last executing test programs: 7.457379247s ago: executing program 0 (id=688): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000001640)=ANY=[@ANYBLOB="011b00000000000021000040"]) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'aio_aio12_8\x00', [0x4004f2a, 0x8, 0x91, 0x4, 0x1000, 0xcc7, 0x3fd, 0x7, 0xa, 0x6, 0x7, 0x1, 0x1, 0x7fff, 0x6, 0x101, 0x0, 0x1a447, 0xffffffff, 0x800, 0x89, 0xcaa3, 0x0, 0x9, 0xb, 0xe69, 0x3d, 0x7, 0x4088, 0x80000001, 0x9]}) r5 = socket$kcm(0x2, 0x5, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc000) ioctl$AUTOFS_DEV_IOCTL_READY(r6, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3, {0x7}}, './file0\x00'}) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bind$nfc_llcp(r8, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abff005597c8ef039a5be42200", 0x38}, 0x60) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[], 0x118}}, 0x0) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r7, 0x118, 0x1, &(0x7f0000000340)=0x56, 0x4) listen(r8, 0x0) accept4$nfc_llcp(r8, 0x0, 0x0, 0x80000) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1d0) r10 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140), 0x580, 0x0) r11 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r10, 0xc018937c, &(0x7f0000000240)={{0x1, 0x1, 0x18, r11, {0x4}}, './file0\x00'}) mount$tmpfs(0x0, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0), 0x200000, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000000000000000346ee05abbbe080000009641c870588176e823f930a0d6af8794b73280ae6eac73d5a2f582adffda63f364c49f638f2280ad7b751dc6329e88ed07f6609bba09200a6e4fb94e7d847e47ee446996f23a"]) syz_clone(0xe0b1ad91, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000080), 0xf9ba, 0x143882) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x202) write$tun(r3, &(0x7f0000000440)=ANY=[@ANYRES8=r11], 0xfce) 6.500390893s ago: executing program 0 (id=692): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000eef76c20c80a01c3650d0102030109021200010000100009048d0000"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000080)={0x0, 0x11, 0xc8, {0xc8, 0xb, "a6eb2e970b2074c3e2f6ebe3c80b3e1ea2e67b95c0c547e0f73631be95df8451996ff26a850a3e538617a6614b240129cb3fe350d467d188c5d5d1e56e48bf94feb626adeeea6c9921e077c9c4aeb6e35bf52f2a7d4c68c3bfc22f1bde7e0006bb616f65a8792a94edef92ffc2ea7d0a820c247d657f6df8ad3591e274501a984cebed3e7a12c00ef19c3498f66ceaf50361eb2828c17d8523670f97aabe3d9b7cce9d3676b398abc272c19d477a433cc7ed5f5259b098969fd3b03e320076cdbcf13de700a0"}}, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x81a}}}, &(0x7f0000000380)={0x2c, &(0x7f0000000200)={0x0, 0xc, 0x54, "348e6b822ce8c92114ad4863b819439ed5fff2ffaa1475ab443dc6154b1b3fd58361cbe9a88a6bf8d1d17c82e4c913924fdf78b3ac6d2b6d5a0ecc53079b2a9e5545d215e35caee4ad14f8b17a96f1ace81ac450"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x2}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000300)={0xc0, 0x5, 0x4, "4f00dcd7"}, &(0x7f0000000340)={0x40, 0x5, 0x2, "a9f7"}}) pipe2$9p(&(0x7f0000000000), 0x8c0) syz_open_dev$I2C(&(0x7f0000003840), 0x0, 0x0) r1 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000700)={0x1, @pix={0x200, 0x8000, 0x39565559, 0x7, 0x6000000, 0x1, 0x5, 0xfeedcafe, 0x3, 0x7, 0x0, 0x2}}) 4.893250563s ago: executing program 0 (id=705): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000440)='./bus\x00') r2 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x5, 0x1, 0x8000000004007, 0xac, 0x3, 0x4, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0) sendfile(r2, r2, &(0x7f0000000080)=0x110, 0x7f03) 4.755116495s ago: executing program 2 (id=706): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x12, 0x5, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x43100}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000800}, 0x10) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x7, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0xa7c, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0x8080000, 0x8, 0x8, 0xb, 0xe6, 0x40, 0x9, 0x0, 0x81, 0x80}, {0x5000, 0x3000, 0x3, 0x0, 0x42, 0x5, 0x7d, 0x6, 0x36, 0x0, 0x2, 0x87}, {0x0, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0xff, 0x8, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x16, 0x7, 0xab, 0x8, 0x9, 0x9, 0xf7, 0x97}, {0xeeefa000, 0xdddd0000, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0x3000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0x100000, [0x6800000000000000, 0x4, 0x3, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x500) 4.536485966s ago: executing program 2 (id=707): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) syz_usb_connect(0x5, 0x24, &(0x7f0000000300)={{0x12, 0x1, 0x310, 0xf9, 0x2d, 0x10, 0x8, 0xc45, 0x627c, 0xe8b7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5, 0xb, 0x60, 0x6, [{{0x9, 0x4, 0x55, 0x2, 0x0, 0x58, 0x6c, 0xbc, 0x8}}]}}]}}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0}) sched_setscheduler(0x0, 0x2, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) r1 = syz_pidfd_open(r0, 0x0) pidfd_getfd(r1, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x88203, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_GET_MSRS_cpu(r4, 0xc008ae88, &(0x7f0000000240)={0x1, 0x0, [{0x4000009d, 0x0, 0x1}]}) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) lsm_get_self_attr(0xdc, 0x0, &(0x7f00000000c0), 0x1) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) r7 = syz_init_net_socket$ax25(0x3, 0x5, 0x1) getsockopt$ax25_int(r7, 0x101, 0x2, &(0x7f0000000040), &(0x7f00000000c0)=0x4) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000e80), r8) sendmsg$NFC_CMD_FW_DOWNLOAD(r8, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000f80)={0x1c, r9, 0x1, 0x70bd26, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40010}, 0x4040) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000340)={[{@userxattr}, {@uuid_off}, {@workdir={'workdir', 0x3d, './file0'}}], [{@appraise}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}]}) chdir(&(0x7f0000000440)='./bus\x00') r10 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r10, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x5, 0x1, 0x8000000004007, 0xac, 0x3, 0x4, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0) sendfile(r10, r10, &(0x7f0000000080), 0x7f03) 4.049229599s ago: executing program 1 (id=712): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x12, 0x5, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x43100}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000800}, 0x10) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x7, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0xa7c, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0x8080000, 0x8, 0x8, 0xb, 0xe6, 0x40, 0x9, 0x0, 0x81, 0x80}, {0x5000, 0x3000, 0x3, 0x0, 0x42, 0x5, 0x7d, 0x6, 0x36, 0x0, 0x2, 0x87}, {0x0, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0xff, 0x8, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x16, 0x7, 0xab, 0x8, 0x9, 0x9, 0xf7, 0x97}, {0xeeefa000, 0xdddd0000, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0x3000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0x100000, [0x6800000000000000, 0x4, 0x3, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 6) 3.856414159s ago: executing program 0 (id=713): r0 = socket(0x40000000015, 0x5, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r1, &(0x7f0000000100)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e20, @broadcast}}, 0x24) r2 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r2, &(0x7f0000000180)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e23, @rand_addr=0x64010101}}, 0x24) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="c0000000000101040000000000000000020000007400018014000180080001000000000008000200e00000020c00028005000100f9ffffff4300028005000100060000000c00edda05000100000000000c0002"], 0xc0}}, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r5, 0x0, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x52}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x16}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x22}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040}, 0x8080) getsockopt(r0, 0x200000000114, 0x4, 0x0, &(0x7f0000000040)) 2.711597225s ago: executing program 2 (id=715): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) lsm_set_self_attr(0x65, 0x0, 0x20, 0x0) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000000c0)=0x800, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x403a, 0x1000, 0xe52a, 0x770, 0x0, 0xbabd}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000000)={0x0, 0x3, 0xabd}, 0x8) r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xbd, 0xe5, 0xa4, 0x40, 0x2770, 0x9052, 0x15f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x6f, 0x5c, 0xa}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x1c) sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 2.231727575s ago: executing program 1 (id=719): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f0000003c40)={0x0, 0x0, &(0x7f0000003c00)={&(0x7f0000003b80)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="090300807000ffdbdf2504"], 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x4040000) 2.216541178s ago: executing program 1 (id=720): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000bc0)={{{@in=@rand_addr=0x64010100, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e21, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x2, 0x0, 0x8, 0x8, 0x4}, {0x4}, 0x0, 0xfffffffe, 0x1, 0x0, 0x2, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x80, 0x32}, 0x0, @in6=@empty, 0x0, 0x0, 0x2, 0x8}}, 0xe8) syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(r2, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=0x0, @ANYBLOB="6e7bdb8d087fcb1b5d310e6e83b23255ab7a353e58a6d97a43bd25ff06a3583a63ef1c0ea20410103740d5ec743dfcb1821fa1e0631f4065df4abcbd2c787ecc362e40cf5f6c3ace7ffac850a1f01c553fb536a715fb1524fcc9612c9e70412f1463fa9625b3b1e955cae9e3da8bd1d2e0c1710cbc2491dfa374d60c2edc6ac76f867f73"], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) r5 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb) keyctl$revoke(0x3, r5) getsockopt$inet_int(r4, 0x0, 0x18, 0x0, &(0x7f0000000040)) syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x20c0) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r8) sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRES32=r7], 0x1c}}, 0x8004) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) write$nci(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="414601", @ANYRES8=r10], 0x4) 2.0719696s ago: executing program 1 (id=721): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f0000000180)=0xffffffff) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x100000c, 0x204031, 0xffffffffffffffff, 0xffffd000) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000001c0)) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) sendmsg$sock(r0, &(0x7f00000008c0)={&(0x7f0000000140)=@nfc_llcp={0x27, 0x0, 0x0, 0x4, 0x6, 0x7, "146acd4d33a05e26664c36f328552e0066001f33c9e1a8837b3f2c6801af3769e3727eefdce95d3a6d7ae1c4d8f0ff9ff61cdd9d1e54fef8f886a24a8ff9e1", 0x38}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000340)="78f10b651cb5760fb7fa4dc26effb61d26f843550dc1bcc837210aab06d9d8024959e426b52d56824a616023a3a800ace1a757ba875e1a0e2e436796248d05555bd7fd38265fdf95c5012afaeb002f6d7e1e701e954aad5c55c4b6f6f0691a1bf110205cbb01a53b1ec4457f365984ca49f65012e00d29bde24f5f287712d4922e88fe1c558f09cc3b647b15292a88363c2a9e19ad6d11a250db8cb54c32a30c6dd041e11e2c3cd574a79da9fadbf4050117a3d68127a97cf66ce38a6cc6f34ef60b5d82f61d053423a81c6e6b17a98973b7da933644d96441c00960571dd5f5d993b90adcad21ef4ac6d5d8b7", 0xed}, {&(0x7f0000000500)="7480973e1f428b17f2bd94c51107d408c170c064f192447bc89a269f0541e8e444c17cc011c6a07eb21fa0572d7abf08291b896f5a499c3842045dd0ac5711ec4db2c627ab1e20637c21c98f05d296aebfe1e6eb6f419349b6c8088fcf4c4773b924e4edcef94d91e3eae10b214d9776f279f56401b2f53f7fad5b494f0b98237583", 0x82}, {&(0x7f00000000c0)="eee7500599f59c127cdb383aec4b79dbe0c1", 0x12}, {&(0x7f00000005c0)="75c0a4d2bf09c330ca7f61ca5b2e33489a8fb83b6664fcf99224724a542b07f1fc5752f158bb659d44407ee713f69ebfdb4c0e9982eddd2774ee945e2a0c077f6cbb934bf8656f79d0a20b1c714b9c6d1fc4bcacfbdc00356aa2076c4432072cafb95e90ad32c256d857386a24e4ee356b338f7f66b32d4bdbe7a5fb53d4f51529", 0x81}, {&(0x7f0000000680)="8e66488846d4cfbedf781c27c18cec3c35113972c2e2c030f969605ba31c9659e3c1b761856ce1d83878229f3fcb4a8e1beadd4d52bc4488bc3eb77b19c116a71c25a8a0422f4d134742347bc9ef43e539bf64c58900a34408058c31ac4f0bd86abd6f35ce0325bd7b2c6089596223280ee27c5aa9eb83697131b166bc98451228bc", 0x82}, {&(0x7f0000000740)="d2d8f5efefd07a189a4da9281be0c069f0de4160202f5d428690e8a8e5836d18276e20a7aaf0bde7ecc16c0d49cb86f90041242232bae43e11a69264cce32e3955fbbd1c0c5b67a7e4ce68de27ee6d96253215e8acb0178348ee45e238069f4e170f190e950d94e2fcec029d1a030338f7837440988b8bde650e848568cad1215d0f4f784940d99f9603cdd08571a60b3df2d4f3022138952ca495c5a9c91305f82799953b2a", 0xa6}], 0x6, &(0x7f0000000880)=[@txtime={{0x18, 0x1, 0x3d, 0xa}}, @txtime={{0x18, 0x1, 0x3d, 0x100000001}}], 0x30}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)={0x10, 0x12, 0x1}, 0x10}], 0x1}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="6400000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a310000004018000780050003001f0000000c00018008000140ffffffff05000500020000000500010006"], 0x64}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c030000160001000000000000000000fc010000000000000000000000000000fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c000000ac14140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000000000000000000000000000300000006"], 0x34c}}, 0x0) 1.612510541s ago: executing program 0 (id=723): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c) getsockopt$inet6_int(r0, 0x29, 0x18, 0x0, &(0x7f0000000100)) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c) (async) getsockopt$inet6_int(r0, 0x29, 0x18, 0x0, &(0x7f0000000100)) (async) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0) (async) 1.49291684s ago: executing program 0 (id=724): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000eef76c20c80a01c3650d0102030109021200010000100009048d0000"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000080)={0x0, 0x11, 0xc8, {0xc8, 0xb, "a6eb2e970b2074c3e2f6ebe3c80b3e1ea2e67b95c0c547e0f73631be95df8451996ff26a850a3e538617a6614b240129cb3fe350d467d188c5d5d1e56e48bf94feb626adeeea6c9921e077c9c4aeb6e35bf52f2a7d4c68c3bfc22f1bde7e0006bb616f65a8792a94edef92ffc2ea7d0a820c247d657f6df8ad3591e274501a984cebed3e7a12c00ef19c3498f66ceaf50361eb2828c17d8523670f97aabe3d9b7cce9d3676b398abc272c19d477a433cc7ed5f5259b098969fd3b03e320076cdbcf13de700a0"}}, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x81a}}}, &(0x7f0000000380)={0x2c, &(0x7f0000000200)={0x0, 0xc, 0x54, "348e6b822ce8c92114ad4863b819439ed5fff2ffaa1475ab443dc6154b1b3fd58361cbe9a88a6bf8d1d17c82e4c913924fdf78b3ac6d2b6d5a0ecc53079b2a9e5545d215e35caee4ad14f8b17a96f1ace81ac450"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x2}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000300)={0xc0, 0x5, 0x4, "4f00dcd7"}, &(0x7f0000000340)={0x40, 0x5, 0x2, "a9f7"}}) pipe2$9p(&(0x7f0000000000), 0x8c0) syz_open_dev$I2C(&(0x7f0000003840), 0x0, 0x0) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) 1.18511884s ago: executing program 1 (id=726): openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x2, 0x0, @ioapic={0xd000, 0x2, 0x9, 0xffffffff, 0x0, [{0x81, 0xfd, 0x2, '\x00', 0xff}, {0x6, 0x3, 0x5, '\x00', 0xcf}, {0x1, 0x2, 0x91, '\x00', 0x6}, {0x4, 0xfd, 0x8, '\x00', 0x97}, {0x9, 0xb, 0x80, '\x00', 0x8}, {0xfa, 0x6, 0x4, '\x00', 0x6}, {0x7, 0x15, 0x4, '\x00', 0xcf}, {0x7, 0xd, 0xf, '\x00', 0x1}, {0x98, 0x9, 0x4, '\x00', 0x7}, {0x0, 0x1, 0xfb, '\x00', 0x9}, {0xd, 0xfd, 0x8, '\x00', 0x9}, {0x2, 0x5, 0x10, '\x00', 0x5}, {0xf, 0xa, 0x42, '\x00', 0x7f}, {0x9, 0x1, 0x8, '\x00', 0x8}, {0x81, 0x10, 0x4, '\x00', 0x3d}, {0x1, 0xa, 0x2, '\x00', 0x7}, {0x0, 0xc, 0x20, '\x00', 0x70}, {0x20, 0x40, 0x8, '\x00', 0xfc}, {0xb, 0x2, 0x5, '\x00', 0x4}, {0xf9, 0x5, 0x9, '\x00', 0x8}, {0x1, 0x6, 0x5, '\x00', 0xa}, {0x9, 0xfc, 0x90, '\x00', 0x21}, {0x5, 0xeb, 0xc0}, {0x6, 0x5, 0x0, '\x00', 0xb}]}}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r4, 0x402, 0x8000001f) r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r5, 0x402, 0x80000024) open(&(0x7f0000000280)='.\x00', 0x2000, 0x148) (async) r6 = open(&(0x7f0000000280)='.\x00', 0x2000, 0x148) fcntl$notify(r6, 0x402, 0x36) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) (async) r9 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r9, 0x4000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r9, 0x4000) r10 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r10) ptrace$setregs(0xf, r10, 0x100000000002, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x2c, r7, 0x5, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_PBSS]}, 0x2c}, 0x1, 0x0, 0x0, 0x20043041}, 0x0) (async) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x2c, r7, 0x5, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_PBSS]}, 0x2c}, 0x1, 0x0, 0x0, 0x20043041}, 0x0) r11 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000200), 0xaafc0, 0x0) ioctl$VIDIOC_G_AUDOUT(r11, 0x80345631, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r11) (async) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r11) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0x9c, 0x2, 0x6, 0x0, 0x0, 0x0, {0x3, 0x0, 0x5}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x9}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x6c}, @IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0x2}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x60}]}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x9c}, 0x1, 0x0, 0x0, 0x1}, 0x14) syz_clone(0x20294a80, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x20294a80, 0x0, 0x0, 0x0, 0x0, 0x0) 1.176335193s ago: executing program 2 (id=727): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x7ffffffffffff}) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r2 = fcntl$dupfd(r1, 0x0, r1) write$sndseq(r2, &(0x7f0000000180)=[{0xff, 0x0, 0xfc, 0x0, @time={0xaecd, 0x9}, {}, {0x0, 0x79}, @result={0x1, 0x2}}, {0x0, 0x0, 0xff, 0x3, @tick=0xa, {0xff, 0x31}, {}, @addr={0x2a, 0x5}}], 0x38) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r3, 0x40046210, &(0x7f0000000100)=0x1) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r0, 0x0) r5 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS64(r5, 0x4112, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) read$FUSE(r4, &(0x7f0000001080)={0x2020}, 0x2020) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) read$FUSE(r7, &(0x7f0000007fc0)={0x2020}, 0x2020) 1.073056472s ago: executing program 3 (id=729): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000bc0)={{{@in=@rand_addr=0x64010100, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e21, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x2, 0x0, 0x8, 0x8, 0x4}, {0x4}, 0x0, 0xfffffffe, 0x1, 0x0, 0x2, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x80, 0x32}, 0x0, @in6=@empty, 0x0, 0x0, 0x2, 0x8}}, 0xe8) syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(r2, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=0x0, @ANYBLOB="6e7bdb8d087fcb1b5d310e6e83b23255ab7a353e58a6d97a43bd25ff06a3583a63ef1c0ea20410103740d5ec743dfcb1821fa1e0631f4065df4abcbd2c787ecc362e40cf5f6c3ace7ffac850a1f01c553fb536a715fb1524fcc9612c9e70412f1463fa9625b3b1e955cae9e3da8bd1d2e0c1710cbc2491dfa374d60c2edc6ac76f867f73"], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) r5 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb) keyctl$revoke(0x3, r5) getsockopt$inet_int(r4, 0x0, 0x18, 0x0, &(0x7f0000000040)) syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x20c0) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r8) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRES32], 0x1c}}, 0x8004) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) write$nci(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="414601", @ANYRES8=r10], 0x4) 932.338382ms ago: executing program 2 (id=730): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004084}, 0x4040044) 931.941392ms ago: executing program 1 (id=731): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000009, 0x46031, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000380)='net/fib_trie\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) read$msr(r2, &(0x7f0000002140)=""/207, 0xbd) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x11}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r5, 0xc020aa08, &(0x7f0000000100)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f00000000c0)={&(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x2000, 0x2}) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x240040) r7 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x715) ioctl$PIO_CMAP(r7, 0x4b71, &(0x7f0000000340)={0x4, 0x0, 0x9, 0x80000000, 0x7fffffffffffffff, 0x2}) ioctl$SNDRV_TIMER_IOCTL_INFO(r6, 0x80e85411, &(0x7f0000000240)) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0x2000c5fb, @value=0x3}) r9 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66682c9d42", 0x9, 0xfffffffffffffffe) r10 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000280)={r9, r10, r9}, &(0x7f00000000c0)=""/83, 0x53, 0x0) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100002100000000000010000000300001801300030000000000000000000000ffffe0000801060002000000000006000100e7ff0200060004"], 0x44}}, 0x0) 891.057958ms ago: executing program 2 (id=732): r0 = syz_usb_connect(0x0, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f00000001c0)={0x0, 0xc, 0x2, &(0x7f0000000080)={0x11, "497d59b206a5b8c57da372261092c071d7c1486b634a572c55cf75ef98e6068fd3"}}) (fail_nth: 6) 824.32556ms ago: executing program 3 (id=733): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r0, r1, 0x0, 0x200002) (fail_nth: 6) 632.546935ms ago: executing program 3 (id=734): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000300)={0xa, 0x2, 0xfffffffc, @empty, 0x80000001}, 0x1c) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r1, &(0x7f0000000340)="fb", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x1}}, 0x0, 0x0, 0x2, 0x0, "10baa70a93289349d889de25b87376f64276337642b890d33cb5b592266c5b98fb19402835fee1b3871b7ef6619db5b2a94edb6f73ea08b02aa3b47debd38b6d889a8c986b33eb49c3157f1f370dfd67"}, 0xd8) close_range(r0, 0xffffffffffffffff, 0x406) 629.364281ms ago: executing program 3 (id=735): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) lsm_set_self_attr(0x65, 0x0, 0x20, 0x0) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000000c0)=0x800, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x403a, 0x1000, 0xe52a, 0x770, 0x0, 0xbabd}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000000)={0x0, 0x3, 0xabd}, 0x8) r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xbd, 0xe5, 0xa4, 0x40, 0x2770, 0x9052, 0x15f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x6f, 0x5c, 0xa}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x1c) sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 53.613676ms ago: executing program 3 (id=736): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x4000172, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="42000000030000000000000000000000000000000000000021"], 0x42) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x63) mount(&(0x7f0000001400)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./file0\x00', &(0x7f0000001480)='bfs\x00', 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000180)={'mpc624\x00', [0x4f27, 0x2, 0x10000, 0x14, 0xe, 0x0, 0x3, 0x7, 0x9, 0x1, 0x8001, 0x2, 0xff6b, 0x801, 0x1, 0x4, 0x7, 0x2, 0x3, 0xbe, 0x978, 0xfffffff8, 0x1ff, 0x20001e58, 0xb, 0xe6b, 0x3c, 0x8, 0x65c, 0x0, 0xfffffff8]}) 0s ago: executing program 3 (id=737): syz_usb_connect(0x5, 0x24, &(0x7f0000001280)=ANY=[@ANYBLOB="12010003001f66088f0510660548020003010902120001049570810904008100ffffff02"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23}) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000040)="e2", 0x1}], 0x1) (fail_nth: 6) kernel console output (not intermixed with test programs): [ 163.957632][ T7400] ? __fget_files+0x3a0/0x420 [ 163.957650][ T7400] ? __fget_files+0x2a/0x420 [ 163.957672][ T7400] security_file_ioctl+0xcb/0x2d0 [ 163.957695][ T7400] __se_sys_ioctl+0x47/0x170 [ 163.957718][ T7400] do_syscall_64+0xfa/0xfa0 [ 163.957740][ T7400] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.957757][ T7400] ? clear_bhb_loop+0x60/0xb0 [ 163.957778][ T7400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.957794][ T7400] RIP: 0033:0x7f085e78f749 [ 163.957810][ T7400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.957824][ T7400] RSP: 002b:00007f085f6a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.957844][ T7400] RAX: ffffffffffffffda RBX: 00007f085e9e5fa0 RCX: 00007f085e78f749 [ 163.957857][ T7400] RDX: 0000200000000240 RSI: 00000000000089e1 RDI: 0000000000000004 [ 163.957868][ T7400] RBP: 00007f085f6a3090 R08: 0000000000000000 R09: 0000000000000000 [ 163.957879][ T7400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.957897][ T7400] R13: 00007f085e9e6038 R14: 00007f085e9e5fa0 R15: 00007ffc14c5d278 [ 163.957928][ T7400] [ 163.958410][ T7400] ERROR: Out of memory at tomoyo_realpath_from_path. [ 164.204180][ T5891] usb-storage 2-1:0.0: USB Mass Storage device detected [ 164.287165][ T7408] fuse: Unknown parameter '000000000000000000030x0000000000000003' [ 164.305739][ T5891] usb 2-1: USB disconnect, device number 32 [ 164.318641][ T7408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.332699][ T7408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.398744][ T6122] cypress_m8 1-1:5.215: DeLorme Earthmate USB converter detected [ 164.431918][ T6122] usb 1-1: DeLorme Earthmate USB converter now attached to ttyUSB0 [ 164.449988][ T6122] usb 1-1: USB disconnect, device number 33 [ 164.472512][ T6122] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0 [ 164.485332][ T10] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 164.496916][ T6122] cypress_m8 1-1:5.215: device disconnected [ 164.625494][ T10] usb 3-1: device descriptor read/64, error -71 [ 164.673280][ T7413] FAULT_INJECTION: forcing a failure. [ 164.673280][ T7413] name failslab, interval 1, probability 0, space 0, times 0 [ 164.686203][ T7413] CPU: 0 UID: 0 PID: 7413 Comm: syz.3.505 Not tainted syzkaller #0 PREEMPT(full) [ 164.686227][ T7413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 164.686238][ T7413] Call Trace: [ 164.686246][ T7413] [ 164.686254][ T7413] dump_stack_lvl+0x189/0x250 [ 164.686280][ T7413] ? __pfx____ratelimit+0x10/0x10 [ 164.686300][ T7413] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.686322][ T7413] ? __pfx__printk+0x10/0x10 [ 164.686348][ T7413] ? __pfx___might_resched+0x10/0x10 [ 164.686367][ T7413] ? fs_reclaim_acquire+0x7d/0x100 [ 164.686390][ T7413] should_fail_ex+0x414/0x560 [ 164.686418][ T7413] should_failslab+0xa8/0x100 [ 164.686439][ T7413] __kmalloc_noprof+0xdf/0x800 [ 164.686464][ T7413] ? tomoyo_encode+0x28b/0x550 [ 164.686494][ T7413] tomoyo_encode+0x28b/0x550 [ 164.686524][ T7413] tomoyo_realpath_from_path+0x58d/0x5d0 [ 164.686559][ T7413] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 164.686581][ T7413] tomoyo_path_number_perm+0x1e8/0x5a0 [ 164.686605][ T7413] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 164.686676][ T7413] ? __fget_files+0x2a/0x420 [ 164.686701][ T7413] ? __fget_files+0x3a0/0x420 [ 164.686719][ T7413] ? __fget_files+0x2a/0x420 [ 164.686743][ T7413] security_file_ioctl+0xcb/0x2d0 [ 164.686766][ T7413] __se_sys_ioctl+0x47/0x170 [ 164.686793][ T7413] do_syscall_64+0xfa/0xfa0 [ 164.686814][ T7413] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.686832][ T7413] ? clear_bhb_loop+0x60/0xb0 [ 164.686853][ T7413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.686870][ T7413] RIP: 0033:0x7f71b518f749 [ 164.686887][ T7413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.686902][ T7413] RSP: 002b:00007f71b60f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 164.686922][ T7413] RAX: ffffffffffffffda RBX: 00007f71b53e5fa0 RCX: 00007f71b518f749 [ 164.686935][ T7413] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 0000000000000013 [ 164.686947][ T7413] RBP: 00007f71b60f9090 R08: 0000000000000000 R09: 0000000000000000 [ 164.686958][ T7413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.686969][ T7413] R13: 00007f71b53e6038 R14: 00007f71b53e5fa0 R15: 00007ffd3291ac28 [ 164.687002][ T7413] [ 164.687024][ T7413] ERROR: Out of memory at tomoyo_realpath_from_path. [ 165.045340][ T10] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 165.196991][ T10] usb 3-1: device descriptor read/64, error -71 [ 165.290108][ T7429] syzkaller1: entered promiscuous mode [ 165.296645][ T7429] syzkaller1: entered allmulticast mode [ 165.308321][ T10] usb usb3-port1: attempt power cycle [ 165.355380][ T5891] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 165.516732][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.527778][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.538314][ T5891] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 165.547509][ T5891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.557316][ T5891] usb 1-1: config 0 descriptor?? [ 165.565334][ T5838] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 165.665372][ T10] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 165.686362][ T10] usb 3-1: device descriptor read/8, error -71 [ 165.735273][ T5838] usb 2-1: Using ep0 maxpacket: 16 [ 165.742898][ T5838] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 165.753208][ T5838] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 165.762333][ T5838] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 165.771901][ T5838] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.782198][ T5838] usb 2-1: config 0 descriptor?? [ 165.925388][ T10] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 165.946703][ T10] usb 3-1: device descriptor read/8, error -71 [ 165.974946][ T5891] cp2112 0003:10C4:EA90.0019: unknown main item tag 0x0 [ 165.994501][ T5891] cp2112 0003:10C4:EA90.0019: unknown main item tag 0x0 [ 166.001818][ T5891] cp2112 0003:10C4:EA90.0019: unknown main item tag 0x0 [ 166.016443][ T5891] cp2112 0003:10C4:EA90.0019: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 166.059020][ T10] usb usb3-port1: unable to enumerate USB device [ 166.189049][ T5891] cp2112 0003:10C4:EA90.0019: error requesting version [ 166.207918][ T5891] cp2112 0003:10C4:EA90.0019: probe with driver cp2112 failed with error -32 [ 167.210212][ T7453] overlayfs: failed to resolve './file0': -2 [ 167.262689][ T7455] syzkaller1: entered promiscuous mode [ 167.268500][ T7455] syzkaller1: entered allmulticast mode [ 167.475348][ T10] usb 3-1: new full-speed USB device number 33 using dummy_hcd [ 167.503728][ T7460] dlm: non-version read from control device 2 [ 167.637504][ T10] usb 3-1: config 0 has an invalid interface number: 199 but max is 1 [ 167.646407][ T10] usb 3-1: config 0 has no interface number 1 [ 167.652552][ T10] usb 3-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 167.663420][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 167.678320][ T10] usb 3-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 167.689229][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 167.697352][ T10] usb 3-1: SerialNumber: syz [ 167.707474][ T10] usb 3-1: config 0 descriptor?? [ 167.720225][ T10] uvcvideo 3-1:0.199: Found UVC 0.00 device (0002:0000) [ 167.728213][ T10] uvcvideo 3-1:0.199: No valid video chain found. [ 167.917651][ T5911] usb 3-1: USB disconnect, device number 33 [ 168.107313][ T5911] usb 1-1: USB disconnect, device number 34 [ 168.339981][ T10] usb 2-1: USB disconnect, device number 33 [ 168.412499][ T7477] netlink: 52 bytes leftover after parsing attributes in process `syz.1.527'. [ 168.423457][ T7477] warning: `syz.1.527' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 168.465339][ T5911] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 168.615319][ T5911] usb 1-1: Using ep0 maxpacket: 32 [ 168.637072][ T5911] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 168.647474][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.668087][ T5911] usb 1-1: config 0 descriptor?? [ 169.031155][ T7493] netlink: 72 bytes leftover after parsing attributes in process `syz.3.532'. [ 169.040532][ T5891] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 169.057624][ T5911] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 169.068672][ T5911] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 169.104388][ T5911] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 169.112702][ T5911] usb 1-1: media controller created [ 169.133247][ T5911] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 169.199481][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.215309][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.241651][ T5891] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 169.252181][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.265063][ T5911] az6027: usb out operation failed. (-71) [ 169.279894][ T5911] az6027: usb out operation failed. (-71) [ 169.287150][ T7507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 169.287308][ T5891] usb 3-1: config 0 descriptor?? [ 169.297524][ T7507] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 169.302891][ T5911] stb0899_attach: Driver disabled by Kconfig [ 169.316874][ T5911] az6027: no front-end attached [ 169.316874][ T5911] [ 169.332191][ T5911] az6027: usb out operation failed. (-71) [ 169.338448][ T5911] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 169.350149][ T5911] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input13 [ 169.366099][ T5911] dvb-usb: schedule remote query interval to 400 msecs. [ 169.373170][ T5911] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 169.395716][ T5911] usb 1-1: USB disconnect, device number 35 [ 169.442021][ T5911] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 169.732101][ T5891] hid_parser_main: 4 callbacks suppressed [ 169.732118][ T5891] cp2112 0003:10C4:EA90.001A: unknown main item tag 0x0 [ 169.744941][ T5891] cp2112 0003:10C4:EA90.001A: unknown main item tag 0x0 [ 169.751978][ T5891] cp2112 0003:10C4:EA90.001A: unknown main item tag 0x0 [ 169.759013][ T5891] cp2112 0003:10C4:EA90.001A: unknown main item tag 0x0 [ 169.766178][ T5891] cp2112 0003:10C4:EA90.001A: unknown main item tag 0x0 [ 169.773138][ T5891] cp2112 0003:10C4:EA90.001A: unknown main item tag 0x0 [ 169.780188][ T5891] cp2112 0003:10C4:EA90.001A: unknown main item tag 0x0 [ 169.790119][ T5891] cp2112 0003:10C4:EA90.001A: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 170.100735][ T5891] cp2112 0003:10C4:EA90.001A: error requesting version [ 170.110429][ T5891] cp2112 0003:10C4:EA90.001A: probe with driver cp2112 failed with error -32 [ 170.239301][ T7523] FAULT_INJECTION: forcing a failure. [ 170.239301][ T7523] name failslab, interval 1, probability 0, space 0, times 0 [ 170.243367][ T7525] FAULT_INJECTION: forcing a failure. [ 170.243367][ T7525] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 170.281100][ T7525] CPU: 0 UID: 0 PID: 7525 Comm: syz.1.541 Not tainted syzkaller #0 PREEMPT(full) [ 170.281124][ T7525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 170.281133][ T7525] Call Trace: [ 170.281140][ T7525] [ 170.281147][ T7525] dump_stack_lvl+0x189/0x250 [ 170.281173][ T7525] ? __pfx____ratelimit+0x10/0x10 [ 170.281194][ T7525] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.281216][ T7525] ? __pfx__printk+0x10/0x10 [ 170.281239][ T7525] ? fs_reclaim_acquire+0x7d/0x100 [ 170.281268][ T7525] should_fail_ex+0x414/0x560 [ 170.281302][ T7525] prepare_alloc_pages+0x22b/0x650 [ 170.281330][ T7525] __alloc_frozen_pages_noprof+0x123/0x370 [ 170.281350][ T7525] ? save_fpregs_to_fpstate+0xa3/0x210 [ 170.281375][ T7525] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 170.281400][ T7525] ? __switch_to+0xdd1/0x16a0 [ 170.281435][ T7525] ? policy_nodemask+0x27c/0x720 [ 170.281455][ T7525] ? __lock_acquire+0xab9/0xd20 [ 170.281479][ T7525] alloc_pages_mpol+0x232/0x4a0 [ 170.281505][ T7525] vma_alloc_folio_noprof+0xe4/0x200 [ 170.281529][ T7525] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 170.281563][ T7525] folio_prealloc+0x30/0x180 [ 170.281592][ T7525] do_pte_missing+0x14e7/0x3380 [ 170.281632][ T7525] handle_mm_fault+0x1b48/0x32c0 [ 170.281670][ T7525] ? handle_mm_fault+0xdb/0x32c0 [ 170.281704][ T7525] ? __pfx_handle_mm_fault+0x10/0x10 [ 170.281749][ T7525] ? lock_mm_and_find_vma+0x9c/0x300 [ 170.281770][ T7525] do_user_addr_fault+0x764/0x1380 [ 170.281808][ T7525] exc_page_fault+0x82/0x100 [ 170.281831][ T7525] asm_exc_page_fault+0x26/0x30 [ 170.281848][ T7525] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 170.281873][ T7525] Code: 58 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 170.281888][ T7525] RSP: 0018:ffffc90019d97898 EFLAGS: 00050206 [ 170.281905][ T7525] RAX: ffffffff8496f901 RBX: ffff888079584000 RCX: 0000000000000096 [ 170.281918][ T7525] RDX: 0000000000000000 RSI: ffff888079584000 RDI: 0000200000004340 [ 170.281930][ T7525] RBP: ffffc90019d97a10 R08: ffff888079584095 R09: 1ffff1100f2b0812 [ 170.281943][ T7525] R10: dffffc0000000000 R11: ffffed100f2b0813 R12: dffffc0000000000 [ 170.281956][ T7525] R13: 0000000000000000 R14: 00007ffffffff000 R15: 0000000000000096 [ 170.281976][ T7525] ? _copy_to_iter+0x421/0x1790 [ 170.282009][ T7525] _copy_to_iter+0x493/0x1790 [ 170.282032][ T7525] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 170.282067][ T7525] ? __pfx__copy_to_iter+0x10/0x10 [ 170.282110][ T7525] seq_read_iter+0xbf5/0xe20 [ 170.282153][ T7525] seq_read+0x369/0x480 [ 170.282180][ T7525] ? __pfx_seq_read+0x10/0x10 [ 170.282197][ T7525] ? __pfx___mutex_trylock_common+0x10/0x10 [ 170.282237][ T7525] ? __pfx_seq_read+0x10/0x10 [ 170.282250][ T7525] proc_reg_read+0x1e9/0x2e0 [ 170.282270][ T7525] ? __pfx_proc_reg_read+0x10/0x10 [ 170.282292][ T7525] vfs_read+0x200/0xa30 [ 170.282316][ T7525] ? fdget_pos+0x247/0x320 [ 170.282341][ T7525] ? __pfx___mutex_lock+0x10/0x10 [ 170.282363][ T7525] ? __pfx_vfs_read+0x10/0x10 [ 170.282389][ T7525] ? __fget_files+0x2a/0x420 [ 170.282419][ T7525] ? __fget_files+0x3a0/0x420 [ 170.282438][ T7525] ? __fget_files+0x2a/0x420 [ 170.282469][ T7525] ksys_read+0x145/0x250 [ 170.282496][ T7525] ? __pfx_ksys_read+0x10/0x10 [ 170.282525][ T7525] ? do_syscall_64+0xbe/0xfa0 [ 170.282550][ T7525] do_syscall_64+0xfa/0xfa0 [ 170.282571][ T7525] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.282589][ T7525] ? clear_bhb_loop+0x60/0xb0 [ 170.282610][ T7525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.282627][ T7525] RIP: 0033:0x7faf3278f749 [ 170.282643][ T7525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.282657][ T7525] RSP: 002b:00007faf309ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 170.282674][ T7525] RAX: ffffffffffffffda RBX: 00007faf329e5fa0 RCX: 00007faf3278f749 [ 170.282687][ T7525] RDX: 000000000000207d RSI: 0000200000004340 RDI: 0000000000000004 [ 170.282699][ T7525] RBP: 00007faf309ee090 R08: 0000000000000000 R09: 0000000000000000 [ 170.282709][ T7525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.282720][ T7525] R13: 00007faf329e6038 R14: 00007faf329e5fa0 R15: 00007fff110e2d28 [ 170.282753][ T7525] [ 170.296119][ T7523] CPU: 1 UID: 0 PID: 7523 Comm: syz.0.536 Not tainted syzkaller #0 PREEMPT(full) [ 170.296142][ T7523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 170.296153][ T7523] Call Trace: [ 170.296167][ T7523] [ 170.296175][ T7523] dump_stack_lvl+0x189/0x250 [ 170.296201][ T7523] ? __pfx____ratelimit+0x10/0x10 [ 170.296220][ T7523] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.296241][ T7523] ? __pfx__printk+0x10/0x10 [ 170.296266][ T7523] ? __pfx___might_resched+0x10/0x10 [ 170.296284][ T7523] ? fs_reclaim_acquire+0x7d/0x100 [ 170.296306][ T7523] should_fail_ex+0x414/0x560 [ 170.296333][ T7523] should_failslab+0xa8/0x100 [ 170.296356][ T7523] kmem_cache_alloc_noprof+0x88/0x700 [ 170.296381][ T7523] ? getname_flags+0xb8/0x540 [ 170.296404][ T7523] getname_flags+0xb8/0x540 [ 170.296427][ T7523] __x64_sys_rmdir+0x3a/0x50 [ 170.296443][ T7523] do_syscall_64+0xfa/0xfa0 [ 170.296464][ T7523] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.296481][ T7523] ? clear_bhb_loop+0x60/0xb0 [ 170.296502][ T7523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.296519][ T7523] RIP: 0033:0x7f085e78f749 [ 170.296535][ T7523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.296550][ T7523] RSP: 002b:00007f085f661038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 170.296569][ T7523] RAX: ffffffffffffffda RBX: 00007f085e9e6180 RCX: 00007f085e78f749 [ 170.296583][ T7523] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000380 [ 170.296593][ T7523] RBP: 00007f085f661090 R08: 0000000000000000 R09: 0000000000000000 [ 170.296604][ T7523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.296615][ T7523] R13: 00007f085e9e6218 R14: 00007f085e9e6180 R15: 00007ffc14c5d278 [ 170.296645][ T7523] [ 171.515383][ T5891] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 171.692164][ T5891] usb 1-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 171.701565][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.709896][ T5891] usb 1-1: Product: syz [ 171.714115][ T5891] usb 1-1: Manufacturer: syz [ 171.720044][ T5891] usb 1-1: SerialNumber: syz [ 171.726853][ T5891] usb 1-1: config 0 descriptor?? [ 171.734360][ T5891] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 172.095377][ T981] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 172.157998][ T5891] gspca_sq905c: sq905c_read: usb_control_msg failed (-71) [ 172.177159][ T5891] sq905c 1-1:0.0: Reading version command failed [ 172.185852][ T5891] sq905c 1-1:0.0: probe with driver sq905c failed with error -71 [ 172.197718][ T5891] usb 1-1: USB disconnect, device number 36 [ 172.255278][ T981] usb 2-1: Using ep0 maxpacket: 16 [ 172.262114][ T981] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00 [ 172.271546][ T981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.293898][ T5911] usb 3-1: USB disconnect, device number 34 [ 172.321257][ T981] usb 2-1: config 0 descriptor?? [ 172.333059][ T981] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 172.361278][ T981] usb 2-1: Detected FT4232H [ 172.377445][ T7560] netlink: 'syz.2.552': attribute type 46 has an invalid length. [ 172.533669][ T7550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 172.542531][ T7550] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 172.559707][ T7550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 172.576167][ T7550] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 172.586182][ T981] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 172.594445][ T981] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 172.604035][ T981] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 172.614833][ T981] usb 2-1: USB disconnect, device number 34 [ 172.624559][ T981] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 172.637708][ T981] ftdi_sio 2-1:0.0: device disconnected [ 172.705311][ T5911] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 172.733509][ T7563] FAULT_INJECTION: forcing a failure. [ 172.733509][ T7563] name failslab, interval 1, probability 0, space 0, times 0 [ 172.746764][ T7563] CPU: 1 UID: 0 PID: 7563 Comm: syz.0.553 Not tainted syzkaller #0 PREEMPT(full) [ 172.746781][ T7563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 172.746787][ T7563] Call Trace: [ 172.746791][ T7563] [ 172.746796][ T7563] dump_stack_lvl+0x189/0x250 [ 172.746814][ T7563] ? __pfx____ratelimit+0x10/0x10 [ 172.746826][ T7563] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.746837][ T7563] ? __pfx__printk+0x10/0x10 [ 172.746851][ T7563] ? __pfx___might_resched+0x10/0x10 [ 172.746862][ T7563] ? fs_reclaim_acquire+0x7d/0x100 [ 172.746875][ T7563] should_fail_ex+0x414/0x560 [ 172.746891][ T7563] should_failslab+0xa8/0x100 [ 172.746908][ T7563] kmem_cache_alloc_noprof+0x88/0x700 [ 172.746923][ T7563] ? vm_area_alloc+0x24/0x140 [ 172.746935][ T7563] vm_area_alloc+0x24/0x140 [ 172.746945][ T7563] mmap_region+0xdea/0x1d40 [ 172.746966][ T7563] ? finish_task_switch+0x23d/0x960 [ 172.746984][ T7563] ? __pfx_mmap_region+0x10/0x10 [ 172.747000][ T7563] ? trace_sched_exit_tp+0x36/0x110 [ 172.747008][ T7563] ? __schedule+0x14d2/0x5030 [ 172.747069][ T7563] ? aa_file_perm+0x139/0x1540 [ 172.747086][ T7563] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 172.747119][ T7563] ? bpf_lsm_mmap_addr+0x9/0x20 [ 172.747131][ T7563] ? security_mmap_addr+0x71/0x270 [ 172.747143][ T7563] ? shmem_mapping+0xd/0x50 [ 172.747153][ T7563] ? memfd_check_seals_mmap+0xc5/0x200 [ 172.747167][ T7563] do_mmap+0xc45/0x10d0 [ 172.747188][ T7563] ? __pfx_do_mmap+0x10/0x10 [ 172.747198][ T7563] ? down_write_killable+0x178/0x230 [ 172.747212][ T7563] ? __pfx_down_write_killable+0x10/0x10 [ 172.747226][ T7563] ? common_file_perm+0x1b5/0x230 [ 172.747244][ T7563] vm_mmap_pgoff+0x2a6/0x4d0 [ 172.747261][ T7563] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 172.747273][ T7563] ? __fget_files+0x2a/0x420 [ 172.747286][ T7563] ? __fget_files+0x2a/0x420 [ 172.747297][ T7563] ? __fget_files+0x2a/0x420 [ 172.747310][ T7563] ksys_mmap_pgoff+0x51f/0x760 [ 172.747326][ T7563] do_syscall_64+0xfa/0xfa0 [ 172.747339][ T7563] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.747348][ T7563] ? clear_bhb_loop+0x60/0xb0 [ 172.747360][ T7563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.747369][ T7563] RIP: 0033:0x7f085e78f749 [ 172.747379][ T7563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.747387][ T7563] RSP: 002b:00007f085f6a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 172.747399][ T7563] RAX: ffffffffffffffda RBX: 00007f085e9e5fa0 RCX: 00007f085e78f749 [ 172.747406][ T7563] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000001000 [ 172.747412][ T7563] RBP: 00007f085f6a3090 R08: 0000000000000003 R09: 0000000018bb6000 [ 172.747418][ T7563] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 172.747424][ T7563] R13: 00007f085e9e6038 R14: 00007f085e9e5fa0 R15: 00007ffc14c5d278 [ 172.747445][ T7563] [ 173.126056][ T5911] usb 3-1: Using ep0 maxpacket: 32 [ 173.133274][ T5911] usb 3-1: unable to get BOS descriptor or descriptor too short [ 173.178795][ T7568] binder: 7564:7568 ioctl d0009411 200000001340 returned -22 [ 173.207534][ T5911] usb 3-1: config 128 has an invalid interface number: 127 but max is 3 [ 173.219034][ T5911] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 173.229411][ T5911] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 173.238850][ T5911] usb 3-1: config 128 has no interface number 0 [ 173.245143][ T5911] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 1828, setting to 1024 [ 173.256705][ T5911] usb 3-1: config 128 interface 127 has no altsetting 0 [ 173.266384][ T5911] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 173.275539][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.283569][ T5911] usb 3-1: Product: syz [ 173.288085][ T5911] usb 3-1: Manufacturer: syz [ 173.292693][ T5911] usb 3-1: SerialNumber: syz [ 173.300817][ T7560] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 173.439187][ T30] audit: type=1326 audit(1763739849.432:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.0.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f085e78f749 code=0x7ffc0000 [ 173.470406][ T30] audit: type=1326 audit(1763739849.462:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.0.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f085e78df90 code=0x7ffc0000 [ 173.496889][ T30] audit: type=1326 audit(1763739849.462:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.0.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f085e78f34b code=0x7ffc0000 [ 173.524146][ T7560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 173.534033][ T7560] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 173.549462][ T30] audit: type=1326 audit(1763739849.462:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.0.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f085e78f34b code=0x7ffc0000 [ 173.571900][ T30] audit: type=1326 audit(1763739849.462:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.0.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f085e78f34b code=0x7ffc0000 [ 173.599184][ T5911] usb 3-1: USB disconnect, device number 35 [ 173.603829][ T30] audit: type=1326 audit(1763739849.462:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.0.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f085e78f34b code=0x7ffc0000 [ 173.628042][ T5830] udevd[5830]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 173.672818][ T30] audit: type=1326 audit(1763739849.592:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.0.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f085e78f34b code=0x7ffc0000 [ 173.697727][ T30] audit: type=1326 audit(1763739849.662:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.0.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f085e78f34b code=0x7ffc0000 [ 173.725302][ T5927] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 173.733386][ T30] audit: type=1326 audit(1763739849.722:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.0.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f085e78f34b code=0x7ffc0000 [ 173.757081][ T30] audit: type=1326 audit(1763739849.752:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.0.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f085e78f34b code=0x7ffc0000 [ 173.910756][ T5927] usb 1-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 173.920662][ T5927] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.929537][ T5927] usb 1-1: Product: syz [ 173.933983][ T5927] usb 1-1: Manufacturer: syz [ 173.938761][ T5927] usb 1-1: SerialNumber: syz [ 173.946267][ T5927] usb 1-1: config 0 descriptor?? [ 173.954248][ T5927] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 173.965653][ T5927] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 173.975323][ T845] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 173.983152][ T5927] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 173.992587][ T5927] usb 1-1: media controller created [ 174.007884][ T5927] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 174.046749][ T5927] DVB: Unable to find symbol mt352_attach() [ 174.073733][ T5927] DVB: Unable to find symbol nxt6000_attach() [ 174.080043][ T5927] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 174.093080][ T5927] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input14 [ 174.113245][ T5927] dvb-usb: schedule remote query interval to 1000 msecs. [ 174.121313][ T5927] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 174.132440][ T5927] dvb-usb: bulk message failed: -22 (7/0) [ 174.139389][ T5927] dvb-usb: bulk message failed: -22 (7/0) [ 174.146006][ T845] usb 2-1: Using ep0 maxpacket: 32 [ 174.155112][ T845] usb 2-1: config 0 has an invalid interface number: 141 but max is 0 [ 174.169272][ T7579] digitv: more than 2 i2c messages at a time is not handled yet. TODO. [ 174.186232][ T7579] dvb-usb: bulk message failed: -22 (7/0) [ 174.195506][ T845] usb 2-1: config 0 has no interface number 0 [ 174.213763][ T845] usb 2-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice= d.65 [ 174.232744][ T7579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 174.243855][ T845] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.245498][ T7579] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 174.272486][ T845] usb 2-1: Product: syz [ 174.286530][ T845] usb 2-1: Manufacturer: syz [ 174.296127][ T845] usb 2-1: SerialNumber: syz [ 174.307389][ T845] usb 2-1: config 0 descriptor?? [ 174.319490][ T7591] binder_alloc: 7590: binder_alloc_buf size 4120 failed, no address space [ 174.328944][ T845] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 174.333129][ T7591] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 4096 (num: 1 largest: 4096) [ 174.350732][ T7591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 174.359610][ T7591] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 174.415296][ T5911] usb 3-1: new full-speed USB device number 36 using dummy_hcd [ 174.545327][ T5911] usb 3-1: device descriptor read/64, error -71 [ 174.785294][ T5911] usb 3-1: new full-speed USB device number 37 using dummy_hcd [ 174.915661][ T5911] usb 3-1: device descriptor read/64, error -71 [ 174.923197][ T845] gspca_vc032x: reg_r err -71 [ 174.933802][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 174.939806][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 174.945118][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 174.953929][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 174.959583][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 174.964893][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 174.971476][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 174.977014][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 174.982316][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 174.988077][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 174.993385][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 174.998993][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 175.004289][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 175.011852][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 175.017390][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 175.022683][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 175.029332][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 175.034698][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 175.035743][ T5911] usb usb3-port1: attempt power cycle [ 175.040417][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 175.048854][ T7598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.051749][ T845] gspca_vc032x: Unknown sensor... [ 175.062814][ T7598] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.073251][ T845] vc032x 2-1:0.141: probe with driver vc032x failed with error -22 [ 175.085919][ T845] usb 2-1: USB disconnect, device number 35 [ 175.145346][ T5927] dvb-usb: bulk message failed: -22 (7/0) [ 175.151221][ T5927] dvb-usb: error while querying for an remote control event. [ 175.395650][ T5911] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 175.416036][ T5911] usb 3-1: device descriptor read/8, error -71 [ 175.502035][ T7601] FAULT_INJECTION: forcing a failure. [ 175.502035][ T7601] name failslab, interval 1, probability 0, space 0, times 0 [ 175.514848][ T7601] CPU: 1 UID: 0 PID: 7601 Comm: syz.1.566 Not tainted syzkaller #0 PREEMPT(full) [ 175.514864][ T7601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 175.514870][ T7601] Call Trace: [ 175.514877][ T7601] [ 175.514883][ T7601] dump_stack_lvl+0x189/0x250 [ 175.514900][ T7601] ? __pfx____ratelimit+0x10/0x10 [ 175.514914][ T7601] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.514933][ T7601] ? __pfx__printk+0x10/0x10 [ 175.514948][ T7601] ? __pfx___might_resched+0x10/0x10 [ 175.514959][ T7601] ? fs_reclaim_acquire+0x7d/0x100 [ 175.514971][ T7601] should_fail_ex+0x414/0x560 [ 175.514987][ T7601] should_failslab+0xa8/0x100 [ 175.514999][ T7601] __kmalloc_noprof+0xdf/0x800 [ 175.515014][ T7601] ? tomoyo_encode+0x28b/0x550 [ 175.515031][ T7601] tomoyo_encode+0x28b/0x550 [ 175.515048][ T7601] tomoyo_realpath_from_path+0x58d/0x5d0 [ 175.515067][ T7601] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 175.515079][ T7601] tomoyo_path_number_perm+0x1e8/0x5a0 [ 175.515093][ T7601] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 175.515124][ T7601] ? __fget_files+0x2a/0x420 [ 175.515139][ T7601] ? __fget_files+0x3a0/0x420 [ 175.515149][ T7601] ? __fget_files+0x2a/0x420 [ 175.515162][ T7601] security_file_ioctl+0xcb/0x2d0 [ 175.515174][ T7601] __se_sys_ioctl+0x47/0x170 [ 175.515197][ T7601] do_syscall_64+0xfa/0xfa0 [ 175.515217][ T7601] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.515233][ T7601] ? clear_bhb_loop+0x60/0xb0 [ 175.515252][ T7601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.515268][ T7601] RIP: 0033:0x7faf3278f749 [ 175.515283][ T7601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.515297][ T7601] RSP: 002b:00007faf309ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 175.515315][ T7601] RAX: ffffffffffffffda RBX: 00007faf329e5fa0 RCX: 00007faf3278f749 [ 175.515327][ T7601] RDX: 0000200000000240 RSI: 000000008050640a RDI: 0000000000000003 [ 175.515336][ T7601] RBP: 00007faf309ee090 R08: 0000000000000000 R09: 0000000000000000 [ 175.515342][ T7601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.515348][ T7601] R13: 00007faf329e6038 R14: 00007faf329e5fa0 R15: 00007fff110e2d28 [ 175.515364][ T7601] [ 175.752753][ T7601] ERROR: Out of memory at tomoyo_realpath_from_path. [ 175.887156][ T7608] netlink: 187320 bytes leftover after parsing attributes in process `syz.3.569'. [ 175.896587][ T7608] net_ratelimit: 92 callbacks suppressed [ 175.896604][ T7608] openvswitch: netlink: Key 9 has unexpected len 21752 expected 4 [ 175.925290][ T5911] usb 3-1: new full-speed USB device number 39 using dummy_hcd [ 175.946572][ T5911] usb 3-1: device descriptor read/8, error -71 [ 176.056772][ T5911] usb usb3-port1: unable to enumerate USB device [ 176.123587][ T7616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.134154][ T7616] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.185422][ T5927] dvb-usb: bulk message failed: -22 (7/0) [ 176.191319][ T5927] dvb-usb: error while querying for an remote control event. [ 176.444176][ T5911] usb 1-1: USB disconnect, device number 37 [ 176.508439][ T5911] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 176.716374][ T7626] FAULT_INJECTION: forcing a failure. [ 176.716374][ T7626] name failslab, interval 1, probability 0, space 0, times 0 [ 176.729390][ T7626] CPU: 0 UID: 0 PID: 7626 Comm: syz.3.576 Not tainted syzkaller #0 PREEMPT(full) [ 176.729414][ T7626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 176.729424][ T7626] Call Trace: [ 176.729431][ T7626] [ 176.729438][ T7626] dump_stack_lvl+0x189/0x250 [ 176.729465][ T7626] ? __pfx____ratelimit+0x10/0x10 [ 176.729484][ T7626] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.729504][ T7626] ? __pfx__printk+0x10/0x10 [ 176.729529][ T7626] ? __pfx___might_resched+0x10/0x10 [ 176.729548][ T7626] ? fs_reclaim_acquire+0x7d/0x100 [ 176.729571][ T7626] should_fail_ex+0x414/0x560 [ 176.729598][ T7626] should_failslab+0xa8/0x100 [ 176.729619][ T7626] __kmalloc_noprof+0xdf/0x800 [ 176.729643][ T7626] ? tomoyo_encode+0x28b/0x550 [ 176.729673][ T7626] tomoyo_encode+0x28b/0x550 [ 176.729702][ T7626] tomoyo_realpath_from_path+0x58d/0x5d0 [ 176.729729][ T7626] ? tomoyo_domain+0xd8/0x130 [ 176.729750][ T7626] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 176.729772][ T7626] tomoyo_path_number_perm+0x1e8/0x5a0 [ 176.729796][ T7626] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 176.729862][ T7626] ? __fget_files+0x2a/0x420 [ 176.729888][ T7626] ? __fget_files+0x3a0/0x420 [ 176.729906][ T7626] ? __fget_files+0x2a/0x420 [ 176.729931][ T7626] security_file_ioctl+0xcb/0x2d0 [ 176.729953][ T7626] __se_sys_ioctl+0x47/0x170 [ 176.729980][ T7626] do_syscall_64+0xfa/0xfa0 [ 176.729999][ T7626] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.730016][ T7626] ? clear_bhb_loop+0x60/0xb0 [ 176.730037][ T7626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.730053][ T7626] RIP: 0033:0x7f71b518f749 [ 176.730070][ T7626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.730085][ T7626] RSP: 002b:00007f71b60f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 176.730105][ T7626] RAX: ffffffffffffffda RBX: 00007f71b53e5fa0 RCX: 00007f71b518f749 [ 176.730119][ T7626] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 176.730130][ T7626] RBP: 00007f71b60f9090 R08: 0000000000000000 R09: 0000000000000000 [ 176.730141][ T7626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.730151][ T7626] R13: 00007f71b53e6038 R14: 00007f71b53e5fa0 R15: 00007ffd3291ac28 [ 176.730182][ T7626] [ 176.730202][ T7626] ERROR: Out of memory at tomoyo_realpath_from_path. [ 177.374367][ T7647] FAULT_INJECTION: forcing a failure. [ 177.374367][ T7647] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.391197][ T7647] CPU: 0 UID: 0 PID: 7647 Comm: syz.3.583 Not tainted syzkaller #0 PREEMPT(full) [ 177.391222][ T7647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 177.391233][ T7647] Call Trace: [ 177.391240][ T7647] [ 177.391247][ T7647] dump_stack_lvl+0x189/0x250 [ 177.391274][ T7647] ? __pfx____ratelimit+0x10/0x10 [ 177.391293][ T7647] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.391314][ T7647] ? __pfx__printk+0x10/0x10 [ 177.391334][ T7647] ? __might_fault+0xb0/0x130 [ 177.391369][ T7647] should_fail_ex+0x414/0x560 [ 177.391395][ T7647] _copy_from_user+0x2d/0xb0 [ 177.391413][ T7647] do_sys_poll+0x242/0x1070 [ 177.391448][ T7647] ? __pfx_do_sys_poll+0x10/0x10 [ 177.391530][ T7647] ? __lock_acquire+0xab9/0xd20 [ 177.391583][ T7647] ? set_user_sigmask+0xc7/0x1b0 [ 177.391602][ T7647] ? __pfx_set_user_sigmask+0x10/0x10 [ 177.391621][ T7647] ? __fget_files+0x3a0/0x420 [ 177.391649][ T7647] __se_sys_ppoll+0x1ff/0x260 [ 177.391670][ T7647] ? __pfx___se_sys_ppoll+0x10/0x10 [ 177.391689][ T7647] ? __pfx_ksys_write+0x10/0x10 [ 177.391709][ T7647] ? do_syscall_64+0xbe/0xfa0 [ 177.391727][ T7647] ? __x64_sys_ppoll+0x20/0xc0 [ 177.391747][ T7647] do_syscall_64+0xfa/0xfa0 [ 177.391774][ T7647] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.391792][ T7647] ? clear_bhb_loop+0x60/0xb0 [ 177.391813][ T7647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.391830][ T7647] RIP: 0033:0x7f71b518f749 [ 177.391847][ T7647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.391862][ T7647] RSP: 002b:00007f71b60f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 177.391881][ T7647] RAX: ffffffffffffffda RBX: 00007f71b53e5fa0 RCX: 00007f71b518f749 [ 177.391895][ T7647] RDX: 0000200000000140 RSI: 0000000000000001 RDI: 0000200000000080 [ 177.391907][ T7647] RBP: 00007f71b60f9090 R08: 0000000000000000 R09: 0000000000000000 [ 177.391918][ T7647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.391929][ T7647] R13: 00007f71b53e6038 R14: 00007f71b53e5fa0 R15: 00007ffd3291ac28 [ 177.391959][ T7647] [ 177.676441][ T7653] tmpfs: Group quota block hardlimit too large. [ 177.965079][ T7669] netlink: 187320 bytes leftover after parsing attributes in process `syz.0.592'. [ 177.975874][ T7669] openvswitch: netlink: Key 9 has unexpected len 21752 expected 4 [ 178.074054][ T7673] FAULT_INJECTION: forcing a failure. [ 178.074054][ T7673] name failslab, interval 1, probability 0, space 0, times 0 [ 178.086935][ T7673] CPU: 0 UID: 0 PID: 7673 Comm: syz.3.594 Not tainted syzkaller #0 PREEMPT(full) [ 178.086959][ T7673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 178.086972][ T7673] Call Trace: [ 178.086979][ T7673] [ 178.086986][ T7673] dump_stack_lvl+0x189/0x250 [ 178.087023][ T7673] ? __pfx____ratelimit+0x10/0x10 [ 178.087043][ T7673] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.087064][ T7673] ? __pfx__printk+0x10/0x10 [ 178.087090][ T7673] ? __pfx___might_resched+0x10/0x10 [ 178.087108][ T7673] ? fs_reclaim_acquire+0x7d/0x100 [ 178.087132][ T7673] should_fail_ex+0x414/0x560 [ 178.087158][ T7673] should_failslab+0xa8/0x100 [ 178.087180][ T7673] __kmalloc_noprof+0xdf/0x800 [ 178.087204][ T7673] ? tomoyo_encode+0x28b/0x550 [ 178.087234][ T7673] tomoyo_encode+0x28b/0x550 [ 178.087263][ T7673] tomoyo_realpath_from_path+0x58d/0x5d0 [ 178.087290][ T7673] ? tomoyo_domain+0xd8/0x130 [ 178.087312][ T7673] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 178.087334][ T7673] tomoyo_path_number_perm+0x1e8/0x5a0 [ 178.087358][ T7673] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 178.087415][ T7673] ? __fget_files+0x2a/0x420 [ 178.087440][ T7673] ? __fget_files+0x3a0/0x420 [ 178.087459][ T7673] ? __fget_files+0x2a/0x420 [ 178.087483][ T7673] security_file_ioctl+0xcb/0x2d0 [ 178.087512][ T7673] __se_sys_ioctl+0x47/0x170 [ 178.087538][ T7673] do_syscall_64+0xfa/0xfa0 [ 178.087558][ T7673] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.087575][ T7673] ? clear_bhb_loop+0x60/0xb0 [ 178.087596][ T7673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.087613][ T7673] RIP: 0033:0x7f71b518f749 [ 178.087633][ T7673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.087647][ T7673] RSP: 002b:00007f71b60f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 178.087673][ T7673] RAX: ffffffffffffffda RBX: 00007f71b53e5fa0 RCX: 00007f71b518f749 [ 178.087685][ T7673] RDX: 0000200000000040 RSI: 000000004008ae90 RDI: 0000000000000005 [ 178.087695][ T7673] RBP: 00007f71b60f9090 R08: 0000000000000000 R09: 0000000000000000 [ 178.087706][ T7673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.087716][ T7673] R13: 00007f71b53e6038 R14: 00007f71b53e5fa0 R15: 00007ffd3291ac28 [ 178.087746][ T7673] [ 178.087765][ T7673] ERROR: Out of memory at tomoyo_realpath_from_path. [ 178.126440][ T7671] FAULT_INJECTION: forcing a failure. [ 178.126440][ T7671] name failslab, interval 1, probability 0, space 0, times 0 [ 178.338896][ T7671] CPU: 1 UID: 0 PID: 7671 Comm: syz.0.593 Not tainted syzkaller #0 PREEMPT(full) [ 178.338919][ T7671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 178.338926][ T7671] Call Trace: [ 178.338931][ T7671] [ 178.338936][ T7671] dump_stack_lvl+0x189/0x250 [ 178.338952][ T7671] ? __pfx____ratelimit+0x10/0x10 [ 178.338963][ T7671] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.338975][ T7671] ? __pfx__printk+0x10/0x10 [ 178.338990][ T7671] ? __pfx___might_resched+0x10/0x10 [ 178.339004][ T7671] should_fail_ex+0x414/0x560 [ 178.339020][ T7671] should_failslab+0xa8/0x100 [ 178.339033][ T7671] __kmalloc_noprof+0xdf/0x800 [ 178.339048][ T7671] ? fuse_direct_io+0x35e/0x2a70 [ 178.339065][ T7671] fuse_direct_io+0x35e/0x2a70 [ 178.339080][ T7671] ? __lock_acquire+0xab9/0xd20 [ 178.339101][ T7671] ? aa_file_perm+0x44c/0x1540 [ 178.339115][ T7671] ? __pfx_fuse_direct_io+0x10/0x10 [ 178.339126][ T7671] ? generic_write_checks_count+0x43e/0x540 [ 178.339146][ T7671] fuse_file_write_iter+0x6f2/0x10a0 [ 178.339163][ T7671] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 178.339183][ T7671] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 178.339210][ T7671] vfs_write+0x5c9/0xb30 [ 178.339228][ T7671] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 178.339242][ T7671] ? __pfx_vfs_write+0x10/0x10 [ 178.339261][ T7671] ? __fget_files+0x2a/0x420 [ 178.339277][ T7671] ksys_write+0x145/0x250 [ 178.339288][ T7671] ? __pfx_ksys_write+0x10/0x10 [ 178.339298][ T7671] ? do_syscall_64+0xbe/0xfa0 [ 178.339312][ T7671] do_syscall_64+0xfa/0xfa0 [ 178.339324][ T7671] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.339333][ T7671] ? clear_bhb_loop+0x60/0xb0 [ 178.339345][ T7671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.339354][ T7671] RIP: 0033:0x7f085e78f749 [ 178.339364][ T7671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.339373][ T7671] RSP: 002b:00007f085f6a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.339384][ T7671] RAX: ffffffffffffffda RBX: 00007f085e9e5fa0 RCX: 00007f085e78f749 [ 178.339391][ T7671] RDX: 000000000000effd RSI: 0000000000000000 RDI: 0000000000000004 [ 178.339397][ T7671] RBP: 00007f085f6a3090 R08: 0000000000000000 R09: 0000000000000000 [ 178.339403][ T7671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.339409][ T7671] R13: 00007f085e9e6038 R14: 00007f085e9e5fa0 R15: 00007ffc14c5d278 [ 178.339426][ T7671] [ 178.652455][ T7679] netlink: 12 bytes leftover after parsing attributes in process `syz.2.595'. [ 178.801401][ T7688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.811967][ T7688] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.350192][ T5829] Bluetooth: hci2: SCO packet for unknown connection handle 1 [ 179.354534][ T5829] Bluetooth: Unexpected continuation frame (len 24) [ 179.371130][ T5829] Bluetooth: hci2: unexpected event 0x07 length: 40 < 255 [ 179.380802][ T5829] Bluetooth: hci2: hardware error 0xcf [ 179.661530][ T7703] FAULT_INJECTION: forcing a failure. [ 179.661530][ T7703] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.675450][ T7703] CPU: 0 UID: 0 PID: 7703 Comm: syz.2.605 Not tainted syzkaller #0 PREEMPT(full) [ 179.675476][ T7703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 179.675486][ T7703] Call Trace: [ 179.675493][ T7703] [ 179.675501][ T7703] dump_stack_lvl+0x189/0x250 [ 179.675528][ T7703] ? __pfx____ratelimit+0x10/0x10 [ 179.675546][ T7703] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.675567][ T7703] ? __pfx__printk+0x10/0x10 [ 179.675587][ T7703] ? __might_fault+0xb0/0x130 [ 179.675620][ T7703] should_fail_ex+0x414/0x560 [ 179.675647][ T7703] _copy_from_iter+0x1cd/0x1630 [ 179.675673][ T7703] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 179.675692][ T7703] ? __pfx__copy_from_iter+0x10/0x10 [ 179.675707][ T7703] ? dev_get_by_index+0x22/0x2f0 [ 179.675720][ T7703] ? dev_get_by_index+0x22/0x2f0 [ 179.675734][ T7703] packet_sendmsg+0x307f/0x50a0 [ 179.675750][ T7703] ? aa_pivotroot+0xff0/0x13c0 [ 179.675772][ T7703] ? __pfx___might_resched+0x10/0x10 [ 179.675784][ T7703] ? __lock_acquire+0xab9/0xd20 [ 179.675802][ T7703] ? __pfx_packet_sendmsg+0x10/0x10 [ 179.675811][ T7703] ? aa_sk_perm+0x81c/0x950 [ 179.675826][ T7703] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 179.675844][ T7703] ? aa_sock_msg_perm+0xf1/0x1d0 [ 179.675859][ T7703] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 179.675869][ T7703] ? __pfx_packet_sendmsg+0x10/0x10 [ 179.675878][ T7703] __sock_sendmsg+0x21c/0x270 [ 179.675893][ T7703] __sys_sendto+0x3bd/0x520 [ 179.675909][ T7703] ? __pfx___sys_sendto+0x10/0x10 [ 179.675921][ T7703] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 179.675939][ T7703] ? __fget_files+0x3a0/0x420 [ 179.675957][ T7703] ? ksys_write+0x22a/0x250 [ 179.675967][ T7703] ? __pfx_ksys_write+0x10/0x10 [ 179.675983][ T7703] __x64_sys_sendto+0xde/0x100 [ 179.675999][ T7703] do_syscall_64+0xfa/0xfa0 [ 179.676011][ T7703] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.676021][ T7703] ? clear_bhb_loop+0x60/0xb0 [ 179.676032][ T7703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.676041][ T7703] RIP: 0033:0x7f77de18f749 [ 179.676051][ T7703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.676059][ T7703] RSP: 002b:00007f77df0f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 179.676071][ T7703] RAX: ffffffffffffffda RBX: 00007f77de3e5fa0 RCX: 00007f77de18f749 [ 179.676078][ T7703] RDX: 000000000000ff88 RSI: 0000200000000180 RDI: 0000000000000003 [ 179.676088][ T7703] RBP: 00007f77df0f4090 R08: 0000200000000140 R09: 0000000000000014 [ 179.676095][ T7703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 179.676101][ T7703] R13: 00007f77de3e6038 R14: 00007f77de3e5fa0 R15: 00007ffe31671f78 [ 179.676116][ T7703] [ 180.076466][ T7711] FAULT_INJECTION: forcing a failure. [ 180.076466][ T7711] name failslab, interval 1, probability 0, space 0, times 0 [ 180.104780][ T7711] CPU: 1 UID: 0 PID: 7711 Comm: syz.0.609 Not tainted syzkaller #0 PREEMPT(full) [ 180.104806][ T7711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 180.104817][ T7711] Call Trace: [ 180.104824][ T7711] [ 180.104831][ T7711] dump_stack_lvl+0x189/0x250 [ 180.104857][ T7711] ? __pfx____ratelimit+0x10/0x10 [ 180.104876][ T7711] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.104896][ T7711] ? __pfx__printk+0x10/0x10 [ 180.104931][ T7711] ? __pfx___might_resched+0x10/0x10 [ 180.104949][ T7711] ? fs_reclaim_acquire+0x7d/0x100 [ 180.104970][ T7711] should_fail_ex+0x414/0x560 [ 180.104994][ T7711] should_failslab+0xa8/0x100 [ 180.105015][ T7711] __kmalloc_noprof+0xdf/0x800 [ 180.105038][ T7711] ? tomoyo_encode+0x28b/0x550 [ 180.105065][ T7711] tomoyo_encode+0x28b/0x550 [ 180.105092][ T7711] tomoyo_realpath_from_path+0x58d/0x5d0 [ 180.105127][ T7711] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 180.105147][ T7711] tomoyo_path_number_perm+0x1e8/0x5a0 [ 180.105171][ T7711] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 180.105228][ T7711] ? __fget_files+0x2a/0x420 [ 180.105252][ T7711] ? __fget_files+0x3a0/0x420 [ 180.105270][ T7711] ? __fget_files+0x2a/0x420 [ 180.105300][ T7711] security_file_ioctl+0xcb/0x2d0 [ 180.105320][ T7711] __se_sys_ioctl+0x47/0x170 [ 180.105346][ T7711] do_syscall_64+0xfa/0xfa0 [ 180.105365][ T7711] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.105380][ T7711] ? clear_bhb_loop+0x60/0xb0 [ 180.105400][ T7711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.105415][ T7711] RIP: 0033:0x7f085e78f749 [ 180.105431][ T7711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.105444][ T7711] RSP: 002b:00007f085f6a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 180.105461][ T7711] RAX: ffffffffffffffda RBX: 00007f085e9e5fa0 RCX: 00007f085e78f749 [ 180.105472][ T7711] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003 [ 180.105483][ T7711] RBP: 00007f085f6a3090 R08: 0000000000000000 R09: 0000000000000000 [ 180.105493][ T7711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 180.105502][ T7711] R13: 00007f085e9e6038 R14: 00007f085e9e5fa0 R15: 00007ffc14c5d278 [ 180.105530][ T7711] [ 180.331965][ T7714] ieee802154 phy0 wpan0: encryption failed: -90 [ 180.359352][ T7711] ERROR: Out of memory at tomoyo_realpath_from_path. [ 180.367763][ T7711] loop8: detected capacity change from 0 to 7 [ 180.380918][ T7711] Dev loop8: unable to read RDB block 7 [ 180.386731][ T7711] loop8: unable to read partition table [ 180.392585][ T7711] loop8: partition table beyond EOD, truncated [ 180.400534][ T7711] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 180.414505][ T7716] IPVS: set_ctl: invalid protocol: 0 172.20.20.45:20000 [ 180.453588][ T7716] 8021q: VLANs not supported on ip_vti0 [ 180.591052][ T7722] loop8: detected capacity change from 0 to 7 [ 180.599473][ T7724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.609758][ T7724] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.626936][ T7722] Dev loop8: unable to read RDB block 7 [ 180.639397][ T7722] loop8: unable to read partition table [ 180.645587][ T7722] loop8: partition table beyond EOD, truncated [ 180.653452][ T7722] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 180.751146][ T7730] netlink: 204 bytes leftover after parsing attributes in process `syz.2.616'. [ 180.760893][ T7728] netlink: 204 bytes leftover after parsing attributes in process `syz.2.616'. [ 181.159514][ T7746] netlink: 220 bytes leftover after parsing attributes in process `syz.3.622'. [ 181.165330][ T10] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 181.177088][ T845] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 181.187048][ T7746] netlink: 'syz.3.622': attribute type 16 has an invalid length. [ 181.245365][ T5927] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 181.313266][ T7750] FAULT_INJECTION: forcing a failure. [ 181.313266][ T7750] name failslab, interval 1, probability 0, space 0, times 0 [ 181.326121][ T845] usb 2-1: device descriptor read/64, error -71 [ 181.332749][ T7750] CPU: 1 UID: 0 PID: 7750 Comm: syz.3.624 Not tainted syzkaller #0 PREEMPT(full) [ 181.332773][ T7750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 181.332784][ T7750] Call Trace: [ 181.332792][ T7750] [ 181.332799][ T7750] dump_stack_lvl+0x189/0x250 [ 181.332825][ T7750] ? __pfx____ratelimit+0x10/0x10 [ 181.332845][ T7750] ? __pfx_dump_stack_lvl+0x10/0x10 [ 181.332865][ T7750] ? __pfx__printk+0x10/0x10 [ 181.332890][ T7750] ? __pfx___might_resched+0x10/0x10 [ 181.332907][ T7750] ? fs_reclaim_acquire+0x7d/0x100 [ 181.332928][ T7750] should_fail_ex+0x414/0x560 [ 181.332951][ T7750] should_failslab+0xa8/0x100 [ 181.332968][ T7750] __kmalloc_noprof+0xdf/0x800 [ 181.332988][ T7750] ? tomoyo_encode+0x28b/0x550 [ 181.333014][ T7750] tomoyo_encode+0x28b/0x550 [ 181.333039][ T7750] tomoyo_realpath_from_path+0x58d/0x5d0 [ 181.333070][ T7750] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 181.333091][ T7750] tomoyo_path_number_perm+0x1e8/0x5a0 [ 181.333115][ T7750] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 181.333171][ T7750] ? __fget_files+0x2a/0x420 [ 181.333194][ T7750] ? __fget_files+0x3a0/0x420 [ 181.333211][ T7750] ? __fget_files+0x2a/0x420 [ 181.333232][ T7750] security_file_ioctl+0xcb/0x2d0 [ 181.333253][ T7750] __se_sys_ioctl+0x47/0x170 [ 181.333280][ T7750] do_syscall_64+0xfa/0xfa0 [ 181.333300][ T7750] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.333316][ T7750] ? clear_bhb_loop+0x60/0xb0 [ 181.333336][ T7750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.333351][ T7750] RIP: 0033:0x7f71b518f749 [ 181.333366][ T7750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.333381][ T7750] RSP: 002b:00007f71b60f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 181.333400][ T7750] RAX: ffffffffffffffda RBX: 00007f71b53e5fa0 RCX: 00007f71b518f749 [ 181.333422][ T7750] RDX: 0000000000000000 RSI: 00000000c0306201 RDI: 0000000000000004 [ 181.333433][ T7750] RBP: 00007f71b60f9090 R08: 0000000000000000 R09: 0000000000000000 [ 181.333443][ T7750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 181.333454][ T7750] R13: 00007f71b53e6038 R14: 00007f71b53e5fa0 R15: 00007ffd3291ac28 [ 181.333485][ T7750] [ 181.333503][ T7750] ERROR: Out of memory at tomoyo_realpath_from_path. [ 181.352971][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 181.373315][ T10] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 181.465614][ T5829] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 181.590682][ T10] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 181.602570][ T10] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 181.614166][ T5927] usb 1-1: Using ep0 maxpacket: 32 [ 181.619859][ T10] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 181.636079][ T10] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 181.645461][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.653545][ T10] usb 3-1: Product: syz [ 181.659771][ T5927] usb 1-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 181.670446][ T5927] usb 1-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 181.682391][ T5927] usb 1-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 181.693544][ T10] usb 3-1: Manufacturer: syz [ 181.698552][ T10] usb 3-1: SerialNumber: syz [ 181.704778][ T5927] usb 1-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 181.725297][ T845] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 181.737442][ C0] imon 3-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 181.750298][ T10] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input15 [ 181.771967][ T5927] usb 1-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 181.785407][ T5927] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.798487][ T5927] usb 1-1: Product: syz [ 181.802719][ T5927] usb 1-1: Manufacturer: syz [ 181.807961][ T5927] usb 1-1: SerialNumber: syz [ 181.823340][ C0] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 181.835312][ T5927] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:155.0/input/input17 [ 181.872923][ T7757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.883515][ T7757] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.885450][ T845] usb 2-1: device descriptor read/64, error -71 [ 181.955336][ T10] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 181.963869][ T10] (id 0x00) [ 182.009604][ T845] usb usb2-port1: attempt power cycle [ 182.017380][ T10] rc_core: IR keymap rc-imon-pad not found [ 182.025129][ T10] Registered IR keymap rc-empty [ 182.030233][ T10] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 182.040810][ T10] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 182.065299][ T5927] imon 1-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 182.073616][ T5927] (id 0x00) [ 182.135349][ T5927] rc_core: IR keymap rc-imon-pad not found [ 182.141518][ T5927] Registered IR keymap rc-empty [ 182.149276][ T5927] imon 1-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 182.160104][ T10] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0 [ 182.170379][ T5927] imon 1-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 182.182687][ T10] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0/input16 [ 182.196996][ T10] imon 3-1:155.0: iMON device (15c2:ffdc, intf0) on usb<3:40> initialized [ 182.257056][ T5927] rc rc1: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:155.0/rc/rc1 [ 182.293955][ T5927] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:155.0/rc/rc1/input18 [ 182.319653][ T5927] imon 1-1:155.0: iMON device (15c2:ffdc, intf0) on usb<1:38> initialized [ 182.365413][ T845] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 182.385825][ T845] usb 2-1: device descriptor read/8, error -71 [ 182.405679][ T7760] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.435856][ T7760] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.451333][ T7739] imon:send_packet: packet tx failed (-71) [ 182.451418][ T55] usb 3-1: USB disconnect, device number 40 [ 182.495525][ T7739] imon:vfd_write: send packet #0 failed [ 182.503332][ T7744] imon:display_open: display port is already open [ 182.526578][ T5891] usb 1-1: USB disconnect, device number 38 [ 182.559217][ T30] kauditd_printk_skb: 38 callbacks suppressed [ 182.559233][ T30] audit: type=1326 audit(1763739858.552:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b518f749 code=0x7ffc0000 [ 182.594298][ T30] audit: type=1326 audit(1763739858.552:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f71b518f749 code=0x7ffc0000 [ 182.617139][ T30] audit: type=1326 audit(1763739858.552:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b518f749 code=0x7ffc0000 [ 182.643853][ T30] audit: type=1326 audit(1763739858.552:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f71b518f749 code=0x7ffc0000 [ 182.645477][ T845] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 182.682409][ T30] audit: type=1326 audit(1763739858.552:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b518f749 code=0x7ffc0000 [ 182.689027][ T845] usb 2-1: device descriptor read/8, error -71 [ 182.704878][ T30] audit: type=1326 audit(1763739858.552:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f71b518f749 code=0x7ffc0000 [ 182.738734][ T30] audit: type=1326 audit(1763739858.552:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b518f749 code=0x7ffc0000 [ 182.763760][ T30] audit: type=1326 audit(1763739858.552:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f71b518f749 code=0x7ffc0000 [ 182.789372][ T30] audit: type=1326 audit(1763739858.552:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b518f749 code=0x7ffc0000 [ 182.811633][ T30] audit: type=1326 audit(1763739858.552:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f71b518f749 code=0x7ffc0000 [ 182.816662][ T845] usb usb2-port1: unable to enumerate USB device [ 183.280832][ T7769] FAULT_INJECTION: forcing a failure. [ 183.280832][ T7769] name failslab, interval 1, probability 0, space 0, times 0 [ 183.293673][ T7769] CPU: 1 UID: 0 PID: 7769 Comm: syz.0.631 Not tainted syzkaller #0 PREEMPT(full) [ 183.293688][ T7769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 183.293694][ T7769] Call Trace: [ 183.293700][ T7769] [ 183.293706][ T7769] dump_stack_lvl+0x189/0x250 [ 183.293723][ T7769] ? __pfx____ratelimit+0x10/0x10 [ 183.293735][ T7769] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.293747][ T7769] ? __pfx__printk+0x10/0x10 [ 183.293762][ T7769] ? __pfx___might_resched+0x10/0x10 [ 183.293773][ T7769] ? fs_reclaim_acquire+0x7d/0x100 [ 183.293786][ T7769] should_fail_ex+0x414/0x560 [ 183.293802][ T7769] should_failslab+0xa8/0x100 [ 183.293814][ T7769] __kmalloc_noprof+0xdf/0x800 [ 183.293829][ T7769] ? tomoyo_encode+0x28b/0x550 [ 183.293846][ T7769] tomoyo_encode+0x28b/0x550 [ 183.293862][ T7769] tomoyo_realpath_from_path+0x58d/0x5d0 [ 183.293882][ T7769] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 183.293894][ T7769] tomoyo_path_number_perm+0x1e8/0x5a0 [ 183.293907][ T7769] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 183.293939][ T7769] ? __fget_files+0x2a/0x420 [ 183.293953][ T7769] ? __fget_files+0x3a0/0x420 [ 183.293963][ T7769] ? __fget_files+0x2a/0x420 [ 183.293976][ T7769] security_file_ioctl+0xcb/0x2d0 [ 183.293989][ T7769] __se_sys_ioctl+0x47/0x170 [ 183.294006][ T7769] do_syscall_64+0xfa/0xfa0 [ 183.294019][ T7769] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.294028][ T7769] ? clear_bhb_loop+0x60/0xb0 [ 183.294040][ T7769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.294050][ T7769] RIP: 0033:0x7f085e78f749 [ 183.294060][ T7769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.294068][ T7769] RSP: 002b:00007f085f6a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 183.294080][ T7769] RAX: ffffffffffffffda RBX: 00007f085e9e5fa0 RCX: 00007f085e78f749 [ 183.294087][ T7769] RDX: 0000000000000000 RSI: 0000000000006406 RDI: 0000000000000003 [ 183.294093][ T7769] RBP: 00007f085f6a3090 R08: 0000000000000000 R09: 0000000000000000 [ 183.294099][ T7769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.294136][ T7769] R13: 00007f085e9e6038 R14: 00007f085e9e5fa0 R15: 00007ffc14c5d278 [ 183.294152][ T7769] [ 183.294167][ T7769] ERROR: Out of memory at tomoyo_realpath_from_path. [ 183.591711][ T845] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 183.745296][ T845] usb 3-1: Using ep0 maxpacket: 32 [ 183.751911][ T845] usb 3-1: config 0 has an invalid interface number: 141 but max is 0 [ 183.761097][ T845] usb 3-1: config 0 has no interface number 0 [ 183.770417][ T845] usb 3-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice= d.65 [ 183.779582][ T845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.788182][ T845] usb 3-1: Product: syz [ 183.792475][ T845] usb 3-1: Manufacturer: syz [ 183.797183][ T845] usb 3-1: SerialNumber: syz [ 183.803937][ T845] usb 3-1: config 0 descriptor?? [ 183.811710][ T845] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 183.865382][ T5891] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 184.015307][ T5891] usb 1-1: Using ep0 maxpacket: 32 [ 184.022079][ T5891] usb 1-1: config 0 has an invalid interface number: 188 but max is 0 [ 184.030716][ T5891] usb 1-1: config 0 has no interface number 0 [ 184.036972][ T5891] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 184.051479][ T5891] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 184.061258][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.070148][ T5891] usb 1-1: Product: syz [ 184.074413][ T5891] usb 1-1: Manufacturer: syz [ 184.079124][ T5891] usb 1-1: SerialNumber: syz [ 184.086895][ T5891] usb 1-1: config 0 descriptor?? [ 184.092788][ T7778] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 184.305247][ T7778] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 184.381639][ T7784] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.390837][ T7784] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.418929][ T845] gspca_vc032x: reg_r err -71 [ 184.424655][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.432491][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.438331][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.443657][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.449070][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.454365][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.460123][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.465508][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.470805][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.477079][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.482412][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.489987][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.495595][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.501012][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.506512][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.511807][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.517230][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.522525][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.528193][ T845] gspca_vc032x: I2c Bus Busy Wait 00 [ 184.533492][ T845] gspca_vc032x: Unknown sensor... [ 184.538841][ T845] vc032x 3-1:0.141: probe with driver vc032x failed with error -22 [ 184.549433][ T845] usb 3-1: USB disconnect, device number 41 [ 185.037440][ T7792] : renamed from dummy0 (while UP) [ 185.043689][ T7794] FAULT_INJECTION: forcing a failure. [ 185.043689][ T7794] name failslab, interval 1, probability 0, space 0, times 0 [ 185.056902][ T7794] CPU: 0 UID: 0 PID: 7794 Comm: syz.1.641 Not tainted syzkaller #0 PREEMPT(full) [ 185.056926][ T7794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 185.056937][ T7794] Call Trace: [ 185.056945][ T7794] [ 185.056952][ T7794] dump_stack_lvl+0x189/0x250 [ 185.056977][ T7794] ? __pfx____ratelimit+0x10/0x10 [ 185.056997][ T7794] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.057016][ T7794] ? __pfx__printk+0x10/0x10 [ 185.057042][ T7794] ? __pfx___might_resched+0x10/0x10 [ 185.057061][ T7794] ? fs_reclaim_acquire+0x7d/0x100 [ 185.057083][ T7794] should_fail_ex+0x414/0x560 [ 185.057108][ T7794] should_failslab+0xa8/0x100 [ 185.057126][ T7794] __kmalloc_noprof+0xdf/0x800 [ 185.057145][ T7794] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 185.057169][ T7794] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 185.057192][ T7794] genl_family_rcv_msg_doit+0xb8/0x300 [ 185.057215][ T7794] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 185.057240][ T7794] ? apparmor_capable+0x137/0x1b0 [ 185.057258][ T7794] ? bpf_lsm_capable+0x9/0x20 [ 185.057274][ T7794] ? security_capable+0x7e/0x2e0 [ 185.057304][ T7794] genl_rcv_msg+0x60e/0x790 [ 185.057325][ T7794] ? __pfx_genl_rcv_msg+0x10/0x10 [ 185.057339][ T7794] ? ref_tracker_free+0x63a/0x7d0 [ 185.057359][ T7794] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 185.057380][ T7794] ? __pfx_nl80211_set_mcast_rate+0x10/0x10 [ 185.057397][ T7794] ? __pfx_nl80211_post_doit+0x10/0x10 [ 185.057418][ T7794] ? ____sys_sendmsg+0x505/0x870 [ 185.057433][ T7794] ? ___sys_sendmsg+0x21f/0x2a0 [ 185.057446][ T7794] ? __x64_sys_sendmsg+0x19b/0x260 [ 185.057461][ T7794] ? do_syscall_64+0xfa/0xfa0 [ 185.057479][ T7794] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.057506][ T7794] netlink_rcv_skb+0x208/0x470 [ 185.057522][ T7794] ? __lock_acquire+0xab9/0xd20 [ 185.057541][ T7794] ? __pfx_genl_rcv_msg+0x10/0x10 [ 185.057565][ T7794] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 185.057600][ T7794] ? down_read+0x1ad/0x2e0 [ 185.057624][ T7794] genl_rcv+0x28/0x40 [ 185.057643][ T7794] netlink_unicast+0x82f/0x9e0 [ 185.057674][ T7794] ? __pfx_netlink_unicast+0x10/0x10 [ 185.057699][ T7794] ? netlink_sendmsg+0x642/0xb30 [ 185.057714][ T7794] ? skb_put+0x11b/0x210 [ 185.057733][ T7794] netlink_sendmsg+0x805/0xb30 [ 185.057760][ T7794] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.057780][ T7794] ? aa_sock_msg_perm+0xf1/0x1d0 [ 185.057805][ T7794] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 185.057820][ T7794] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.057837][ T7794] __sock_sendmsg+0x21c/0x270 [ 185.057861][ T7794] ____sys_sendmsg+0x505/0x870 [ 185.057895][ T7794] ? __pfx_____sys_sendmsg+0x10/0x10 [ 185.057921][ T7794] ? import_iovec+0x74/0xa0 [ 185.057941][ T7794] ___sys_sendmsg+0x21f/0x2a0 [ 185.057961][ T7794] ? __pfx____sys_sendmsg+0x10/0x10 [ 185.058011][ T7794] ? __fget_files+0x2a/0x420 [ 185.058030][ T7794] ? __fget_files+0x3a0/0x420 [ 185.058059][ T7794] __x64_sys_sendmsg+0x19b/0x260 [ 185.058081][ T7794] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 185.058107][ T7794] ? __pfx_ksys_write+0x10/0x10 [ 185.058127][ T7794] ? do_syscall_64+0xbe/0xfa0 [ 185.058149][ T7794] do_syscall_64+0xfa/0xfa0 [ 185.058170][ T7794] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.058185][ T7794] ? clear_bhb_loop+0x60/0xb0 [ 185.058204][ T7794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.058220][ T7794] RIP: 0033:0x7faf3278f749 [ 185.058236][ T7794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.058249][ T7794] RSP: 002b:00007faf309ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 185.058268][ T7794] RAX: ffffffffffffffda RBX: 00007faf329e5fa0 RCX: 00007faf3278f749 [ 185.058280][ T7794] RDX: 000000000000c810 RSI: 0000200000000240 RDI: 0000000000000003 [ 185.058292][ T7794] RBP: 00007faf309ee090 R08: 0000000000000000 R09: 0000000000000000 [ 185.058302][ T7794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.058311][ T7794] R13: 00007faf329e6038 R14: 00007faf329e5fa0 R15: 00007fff110e2d28 [ 185.058341][ T7794] [ 185.632964][ T7804] FAULT_INJECTION: forcing a failure. [ 185.632964][ T7804] name failslab, interval 1, probability 0, space 0, times 0 [ 185.649042][ T7804] CPU: 1 UID: 0 PID: 7804 Comm: syz.1.647 Not tainted syzkaller #0 PREEMPT(full) [ 185.649065][ T7804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 185.649075][ T7804] Call Trace: [ 185.649082][ T7804] [ 185.649094][ T7804] dump_stack_lvl+0x189/0x250 [ 185.649118][ T7804] ? __pfx____ratelimit+0x10/0x10 [ 185.649143][ T7804] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.649164][ T7804] ? __pfx__printk+0x10/0x10 [ 185.649189][ T7804] ? __pfx___might_resched+0x10/0x10 [ 185.649204][ T7804] ? fs_reclaim_acquire+0x7d/0x100 [ 185.649218][ T7804] should_fail_ex+0x414/0x560 [ 185.649234][ T7804] should_failslab+0xa8/0x100 [ 185.649246][ T7804] __kvmalloc_node_noprof+0x175/0x910 [ 185.649257][ T7804] ? seq_read_iter+0x202/0xe20 [ 185.649270][ T7804] seq_read_iter+0x202/0xe20 [ 185.649280][ T7804] ? _parse_integer_limit+0x1ae/0x1f0 [ 185.649295][ T7804] ? __asan_memset+0x22/0x50 [ 185.649318][ T7804] seq_read+0x369/0x480 [ 185.649342][ T7804] ? __pfx_seq_read+0x10/0x10 [ 185.649357][ T7804] ? __debugfs_file_get+0x5dd/0x710 [ 185.649385][ T7804] ? __pfx___debugfs_file_get+0x10/0x10 [ 185.649409][ T7804] full_proxy_read+0x127/0x1f0 [ 185.649424][ T7804] ? __pfx_full_proxy_read+0x10/0x10 [ 185.649438][ T7804] vfs_read+0x200/0xa30 [ 185.649452][ T7804] ? fdget_pos+0x247/0x320 [ 185.649465][ T7804] ? __pfx___mutex_lock+0x10/0x10 [ 185.649477][ T7804] ? __pfx_vfs_read+0x10/0x10 [ 185.649492][ T7804] ? __fget_files+0x2a/0x420 [ 185.649505][ T7804] ? __fget_files+0x3a0/0x420 [ 185.649515][ T7804] ? __fget_files+0x2a/0x420 [ 185.649530][ T7804] ksys_read+0x145/0x250 [ 185.649545][ T7804] ? __pfx_ksys_read+0x10/0x10 [ 185.649560][ T7804] ? do_syscall_64+0xbe/0xfa0 [ 185.649573][ T7804] do_syscall_64+0xfa/0xfa0 [ 185.649584][ T7804] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.649594][ T7804] ? clear_bhb_loop+0x60/0xb0 [ 185.649605][ T7804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.649615][ T7804] RIP: 0033:0x7faf3278f749 [ 185.649625][ T7804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.649632][ T7804] RSP: 002b:00007faf309ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 185.649644][ T7804] RAX: ffffffffffffffda RBX: 00007faf329e5fa0 RCX: 00007faf3278f749 [ 185.649651][ T7804] RDX: 0000000000002068 RSI: 0000200000000340 RDI: 0000000000000003 [ 185.649657][ T7804] RBP: 00007faf309ee090 R08: 0000000000000000 R09: 0000000000000000 [ 185.649662][ T7804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.649668][ T7804] R13: 00007faf329e6038 R14: 00007faf329e5fa0 R15: 00007fff110e2d28 [ 185.649684][ T7804] [ 185.933610][ T5891] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 185.958993][ T5891] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 185.986537][ T5891] asix 1-1:0.188: probe with driver asix failed with error -71 [ 186.010885][ T5891] usb 1-1: USB disconnect, device number 39 [ 186.069695][ T7809] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 186.124182][ T7813] tipc: Started in network mode [ 186.129476][ T7813] tipc: Node identity , cluster identity 4711 [ 186.138168][ T7813] tipc: Failed to set node id, please configure manually [ 186.146401][ T7813] tipc: Enabling of bearer rejected, failed to enable media [ 186.191251][ T7815] netlink: 39 bytes leftover after parsing attributes in process `syz.2.652'. [ 186.209215][ T7816] netlink: 39 bytes leftover after parsing attributes in process `syz.2.652'. [ 186.283790][ T7822] FAULT_INJECTION: forcing a failure. [ 186.283790][ T7822] name failslab, interval 1, probability 0, space 0, times 0 [ 186.291636][ T7823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.655'. [ 186.302077][ T7822] CPU: 0 UID: 0 PID: 7822 Comm: syz.1.653 Not tainted syzkaller #0 PREEMPT(full) [ 186.302102][ T7822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 186.302113][ T7822] Call Trace: [ 186.302120][ T7822] [ 186.302129][ T7822] dump_stack_lvl+0x189/0x250 [ 186.302154][ T7822] ? __pfx____ratelimit+0x10/0x10 [ 186.302174][ T7822] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.302194][ T7822] ? __pfx__printk+0x10/0x10 [ 186.302220][ T7822] ? __pfx___might_resched+0x10/0x10 [ 186.302239][ T7822] ? fs_reclaim_acquire+0x7d/0x100 [ 186.302261][ T7822] should_fail_ex+0x414/0x560 [ 186.302287][ T7822] should_failslab+0xa8/0x100 [ 186.302308][ T7822] __kmalloc_noprof+0xdf/0x800 [ 186.302333][ T7822] ? tomoyo_encode+0x28b/0x550 [ 186.302362][ T7822] tomoyo_encode+0x28b/0x550 [ 186.302390][ T7822] tomoyo_realpath_from_path+0x58d/0x5d0 [ 186.302425][ T7822] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 186.302445][ T7822] tomoyo_path_number_perm+0x1e8/0x5a0 [ 186.302469][ T7822] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 186.302527][ T7822] ? __fget_files+0x2a/0x420 [ 186.302551][ T7822] ? __fget_files+0x3a0/0x420 [ 186.302569][ T7822] ? __fget_files+0x2a/0x420 [ 186.302592][ T7822] security_file_ioctl+0xcb/0x2d0 [ 186.302614][ T7822] __se_sys_ioctl+0x47/0x170 [ 186.302640][ T7822] do_syscall_64+0xfa/0xfa0 [ 186.302660][ T7822] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.302678][ T7822] ? clear_bhb_loop+0x60/0xb0 [ 186.302698][ T7822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.302715][ T7822] RIP: 0033:0x7faf3278f749 [ 186.302731][ T7822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 186.302745][ T7822] RSP: 002b:00007faf309cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 186.302764][ T7822] RAX: ffffffffffffffda RBX: 00007faf329e6090 RCX: 00007faf3278f749 [ 186.302776][ T7822] RDX: 0000200000000100 RSI: 00000000c0984124 RDI: 0000000000000005 [ 186.302787][ T7822] RBP: 00007faf309cd090 R08: 0000000000000000 R09: 0000000000000000 [ 186.302797][ T7822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 186.302808][ T7822] R13: 00007faf329e6128 R14: 00007faf329e6090 R15: 00007fff110e2d28 [ 186.302837][ T7822] [ 186.302858][ T7822] ERROR: Out of memory at tomoyo_realpath_from_path. [ 186.551953][ T7829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.566279][ T7829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.795373][ T981] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 186.925343][ T981] usb 1-1: device descriptor read/64, error -71 [ 186.955378][ T5927] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 187.107358][ T5927] usb 2-1: config 0 has an invalid interface number: 69 but max is 0 [ 187.116022][ T5927] usb 2-1: config 0 has no interface number 0 [ 187.122216][ T5927] usb 2-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 187.132410][ T5927] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 187.148609][ T5927] usb 2-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 187.157888][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.165971][ T5927] usb 2-1: Product: syz [ 187.170245][ T5927] usb 2-1: Manufacturer: syz [ 187.174832][ T5927] usb 2-1: SerialNumber: syz [ 187.176449][ T981] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 187.190787][ T5927] usb 2-1: config 0 descriptor?? [ 187.197183][ T7835] raw-gadget.5 gadget.1: fail, usb_ep_enable returned -22 [ 187.207206][ T5927] cyberjack 2-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 187.219172][ T5927] usb 2-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 187.315767][ T981] usb 1-1: device descriptor read/64, error -71 [ 187.383831][ T7841] FAULT_INJECTION: forcing a failure. [ 187.383831][ T7841] name failslab, interval 1, probability 0, space 0, times 0 [ 187.398784][ T7841] CPU: 0 UID: 0 PID: 7841 Comm: syz.2.669 Not tainted syzkaller #0 PREEMPT(full) [ 187.398808][ T7841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 187.398819][ T7841] Call Trace: [ 187.398827][ T7841] [ 187.398835][ T7841] dump_stack_lvl+0x189/0x250 [ 187.398860][ T7841] ? __pfx____ratelimit+0x10/0x10 [ 187.398881][ T7841] ? __pfx_dump_stack_lvl+0x10/0x10 [ 187.398905][ T7841] ? __pfx__printk+0x10/0x10 [ 187.398937][ T7841] ? __pfx___might_resched+0x10/0x10 [ 187.398963][ T7841] should_fail_ex+0x414/0x560 [ 187.398991][ T7841] should_failslab+0xa8/0x100 [ 187.399012][ T7841] __kmalloc_noprof+0xdf/0x800 [ 187.399037][ T7841] ? vb2_core_reqbufs+0x904/0x1420 [ 187.399065][ T7841] vb2_core_reqbufs+0x904/0x1420 [ 187.399108][ T7841] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 187.399138][ T7841] ? __kmalloc_cache_noprof+0x3e2/0x700 [ 187.399154][ T7841] ? vb2_fop_poll+0x2da/0x310 [ 187.399175][ T7841] ? __vb2_init_fileio+0x1e8/0xff0 [ 187.399205][ T7841] __vb2_init_fileio+0x318/0xff0 [ 187.399248][ T7841] vb2_core_poll+0x4c1/0x840 [ 187.399277][ T7841] vb2_fop_poll+0x193/0x310 [ 187.399300][ T7841] ? __fget_files+0x2a/0x420 [ 187.399338][ T7841] ? __pfx_vb2_fop_poll+0x10/0x10 [ 187.399368][ T7841] v4l2_poll+0x147/0x2c0 [ 187.399392][ T7841] ? __pfx_v4l2_poll+0x10/0x10 [ 187.399414][ T7841] do_sys_poll+0x8c9/0x1070 [ 187.399439][ T7841] ? do_sys_poll+0x3e1/0x1070 [ 187.399467][ T7841] ? __pfx_do_sys_poll+0x10/0x10 [ 187.399503][ T7841] ? __pfx_pollwake+0x10/0x10 [ 187.399525][ T7841] ? __pfx_pollwake+0x10/0x10 [ 187.399547][ T7841] ? __pfx_pollwake+0x10/0x10 [ 187.399568][ T7841] ? __pfx_pollwake+0x10/0x10 [ 187.399590][ T7841] ? __pfx_pollwake+0x10/0x10 [ 187.399612][ T7841] ? __pfx_pollwake+0x10/0x10 [ 187.399633][ T7841] ? __pfx_pollwake+0x10/0x10 [ 187.399656][ T7841] ? __pfx_pollwake+0x10/0x10 [ 187.399677][ T7841] ? __pfx_pollwake+0x10/0x10 [ 187.399696][ T7841] ? rcu_read_lock_any_held+0xb3/0x120 [ 187.399719][ T7841] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 187.399746][ T7841] ? vfs_write+0x956/0xb30 [ 187.399797][ T7841] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 187.399817][ T7841] ? set_user_sigmask+0xc7/0x1b0 [ 187.399836][ T7841] ? __pfx_set_user_sigmask+0x10/0x10 [ 187.399855][ T7841] ? __fget_files+0x3a0/0x420 [ 187.399883][ T7841] __se_sys_ppoll+0x1ff/0x260 [ 187.399905][ T7841] ? __pfx___se_sys_ppoll+0x10/0x10 [ 187.399929][ T7841] ? __pfx_ksys_write+0x10/0x10 [ 187.399950][ T7841] ? do_syscall_64+0xbe/0xfa0 [ 187.399968][ T7841] ? __x64_sys_ppoll+0x20/0xc0 [ 187.399989][ T7841] do_syscall_64+0xfa/0xfa0 [ 187.400010][ T7841] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.400027][ T7841] ? clear_bhb_loop+0x60/0xb0 [ 187.400048][ T7841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.400065][ T7841] RIP: 0033:0x7f77de18f749 [ 187.400083][ T7841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.400097][ T7841] RSP: 002b:00007f77df0f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 187.400117][ T7841] RAX: ffffffffffffffda RBX: 00007f77de3e5fa0 RCX: 00007f77de18f749 [ 187.400131][ T7841] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0 [ 187.400143][ T7841] RBP: 00007f77df0f4090 R08: 0000000000000000 R09: 0000000000000000 [ 187.400154][ T7841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 187.400164][ T7841] R13: 00007f77de3e6038 R14: 00007f77de3e5fa0 R15: 00007ffe31671f78 [ 187.400197][ T7841] [ 187.746106][ T981] usb usb1-port1: attempt power cycle [ 187.997265][ T7854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.015766][ T7854] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.060977][ T5891] usb 2-1: USB disconnect, device number 40 [ 188.082784][ T5891] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 188.111117][ T981] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 188.120572][ T5891] cyberjack 2-1:0.69: device disconnected [ 188.147407][ T981] usb 1-1: device descriptor read/8, error -71 [ 188.234739][ T7862] FAULT_INJECTION: forcing a failure. [ 188.234739][ T7862] name failslab, interval 1, probability 0, space 0, times 0 [ 188.247532][ T7862] CPU: 1 UID: 0 PID: 7862 Comm: syz.2.671 Not tainted syzkaller #0 PREEMPT(full) [ 188.247557][ T7862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 188.247566][ T7862] Call Trace: [ 188.247573][ T7862] [ 188.247584][ T7862] dump_stack_lvl+0x189/0x250 [ 188.247601][ T7862] ? __pfx____ratelimit+0x10/0x10 [ 188.247612][ T7862] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.247624][ T7862] ? __pfx__printk+0x10/0x10 [ 188.247639][ T7862] ? __pfx___might_resched+0x10/0x10 [ 188.247654][ T7862] should_fail_ex+0x414/0x560 [ 188.247669][ T7862] should_failslab+0xa8/0x100 [ 188.247682][ T7862] __kmalloc_noprof+0xdf/0x800 [ 188.247696][ T7862] ? __kasan_kmalloc+0x93/0xb0 [ 188.247706][ T7862] ? drm_atomic_state_init+0x9c/0x310 [ 188.247726][ T7862] drm_atomic_state_init+0x9c/0x310 [ 188.247740][ T7862] drm_atomic_state_alloc+0xbc/0x100 [ 188.247753][ T7862] drm_mode_atomic_ioctl+0x437/0xcb0 [ 188.247776][ T7862] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 188.247801][ T7862] ? do_raw_spin_unlock+0x122/0x240 [ 188.247817][ T7862] ? _raw_spin_unlock+0x28/0x50 [ 188.247828][ T7862] ? drm_is_current_master+0x19f/0x200 [ 188.247839][ T7862] drm_ioctl_kernel+0x2cf/0x390 [ 188.247851][ T7862] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 188.247865][ T7862] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 188.247881][ T7862] drm_ioctl+0x67f/0xb10 [ 188.247894][ T7862] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 188.247910][ T7862] ? __pfx_drm_ioctl+0x10/0x10 [ 188.247927][ T7862] ? __fget_files+0x3a0/0x420 [ 188.247938][ T7862] ? __fget_files+0x2a/0x420 [ 188.247951][ T7862] ? bpf_lsm_file_ioctl+0x9/0x20 [ 188.247961][ T7862] ? __pfx_drm_ioctl+0x10/0x10 [ 188.247971][ T7862] __se_sys_ioctl+0xfc/0x170 [ 188.247987][ T7862] do_syscall_64+0xfa/0xfa0 [ 188.247999][ T7862] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.248009][ T7862] ? clear_bhb_loop+0x60/0xb0 [ 188.248020][ T7862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.248030][ T7862] RIP: 0033:0x7f77de18f749 [ 188.248040][ T7862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.248048][ T7862] RSP: 002b:00007f77df0f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 188.248060][ T7862] RAX: ffffffffffffffda RBX: 00007f77de3e5fa0 RCX: 00007f77de18f749 [ 188.248067][ T7862] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000b [ 188.248074][ T7862] RBP: 00007f77df0f4090 R08: 0000000000000000 R09: 0000000000000000 [ 188.248080][ T7862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.248085][ T7862] R13: 00007f77de3e6038 R14: 00007f77de3e5fa0 R15: 00007ffe31671f78 [ 188.248101][ T7862] [ 188.584944][ T7866] FAULT_INJECTION: forcing a failure. [ 188.584944][ T7866] name failslab, interval 1, probability 0, space 0, times 0 [ 188.597825][ T7866] CPU: 0 UID: 0 PID: 7866 Comm: syz.2.673 Not tainted syzkaller #0 PREEMPT(full) [ 188.597840][ T7866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 188.597846][ T7866] Call Trace: [ 188.597851][ T7866] [ 188.597856][ T7866] dump_stack_lvl+0x189/0x250 [ 188.597874][ T7866] ? __pfx____ratelimit+0x10/0x10 [ 188.597886][ T7866] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.597897][ T7866] ? __pfx__printk+0x10/0x10 [ 188.597912][ T7866] ? __pfx___might_resched+0x10/0x10 [ 188.597922][ T7866] ? fs_reclaim_acquire+0x7d/0x100 [ 188.597935][ T7866] should_fail_ex+0x414/0x560 [ 188.597951][ T7866] should_failslab+0xa8/0x100 [ 188.597963][ T7866] __kmalloc_noprof+0xdf/0x800 [ 188.597978][ T7866] ? tomoyo_encode+0x28b/0x550 [ 188.597995][ T7866] tomoyo_encode+0x28b/0x550 [ 188.598011][ T7866] tomoyo_realpath_from_path+0x58d/0x5d0 [ 188.598030][ T7866] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 188.598042][ T7866] tomoyo_path_number_perm+0x1e8/0x5a0 [ 188.598056][ T7866] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 188.598087][ T7866] ? __fget_files+0x2a/0x420 [ 188.598101][ T7866] ? __fget_files+0x3a0/0x420 [ 188.598111][ T7866] ? __fget_files+0x2a/0x420 [ 188.598124][ T7866] security_file_ioctl+0xcb/0x2d0 [ 188.598137][ T7866] __se_sys_ioctl+0x47/0x170 [ 188.598153][ T7866] do_syscall_64+0xfa/0xfa0 [ 188.598165][ T7866] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.598176][ T7866] ? clear_bhb_loop+0x60/0xb0 [ 188.598189][ T7866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.598199][ T7866] RIP: 0033:0x7f77de18f749 [ 188.598208][ T7866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.598216][ T7866] RSP: 002b:00007f77df0f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 188.598233][ T7866] RAX: ffffffffffffffda RBX: 00007f77de3e5fa0 RCX: 00007f77de18f749 [ 188.598240][ T7866] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 188.598246][ T7866] RBP: 00007f77df0f4090 R08: 0000000000000000 R09: 0000000000000000 [ 188.598252][ T7866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.598258][ T7866] R13: 00007f77de3e6038 R14: 00007f77de3e5fa0 R15: 00007ffe31671f78 [ 188.598274][ T7866] [ 188.598290][ T7866] ERROR: Out of memory at tomoyo_realpath_from_path. [ 188.665336][ T981] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 188.668934][ T7866] binder_alloc: 7865: pid 7865 spamming oneway? 1 buffers allocated for a total size of 4096 [ 188.696000][ T981] usb 1-1: device descriptor read/8, error -71 [ 188.910759][ T7872] IPVS: set_ctl: invalid protocol: 135 172.20.20.136:532 [ 188.931831][ T7872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.941128][ T7872] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.975825][ T981] usb usb1-port1: unable to enumerate USB device [ 189.055362][ T5927] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 189.244652][ T5927] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 189.252598][ T5927] usb 3-1: can't read configurations, error -61 [ 189.317259][ T7883] binder_alloc: 7882: pid 7882 spamming oneway? 1 buffers allocated for a total size of 4096 [ 189.385399][ T5927] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 189.401743][ T7887] netlink: 64 bytes leftover after parsing attributes in process `syz.1.683'. [ 189.411365][ T7887] block nbd0: not configured, cannot reconfigure [ 189.417776][ T7887] FAULT_INJECTION: forcing a failure. [ 189.417776][ T7887] name failslab, interval 1, probability 0, space 0, times 0 [ 189.430587][ T7887] CPU: 1 UID: 0 PID: 7887 Comm: syz.1.683 Not tainted syzkaller #0 PREEMPT(full) [ 189.430605][ T7887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 189.430611][ T7887] Call Trace: [ 189.430616][ T7887] [ 189.430621][ T7887] dump_stack_lvl+0x189/0x250 [ 189.430637][ T7887] ? __pfx____ratelimit+0x10/0x10 [ 189.430649][ T7887] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.430660][ T7887] ? __pfx__printk+0x10/0x10 [ 189.430674][ T7887] ? __pfx___might_resched+0x10/0x10 [ 189.430685][ T7887] ? fs_reclaim_acquire+0x7d/0x100 [ 189.430698][ T7887] should_fail_ex+0x414/0x560 [ 189.430714][ T7887] should_failslab+0xa8/0x100 [ 189.430726][ T7887] kmem_cache_alloc_node_noprof+0x8c/0x710 [ 189.430742][ T7887] ? __alloc_skb+0x255/0x430 [ 189.430757][ T7887] ? napi_skb_cache_get+0x4a5/0x790 [ 189.430770][ T7887] ? napi_skb_cache_get+0x151/0x790 [ 189.430785][ T7887] __alloc_skb+0x255/0x430 [ 189.430800][ T7887] ? __pfx___alloc_skb+0x10/0x10 [ 189.430817][ T7887] ? netlink_ack_tlv_len+0x6c/0x210 [ 189.430828][ T7887] netlink_ack+0x146/0xa50 [ 189.430836][ T7887] ? __pfx_genl_rcv_msg+0x10/0x10 [ 189.430858][ T7887] netlink_rcv_skb+0x28c/0x470 [ 189.430866][ T7887] ? __lock_acquire+0xab9/0xd20 [ 189.430877][ T7887] ? __pfx_genl_rcv_msg+0x10/0x10 [ 189.430890][ T7887] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 189.430909][ T7887] ? down_read+0x1ad/0x2e0 [ 189.430923][ T7887] genl_rcv+0x28/0x40 [ 189.430937][ T7887] netlink_unicast+0x82f/0x9e0 [ 189.430968][ T7887] ? __pfx_netlink_unicast+0x10/0x10 [ 189.430993][ T7887] ? netlink_sendmsg+0x642/0xb30 [ 189.431008][ T7887] ? skb_put+0x11b/0x210 [ 189.431027][ T7887] netlink_sendmsg+0x805/0xb30 [ 189.431043][ T7887] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.431055][ T7887] ? aa_sock_msg_perm+0xf1/0x1d0 [ 189.431070][ T7887] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 189.431079][ T7887] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.431090][ T7887] __sock_sendmsg+0x21c/0x270 [ 189.431104][ T7887] ____sys_sendmsg+0x505/0x870 [ 189.431118][ T7887] ? __pfx_____sys_sendmsg+0x10/0x10 [ 189.431132][ T7887] ? import_iovec+0x74/0xa0 [ 189.431144][ T7887] ___sys_sendmsg+0x21f/0x2a0 [ 189.431155][ T7887] ? __pfx____sys_sendmsg+0x10/0x10 [ 189.431191][ T7887] ? __fget_files+0x2a/0x420 [ 189.431202][ T7887] ? __fget_files+0x3a0/0x420 [ 189.431218][ T7887] __x64_sys_sendmsg+0x19b/0x260 [ 189.431230][ T7887] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 189.431244][ T7887] ? __pfx_ksys_write+0x10/0x10 [ 189.431255][ T7887] ? do_syscall_64+0xbe/0xfa0 [ 189.431268][ T7887] do_syscall_64+0xfa/0xfa0 [ 189.431279][ T7887] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.431289][ T7887] ? clear_bhb_loop+0x60/0xb0 [ 189.431301][ T7887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.431310][ T7887] RIP: 0033:0x7faf3278f749 [ 189.431320][ T7887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.431328][ T7887] RSP: 002b:00007faf309ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 189.431339][ T7887] RAX: ffffffffffffffda RBX: 00007faf329e5fa0 RCX: 00007faf3278f749 [ 189.431347][ T7887] RDX: 0000000000004000 RSI: 0000200000000200 RDI: 0000000000000004 [ 189.431353][ T7887] RBP: 00007faf309ee090 R08: 0000000000000000 R09: 0000000000000000 [ 189.431359][ T7887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.431364][ T7887] R13: 00007faf329e6038 R14: 00007faf329e5fa0 R15: 00007fff110e2d28 [ 189.431380][ T7887] [ 189.840353][ T7889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 189.849141][ T7889] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 189.850975][ T5927] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 189.864869][ T5927] usb 3-1: can't read configurations, error -61 [ 189.900694][ T5927] usb usb3-port1: attempt power cycle [ 190.043039][ T7898] comedi comedi3: aio_aio12_8: I/O port conflict (0x4004f2a,32) [ 190.255375][ T5927] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 190.277624][ T5927] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 190.285488][ T5927] usb 3-1: can't read configurations, error -61 [ 190.415588][ T5927] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 190.438374][ T5927] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 190.455410][ T5927] usb 3-1: can't read configurations, error -61 [ 190.465911][ T5927] usb usb3-port1: unable to enumerate USB device [ 190.682190][ T7905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.691208][ T7905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.904377][ T7905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.916669][ T7905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 191.215382][ T5838] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 191.375270][ T5838] usb 1-1: Using ep0 maxpacket: 32 [ 191.381959][ T5838] usb 1-1: config 0 has an invalid interface number: 141 but max is 0 [ 191.390853][ T5838] usb 1-1: config 0 has no interface number 0 [ 191.399698][ T5838] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice= d.65 [ 191.408804][ T5838] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.416831][ T5838] usb 1-1: Product: syz [ 191.421091][ T5838] usb 1-1: Manufacturer: syz [ 191.425721][ T5838] usb 1-1: SerialNumber: syz [ 191.433853][ T5838] usb 1-1: config 0 descriptor?? [ 191.444056][ T5838] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 191.895368][ T981] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 192.045299][ T981] usb 2-1: Using ep0 maxpacket: 8 [ 192.052523][ T981] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 192.064585][ T5838] gspca_vc032x: reg_r err -71 [ 192.069343][ T981] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 192.078943][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.084234][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.089663][ T981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.097738][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.103063][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.109650][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.116688][ T981] usb 2-1: config 0 descriptor?? [ 192.121860][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.127419][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.132875][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.139760][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.145233][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.151085][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.158272][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.163605][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.168966][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.174272][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.179603][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.184904][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.192132][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.197545][ T5838] gspca_vc032x: I2c Bus Busy Wait 00 [ 192.202847][ T5838] gspca_vc032x: Unknown sensor... [ 192.208000][ T5838] vc032x 1-1:0.141: probe with driver vc032x failed with error -22 [ 192.218478][ T5838] usb 1-1: USB disconnect, device number 44 [ 192.334852][ T981] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 193.155583][ T7949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.165311][ T5927] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 193.167394][ T7949] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.208746][ T10] usb 2-1: USB disconnect, device number 41 [ 193.250444][ T7957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.270496][ T7957] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.286974][ T7957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.295942][ T7957] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.335260][ T5927] usb 3-1: Using ep0 maxpacket: 8 [ 193.355925][ T5927] usb 3-1: unable to get BOS descriptor or descriptor too short [ 193.364873][ T5927] usb 3-1: config 5 has an invalid interface number: 85 but max is 0 [ 193.377849][ T5927] usb 3-1: config 5 has no interface number 0 [ 193.383963][ T5927] usb 3-1: config 5 interface 85 has no altsetting 0 [ 193.394770][ T5927] usb 3-1: New USB device found, idVendor=0c45, idProduct=627c, bcdDevice=e8.b7 [ 193.405056][ T5927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.414448][ T5927] usb 3-1: Product: syz [ 193.420871][ T5927] usb 3-1: Manufacturer: syz [ 193.425619][ T5927] usb 3-1: SerialNumber: syz [ 193.503932][ T7968] FAULT_INJECTION: forcing a failure. [ 193.503932][ T7968] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 193.517369][ T7968] CPU: 1 UID: 0 PID: 7968 Comm: syz.1.712 Not tainted syzkaller #0 PREEMPT(full) [ 193.517394][ T7968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 193.517405][ T7968] Call Trace: [ 193.517413][ T7968] [ 193.517420][ T7968] dump_stack_lvl+0x189/0x250 [ 193.517446][ T7968] ? __pfx____ratelimit+0x10/0x10 [ 193.517466][ T7968] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.517487][ T7968] ? __pfx__printk+0x10/0x10 [ 193.517509][ T7968] ? fs_reclaim_acquire+0x7d/0x100 [ 193.517538][ T7968] should_fail_ex+0x414/0x560 [ 193.517566][ T7968] prepare_alloc_pages+0x22b/0x650 [ 193.517594][ T7968] __alloc_frozen_pages_noprof+0x123/0x370 [ 193.517618][ T7968] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 193.517647][ T7968] ? policy_nodemask+0x27c/0x720 [ 193.517666][ T7968] ? __lock_acquire+0xab9/0xd20 [ 193.517689][ T7968] alloc_pages_mpol+0x232/0x4a0 [ 193.517716][ T7968] alloc_pages_noprof+0xa9/0x190 [ 193.517738][ T7968] get_free_pages_noprof+0xf/0x80 [ 193.517757][ T7968] __kasan_populate_vmalloc+0x38/0x1d0 [ 193.517781][ T7968] ? do_raw_spin_unlock+0x122/0x240 [ 193.517810][ T7968] alloc_vmap_area+0xdca/0x1500 [ 193.517855][ T7968] ? __pfx_alloc_vmap_area+0x10/0x10 [ 193.517876][ T7968] ? __kasan_kmalloc+0x93/0xb0 [ 193.517897][ T7968] ? __get_vm_area_node+0x13f/0x300 [ 193.517918][ T7968] ? mod_objcg_mlstate+0x24/0x260 [ 193.517936][ T7968] ? copy_process+0x4ea/0x3950 [ 193.517956][ T7968] __get_vm_area_node+0x1f8/0x300 [ 193.517984][ T7968] __vmalloc_node_range_noprof+0x365/0x1640 [ 193.518011][ T7968] ? copy_process+0x4ea/0x3950 [ 193.518063][ T7968] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 193.518096][ T7968] ? memcpy_and_pad+0x48/0x80 [ 193.518120][ T7968] __vmalloc_node_noprof+0xc2/0x110 [ 193.518145][ T7968] ? copy_process+0x4ea/0x3950 [ 193.518168][ T7968] ? copy_process+0x4ea/0x3950 [ 193.518189][ T7968] dup_task_struct+0x228/0x9a0 [ 193.518208][ T7968] ? _raw_spin_unlock_irq+0x23/0x50 [ 193.518226][ T7968] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.518250][ T7968] copy_process+0x4ea/0x3950 [ 193.518296][ T7968] ? __pfx_copy_process+0x10/0x10 [ 193.518329][ T7968] vhost_task_create+0x1ce/0x320 [ 193.518351][ T7968] ? unwind_get_return_address+0x4d/0x90 [ 193.518371][ T7968] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 193.518393][ T7968] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 193.518414][ T7968] ? __pfx_vhost_task_create+0x10/0x10 [ 193.518446][ T7968] ? __pfx_vhost_task_fn+0x10/0x10 [ 193.518474][ T7968] ? stack_depot_save_flags+0x40/0x860 [ 193.518508][ T7968] kvm_mmu_post_init_vm+0x14c/0x300 [ 193.518538][ T7968] kvm_arch_vcpu_ioctl_run+0xdc/0x1cd0 [ 193.518563][ T7968] ? __mutex_trylock_common+0x153/0x260 [ 193.518589][ T7968] ? __pfx___mutex_trylock_common+0x10/0x10 [ 193.518612][ T7968] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 193.518630][ T7968] ? rcu_is_watching+0x15/0xb0 [ 193.518653][ T7968] ? trace_contention_end+0x39/0x120 [ 193.518675][ T7968] ? look_up_lock_class+0x74/0x170 [ 193.518697][ T7968] ? register_lock_class+0x51/0x320 [ 193.518722][ T7968] ? __lock_acquire+0xab9/0xd20 [ 193.518771][ T7968] kvm_vcpu_ioctl+0x99a/0xed0 [ 193.518801][ T7968] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 193.518848][ T7968] ? __fget_files+0x2a/0x420 [ 193.518872][ T7968] ? __fget_files+0x3a0/0x420 [ 193.518890][ T7968] ? __fget_files+0x2a/0x420 [ 193.518913][ T7968] ? bpf_lsm_file_ioctl+0x9/0x20 [ 193.518932][ T7968] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 193.518955][ T7968] __se_sys_ioctl+0xfc/0x170 [ 193.518982][ T7968] do_syscall_64+0xfa/0xfa0 [ 193.519003][ T7968] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.519020][ T7968] ? clear_bhb_loop+0x60/0xb0 [ 193.519041][ T7968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.519057][ T7968] RIP: 0033:0x7faf3278f749 [ 193.519075][ T7968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.519089][ T7968] RSP: 002b:00007faf309ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 193.519109][ T7968] RAX: ffffffffffffffda RBX: 00007faf329e5fa0 RCX: 00007faf3278f749 [ 193.519122][ T7968] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 193.519133][ T7968] RBP: 00007faf309ee090 R08: 0000000000000000 R09: 0000000000000000 [ 193.519144][ T7968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.519160][ T7968] R13: 00007faf329e6038 R14: 00007faf329e5fa0 R15: 00007fff110e2d28 [ 193.519192][ T7968] [ 193.519245][ T7968] syz.1.712: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 193.850210][ T5927] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:627c [ 193.852332][ T7968] ,cpuset= [ 193.868352][ T5927] gspca_sn9c20x: Write register 1000 failed -71 [ 193.894288][ T7968] /,mems_allowed=0-1 [ 193.994032][ T5927] gspca_sn9c20x: Device initialization failed [ 193.997441][ T7968] CPU: 1 UID: 0 PID: 7968 Comm: syz.1.712 Not tainted syzkaller #0 PREEMPT(full) [ 193.997467][ T7968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 193.997478][ T7968] Call Trace: [ 193.997485][ T7968] [ 193.997493][ T7968] dump_stack_lvl+0x189/0x250 [ 193.997520][ T7968] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 193.997541][ T7968] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.997562][ T7968] ? __pfx__printk+0x10/0x10 [ 193.997583][ T7968] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 193.997603][ T7968] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 193.997629][ T7968] warn_alloc+0x214/0x310 [ 193.997646][ T7968] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.997667][ T7968] ? __pfx_warn_alloc+0x10/0x10 [ 193.997681][ T7968] ? __get_vm_area_node+0x211/0x300 [ 193.997704][ T7968] ? __get_vm_area_node+0x13f/0x300 [ 193.997724][ T7968] ? mod_objcg_mlstate+0x24/0x260 [ 193.997746][ T7968] ? copy_process+0x4ea/0x3950 [ 193.997783][ T7968] ? __get_vm_area_node+0x211/0x300 [ 193.997813][ T7968] __vmalloc_node_range_noprof+0x38a/0x1640 [ 193.997874][ T7968] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 193.997907][ T7968] ? memcpy_and_pad+0x48/0x80 [ 193.997932][ T7968] __vmalloc_node_noprof+0xc2/0x110 [ 193.997956][ T7968] ? copy_process+0x4ea/0x3950 [ 193.997973][ T7968] ? copy_process+0x4ea/0x3950 [ 193.997993][ T7968] dup_task_struct+0x228/0x9a0 [ 193.998015][ T7968] ? _raw_spin_unlock_irq+0x23/0x50 [ 193.998033][ T7968] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.998060][ T7968] copy_process+0x4ea/0x3950 [ 193.998102][ T7968] ? __pfx_copy_process+0x10/0x10 [ 193.998144][ T7968] vhost_task_create+0x1ce/0x320 [ 193.998165][ T7968] ? unwind_get_return_address+0x4d/0x90 [ 193.998185][ T7968] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 193.998208][ T7968] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 193.998231][ T7968] ? __pfx_vhost_task_create+0x10/0x10 [ 193.998261][ T7968] ? __pfx_vhost_task_fn+0x10/0x10 [ 193.998288][ T7968] ? stack_depot_save_flags+0x40/0x860 [ 193.998321][ T7968] kvm_mmu_post_init_vm+0x14c/0x300 [ 193.998349][ T7968] kvm_arch_vcpu_ioctl_run+0xdc/0x1cd0 [ 193.998372][ T7968] ? __mutex_trylock_common+0x153/0x260 [ 193.998398][ T7968] ? __pfx___mutex_trylock_common+0x10/0x10 [ 193.998420][ T7968] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 193.998438][ T7968] ? rcu_is_watching+0x15/0xb0 [ 193.998464][ T7968] ? trace_contention_end+0x39/0x120 [ 193.998485][ T7968] ? look_up_lock_class+0x74/0x170 [ 193.998506][ T7968] ? register_lock_class+0x51/0x320 [ 193.998530][ T7968] ? __lock_acquire+0xab9/0xd20 [ 193.998577][ T7968] kvm_vcpu_ioctl+0x99a/0xed0 [ 193.998609][ T7968] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 193.998653][ T7968] ? __fget_files+0x2a/0x420 [ 193.998678][ T7968] ? __fget_files+0x3a0/0x420 [ 193.998696][ T7968] ? __fget_files+0x2a/0x420 [ 193.998719][ T7968] ? bpf_lsm_file_ioctl+0x9/0x20 [ 193.998738][ T7968] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 193.998760][ T7968] __se_sys_ioctl+0xfc/0x170 [ 193.998786][ T7968] do_syscall_64+0xfa/0xfa0 [ 193.998811][ T7968] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.998831][ T7968] ? clear_bhb_loop+0x60/0xb0 [ 193.998853][ T7968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.998868][ T7968] RIP: 0033:0x7faf3278f749 [ 193.998893][ T7968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.998907][ T7968] RSP: 002b:00007faf309ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 193.998928][ T7968] RAX: ffffffffffffffda RBX: 00007faf329e5fa0 RCX: 00007faf3278f749 [ 193.998941][ T7968] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 193.998951][ T7968] RBP: 00007faf309ee090 R08: 0000000000000000 R09: 0000000000000000 [ 193.998961][ T7968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.998975][ T7968] R13: 00007faf329e6038 R14: 00007faf329e5fa0 R15: 00007fff110e2d28 [ 193.999005][ T7968] [ 193.999758][ T7968] Mem-Info: [ 194.023759][ T5927] gspca_sn9c20x 3-1:5.85: probe with driver gspca_sn9c20x failed with error -71 [ 194.057662][ T7968] active_anon:5952 inactive_anon:0 isolated_anon:0 [ 194.057662][ T7968] active_file:12354 inactive_file:40382 isolated_file:0 [ 194.057662][ T7968] unevictable:768 dirty:417 writeback:0 [ 194.057662][ T7968] slab_reclaimable:10801 slab_unreclaimable:91384 [ 194.057662][ T7968] mapped:25717 shmem:1412 pagetables:1216 [ 194.057662][ T7968] sec_pagetables:0 bounce:0 [ 194.057662][ T7968] kernel_misc_reclaimable:0 [ 194.057662][ T7968] free:1330150 free_pcp:15966 free_cma:0 [ 194.065915][ T7974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.072854][ T7968] Node 0 active_anon:23908kB inactive_anon:0kB active_file:49416kB inactive_file:161324kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102868kB dirty:1664kB writeback:0kB shmem:4112kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11924kB pagetables:4824kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 194.078819][ T7974] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.082024][ T7968] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 194.100634][ T5927] usb 3-1: USB disconnect, device number 46 [ 194.134456][ T7968] Node 0 [ 194.181529][ T7973] netlink: 56 bytes leftover after parsing attributes in process `syz.0.713'. [ 194.181864][ T7968] DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 194.189632][ T7973] netlink: 12 bytes leftover after parsing attributes in process `syz.0.713'. [ 194.194073][ T7968] lowmem_reserve[]: [ 194.202086][ T7973] netlink: 31 bytes leftover after parsing attributes in process `syz.0.713'. [ 194.206011][ T7968] 0 [ 194.212051][ T7973] netlink: 'syz.0.713': attribute type 2 has an invalid length. [ 194.219473][ T7968] 2491 [ 194.224201][ T7973] netlink: 31 bytes leftover after parsing attributes in process `syz.0.713'. [ 194.229385][ T7968] 2492 [ 194.356467][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.396281][ T7968] 2492 [ 194.397179][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.465430][ T7968] 2492 [ 194.657656][ T7968] Node 0 DMA32 free:1420332kB boost:0kB min:34184kB low:42728kB high:51272kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24708kB inactive_anon:0kB active_file:49416kB inactive_file:161324kB unevictable:1536kB writepending:1664kB zspages:0kB present:3129332kB managed:2551448kB mlocked:0kB bounce:0kB free_pcp:41816kB local_pcp:20036kB free_cma:0kB [ 194.691741][ T7968] lowmem_reserve[]: 0 0 0 0 0 [ 194.696642][ T7968] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:620kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 194.795317][ T7968] lowmem_reserve[]: 0 0 0 0 0 [ 194.805648][ T7968] Node 1 Normal free:3884524kB boost:0kB min:55708kB low:69632kB high:83556kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19652kB local_pcp:8260kB free_cma:0kB [ 194.842882][ T7968] lowmem_reserve[]: 0 0 0 0 0 [ 194.848907][ T7968] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 194.864212][ T7968] Node 0 DMA32: 2023*4kB (UME) 1100*8kB (UM) 503*16kB (UME) 253*32kB (UM) 170*64kB (UME) 115*128kB (UME) 49*256kB (UM) 19*512kB (UM) 12*1024kB (UME) 2*2048kB (ME) 323*4096kB (UM) = 1420300kB [ 194.883951][ T7968] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 194.895964][ T7968] Node 1 Normal: 205*4kB (UME) 53*8kB (UME) 39*16kB (UME) 119*32kB (UME) 33*64kB (UME) 7*128kB (UME) 4*256kB (UME) 2*512kB (M) 3*1024kB (UME) 2*2048kB (UE) 944*4096kB (M) = 3884524kB [ 194.923928][ T7968] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 194.933905][ T7968] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 194.943538][ T7968] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 194.991384][ T7968] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 195.000924][ T7968] 54144 total pagecache pages [ 195.005819][ T7968] 1 pages in swap cache [ 195.009989][ T7968] Free swap = 124644kB [ 195.018611][ T7968] Total swap = 124996kB [ 195.023805][ T7968] 2097051 pages RAM [ 195.027890][ T7968] 0 pages HighMem/MovableOnly [ 195.052967][ T7968] 427419 pages reserved [ 195.063142][ T7968] 0 pages cma reserved [ 195.075453][ T6122] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 195.148314][ T7984] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.158455][ T7984] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.254823][ T6122] usb 3-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 195.275256][ T6122] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.283301][ T6122] usb 3-1: Product: syz [ 195.306579][ T6122] usb 3-1: Manufacturer: syz [ 195.311241][ T6122] usb 3-1: SerialNumber: syz [ 195.318807][ T6122] usb 3-1: config 0 descriptor?? [ 195.334822][ T6122] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 195.737541][ T6122] gspca_sq905c: sq905c_read: usb_control_msg failed (-71) [ 195.749383][ T6122] sq905c 3-1:0.0: Reading version command failed [ 195.759248][ T6122] sq905c 3-1:0.0: probe with driver sq905c failed with error -71 [ 195.770070][ T6122] usb 3-1: USB disconnect, device number 47 [ 195.809304][ T7999] FAULT_INJECTION: forcing a failure. [ 195.809304][ T7999] name failslab, interval 1, probability 0, space 0, times 0 [ 195.822697][ T7999] CPU: 0 UID: 0 PID: 7999 Comm: syz.3.722 Not tainted syzkaller #0 PREEMPT(full) [ 195.822723][ T7999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 195.822734][ T7999] Call Trace: [ 195.822742][ T7999] [ 195.822749][ T7999] dump_stack_lvl+0x189/0x250 [ 195.822776][ T7999] ? __pfx____ratelimit+0x10/0x10 [ 195.822795][ T7999] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.822817][ T7999] ? __pfx__printk+0x10/0x10 [ 195.822843][ T7999] ? __pfx___might_resched+0x10/0x10 [ 195.822861][ T7999] ? fs_reclaim_acquire+0x7d/0x100 [ 195.822884][ T7999] should_fail_ex+0x414/0x560 [ 195.822912][ T7999] should_failslab+0xa8/0x100 [ 195.822933][ T7999] __kmalloc_noprof+0xdf/0x800 [ 195.822957][ T7999] ? tomoyo_encode+0x28b/0x550 [ 195.822987][ T7999] tomoyo_encode+0x28b/0x550 [ 195.823016][ T7999] tomoyo_realpath_from_path+0x58d/0x5d0 [ 195.823050][ T7999] ? tomoyo_domain+0xd8/0x130 [ 195.823072][ T7999] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 195.823093][ T7999] tomoyo_path_number_perm+0x1e8/0x5a0 [ 195.823118][ T7999] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 195.823179][ T7999] ? __fget_files+0x2a/0x420 [ 195.823204][ T7999] ? __fget_files+0x3a0/0x420 [ 195.823223][ T7999] ? __fget_files+0x2a/0x420 [ 195.823246][ T7999] security_file_ioctl+0xcb/0x2d0 [ 195.823269][ T7999] __se_sys_ioctl+0x47/0x170 [ 195.823296][ T7999] do_syscall_64+0xfa/0xfa0 [ 195.823317][ T7999] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.823334][ T7999] ? clear_bhb_loop+0x60/0xb0 [ 195.823356][ T7999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.823372][ T7999] RIP: 0033:0x7f71b518f749 [ 195.823389][ T7999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.823403][ T7999] RSP: 002b:00007f71b60f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 195.823423][ T7999] RAX: ffffffffffffffda RBX: 00007f71b53e5fa0 RCX: 00007f71b518f749 [ 195.823436][ T7999] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 195.823447][ T7999] RBP: 00007f71b60f9090 R08: 0000000000000000 R09: 0000000000000000 [ 195.823459][ T7999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 195.823470][ T7999] R13: 00007f71b53e6038 R14: 00007f71b53e5fa0 R15: 00007ffd3291ac28 [ 195.823501][ T7999] [ 195.823523][ T7999] ERROR: Out of memory at tomoyo_realpath_from_path. [ 195.882564][ T8001] NILFS (nullb0): couldn't find nilfs on the device [ 195.910913][ T7999] kvm: pic: non byte read [ 195.926669][ T8001] NILFS (nullb0): couldn't find nilfs on the device [ 195.939078][ T7999] kvm: pic: non byte read [ 196.088295][ T7999] kvm: pic: non byte read [ 196.093418][ T7999] kvm: pic: single mode not supported [ 196.093490][ T7999] kvm: pic: non byte read [ 196.103669][ T7999] kvm: pic: non byte read [ 196.108891][ T7999] kvm: pic: single mode not supported [ 196.108989][ T7999] kvm: pic: non byte read [ 196.119183][ T7999] kvm: pic: non byte read [ 196.123772][ T7999] kvm: pic: single mode not supported [ 196.123933][ T7999] kvm: pic: level sensitive irq not supported [ 196.129695][ T7999] kvm: pic: non byte read [ 196.140465][ T7999] kvm: pic: non byte read [ 196.235356][ T5911] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 196.351912][ T8012] sg_write: data in/out 44713/14 bytes for SCSI command 0x0-- guessing data in; [ 196.351912][ T8012] program syz.2.727 not setting count and/or reply_len properly [ 196.399191][ T8012] binder: 8009:8012 ioctl 3309 0 returned -22 [ 196.405660][ T5911] usb 1-1: Using ep0 maxpacket: 32 [ 196.413259][ T8012] binder_alloc: 8009: pid 8009 spamming oneway? 1 buffers allocated for a total size of 4096 [ 196.424901][ T5911] usb 1-1: config 0 has an invalid interface number: 141 but max is 0 [ 196.433478][ T5832] Bluetooth: hci1: command 0x0406 tx timeout [ 196.433593][ T5832] Bluetooth: hci0: command 0x0406 tx timeout [ 196.456247][ T5911] usb 1-1: config 0 has no interface number 0 [ 196.475140][ T5911] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice= d.65 [ 196.499788][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.511272][ T5911] usb 1-1: Product: syz [ 196.520526][ T5911] usb 1-1: Manufacturer: syz [ 196.529728][ T5911] usb 1-1: SerialNumber: syz [ 196.576599][ T5911] usb 1-1: config 0 descriptor?? [ 196.597780][ T5911] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 196.658960][ T30] kauditd_printk_skb: 729 callbacks suppressed [ 196.658976][ T30] audit: type=1326 audit(1763739872.652:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8025 comm="syz.1.731" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faf3278f749 code=0x0 [ 196.863377][ T8035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.872641][ T981] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 196.877869][ T8035] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.035265][ T981] usb 3-1: Using ep0 maxpacket: 16 [ 197.044149][ T981] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 197.054154][ T981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.062218][ T981] usb 3-1: Product: syz [ 197.066516][ T981] usb 3-1: Manufacturer: syz [ 197.071786][ T981] usb 3-1: SerialNumber: syz [ 197.079694][ T981] usb 3-1: config 0 descriptor?? [ 197.190969][ T5911] gspca_vc032x: reg_r err -71 [ 197.195909][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.201287][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.206738][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.212054][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.217516][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.222843][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.228542][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.233849][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.239279][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.244600][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.250197][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.255525][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.260955][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.266404][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.271839][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.278109][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.283497][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.289244][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.294776][ T5911] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.300151][ T5911] gspca_vc032x: Unknown sensor... [ 197.307023][ T5911] vc032x 1-1:0.141: probe with driver vc032x failed with error -22 [ 197.317689][ T5911] usb 1-1: USB disconnect, device number 45 [ 197.493423][ T8039] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.502422][ T981] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 197.504531][ T8039] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.525949][ T981] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 197.541473][ T981] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 197.549855][ T981] usb 3-1: media controller created [ 197.555583][ T8039] ------------[ cut here ]------------ [ 197.561096][ T8039] usb 3-1: BOGUS control dir, pipe 80003080 doesn't match bRequestType c0 [ 197.566811][ T981] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 197.579135][ T8039] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x1572/0x1920, CPU#0: syz.3.737/8039 [ 197.590094][ T8039] Modules linked in: [ 197.594243][ T8039] CPU: 0 UID: 0 PID: 8039 Comm: syz.3.737 Not tainted syzkaller #0 PREEMPT(full) [ 197.605869][ T8039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 197.617047][ T8039] RIP: 0010:usb_submit_urb+0x1572/0x1920 [ 197.622705][ T8039] Code: ff df 0f b6 44 05 00 84 c0 0f 85 2d 03 00 00 45 0f b6 45 00 48 c7 c7 e0 06 34 8c 4c 89 fe 4c 89 e2 44 89 f1 e8 3f c3 7a fa 90 <0f> 0b 90 90 e9 09 fb ff ff 48 8b 4c 24 08 80 e1 07 80 c1 03 38 c1 [ 197.642765][ T8039] RSP: 0018:ffffc900036d75e0 EFLAGS: 00010246 [ 197.649339][ T8039] RAX: 69f5ea0a0f566400 RBX: ffff88807b2f4e00 RCX: ffff88802d481e80 [ 197.657941][ T8039] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 197.666376][ T8039] RBP: 1ffff11028451a4c R08: ffffffff8fbf8c77 R09: 1ffffffff1f7f18e [ 197.674451][ T8039] R10: dffffc0000000000 R11: fffffbfff1f7f18f R12: ffff888145fc95c0 [ 197.682491][ T8039] R13: ffff88814228d260 R14: 0000000080003080 R15: ffffffff8c3472c0 [ 197.690847][ T8039] FS: 00007f71b60f96c0(0000) GS:ffff888125a6f000(0000) knlGS:0000000000000000 [ 197.700210][ T8039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.706871][ T8039] CR2: 000055555847f808 CR3: 00000000347e4000 CR4: 00000000003526f0 [ 197.714862][ T8039] Call Trace: [ 197.718221][ T8039] [ 197.721177][ T8039] usb_start_wait_urb+0x115/0x4f0 [ 197.726261][ T8039] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 197.731837][ T8039] usb_control_msg+0x232/0x3e0 [ 197.736709][ T8039] dtv5100_i2c_msg+0x231/0x2f0 [ 197.741495][ T8039] dtv5100_i2c_xfer+0x1a4/0x3c0 [ 197.746429][ T8039] __i2c_transfer+0x874/0x2170 [ 197.751209][ T8039] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.756512][ T8039] ? __pfx___i2c_transfer+0x10/0x10 [ 197.761734][ T8039] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 197.767209][ T8039] ? i2c_transfer+0x120/0x3a0 [ 197.771899][ T8039] i2c_transfer+0x25b/0x3a0 [ 197.776461][ T8039] ? __pfx_i2c_transfer+0x10/0x10 [ 197.781499][ T8039] ? __might_fault+0xb0/0x130 [ 197.786241][ T8039] i2c_transfer_buffer_flags+0x105/0x190 [ 197.792334][ T8039] ? __pfx_i2c_transfer_buffer_flags+0x10/0x10 [ 197.798977][ T8039] ? _copy_from_user+0x94/0xb0 [ 197.803763][ T8039] i2cdev_write+0x113/0x1e0 [ 197.808330][ T8039] vfs_writev+0x4b6/0x960 [ 197.812684][ T8039] ? __pfx_i2cdev_write+0x10/0x10 [ 197.817801][ T8039] ? __pfx_vfs_writev+0x10/0x10 [ 197.822673][ T8039] ? __fget_files+0x2a/0x420 [ 197.825332][ T5911] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 197.827328][ T8039] ? __fget_files+0x3a0/0x420 [ 197.839547][ T8039] ? __fget_files+0x2a/0x420 [ 197.844143][ T8039] do_writev+0x14d/0x2d0 [ 197.848961][ T8039] ? __pfx_do_writev+0x10/0x10 [ 197.853738][ T8039] ? do_syscall_64+0xbe/0xfa0 [ 197.858488][ T8039] do_syscall_64+0xfa/0xfa0 [ 197.863008][ T8039] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.869129][ T8039] ? clear_bhb_loop+0x60/0xb0 [ 197.873824][ T8039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.880456][ T8039] RIP: 0033:0x7f71b518f749 [ 197.884895][ T8039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.905233][ T8039] RSP: 002b:00007f71b60f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 197.913801][ T8039] RAX: ffffffffffffffda RBX: 00007f71b53e5fa0 RCX: 00007f71b518f749 [ 197.922085][ T8039] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 0000000000000004 [ 197.930135][ T8039] RBP: 00007f71b60f9090 R08: 0000000000000000 R09: 0000000000000000 [ 197.938163][ T8039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.946221][ T8039] R13: 00007f71b53e6038 R14: 00007f71b53e5fa0 R15: 00007ffd3291ac28 [ 197.954228][ T8039] [ 197.957353][ T8039] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 197.964642][ T8039] CPU: 0 UID: 0 PID: 8039 Comm: syz.3.737 Not tainted syzkaller #0 PREEMPT(full) [ 197.973837][ T8039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 197.983899][ T8039] Call Trace: [ 197.987182][ T8039] [ 197.990119][ T8039] dump_stack_lvl+0x99/0x250 [ 197.994712][ T8039] ? __asan_memcpy+0x40/0x70 [ 197.999307][ T8039] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.004503][ T8039] ? __pfx__printk+0x10/0x10 [ 198.009098][ T8039] vpanic+0x237/0x6d0 [ 198.013074][ T8039] ? __pfx_vpanic+0x10/0x10 [ 198.017561][ T8039] ? is_bpf_text_address+0x292/0x2b0 [ 198.022837][ T8039] ? is_bpf_text_address+0x26/0x2b0 [ 198.028027][ T8039] panic+0xb9/0xc0 [ 198.031736][ T8039] ? __pfx_panic+0x10/0x10 [ 198.036153][ T8039] __warn+0x318/0x4d0 [ 198.040118][ T8039] ? usb_submit_urb+0x1572/0x1920 [ 198.045136][ T8039] ? usb_submit_urb+0x1572/0x1920 [ 198.050145][ T8039] report_bug+0x2be/0x4f0 [ 198.054476][ T8039] ? usb_submit_urb+0x1572/0x1920 [ 198.059505][ T8039] ? usb_submit_urb+0x1572/0x1920 [ 198.064539][ T8039] ? usb_submit_urb+0x1574/0x1920 [ 198.069573][ T8039] handle_bug+0x84/0x160 [ 198.073815][ T8039] exc_invalid_op+0x1a/0x50 [ 198.078313][ T8039] asm_exc_invalid_op+0x1a/0x20 [ 198.083154][ T8039] RIP: 0010:usb_submit_urb+0x1572/0x1920 [ 198.088775][ T8039] Code: ff df 0f b6 44 05 00 84 c0 0f 85 2d 03 00 00 45 0f b6 45 00 48 c7 c7 e0 06 34 8c 4c 89 fe 4c 89 e2 44 89 f1 e8 3f c3 7a fa 90 <0f> 0b 90 90 e9 09 fb ff ff 48 8b 4c 24 08 80 e1 07 80 c1 03 38 c1 [ 198.108377][ T8039] RSP: 0018:ffffc900036d75e0 EFLAGS: 00010246 [ 198.114460][ T8039] RAX: 69f5ea0a0f566400 RBX: ffff88807b2f4e00 RCX: ffff88802d481e80 [ 198.122423][ T8039] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 198.130380][ T8039] RBP: 1ffff11028451a4c R08: ffffffff8fbf8c77 R09: 1ffffffff1f7f18e [ 198.138339][ T8039] R10: dffffc0000000000 R11: fffffbfff1f7f18f R12: ffff888145fc95c0 [ 198.146304][ T8039] R13: ffff88814228d260 R14: 0000000080003080 R15: ffffffff8c3472c0 [ 198.154288][ T8039] usb_start_wait_urb+0x115/0x4f0 [ 198.159398][ T8039] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 198.164946][ T8039] usb_control_msg+0x232/0x3e0 [ 198.169701][ T8039] dtv5100_i2c_msg+0x231/0x2f0 [ 198.174458][ T8039] dtv5100_i2c_xfer+0x1a4/0x3c0 [ 198.179301][ T8039] __i2c_transfer+0x874/0x2170 [ 198.184058][ T8039] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.189373][ T8039] ? __pfx___i2c_transfer+0x10/0x10 [ 198.194567][ T8039] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 198.199931][ T8039] ? i2c_transfer+0x120/0x3a0 [ 198.204595][ T8039] i2c_transfer+0x25b/0x3a0 [ 198.209094][ T8039] ? __pfx_i2c_transfer+0x10/0x10 [ 198.214571][ T8039] ? __might_fault+0xb0/0x130 [ 198.219251][ T8039] i2c_transfer_buffer_flags+0x105/0x190 [ 198.224878][ T8039] ? __pfx_i2c_transfer_buffer_flags+0x10/0x10 [ 198.231019][ T8039] ? _copy_from_user+0x94/0xb0 [ 198.235782][ T8039] i2cdev_write+0x113/0x1e0 [ 198.240275][ T8039] vfs_writev+0x4b6/0x960 [ 198.244609][ T8039] ? __pfx_i2cdev_write+0x10/0x10 [ 198.249642][ T8039] ? __pfx_vfs_writev+0x10/0x10 [ 198.254506][ T8039] ? __fget_files+0x2a/0x420 [ 198.259096][ T8039] ? __fget_files+0x3a0/0x420 [ 198.263767][ T8039] ? __fget_files+0x2a/0x420 [ 198.268365][ T8039] do_writev+0x14d/0x2d0 [ 198.272603][ T8039] ? __pfx_do_writev+0x10/0x10 [ 198.277383][ T8039] ? do_syscall_64+0xbe/0xfa0 [ 198.282061][ T8039] do_syscall_64+0xfa/0xfa0 [ 198.286555][ T8039] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.292626][ T8039] ? clear_bhb_loop+0x60/0xb0 [ 198.297294][ T8039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.303174][ T8039] RIP: 0033:0x7f71b518f749 [ 198.307582][ T8039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.327176][ T8039] RSP: 002b:00007f71b60f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 198.335581][ T8039] RAX: ffffffffffffffda RBX: 00007f71b53e5fa0 RCX: 00007f71b518f749 [ 198.343590][ T8039] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 0000000000000004 [ 198.351574][ T8039] RBP: 00007f71b60f9090 R08: 0000000000000000 R09: 0000000000000000 [ 198.359545][ T8039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.367508][ T8039] R13: 00007f71b53e6038 R14: 00007f71b53e5fa0 R15: 00007ffd3291ac28 [ 198.375527][ T8039] [ 198.378921][ T8039] Kernel Offset: disabled [ 198.383236][ T8039] Rebooting in 86400 seconds..