/0x300 [ 289.270760][ T9882] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 289.270786][ T9882] ? __mutex_trylock_common+0x153/0x260 [ 289.270812][ T9882] ? __pfx___mutex_trylock_common+0x10/0x10 [ 289.270836][ T9882] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 289.270855][ T9882] ? rcu_is_watching+0x15/0xb0 [ 289.270877][ T9882] ? trace_contention_end+0x39/0x120 [ 289.270909][ T9882] ? look_up_lock_class+0x74/0x170 [ 289.270930][ T9882] ? register_lock_class+0x51/0x320 [ 289.270954][ T9882] ? __lock_acquire+0xab9/0xd20 [ 289.270999][ T9882] kvm_vcpu_ioctl+0x95c/0xe90 [ 289.271021][ T9882] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 289.271058][ T9882] ? __fget_files+0x2a/0x420 [ 289.271082][ T9882] ? __fget_files+0x3a0/0x420 [ 289.271100][ T9882] ? __fget_files+0x2a/0x420 [ 289.271124][ T9882] ? bpf_lsm_file_ioctl+0x9/0x20 [ 289.271144][ T9882] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 289.271160][ T9882] __se_sys_ioctl+0xfc/0x170 [ 289.271178][ T9882] do_syscall_64+0xfa/0xfa0 [ 289.271196][ T9882] ? lockdep_hardirqs_on+0x9c/0x150 [ 289.271214][ T9882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.271230][ T9882] ? clear_bhb_loop+0x60/0xb0 [ 289.271251][ T9882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.271267][ T9882] RIP: 0033:0x7f28d558eec9 [ 289.271284][ T9882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.271299][ T9882] RSP: 002b:00007f28d6411038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 289.271318][ T9882] RAX: ffffffffffffffda RBX: 00007f28d57e5fa0 RCX: 00007f28d558eec9 [ 289.271331][ T9882] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 289.271341][ T9882] RBP: 00007f28d6411090 R08: 0000000000000000 R09: 0000000000000000 [ 289.271352][ T9882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 289.271362][ T9882] R13: 00007f28d57e6038 R14: 00007f28d57e5fa0 R15: 00007fffd2fb24c8 [ 289.271391][ T9882] [ 289.593043][ C0] vkms_vblank_simulate: vblank timer overrun [ 289.772686][ T9828] tipc: Disabling bearer [ 289.875951][ T9850] syzkaller0: entered promiscuous mode [ 289.881662][ T9850] syzkaller0: entered allmulticast mode [ 290.066239][ T9891] FAULT_INJECTION: forcing a failure. [ 290.066239][ T9891] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 290.080430][ T9891] CPU: 1 UID: 0 PID: 9891 Comm: syz.3.1231 Not tainted syzkaller #0 PREEMPT(full) [ 290.080461][ T9891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 290.080476][ T9891] Call Trace: [ 290.080485][ T9891] [ 290.080495][ T9891] dump_stack_lvl+0x189/0x250 [ 290.080532][ T9891] ? __pfx____ratelimit+0x10/0x10 [ 290.080554][ T9891] ? __pfx_dump_stack_lvl+0x10/0x10 [ 290.080598][ T9891] ? __pfx__printk+0x10/0x10 [ 290.080639][ T9891] should_fail_ex+0x414/0x560 [ 290.080678][ T9891] _copy_to_user+0x31/0xb0 [ 290.080708][ T9891] simple_read_from_buffer+0xe1/0x170 [ 290.080734][ T9891] proc_fail_nth_read+0x1b3/0x220 [ 290.080764][ T9891] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 290.080792][ T9891] ? rw_verify_area+0x2a6/0x4d0 [ 290.080807][ T9891] ? __lock_acquire+0xab9/0xd20 [ 290.080825][ T9891] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 290.080853][ T9891] vfs_read+0x200/0xa30 [ 290.080870][ T9891] ? fdget_pos+0x247/0x320 [ 290.080894][ T9891] ? __pfx___mutex_lock+0x10/0x10 [ 290.080915][ T9891] ? __pfx_vfs_read+0x10/0x10 [ 290.080933][ T9891] ? __fget_files+0x2a/0x420 [ 290.080957][ T9891] ? __fget_files+0x3a0/0x420 [ 290.080975][ T9891] ? __fget_files+0x2a/0x420 [ 290.081003][ T9891] ksys_read+0x145/0x250 [ 290.081022][ T9891] ? __pfx_ksys_read+0x10/0x10 [ 290.081044][ T9891] ? do_syscall_64+0xbe/0xfa0 [ 290.081066][ T9891] do_syscall_64+0xfa/0xfa0 [ 290.081084][ T9891] ? lockdep_hardirqs_on+0x9c/0x150 [ 290.081103][ T9891] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.081120][ T9891] ? clear_bhb_loop+0x60/0xb0 [ 290.081140][ T9891] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.081157][ T9891] RIP: 0033:0x7fb46a18d8dc [ 290.081173][ T9891] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 290.081189][ T9891] RSP: 002b:00007fb46af3e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 290.081207][ T9891] RAX: ffffffffffffffda RBX: 00007fb46a3e5fa0 RCX: 00007fb46a18d8dc [ 290.081220][ T9891] RDX: 000000000000000f RSI: 00007fb46af3e0a0 RDI: 0000000000000004 [ 290.081231][ T9891] RBP: 00007fb46af3e090 R08: 0000000000000000 R09: 0000000000000000 [ 290.081241][ T9891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 290.081251][ T9891] R13: 00007fb46a3e6038 R14: 00007fb46a3e5fa0 R15: 00007fff0b6cf758 [ 290.081280][ T9891] [ 290.144957][ T89] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 290.269704][ T9893] /dev/nullb0: Can't open blockdev [ 290.428073][ T89] usb 5-1: Using ep0 maxpacket: 8 [ 290.443044][ T89] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 290.464710][ T89] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 290.477081][ T89] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11 [ 290.488860][ T89] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024 [ 290.500390][ T89] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 290.521545][ T89] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 290.530903][ T89] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.539327][ T89] usb 5-1: Product: syz [ 290.543828][ T89] usb 5-1: Manufacturer: syz [ 290.548701][ T89] usb 5-1: SerialNumber: syz [ 290.583634][ T89] usb 5-1: config 0 descriptor?? [ 290.596966][ T9899] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1233'. [ 290.618455][ T89] input: KB Gear Tablet as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input25 [ 290.879420][ T89] usb 5-1: USB disconnect, device number 30 [ 292.034877][ T9897] syzkaller1: entered promiscuous mode [ 292.040645][ T9897] syzkaller1: entered allmulticast mode [ 292.256319][ T9923] FAULT_INJECTION: forcing a failure. [ 292.256319][ T9923] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.269740][ T9923] CPU: 1 UID: 0 PID: 9923 Comm: syz.5.1241 Not tainted syzkaller #0 PREEMPT(full) [ 292.269768][ T9923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 292.269782][ T9923] Call Trace: [ 292.269791][ T9923] [ 292.269801][ T9923] dump_stack_lvl+0x189/0x250 [ 292.269838][ T9923] ? __pfx____ratelimit+0x10/0x10 [ 292.269862][ T9923] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.269893][ T9923] ? __pfx__printk+0x10/0x10 [ 292.269922][ T9923] ? __might_fault+0xb0/0x130 [ 292.269965][ T9923] should_fail_ex+0x414/0x560 [ 292.270001][ T9923] _copy_from_user+0x2d/0xb0 [ 292.270029][ T9923] inet6_ioctl+0x180/0x280 [ 292.270056][ T9923] ? __pfx_inet6_ioctl+0x10/0x10 [ 292.270092][ T9923] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 292.270120][ T9923] sock_do_ioctl+0xdc/0x300 [ 292.270152][ T9923] ? __pfx_sock_do_ioctl+0x10/0x10 [ 292.270199][ T9923] sock_ioctl+0x576/0x790 [ 292.270230][ T9923] ? __pfx_sock_ioctl+0x10/0x10 [ 292.270263][ T9923] ? __fget_files+0x3a0/0x420 [ 292.270287][ T9923] ? __fget_files+0x2a/0x420 [ 292.270316][ T9923] ? bpf_lsm_file_ioctl+0x9/0x20 [ 292.270341][ T9923] ? __pfx_sock_ioctl+0x10/0x10 [ 292.270369][ T9923] __se_sys_ioctl+0xfc/0x170 [ 292.270391][ T9923] do_syscall_64+0xfa/0xfa0 [ 292.270414][ T9923] ? lockdep_hardirqs_on+0x9c/0x150 [ 292.270444][ T9923] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.270465][ T9923] ? clear_bhb_loop+0x60/0xb0 [ 292.270491][ T9923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.270511][ T9923] RIP: 0033:0x7f108d38eec9 [ 292.270530][ T9923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.270548][ T9923] RSP: 002b:00007f108b5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 292.270570][ T9923] RAX: ffffffffffffffda RBX: 00007f108d5e5fa0 RCX: 00007f108d38eec9 [ 292.270586][ T9923] RDX: 0000200000000540 RSI: 000000000000890b RDI: 0000000000000006 [ 292.270600][ T9923] RBP: 00007f108b5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 292.270615][ T9923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 292.270628][ T9923] R13: 00007f108d5e6038 R14: 00007f108d5e5fa0 R15: 00007ffc5c3d6728 [ 292.270662][ T9923] [ 292.299954][ T9926] syzkaller1: entered promiscuous mode [ 292.361231][ T9927] FAULT_INJECTION: forcing a failure. [ 292.361231][ T9927] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.477804][ T9926] syzkaller1: entered allmulticast mode [ 292.537482][ T9927] CPU: 0 UID: 0 PID: 9927 Comm: syz.3.1242 Not tainted syzkaller #0 PREEMPT(full) [ 292.537508][ T9927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 292.537519][ T9927] Call Trace: [ 292.537526][ T9927] [ 292.537534][ T9927] dump_stack_lvl+0x189/0x250 [ 292.537567][ T9927] ? __pfx____ratelimit+0x10/0x10 [ 292.537588][ T9927] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.537613][ T9927] ? __pfx__printk+0x10/0x10 [ 292.537637][ T9927] ? __might_fault+0xb0/0x130 [ 292.537673][ T9927] should_fail_ex+0x414/0x560 [ 292.537705][ T9927] _copy_from_user+0x2d/0xb0 [ 292.537728][ T9927] xfrm_user_policy+0x2cf/0x950 [ 292.537758][ T9927] ? __pfx_xfrm_user_policy+0x10/0x10 [ 292.537782][ T9927] ? apparmor_capable+0x137/0x1b0 [ 292.537808][ T9927] ? bpf_lsm_capable+0x9/0x20 [ 292.537830][ T9927] ? security_capable+0x7e/0x2e0 [ 292.537856][ T9927] do_ipv6_setsockopt+0x155e/0x2eb0 [ 292.537885][ T9927] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 292.537913][ T9927] ? aa_label_sk_perm+0x4cd/0x630 [ 292.537931][ T9927] ? get_pid_task+0x20/0x1f0 [ 292.537964][ T9927] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 292.537994][ T9927] ? vfs_write+0x956/0xb30 [ 292.538016][ T9927] ? __pfx___might_resched+0x10/0x10 [ 292.538044][ T9927] ? __lock_acquire+0xab9/0xd20 [ 292.538071][ T9927] ipv6_setsockopt+0x59/0x170 [ 292.538094][ T9927] rawv6_setsockopt+0x23b/0x5b0 [ 292.538118][ T9927] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 292.538137][ T9927] ? aa_sock_opt_perm+0xff/0x1b0 [ 292.538160][ T9927] ? sock_common_setsockopt+0x36/0xc0 [ 292.538186][ T9927] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 292.538213][ T9927] do_sock_setsockopt+0x17c/0x1b0 [ 292.538238][ T9927] __x64_sys_setsockopt+0x13f/0x1b0 [ 292.538270][ T9927] do_syscall_64+0xfa/0xfa0 [ 292.538289][ T9927] ? lockdep_hardirqs_on+0x9c/0x150 [ 292.538307][ T9927] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.538324][ T9927] ? clear_bhb_loop+0x60/0xb0 [ 292.538345][ T9927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.538362][ T9927] RIP: 0033:0x7fb46a18eec9 [ 292.538378][ T9927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.538402][ T9927] RSP: 002b:00007fb46af3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 292.538421][ T9927] RAX: ffffffffffffffda RBX: 00007fb46a3e5fa0 RCX: 00007fb46a18eec9 [ 292.538433][ T9927] RDX: 0000000000000023 RSI: 0000000000000029 RDI: 0000000000000003 [ 292.538444][ T9927] RBP: 00007fb46af3e090 R08: 00000000000000e8 R09: 0000000000000000 [ 292.538454][ T9927] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001 [ 292.538465][ T9927] R13: 00007fb46a3e6038 R14: 00007fb46a3e5fa0 R15: 00007fff0b6cf758 [ 292.538494][ T9927] [ 293.239472][ T9946] netlink: 'syz.4.1249': attribute type 1 has an invalid length. [ 293.274045][ T9946] netlink: 'syz.4.1249': attribute type 101 has an invalid length. [ 293.304746][ T9946] netlink: 480 bytes leftover after parsing attributes in process `syz.4.1249'. [ 293.342675][ T9945] syzkaller0: entered promiscuous mode [ 293.348452][ T9945] syzkaller0: entered allmulticast mode [ 295.190767][ T9967] FAULT_INJECTION: forcing a failure. [ 295.190767][ T9967] name failslab, interval 1, probability 0, space 0, times 0 [ 295.222992][ T9967] CPU: 0 UID: 0 PID: 9967 Comm: syz.4.1255 Not tainted syzkaller #0 PREEMPT(full) [ 295.223023][ T9967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 295.223037][ T9967] Call Trace: [ 295.223046][ T9967] [ 295.223056][ T9967] dump_stack_lvl+0x189/0x250 [ 295.223094][ T9967] ? __pfx____ratelimit+0x10/0x10 [ 295.223118][ T9967] ? __pfx_dump_stack_lvl+0x10/0x10 [ 295.223150][ T9967] ? __pfx__printk+0x10/0x10 [ 295.223185][ T9967] ? __pfx___might_resched+0x10/0x10 [ 295.223210][ T9967] ? fs_reclaim_acquire+0x7d/0x100 [ 295.223236][ T9967] should_fail_ex+0x414/0x560 [ 295.223274][ T9967] should_failslab+0xa8/0x100 [ 295.223299][ T9967] __kmalloc_cache_node_noprof+0x74/0x6f0 [ 295.223333][ T9967] ? __get_vm_area_node+0x13f/0x300 [ 295.223370][ T9967] __get_vm_area_node+0x13f/0x300 [ 295.223406][ T9967] __vmalloc_node_range_noprof+0x30c/0x12d0 [ 295.223439][ T9967] ? copy_process+0x54b/0x3c20 [ 295.223486][ T9967] ? percpu_ref_get_many+0x19/0x140 [ 295.223519][ T9967] ? __memcg_slab_post_alloc_hook+0x517/0x7d0 [ 295.223557][ T9967] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 295.223592][ T9967] ? memcpy_and_pad+0x48/0x80 [ 295.223629][ T9967] __vmalloc_node_noprof+0xc2/0x110 [ 295.223661][ T9967] ? copy_process+0x54b/0x3c20 [ 295.223685][ T9967] ? copy_process+0x54b/0x3c20 [ 295.223714][ T9967] dup_task_struct+0x3d4/0x830 [ 295.223741][ T9967] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.223768][ T9967] copy_process+0x54b/0x3c20 [ 295.223817][ T9967] ? get_pid_task+0x20/0x1f0 [ 295.223853][ T9967] ? __pfx_copy_process+0x10/0x10 [ 295.223893][ T9967] kernel_clone+0x21e/0x840 [ 295.223920][ T9967] ? vfs_write+0x956/0xb30 [ 295.223947][ T9967] ? __pfx_kernel_clone+0x10/0x10 [ 295.223986][ T9967] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 295.224020][ T9967] __x64_sys_clone+0x185/0x1e0 [ 295.224053][ T9967] ? __pfx___x64_sys_clone+0x10/0x10 [ 295.224100][ T9967] ? __pfx_ksys_write+0x10/0x10 [ 295.224125][ T9967] ? do_syscall_64+0xbe/0xfa0 [ 295.224153][ T9967] do_syscall_64+0xfa/0xfa0 [ 295.224176][ T9967] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.224199][ T9967] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.224221][ T9967] ? clear_bhb_loop+0x60/0xb0 [ 295.224246][ T9967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.224267][ T9967] RIP: 0033:0x7fc270d8eec9 [ 295.224286][ T9967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.224304][ T9967] RSP: 002b:00007fc271cd2fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 295.224326][ T9967] RAX: ffffffffffffffda RBX: 00007fc270fe6090 RCX: 00007fc270d8eec9 [ 295.224343][ T9967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000 [ 295.224357][ T9967] RBP: 00007fc271cd3090 R08: 0000000000000000 R09: 0000000000000000 [ 295.224371][ T9967] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 295.224384][ T9967] R13: 00007fc270fe6128 R14: 00007fc270fe6090 R15: 00007ffc744e6b18 [ 295.224419][ T9967] [ 295.224431][ T9967] syz.4.1255: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 295.597286][ T9967] CPU: 0 UID: 0 PID: 9967 Comm: syz.4.1255 Not tainted syzkaller #0 PREEMPT(full) [ 295.597314][ T9967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 295.597328][ T9967] Call Trace: [ 295.597336][ T9967] [ 295.597346][ T9967] dump_stack_lvl+0x189/0x250 [ 295.597383][ T9967] ? __pfx_dump_stack_lvl+0x10/0x10 [ 295.597414][ T9967] ? __pfx__printk+0x10/0x10 [ 295.597442][ T9967] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 295.597474][ T9967] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 295.597512][ T9967] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 295.597546][ T9967] warn_alloc+0x214/0x310 [ 295.597574][ T9967] ? __pfx_warn_alloc+0x10/0x10 [ 295.597604][ T9967] ? __get_vm_area_node+0x2b5/0x300 [ 295.597643][ T9967] __vmalloc_node_range_noprof+0x331/0x12d0 [ 295.597685][ T9967] ? percpu_ref_get_many+0x19/0x140 [ 295.597716][ T9967] ? __memcg_slab_post_alloc_hook+0x517/0x7d0 [ 295.597754][ T9967] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 295.597789][ T9967] ? memcpy_and_pad+0x48/0x80 [ 295.597826][ T9967] __vmalloc_node_noprof+0xc2/0x110 [ 295.597858][ T9967] ? copy_process+0x54b/0x3c20 [ 295.597883][ T9967] ? copy_process+0x54b/0x3c20 [ 295.597912][ T9967] dup_task_struct+0x3d4/0x830 [ 295.597939][ T9967] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.597965][ T9967] copy_process+0x54b/0x3c20 [ 295.598012][ T9967] ? get_pid_task+0x20/0x1f0 [ 295.598047][ T9967] ? __pfx_copy_process+0x10/0x10 [ 295.598088][ T9967] kernel_clone+0x21e/0x840 [ 295.598116][ T9967] ? vfs_write+0x956/0xb30 [ 295.598142][ T9967] ? __pfx_kernel_clone+0x10/0x10 [ 295.598188][ T9967] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 295.598221][ T9967] __x64_sys_clone+0x185/0x1e0 [ 295.598254][ T9967] ? __pfx___x64_sys_clone+0x10/0x10 [ 295.598301][ T9967] ? __pfx_ksys_write+0x10/0x10 [ 295.598327][ T9967] ? do_syscall_64+0xbe/0xfa0 [ 295.598355][ T9967] do_syscall_64+0xfa/0xfa0 [ 295.598377][ T9967] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.598400][ T9967] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.598422][ T9967] ? clear_bhb_loop+0x60/0xb0 [ 295.598447][ T9967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.598468][ T9967] RIP: 0033:0x7fc270d8eec9 [ 295.598486][ T9967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.598504][ T9967] RSP: 002b:00007fc271cd2fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 295.598528][ T9967] RAX: ffffffffffffffda RBX: 00007fc270fe6090 RCX: 00007fc270d8eec9 [ 295.598544][ T9967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000 [ 295.598556][ T9967] RBP: 00007fc271cd3090 R08: 0000000000000000 R09: 0000000000000000 [ 295.598570][ T9967] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 295.598582][ T9967] R13: 00007fc270fe6128 R14: 00007fc270fe6090 R15: 00007ffc744e6b18 [ 295.598617][ T9967] [ 295.598692][ T9967] Mem-Info: [ 295.969707][ T9967] active_anon:10183 inactive_anon:0 isolated_anon:0 [ 295.969707][ T9967] active_file:16396 inactive_file:39997 isolated_file:0 [ 295.969707][ T9967] unevictable:768 dirty:398 writeback:0 [ 295.969707][ T9967] slab_reclaimable:11003 slab_unreclaimable:95784 [ 295.969707][ T9967] mapped:25658 shmem:4091 pagetables:1523 [ 295.969707][ T9967] sec_pagetables:0 bounce:0 [ 295.969707][ T9967] kernel_misc_reclaimable:0 [ 295.969707][ T9967] free:1314748 free_pcp:14797 free_cma:0 [ 296.015271][ C0] vkms_vblank_simulate: vblank timer overrun [ 296.051248][ T9967] Node 0 active_anon:41064kB inactive_anon:0kB active_file:65532kB inactive_file:159784kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102516kB dirty:1572kB writeback:0kB shmem:14828kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:12104kB pagetables:5932kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 296.083710][ C0] vkms_vblank_simulate: vblank timer overrun [ 296.101847][ T9967] Node 1 active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:20kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:108kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 296.161237][ T9967] Node 0 DMA free:15328kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB [ 296.191399][ C0] vkms_vblank_simulate: vblank timer overrun [ 296.216596][ T9967] lowmem_reserve[]: 0 2489 2490 2490 2490 [ 296.223375][ T9967] Node 0 DMA32 free:1353264kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB free_highatomic:0KB active_anon:41164kB inactive_anon:0kB active_file:65532kB inactive_file:159784kB unevictable:1536kB writepending:1572kB zspages:0kB present:3129332kB managed:2549416kB mlocked:0kB bounce:0kB free_pcp:37732kB local_pcp:21092kB free_cma:0kB [ 296.257024][ C0] vkms_vblank_simulate: vblank timer overrun [ 296.286173][ T9967] lowmem_reserve[]: [ 296.286241][ T43] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 296.295813][ T9967] 0 0 0 0 0 [ 296.306844][ T9967] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 296.336224][ C0] vkms_vblank_simulate: vblank timer overrun [ 296.351091][ T9967] lowmem_reserve[]: 0 0 0 0 0 [ 296.357951][ T9967] Node 1 Normal free:3893680kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:204kB unevictable:1536kB writepending:20kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:17696kB local_pcp:6464kB free_cma:0kB [ 296.397315][ T9967] lowmem_reserve[]: 0 0 0 0 0 [ 296.406653][ T9967] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15328kB [ 296.425202][ T9967] Node 0 DMA32: 105*4kB (UME) 15*8kB (UME) 26*16kB (UME) 318*32kB (UME) 76*64kB (UME) 87*128kB (UM) 54*256kB (UME) 25*512kB (M) 15*1024kB (M) 7*2048kB (UM) 310*4096kB (UM) = 1353212kB [ 296.447645][ T9967] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 296.460113][ T9967] Node 1 Normal: 188*4kB (UE) 38*8kB (UME) 45*16kB (UE) 172*32kB (UE) 47*64kB (UM) 9*128kB (UME) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 946*4096kB (M) = 3893680kB [ 296.486208][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 296.517250][ T43] usb 4-1: config 0 has no interfaces? [ 296.530722][ T43] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 296.545213][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.559916][ T9967] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 296.574822][ T9967] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 296.586313][ T43] usb 4-1: config 0 descriptor?? [ 296.607767][ T9967] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 296.620326][ T9967] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 296.631581][ T9967] 60480 total pagecache pages [ 296.637013][ T9967] 0 pages in swap cache [ 296.650541][ T9967] Free swap = 124996kB [ 296.655233][ T9967] Total swap = 124996kB [ 296.660111][ T9967] 2097051 pages RAM [ 296.674414][ T9967] 0 pages HighMem/MovableOnly [ 296.679157][ T9967] 427991 pages reserved [ 296.700668][ T9967] 0 pages cma reserved [ 296.735101][ T9994] syzkaller0: entered promiscuous mode [ 296.741095][ T9994] syzkaller0: entered allmulticast mode [ 296.809741][ T43] usb 4-1: USB disconnect, device number 64 [ 297.224176][T10001] FAULT_INJECTION: forcing a failure. [ 297.224176][T10001] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 297.237451][T10001] CPU: 0 UID: 0 PID: 10001 Comm: syz.0.1267 Not tainted syzkaller #0 PREEMPT(full) [ 297.237480][T10001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 297.237493][T10001] Call Trace: [ 297.237502][T10001] [ 297.237511][T10001] dump_stack_lvl+0x189/0x250 [ 297.237546][T10001] ? __pfx____ratelimit+0x10/0x10 [ 297.237568][T10001] ? __pfx_dump_stack_lvl+0x10/0x10 [ 297.237599][T10001] ? __pfx__printk+0x10/0x10 [ 297.237625][T10001] ? __might_fault+0xb0/0x130 [ 297.237660][T10001] should_fail_ex+0x414/0x560 [ 297.237691][T10001] _copy_from_user+0x2d/0xb0 [ 297.237718][T10001] snd_ctl_ioctl+0x359/0x1bf0 [ 297.237743][T10001] ? stack_trace_save+0x9c/0xe0 [ 297.237774][T10001] ? __pfx_stack_trace_save+0x10/0x10 [ 297.237804][T10001] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 297.237826][T10001] ? stack_depot_save_flags+0x40/0x860 [ 297.237867][T10001] ? kasan_save_track+0x4f/0x80 [ 297.237895][T10001] ? kasan_save_track+0x3e/0x80 [ 297.237922][T10001] ? __kasan_save_free_info+0x46/0x50 [ 297.237947][T10001] ? __kasan_slab_free+0x5c/0x80 [ 297.237964][T10001] ? kfree+0x19a/0x6d0 [ 297.237988][T10001] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 297.238007][T10001] ? security_file_ioctl+0xcb/0x2d0 [ 297.238036][T10001] ? __se_sys_ioctl+0x47/0x170 [ 297.238053][T10001] ? do_syscall_64+0xfa/0xfa0 [ 297.238076][T10001] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.238154][T10001] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 297.238180][T10001] ? do_vfs_ioctl+0xbe8/0x1430 [ 297.238199][T10001] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 297.238220][T10001] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 297.238268][T10001] ? __fget_files+0x2a/0x420 [ 297.238293][T10001] ? __fget_files+0x3a0/0x420 [ 297.238327][T10001] ? __fget_files+0x2a/0x420 [ 297.238349][T10001] ? bpf_lsm_file_ioctl+0x9/0x20 [ 297.238370][T10001] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 297.238390][T10001] __se_sys_ioctl+0xfc/0x170 [ 297.238408][T10001] do_syscall_64+0xfa/0xfa0 [ 297.238426][T10001] ? lockdep_hardirqs_on+0x9c/0x150 [ 297.238445][T10001] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.238461][T10001] ? clear_bhb_loop+0x60/0xb0 [ 297.238481][T10001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.238497][T10001] RIP: 0033:0x7f28d558eec9 [ 297.238515][T10001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.238531][T10001] RSP: 002b:00007f28d6411038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 297.238550][T10001] RAX: ffffffffffffffda RBX: 00007f28d57e5fa0 RCX: 00007f28d558eec9 [ 297.238563][T10001] RDX: 0000200000000080 RSI: 00000000c1105517 RDI: 0000000000000003 [ 297.238574][T10001] RBP: 00007f28d6411090 R08: 0000000000000000 R09: 0000000000000000 [ 297.238584][T10001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 297.238593][T10001] R13: 00007f28d57e6038 R14: 00007f28d57e5fa0 R15: 00007fffd2fb24c8 [ 297.238621][T10001] [ 297.341600][ T43] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 297.346350][ C0] vkms_vblank_simulate: vblank timer overrun [ 297.542157][ C0] vkms_vblank_simulate: vblank timer overrun [ 297.637192][ T43] usb 5-1: no configurations [ 297.642027][ T43] usb 5-1: can't read configurations, error -22 [ 297.797274][ T43] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 297.823093][T10006] could not allocate digest TFM handle blake2s-256-generic [ 297.969683][ T43] usb 5-1: no configurations [ 297.984370][ T43] usb 5-1: can't read configurations, error -22 [ 298.014822][ T43] usb usb5-port1: attempt power cycle [ 298.410696][ T43] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 298.448196][ T43] usb 5-1: no configurations [ 298.453228][ T43] usb 5-1: can't read configurations, error -22 [ 298.604336][ T43] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 298.645040][ T43] usb 5-1: no configurations [ 298.650006][ T43] usb 5-1: can't read configurations, error -22 [ 298.657193][ T43] usb usb5-port1: unable to enumerate USB device [ 299.402024][T10037] syzkaller1: entered promiscuous mode [ 299.408734][T10037] syzkaller1: entered allmulticast mode [ 299.591322][T10044] FAULT_INJECTION: forcing a failure. [ 299.591322][T10044] name failslab, interval 1, probability 0, space 0, times 0 [ 299.606854][T10044] CPU: 1 UID: 0 PID: 10044 Comm: syz.5.1283 Not tainted syzkaller #0 PREEMPT(full) [ 299.606884][T10044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 299.606899][T10044] Call Trace: [ 299.606908][T10044] [ 299.606918][T10044] dump_stack_lvl+0x189/0x250 [ 299.606955][T10044] ? __pfx____ratelimit+0x10/0x10 [ 299.606979][T10044] ? __pfx_dump_stack_lvl+0x10/0x10 [ 299.607010][T10044] ? __pfx__printk+0x10/0x10 [ 299.607045][T10044] ? __pfx___might_resched+0x10/0x10 [ 299.607070][T10044] ? fs_reclaim_acquire+0x7d/0x100 [ 299.607096][T10044] should_fail_ex+0x414/0x560 [ 299.607143][T10044] should_failslab+0xa8/0x100 [ 299.607168][T10044] kmem_cache_alloc_noprof+0x74/0x6e0 [ 299.607200][T10044] ? alloc_empty_file+0x55/0x1d0 [ 299.607227][T10044] ? kernel_text_address+0xa5/0xe0 [ 299.607253][T10044] alloc_empty_file+0x55/0x1d0 [ 299.607284][T10044] path_openat+0x107/0x3830 [ 299.607314][T10044] ? stack_trace_save+0x9c/0xe0 [ 299.607349][T10044] ? stack_depot_save_flags+0x40/0x860 [ 299.607382][T10044] ? _parse_integer_limit+0xf1/0x1f0 [ 299.607408][T10044] ? kasan_save_track+0x4f/0x80 [ 299.607440][T10044] ? getname_flags+0xb8/0x540 [ 299.607464][T10044] ? do_sys_openat2+0xbc/0x1c0 [ 299.607492][T10044] ? __x64_sys_openat+0x138/0x170 [ 299.607520][T10044] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.607542][T10044] ? __pfx_path_openat+0x10/0x10 [ 299.607583][T10044] do_filp_open+0x1fa/0x410 [ 299.607601][T10044] ? __lock_acquire+0xab9/0xd20 [ 299.607628][T10044] ? __pfx_do_filp_open+0x10/0x10 [ 299.607669][T10044] ? _raw_spin_unlock+0x28/0x50 [ 299.607688][T10044] ? alloc_fd+0x64c/0x6c0 [ 299.607722][T10044] do_sys_openat2+0x121/0x1c0 [ 299.607754][T10044] ? __pfx_do_sys_openat2+0x10/0x10 [ 299.607786][T10044] ? ksys_write+0x22a/0x250 [ 299.607810][T10044] ? __pfx_ksys_write+0x10/0x10 [ 299.607833][T10044] __x64_sys_openat+0x138/0x170 [ 299.607866][T10044] do_syscall_64+0xfa/0xfa0 [ 299.607886][T10044] ? lockdep_hardirqs_on+0x9c/0x150 [ 299.607905][T10044] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.607925][T10044] ? clear_bhb_loop+0x60/0xb0 [ 299.607948][T10044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.607969][T10044] RIP: 0033:0x7f108d38eec9 [ 299.607988][T10044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.608005][T10044] RSP: 002b:00007f108b5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 299.608028][T10044] RAX: ffffffffffffffda RBX: 00007f108d5e5fa0 RCX: 00007f108d38eec9 [ 299.608043][T10044] RDX: 000000000000275a RSI: 0000200000000280 RDI: ffffffffffffff9c [ 299.608058][T10044] RBP: 00007f108b5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 299.608071][T10044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.608085][T10044] R13: 00007f108d5e6038 R14: 00007f108d5e5fa0 R15: 00007ffc5c3d6728 [ 299.608126][T10044] [ 299.899926][ T43] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 299.960199][ T940] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 300.080125][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 300.117825][ T43] usb 1-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 300.129491][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.137711][ T940] usb 4-1: Using ep0 maxpacket: 16 [ 300.147767][ T43] usb 1-1: config 0 descriptor?? [ 300.160139][ T43] usb 1-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 300.168689][ T940] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 300.180279][ T940] usb 4-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 300.190007][ T940] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.203039][ T940] usb 4-1: config 0 descriptor?? [ 300.221661][ T43] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 300.234052][ T43] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 300.242449][ T43] usb 1-1: media controller created [ 300.273388][ T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 300.303992][ T43] usb 1-1: selecting invalid altsetting 1 [ 300.319504][ T43] set interface failed [ 300.321295][ T43] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 300.323421][T10051] syzkaller0: entered promiscuous mode [ 300.326681][ T43] error writing reg: 0xff, val: 0x00 [ 300.333016][T10051] syzkaller0: entered allmulticast mode [ 300.358918][T10037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 300.374405][T10037] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 300.396188][ T43] dvb_usb_mxl111sf 1-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 300.425274][ T43] usb 1-1: USB disconnect, device number 75 [ 300.486347][ T9] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 300.622296][ T9] usb 5-1: device descriptor read/64, error -71 [ 300.691344][ T940] uclogic 0003:5543:0781.002F: unknown main item tag 0x0 [ 300.701852][ T940] uclogic 0003:5543:0781.002F: unknown main item tag 0x0 [ 300.708980][ T940] uclogic 0003:5543:0781.002F: unknown main item tag 0x0 [ 300.717474][ T940] uclogic 0003:5543:0781.002F: unknown main item tag 0x0 [ 300.725134][ T940] uclogic 0003:5543:0781.002F: unknown main item tag 0x0 [ 300.735075][ T940] uclogic 0003:5543:0781.002F: hidraw0: USB HID v0.05 Device [HID 5543:0781] on usb-dummy_hcd.3-1/input0 [ 300.862297][ T9] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 301.004827][ T9] usb 5-1: device descriptor read/64, error -71 [ 301.122997][ T9] usb usb5-port1: attempt power cycle [ 301.469204][ T9] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 301.489918][ T9] usb 5-1: device descriptor read/8, error -71 [ 301.740094][ T9] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 301.769756][ T9] usb 5-1: device descriptor read/8, error -71 [ 301.881430][ T9] usb usb5-port1: unable to enumerate USB device [ 301.965627][ T940] usb 4-1: USB disconnect, device number 65 [ 302.528897][ T940] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 302.662254][T10072] overlayfs: failed to resolve './file1': -2 [ 302.688637][ T940] usb 6-1: Using ep0 maxpacket: 8 [ 302.724115][ T940] usb 6-1: unable to get BOS descriptor or descriptor too short [ 302.740073][ T940] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 302.747702][ T940] usb 6-1: can't read configurations, error -71 [ 302.768573][ T89] usb 4-1: new full-speed USB device number 66 using dummy_hcd [ 302.920315][ T89] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 302.932026][ T89] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 302.944483][ T89] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 302.957375][ T89] usb 4-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 302.966594][ T89] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.974767][ T89] usb 4-1: Product: syz [ 302.979004][ T89] usb 4-1: Manufacturer: syz [ 302.983723][ T89] usb 4-1: SerialNumber: syz [ 302.990815][ T89] usb 4-1: config 0 descriptor?? [ 303.201709][ T89] powermate: unknown product id 0240 [ 303.207262][ T89] powermate: Expected payload of 3--6 bytes, found 0 bytes! [ 303.217884][ T89] powermate 4-1:0.0: probe with driver powermate failed with error -5 [ 303.234743][T10077] syzkaller0: entered promiscuous mode [ 303.240955][T10077] syzkaller0: entered allmulticast mode [ 303.258572][ T89] usb 4-1: USB disconnect, device number 66 [ 303.442761][T10084] /dev/nullb0: Can't open blockdev [ 303.533690][ T5909] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 303.542390][T10086] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1300'. [ 303.579789][ T5909] hid-generic 0000:0000:0000.0030: hidraw0: HID v0.00 Device [syz1] on syz0 [ 304.745942][T10096] overlayfs: failed to resolve './file1': -2 [ 305.469685][T10109] FAULT_INJECTION: forcing a failure. [ 305.469685][T10109] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.491864][T10109] CPU: 1 UID: 0 PID: 10109 Comm: syz.5.1308 Not tainted syzkaller #0 PREEMPT(full) [ 305.491888][T10109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 305.491899][T10109] Call Trace: [ 305.491906][T10109] [ 305.491914][T10109] dump_stack_lvl+0x189/0x250 [ 305.491945][T10109] ? __pfx____ratelimit+0x10/0x10 [ 305.491963][T10109] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.491989][T10109] ? __pfx__printk+0x10/0x10 [ 305.492011][T10109] ? __might_fault+0xb0/0x130 [ 305.492046][T10109] should_fail_ex+0x414/0x560 [ 305.492076][T10109] _copy_from_user+0x2d/0xb0 [ 305.492099][T10109] kstrtouint_from_user+0xc4/0x170 [ 305.492120][T10109] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 305.492154][T10109] proc_fail_nth_write+0x88/0x200 [ 305.492180][T10109] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 305.492211][T10109] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 305.492238][T10109] vfs_write+0x27e/0xb30 [ 305.492264][T10109] ? __pfx_vfs_write+0x10/0x10 [ 305.492284][T10109] ? __fget_files+0x2a/0x420 [ 305.492308][T10109] ? __fget_files+0x3a0/0x420 [ 305.492327][T10109] ? __fget_files+0x2a/0x420 [ 305.492355][T10109] ksys_write+0x145/0x250 [ 305.492377][T10109] ? __pfx_ksys_write+0x10/0x10 [ 305.492399][T10109] ? do_syscall_64+0xbe/0xfa0 [ 305.492421][T10109] do_syscall_64+0xfa/0xfa0 [ 305.492439][T10109] ? lockdep_hardirqs_on+0x9c/0x150 [ 305.492457][T10109] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.492474][T10109] ? clear_bhb_loop+0x60/0xb0 [ 305.492494][T10109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.492521][T10109] RIP: 0033:0x7f108d38d97f [ 305.492536][T10109] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 305.492551][T10109] RSP: 002b:00007f108b5f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 305.492569][T10109] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f108d38d97f [ 305.492580][T10109] RDX: 0000000000000001 RSI: 00007f108b5f60a0 RDI: 0000000000000003 [ 305.492591][T10109] RBP: 00007f108b5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 305.492601][T10109] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 305.492611][T10109] R13: 00007f108d5e6038 R14: 00007f108d5e5fa0 R15: 00007ffc5c3d6728 [ 305.492639][T10109] [ 306.040721][T10125] overlayfs: failed to resolve './file1': -2 [ 306.456183][T10131] syzkaller0: entered promiscuous mode [ 306.462062][T10131] syzkaller0: entered allmulticast mode [ 306.542777][ T89] usb 4-1: new full-speed USB device number 67 using dummy_hcd [ 306.687234][ T89] usb 4-1: device descriptor read/64, error -71 [ 306.723943][T10145] netlink: 'syz.4.1321': attribute type 15 has an invalid length. [ 306.947969][ T89] usb 4-1: new full-speed USB device number 68 using dummy_hcd [ 307.096849][ T89] usb 4-1: device descriptor read/64, error -71 [ 307.216776][ T89] usb usb4-port1: attempt power cycle [ 307.415019][T10162] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1326'. [ 307.426928][T10162] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1326'. [ 307.490071][T10162] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1326'. [ 307.499440][T10162] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1326'. [ 307.571390][ T89] usb 4-1: new full-speed USB device number 69 using dummy_hcd [ 307.598391][ T89] usb 4-1: device descriptor read/8, error -71 [ 307.626153][T10162] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1326'. [ 307.635452][T10162] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1326'. [ 307.812470][T10169] FAULT_INJECTION: forcing a failure. [ 307.812470][T10169] name failslab, interval 1, probability 0, space 0, times 0 [ 307.825342][T10169] CPU: 0 UID: 0 PID: 10169 Comm: syz.4.1328 Not tainted syzkaller #0 PREEMPT(full) [ 307.825370][T10169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 307.825383][T10169] Call Trace: [ 307.825392][T10169] [ 307.825400][T10169] dump_stack_lvl+0x189/0x250 [ 307.825438][T10169] ? __pfx____ratelimit+0x10/0x10 [ 307.825460][T10169] ? __pfx_dump_stack_lvl+0x10/0x10 [ 307.825492][T10169] ? __pfx__printk+0x10/0x10 [ 307.825523][T10169] ? __pfx___might_resched+0x10/0x10 [ 307.825544][T10169] ? fs_reclaim_acquire+0x7d/0x100 [ 307.825565][T10169] should_fail_ex+0x414/0x560 [ 307.825597][T10169] should_failslab+0xa8/0x100 [ 307.825620][T10169] __kmalloc_cache_noprof+0x6f/0x6f0 [ 307.825647][T10169] ? inode_init_always_gfp+0xa03/0xdc0 [ 307.825666][T10169] ? alloc_pipe_info+0xe9/0x4d0 [ 307.825694][T10169] alloc_pipe_info+0xe9/0x4d0 [ 307.825714][T10169] create_pipe_files+0x8a/0x7e0 [ 307.825734][T10169] ? __fget_files+0x3a0/0x420 [ 307.825757][T10169] __do_pipe_flags+0x46/0x1f0 [ 307.825778][T10169] do_pipe2+0x9c/0x170 [ 307.825797][T10169] ? __pfx_do_pipe2+0x10/0x10 [ 307.825816][T10169] ? ksys_write+0x22a/0x250 [ 307.825849][T10169] __x64_sys_pipe2+0x5a/0x70 [ 307.825873][T10169] do_syscall_64+0xfa/0xfa0 [ 307.825895][T10169] ? lockdep_hardirqs_on+0x9c/0x150 [ 307.825917][T10169] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.825938][T10169] ? clear_bhb_loop+0x60/0xb0 [ 307.825963][T10169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.825983][T10169] RIP: 0033:0x7fc270d8eec9 [ 307.826002][T10169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.826020][T10169] RSP: 002b:00007fc271cf4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 307.826042][T10169] RAX: ffffffffffffffda RBX: 00007fc270fe5fa0 RCX: 00007fc270d8eec9 [ 307.826058][T10169] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000 [ 307.826071][T10169] RBP: 00007fc271cf4090 R08: 0000000000000000 R09: 0000000000000000 [ 307.826084][T10169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.826097][T10169] R13: 00007fc270fe6038 R14: 00007fc270fe5fa0 R15: 00007ffc744e6b18 [ 307.826130][T10169] [ 308.060865][ T89] usb 4-1: new full-speed USB device number 70 using dummy_hcd [ 308.091664][ T89] usb 4-1: device descriptor read/8, error -71 [ 308.119674][T10171] FAULT_INJECTION: forcing a failure. [ 308.119674][T10171] name failslab, interval 1, probability 0, space 0, times 0 [ 308.133185][T10171] CPU: 1 UID: 0 PID: 10171 Comm: syz.4.1329 Not tainted syzkaller #0 PREEMPT(full) [ 308.133216][T10171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 308.133230][T10171] Call Trace: [ 308.133238][T10171] [ 308.133247][T10171] dump_stack_lvl+0x189/0x250 [ 308.133282][T10171] ? __pfx____ratelimit+0x10/0x10 [ 308.133304][T10171] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.133334][T10171] ? __pfx__printk+0x10/0x10 [ 308.133369][T10171] ? __pfx___might_resched+0x10/0x10 [ 308.133393][T10171] ? fs_reclaim_acquire+0x7d/0x100 [ 308.133419][T10171] should_fail_ex+0x414/0x560 [ 308.133455][T10171] should_failslab+0xa8/0x100 [ 308.133479][T10171] kmem_cache_alloc_node_noprof+0x77/0x710 [ 308.133526][T10171] ? __alloc_skb+0x112/0x2d0 [ 308.133555][T10171] __alloc_skb+0x112/0x2d0 [ 308.133581][T10171] alloc_skb_with_frags+0xca/0x890 [ 308.133620][T10171] sock_alloc_send_pskb+0x84d/0x980 [ 308.133667][T10171] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 308.133694][T10171] ? dev_get_by_index+0x22/0x2f0 [ 308.133717][T10171] ? dev_get_by_index+0x22/0x2f0 [ 308.133745][T10171] packet_sendmsg+0x33ad/0x50a0 [ 308.133779][T10171] ? audit_net_cb+0x1f1/0x970 [ 308.133815][T10171] ? __pfx___might_resched+0x10/0x10 [ 308.133836][T10171] ? __lock_acquire+0xab9/0xd20 [ 308.133868][T10171] ? __pfx_packet_sendmsg+0x10/0x10 [ 308.133891][T10171] ? aa_sk_perm+0x81e/0x950 [ 308.133915][T10171] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 308.133942][T10171] ? aa_sock_msg_perm+0xf1/0x1d0 [ 308.133965][T10171] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 308.133984][T10171] ? __pfx_packet_sendmsg+0x10/0x10 [ 308.134009][T10171] __sock_sendmsg+0x21c/0x270 [ 308.134037][T10171] __sys_sendto+0x3bd/0x520 [ 308.134058][T10171] ? __pfx___sys_sendto+0x10/0x10 [ 308.134074][T10171] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 308.134107][T10171] ? __fget_files+0x3a0/0x420 [ 308.134138][T10171] ? ksys_write+0x22a/0x250 [ 308.134159][T10171] ? __pfx_ksys_write+0x10/0x10 [ 308.134180][T10171] __x64_sys_sendto+0xde/0x100 [ 308.134201][T10171] do_syscall_64+0xfa/0xfa0 [ 308.134220][T10171] ? lockdep_hardirqs_on+0x9c/0x150 [ 308.134238][T10171] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.134257][T10171] ? clear_bhb_loop+0x60/0xb0 [ 308.134277][T10171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.134293][T10171] RIP: 0033:0x7fc270d8eec9 [ 308.134310][T10171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.134324][T10171] RSP: 002b:00007fc271cf4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 308.134343][T10171] RAX: ffffffffffffffda RBX: 00007fc270fe5fa0 RCX: 00007fc270d8eec9 [ 308.134355][T10171] RDX: 00000000000100a6 RSI: 0000200000000180 RDI: 0000000000000003 [ 308.134367][T10171] RBP: 00007fc271cf4090 R08: 0000200000000140 R09: 0000000000000014 [ 308.134378][T10171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.134389][T10171] R13: 00007fc270fe6038 R14: 00007fc270fe5fa0 R15: 00007ffc744e6b18 [ 308.134417][T10171] [ 308.237065][ T89] usb usb4-port1: unable to enumerate USB device [ 308.241926][ C1] vkms_vblank_simulate: vblank timer overrun [ 308.447676][ C1] vkms_vblank_simulate: vblank timer overrun [ 308.745607][ T5909] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 308.895538][ T5909] usb 5-1: Using ep0 maxpacket: 32 [ 308.908559][ T5909] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 308.931230][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.950132][ T5909] usb 5-1: Product: syz [ 308.954384][ T5909] usb 5-1: Manufacturer: syz [ 308.959701][ T5909] usb 5-1: SerialNumber: syz [ 308.977566][ T5909] usb 5-1: config 0 descriptor?? [ 308.992784][ T5909] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 309.048940][T10179] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1332'. [ 309.077560][T10177] netlink: 'syz.5.1332': attribute type 29 has an invalid length. [ 309.087723][T10179] netlink: 'syz.5.1332': attribute type 29 has an invalid length. [ 309.096925][T10177] netlink: 'syz.5.1332': attribute type 29 has an invalid length. [ 309.370137][T10187] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1336'. [ 309.495143][ T5944] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 309.543827][T10192] netlink: 344 bytes leftover after parsing attributes in process `syz.3.1338'. [ 309.665103][ T5944] usb 6-1: Using ep0 maxpacket: 32 [ 309.672763][ T5944] usb 6-1: config index 0 descriptor too short (expected 32334, got 36) [ 309.681793][ T5944] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.691974][ T5944] usb 6-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00 [ 309.703014][ T5944] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.722628][ T5944] usb 6-1: config 0 descriptor?? [ 310.140852][ T5944] aquacomputer_d5next 0003:0C70:F00A.0031: unknown main item tag 0x7 [ 310.169745][ T5944] aquacomputer_d5next 0003:0C70:F00A.0031: hidraw0: USB HID v0.00 Device [HID 0c70:f00a] on usb-dummy_hcd.5-1/input0 [ 310.307552][T10205] syzkaller0: entered promiscuous mode [ 310.316313][T10205] syzkaller0: entered allmulticast mode [ 310.350430][ T5944] usb 6-1: USB disconnect, device number 27 [ 310.625046][T10218] loop3: detected capacity change from 0 to 7 [ 310.640381][T10218] Dev loop3: unable to read RDB block 7 [ 310.646361][T10218] loop3: AHDI p1 [ 310.650205][T10218] loop3: partition table partially beyond EOD, truncated [ 310.767300][T10220] /dev/nullb0: Can't open blockdev [ 311.450520][ T5909] gspca_stk1135: reg_w 0x300 err -71 [ 311.459402][ T5909] gspca_stk1135: serial bus timeout: status=0x00 [ 311.467258][ T5909] gspca_stk1135: Sensor write failed [ 311.472645][ T5909] gspca_stk1135: serial bus timeout: status=0x00 [ 311.481848][ T5909] gspca_stk1135: Sensor write failed [ 311.487507][ T5909] gspca_stk1135: serial bus timeout: status=0x00 [ 311.493927][ T5909] gspca_stk1135: Sensor read failed [ 311.499542][ T5909] gspca_stk1135: serial bus timeout: status=0x00 [ 311.506114][ T5909] gspca_stk1135: Sensor read failed [ 311.511387][ T5909] gspca_stk1135: Detected sensor type unknown (0x0) [ 311.518458][ T5909] gspca_stk1135: serial bus timeout: status=0x00 [ 311.525220][ T5909] gspca_stk1135: Sensor read failed [ 311.530546][ T5909] gspca_stk1135: serial bus timeout: status=0x00 [ 311.538687][ T5909] gspca_stk1135: Sensor read failed [ 311.544079][ T5909] gspca_stk1135: serial bus timeout: status=0x00 [ 311.550448][ T5909] gspca_stk1135: Sensor write failed [ 311.556213][ T5909] gspca_stk1135: serial bus timeout: status=0x00 [ 311.562716][ T5909] gspca_stk1135: Sensor write failed [ 311.568225][ T5909] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71 [ 311.584235][ T5909] usb 5-1: USB disconnect, device number 39 [ 312.352897][T10213] FAULT_INJECTION: forcing a failure. [ 312.352897][T10213] name failslab, interval 1, probability 0, space 0, times 0 [ 312.367160][T10213] CPU: 1 UID: 0 PID: 10213 Comm: syz.3.1343 Not tainted syzkaller #0 PREEMPT(full) [ 312.367189][T10213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 312.367204][T10213] Call Trace: [ 312.367214][T10213] [ 312.367223][T10213] dump_stack_lvl+0x189/0x250 [ 312.367272][T10213] ? __pfx____ratelimit+0x10/0x10 [ 312.367295][T10213] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.367328][T10213] ? __pfx__printk+0x10/0x10 [ 312.367363][T10213] ? __pfx___might_resched+0x10/0x10 [ 312.367388][T10213] ? fs_reclaim_acquire+0x7d/0x100 [ 312.367415][T10213] should_fail_ex+0x414/0x560 [ 312.367453][T10213] should_failslab+0xa8/0x100 [ 312.367478][T10213] __kmalloc_cache_noprof+0x6f/0x6f0 [ 312.367510][T10213] ? ____ip_mc_inc_group+0x528/0xde0 [ 312.367541][T10213] ____ip_mc_inc_group+0x528/0xde0 [ 312.367575][T10213] __ip_mc_join_group+0x431/0x510 [ 312.367610][T10213] do_mcast_group_source+0x35d/0x460 [ 312.367636][T10213] ? __pfx_do_mcast_group_source+0x10/0x10 [ 312.367658][T10213] ? do_raw_spin_lock+0x121/0x290 [ 312.367698][T10213] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 312.367719][T10213] ? lockdep_hardirqs_on+0x9c/0x150 [ 312.367737][T10213] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 312.367752][T10213] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 312.367771][T10213] ? look_up_lock_class+0x74/0x170 [ 312.367807][T10213] ? __local_bh_enable_ip+0x12d/0x1c0 [ 312.367827][T10213] ? lockdep_hardirqs_on+0x9c/0x150 [ 312.367844][T10213] ? __local_bh_enable_ip+0x12d/0x1c0 [ 312.367863][T10213] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 312.367889][T10213] do_ip_setsockopt+0x1aa5/0x2d00 [ 312.367918][T10213] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 312.367939][T10213] ? __lock_acquire+0xab9/0xd20 [ 312.367961][T10213] ? aa_sk_perm+0x81e/0x950 [ 312.367982][T10213] ? __pfx_aa_sk_perm+0x10/0x10 [ 312.368000][T10213] ? aa_sock_opt_perm+0xff/0x1b0 [ 312.368022][T10213] ip_setsockopt+0x66/0x110 [ 312.368036][T10213] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 312.368062][T10213] do_sock_setsockopt+0x17c/0x1b0 [ 312.368083][T10213] __x64_sys_setsockopt+0x13f/0x1b0 [ 312.368105][T10213] do_syscall_64+0xfa/0xfa0 [ 312.368122][T10213] ? lockdep_hardirqs_on+0x9c/0x150 [ 312.368144][T10213] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.368164][T10213] ? clear_bhb_loop+0x60/0xb0 [ 312.368189][T10213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.368209][T10213] RIP: 0033:0x7fb46a18eec9 [ 312.368229][T10213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.368247][T10213] RSP: 002b:00007fb46af3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 312.368278][T10213] RAX: ffffffffffffffda RBX: 00007fb46a3e5fa0 RCX: 00007fb46a18eec9 [ 312.368293][T10213] RDX: 000000000000002e RSI: 0000000000000000 RDI: 0000000000000003 [ 312.368308][T10213] RBP: 00007fb46af3e090 R08: 0000000000000108 R09: 0000000000000000 [ 312.368320][T10213] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 312.368330][T10213] R13: 00007fb46a3e6038 R14: 00007fb46a3e5fa0 R15: 00007fff0b6cf758 [ 312.368355][T10213] [ 312.678973][ C1] vkms_vblank_simulate: vblank timer overrun [ 312.824214][T10234] syzkaller1: entered promiscuous mode [ 312.829853][T10237] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1353'. [ 312.829958][T10237] FAULT_INJECTION: forcing a failure. [ 312.829958][T10237] name failslab, interval 1, probability 0, space 0, times 0 [ 312.839028][T10234] syzkaller1: entered allmulticast mode [ 312.859744][T10234] FAULT_INJECTION: forcing a failure. [ 312.859744][T10234] name failslab, interval 1, probability 0, space 0, times 0 [ 312.873511][T10234] CPU: 1 UID: 0 PID: 10234 Comm: syz.5.1350 Not tainted syzkaller #0 PREEMPT(full) [ 312.873538][T10234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 312.873552][T10234] Call Trace: [ 312.873560][T10234] [ 312.873568][T10234] dump_stack_lvl+0x189/0x250 [ 312.873606][T10234] ? __pfx____ratelimit+0x10/0x10 [ 312.873627][T10234] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.873657][T10234] ? __pfx__printk+0x10/0x10 [ 312.873692][T10234] ? __pfx___might_resched+0x10/0x10 [ 312.873716][T10234] ? fs_reclaim_acquire+0x7d/0x100 [ 312.873741][T10234] should_fail_ex+0x414/0x560 [ 312.873779][T10234] should_failslab+0xa8/0x100 [ 312.873802][T10234] kmem_cache_alloc_node_noprof+0x77/0x710 [ 312.873833][T10234] ? __alloc_skb+0x112/0x2d0 [ 312.873862][T10234] __alloc_skb+0x112/0x2d0 [ 312.873887][T10234] alloc_skb_with_frags+0xca/0x890 [ 312.873926][T10234] sock_alloc_send_pskb+0x84d/0x980 [ 312.873981][T10234] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 312.874010][T10234] ? is_bpf_text_address+0x26/0x2b0 [ 312.874043][T10234] ? iov_iter_advance+0x8b/0x1c0 [ 312.874069][T10234] tun_get_user+0xa43/0x3e90 [ 312.874110][T10234] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 312.874132][T10234] ? lockdep_hardirqs_on+0x9c/0x150 [ 312.874157][T10234] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 312.874178][T10234] ? __pfx_tun_get_user+0x10/0x10 [ 312.874214][T10234] ? save_netdev_trace_buffer+0x4cd/0x5e0 [ 312.874243][T10234] ? __lock_acquire+0xab9/0xd20 [ 312.874276][T10234] ? ref_tracker_alloc+0x318/0x460 [ 312.874297][T10234] ? tun_get+0x157/0x2f0 [ 312.874321][T10234] ? tun_chr_write_iter+0x60/0x210 [ 312.874347][T10234] ? ksys_write+0x145/0x250 [ 312.874369][T10234] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 312.874397][T10234] ? tun_get+0x1c/0x2f0 [ 312.874430][T10234] ? tun_get+0x1c/0x2f0 [ 312.874456][T10234] ? tun_get+0x1c/0x2f0 [ 312.874489][T10234] tun_chr_write_iter+0x113/0x210 [ 312.874519][T10234] vfs_write+0x5c9/0xb30 [ 312.874547][T10234] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 312.874576][T10234] ? __pfx_vfs_write+0x10/0x10 [ 312.874610][T10234] ? __fget_files+0x2a/0x420 [ 312.874646][T10234] ksys_write+0x145/0x250 [ 312.874672][T10234] ? __pfx_ksys_write+0x10/0x10 [ 312.874699][T10234] ? do_syscall_64+0xbe/0xfa0 [ 312.874728][T10234] do_syscall_64+0xfa/0xfa0 [ 312.874751][T10234] ? lockdep_hardirqs_on+0x9c/0x150 [ 312.874774][T10234] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.874795][T10234] ? clear_bhb_loop+0x60/0xb0 [ 312.874821][T10234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.874843][T10234] RIP: 0033:0x7f108d38eec9 [ 312.874862][T10234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.874881][T10234] RSP: 002b:00007f108b5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 312.874911][T10234] RAX: ffffffffffffffda RBX: 00007f108d5e5fa0 RCX: 00007f108d38eec9 [ 312.874926][T10234] RDX: 000000000000003e RSI: 0000200000000140 RDI: 0000000000000003 [ 312.874940][T10234] RBP: 00007f108b5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 312.874954][T10234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.874973][T10234] R13: 00007f108d5e6038 R14: 00007f108d5e5fa0 R15: 00007ffc5c3d6728 [ 312.875008][T10234] [ 312.875438][T10237] CPU: 1 UID: 0 PID: 10237 Comm: syz.4.1353 Not tainted syzkaller #0 PREEMPT(full) [ 312.875464][T10237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 312.875477][T10237] Call Trace: [ 312.875485][T10237] [ 312.875493][T10237] dump_stack_lvl+0x189/0x250 [ 312.875529][T10237] ? __pfx____ratelimit+0x10/0x10 [ 312.875551][T10237] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.875583][T10237] ? __pfx__printk+0x10/0x10 [ 312.875615][T10237] ? save_netdev_trace_buffer+0x4e2/0x5e0 [ 312.875657][T10237] should_fail_ex+0x414/0x560 [ 312.875694][T10237] should_failslab+0xa8/0x100 [ 312.875719][T10237] kmem_cache_alloc_noprof+0x74/0x6e0 [ 312.875750][T10237] ? skb_clone+0x212/0x3a0 [ 312.875812][T10237] skb_clone+0x212/0x3a0 [ 312.875843][T10237] __netlink_deliver_tap+0x424/0x8b0 [ 312.875882][T10237] ? netlink_deliver_tap+0x2e/0x1b0 [ 312.875906][T10237] netlink_deliver_tap+0x19c/0x1b0 [ 312.875931][T10237] netlink_sendskb+0x68/0x140 [ 312.875975][T10237] netlink_unicast+0x397/0x9e0 [ 312.876005][T10237] ? __asan_memcpy+0x40/0x70 [ 312.876044][T10237] ? __pfx_netlink_unicast+0x10/0x10 [ 312.876087][T10237] netlink_rcv_skb+0x28c/0x470 [ 312.876112][T10237] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 312.876147][T10237] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 312.876186][T10237] ? netlink_deliver_tap+0x2e/0x1b0 [ 312.876209][T10237] ? netlink_deliver_tap+0x2e/0x1b0 [ 312.876234][T10237] xfrm_netlink_rcv+0x79/0x90 [ 312.876267][T10237] netlink_unicast+0x82f/0x9e0 [ 312.876310][T10237] ? __pfx_netlink_unicast+0x10/0x10 [ 312.876346][T10237] ? netlink_sendmsg+0x642/0xb30 [ 312.876367][T10237] ? skb_put+0x11b/0x210 [ 312.876394][T10237] netlink_sendmsg+0x805/0xb30 [ 312.876428][T10237] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.876459][T10237] ? aa_sock_msg_perm+0xf1/0x1d0 [ 312.876488][T10237] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 312.876511][T10237] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.876536][T10237] __sock_sendmsg+0x21c/0x270 [ 312.876571][T10237] ____sys_sendmsg+0x505/0x830 [ 312.876604][T10237] ? __pfx_____sys_sendmsg+0x10/0x10 [ 312.876640][T10237] ? import_iovec+0x74/0xa0 [ 312.876671][T10237] ___sys_sendmsg+0x21f/0x2a0 [ 312.876699][T10237] ? __pfx____sys_sendmsg+0x10/0x10 [ 312.876760][T10237] ? __fget_files+0x2a/0x420 [ 312.876784][T10237] ? __fget_files+0x3a0/0x420 [ 312.876820][T10237] __x64_sys_sendmsg+0x19b/0x260 [ 312.876850][T10237] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 312.876887][T10237] ? __pfx_ksys_write+0x10/0x10 [ 312.876912][T10237] ? do_syscall_64+0xbe/0xfa0 [ 312.876939][T10237] do_syscall_64+0xfa/0xfa0 [ 312.876970][T10237] ? lockdep_hardirqs_on+0x9c/0x150 [ 312.876992][T10237] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.877011][T10237] ? clear_bhb_loop+0x60/0xb0 [ 312.877036][T10237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.877056][T10237] RIP: 0033:0x7fc270d8eec9 [ 312.877074][T10237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.877093][T10237] RSP: 002b:00007fc271cf4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 312.877114][T10237] RAX: ffffffffffffffda RBX: 00007fc270fe5fa0 RCX: 00007fc270d8eec9 [ 312.877130][T10237] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 312.877143][T10237] RBP: 00007fc271cf4090 R08: 0000000000000000 R09: 0000000000000000 [ 312.877156][T10237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.877168][T10237] R13: 00007fc270fe6038 R14: 00007fc270fe5fa0 R15: 00007ffc744e6b18 [ 312.877203][T10237] [ 312.890426][T10239] pimreg: entered allmulticast mode [ 313.008357][T10243] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1351'. [ 313.998605][T10254] FAULT_INJECTION: forcing a failure. [ 313.998605][T10254] name failslab, interval 1, probability 0, space 0, times 0 [ 314.021697][T10254] CPU: 0 UID: 0 PID: 10254 Comm: syz.3.1359 Not tainted syzkaller #0 PREEMPT(full) [ 314.021729][T10254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 314.021744][T10254] Call Trace: [ 314.021753][T10254] [ 314.021763][T10254] dump_stack_lvl+0x189/0x250 [ 314.021801][T10254] ? __pfx____ratelimit+0x10/0x10 [ 314.021825][T10254] ? __pfx_dump_stack_lvl+0x10/0x10 [ 314.021857][T10254] ? __pfx__printk+0x10/0x10 [ 314.021892][T10254] ? __pfx___might_resched+0x10/0x10 [ 314.021924][T10254] should_fail_ex+0x414/0x560 [ 314.021962][T10254] should_failslab+0xa8/0x100 [ 314.021986][T10254] __kmalloc_node_track_caller_noprof+0xcd/0x800 [ 314.022020][T10254] ? kobject_set_name_vargs+0x61/0x110 [ 314.022060][T10254] kvasprintf+0xdc/0x190 [ 314.022093][T10254] ? __pfx_kvasprintf+0x10/0x10 [ 314.022131][T10254] ? kvasprintf_const+0xe1/0x240 [ 314.022162][T10254] kobject_set_name_vargs+0x61/0x110 [ 314.022190][T10254] dev_set_name+0xd4/0x120 [ 314.022226][T10254] ? __pfx_dev_set_name+0x10/0x10 [ 314.022255][T10254] ? __init_waitqueue_head+0xa9/0x150 [ 314.022292][T10254] ? device_initialize+0x24b/0x440 [ 314.022316][T10254] wakeup_source_sysfs_add+0x1a9/0x2c0 [ 314.022346][T10254] wakeup_source_register+0x18a/0x380 [ 314.022373][T10254] ep_insert+0xef6/0x19e0 [ 314.022415][T10254] ? __pfx_ep_insert+0x10/0x10 [ 314.022441][T10254] ? __pfx___mutex_lock+0x10/0x10 [ 314.022478][T10254] ? bpf_lsm_capable+0x9/0x20 [ 314.022516][T10254] do_epoll_ctl+0x7f4/0xe80 [ 314.022551][T10254] __x64_sys_epoll_ctl+0x163/0x1a0 [ 314.022581][T10254] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 314.022612][T10254] ? do_syscall_64+0xbe/0xfa0 [ 314.022641][T10254] do_syscall_64+0xfa/0xfa0 [ 314.022662][T10254] ? lockdep_hardirqs_on+0x9c/0x150 [ 314.022686][T10254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.022707][T10254] ? clear_bhb_loop+0x60/0xb0 [ 314.022733][T10254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.022756][T10254] RIP: 0033:0x7fb46a18eec9 [ 314.022773][T10254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.022791][T10254] RSP: 002b:00007fb46af3e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 314.022812][T10254] RAX: ffffffffffffffda RBX: 00007fb46a3e5fa0 RCX: 00007fb46a18eec9 [ 314.022827][T10254] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 314.022839][T10254] RBP: 00007fb46af3e090 R08: 0000000000000000 R09: 0000000000000000 [ 314.022852][T10254] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000001 [ 314.022865][T10254] R13: 00007fb46a3e6038 R14: 00007fb46a3e5fa0 R15: 00007fff0b6cf758 [ 314.022901][T10254] [ 314.303859][T10252] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1358'. [ 314.679974][T10266] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1363'. [ 314.692555][ T5944] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 314.728210][T10264] syzkaller0: entered promiscuous mode [ 314.742278][T10264] syzkaller0: entered allmulticast mode [ 314.872818][ T5944] usb 5-1: Using ep0 maxpacket: 8 [ 314.898156][ T5944] usb 5-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 314.908895][ T5944] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.942446][ T5944] usb 5-1: Product: syz [ 314.946763][ T5944] usb 5-1: Manufacturer: syz [ 314.951393][ T5944] usb 5-1: SerialNumber: syz [ 314.965160][ T5944] usb 5-1: config 0 descriptor?? [ 314.990374][ T5944] gspca_main: vc032x-2.14.0 probing 046d:0896 [ 315.327191][T10260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 315.341309][T10260] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 315.442318][ T5944] gspca_vc032x: reg_r err -71 [ 315.449150][ T5944] vc032x 5-1:0.0: probe with driver vc032x failed with error -71 [ 315.490625][ T5944] usb 5-1: USB disconnect, device number 40 [ 316.094668][T10289] netlink: 696 bytes leftover after parsing attributes in process `syz.4.1369'. [ 317.141368][ T9] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 317.275722][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.282755][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.312784][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 317.319824][ T9] usb 4-1: config 0 has an invalid interface number: 251 but max is 0 [ 317.328171][ T9] usb 4-1: config 0 has no interface number 0 [ 317.337068][ T9] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 317.347285][ T9] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 317.374939][ T9] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 317.384299][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.392422][ T9] usb 4-1: Product: syz [ 317.396644][ T9] usb 4-1: Manufacturer: syz [ 317.401430][ T9] usb 4-1: SerialNumber: syz [ 317.411815][ T9] usb 4-1: config 0 descriptor?? [ 317.417807][T10312] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 317.426044][T10312] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 317.640877][T10312] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 317.648763][T10312] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 317.858360][ T9] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 317.872278][ T9] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61 [ 317.885830][ T9] asix 4-1:0.251: probe with driver asix failed with error -5 [ 318.072313][T10324] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 318.080203][T10324] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 318.090831][ T5944] usb 5-1: new full-speed USB device number 41 using dummy_hcd [ 318.108642][T10324] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 318.115059][T10324] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 318.125588][T10324] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 318.134979][T10324] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 318.149794][T10324] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 318.156365][T10324] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 318.167569][T10324] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 318.201139][ T5909] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 318.265388][ T5944] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 318.274242][ T5944] usb 5-1: config 0 has no interface number 0 [ 318.283894][ T5944] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 318.296412][ T5944] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.305209][ T5944] usb 5-1: Product: syz [ 318.309899][ T5944] usb 5-1: Manufacturer: syz [ 318.314898][ T5944] usb 5-1: SerialNumber: syz [ 318.322911][ T5944] usb 5-1: config 0 descriptor?? [ 318.360913][ T5909] usb 6-1: Using ep0 maxpacket: 16 [ 318.380554][ T5909] usb 6-1: config index 0 descriptor too short (expected 16456, got 72) [ 318.400011][ T5909] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 318.413221][ T5909] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 318.417845][T10330] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1386'. [ 318.433948][ T5909] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 318.451360][ T5909] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 318.470248][ T5909] usb 6-1: config 0 has no interface number 0 [ 318.480680][ T5909] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 318.510635][ T5909] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 318.531874][ T5909] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 318.551647][ T5909] usb 6-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 318.575244][ T5909] usb 6-1: config 0 interface 125 has no altsetting 0 [ 318.591884][ T5909] usb 6-1: config 0 interface 125 has no altsetting 2 [ 318.608899][ T5909] usb 6-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 318.630345][ T5909] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.639003][ T5909] usb 6-1: Product: syz [ 318.643627][ T5909] usb 6-1: Manufacturer: syz [ 318.648284][ T5909] usb 6-1: SerialNumber: syz [ 318.663999][ T5909] usb 6-1: config 0 descriptor?? [ 318.693353][ T5909] usb 6-1: selecting invalid altsetting 2 [ 318.835711][T10346] netlink: 'syz.0.1388': attribute type 2 has an invalid length. [ 318.846411][T10346] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1388'. [ 318.881250][T10320] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 318.896211][T10320] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 319.350395][ T5944] usb 5-1: non-Atmel transceiver xxxx8ab2 [ 319.359004][T10359] syzkaller0: entered promiscuous mode [ 319.365607][T10359] syzkaller0: entered allmulticast mode [ 319.551764][T10316] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 319.570850][ T5944] usb 5-1: Firmware version (0.0) predates our first public release. [ 319.586606][ T5944] usb 5-1: Please update to version 0.2 or newer [ 319.601926][ T5944] usb 5-1: atusb_probe: initialization failed, error = -19 [ 319.627805][ T5944] usb 5-1: USB disconnect, device number 41 [ 319.908123][ T5917] usb 4-1: USB disconnect, device number 71 [ 320.042768][T10365] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1392'. [ 320.098300][T10366] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1382'. [ 320.138097][ T5185] Bluetooth: hci0: Dropping invalid advertising data [ 320.144189][ T52] Bluetooth: hci3: command 0x0406 tx timeout [ 320.153978][ T5185] Bluetooth: hci0: Malformed LE Event: 0x02 [ 320.158549][ T5864] Bluetooth: hci1: command 0x0406 tx timeout [ 320.165882][ T5185] Bluetooth: hci0: command 0x0405 tx timeout [ 320.223923][ T5185] Bluetooth: hci2: command 0x0c1a tx timeout [ 321.050689][ T5917] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 321.185623][T10376] FAULT_INJECTION: forcing a failure. [ 321.185623][T10376] name failslab, interval 1, probability 0, space 0, times 0 [ 321.203307][T10376] CPU: 0 UID: 0 PID: 10376 Comm: syz.3.1395 Not tainted syzkaller #0 PREEMPT(full) [ 321.203338][T10376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 321.203352][T10376] Call Trace: [ 321.203361][T10376] [ 321.203371][T10376] dump_stack_lvl+0x189/0x250 [ 321.203419][T10376] ? __pfx____ratelimit+0x10/0x10 [ 321.203443][T10376] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.203475][T10376] ? __pfx__printk+0x10/0x10 [ 321.203509][T10376] ? __pfx___might_resched+0x10/0x10 [ 321.203541][T10376] should_fail_ex+0x414/0x560 [ 321.203580][T10376] should_failslab+0xa8/0x100 [ 321.203606][T10376] __kmalloc_node_track_caller_noprof+0xcd/0x800 [ 321.203639][T10376] ? kobject_set_name_vargs+0x61/0x110 [ 321.203671][T10376] kvasprintf+0xdc/0x190 [ 321.203704][T10376] ? __pfx_kvasprintf+0x10/0x10 [ 321.203743][T10376] ? kvasprintf_const+0xe1/0x240 [ 321.203773][T10376] kobject_set_name_vargs+0x61/0x110 [ 321.203808][T10376] dev_set_name+0xd4/0x120 [ 321.203835][T10376] ? __kasan_kmalloc_large+0x85/0xa0 [ 321.203862][T10376] ? __pfx_dev_set_name+0x10/0x10 [ 321.203893][T10376] ? trace_kmalloc+0x1f/0xd0 [ 321.203920][T10376] ? __kmalloc_noprof+0x432/0x7f0 [ 321.203949][T10376] ? wiphy_new_nm+0x625/0x19e0 [ 321.203979][T10376] wiphy_new_nm+0x7a1/0x19e0 [ 321.204002][T10376] ? ieee80211_alloc_hw_nm+0x912/0x1f60 [ 321.204037][T10376] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 321.204067][T10376] ieee80211_alloc_hw_nm+0x3f3/0x1f60 [ 321.204097][T10376] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 321.204135][T10376] mac80211_hwsim_new_radio+0x1eb/0x5220 [ 321.204173][T10376] ? stack_depot_save_flags+0x40/0x860 [ 321.204214][T10376] ? kasan_save_track+0x4f/0x80 [ 321.204243][T10376] ? kasan_save_track+0x3e/0x80 [ 321.204272][T10376] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 321.204288][T10376] ? __asan_memset+0x22/0x50 [ 321.204314][T10376] ? __nla_validate_parse+0x2400/0x2d40 [ 321.204334][T10376] ? __x64_sys_sendmsg+0x19b/0x260 [ 321.204356][T10376] ? do_syscall_64+0xfa/0xfa0 [ 321.204377][T10376] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.204438][T10376] hwsim_new_radio_nl+0xf5b/0x1bd0 [ 321.204468][T10376] ? __pfx___nla_validate_parse+0x10/0x10 [ 321.204507][T10376] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 321.204535][T10376] ? rcu_is_watching+0x15/0xb0 [ 321.204565][T10376] ? __nla_parse+0x40/0x60 [ 321.204593][T10376] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 321.204632][T10376] genl_family_rcv_msg_doit+0x215/0x300 [ 321.204670][T10376] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 321.204715][T10376] ? bpf_lsm_capable+0x9/0x20 [ 321.204740][T10376] ? security_capable+0x7e/0x2e0 [ 321.204770][T10376] genl_rcv_msg+0x60e/0x790 [ 321.204805][T10376] ? __pfx_genl_rcv_msg+0x10/0x10 [ 321.204833][T10376] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 321.204870][T10376] netlink_rcv_skb+0x208/0x470 [ 321.204891][T10376] ? __lock_acquire+0xab9/0xd20 [ 321.204917][T10376] ? __pfx_genl_rcv_msg+0x10/0x10 [ 321.204948][T10376] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 321.204991][T10376] ? down_read+0x1ad/0x2e0 [ 321.205021][T10376] genl_rcv+0x28/0x40 [ 321.205047][T10376] netlink_unicast+0x82f/0x9e0 [ 321.205089][T10376] ? __pfx_netlink_unicast+0x10/0x10 [ 321.205124][T10376] ? netlink_sendmsg+0x642/0xb30 [ 321.205144][T10376] ? skb_put+0x11b/0x210 [ 321.205172][T10376] netlink_sendmsg+0x805/0xb30 [ 321.205206][T10376] ? __pfx_netlink_sendmsg+0x10/0x10 [ 321.205234][T10376] ? aa_sock_msg_perm+0xf1/0x1d0 [ 321.205262][T10376] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 321.205284][T10376] ? __pfx_netlink_sendmsg+0x10/0x10 [ 321.205309][T10376] __sock_sendmsg+0x21c/0x270 [ 321.205344][T10376] ____sys_sendmsg+0x505/0x830 [ 321.205376][T10376] ? __pfx_____sys_sendmsg+0x10/0x10 [ 321.205420][T10376] ? import_iovec+0x74/0xa0 [ 321.205451][T10376] ___sys_sendmsg+0x21f/0x2a0 [ 321.205480][T10376] ? __pfx____sys_sendmsg+0x10/0x10 [ 321.205552][T10376] ? __fget_files+0x2a/0x420 [ 321.205576][T10376] ? __fget_files+0x3a0/0x420 [ 321.205613][T10376] __x64_sys_sendmsg+0x19b/0x260 [ 321.205641][T10376] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 321.205677][T10376] ? __pfx_ksys_write+0x10/0x10 [ 321.205704][T10376] ? do_syscall_64+0xbe/0xfa0 [ 321.205731][T10376] do_syscall_64+0xfa/0xfa0 [ 321.205753][T10376] ? lockdep_hardirqs_on+0x9c/0x150 [ 321.205776][T10376] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.205797][T10376] ? clear_bhb_loop+0x60/0xb0 [ 321.205823][T10376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.205843][T10376] RIP: 0033:0x7fb46a18eec9 [ 321.205863][T10376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.205881][T10376] RSP: 002b:00007fb46af3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 321.205904][T10376] RAX: ffffffffffffffda RBX: 00007fb46a3e5fa0 RCX: 00007fb46a18eec9 [ 321.205921][T10376] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 321.205935][T10376] RBP: 00007fb46af3e090 R08: 0000000000000000 R09: 0000000000000000 [ 321.205949][T10376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.205962][T10376] R13: 00007fb46a3e6038 R14: 00007fb46a3e5fa0 R15: 00007fff0b6cf758 [ 321.205997][T10376] [ 321.211745][ T5917] usb 5-1: Using ep0 maxpacket: 32 [ 321.749422][ T5917] usb 5-1: config index 0 descriptor too short (expected 32334, got 36) [ 321.768131][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 321.789206][ T5917] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00 [ 321.798326][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.883600][ T5917] usb 5-1: config 0 descriptor?? [ 321.897977][T10395] FAULT_INJECTION: forcing a failure. [ 321.897977][T10395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.949383][T10395] CPU: 1 UID: 0 PID: 10395 Comm: syz.0.1401 Not tainted syzkaller #0 PREEMPT(full) [ 321.949411][T10395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 321.949425][T10395] Call Trace: [ 321.949434][T10395] [ 321.949443][T10395] dump_stack_lvl+0x189/0x250 [ 321.949481][T10395] ? __pfx____ratelimit+0x10/0x10 [ 321.949508][T10395] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.949540][T10395] ? __pfx__printk+0x10/0x10 [ 321.949568][T10395] ? __might_fault+0xb0/0x130 [ 321.949617][T10395] should_fail_ex+0x414/0x560 [ 321.949654][T10395] _copy_from_user+0x2d/0xb0 [ 321.949683][T10395] ___sys_sendmsg+0x158/0x2a0 [ 321.949713][T10395] ? __pfx____sys_sendmsg+0x10/0x10 [ 321.949777][T10395] ? __fget_files+0x2a/0x420 [ 321.949802][T10395] ? __fget_files+0x3a0/0x420 [ 321.949839][T10395] __x64_sys_sendmsg+0x19b/0x260 [ 321.949868][T10395] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 321.949905][T10395] ? __pfx_ksys_write+0x10/0x10 [ 321.949931][T10395] ? do_syscall_64+0xbe/0xfa0 [ 321.949958][T10395] do_syscall_64+0xfa/0xfa0 [ 321.949980][T10395] ? lockdep_hardirqs_on+0x9c/0x150 [ 321.950003][T10395] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.950024][T10395] ? clear_bhb_loop+0x60/0xb0 [ 321.950049][T10395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.950068][T10395] RIP: 0033:0x7f28d558eec9 [ 321.950085][T10395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.950103][T10395] RSP: 002b:00007f28d6411038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 321.950124][T10395] RAX: ffffffffffffffda RBX: 00007f28d57e5fa0 RCX: 00007f28d558eec9 [ 321.950140][T10395] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003 [ 321.950154][T10395] RBP: 00007f28d6411090 R08: 0000000000000000 R09: 0000000000000000 [ 321.950167][T10395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.950180][T10395] R13: 00007f28d57e6038 R14: 00007f28d57e5fa0 R15: 00007fffd2fb24c8 [ 321.950215][T10395] [ 322.218816][ T5185] Bluetooth: hci1: command 0x0406 tx timeout [ 322.218966][ T5864] Bluetooth: hci0: command 0x0405 tx timeout [ 322.224911][ T5185] Bluetooth: hci3: command 0x0406 tx timeout [ 322.306389][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 322.379215][ T5944] usb 6-1: USB disconnect, device number 28 [ 322.448078][ T5917] aquacomputer_d5next 0003:0C70:F00A.0032: unknown main item tag 0x7 [ 322.475687][ T5917] aquacomputer_d5next 0003:0C70:F00A.0032: hidraw0: USB HID v0.00 Device [HID 0c70:f00a] on usb-dummy_hcd.4-1/input0 [ 322.619055][ T5917] usb 5-1: USB disconnect, device number 42 [ 322.736856][T10411] syzkaller0: entered promiscuous mode [ 322.751214][T10416] fido_id[10416]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 322.765896][T10411] syzkaller0: entered allmulticast mode [ 322.877026][T10425] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1407'. [ 323.188317][ T5917] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 323.349476][ T5917] usb 4-1: Using ep0 maxpacket: 8 [ 323.364250][ T5917] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 323.376488][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.387852][ T5917] usb 4-1: config 0 descriptor?? [ 324.147857][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807da13800: rx timeout, send abort [ 324.158507][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807da13800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 324.226675][T10439] FAULT_INJECTION: forcing a failure. [ 324.226675][T10439] name failslab, interval 1, probability 0, space 0, times 0 [ 324.240923][T10439] CPU: 1 UID: 0 PID: 10439 Comm: syz.0.1413 Not tainted syzkaller #0 PREEMPT(full) [ 324.240952][T10439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 324.240965][T10439] Call Trace: [ 324.240974][T10439] [ 324.240983][T10439] dump_stack_lvl+0x189/0x250 [ 324.241019][T10439] ? __pfx____ratelimit+0x10/0x10 [ 324.241046][T10439] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.241077][T10439] ? __pfx__printk+0x10/0x10 [ 324.241108][T10439] ? __pfx___might_resched+0x10/0x10 [ 324.241135][T10439] ? fs_reclaim_acquire+0x7d/0x100 [ 324.241161][T10439] should_fail_ex+0x414/0x560 [ 324.241199][T10439] should_failslab+0xa8/0x100 [ 324.241223][T10439] kmem_cache_alloc_noprof+0x74/0x6e0 [ 324.241253][T10439] ? skb_clone+0x212/0x3a0 [ 324.241286][T10439] skb_clone+0x212/0x3a0 [ 324.241327][T10439] pfkey_sendmsg+0x44b/0x1090 [ 324.241373][T10439] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 324.241427][T10439] ? aa_sock_msg_perm+0xf1/0x1d0 [ 324.241474][T10439] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 324.241497][T10439] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 324.241525][T10439] __sock_sendmsg+0x21c/0x270 [ 324.241559][T10439] ____sys_sendmsg+0x505/0x830 [ 324.241599][T10439] ? __pfx_____sys_sendmsg+0x10/0x10 [ 324.241635][T10439] ? import_iovec+0x74/0xa0 [ 324.241665][T10439] ___sys_sendmsg+0x21f/0x2a0 [ 324.241694][T10439] ? __pfx____sys_sendmsg+0x10/0x10 [ 324.241758][T10439] ? __fget_files+0x2a/0x420 [ 324.241789][T10439] ? __fget_files+0x3a0/0x420 [ 324.241826][T10439] __x64_sys_sendmsg+0x19b/0x260 [ 324.241856][T10439] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 324.241893][T10439] ? __pfx_ksys_write+0x10/0x10 [ 324.241926][T10439] ? do_syscall_64+0xbe/0xfa0 [ 324.241954][T10439] do_syscall_64+0xfa/0xfa0 [ 324.241977][T10439] ? lockdep_hardirqs_on+0x9c/0x150 [ 324.242000][T10439] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.242021][T10439] ? clear_bhb_loop+0x60/0xb0 [ 324.242046][T10439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.242065][T10439] RIP: 0033:0x7f28d558eec9 [ 324.242082][T10439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.242097][T10439] RSP: 002b:00007f28d6411038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 324.242117][T10439] RAX: ffffffffffffffda RBX: 00007f28d57e5fa0 RCX: 00007f28d558eec9 [ 324.242133][T10439] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 324.242146][T10439] RBP: 00007f28d6411090 R08: 0000000000000000 R09: 0000000000000000 [ 324.242159][T10439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 324.242172][T10439] R13: 00007f28d57e6038 R14: 00007f28d57e5fa0 R15: 00007fffd2fb24c8 [ 324.242208][T10439] [ 324.519550][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 324.787498][ T940] usb 5-1: new low-speed USB device number 43 using dummy_hcd [ 324.942147][ T940] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 324.951755][ T940] usb 5-1: config 0 has no interface number 0 [ 324.958422][ T940] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 324.970049][ T940] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 324.981694][ T940] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 324.993782][ T940] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 325.005322][ T940] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 325.015391][ T940] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 325.034257][ T940] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 325.043592][ T940] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.057183][ T940] usb 5-1: config 0 descriptor?? [ 325.063360][T10443] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 325.087599][ T940] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 325.282480][ T9] usb 5-1: USB disconnect, device number 43 [ 325.311273][ T9] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 325.426123][T10452] pimreg: entered allmulticast mode [ 325.839074][ T5909] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 325.907267][T10470] syzkaller0: entered promiscuous mode [ 325.912811][T10470] syzkaller0: entered allmulticast mode [ 326.016858][ T5909] usb 1-1: Using ep0 maxpacket: 32 [ 326.037069][ T5909] usb 1-1: config index 0 descriptor too short (expected 32334, got 36) [ 326.045673][ T5909] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 326.055648][ T5909] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00 [ 326.071521][ T5909] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.081691][ T940] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 326.096615][ T5909] usb 1-1: config 0 descriptor?? [ 326.218293][ T940] usb 6-1: device descriptor read/64, error -71 [ 326.381389][T10427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 326.390857][T10427] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 326.404039][ T5917] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 326.415393][ T5917] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9 [ 326.427834][ T5917] asix 4-1:0.0: probe with driver asix failed with error -71 [ 326.450247][ T5917] usb 4-1: USB disconnect, device number 72 [ 326.476773][ T940] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 326.532560][ T5909] aquacomputer_d5next 0003:0C70:F00A.0033: unknown main item tag 0x7 [ 326.550271][ T5909] aquacomputer_d5next 0003:0C70:F00A.0033: hidraw0: USB HID v0.00 Device [HID 0c70:f00a] on usb-dummy_hcd.0-1/input0 [ 326.617727][ T940] usb 6-1: device descriptor read/64, error -71 [ 326.734008][ T9] usb 1-1: USB disconnect, device number 76 [ 326.737662][ T940] usb usb6-port1: attempt power cycle [ 327.106997][ T940] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 327.158209][ T940] usb 6-1: device descriptor read/8, error -71 [ 327.419533][ T940] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 327.451761][ T940] usb 6-1: device descriptor read/8, error -71 [ 327.578757][ T940] usb usb6-port1: unable to enumerate USB device [ 327.684232][T10485] FAULT_INJECTION: forcing a failure. [ 327.684232][T10485] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 327.702171][T10485] CPU: 1 UID: 0 PID: 10485 Comm: syz.0.1428 Not tainted syzkaller #0 PREEMPT(full) [ 327.702198][T10485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 327.702212][T10485] Call Trace: [ 327.702221][T10485] [ 327.702230][T10485] dump_stack_lvl+0x189/0x250 [ 327.702267][T10485] ? __pfx____ratelimit+0x10/0x10 [ 327.702289][T10485] ? __pfx_dump_stack_lvl+0x10/0x10 [ 327.702320][T10485] ? __pfx__printk+0x10/0x10 [ 327.702349][T10485] ? __might_fault+0xb0/0x130 [ 327.702390][T10485] should_fail_ex+0x414/0x560 [ 327.702427][T10485] _copy_from_user+0x2d/0xb0 [ 327.702454][T10485] kvm_arch_vcpu_ioctl+0xd0e/0x2b40 [ 327.702488][T10485] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 327.702515][T10485] ? __lock_acquire+0xab9/0xd20 [ 327.702560][T10485] ? is_bpf_text_address+0x26/0x2b0 [ 327.702590][T10485] ? is_bpf_text_address+0x292/0x2b0 [ 327.702613][T10485] ? is_bpf_text_address+0x26/0x2b0 [ 327.702640][T10485] ? kernel_text_address+0xa5/0xe0 [ 327.702662][T10485] ? __kernel_text_address+0xd/0x40 [ 327.702682][T10485] ? unwind_get_return_address+0x4d/0x90 [ 327.702709][T10485] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 327.702735][T10485] ? arch_stack_walk+0xfc/0x150 [ 327.702770][T10485] ? __pfx_stack_trace_save+0x10/0x10 [ 327.702796][T10485] ? stack_depot_save_flags+0x40/0x860 [ 327.702838][T10485] ? __lock_acquire+0xab9/0xd20 [ 327.702865][T10485] ? __mutex_trylock_common+0x153/0x260 [ 327.702890][T10485] ? __pfx___mutex_trylock_common+0x10/0x10 [ 327.702920][T10485] ? rcu_is_watching+0x15/0xb0 [ 327.702942][T10485] ? trace_contention_end+0x39/0x120 [ 327.702966][T10485] ? __mutex_lock+0x335/0x1350 [ 327.702993][T10485] ? kasan_quarantine_put+0xdd/0x220 [ 327.703017][T10485] ? lockdep_hardirqs_on+0x9c/0x150 [ 327.703036][T10485] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 327.703055][T10485] ? __pfx___mutex_lock+0x10/0x10 [ 327.703081][T10485] ? do_vfs_ioctl+0xbe8/0x1430 [ 327.703096][T10485] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 327.703115][T10485] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 327.703134][T10485] kvm_vcpu_ioctl+0x74d/0xe90 [ 327.703166][T10485] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 327.703203][T10485] ? __fget_files+0x2a/0x420 [ 327.703227][T10485] ? __fget_files+0x3a0/0x420 [ 327.703246][T10485] ? __fget_files+0x2a/0x420 [ 327.703269][T10485] ? bpf_lsm_file_ioctl+0x9/0x20 [ 327.703290][T10485] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 327.703306][T10485] __se_sys_ioctl+0xfc/0x170 [ 327.703323][T10485] do_syscall_64+0xfa/0xfa0 [ 327.703341][T10485] ? lockdep_hardirqs_on+0x9c/0x150 [ 327.703359][T10485] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.703376][T10485] ? clear_bhb_loop+0x60/0xb0 [ 327.703398][T10485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.703414][T10485] RIP: 0033:0x7f28d558eec9 [ 327.703430][T10485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.703444][T10485] RSP: 002b:00007f28d6411038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 327.703463][T10485] RAX: ffffffffffffffda RBX: 00007f28d57e5fa0 RCX: 00007f28d558eec9 [ 327.703475][T10485] RDX: 0000200000000000 RSI: 000000004048aecb RDI: 0000000000000005 [ 327.703486][T10485] RBP: 00007f28d6411090 R08: 0000000000000000 R09: 0000000000000000 [ 327.703497][T10485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 327.703507][T10485] R13: 00007f28d57e6038 R14: 00007f28d57e5fa0 R15: 00007fffd2fb24c8 [ 327.703535][T10485] [ 328.425715][ T9] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 328.443621][T10497] overlayfs: failed to resolve './file1': -2 [ 328.579455][ T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 328.591058][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.599578][ T9] usb 1-1: Product: syz [ 328.603784][ T9] usb 1-1: Manufacturer: syz [ 328.610117][ T9] usb 1-1: SerialNumber: syz [ 328.621930][ T9] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 328.640961][ T5944] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 328.735575][ T89] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 328.905878][ T89] usb 5-1: Using ep0 maxpacket: 32 [ 328.918676][ T89] usb 5-1: config index 0 descriptor too short (expected 32334, got 36) [ 328.929734][ T89] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 328.943958][ T89] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00 [ 328.953502][ T89] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.975577][ T89] usb 5-1: config 0 descriptor?? [ 329.273200][ T940] usb 1-1: USB disconnect, device number 77 [ 329.407262][ T89] aquacomputer_d5next 0003:0C70:F00A.0034: unknown main item tag 0x7 [ 329.440930][ T89] aquacomputer_d5next 0003:0C70:F00A.0034: hidraw0: USB HID v0.00 Device [HID 0c70:f00a] on usb-dummy_hcd.4-1/input0 [ 329.624328][ T5909] usb 5-1: USB disconnect, device number 44 [ 329.715065][ T5917] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 329.870203][ T5917] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 329.879726][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.893380][ T5917] usb 4-1: config 0 descriptor?? [ 329.912263][ T5944] usb 1-1: Service connection timeout for: 256 [ 329.918789][ T5944] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 329.945395][ T5944] ath9k_htc: Failed to initialize the device [ 329.952435][ T940] usb 1-1: ath9k_htc: USB layer deinitialized [ 330.113840][ T5917] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 330.312603][T10515] overlayfs: conflicting lowerdir path [ 330.444134][ T5917] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 330.451231][ T5917] [drm] Initialized udl on minor 2 [ 330.582954][ T5917] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed [ 330.616811][ T5917] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 330.787931][ T5944] usb 4-1: USB disconnect, device number 73 [ 330.789392][ T940] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 330.818313][ T940] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 331.022024][T10514] netlink: 7986 bytes leftover after parsing attributes in process `syz.4.1440'. [ 331.117180][T10520] ======================================================= [ 331.117180][T10520] WARNING: The mand mount option has been deprecated and [ 331.117180][T10520] and is ignored by this kernel. Remove the mand [ 331.117180][T10520] option from the mount to silence this warning. [ 331.117180][T10520] ======================================================= [ 331.193128][T10517] syzkaller0: entered promiscuous mode [ 331.217529][T10517] syzkaller0: entered allmulticast mode [ 331.219643][T10523] overlayfs: failed to resolve './file0': -2 [ 331.374244][ T30] audit: type=1326 audit(1758984096.115:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10527 comm="syz.5.1445" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f108d38eec9 code=0x0 [ 331.412639][ T5917] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 331.440165][T10530] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 331.446757][T10530] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 331.456767][T10530] vhci_hcd vhci_hcd.0: Device attached [ 331.574152][ T5917] usb 5-1: Using ep0 maxpacket: 32 [ 331.583350][ T5917] usb 5-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b [ 331.592824][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.602565][ T5917] usb 5-1: Product: syz [ 331.608332][ T5917] usb 5-1: Manufacturer: syz [ 331.613098][ T5917] usb 5-1: SerialNumber: syz [ 331.724041][ T89] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 331.757349][ T940] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 331.774441][ T5944] usb 40-1: SetAddress Request (2) to port 0 [ 331.780986][ T5944] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 331.836473][ T5917] usb 5-1: palm_os_4_probe - error -71 getting connection info [ 331.846170][ T5917] visor 5-1:1.0: Handspring Visor / Palm OS converter detected [ 331.858505][ T5917] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 331.871287][ T5917] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 331.888038][ T5917] usb 5-1: USB disconnect, device number 45 [ 331.905133][ T89] usb 4-1: Using ep0 maxpacket: 8 [ 331.905821][ T940] usb 6-1: device descriptor read/64, error -71 [ 331.927590][ T5917] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 331.932312][ T89] usb 4-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 331.947822][ T5917] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 331.956023][ T89] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.969887][ T5917] visor 5-1:1.0: device disconnected [ 332.009777][ T89] usb 4-1: config 0 descriptor?? [ 332.025093][ T89] hso 4-1:0.0: Can't find BULK IN endpoint [ 332.174689][ T940] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 332.229724][ T89] usb 4-1: USB disconnect, device number 74 [ 332.250182][T10531] vhci_hcd: connection reset by peer [ 332.263224][ T13] vhci_hcd: stop threads [ 332.269666][ T13] vhci_hcd: release socket [ 332.274438][ T13] vhci_hcd: disconnect device [ 332.317345][ T940] usb 6-1: device descriptor read/64, error -71 [ 332.444475][ T940] usb usb6-port1: attempt power cycle [ 332.469181][T10535] FAULT_INJECTION: forcing a failure. [ 332.469181][T10535] name failslab, interval 1, probability 0, space 0, times 0 [ 332.482602][T10535] CPU: 1 UID: 0 PID: 10535 Comm: syz.4.1447 Not tainted syzkaller #0 PREEMPT(full) [ 332.482631][T10535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 332.482644][T10535] Call Trace: [ 332.482653][T10535] [ 332.482662][T10535] dump_stack_lvl+0x189/0x250 [ 332.482697][T10535] ? __pfx____ratelimit+0x10/0x10 [ 332.482716][T10535] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.482741][T10535] ? __pfx__printk+0x10/0x10 [ 332.482770][T10535] ? __pfx___might_resched+0x10/0x10 [ 332.482791][T10535] ? fs_reclaim_acquire+0x7d/0x100 [ 332.482811][T10535] should_fail_ex+0x414/0x560 [ 332.482842][T10535] should_failslab+0xa8/0x100 [ 332.482865][T10535] __kmalloc_noprof+0xcb/0x7f0 [ 332.482893][T10535] ? rcu_is_watching+0x15/0xb0 [ 332.482918][T10535] ? security_prepare_creds+0x52/0x390 [ 332.482940][T10535] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 332.482972][T10535] security_prepare_creds+0x52/0x390 [ 332.482997][T10535] prepare_creds+0x497/0x6c0 [ 332.483021][T10535] copy_creds+0x106/0xa10 [ 332.483049][T10535] copy_process+0x964/0x3c20 [ 332.483098][T10535] ? get_pid_task+0x20/0x1f0 [ 332.483132][T10535] ? __pfx_copy_process+0x10/0x10 [ 332.483172][T10535] kernel_clone+0x21e/0x840 [ 332.483199][T10535] ? vfs_write+0x956/0xb30 [ 332.483225][T10535] ? __pfx_kernel_clone+0x10/0x10 [ 332.483263][T10535] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 332.483296][T10535] __x64_sys_clone+0x185/0x1e0 [ 332.483328][T10535] ? __pfx___x64_sys_clone+0x10/0x10 [ 332.483373][T10535] ? __pfx_ksys_write+0x10/0x10 [ 332.483394][T10535] ? do_syscall_64+0xbe/0xfa0 [ 332.483417][T10535] do_syscall_64+0xfa/0xfa0 [ 332.483435][T10535] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.483453][T10535] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.483470][T10535] ? clear_bhb_loop+0x60/0xb0 [ 332.483490][T10535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.483527][T10535] RIP: 0033:0x7fc270d8eec9 [ 332.483543][T10535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.483559][T10535] RSP: 002b:00007fc271cf3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 332.483578][T10535] RAX: ffffffffffffffda RBX: 00007fc270fe5fa0 RCX: 00007fc270d8eec9 [ 332.483590][T10535] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 332.483600][T10535] RBP: 00007fc271cf4090 R08: 0000000000000000 R09: 0000000000000000 [ 332.483611][T10535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 332.483621][T10535] R13: 00007fc270fe6038 R14: 00007fc270fe5fa0 R15: 00007ffc744e6b18 [ 332.483649][T10535] [ 333.031580][ T940] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 333.078083][ T940] usb 6-1: device descriptor read/8, error -71 [ 333.163333][ T9] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 333.334896][ T940] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 333.343207][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 333.363572][ T9] usb 5-1: config index 0 descriptor too short (expected 32334, got 36) [ 333.370934][ T940] usb 6-1: device descriptor read/8, error -71 [ 333.372232][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 333.389078][ T9] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00 [ 333.398297][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.410648][ T9] usb 5-1: config 0 descriptor?? [ 333.495964][ T940] usb usb6-port1: unable to enumerate USB device [ 333.809349][T10544] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11) [ 333.816028][T10544] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 333.824036][T10544] vhci_hcd vhci_hcd.0: Device attached [ 333.843850][ T9] aquacomputer_d5next 0003:0C70:F00A.0035: unknown main item tag 0x7 [ 333.857415][ T9] aquacomputer_d5next 0003:0C70:F00A.0035: hidraw0: USB HID v0.00 Device [HID 0c70:f00a] on usb-dummy_hcd.4-1/input0 [ 334.003022][ T89] vhci_hcd: vhci_device speed not set [ 334.040559][ T5909] usb 5-1: USB disconnect, device number 46 [ 334.073951][ T940] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 334.075484][ T89] usb 33-1: new full-speed USB device number 2 using vhci_hcd [ 334.242886][ T940] usb 1-1: Using ep0 maxpacket: 8 [ 334.250416][ T940] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 334.263251][ T940] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 334.279753][ T940] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 334.291310][ T940] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.299880][ T940] usb 1-1: Product: syz [ 334.304657][ T940] usb 1-1: Manufacturer: syz [ 334.309343][ T940] usb 1-1: SerialNumber: syz [ 334.316729][ T940] usb 1-1: config 0 descriptor?? [ 334.532019][T10544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 334.542400][T10544] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 334.662547][ T9] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 334.725357][T10567] syzkaller0: entered promiscuous mode [ 334.731019][T10567] syzkaller0: entered allmulticast mode [ 334.834696][ T9] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 334.842733][ T5909] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 334.848105][ T9] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 334.868270][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 334.879806][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 334.888095][ T9] usb 4-1: SerialNumber: syz [ 335.022362][ T5909] usb 6-1: Using ep0 maxpacket: 32 [ 335.030966][ T5909] usb 6-1: unable to get BOS descriptor or descriptor too short [ 335.040523][ T5909] usb 6-1: config 6 has an invalid interface number: 123 but max is 0 [ 335.048864][ T5909] usb 6-1: config 6 has no interface number 0 [ 335.055540][ T5909] usb 6-1: config 6 interface 123 has no altsetting 0 [ 335.063627][ T5909] usb 6-1: string descriptor 0 read error: -22 [ 335.070637][ T5909] usb 6-1: New USB device found, idVendor=2184, idProduct=0036, bcdDevice=cb.85 [ 335.081228][ T5909] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.107516][ T9] usbtest 4-1:1.0: couldn't get endpoints, -22 [ 335.131380][ T9] usbtest 4-1:1.0: probe with driver usbtest failed with error -22 [ 335.147001][ T9] usb 4-1: USB disconnect, device number 75 [ 335.310240][T10565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 335.321430][T10565] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 335.331232][ T940] usb 6-1: USB disconnect, device number 37 [ 336.159866][T10586] FAULT_INJECTION: forcing a failure. [ 336.159866][T10586] name failslab, interval 1, probability 0, space 0, times 0 [ 336.173911][T10586] CPU: 1 UID: 0 PID: 10586 Comm: syz.3.1466 Not tainted syzkaller #0 PREEMPT(full) [ 336.173940][T10586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 336.173954][T10586] Call Trace: [ 336.173963][T10586] [ 336.173972][T10586] dump_stack_lvl+0x189/0x250 [ 336.174009][T10586] ? __pfx____ratelimit+0x10/0x10 [ 336.174033][T10586] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.174087][T10586] ? __pfx__printk+0x10/0x10 [ 336.174121][T10586] ? __pfx___might_resched+0x10/0x10 [ 336.174148][T10586] ? fs_reclaim_acquire+0x7d/0x100 [ 336.174175][T10586] should_fail_ex+0x414/0x560 [ 336.174221][T10586] should_failslab+0xa8/0x100 [ 336.174245][T10586] __kmalloc_cache_noprof+0x6f/0x6f0 [ 336.174277][T10586] ? kvm_assign_ioeventfd_idx+0x95/0x920 [ 336.174310][T10586] kvm_assign_ioeventfd_idx+0x95/0x920 [ 336.174333][T10586] ? __might_fault+0xb0/0x130 [ 336.174378][T10586] kvm_ioeventfd+0x1ee/0x330 [ 336.174406][T10586] kvm_vm_ioctl+0x942/0xc60 [ 336.174435][T10586] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 336.174485][T10586] ? kasan_quarantine_put+0xdd/0x220 [ 336.174514][T10586] ? lockdep_hardirqs_on+0x9c/0x150 [ 336.174546][T10586] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 336.174571][T10586] ? do_vfs_ioctl+0xbe8/0x1430 [ 336.174589][T10586] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 336.174611][T10586] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 336.174670][T10586] ? __fget_files+0x2a/0x420 [ 336.174700][T10586] ? __fget_files+0x3a0/0x420 [ 336.174729][T10586] ? __fget_files+0x2a/0x420 [ 336.174757][T10586] ? bpf_lsm_file_ioctl+0x9/0x20 [ 336.174782][T10586] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 336.174809][T10586] __se_sys_ioctl+0xfc/0x170 [ 336.174831][T10586] do_syscall_64+0xfa/0xfa0 [ 336.174853][T10586] ? lockdep_hardirqs_on+0x9c/0x150 [ 336.174876][T10586] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.174897][T10586] ? clear_bhb_loop+0x60/0xb0 [ 336.174921][T10586] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.174941][T10586] RIP: 0033:0x7fb46a18eec9 [ 336.174960][T10586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.174978][T10586] RSP: 002b:00007fb46af3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 336.175001][T10586] RAX: ffffffffffffffda RBX: 00007fb46a3e5fa0 RCX: 00007fb46a18eec9 [ 336.175016][T10586] RDX: 0000200000000140 RSI: 000000004040ae79 RDI: 0000000000000004 [ 336.175030][T10586] RBP: 00007fb46af3e090 R08: 0000000000000000 R09: 0000000000000000 [ 336.175044][T10586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 336.175056][T10586] R13: 00007fb46a3e6038 R14: 00007fb46a3e5fa0 R15: 00007fff0b6cf758 [ 336.175088][T10586] [ 336.659538][T10582] nbd0: detected capacity change from 0 to 127 [ 336.681877][ T5864] block nbd0: Receive control failed (result -32) [ 336.692028][ T52] block nbd0: Receive control failed (result -32) [ 336.693508][ T9986] block nbd0: Send control failed (result -32) [ 336.706270][ T9986] block nbd0: Request send failed, requeueing [ 336.723029][ T25] block nbd0: Dead connection, failed to find a fallback [ 336.730809][ T25] block nbd0: shutting down sockets [ 336.740492][ T25] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 336.751058][ T25] buffer_io_error: 28 callbacks suppressed [ 336.751076][ T25] Buffer I/O error on dev nbd0, logical block 0, async page read [ 336.757566][ T9986] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 336.814229][ T9986] Buffer I/O error on dev nbd0, logical block 1, async page read [ 336.829002][ T9] usb 1-1: USB disconnect, device number 78 [ 336.852269][ T5944] usb 40-1: device descriptor read/8, error -110 [ 336.864391][T10545] vhci_hcd: connection reset by peer [ 336.871662][ T36] vhci_hcd: stop threads [ 336.875992][ T36] vhci_hcd: release socket [ 336.886398][ T9986] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 336.916805][ T36] vhci_hcd: disconnect device [ 336.935925][ T9986] Buffer I/O error on dev nbd0, logical block 2, async page read [ 336.951962][ T9986] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 336.969930][ T9986] Buffer I/O error on dev nbd0, logical block 3, async page read [ 336.988869][ T9986] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 337.019324][ T9986] Buffer I/O error on dev nbd0, logical block 0, async page read [ 337.041439][ T9986] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 337.050826][ T9986] Buffer I/O error on dev nbd0, logical block 1, async page read [ 337.061497][ T9986] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 337.070638][ T9986] Buffer I/O error on dev nbd0, logical block 2, async page read [ 337.081574][ T940] usb 4-1: new full-speed USB device number 76 using dummy_hcd [ 337.086251][ T9986] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 337.110299][ T9986] Buffer I/O error on dev nbd0, logical block 3, async page read [ 337.144867][ T9986] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 337.164990][ T9986] Buffer I/O error on dev nbd0, logical block 0, async page read [ 337.175779][ T9986] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 337.185041][ T9986] Buffer I/O error on dev nbd0, logical block 1, async page read [ 337.216599][ T9986] ldm_validate_partition_table(): Disk read failed. [ 337.234365][ T9986] Dev nbd0: unable to read RDB block 0 [ 337.256896][ T940] usb 4-1: config 0 has no interfaces? [ 337.262833][ T940] usb 4-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 337.274475][ T9986] nbd0: unable to read partition table [ 337.289994][ T940] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.315728][ T940] usb 4-1: config 0 descriptor?? [ 337.323015][ T5944] usb usb40-port1: attempt power cycle [ 337.332883][T10602] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 337.334187][ T9986] ldm_validate_partition_table(): Disk read failed. [ 337.368374][ T9986] Dev nbd0: unable to read RDB block 0 [ 337.378069][ T9986] nbd0: unable to read partition table [ 337.565257][ T940] usb 4-1: USB disconnect, device number 76 [ 337.605722][ T10] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 337.781648][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 337.792149][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 337.810576][ T10] usb 6-1: New USB device found, idVendor=057e, idProduct=201e, bcdDevice= 0.00 [ 337.828003][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.828664][T10620] FAULT_INJECTION: forcing a failure. [ 337.828664][T10620] name failslab, interval 1, probability 0, space 0, times 0 [ 337.852715][T10620] CPU: 1 UID: 0 PID: 10620 Comm: syz.4.1477 Not tainted syzkaller #0 PREEMPT(full) [ 337.852744][T10620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 337.852758][T10620] Call Trace: [ 337.852768][T10620] [ 337.852777][T10620] dump_stack_lvl+0x189/0x250 [ 337.852814][T10620] ? __pfx____ratelimit+0x10/0x10 [ 337.852837][T10620] ? __pfx_dump_stack_lvl+0x10/0x10 [ 337.852869][T10620] ? __pfx__printk+0x10/0x10 [ 337.852901][T10620] ? __pfx___might_resched+0x10/0x10 [ 337.852928][T10620] ? fs_reclaim_acquire+0x7d/0x100 [ 337.852954][T10620] should_fail_ex+0x414/0x560 [ 337.852992][T10620] should_failslab+0xa8/0x100 [ 337.853017][T10620] __kmalloc_cache_noprof+0x6f/0x6f0 [ 337.853050][T10620] ? __request_module+0x2b5/0x5e0 [ 337.853082][T10620] __request_module+0x2b5/0x5e0 [ 337.853112][T10620] ? __pfx___request_module+0x10/0x10 [ 337.853153][T10620] ? security_capable+0x7e/0x2e0 [ 337.853181][T10620] ? dev_load+0x21/0x1f0 [ 337.853201][T10620] dev_load+0x190/0x1f0 [ 337.853223][T10620] dev_ioctl+0x837/0x1150 [ 337.853248][T10620] sock_ioctl+0x719/0x790 [ 337.853280][T10620] ? __pfx_sock_ioctl+0x10/0x10 [ 337.853313][T10620] ? __fget_files+0x3a0/0x420 [ 337.853339][T10620] ? __fget_files+0x2a/0x420 [ 337.853379][T10620] ? bpf_lsm_file_ioctl+0x9/0x20 [ 337.853405][T10620] ? __pfx_sock_ioctl+0x10/0x10 [ 337.853433][T10620] __se_sys_ioctl+0xfc/0x170 [ 337.853455][T10620] do_syscall_64+0xfa/0xfa0 [ 337.853477][T10620] ? lockdep_hardirqs_on+0x9c/0x150 [ 337.853500][T10620] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.853522][T10620] ? clear_bhb_loop+0x60/0xb0 [ 337.853551][T10620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.853572][T10620] RIP: 0033:0x7fc270d8eec9 [ 337.853591][T10620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 337.853609][T10620] RSP: 002b:00007fc271cf4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 337.853631][T10620] RAX: ffffffffffffffda RBX: 00007fc270fe5fa0 RCX: 00007fc270d8eec9 [ 337.853646][T10620] RDX: 0000200000000080 RSI: 00000000000089f3 RDI: 0000000000000003 [ 337.853660][T10620] RBP: 00007fc271cf4090 R08: 0000000000000000 R09: 0000000000000000 [ 337.853674][T10620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 337.853686][T10620] R13: 00007fc270fe6038 R14: 00007fc270fe5fa0 R15: 00007ffc744e6b18 [ 337.853725][T10620] [ 337.861858][ T10] usb 6-1: config 0 descriptor?? [ 338.052087][ C0] vkms_vblank_simulate: vblank timer overrun [ 338.118732][ T5944] usb usb40-port1: unable to enumerate USB device [ 338.536989][ T10] [ 338.539390][ T10] ====================================================== [ 338.546418][ T10] WARNING: possible circular locking dependency detected [ 338.553464][ T10] syzkaller #0 Not tainted [ 338.557906][ T10] ------------------------------------------------------ [ 338.564944][ T10] kworker/0:1/10 is trying to acquire lock: [ 338.570935][ T10] ffffffff8e645260 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_node_noprof+0x48/0x710 [ 338.580795][ T10] [ 338.580795][ T10] but task is already holding lock: [ 338.588161][ T10] ffffffff8e3e3aa8 (wq_pool_mutex){+.+.}-{4:4}, at: __alloc_workqueue+0x9f0/0x1b80 [ 338.597594][ T10] [ 338.597594][ T10] which lock already depends on the new lock. [ 338.597594][ T10] [ 338.608008][ T10] [ 338.608008][ T10] the existing dependency chain (in reverse order) is: [ 338.617129][ T10] [ 338.617129][ T10] -> #8 (wq_pool_mutex){+.+.}-{4:4}: [ 338.624802][ T10] lock_acquire+0x120/0x360 [ 338.629951][ T10] __mutex_lock+0x187/0x1350 [ 338.635115][ T10] __alloc_workqueue+0x9f0/0x1b80 [ 338.640760][ T10] alloc_workqueue_noprof+0xd4/0x210 [ 338.646604][ T10] padata_alloc+0xc1/0x370 [ 338.651555][ T10] pcrypt_init_padata+0x27/0x100 [ 338.657035][ T10] pcrypt_init+0x60/0xc0 [ 338.661814][ T10] do_one_initcall+0x236/0x820 [ 338.667121][ T10] do_initcall_level+0x104/0x190 [ 338.672610][ T10] do_initcalls+0x59/0xa0 [ 338.677468][ T10] kernel_init_freeable+0x334/0x4b0 [ 338.683195][ T10] kernel_init+0x1d/0x1d0 [ 338.688071][ T10] ret_from_fork+0x4bc/0x870 [ 338.693275][ T10] ret_from_fork_asm+0x1a/0x30 [ 338.698568][ T10] [ 338.698568][ T10] -> #7 (cpu_hotplug_lock){++++}-{0:0}: [ 338.706328][ T10] lock_acquire+0x120/0x360 [ 338.711370][ T10] cpus_read_lock+0x42/0x160 [ 338.716496][ T10] static_key_slow_inc+0x12/0x30 [ 338.721987][ T10] udp_lib_setsockopt+0x3bc/0x970 [ 338.727573][ T10] udp_setsockopt+0x77/0xc0 [ 338.732621][ T10] do_sock_setsockopt+0x17c/0x1b0 [ 338.738317][ T10] __x64_sys_setsockopt+0x13f/0x1b0 [ 338.744182][ T10] do_syscall_64+0xfa/0xfa0 [ 338.749317][ T10] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.755746][ T10] [ 338.755746][ T10] -> #6 (sk_lock-AF_INET){+.+.}-{0:0}: [ 338.763434][ T10] lock_acquire+0x120/0x360 [ 338.768477][ T10] lock_sock_nested+0x48/0x100 [ 338.773801][ T10] inet_shutdown+0x6a/0x390 [ 338.778846][ T10] nbd_mark_nsock_dead+0x2e9/0x560 [ 338.784501][ T10] sock_shutdown+0x15e/0x260 [ 338.789830][ T10] nbd_config_put+0x342/0x790 [ 338.795054][ T10] nbd_release+0xfe/0x140 [ 338.799925][ T10] bdev_release+0x536/0x650 [ 338.804968][ T10] blkdev_release+0x15/0x20 [ 338.810010][ T10] __fput+0x44c/0xa70 [ 338.814527][ T10] task_work_run+0x1d4/0x260 [ 338.819664][ T10] exit_to_user_mode_loop+0xe9/0x130 [ 338.825488][ T10] do_syscall_64+0x2bd/0xfa0 [ 338.830612][ T10] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.837032][ T10] [ 338.837032][ T10] -> #5 (&nsock->tx_lock){+.+.}-{4:4}: [ 338.844693][ T10] lock_acquire+0x120/0x360 [ 338.849743][ T10] __mutex_lock+0x187/0x1350 [ 338.854864][ T10] nbd_queue_rq+0x257/0xf10 [ 338.859958][ T10] blk_mq_dispatch_rq_list+0x4c0/0x1900 [ 338.866050][ T10] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 338.872935][ T10] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 338.879454][ T10] blk_mq_run_hw_queue+0x348/0x4f0 [ 338.885112][ T10] blk_mq_dispatch_list+0xd0c/0xe00 [ 338.890848][ T10] blk_mq_flush_plug_list+0x469/0x550 [ 338.896752][ T10] __blk_flush_plug+0x3d3/0x4b0 [ 338.902135][ T10] __submit_bio+0x2d3/0x5a0 [ 338.907172][ T10] submit_bio_noacct_nocheck+0x2fb/0xa50 [ 338.913353][ T10] block_read_full_folio+0x599/0x830 [ 338.919186][ T10] filemap_read_folio+0x117/0x380 [ 338.925026][ T10] do_read_cache_folio+0x350/0x590 [ 338.930685][ T10] read_part_sector+0xb6/0x2b0 [ 338.936002][ T10] adfspart_check_ICS+0xa4/0xa50 [ 338.941498][ T10] bdev_disk_changed+0x75f/0x14b0 [ 338.947086][ T10] blkdev_get_whole+0x380/0x510 [ 338.952476][ T10] bdev_open+0x31e/0xd30 [ 338.957250][ T10] blkdev_open+0x457/0x600 [ 338.962214][ T10] do_dentry_open+0x953/0x13f0 [ 338.967567][ T10] vfs_open+0x3b/0x340 [ 338.972303][ T10] path_openat+0x2ee5/0x3830 [ 338.977445][ T10] do_filp_open+0x1fa/0x410 [ 338.982501][ T10] do_sys_openat2+0x121/0x1c0 [ 338.987754][ T10] __x64_sys_openat+0x138/0x170 [ 338.993184][ T10] do_syscall_64+0xfa/0xfa0 [ 338.998231][ T10] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.004656][ T10] [ 339.004656][ T10] -> #4 (&cmd->lock){+.+.}-{4:4}: [ 339.011933][ T10] lock_acquire+0x120/0x360 [ 339.016990][ T10] __mutex_lock+0x187/0x1350 [ 339.022112][ T10] nbd_queue_rq+0xc8/0xf10 [ 339.027067][ T10] blk_mq_dispatch_rq_list+0x4c0/0x1900 [ 339.033232][ T10] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 339.040098][ T10] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 339.046612][ T10] blk_mq_run_hw_queue+0x348/0x4f0 [ 339.052259][ T10] blk_mq_dispatch_list+0xd0c/0xe00 [ 339.058015][ T10] blk_mq_flush_plug_list+0x469/0x550 [ 339.064023][ T10] __blk_flush_plug+0x3d3/0x4b0 [ 339.069430][ T10] __submit_bio+0x2d3/0x5a0 [ 339.074579][ T10] submit_bio_noacct_nocheck+0x2fb/0xa50 [ 339.080773][ T10] block_read_full_folio+0x599/0x830 [ 339.086613][ T10] filemap_read_folio+0x117/0x380 [ 339.092212][ T10] do_read_cache_folio+0x350/0x590 [ 339.097895][ T10] read_part_sector+0xb6/0x2b0 [ 339.103212][ T10] adfspart_check_ICS+0xa4/0xa50 [ 339.108685][ T10] bdev_disk_changed+0x75f/0x14b0 [ 339.114530][ T10] blkdev_get_whole+0x380/0x510 [ 339.120004][ T10] bdev_open+0x31e/0xd30 [ 339.124792][ T10] blkdev_open+0x457/0x600 [ 339.129754][ T10] do_dentry_open+0x953/0x13f0 [ 339.135156][ T10] vfs_open+0x3b/0x340 [ 339.139890][ T10] path_openat+0x2ee5/0x3830 [ 339.145052][ T10] do_filp_open+0x1fa/0x410 [ 339.150110][ T10] do_sys_openat2+0x121/0x1c0 [ 339.155365][ T10] __x64_sys_openat+0x138/0x170 [ 339.160769][ T10] do_syscall_64+0xfa/0xfa0 [ 339.165898][ T10] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.172327][ T10] [ 339.172327][ T10] -> #3 (set->srcu){.+.+}-{0:0}: [ 339.179482][ T10] lock_sync+0xba/0x160 [ 339.184188][ T10] __synchronize_srcu+0x96/0x3a0 [ 339.189664][ T10] elevator_switch+0x12b/0x640 [ 339.195050][ T10] elevator_change+0x315/0x4c0 [ 339.200349][ T10] elevator_set_default+0x186/0x260 [ 339.206089][ T10] blk_register_queue+0x34e/0x3f0 [ 339.211647][ T10] __add_disk+0x677/0xd50 [ 339.216525][ T10] add_disk_fwnode+0xfc/0x480 [ 339.221822][ T10] nbd_dev_add+0x717/0xae0 [ 339.226771][ T10] nbd_init+0x168/0x1f0 [ 339.231465][ T10] do_one_initcall+0x236/0x820 [ 339.236757][ T10] do_initcall_level+0x104/0x190 [ 339.242222][ T10] do_initcalls+0x59/0xa0 [ 339.247078][ T10] kernel_init_freeable+0x334/0x4b0 [ 339.252811][ T10] kernel_init+0x1d/0x1d0 [ 339.257679][ T10] ret_from_fork+0x4bc/0x870 [ 339.262906][ T10] ret_from_fork_asm+0x1a/0x30 [ 339.268204][ T10] [ 339.268204][ T10] -> #2 (&q->elevator_lock){+.+.}-{4:4}: [ 339.276137][ T10] lock_acquire+0x120/0x360 [ 339.281176][ T10] __mutex_lock+0x187/0x1350 [ 339.286398][ T10] elevator_change+0x1e5/0x4c0 [ 339.291695][ T10] elevator_set_none+0x42/0xb0 [ 339.296990][ T10] blk_mq_update_nr_hw_queues+0x598/0x1ab0 [ 339.303333][ T10] nbd_start_device+0x17f/0xb10 [ 339.308721][ T10] nbd_genl_connect+0x135b/0x18f0 [ 339.314295][ T10] genl_family_rcv_msg_doit+0x215/0x300 [ 339.320375][ T10] genl_rcv_msg+0x60e/0x790 [ 339.325445][ T10] netlink_rcv_skb+0x208/0x470 [ 339.330750][ T10] genl_rcv+0x28/0x40 [ 339.335281][ T10] netlink_unicast+0x82f/0x9e0 [ 339.340606][ T10] netlink_sendmsg+0x805/0xb30 [ 339.345896][ T10] __sock_sendmsg+0x21c/0x270 [ 339.351115][ T10] ____sys_sendmsg+0x505/0x830 [ 339.356516][ T10] ___sys_sendmsg+0x21f/0x2a0 [ 339.361721][ T10] __x64_sys_sendmsg+0x19b/0x260 [ 339.367186][ T10] do_syscall_64+0xfa/0xfa0 [ 339.372263][ T10] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.378878][ T10] [ 339.378878][ T10] -> #1 (&q->q_usage_counter(io)#49){++++}-{0:0}: [ 339.387516][ T10] lock_acquire+0x120/0x360 [ 339.392557][ T10] blk_alloc_queue+0x538/0x620 [ 339.397851][ T10] __blk_mq_alloc_disk+0x15c/0x340 [ 339.403492][ T10] nbd_dev_add+0x46c/0xae0 [ 339.408447][ T10] nbd_init+0x168/0x1f0 [ 339.413138][ T10] do_one_initcall+0x236/0x820 [ 339.418442][ T10] do_initcall_level+0x104/0x190 [ 339.423909][ T10] do_initcalls+0x59/0xa0 [ 339.428786][ T10] kernel_init_freeable+0x334/0x4b0 [ 339.434613][ T10] kernel_init+0x1d/0x1d0 [ 339.439482][ T10] ret_from_fork+0x4bc/0x870 [ 339.444688][ T10] ret_from_fork_asm+0x1a/0x30 [ 339.449997][ T10] [ 339.449997][ T10] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 339.457233][ T10] validate_chain+0xb9b/0x2140 [ 339.462547][ T10] __lock_acquire+0xab9/0xd20 [ 339.467757][ T10] lock_acquire+0x120/0x360 [ 339.472786][ T10] fs_reclaim_acquire+0x72/0x100 [ 339.478266][ T10] kmem_cache_alloc_node_noprof+0x48/0x710 [ 339.484612][ T10] __alloc_workqueue+0xc23/0x1b80 [ 339.490167][ T10] alloc_workqueue_noprof+0xd4/0x210 [ 339.495991][ T10] nintendo_hid_probe+0x206/0x3810 [ 339.501669][ T10] hid_device_probe+0x416/0x7a0 [ 339.507067][ T10] really_probe+0x26d/0x9e0 [ 339.512099][ T10] __driver_probe_device+0x18c/0x2f0 [ 339.517940][ T10] driver_probe_device+0x4f/0x430 [ 339.523509][ T10] __device_attach_driver+0x2ce/0x530 [ 339.529495][ T10] bus_for_each_drv+0x251/0x2e0 [ 339.534920][ T10] __device_attach+0x2b8/0x400 [ 339.540310][ T10] bus_probe_device+0x185/0x260 [ 339.545717][ T10] device_add+0x7b6/0xb50 [ 339.550717][ T10] hid_add_device+0x272/0x3e0 [ 339.555948][ T10] usbhid_probe+0xe13/0x12a0 [ 339.561082][ T10] usb_probe_interface+0x668/0xc30 [ 339.566734][ T10] really_probe+0x26d/0x9e0 [ 339.571787][ T10] __driver_probe_device+0x18c/0x2f0 [ 339.577618][ T10] driver_probe_device+0x4f/0x430 [ 339.583174][ T10] __device_attach_driver+0x2ce/0x530 [ 339.589083][ T10] bus_for_each_drv+0x251/0x2e0 [ 339.594469][ T10] __device_attach+0x2b8/0x400 [ 339.599774][ T10] bus_probe_device+0x185/0x260 [ 339.605159][ T10] device_add+0x7b6/0xb50 [ 339.610035][ T10] usb_set_configuration+0x1a87/0x20e0 [ 339.616024][ T10] usb_generic_driver_probe+0x8d/0x150 [ 339.622008][ T10] usb_probe_device+0x1c4/0x390 [ 339.627388][ T10] really_probe+0x26d/0x9e0 [ 339.632419][ T10] __driver_probe_device+0x18c/0x2f0 [ 339.638230][ T10] driver_probe_device+0x4f/0x430 [ 339.643778][ T10] __device_attach_driver+0x2ce/0x530 [ 339.649680][ T10] bus_for_each_drv+0x251/0x2e0 [ 339.655060][ T10] __device_attach+0x2b8/0x400 [ 339.660352][ T10] bus_probe_device+0x185/0x260 [ 339.665736][ T10] device_add+0x7b6/0xb50 [ 339.670585][ T10] usb_new_device+0xa39/0x16f0 [ 339.675881][ T10] hub_event+0x2958/0x4a20 [ 339.680834][ T10] process_scheduled_works+0xae1/0x17b0 [ 339.686928][ T10] worker_thread+0x8a0/0xda0 [ 339.692077][ T10] kthread+0x711/0x8a0 [ 339.696688][ T10] ret_from_fork+0x4bc/0x870 [ 339.701824][ T10] ret_from_fork_asm+0x1a/0x30 [ 339.707124][ T10] [ 339.707124][ T10] other info that might help us debug this: [ 339.707124][ T10] [ 339.717359][ T10] Chain exists of: [ 339.717359][ T10] fs_reclaim --> cpu_hotplug_lock --> wq_pool_mutex [ 339.717359][ T10] [ 339.729891][ T10] Possible unsafe locking scenario: [ 339.729891][ T10] [ 339.737452][ T10] CPU0 CPU1 [ 339.742823][ T10] ---- ---- [ 339.748293][ T10] lock(wq_pool_mutex); [ 339.752571][ T10] lock(cpu_hotplug_lock); [ 339.759607][ T10] lock(wq_pool_mutex); [ 339.766395][ T10] lock(fs_reclaim); [ 339.770417][ T10] [ 339.770417][ T10] *** DEADLOCK *** [ 339.770417][ T10] [ 339.778567][ T10] 7 locks held by kworker/0:1/10: [ 339.783691][ T10] #0: ffff888022687148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 339.795116][ T10] #1: ffffc900000f7ba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 339.806981][ T10] #2: ffff8881457bb198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20 [ 339.815884][ T10] #3: ffff88807a310198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 339.825133][ T10] #4: ffff888144abf160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 339.834379][ T10] #5: ffff88802ffada20 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 339.843619][ T10] #6: ffffffff8e3e3aa8 (wq_pool_mutex){+.+.}-{4:4}, at: __alloc_workqueue+0x9f0/0x1b80 [ 339.853380][ T10] [ 339.853380][ T10] stack backtrace: [ 339.859274][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) [ 339.859295][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 339.859309][ T10] Workqueue: usb_hub_wq hub_event [ 339.859328][ T10] Call Trace: [ 339.859337][ T10] [ 339.859346][ T10] dump_stack_lvl+0x189/0x250 [ 339.859375][ T10] ? __pfx_dump_stack_lvl+0x10/0x10 [ 339.859400][ T10] ? __pfx__printk+0x10/0x10 [ 339.859423][ T10] ? print_lock_name+0xde/0x100 [ 339.859447][ T10] print_circular_bug+0x2ee/0x310 [ 339.859472][ T10] check_noncircular+0x134/0x160 [ 339.859498][ T10] validate_chain+0xb9b/0x2140 [ 339.859522][ T10] ? pcpu_block_update+0x437/0x8d0 [ 339.859545][ T10] ? pcpu_alloc_noprof+0xd4d/0x1720 [ 339.859563][ T10] __lock_acquire+0xab9/0xd20 [ 339.859584][ T10] ? kmem_cache_alloc_node_noprof+0x48/0x710 [ 339.859610][ T10] lock_acquire+0x120/0x360 [ 339.859628][ T10] ? kmem_cache_alloc_node_noprof+0x48/0x710 [ 339.859655][ T10] ? pcpu_alloc_noprof+0xf85/0x1720 [ 339.859672][ T10] fs_reclaim_acquire+0x72/0x100 [ 339.859688][ T10] ? kmem_cache_alloc_node_noprof+0x48/0x710 [ 339.859713][ T10] kmem_cache_alloc_node_noprof+0x48/0x710 [ 339.859737][ T10] ? __alloc_workqueue+0xc23/0x1b80 [ 339.859755][ T10] __alloc_workqueue+0xc23/0x1b80 [ 339.859776][ T10] alloc_workqueue_noprof+0xd4/0x210 [ 339.859802][ T10] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 339.859822][ T10] ? rcu_is_watching+0x15/0xb0 [ 339.859849][ T10] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 339.859879][ T10] ? __raw_spin_lock_init+0x45/0x100 [ 339.859912][ T10] nintendo_hid_probe+0x206/0x3810 [ 339.859938][ T10] ? hid_lookup_quirk+0x350/0x5a0 [ 339.859959][ T10] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 339.859982][ T10] ? __pfx_nintendo_hid_probe+0x10/0x10 [ 339.860004][ T10] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 339.860022][ T10] ? devres_log+0x11e/0x330 [ 339.860041][ T10] ? devres_open_group+0x7c/0x3d0 [ 339.860065][ T10] ? hid_lookup_quirk+0x350/0x5a0 [ 339.860084][ T10] hid_device_probe+0x416/0x7a0 [ 339.860112][ T10] ? driver_sysfs_add+0x1fe/0x210 [ 339.860131][ T10] ? __pfx_hid_device_probe+0x10/0x10 [ 339.860155][ T10] really_probe+0x26d/0x9e0 [ 339.860178][ T10] __driver_probe_device+0x18c/0x2f0 [ 339.860198][ T10] driver_probe_device+0x4f/0x430 [ 339.860219][ T10] __device_attach_driver+0x2ce/0x530 [ 339.860240][ T10] bus_for_each_drv+0x251/0x2e0 [ 339.860264][ T10] ? __pfx___device_attach_driver+0x10/0x10 [ 339.860283][ T10] ? __pfx_bus_for_each_drv+0x10/0x10 [ 339.860311][ T10] __device_attach+0x2b8/0x400 [ 339.860330][ T10] ? __pfx___device_attach+0x10/0x10 [ 339.860349][ T10] ? do_raw_spin_unlock+0x122/0x240 [ 339.860366][ T10] bus_probe_device+0x185/0x260 [ 339.860391][ T10] device_add+0x7b6/0xb50 [ 339.860409][ T10] hid_add_device+0x272/0x3e0 [ 339.860425][ T10] usbhid_probe+0xe13/0x12a0 [ 339.860448][ T10] usb_probe_interface+0x668/0xc30 [ 339.860472][ T10] ? __pfx_usb_probe_interface+0x10/0x10 [ 339.860490][ T10] really_probe+0x26d/0x9e0 [ 339.860511][ T10] __driver_probe_device+0x18c/0x2f0 [ 339.860530][ T10] driver_probe_device+0x4f/0x430 [ 339.860550][ T10] __device_attach_driver+0x2ce/0x530 [ 339.860571][ T10] bus_for_each_drv+0x251/0x2e0 [ 339.860595][ T10] ? __pfx___device_attach_driver+0x10/0x10 [ 339.860614][ T10] ? __pfx_bus_for_each_drv+0x10/0x10 [ 339.860642][ T10] __device_attach+0x2b8/0x400 [ 339.860661][ T10] ? __pfx___device_attach+0x10/0x10 [ 339.860680][ T10] ? do_raw_spin_unlock+0x122/0x240 [ 339.860696][ T10] bus_probe_device+0x185/0x260 [ 339.860721][ T10] device_add+0x7b6/0xb50 [ 339.860738][ T10] usb_set_configuration+0x1a87/0x20e0 [ 339.860765][ T10] usb_generic_driver_probe+0x8d/0x150 [ 339.860782][ T10] usb_probe_device+0x1c4/0x390 [ 339.860801][ T10] ? __pfx_usb_probe_device+0x10/0x10 [ 339.860818][ T10] really_probe+0x26d/0x9e0 [ 339.860839][ T10] __driver_probe_device+0x18c/0x2f0 [ 339.860858][ T10] driver_probe_device+0x4f/0x430 [ 339.860878][ T10] __device_attach_driver+0x2ce/0x530 [ 339.860899][ T10] bus_for_each_drv+0x251/0x2e0 [ 339.860929][ T10] ? __pfx___device_attach_driver+0x10/0x10 [ 339.860948][ T10] ? __pfx_bus_for_each_drv+0x10/0x10 [ 339.860976][ T10] __device_attach+0x2b8/0x400 [ 339.860994][ T10] ? __pfx___device_attach+0x10/0x10 [ 339.861013][ T10] ? do_raw_spin_unlock+0x122/0x240 [ 339.861030][ T10] bus_probe_device+0x185/0x260 [ 339.861054][ T10] device_add+0x7b6/0xb50 [ 339.861072][ T10] usb_new_device+0xa39/0x16f0 [ 339.861100][ T10] ? __pfx_usb_new_device+0x10/0x10 [ 339.861124][ T10] ? _raw_spin_unlock_irq+0x23/0x50 [ 339.861139][ T10] ? lockdep_hardirqs_on+0x9c/0x150 [ 339.861160][ T10] hub_event+0x2958/0x4a20 [ 339.861194][ T10] ? __pfx_hub_event+0x10/0x10 [ 339.861209][ T10] ? process_scheduled_works+0x9ef/0x17b0 [ 339.861232][ T10] ? _raw_spin_unlock_irq+0x23/0x50 [ 339.861248][ T10] ? process_scheduled_works+0x9ef/0x17b0 [ 339.861273][ T10] ? process_scheduled_works+0x9ef/0x17b0 [ 339.861295][ T10] process_scheduled_works+0xae1/0x17b0 [ 339.861325][ T10] ? __pfx_process_scheduled_works+0x10/0x10 [ 339.861353][ T10] worker_thread+0x8a0/0xda0 [ 339.861388][ T10] kthread+0x711/0x8a0 [ 339.861414][ T10] ? __pfx_worker_thread+0x10/0x10 [ 339.861435][ T10] ? __pfx_kthread+0x10/0x10 [ 339.861460][ T10] ? _raw_spin_unlock_irq+0x23/0x50 [ 339.861476][ T10] ? lockdep_hardirqs_on+0x9c/0x150 [ 339.861493][ T10] ? __pfx_kthread+0x10/0x10 [ 339.861518][ T10] ret_from_fork+0x4bc/0x870 [ 339.861539][ T10] ? __pfx_ret_from_fork+0x10/0x10 [ 339.861561][ T10] ? __switch_to_asm+0x39/0x70 [ 339.861577][ T10] ? __switch_to_asm+0x33/0x70 [ 339.861594][ T10] ? __pfx_kthread+0x10/0x10 [ 339.861618][ T10] ret_from_fork_asm+0x1a/0x30 [ 339.861642][ T10] [ 340.194397][ C1] wlan0: beacon TX faster than countdown (channel/color switch) completion [ 340.196101][ C0] vkms_vblank_simulate: vblank timer overrun [ 340.442027][ C0] vkms_vblank_simulate: vblank timer overrun [ 340.468343][ T5944] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 340.536751][ T10] nintendo 0003:057E:201E.0036: hidraw0: USB HID v80.00 Device [HID 057e:201e] on usb-dummy_hcd.5-1/input0 [ 340.551603][ T89] vhci_hcd: vhci_device speed not set [ 340.610243][ T10] nintendo 0003:057E:201E.0036: Failed to get joycon info; ret=-38 [ 340.618211][ T10] nintendo 0003:057E:201E.0036: Failed to retrieve controller info; ret=-38 [ 340.627296][ T10] nintendo 0003:057E:201E.0036: Failed to initialize controller; ret=-38 [ 340.635830][ T5944] usb 5-1: Using ep0 maxpacket: 32 [ 340.643011][ T5944] usb 5-1: config 9 has an invalid interface number: 103 but max is 0 [ 340.651298][ T5944] usb 5-1: config 9 has no interface number 0 [ 340.657437][ T5944] usb 5-1: config 9 interface 103 has no altsetting 0 [ 340.664423][ T10] nintendo 0003:057E:201E.0036: probe - fail = -38 [ 340.671474][ T10] nintendo 0003:057E:201E.0036: probe with driver nintendo failed with error -38 [ 340.687579][ T5944] usb 5-1: New USB device found, idVendor=0d49, idProduct=7000, bcdDevice=97.b5 [ 340.697057][ T5944] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.705332][ T5944] usb 5-1: Product: syz [ 340.710538][ T5944] usb 5-1: Manufacturer: syz [ 340.715182][ T5944] usb 5-1: SerialNumber: syz [ 340.721872][ T10] usb 6-1: USB disconnect, device number 38 [ 340.961436][ T5944] ums-onetouch 5-1:9.103: USB Mass Storage device detected [ 341.073309][ T5944] usb 5-1: USB disconnect, device number 47