last executing test programs: 4.032597615s ago: executing program 0 (id=2281): mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000040)=0x2, 0x4) 3.934309493s ago: executing program 0 (id=2283): ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) r0 = memfd_create(0x0, 0x1) fsetxattr$security_ima(r0, 0x0, 0x0, 0x0, 0x0) write$binfmt_script(r0, 0x0, 0x0) execveat(r0, 0x0, 0x0, 0x0, 0x1000) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f0000000080)={0x1, 0x8}, 0x2) mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='romfs\x00', 0x5, 0x0) 3.868730293s ago: executing program 0 (id=2285): mkdir(0x0, 0x0) ioctl$TCGETS(0xffffffffffffffff, 0x5401, 0x0) unshare(0x400) lseek(0xffffffffffffffff, 0x7fffffffffffffff, 0x0) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) getsockopt(0xffffffffffffffff, 0x200000000114, 0x271a, 0xffffffffffffffff, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x2, 0x5, 0x8, 0x5, 0x5, 0x4, 0x7, 0x5cc6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x200, 0x6ac, 0x89, 0xcaa3, 0xffffffff, 0x9, 0x3, 0xe64, 0x3, 0x8, 0x4083, 0x800000, 0xfffffff8]}) 3.781943391s ago: executing program 0 (id=2288): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9e, 0x17, 0x36, 0x10, 0x17ef, 0x721e, 0xde06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 3.322171063s ago: executing program 2 (id=2292): setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x28000054) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10004, 0x0, 0x4002004c4, 0x8, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0}) bind$alg(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d8100"], 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.075406197s ago: executing program 2 (id=2303): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, 0x0) 2.009984351s ago: executing program 2 (id=2304): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x36) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f0000006300)={0x2020}, 0x2020) utimes(&(0x7f0000000240)='./file0\x00', 0x0) creat(&(0x7f00000001c0)='./file0\x00', 0x8) close_range(r0, 0xffffffffffffffff, 0x0) 1.883684951s ago: executing program 2 (id=2305): r0 = syz_open_dev$vim2m(&(0x7f0000000300), 0x41ffffffffffc, 0x2) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040)) add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x800000000000004}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x2004cb], 0x0, 0x202}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f0000000000)={0x10, 0x0, "e476ef4c9f1992bb9e81e665a36ddccc"}) socket$packet(0x11, 0x2, 0x300) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010003000000ff1c1b1f1c4000010203010902240001010800fe09040000020301025f09210800060122cb0f09058103ff03"], 0x0) r2 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb10000000010200090502"], 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000400)={0x14, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xc38, &(0x7f0000000200)=ANY=[]) 1.815012131s ago: executing program 3 (id=2308): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x101}, 0x18) r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0}) 1.76056656s ago: executing program 3 (id=2309): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000140)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0xffffffffffffffff, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x1, 0x0, 0x100000000004, 0x0, 0x0, 0x2, 0x7fffffff], 0x80a0000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.711090267s ago: executing program 3 (id=2310): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000340)=""/177, 0xb1, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000001900)=""/4096, 0x1000, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg(r0, &(0x7f0000000540)={0x1, {&(0x7f0000000040)=""/62, 0x3e, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f00000006c0)={0x2, 0x0, {&(0x7f0000000600)=""/17, 0x11, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000400)={0x2, 0x0, {&(0x7f0000000480)=""/185, 0xb9, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000280)=""/184, 0x2562bac182d8b35a, 0x0, 0x2, 0x3}}, 0x48) 1.710557014s ago: executing program 3 (id=2311): open$dir(0x0, 0x46100, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x1000001, 0x6100) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='pids.events\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000840)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xe, 0x48dd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac100875397bdb22d0000b420a1a93c9e01177d3d058dd4992861ac00", "90be8b1c551265006c7f306003d8a0f4bd0000000000e8ff00", [0x0, 0x2000000000001]}}) 1.647113721s ago: executing program 3 (id=2312): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x4d9, 0xa0c2, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x3, 0x3, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x3, 0x8, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, &(0x7f0000000240)={0x14, &(0x7f0000000280)=ANY=[@ANYBLOB='@\t#'], 0x0}, 0x0) 1.494826709s ago: executing program 4 (id=2315): socket$packet(0x11, 0x2, 0x300) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002, 0x2000}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x22004001, &(0x7f0000000180)={0xa, 0x2, 0x3, @empty}, 0x1c) sendto$inet6(r1, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) syz_usb_connect(0x0, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001b3ebd40d80483009c0001020301090229"], 0x0) splice(r1, 0x0, r0, 0x0, 0x406f413, 0x0) 780.872847ms ago: executing program 1 (id=2319): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = eventfd2(0x0, 0x0) io_setup(0x81, &(0x7f0000000400)=0x0) read$eventfd(r2, &(0x7f0000000000), 0x8) io_submit(r3, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1fd, r2, 0x0, 0x0, 0x0, 0x0, 0x1, r2}]) pipe(0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1) 768.875796ms ago: executing program 0 (id=2320): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000100)=ANY=[@ANYBLOB="e4050000160001000000000000000000e0000001000000000006000000000000fe88000000000000000000000000000100000100"/64, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000010000000033000000fc02000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000200001f09000000000000000700000091230000ab0002006374722d6165732d636500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018030000cb8e892a23aa1faff0ca08bcbcbdbc09e75ff9da23961c863111c13df0946d7a81e1c2b09c76fcf63fb2c652f7b14ba657fcd70fd3f77a374e34293d4ba244e3cf40159c91ce8cdc34e3a34ab610b6850258e91a237498beb1255d172c7cc2954e098900050019006c00000034011100fe880000000000000000000000000001fc010000000000000000000000000000ff010000000000000000000000000001"], 0x5e4}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="2c0000002c000100000000000000000004000080040012"], 0x2c}], 0x1}, 0x0) 732.290609ms ago: executing program 0 (id=2321): r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000200)="4e9e", 0x2}], 0x1, 0x0, 0x0, 0x804c080}, 0x4000891) 594.232396ms ago: executing program 1 (id=2322): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) fsetxattr(r0, &(0x7f0000000400)=@random={'os2.', '\xf4)\x00'}, 0x0, 0x0, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00'}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=@bridge_dellink={0x34, 0x13, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x5, 0x0, 0x1, {0xc, 0x1, 0x0, 0x1, [{0x8, 0x1}]}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x48011}, 0x20000000) 593.778998ms ago: executing program 1 (id=2323): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000002c0)={0xc, r1}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000}) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000ff2f"]) 571.100211ms ago: executing program 1 (id=2324): syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000200)=ANY=[@ANYRES32=r0]) 515.676915ms ago: executing program 1 (id=2325): ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x55, 0x6fc2, 0x0, {0x6000, 0x1}, {0x50, 0x2}, @ramp={0x570, 0x651d, {0x2, 0x0, 0x9, 0x180}}}) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x12d8) r1 = epoll_create1(0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x804, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fchdir(r2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0xa0000001}) epoll_wait(r1, &(0x7f0000000380)=[{}], 0x2, 0x1000) 438.170346ms ago: executing program 1 (id=2326): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f000000040b2100000095f5758483"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) read$hiddev(r1, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, &(0x7f0000000300)={0x20, 0xe, 0x1, '\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$HIDIOCSFLAG(r1, 0x4004480f, 0x0) 197.619543ms ago: executing program 4 (id=2327): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x1, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100, 0x0, 0x0}) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0x5, 0x8169, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0x9, 0x1, 0xc}) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r1, 0xc00464b4, &(0x7f0000000200)={r2}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4}) 165.128729ms ago: executing program 2 (id=2328): mount(&(0x7f0000000100)=@nullb, 0x0, &(0x7f0000000300)='romfs\x00', 0x5, 0x0) 142.733496ms ago: executing program 4 (id=2329): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) connect$bt_sco(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) 140.838209ms ago: executing program 2 (id=2330): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9e, 0x17, 0x36, 0x10, 0x17ef, 0x721e, 0xde06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 91.924642ms ago: executing program 4 (id=2331): socket(0x10, 0x3, 0x0) setrlimit(0x7, 0x0) syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) 89.775147ms ago: executing program 4 (id=2332): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r1}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d6fe682c6100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000f60004"], 0x20000600}}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) sendmsg$can_bcm(r0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x24044081) 2.342058ms ago: executing program 4 (id=2333): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xfffff000, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 0s ago: executing program 3 (id=2334): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000300)={0x18, 0x0, 0x0, {0xfffffffffffffffa}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x0, &(0x7f0000000280)}) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@posixacl}]}}) kernel console output (not intermixed with test programs): rsing attributes in process `syz.0.1559'. [ 372.716898][T11747] syz.0.1559: attempt to access beyond end of device [ 372.716898][T11747] nbd0: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 372.733036][ T30] audit: type=1400 audit(2000000008.430:731): avc: denied { mounton } for pid=11731 comm="syz.0.1559" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 372.756771][ C0] vkms_vblank_simulate: vblank timer overrun [ 372.765577][T11747] hfsplus: unable to find HFS+ superblock [ 372.781708][T11742] tipc: Enabled bearer , priority 10 [ 372.840862][ T24] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 372.992645][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 373.001459][ T24] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 373.020883][ T5894] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 373.033282][ T24] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 373.089463][ T24] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 373.106636][ T24] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 373.138142][ T24] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 373.157098][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.170825][ T5894] usb 2-1: Using ep0 maxpacket: 32 [ 373.184332][ T5894] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 373.196298][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.207123][ T5894] usb 2-1: Product: syz [ 373.215627][ T5894] usb 2-1: Manufacturer: syz [ 373.224709][ T5894] usb 2-1: SerialNumber: syz [ 373.243523][ T5894] usb 2-1: config 0 descriptor?? [ 373.248450][ T5894] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 373.402799][ T24] usb 3-1: GET_CAPABILITIES returned 0 [ 373.428216][ T24] usbtmc 3-1:16.0: can't read capabilities [ 373.447022][ T5894] gspca_topro: reg_w err -71 [ 373.484697][ T5894] gspca_topro: Sensor soi763a [ 373.506789][ T5894] usb 2-1: USB disconnect, device number 38 [ 373.780743][ T840] usb 1-1: new low-speed USB device number 31 using dummy_hcd [ 373.795074][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.804199][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.813298][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.822373][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.831414][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.840444][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.851566][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.860675][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.869731][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.878781][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.887835][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.899127][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.902533][ T5894] tipc: Node number set to 3987966288 [ 373.908219][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.922958][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.932065][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.941147][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 373.965575][ T5894] usb 3-1: USB disconnect, device number 32 [ 373.982030][ T840] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 373.990040][ T840] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 374.019760][ T840] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 374.063721][ T840] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 374.115096][ T840] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 374.129013][ T840] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 374.209960][ T840] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 374.221295][ T840] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 374.233192][ T840] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 374.244418][ T840] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 374.256637][ T840] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 374.264189][ T840] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 374.600900][ T840] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 374.612652][ T840] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 374.639933][ T840] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 374.654515][ T840] usb 1-1: string descriptor 0 read error: -22 [ 374.661955][ T840] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 374.674350][ T840] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.712677][ T840] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 374.913838][ T24] usb 1-1: USB disconnect, device number 31 [ 375.688807][T11833] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1577'. [ 375.698600][T11833] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 375.718873][ T30] audit: type=1400 audit(2000000011.420:732): avc: denied { bind } for pid=11826 comm="syz.3.1575" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 376.103808][ T30] audit: type=1800 audit(2000000011.820:733): pid=11840 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.1577" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 376.270750][ T840] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 376.581700][ T840] usb 4-1: Using ep0 maxpacket: 8 [ 376.589072][ T840] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 376.599263][ T840] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 376.610445][T11854] program syz.1.1582 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 376.610969][ T840] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 376.629886][ T3020] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7 [ 376.640800][ T840] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 376.654454][ T840] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 376.690307][ T840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.110811][ T840] usb 4-1: GET_CAPABILITIES returned 0 [ 377.184412][ T840] usbtmc 4-1:16.0: can't read capabilities [ 377.424521][ T840] usb 4-1: USB disconnect, device number 31 [ 377.516721][T11866] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1585'. [ 377.978453][T11871] FAULT_INJECTION: forcing a failure. [ 377.978453][T11871] name failslab, interval 1, probability 0, space 0, times 0 [ 377.991206][T11871] CPU: 1 UID: 0 PID: 11871 Comm: syz.4.1587 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 377.991233][T11871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 377.991243][T11871] Call Trace: [ 377.991249][T11871] [ 377.991255][T11871] dump_stack_lvl+0x16c/0x1f0 [ 377.991278][T11871] should_fail_ex+0x512/0x640 [ 377.991292][T11871] should_failslab+0xc2/0x120 [ 377.991305][T11871] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 377.991316][T11871] ? skb_clone+0x190/0x3f0 [ 377.991328][T11871] skb_clone+0x190/0x3f0 [ 377.991339][T11871] pfkey_process+0xc6/0x840 [ 377.991351][T11871] ? rcu_is_watching+0x12/0xc0 [ 377.991366][T11871] ? __pfx_pfkey_process+0x10/0x10 [ 377.991377][T11871] ? __mutex_lock+0x1c4/0x10b0 [ 377.991395][T11871] pfkey_sendmsg+0x435/0x850 [ 377.991408][T11871] ____sys_sendmsg+0xa98/0xc70 [ 377.991424][T11871] ? copy_msghdr_from_user+0x10a/0x160 [ 377.991440][T11871] ? __pfx_____sys_sendmsg+0x10/0x10 [ 377.991463][T11871] ? __pfx__kstrtoull+0x10/0x10 [ 377.991479][T11871] ___sys_sendmsg+0x134/0x1d0 [ 377.991493][T11871] ? __pfx____sys_sendmsg+0x10/0x10 [ 377.991506][T11871] ? rcu_is_watching+0x12/0xc0 [ 377.991523][T11871] __sys_sendmmsg+0x200/0x420 [ 377.991534][T11871] ? __pfx___sys_sendmmsg+0x10/0x10 [ 377.991547][T11871] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 377.991561][T11871] ? fput+0x9b/0xd0 [ 377.991575][T11871] ? ksys_write+0x1ac/0x250 [ 377.991586][T11871] ? __pfx_ksys_write+0x10/0x10 [ 377.991597][T11871] __x64_sys_sendmmsg+0x9c/0x100 [ 377.991607][T11871] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 377.991621][T11871] do_syscall_64+0xcd/0x4c0 [ 377.991633][T11871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.991644][T11871] RIP: 0033:0x7f1f0798ebe9 [ 377.991652][T11871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.991663][T11871] RSP: 002b:00007f1f0872a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 377.991674][T11871] RAX: ffffffffffffffda RBX: 00007f1f07bb5fa0 RCX: 00007f1f0798ebe9 [ 377.991681][T11871] RDX: 000000000400008a RSI: 0000200000000180 RDI: 0000000000000003 [ 377.991687][T11871] RBP: 00007f1f0872a090 R08: 0000000000000000 R09: 0000000000000000 [ 377.991693][T11871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 377.991699][T11871] R13: 00007f1f07bb6038 R14: 00007f1f07bb5fa0 R15: 00007ffca127d6e8 [ 377.991709][T11871] [ 378.507912][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.514311][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.980098][T11887] program syz.4.1593 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 379.369034][T11900] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1595'. [ 379.616685][T11905] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1596'. [ 380.056325][T11909] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1598'. [ 380.182347][T11913] openvswitch: netlink: Missing valid actions attribute. [ 380.189483][T11913] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 380.363675][T11914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1597'. [ 380.434795][T11916] fuse: Bad value for 'group_id' [ 380.444460][T11916] fuse: Bad value for 'group_id' [ 380.507278][T11916] openvswitch: netlink: Multiple metadata blocks provided [ 380.582375][ T30] audit: type=1400 audit(2000000016.310:734): avc: denied { read write } for pid=11924 comm="syz.2.1602" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 380.610653][ T30] audit: type=1400 audit(2000000016.310:735): avc: denied { open } for pid=11924 comm="syz.2.1602" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 380.795693][T11929] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 380.809252][T11929] FAULT_INJECTION: forcing a failure. [ 380.809252][T11929] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 380.822348][T11929] CPU: 1 UID: 0 PID: 11929 Comm: syz.2.1602 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 380.822375][T11929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 380.822385][T11929] Call Trace: [ 380.822392][T11929] [ 380.822399][T11929] dump_stack_lvl+0x16c/0x1f0 [ 380.822421][T11929] should_fail_ex+0x512/0x640 [ 380.822443][T11929] _copy_from_user+0x2e/0xd0 [ 380.822466][T11929] video_usercopy+0xedd/0x1720 [ 380.822486][T11929] ? __pfx___video_do_ioctl+0x10/0x10 [ 380.822502][T11929] ? __pfx_video_usercopy+0x10/0x10 [ 380.822518][T11929] ? rcu_is_watching+0x12/0xc0 [ 380.822543][T11929] ? __pfx_video_ioctl2+0x10/0x10 [ 380.822559][T11929] ? v4l2_ioctl+0x15d/0x250 [ 380.822577][T11929] v4l2_ioctl+0x1bd/0x250 [ 380.822591][T11929] ? __pfx_v4l2_ioctl+0x10/0x10 [ 380.822607][T11929] __x64_sys_ioctl+0x18b/0x210 [ 380.822633][T11929] do_syscall_64+0xcd/0x4c0 [ 380.822652][T11929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.822670][T11929] RIP: 0033:0x7f022a38ebe9 [ 380.822684][T11929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.822702][T11929] RSP: 002b:00007f022b19e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 380.822721][T11929] RAX: ffffffffffffffda RBX: 00007f022a5b6180 RCX: 00007f022a38ebe9 [ 380.822733][T11929] RDX: 00002000000002c0 RSI: 00000000c028564e RDI: 0000000000000009 [ 380.822744][T11929] RBP: 00007f022b19e090 R08: 0000000000000000 R09: 0000000000000000 [ 380.822754][T11929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 380.822765][T11929] R13: 00007f022a5b6218 R14: 00007f022a5b6180 R15: 00007ffdc8804bd8 [ 380.822782][T11929] [ 381.015326][ T30] audit: type=1400 audit(2000000016.730:736): avc: denied { ioctl } for pid=11920 comm="syz.3.1601" path="socket:[35104]" dev="sockfs" ino=35104 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 381.102970][T11930] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 381.102970][T11930] The task syz.3.1601 (11930) triggered the difference, watch for misbehavior. [ 381.656260][T11944] Bluetooth: hci2: Opcode 0x0401 failed: -22 [ 381.787227][T11949] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1609'. [ 382.118968][ T30] audit: type=1400 audit(2000000017.840:737): avc: denied { write } for pid=11955 comm="syz.1.1612" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 382.276299][ T30] audit: type=1400 audit(2000000017.990:738): avc: denied { ioctl } for pid=11953 comm="syz.4.1611" path="socket:[35267]" dev="sockfs" ino=35267 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 383.495037][T11984] FAULT_INJECTION: forcing a failure. [ 383.495037][T11984] name failslab, interval 1, probability 0, space 0, times 0 [ 383.511792][T11984] CPU: 0 UID: 0 PID: 11984 Comm: syz.2.1623 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 383.511821][T11984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 383.511832][T11984] Call Trace: [ 383.511837][T11984] [ 383.511844][T11984] dump_stack_lvl+0x16c/0x1f0 [ 383.511868][T11984] should_fail_ex+0x512/0x640 [ 383.511890][T11984] should_failslab+0xc2/0x120 [ 383.511911][T11984] __kmalloc_cache_noprof+0x6a/0x3e0 [ 383.511937][T11984] ? alloc_fs_context+0x57/0x9c0 [ 383.511959][T11984] alloc_fs_context+0x57/0x9c0 [ 383.511982][T11984] __x64_sys_fsopen+0xeb/0x240 [ 383.512005][T11984] do_syscall_64+0xcd/0x4c0 [ 383.512030][T11984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.512048][T11984] RIP: 0033:0x7f022a38ebe9 [ 383.512062][T11984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.512079][T11984] RSP: 002b:00007f022b1e0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 383.512097][T11984] RAX: ffffffffffffffda RBX: 00007f022a5b5fa0 RCX: 00007f022a38ebe9 [ 383.512109][T11984] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000200 [ 383.512120][T11984] RBP: 00007f022b1e0090 R08: 0000000000000000 R09: 0000000000000000 [ 383.512130][T11984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 383.512141][T11984] R13: 00007f022a5b6038 R14: 00007f022a5b5fa0 R15: 00007ffdc8804bd8 [ 383.512158][T11984] [ 383.659513][ C0] vkms_vblank_simulate: vblank timer overrun [ 383.751321][ T51] Bluetooth: hci2: command tx timeout [ 384.797880][T12000] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2320 sclass=netlink_route_socket pid=12000 comm=syz.4.1627 [ 384.816656][ T30] audit: type=1400 audit(2000000020.540:739): avc: denied { bind } for pid=11999 comm="syz.4.1627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 384.914227][ T30] audit: type=1400 audit(2000000020.620:740): avc: denied { getopt } for pid=12002 comm="syz.4.1628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 385.048118][ T30] audit: type=1400 audit(2000000020.760:741): avc: denied { watch } for pid=11995 comm="syz.1.1625" path="/316/file0" dev="tmpfs" ino=1692 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 385.357476][ T30] audit: type=1400 audit(2000000020.760:742): avc: denied { watch_sb watch_reads } for pid=11995 comm="syz.1.1625" path="/316/file0" dev="tmpfs" ino=1692 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 385.433718][ T30] audit: type=1400 audit(2000000021.150:743): avc: denied { relabelfrom } for pid=12014 comm="syz.3.1631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 385.481690][T12017] netlink: 'syz.4.1632': attribute type 1 has an invalid length. [ 385.512737][T12017] 8021q: adding VLAN 0 to HW filter on device bond8 [ 385.605838][T12023] vlan2: entered allmulticast mode [ 385.617421][T12023] macvtap0: entered allmulticast mode [ 385.625463][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 385.625517][ T30] audit: type=1400 audit(2000000021.360:745): avc: denied { lock } for pid=12024 comm="syz.3.1635" path="socket:[35399]" dev="sockfs" ino=35399 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 385.640248][T12023] bond8: (slave vlan2): Opening slave failed [ 385.657198][ T24] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 386.001665][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 386.019502][ T24] usb 1-1: config 1 has an invalid descriptor of length 86, skipping remainder of the config [ 386.031385][ T24] usb 1-1: config 1 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 386.049839][ T24] usb 1-1: config 1 interface 0 has no altsetting 0 [ 386.058677][ T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 386.069189][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.133096][ T24] usb 1-1: Product: syz [ 386.143356][ T24] usb 1-1: Manufacturer: syz [ 386.154443][ T24] usb 1-1: SerialNumber: syz [ 386.159454][T12039] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 386.236032][T12039] netlink: 'syz.4.1639': attribute type 7 has an invalid length. [ 386.243849][T12039] netlink: 'syz.4.1639': attribute type 8 has an invalid length. [ 386.253948][T12039] input: syz0 as /devices/virtual/input/input45 [ 386.268913][ T30] audit: type=1400 audit(2000000021.990:746): avc: denied { create } for pid=12038 comm="syz.4.1639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 386.467256][T12013] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1630'. [ 386.487685][T12013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1630'. [ 386.516599][ T24] usb 1-1: USB disconnect, device number 32 [ 386.838032][T12052] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1641'. [ 387.228179][T12057] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1642'. [ 388.473299][ T24] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 388.496349][T12077] program syz.3.1650 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 388.660109][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.675290][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.721200][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 388.736011][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 388.745881][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.803252][ T24] usb 5-1: config 0 descriptor?? [ 388.830792][ T975] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 388.982106][ T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 389.000138][ T975] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 389.012026][ T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 389.022403][ T975] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 389.035257][ T975] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 389.047710][ T975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.092858][ T975] usb 4-1: config 0 descriptor?? [ 389.210778][ T5910] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 389.248917][ T24] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 389.258488][ T24] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 389.266595][ T24] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 389.274447][ T24] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 389.283429][ T24] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 389.291135][ T24] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 389.336021][ T24] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 389.353294][ T975] hdpvr 4-1:0.0: unexpected answer of status request, len -71 [ 389.362464][ T5910] usb 1-1: Using ep0 maxpacket: 8 [ 389.376353][ T975] hdpvr 4-1:0.0: device init failed [ 389.384830][ T5910] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 389.410441][ T975] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12 [ 389.422469][ T5910] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 389.444300][ T975] usb 4-1: USB disconnect, device number 32 [ 389.450282][ T5910] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 389.469046][ T5910] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 389.508745][ T5910] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 389.522252][T12070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 389.542909][T12070] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 389.554406][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.812380][ T5910] usb 1-1: GET_CAPABILITIES returned 0 [ 389.817883][ T5910] usbtmc 1-1:16.0: can't read capabilities [ 389.981493][T12104] netlink: 755 bytes leftover after parsing attributes in process `syz.1.1657'. [ 390.472232][ T975] usb 1-1: USB disconnect, device number 33 [ 391.291648][ T24] usb 5-1: USB disconnect, device number 34 [ 391.382599][ T840] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 391.612629][ T840] usb 2-1: config 0 has an invalid interface number: 64 but max is 0 [ 391.622040][ T840] usb 2-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 391.638237][ T840] usb 2-1: config 0 has no interface number 0 [ 391.653598][ T840] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 391.663036][ T840] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.672695][ T840] usb 2-1: Product: syz [ 391.691311][ T840] usb 2-1: Manufacturer: syz [ 391.696286][ T840] usb 2-1: SerialNumber: syz [ 391.746960][ T840] usb 2-1: config 0 descriptor?? [ 391.760647][ T30] audit: type=1400 audit(2000000027.480:747): avc: denied { create } for pid=12136 comm="syz.4.1666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 392.001354][T12140] overlayfs: failed to resolve './file1': -2 [ 392.116074][T12144] fuse: Bad value for 'group_id' [ 392.124082][T12144] fuse: Bad value for 'group_id' [ 392.178137][T12144] openvswitch: netlink: Multiple metadata blocks provided [ 392.218050][T12116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 392.230972][T12116] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 392.811060][ T30] audit: type=1326 audit(2000000028.540:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12153 comm="syz.2.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 392.819808][T12155] syz.2.1673 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 392.845057][ T30] audit: type=1326 audit(2000000028.540:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12153 comm="syz.2.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 392.869780][ T30] audit: type=1326 audit(2000000028.540:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12153 comm="syz.2.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 392.954555][ T30] audit: type=1326 audit(2000000028.540:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12153 comm="syz.2.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 392.978009][ C0] vkms_vblank_simulate: vblank timer overrun [ 393.012031][ T30] audit: type=1326 audit(2000000028.540:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12153 comm="syz.2.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 393.040836][ T30] audit: type=1326 audit(2000000028.540:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12153 comm="syz.2.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 393.064288][ C0] vkms_vblank_simulate: vblank timer overrun [ 393.070511][ T30] audit: type=1326 audit(2000000028.540:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12153 comm="syz.2.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 393.095616][ T30] audit: type=1326 audit(2000000028.540:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12153 comm="syz.2.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 393.119462][ T30] audit: type=1326 audit(2000000028.540:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12153 comm="syz.2.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 393.170885][ T24] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 393.610728][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 393.617627][ T24] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 393.627603][ T24] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 393.637462][ T24] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 393.647486][ T24] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 393.660734][ T24] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 393.669816][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.893276][ T24] usb 1-1: GET_CAPABILITIES returned 0 [ 393.916702][ T24] usbtmc 1-1:16.0: can't read capabilities [ 394.100356][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.109466][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.118529][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.127582][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.136689][ C0] vkms_vblank_simulate: vblank timer overrun [ 394.144134][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.153197][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.162241][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.171289][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.180331][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.189375][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.198426][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.207526][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.216594][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.225649][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.234705][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 394.243767][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 394.252770][ C0] vkms_vblank_simulate: vblank timer overrun [ 394.297807][ T840] usb 2-1: Found UVC 0.00 device syz (046d:0823) [ 394.304276][ T840] usb 2-1: No valid video chain found. [ 394.312074][ T840] usb 2-1: USB disconnect, device number 39 [ 394.326720][ T24] usb 1-1: USB disconnect, device number 34 [ 394.478962][T12177] netlink: 'syz.1.1677': attribute type 12 has an invalid length. [ 394.486991][T12177] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1677'. [ 396.353154][T12191] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 397.658768][T12213] overlayfs: failed to resolve './file1': -2 [ 398.567788][T12238] FAULT_INJECTION: forcing a failure. [ 398.567788][T12238] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 398.599075][T12238] CPU: 0 UID: 0 PID: 12238 Comm: syz.1.1698 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 398.599106][T12238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 398.599117][T12238] Call Trace: [ 398.599122][T12238] [ 398.599128][T12238] dump_stack_lvl+0x16c/0x1f0 [ 398.599149][T12238] should_fail_ex+0x512/0x640 [ 398.599165][T12238] _copy_from_user+0x2e/0xd0 [ 398.599180][T12238] move_addr_to_kernel+0x65/0x170 [ 398.599196][T12238] __sys_connect+0xb1/0x160 [ 398.599212][T12238] ? __pfx___sys_connect+0x10/0x10 [ 398.599230][T12238] ? __pfx_ksys_write+0x10/0x10 [ 398.599242][T12238] __x64_sys_connect+0x72/0xb0 [ 398.599258][T12238] do_syscall_64+0xcd/0x4c0 [ 398.599270][T12238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.599281][T12238] RIP: 0033:0x7fb1bfd8ebe9 [ 398.599291][T12238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.599301][T12238] RSP: 002b:00007fb1c0c8d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 398.599313][T12238] RAX: ffffffffffffffda RBX: 00007fb1bffb5fa0 RCX: 00007fb1bfd8ebe9 [ 398.599320][T12238] RDX: 000000000000003a RSI: 0000200000000080 RDI: 0000000000000003 [ 398.599326][T12238] RBP: 00007fb1c0c8d090 R08: 0000000000000000 R09: 0000000000000000 [ 398.599332][T12238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 398.599339][T12238] R13: 00007fb1bffb6038 R14: 00007fb1bffb5fa0 R15: 00007ffc50c3fb58 [ 398.599348][T12238] [ 399.100916][T12255] binder: BINDER_SET_CONTEXT_MGR already set [ 399.106902][T12255] binder: 12253:12255 ioctl 4018620d 200000004a80 returned -16 [ 399.115248][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 399.115261][ T30] audit: type=1400 audit(2000000034.820:774): avc: denied { set_context_mgr } for pid=12253 comm="syz.4.1703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 399.300881][ T30] audit: type=1400 audit(2000000034.820:775): avc: denied { map } for pid=12253 comm="syz.4.1703" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 400.266220][T12280] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1709'. [ 400.301649][ T840] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 400.315762][T12280] IPVS: Error joining to the multicast group [ 400.316733][T12284] FAULT_INJECTION: forcing a failure. [ 400.316733][T12284] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 400.335155][T12284] CPU: 0 UID: 0 PID: 12284 Comm: syz.0.1710 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 400.335181][T12284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 400.335191][T12284] Call Trace: [ 400.335196][T12284] [ 400.335203][T12284] dump_stack_lvl+0x16c/0x1f0 [ 400.335226][T12284] should_fail_ex+0x512/0x640 [ 400.335247][T12284] _copy_from_user+0x2e/0xd0 [ 400.335268][T12284] proc_disconnect_claim+0xa4/0x370 [ 400.335294][T12284] ? __pfx_proc_disconnect_claim+0x10/0x10 [ 400.335318][T12284] ? rcu_is_watching+0x12/0xc0 [ 400.335347][T12284] ? tomoyo_path_number_perm+0x295/0x580 [ 400.335373][T12284] usbdev_ioctl+0x16e3/0x4070 [ 400.335389][T12284] ? __pfx_usbdev_ioctl+0x10/0x10 [ 400.335405][T12284] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 400.335423][T12284] ? do_vfs_ioctl+0x128/0x14f0 [ 400.335446][T12284] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 400.335469][T12284] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 400.335494][T12284] ? rcu_is_watching+0x12/0xc0 [ 400.335514][T12284] ? __fget_files+0x204/0x3c0 [ 400.335530][T12284] ? hook_file_ioctl_common+0x145/0x410 [ 400.335547][T12284] ? selinux_file_ioctl+0x180/0x270 [ 400.335568][T12284] ? selinux_file_ioctl+0xb4/0x270 [ 400.335591][T12284] ? __pfx_usbdev_ioctl+0x10/0x10 [ 400.335608][T12284] __x64_sys_ioctl+0x18b/0x210 [ 400.335633][T12284] do_syscall_64+0xcd/0x4c0 [ 400.335652][T12284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.335670][T12284] RIP: 0033:0x7f1c9118ebe9 [ 400.335684][T12284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.335702][T12284] RSP: 002b:00007f1c91ff5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 400.335720][T12284] RAX: ffffffffffffffda RBX: 00007f1c913b5fa0 RCX: 00007f1c9118ebe9 [ 400.335730][T12284] RDX: 0000000000000000 RSI: 000000008108551b RDI: 0000000000000003 [ 400.335741][T12284] RBP: 00007f1c91ff5090 R08: 0000000000000000 R09: 0000000000000000 [ 400.335751][T12284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 400.335761][T12284] R13: 00007f1c913b6038 R14: 00007f1c913b5fa0 R15: 00007ffe9f8bc428 [ 400.335778][T12284] [ 400.680803][ T840] usb 4-1: Using ep0 maxpacket: 8 [ 400.682725][ T24] usb 2-1: new full-speed USB device number 40 using dummy_hcd [ 400.696417][ T840] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 400.704751][ T840] usb 4-1: config 0 has no interface number 0 [ 400.709000][T12297] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1716'. [ 400.710988][ T840] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 400.859925][T12297] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1716'. [ 400.870727][ T24] usb 2-1: device descriptor read/64, error -71 [ 400.895264][ T30] audit: type=1400 audit(2000000036.510:776): avc: denied { block_suspend } for pid=12285 comm="syz.4.1712" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 400.999999][ T840] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 401.012308][ T840] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 401.023472][ T840] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 401.050755][ T840] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 401.059823][ T840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.069755][ T840] usb 4-1: config 0 descriptor?? [ 401.078601][ T840] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 401.131844][ T24] usb 2-1: new full-speed USB device number 41 using dummy_hcd [ 401.260717][ T24] usb 2-1: device descriptor read/64, error -71 [ 401.342661][ T975] usb 4-1: USB disconnect, device number 33 [ 401.349299][ T975] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 401.380985][ T24] usb usb2-port1: attempt power cycle [ 401.400935][ T840] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 401.690718][ T840] usb 1-1: Using ep0 maxpacket: 8 [ 401.696960][ T840] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 401.715990][ T840] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 401.740963][ T24] usb 2-1: new full-speed USB device number 42 using dummy_hcd [ 401.749495][ T840] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 401.770570][ T24] usb 2-1: device descriptor read/8, error -71 [ 401.785019][ T840] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 401.798264][ T840] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 401.807324][ T840] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.175257][ T30] audit: type=1400 audit(2000000037.880:777): avc: denied { mounton } for pid=12314 comm="syz.4.1722" path="/357/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 402.264923][ T840] usb 1-1: GET_CAPABILITIES returned 0 [ 402.270560][ T840] usbtmc 1-1:16.0: can't read capabilities [ 402.320720][ T24] usb 2-1: new full-speed USB device number 43 using dummy_hcd [ 402.347388][ T24] usb 2-1: device descriptor read/8, error -71 [ 402.434418][ T30] audit: type=1400 audit(2000000038.160:778): avc: denied { ioctl } for pid=12318 comm="syz.3.1723" path="socket:[37943]" dev="sockfs" ino=37943 ioctlcmd=0x9418 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 402.463345][T12323] netlink: 'syz.3.1723': attribute type 10 has an invalid length. [ 402.472001][ T24] usb usb2-port1: unable to enumerate USB device [ 402.475355][ T840] usb 1-1: USB disconnect, device number 35 [ 402.506665][T12323] veth0_vlan: left promiscuous mode [ 402.521069][T12323] veth0_vlan: entered promiscuous mode [ 402.544691][T12323] team0: Device veth0_vlan failed to register rx_handler [ 402.654391][T12330] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1726'. [ 402.672577][T12330] Driver unsupported XDP return value 0 on prog (id 130) dev N/A, expect packet loss! [ 403.508452][T12345] fuse: Bad value for 'group_id' [ 403.514029][T12345] fuse: Bad value for 'group_id' [ 403.545309][T12347] netlink: 'syz.4.1733': attribute type 10 has an invalid length. [ 403.853682][T12347] team0 (unregistering): Port device team_slave_0 removed [ 403.898917][T12347] team0 (unregistering): Port device team_slave_1 removed [ 404.710864][ T840] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 404.900731][ T840] usb 5-1: Using ep0 maxpacket: 32 [ 404.911863][ T840] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 404.980485][ T840] usb 5-1: config 0 has no interface number 0 [ 404.992615][ T840] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 405.014640][ T840] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 405.334844][ T840] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.362395][ T840] usb 5-1: Product: syz [ 405.368316][ T840] usb 5-1: Manufacturer: syz [ 405.376252][ T840] usb 5-1: SerialNumber: syz [ 405.389078][ T840] usb 5-1: config 0 descriptor?? [ 405.407617][ T840] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 405.421042][ T840] em28xx 5-1:0.132: Video interface 132 found: [ 405.642907][T12379] fuse: Bad value for 'group_id' [ 405.648092][T12379] fuse: Bad value for 'group_id' [ 406.114348][ T840] em28xx 5-1:0.132: unknown em28xx chip ID (0) [ 406.307204][ T30] audit: type=1400 audit(2000000042.030:779): avc: denied { getopt } for pid=12392 comm="syz.2.1750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 407.220638][T12402] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1752'. [ 407.402787][ T840] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 407.430702][ T840] em28xx 5-1:0.132: board has no eeprom [ 407.439186][T12395] em28xx 5-1:0.132: failed to trigger write to i2c address 0x2 (error=-5) [ 407.542109][ T840] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 407.550452][ T840] em28xx 5-1:0.132: analog set to bulk mode. [ 407.556940][ T9] em28xx 5-1:0.132: Registering V4L2 extension [ 407.576336][ T840] usb 5-1: USB disconnect, device number 35 [ 407.611253][ T840] em28xx 5-1:0.132: Disconnecting em28xx [ 407.678408][T12415] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 407.738567][T12421] FAULT_INJECTION: forcing a failure. [ 407.738567][T12421] name failslab, interval 1, probability 0, space 0, times 0 [ 407.761516][T12421] CPU: 0 UID: 0 PID: 12421 Comm: syz.2.1755 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 407.761546][T12421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 407.761557][T12421] Call Trace: [ 407.761563][T12421] [ 407.761570][T12421] dump_stack_lvl+0x16c/0x1f0 [ 407.761593][T12421] should_fail_ex+0x512/0x640 [ 407.761616][T12421] ? usb_set_configuration+0x24a/0x1e20 [ 407.761637][T12421] should_failslab+0xc2/0x120 [ 407.761657][T12421] __kmalloc_noprof+0xd2/0x510 [ 407.761677][T12421] usb_set_configuration+0x24a/0x1e20 [ 407.761699][T12421] ? __might_fault+0xe3/0x190 [ 407.761716][T12421] ? __might_fault+0x13b/0x190 [ 407.761735][T12421] usbdev_ioctl+0x31f6/0x4070 [ 407.761754][T12421] ? __pfx_usbdev_ioctl+0x10/0x10 [ 407.761772][T12421] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 407.761793][T12421] ? do_vfs_ioctl+0x128/0x14f0 [ 407.761820][T12421] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 407.761845][T12421] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 407.761874][T12421] ? rcu_is_watching+0x12/0xc0 [ 407.761895][T12421] ? __fget_files+0x204/0x3c0 [ 407.761913][T12421] ? hook_file_ioctl_common+0x145/0x410 [ 407.761933][T12421] ? selinux_file_ioctl+0x180/0x270 [ 407.761956][T12421] ? selinux_file_ioctl+0xb4/0x270 [ 407.761980][T12421] ? __pfx_usbdev_ioctl+0x10/0x10 [ 407.761996][T12421] __x64_sys_ioctl+0x18b/0x210 [ 407.762022][T12421] do_syscall_64+0xcd/0x4c0 [ 407.762041][T12421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.762059][T12421] RIP: 0033:0x7f022a38ebe9 [ 407.762073][T12421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.762090][T12421] RSP: 002b:00007f022b1e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 407.762107][T12421] RAX: ffffffffffffffda RBX: 00007f022a5b5fa0 RCX: 00007f022a38ebe9 [ 407.762119][T12421] RDX: 0000200000000000 RSI: 0000000080045505 RDI: 0000000000000003 [ 407.762130][T12421] RBP: 00007f022b1e0090 R08: 0000000000000000 R09: 0000000000000000 [ 407.762144][T12421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 407.762154][T12421] R13: 00007f022a5b6038 R14: 00007f022a5b5fa0 R15: 00007ffdc8804bd8 [ 407.762171][T12421] [ 407.770522][ T9] em28xx 5-1:0.132: Config register raw data: 0xffffffed [ 408.001806][T12424] netlink: 'syz.0.1756': attribute type 12 has an invalid length. [ 408.018219][T12424] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1756'. [ 408.060872][ T9] em28xx 5-1:0.132: AC97 chip type couldn't be determined [ 408.068038][ T9] em28xx 5-1:0.132: No AC97 audio processor [ 408.074941][ T9] usb 5-1: Decoder not found [ 408.079623][ T9] em28xx 5-1:0.132: failed to create media graph [ 408.103327][ T9] em28xx 5-1:0.132: V4L2 device video103 deregistered [ 408.111022][ T9] em28xx 5-1:0.132: Remote control support is not available for this card. [ 408.119894][ T840] em28xx 5-1:0.132: Closing input extension [ 408.261011][ T24] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 408.269398][ T30] audit: type=1400 audit(2000000043.970:780): avc: denied { create } for pid=12428 comm="syz.3.1759" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 408.369745][ T840] em28xx 5-1:0.132: Freeing device [ 408.458281][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 408.468247][ T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 408.477943][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 408.487880][ T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 408.497914][ T24] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 408.854589][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.937209][ T24] usb 3-1: config 0 descriptor?? [ 409.669723][ T24] hdpvr 3-1:0.0: firmware version 0x51 dated [ 409.675956][ T24] hdpvr 3-1:0.0: untested firmware, the driver might not work. [ 409.973290][ T24] hdpvr 3-1:0.0: device init failed [ 409.978561][ T24] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12 [ 410.043007][ T24] usb 3-1: USB disconnect, device number 33 [ 410.586300][T12461] vlan3: entered allmulticast mode [ 410.944773][ T24] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 411.042544][T12473] FAULT_INJECTION: forcing a failure. [ 411.042544][T12473] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 411.115394][T12473] CPU: 1 UID: 0 PID: 12473 Comm: syz.0.1770 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 411.115423][T12473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 411.115432][T12473] Call Trace: [ 411.115438][T12473] [ 411.115443][T12473] dump_stack_lvl+0x16c/0x1f0 [ 411.115465][T12473] should_fail_ex+0x512/0x640 [ 411.115485][T12473] _copy_from_user+0x2e/0xd0 [ 411.115505][T12473] copy_msghdr_from_user+0x98/0x160 [ 411.115522][T12473] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 411.115538][T12473] ? __pfx_kstrtouint+0x10/0x10 [ 411.115554][T12473] ? kstrtouint_from_user+0x13c/0x1d0 [ 411.115569][T12473] ___sys_sendmsg+0xfe/0x1d0 [ 411.115585][T12473] ? __pfx____sys_sendmsg+0x10/0x10 [ 411.115604][T12473] ? rcu_is_watching+0x12/0xc0 [ 411.115627][T12473] ? __mutex_unlock_slowpath+0x100/0x800 [ 411.115648][T12473] __sys_sendmsg+0x16d/0x220 [ 411.115663][T12473] ? __pfx___sys_sendmsg+0x10/0x10 [ 411.115686][T12473] do_syscall_64+0xcd/0x4c0 [ 411.115703][T12473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.115719][T12473] RIP: 0033:0x7f1c9118ebe9 [ 411.115731][T12473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.115747][T12473] RSP: 002b:00007f1c91ff5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 411.115764][T12473] RAX: ffffffffffffffda RBX: 00007f1c913b5fa0 RCX: 00007f1c9118ebe9 [ 411.115774][T12473] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 411.115783][T12473] RBP: 00007f1c91ff5090 R08: 0000000000000000 R09: 0000000000000000 [ 411.115793][T12473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.115802][T12473] R13: 00007f1c913b6038 R14: 00007f1c913b5fa0 R15: 00007ffe9f8bc428 [ 411.115817][T12473] [ 411.347231][T12478] overlayfs: failed to resolve './file0': -2 [ 411.586717][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 411.593214][ T24] usb 5-1: config index 0 descriptor too short (expected 19589, got 27) [ 411.606741][ T24] usb 5-1: config 255 has too many interfaces: 64, using maximum allowed: 32 [ 411.780437][ T24] usb 5-1: config 255 has an invalid descriptor of length 144, skipping remainder of the config [ 411.790921][ T24] usb 5-1: config 255 has 0 interfaces, different from the descriptor's value: 64 [ 411.804092][ T24] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 411.813504][ T24] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 411.821914][ T24] usb 5-1: Product: syz [ 411.826211][ T24] usb 5-1: SerialNumber: syz [ 412.229572][T12491] fuse: Unknown parameter '0x000000000000000400000000000000000000004' [ 412.245787][T12491] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1777'. [ 412.599475][T12490] ip6erspan0: entered promiscuous mode [ 412.839039][T12494] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1778'. [ 412.900164][T12505] sp0: Synchronizing with TNC [ 412.955268][ T975] usb 4-1: new full-speed USB device number 34 using dummy_hcd [ 413.215378][ T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 413.335370][ T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 413.381694][ T30] audit: type=1400 audit(2000000048.990:781): avc: denied { execute } for pid=12502 comm="syz.0.1781" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=37783 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 413.431996][ T975] usb 4-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 413.534571][ T975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.955769][ T975] usb 4-1: config 0 descriptor?? [ 413.974117][ T24] usb 5-1: USB disconnect, device number 36 [ 414.391763][ T975] zydacron 0003:13EC:0006.001A: reserved main item tag 0xd [ 414.399439][ T975] zydacron 0003:13EC:0006.001A: unbalanced collection at end of report description [ 414.683908][ T975] zydacron 0003:13EC:0006.001A: parse failed [ 414.690408][ T975] zydacron 0003:13EC:0006.001A: probe with driver zydacron failed with error -22 [ 415.146810][ T30] audit: type=1400 audit(2000000050.870:782): avc: denied { execute_no_trans } for pid=12527 comm="syz.0.1787" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CC1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CFA5BAE531F5202864656C6574656429 dev="tmpfs" ino=1184 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 415.185399][T12531] netlink: 'syz.2.1788': attribute type 2 has an invalid length. [ 415.236695][T12531] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1788'. [ 415.294461][T12537] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1790'. [ 415.305945][T12537] tmpfs: Bad value for 'mpol' [ 415.419057][T12537] tmpfs: Bad value for 'mpol' [ 415.696276][T12551] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1792'. [ 416.271498][ T975] usb 4-1: USB disconnect, device number 34 [ 416.277633][ T30] audit: type=1400 audit(2000000051.930:783): avc: denied { setattr } for pid=12559 comm="syz.0.1793" name="#31" dev="tmpfs" ino=1977 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 416.300059][ C1] vkms_vblank_simulate: vblank timer overrun [ 416.392174][ T30] audit: type=1800 audit(2000000051.950:784): pid=12535 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.1789" name="file0" dev="fuse" ino=2 res=0 errno=0 [ 417.189117][T12598] FAULT_INJECTION: forcing a failure. [ 417.189117][T12598] name failslab, interval 1, probability 0, space 0, times 0 [ 417.214355][T12598] CPU: 0 UID: 0 PID: 12598 Comm: syz.4.1798 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 417.214384][T12598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 417.214394][T12598] Call Trace: [ 417.214400][T12598] [ 417.214406][T12598] dump_stack_lvl+0x16c/0x1f0 [ 417.214428][T12598] should_fail_ex+0x512/0x640 [ 417.214450][T12598] ? tomoyo_encode2+0x100/0x3e0 [ 417.214475][T12598] should_failslab+0xc2/0x120 [ 417.214496][T12598] __kmalloc_noprof+0xd2/0x510 [ 417.214513][T12598] ? d_absolute_path+0x136/0x1a0 [ 417.214539][T12598] tomoyo_encode2+0x100/0x3e0 [ 417.214562][T12598] tomoyo_encode+0x29/0x50 [ 417.214584][T12598] tomoyo_realpath_from_path+0x18f/0x6e0 [ 417.214611][T12598] tomoyo_path_number_perm+0x245/0x580 [ 417.214631][T12598] ? tomoyo_path_number_perm+0x237/0x580 [ 417.214654][T12598] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 417.214680][T12598] ? ksys_write+0x190/0x250 [ 417.214703][T12598] ? rcu_is_watching+0x12/0xc0 [ 417.214724][T12598] ? __fget_files+0x204/0x3c0 [ 417.214742][T12598] ? hook_file_ioctl_common+0x145/0x410 [ 417.214760][T12598] ? lock_release+0x201/0x2f0 [ 417.214787][T12598] ? __fget_files+0x20e/0x3c0 [ 417.214806][T12598] security_file_ioctl+0x9b/0x240 [ 417.214832][T12598] __x64_sys_ioctl+0xb7/0x210 [ 417.214859][T12598] do_syscall_64+0xcd/0x4c0 [ 417.214878][T12598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.214896][T12598] RIP: 0033:0x7f1f0798ebe9 [ 417.214911][T12598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.214928][T12598] RSP: 002b:00007f1f0872a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 417.214946][T12598] RAX: ffffffffffffffda RBX: 00007f1f07bb5fa0 RCX: 00007f1f0798ebe9 [ 417.214958][T12598] RDX: 0000200000000240 RSI: 00000000c004ae0a RDI: 0000000000000004 [ 417.214969][T12598] RBP: 00007f1f0872a090 R08: 0000000000000000 R09: 0000000000000000 [ 417.214979][T12598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 417.214990][T12598] R13: 00007f1f07bb6038 R14: 00007f1f07bb5fa0 R15: 00007ffca127d6e8 [ 417.215007][T12598] [ 417.260347][T12598] ERROR: Out of memory at tomoyo_realpath_from_path. [ 418.112475][T12609] C: renamed from team_slave_0 [ 418.327901][T12609] netlink: 'syz.1.1800': attribute type 1 has an invalid length. [ 418.452336][T12609] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1800'. [ 418.461982][T12609] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 419.332351][T12626] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1805'. [ 419.453083][T12626] vlan3: entered allmulticast mode [ 419.458296][T12626] bridge0: entered allmulticast mode [ 419.463988][T12626] bridge1: port 1(vlan3) entered blocking state [ 419.470379][T12626] bridge1: port 1(vlan3) entered disabled state [ 419.896652][T12626] vlan3: entered promiscuous mode [ 419.906132][T12626] bridge0: entered promiscuous mode [ 419.987466][T12637] netlink: 'syz.2.1806': attribute type 10 has an invalid length. [ 420.840418][T12644] sp0: Synchronizing with TNC [ 421.428139][T12651] warning: `syz.2.1809' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 422.390880][ T30] audit: type=1400 audit(2000000058.110:785): avc: denied { setopt } for pid=12671 comm="syz.0.1815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 423.431432][ T840] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 424.093197][ T840] usb 4-1: New USB device found, idVendor=0fc5, idProduct=1227, bcdDevice=da.8e [ 424.165449][ T840] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.182890][ T840] usb 4-1: Product: syz [ 424.187050][ T840] usb 4-1: Manufacturer: syz [ 424.210755][ T840] usb 4-1: SerialNumber: syz [ 424.225958][ T840] usb 4-1: config 0 descriptor?? [ 424.233344][ T840] usbsevseg 4-1:0.0: USB 7 Segment device now attached [ 424.333090][T12695] 9pnet_fd: Insufficient options for proto=fd [ 424.431739][T12699] sp0: Synchronizing with TNC [ 424.450166][T12681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 424.479831][T12681] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 424.500766][ T975] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 424.522484][ T840] usb 4-1: USB disconnect, device number 35 [ 424.528746][ T840] usbsevseg 4-1:0.0: USB 7 Segment now disconnected [ 424.582081][T12704] netlink: 'syz.1.1823': attribute type 12 has an invalid length. [ 424.589938][T12704] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1823'. [ 425.483332][ T975] usb 3-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=c2.b7 [ 425.497957][ T975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.516505][ T975] usb 3-1: config 0 descriptor?? [ 425.526117][ T975] gspca_main: mars-2.14.0 probing 093a:050f [ 425.841678][T12716] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1827'. [ 425.855746][ T975] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 426.069925][T12722] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1828'. [ 426.173155][ T975] usb 2-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 36, changing to 9 [ 426.207096][ T975] usb 2-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.240032][ T975] usb 2-1: config 0 interface 0 has no altsetting 0 [ 426.250835][ T975] usb 2-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 426.260174][ T975] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.270779][ T975] usb 2-1: config 0 descriptor?? [ 426.818448][ T30] audit: type=1400 audit(2000000062.530:786): avc: denied { read write } for pid=12709 comm="syz.1.1825" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 426.848074][ T975] usbhid 2-1:0.0: can't add hid device: -71 [ 426.888246][ T30] audit: type=1400 audit(2000000062.530:787): avc: denied { open } for pid=12709 comm="syz.1.1825" path="/352/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 426.910570][ T975] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 426.912078][ T975] usb 2-1: USB disconnect, device number 44 [ 427.752334][ T975] usb 3-1: USB disconnect, device number 34 [ 427.939078][T12749] netlink: 'syz.2.1835': attribute type 12 has an invalid length. [ 427.955509][T12749] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1835'. [ 428.063838][ T975] libceph: connect (1)[c::]:6789 error -101 [ 428.069883][ T975] libceph: mon0 (1)[c::]:6789 connect error [ 428.116263][T12751] ceph: No mds server is up or the cluster is laggy [ 428.145002][T12751] vxfs: WRONG superblock magic 00000000 at 1 [ 428.152338][ T30] audit: type=1400 audit(2000000063.860:788): avc: denied { unmount } for pid=5850 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 428.184623][T12751] vxfs: WRONG superblock magic 00000000 at 8 [ 428.300733][T12751] vxfs: can't find superblock. [ 428.710843][ T975] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 428.828601][T12771] overlayfs: failed to resolve './file1': -2 [ 428.891933][ T975] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 428.905577][ T975] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 428.919165][ T975] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 428.930695][ T975] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 428.950688][ T975] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 428.960948][ T975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.039497][ T975] usb 3-1: config 0 descriptor?? [ 429.367314][ T975] hdpvr 3-1:0.0: firmware version 0x51 dated [ 429.379673][ T975] hdpvr 3-1:0.0: untested firmware, the driver might not work. [ 429.581046][ T975] hdpvr 3-1:0.0: max device number reached, device register failed [ 429.594809][ T975] usb 3-1: USB disconnect, device number 35 [ 429.641300][ T30] audit: type=1400 audit(2000000065.370:789): avc: denied { rename } for pid=12779 comm="syz.1.1844" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 429.652166][T12780] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1844'. [ 429.663513][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.963891][T12791] 9pnet_fd: p9_fd_create_tcp (12791): problem binding to privport [ 430.248920][T12796] netlink: 'syz.1.1848': attribute type 1 has an invalid length. [ 430.256882][T12796] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1848'. [ 430.268942][T12796] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 430.710746][ T30] audit: type=1326 audit(2000000066.240:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12737 comm="syz.0.1833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9118ebe9 code=0x7fc00000 [ 432.711461][ T30] audit: type=1400 audit(2000000068.430:791): avc: denied { setopt } for pid=12845 comm="syz.2.1864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 433.352644][T12864] fuse: Bad value for 'group_id' [ 433.368358][T12864] fuse: Bad value for 'group_id' [ 433.370331][T12866] binder: BINDER_SET_CONTEXT_MGR already set [ 433.379426][T12866] binder: 12861:12866 ioctl 4018620d 200000004a80 returned -16 [ 433.763533][ T30] audit: type=1400 audit(2000000069.490:792): avc: denied { ioctl } for pid=12876 comm="syz.2.1871" path="socket:[40140]" dev="sockfs" ino=40140 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 434.620992][ T30] audit: type=1400 audit(2000000070.320:793): avc: denied { getopt } for pid=12880 comm="syz.3.1872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 435.231944][T12887] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1873'. [ 435.241065][T12887] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1873'. [ 436.822738][T12915] FAULT_INJECTION: forcing a failure. [ 436.822738][T12915] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 436.837518][T12915] CPU: 0 UID: 0 PID: 12915 Comm: syz.2.1882 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 436.837547][T12915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 436.837557][T12915] Call Trace: [ 436.837563][T12915] [ 436.837570][T12915] dump_stack_lvl+0x16c/0x1f0 [ 436.837593][T12915] should_fail_ex+0x512/0x640 [ 436.837614][T12915] _copy_from_user+0x2e/0xd0 [ 436.837636][T12915] move_addr_to_kernel+0x65/0x170 [ 436.837660][T12915] __copy_msghdr+0x386/0x470 [ 436.837677][T12915] copy_msghdr_from_user+0xc1/0x160 [ 436.837694][T12915] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 436.837714][T12915] ? __pfx__kstrtoull+0x10/0x10 [ 436.837731][T12915] ___sys_sendmsg+0xfe/0x1d0 [ 436.837748][T12915] ? __pfx____sys_sendmsg+0x10/0x10 [ 436.837769][T12915] ? rcu_is_watching+0x12/0xc0 [ 436.837798][T12915] __sys_sendmmsg+0x200/0x420 [ 436.837817][T12915] ? __pfx___sys_sendmmsg+0x10/0x10 [ 436.837837][T12915] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 436.837862][T12915] ? fput+0x9b/0xd0 [ 436.837883][T12915] ? ksys_write+0x1ac/0x250 [ 436.837900][T12915] ? __pfx_ksys_write+0x10/0x10 [ 436.837919][T12915] __x64_sys_sendmmsg+0x9c/0x100 [ 436.837935][T12915] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 436.837954][T12915] do_syscall_64+0xcd/0x4c0 [ 436.837973][T12915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.837990][T12915] RIP: 0033:0x7f022a38ebe9 [ 436.838004][T12915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 436.838021][T12915] RSP: 002b:00007f022b1e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 436.838039][T12915] RAX: ffffffffffffffda RBX: 00007f022a5b5fa0 RCX: 00007f022a38ebe9 [ 436.838051][T12915] RDX: 0000000000068000 RSI: 0000200000000f40 RDI: 0000000000000003 [ 436.838062][T12915] RBP: 00007f022b1e0090 R08: 0000000000000000 R09: 0000000000000000 [ 436.838072][T12915] R10: 000000000000e000 R11: 0000000000000246 R12: 0000000000000001 [ 436.838089][T12915] R13: 00007f022a5b6038 R14: 00007f022a5b5fa0 R15: 00007ffdc8804bd8 [ 436.838105][T12915] [ 437.060588][ T30] audit: type=1400 audit(2000000072.780:794): avc: denied { firmware_load } for pid=12910 comm="syz.4.1881" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 437.742135][T12913] syz.4.1881 (12913) used greatest stack depth: 18952 bytes left [ 438.375129][T12940] fuse: Bad value for 'group_id' [ 438.385288][T12940] fuse: Bad value for 'group_id' [ 439.044025][ T30] audit: type=1800 audit(2000000074.770:795): pid=12951 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.1892" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 439.791238][T12958] C: renamed from team_slave_0 [ 439.803239][T12958] netlink: 'syz.3.1894': attribute type 1 has an invalid length. [ 439.811074][T12958] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1894'. [ 439.820164][T12958] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 439.959283][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.965627][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.913200][T12974] fuse: Bad value for 'group_id' [ 440.930308][T12974] fuse: Bad value for 'group_id' [ 441.048836][ T30] audit: type=1326 audit(2000000076.770:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12963 comm="syz.1.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bfd8ebe9 code=0x7ffc0000 [ 441.452840][ T30] audit: type=1326 audit(2000000077.180:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12963 comm="syz.1.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bfd8ebe9 code=0x7ffc0000 [ 441.476398][ T30] audit: type=1326 audit(2000000077.180:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12963 comm="syz.1.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb1bfd8ebe9 code=0x7ffc0000 [ 441.499760][ T30] audit: type=1326 audit(2000000077.180:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12963 comm="syz.1.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bfd8ebe9 code=0x7ffc0000 [ 441.523223][ T30] audit: type=1326 audit(2000000077.180:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12963 comm="syz.1.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb1bfd90b07 code=0x7ffc0000 [ 441.547990][ T30] audit: type=1326 audit(2000000077.180:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12963 comm="syz.1.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fb1bfd90a7c code=0x7ffc0000 [ 441.573369][ T30] audit: type=1326 audit(2000000077.180:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12963 comm="syz.1.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fb1bfd909b4 code=0x7ffc0000 [ 441.598152][ T30] audit: type=1326 audit(2000000077.180:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12963 comm="syz.1.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fb1bfd909b4 code=0x7ffc0000 [ 441.622781][ T30] audit: type=1326 audit(2000000077.180:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12963 comm="syz.1.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb1bfd8d84a code=0x7ffc0000 [ 442.083925][T12992] netlink: 'syz.1.1903': attribute type 1 has an invalid length. [ 442.091811][T12992] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1903'. [ 442.101073][T12992] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 442.880753][ T840] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 443.134128][ T840] usb 3-1: config 0 has no interfaces? [ 443.146725][ T840] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 443.160769][ T840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.168925][ T840] usb 3-1: Product: syz [ 443.173387][ T840] usb 3-1: Manufacturer: syz [ 443.178583][ T840] usb 3-1: SerialNumber: syz [ 443.184773][ T840] usb 3-1: config 0 descriptor?? [ 443.733824][T13001] pimreg: entered allmulticast mode [ 444.013354][T13032] sp0: Synchronizing with TNC [ 444.842757][ T30] kauditd_printk_skb: 46 callbacks suppressed [ 444.842774][ T30] audit: type=1400 audit(2000000080.570:851): avc: denied { read } for pid=13035 comm="syz.0.1915" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 444.879285][ T30] audit: type=1400 audit(2000000080.570:852): avc: denied { open } for pid=13035 comm="syz.0.1915" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 444.902884][ C0] vkms_vblank_simulate: vblank timer overrun [ 444.948084][ T30] audit: type=1400 audit(2000000080.570:853): avc: denied { ioctl } for pid=13035 comm="syz.0.1915" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 444.973926][ T30] audit: type=1400 audit(2000000080.660:854): avc: denied { bind } for pid=13035 comm="syz.0.1915" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 445.905500][ T30] audit: type=1400 audit(2000000081.390:855): avc: denied { ioctl } for pid=13043 comm="syz.4.1917" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 445.943362][ T840] usb 3-1: USB disconnect, device number 36 [ 445.979941][ T30] audit: type=1400 audit(2000000081.700:856): avc: denied { unmount } for pid=5845 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 447.691606][ T9044] Bluetooth: Error in BCSP hdr checksum [ 447.940902][ T4395] Bluetooth: Error in BCSP hdr checksum [ 449.089657][ T30] audit: type=1326 audit(2000000084.810:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13097 comm="syz.0.1930" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9118ebe9 code=0x7ffc0000 [ 449.144024][ T30] audit: type=1326 audit(2000000084.810:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13097 comm="syz.0.1930" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1c9118ebe9 code=0x7ffc0000 [ 449.440735][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 449.475036][ T30] audit: type=1326 audit(2000000084.810:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13097 comm="syz.0.1930" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9118ebe9 code=0x7ffc0000 [ 449.498405][ C0] vkms_vblank_simulate: vblank timer overrun [ 449.535319][ T30] audit: type=1326 audit(2000000084.810:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13097 comm="syz.0.1930" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9118ebe9 code=0x7ffc0000 [ 449.675708][ T5170] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 449.888107][T13135] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1937'. [ 451.156411][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 451.156424][ T30] audit: type=1400 audit(2000000086.880:871): avc: denied { read } for pid=13160 comm="syz.1.1943" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 451.185601][ T975] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 451.218838][ T30] audit: type=1400 audit(2000000086.880:872): avc: denied { open } for pid=13160 comm="syz.1.1943" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 451.391353][ T975] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 451.469134][ T975] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 451.615958][ T975] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 451.642373][ T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.650452][ T975] usb 4-1: Product: syz [ 451.680563][ T975] usb 4-1: Manufacturer: syz [ 451.697794][ T975] usb 4-1: SerialNumber: syz [ 451.949432][ T975] cdc_ncm 4-1:1.0: bind() failure [ 451.956283][ T975] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 451.963960][ T975] cdc_ncm 4-1:1.1: bind() failure [ 451.973104][ T975] usb 4-1: USB disconnect, device number 36 [ 452.020757][ T5910] usb 5-1: new low-speed USB device number 37 using dummy_hcd [ 452.172136][ T5910] usb 5-1: config 4 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 452.183355][ T5910] usb 5-1: config 4 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0 [ 452.193123][ T5910] usb 5-1: config 4 interface 0 has no altsetting 0 [ 452.199831][ T5910] usb 5-1: New USB device found, idVendor=04d9, idProduct=a067, bcdDevice= 0.00 [ 452.208876][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 452.634326][ T5910] holtek_mouse 0003:04D9:A067.001B: unknown main item tag 0x0 [ 452.662215][ T5910] holtek_mouse 0003:04D9:A067.001B: unknown main item tag 0x3 [ 452.679192][ T5910] holtek_mouse 0003:04D9:A067.001B: unknown main item tag 0x3 [ 452.690495][ T5910] holtek_mouse 0003:04D9:A067.001B: item fetching failed at offset 4/8 [ 452.757217][ T5910] holtek_mouse 0003:04D9:A067.001B: hid parse failed: -22 [ 452.764687][ T5910] holtek_mouse 0003:04D9:A067.001B: probe with driver holtek_mouse failed with error -22 [ 453.125594][T13183] tipc: Enabled bearer , priority 10 [ 453.133644][ T9] usb 5-1: USB disconnect, device number 37 [ 453.170709][ T975] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 453.330773][ T975] usb 4-1: Using ep0 maxpacket: 32 [ 453.338344][ T975] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 453.346521][ T975] usb 4-1: config 0 has no interface number 0 [ 453.352642][ T975] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 230, changing to 11 [ 453.363880][ T975] usb 4-1: config 0 interface 85 has no altsetting 0 [ 453.372061][ T975] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 453.381141][ T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.389132][ T975] usb 4-1: Product: syz [ 453.393356][ T975] usb 4-1: Manufacturer: syz [ 453.397944][ T975] usb 4-1: SerialNumber: syz [ 453.403416][ T975] usb 4-1: config 0 descriptor?? [ 453.590698][ T5170] Bluetooth: hci5: command 0x1003 tx timeout [ 453.590754][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 454.273570][ T9] tipc: Node number set to 2061144238 [ 454.451127][ T30] audit: type=1400 audit(2000000089.650:873): avc: denied { setopt } for pid=13205 comm="syz.4.1954" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 454.883343][T13218] binder: 13216:13218 ioctl c018620c 200000000300 returned -1 [ 454.901744][T13218] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13218 comm=syz.2.1957 [ 455.200786][ T9] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 455.310886][ T840] usb 3-1: new full-speed USB device number 37 using dummy_hcd [ 455.627728][ T9] usb 5-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 36, changing to 9 [ 455.639184][ T9] usb 5-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0 [ 455.649350][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 455.656021][ T9] usb 5-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 455.665173][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.674342][ T9] usb 5-1: config 0 descriptor?? [ 455.768297][ T975] appletouch 4-1:0.85: Failed to read mode from device. [ 456.074659][ T975] appletouch 4-1:0.85: probe with driver appletouch failed with error -5 [ 456.084878][ T840] usb 3-1: unable to get BOS descriptor or descriptor too short [ 456.098070][ T840] usb 3-1: not running at top speed; connect to a high speed hub [ 456.124004][ T975] usb 4-1: USB disconnect, device number 37 [ 456.143595][T13230] overlayfs: missing 'lowerdir' [ 456.145541][ T840] usb 3-1: config 129 has an invalid interface number: 135 but max is 0 [ 456.180263][ T840] usb 3-1: config 129 descriptor has 1 excess byte, ignoring [ 456.193596][ T840] usb 3-1: config 129 has 2 interfaces, different from the descriptor's value: 1 [ 456.216995][ T840] usb 3-1: config 129 has no interface number 1 [ 456.226486][ T840] usb 3-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 456.251265][ T840] usb 3-1: config 129 interface 135 has no altsetting 0 [ 456.260623][ T840] usb 3-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62 [ 456.389325][ T840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.397615][ T840] usb 3-1: Product: syz [ 456.402885][ T840] usb 3-1: Manufacturer: syz [ 456.407528][ T840] usb 3-1: SerialNumber: syz [ 456.812990][ T840] au0828: au0828: Device initialization failed. [ 456.833920][ T840] au0828: au0828: Device must be connected to a high-speed USB 2.0 port. [ 456.851813][ T840] usb 3-1: USB disconnect, device number 37 [ 457.256943][ T30] audit: type=1400 audit(2000000092.980:874): avc: denied { write } for pid=13250 comm="syz.3.1967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 457.324999][ T30] audit: type=1400 audit(2000000093.050:875): avc: denied { mount } for pid=13255 comm="syz.0.1969" name="/" dev="autofs" ino=41704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 457.436885][ T30] audit: type=1400 audit(2000000093.160:876): avc: denied { unmount } for pid=5845 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 457.926988][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 457.946202][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 458.034170][T13263] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1971'. [ 458.066542][ T9] usb 5-1: USB disconnect, device number 38 [ 458.729534][T13284] overlayfs: failed to resolve './file0': -2 [ 458.895278][ T30] audit: type=1400 audit(2000000094.620:877): avc: denied { getopt } for pid=13288 comm="syz.1.1981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 459.238850][T13291] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 459.265161][T13291] CIFS: Unable to determine destination address [ 459.480831][ T30] audit: type=1400 audit(2000000095.190:878): avc: denied { ioctl } for pid=13292 comm="syz.4.1982" path="socket:[42276]" dev="sockfs" ino=42276 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 459.696726][ T30] audit: type=1326 audit(2000000095.420:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13302 comm="syz.2.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 459.737221][ T30] audit: type=1326 audit(2000000095.420:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13302 comm="syz.2.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 459.751397][T13305] netlink: 'syz.2.1986': attribute type 29 has an invalid length. [ 459.856128][ T30] audit: type=1400 audit(2000000095.420:881): avc: denied { getattr } for pid=13302 comm="syz.2.1986" name="/" dev="dmabuf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 459.881125][ T30] audit: type=1326 audit(2000000095.420:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13302 comm="syz.2.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 460.078050][ T30] audit: type=1326 audit(2000000095.420:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13302 comm="syz.2.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f022a38ebe9 code=0x7ffc0000 [ 460.444984][T13318] overlayfs: failed to resolve './file0': -2 [ 460.552479][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 460.566258][T13322] sp0: Synchronizing with TNC [ 461.346157][T13331] netlink: 'syz.3.1994': attribute type 10 has an invalid length. [ 461.362683][T13331] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.379315][T13331] bond0: (slave team0): Enslaving as an active interface with an up link [ 462.030725][ T975] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 462.275107][ T975] usb 5-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 36, changing to 9 [ 462.307591][ T975] usb 5-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.451307][ T975] usb 5-1: config 0 interface 0 has no altsetting 0 [ 462.463409][ T975] usb 5-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 462.513144][ T975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.551136][ T975] usb 5-1: config 0 descriptor?? [ 462.866291][ T975] usbhid 5-1:0.0: can't add hid device: -71 [ 462.914829][ T975] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 462.965912][ T975] usb 5-1: USB disconnect, device number 39 [ 463.183726][T13369] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2004'. [ 465.643333][ T975] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 465.823344][ T975] usb 3-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 36, changing to 9 [ 465.835358][ T975] usb 3-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0 [ 465.848946][ T975] usb 3-1: config 0 interface 0 has no altsetting 0 [ 465.861034][ T975] usb 3-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 465.884010][ T975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.900078][ T975] usb 3-1: config 0 descriptor?? [ 466.450574][ T975] usbhid 3-1:0.0: can't add hid device: -71 [ 466.459056][ T975] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 466.469353][T13439] FAULT_INJECTION: forcing a failure. [ 466.469353][T13439] name failslab, interval 1, probability 0, space 0, times 0 [ 466.491022][ T975] usb 3-1: USB disconnect, device number 38 [ 466.497091][T13439] CPU: 1 UID: 0 PID: 13439 Comm: syz.3.2025 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 466.497122][T13439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 466.497132][T13439] Call Trace: [ 466.497137][T13439] [ 466.497142][T13439] dump_stack_lvl+0x16c/0x1f0 [ 466.497164][T13439] should_fail_ex+0x512/0x640 [ 466.497184][T13439] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 466.497209][T13439] should_failslab+0xc2/0x120 [ 466.497228][T13439] __kmalloc_noprof+0xd2/0x510 [ 466.497246][T13439] tomoyo_realpath_from_path+0xc2/0x6e0 [ 466.497271][T13439] ? tomoyo_profile+0x47/0x60 [ 466.497288][T13439] tomoyo_path_number_perm+0x245/0x580 [ 466.497309][T13439] ? tomoyo_path_number_perm+0x237/0x580 [ 466.497330][T13439] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 466.497354][T13439] ? ksys_write+0x190/0x250 [ 466.497374][T13439] ? rcu_is_watching+0x12/0xc0 [ 466.497394][T13439] ? __fget_files+0x204/0x3c0 [ 466.497409][T13439] ? hook_file_ioctl_common+0x145/0x410 [ 466.497425][T13439] ? lock_release+0x201/0x2f0 [ 466.497449][T13439] ? __fget_files+0x20e/0x3c0 [ 466.497466][T13439] security_file_ioctl+0x9b/0x240 [ 466.497489][T13439] __x64_sys_ioctl+0xb7/0x210 [ 466.497515][T13439] do_syscall_64+0xcd/0x4c0 [ 466.497534][T13439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.497551][T13439] RIP: 0033:0x7f5d4518ebe9 [ 466.497565][T13439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 466.497581][T13439] RSP: 002b:00007f5d45fdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 466.497598][T13439] RAX: ffffffffffffffda RBX: 00007f5d453b5fa0 RCX: 00007f5d4518ebe9 [ 466.497609][T13439] RDX: 0000200000000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 466.497619][T13439] RBP: 00007f5d45fdb090 R08: 0000000000000000 R09: 0000000000000000 [ 466.497628][T13439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 466.497636][T13439] R13: 00007f5d453b6038 R14: 00007f5d453b5fa0 R15: 00007ffd860204b8 [ 466.497652][T13439] [ 466.498133][T13439] ERROR: Out of memory at tomoyo_realpath_from_path. [ 466.677914][ T30] kauditd_printk_skb: 198 callbacks suppressed [ 466.677931][ T30] audit: type=1400 audit(2000000102.400:1082): avc: denied { nlmsg_read } for pid=13444 comm="syz.4.2026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 471.545029][T13558] FAULT_INJECTION: forcing a failure. [ 471.545029][T13558] name failslab, interval 1, probability 0, space 0, times 0 [ 471.571263][T13558] CPU: 1 UID: 0 PID: 13558 Comm: syz.3.2050 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 471.571290][T13558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 471.571301][T13558] Call Trace: [ 471.571306][T13558] [ 471.571312][T13558] dump_stack_lvl+0x16c/0x1f0 [ 471.571335][T13558] should_fail_ex+0x512/0x640 [ 471.571356][T13558] should_failslab+0xc2/0x120 [ 471.571375][T13558] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 471.571391][T13558] ? security_file_alloc+0x34/0x2b0 [ 471.571418][T13558] security_file_alloc+0x34/0x2b0 [ 471.571444][T13558] init_file+0x93/0x4c0 [ 471.571466][T13558] alloc_empty_file+0x73/0x1e0 [ 471.571489][T13558] alloc_file_pseudo+0x13a/0x230 [ 471.571513][T13558] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 471.571536][T13558] ? idr_preload_end+0xc2/0x230 [ 471.571560][T13558] __anon_inode_getfile+0xe8/0x280 [ 471.571610][T13558] bpf_link_prime+0x10f/0x290 [ 471.571633][T13558] bpf_raw_tp_link_attach+0x2ad/0x630 [ 471.571654][T13558] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 471.571678][T13558] ? lock_release+0x201/0x2f0 [ 471.571707][T13558] ? fput+0x9b/0xd0 [ 471.571726][T13558] ? __bpf_prog_get+0x97/0x2a0 [ 471.571742][T13558] __sys_bpf+0x23c2/0x4de0 [ 471.571763][T13558] ? lock_release+0x201/0x2f0 [ 471.571786][T13558] ? __pfx___sys_bpf+0x10/0x10 [ 471.571806][T13558] ? ksys_write+0x190/0x250 [ 471.571822][T13558] ? rcu_is_watching+0x12/0xc0 [ 471.571842][T13558] ? lock_release+0x201/0x2f0 [ 471.571865][T13558] ? __mutex_unlock_slowpath+0x163/0x800 [ 471.571888][T13558] ? fput+0x9b/0xd0 [ 471.571907][T13558] ? ksys_write+0x1ac/0x250 [ 471.571922][T13558] ? __pfx_ksys_write+0x10/0x10 [ 471.571941][T13558] __x64_sys_bpf+0x78/0xc0 [ 471.571962][T13558] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 471.571984][T13558] do_syscall_64+0xcd/0x4c0 [ 471.572004][T13558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.572021][T13558] RIP: 0033:0x7f5d4518ebe9 [ 471.572036][T13558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.572054][T13558] RSP: 002b:00007f5d45fdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 471.572072][T13558] RAX: ffffffffffffffda RBX: 00007f5d453b5fa0 RCX: 00007f5d4518ebe9 [ 471.572084][T13558] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000011 [ 471.572095][T13558] RBP: 00007f5d45fdb090 R08: 0000000000000000 R09: 0000000000000000 [ 471.572104][T13558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 471.572113][T13558] R13: 00007f5d453b6038 R14: 00007f5d453b5fa0 R15: 00007ffd860204b8 [ 471.572128][T13558] [ 471.855704][ T5170] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 472.598749][T13569] 9pnet_virtio: no channels available for device [ 472.699045][ T30] audit: type=1400 audit(2000000108.410:1083): avc: denied { mount } for pid=13573 comm="syz.4.2054" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 472.723177][ T30] audit: type=1400 audit(2000000108.410:1084): avc: denied { mounton } for pid=13573 comm="syz.4.2054" path="/421/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1 [ 472.756455][ T30] audit: type=1400 audit(2000000108.480:1085): avc: denied { unmount } for pid=5855 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 472.952560][T13577] netlink: 'syz.4.2055': attribute type 32 has an invalid length. [ 473.269180][ T840] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 473.725796][ T840] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 473.877869][ T840] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 473.898446][ T840] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 473.911061][ T840] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 473.922432][ T840] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 473.934765][ T840] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 473.943985][ T840] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 473.952051][ T840] usb 5-1: Product: syz [ 473.958697][ T840] usb 5-1: Manufacturer: syz [ 473.979532][ T840] cdc_wdm 5-1:1.0: skipping garbage [ 473.986358][ T840] cdc_wdm 5-1:1.0: skipping garbage [ 473.995204][ T840] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 474.006315][ T840] cdc_wdm 5-1:1.0: Unknown control protocol [ 474.197942][ T30] audit: type=1400 audit(2000000109.920:1086): avc: denied { read write } for pid=13581 comm="syz.4.2057" name="cdc-wdm0" dev="devtmpfs" ino=3487 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 474.228313][ T30] audit: type=1400 audit(2000000109.920:1087): avc: denied { open } for pid=13581 comm="syz.4.2057" path="/dev/cdc-wdm0" dev="devtmpfs" ino=3487 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 474.254600][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 474.261215][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 474.267435][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 474.274018][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 474.280318][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 474.286902][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 474.293118][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 474.299693][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 474.305905][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 474.312487][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 474.318698][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 474.325268][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 474.331531][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 474.338134][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 474.344340][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 474.350919][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 474.357135][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 474.363708][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 474.369974][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 474.376564][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 474.383014][ T840] usb 5-1: USB disconnect, device number 40 [ 474.388906][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 474.692645][T13598] Option 'Ó¾,0A–˜' to dns_resolver key: bad/missing value [ 475.892060][T13631] netlink: 'syz.3.2076': attribute type 16 has an invalid length. [ 475.995113][T13641] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2081'. [ 476.011880][ T975] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 476.036205][ T30] audit: type=1400 audit(2000000111.760:1088): avc: denied { ioctl } for pid=13642 comm="syz.4.2082" path="socket:[43671]" dev="sockfs" ino=43671 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 476.135606][T13649] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2085'. [ 476.183829][ T975] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 476.193128][ T975] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.201183][ T975] usb 2-1: Product: syz [ 476.205448][ T975] usb 2-1: Manufacturer: syz [ 476.210119][ T975] usb 2-1: SerialNumber: syz [ 476.220546][ T975] usb 2-1: config 0 descriptor?? [ 476.250450][T13653] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 476.257911][T13653] comedi comedi3: 8255: I/O port conflict (0x10000,4) [ 476.428517][ T975] usb 2-1: ignoring: probably an ADSL modem [ 476.610865][ T840] usb 4-1: new low-speed USB device number 38 using dummy_hcd [ 476.761922][ T840] usb 4-1: config 0 has an invalid interface number: 3 but max is 0 [ 476.770047][ T840] usb 4-1: config 0 has no interface number 0 [ 476.776586][ T840] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0x6 has invalid maxpacket 64, setting to 8 [ 476.787242][ T840] usb 4-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 476.796710][ T840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.806109][ T840] usb 4-1: config 0 descriptor?? [ 476.811654][T13665] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 476.820445][ T840] hub 4-1:0.3: bad descriptor, ignoring hub [ 476.826500][ T840] hub 4-1:0.3: probe with driver hub failed with error -5 [ 476.834283][ T975] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 476.834555][ T840] sierra 4-1:0.3: Sierra USB modem converter detected [ 477.023257][ T840] usb 4-1: Sierra USB modem converter now attached to ttyUSB0 [ 477.037448][ T9] usb 2-1: USB disconnect, device number 45 [ 477.052412][ T840] usb 4-1: USB disconnect, device number 38 [ 477.059370][ T840] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 477.068670][ T840] sierra 4-1:0.3: device disconnected [ 477.343412][T13682] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 477.352303][T13682] bridge1: entered promiscuous mode [ 477.357494][T13682] bridge1: entered allmulticast mode [ 477.430811][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 477.521320][T13694] netlink: 802 bytes leftover after parsing attributes in process `syz.2.2108'. [ 477.591781][ T30] audit: type=1400 audit(2000000113.310:1089): avc: denied { connect } for pid=13697 comm="syz.4.2109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 477.759047][T13718] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2118'. [ 477.836614][T13723] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 477.920706][ T840] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 478.035067][T13739] sctp: [Deprecated]: syz.4.2127 (pid 13739) Use of int in max_burst socket option deprecated. [ 478.035067][T13739] Use struct sctp_assoc_value instead [ 478.136339][ T840] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 478.146621][ T840] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 478.156157][ T840] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.165794][ T840] usb 3-1: config 0 descriptor?? [ 478.172587][ T840] pwc: Askey VC010 type 2 USB webcam detected. [ 478.181031][ T975] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 478.330706][ T975] usb 2-1: Using ep0 maxpacket: 32 [ 478.337100][ T975] usb 2-1: config index 0 descriptor too short (expected 49444, got 36) [ 478.345787][ T975] usb 2-1: config 12 has too many interfaces: 127, using maximum allowed: 32 [ 478.354669][ T975] usb 2-1: config 12 contains an unexpected descriptor of type 0x2, skipping [ 478.363612][ T975] usb 2-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config [ 478.373842][ T975] usb 2-1: config 12 has 0 interfaces, different from the descriptor's value: 127 [ 478.384627][ T975] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 478.393764][ T975] usb 2-1: New USB device strings: Mfr=1, Product=32, SerialNumber=3 [ 478.402105][ T975] usb 2-1: Product: syz [ 478.406261][ T975] usb 2-1: Manufacturer: syz [ 478.410875][ T975] usb 2-1: SerialNumber: syz [ 478.574452][ T840] pwc: recv_control_msg error -32 req 02 val 2b00 [ 478.581470][ T840] pwc: recv_control_msg error -32 req 02 val 2700 [ 478.588397][ T840] pwc: recv_control_msg error -32 req 02 val 2c00 [ 478.595410][ T840] pwc: recv_control_msg error -32 req 04 val 1000 [ 478.602437][ T840] pwc: recv_control_msg error -32 req 04 val 1300 [ 478.609401][ T840] pwc: recv_control_msg error -32 req 04 val 1400 [ 478.622094][ T975] usb 2-1: USB disconnect, device number 46 [ 478.817167][ T840] pwc: recv_control_msg error -71 req 02 val 2100 [ 478.824108][ T840] pwc: recv_control_msg error -71 req 04 val 1500 [ 478.830798][ T840] pwc: recv_control_msg error -71 req 02 val 2500 [ 478.837770][ T840] pwc: recv_control_msg error -71 req 02 val 2400 [ 478.844631][ T840] pwc: recv_control_msg error -71 req 02 val 2600 [ 478.851530][ T840] pwc: recv_control_msg error -71 req 02 val 2900 [ 478.858157][ T840] pwc: recv_control_msg error -71 req 02 val 2800 [ 478.865108][ T840] pwc: recv_control_msg error -71 req 04 val 1100 [ 478.872052][ T840] pwc: recv_control_msg error -71 req 04 val 1200 [ 478.879288][ T840] pwc: Registered as video103. [ 478.891934][ T840] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input47 [ 478.905206][ T840] usb 3-1: USB disconnect, device number 39 [ 478.997237][ T30] audit: type=1326 audit(2000000114.720:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13741 comm="syz.0.2129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9118ebe9 code=0x7fc00000 [ 479.445650][T13788] netlink: 'syz.3.2150': attribute type 10 has an invalid length. [ 479.454754][ T30] audit: type=1400 audit(2000000115.180:1091): avc: denied { write } for pid=13789 comm="syz.2.2151" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 479.457219][T13788] team0: Port device dummy0 added [ 479.477819][ C0] vkms_vblank_simulate: vblank timer overrun [ 479.515790][T13788] netlink: 'syz.3.2150': attribute type 10 has an invalid length. [ 479.527712][T13788] team0: Port device dummy0 removed [ 479.535333][T13788] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 479.680760][ T975] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 479.788267][T13810] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 479.842489][ T975] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 479.858274][ T975] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 479.877733][ T975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.902061][ T975] usb 5-1: config 0 descriptor?? [ 479.908799][ T975] pwc: Askey VC010 type 2 USB webcam detected. [ 480.221382][T13830] loop7: detected capacity change from 0 to 6 [ 480.241668][T13830] loop7: [POWERTEC] p1 p2 p3 [ 480.250776][T13830] loop7: p1 start 1680801792 is beyond EOD, truncated [ 480.257703][T13830] loop7: p2 start 2099712 is beyond EOD, truncated [ 480.266266][T13830] loop7: p3 start 48 is beyond EOD, truncated [ 480.334053][ T975] pwc: recv_control_msg error -32 req 02 val 2b00 [ 480.351322][ T975] pwc: recv_control_msg error -32 req 02 val 2700 [ 480.358486][ T975] pwc: recv_control_msg error -32 req 02 val 2c00 [ 480.365722][ T975] pwc: recv_control_msg error -71 req 04 val 1000 [ 480.374657][ T975] pwc: recv_control_msg error -71 req 04 val 1300 [ 480.381587][ T975] pwc: recv_control_msg error -71 req 04 val 1400 [ 480.388282][ T975] pwc: recv_control_msg error -71 req 02 val 2000 [ 480.395413][ T975] pwc: recv_control_msg error -71 req 02 val 2100 [ 480.402441][ T975] pwc: recv_control_msg error -71 req 04 val 1500 [ 480.409129][ T975] pwc: recv_control_msg error -71 req 02 val 2500 [ 480.415932][ T975] pwc: recv_control_msg error -71 req 02 val 2400 [ 480.422645][ T975] pwc: recv_control_msg error -71 req 02 val 2600 [ 480.429320][ T975] pwc: recv_control_msg error -71 req 02 val 2900 [ 480.436057][ T975] pwc: recv_control_msg error -71 req 02 val 2800 [ 480.442947][ T975] pwc: recv_control_msg error -71 req 04 val 1100 [ 480.449636][ T975] pwc: recv_control_msg error -71 req 04 val 1200 [ 480.457190][ T975] pwc: Registered as video103. [ 480.472867][ T975] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input48 [ 480.496770][ T975] usb 5-1: USB disconnect, device number 41 [ 480.550780][ T840] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 480.560777][ T9] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 480.700781][ T840] usb 2-1: Using ep0 maxpacket: 16 [ 480.709066][ T840] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 480.718654][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 480.724240][ T840] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.733123][ T840] usb 2-1: Product: syz [ 480.737613][ T840] usb 2-1: Manufacturer: syz [ 480.742836][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 480.752148][ T840] usb 2-1: SerialNumber: syz [ 480.757389][ T9] usb 4-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config [ 480.770172][ T9] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 480.783799][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.792584][ T840] r8152-cfgselector 2-1: Unknown version 0x0000 [ 480.798861][ T840] r8152-cfgselector 2-1: config 0 descriptor?? [ 480.805387][ T9] usb 4-1: Product: syz [ 480.809595][ T9] usb 4-1: Manufacturer: syz [ 480.816224][ T9] usb 4-1: SerialNumber: syz [ 480.960383][ T30] audit: type=1400 audit(2000000116.680:1092): avc: denied { module_request } for pid=13853 comm="syz.4.2180" kmod="tcp-ulp-(" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 481.035792][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 481.047599][ T840] r8152-cfgselector 2-1: Needed 1 retries to read version [ 481.059282][ T840] r8152-cfgselector 2-1: Unknown version 0x0080 [ 481.072925][ T9] snd-usb-audio 4-1:12.0: probe with driver snd-usb-audio failed with error -2 [ 481.082964][ T840] r8152-cfgselector 2-1: bad CDC descriptors [ 481.098595][ T9] usb 4-1: USB disconnect, device number 39 [ 481.121029][T10749] udevd[10749]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:12.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 481.214230][T13864] syz_tun: entered allmulticast mode [ 481.220783][T13863] syz_tun: left allmulticast mode [ 481.287566][ T840] r8152-cfgselector 2-1: USB disconnect, device number 47 [ 481.300865][ T975] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 481.460768][ T975] usb 3-1: Using ep0 maxpacket: 8 [ 481.469123][ T975] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 481.478774][ T975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.486826][ T975] usb 3-1: Product: syz [ 481.491270][ T975] usb 3-1: Manufacturer: syz [ 481.495871][ T975] usb 3-1: SerialNumber: syz [ 481.502470][ T975] usb 3-1: config 0 descriptor?? [ 481.598531][T13882] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13882 comm=syz.3.2192 [ 481.711806][ T975] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 481.824984][T13894] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2196'. [ 481.840292][T13894] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2196'. [ 481.883164][ T30] audit: type=1400 audit(2000000117.610:1093): avc: denied { getopt } for pid=13897 comm="syz.3.2199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 482.188780][ T30] audit: type=1400 audit(2000000117.910:1094): avc: denied { getopt } for pid=13916 comm="syz.0.2207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 482.380697][ T840] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 482.533295][ T840] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 482.542488][ T840] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.550466][ T840] usb 2-1: Product: syz [ 482.554724][ T840] usb 2-1: Manufacturer: syz [ 482.559332][ T840] usb 2-1: SerialNumber: syz [ 482.566787][ T840] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 482.603736][ T9] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 482.696343][T13930] netlink: 'syz.4.2213': attribute type 1 has an invalid length. [ 482.831515][T13938] lo speed is unknown, defaulting to 1000 [ 482.840923][T13938] lo speed is unknown, defaulting to 1000 [ 482.847178][T13938] lo speed is unknown, defaulting to 1000 [ 482.857521][T13938] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 482.868565][T13938] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 482.892123][T13938] lo speed is unknown, defaulting to 1000 [ 482.904804][T13938] lo speed is unknown, defaulting to 1000 [ 482.905943][T13946] program syz.4.2219 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 482.911854][T13938] lo speed is unknown, defaulting to 1000 [ 482.927517][T13938] lo speed is unknown, defaulting to 1000 [ 482.934390][T13938] lo speed is unknown, defaulting to 1000 [ 483.188472][T13959] syzkaller1: entered promiscuous mode [ 483.194135][T13959] syzkaller1: entered allmulticast mode [ 483.221110][ T5894] usb 2-1: USB disconnect, device number 48 [ 483.370694][T13226] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 483.521981][T13226] usb 4-1: config 0 interface 0 has no altsetting 0 [ 483.528618][T13226] usb 4-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00 [ 483.538129][T13226] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.541370][ T5910] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 483.547401][T13226] usb 4-1: config 0 descriptor?? [ 483.555394][ T975] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 483.573434][ T975] usb 3-1: USB disconnect, device number 40 [ 483.670801][ T9] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 483.677834][ T9] ath9k_htc: Failed to initialize the device [ 483.684378][ T5894] usb 2-1: ath9k_htc: USB layer deinitialized [ 483.720771][ T5910] usb 5-1: Using ep0 maxpacket: 32 [ 483.731540][ T5910] usb 5-1: New USB device found, idVendor=0403, idProduct=bca2, bcdDevice=bf.71 [ 483.746001][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=27 [ 483.754615][ T5910] usb 5-1: SerialNumber: syz [ 483.761241][ T5910] usb 5-1: config 0 descriptor?? [ 483.771100][ T5910] ftdi_sio 5-1:0.0: Ignoring interface reserved for JTAG [ 483.970303][T13955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 483.978946][T13955] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 483.979324][ T5894] usb 5-1: USB disconnect, device number 42 [ 483.995515][T13226] aquacomputer_d5next 0003:0C70:F003.001C: unbalanced collection at end of report description [ 484.007965][T13226] aquacomputer_d5next 0003:0C70:F003.001C: probe with driver aquacomputer_d5next failed with error -22 [ 484.198398][ T30] audit: type=1326 audit(2000000119.920:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13954 comm="syz.3.2223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d4518ebe9 code=0x7ffc0000 [ 484.199545][ T5894] usb 4-1: USB disconnect, device number 40 [ 484.223209][ T30] audit: type=1326 audit(2000000119.920:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13954 comm="syz.3.2223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d4518ebe9 code=0x7ffc0000 [ 484.251657][ T30] audit: type=1326 audit(2000000119.920:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13954 comm="syz.3.2223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f5d4518ebe9 code=0x7ffc0000 [ 484.275111][ T30] audit: type=1326 audit(2000000119.920:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13954 comm="syz.3.2223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d4518ebe9 code=0x7ffc0000 [ 484.298919][ T30] audit: type=1326 audit(2000000119.920:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13954 comm="syz.3.2223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d4518ebe9 code=0x7ffc0000 [ 484.322413][ C0] vkms_vblank_simulate: vblank timer overrun [ 484.328813][ T30] audit: type=1326 audit(2000000119.990:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13954 comm="syz.3.2223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d4518ebe9 code=0x7ffc0000 [ 484.353127][ T5910] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 484.521116][ T5910] usb 3-1: Using ep0 maxpacket: 8 [ 484.534689][ T5910] usb 3-1: unable to get BOS descriptor or descriptor too short [ 484.547880][ T5910] usb 3-1: config 4 interface 0 has no altsetting 0 [ 484.559599][ T5910] usb 3-1: string descriptor 0 read error: -22 [ 484.566244][ T5910] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 484.575322][ T5910] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 484.590857][ T5910] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 484.599618][ T5910] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 484.610055][ T5910] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 484.617211][ T5910] usb 3-1: media controller created [ 484.626777][ T5910] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 484.708246][ T975] IPVS: starting estimator thread 0... [ 484.793329][ T5894] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 484.800255][ T5910] zl10353_read_register: readreg error (reg=127, ret==0) [ 484.809009][T13982] IPVS: using max 69 ests per chain, 165600 per kthread [ 484.838221][ T5910] usb 3-1: USB disconnect, device number 41 [ 484.865469][T13992] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2240'. [ 484.988259][ T5894] usb 5-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05 [ 485.005994][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.024226][ T5894] usb 5-1: Product: syz [ 485.030856][ T5894] usb 5-1: Manufacturer: syz [ 485.035608][ T5894] usb 5-1: SerialNumber: syz [ 485.049069][ T5894] usb 5-1: config 0 descriptor?? [ 485.056754][ T5894] go7007 5-1:0.0: probe with driver go7007 failed with error -12 [ 485.108143][T14010] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2248'. [ 485.118303][T14010] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2248'. [ 485.128584][T14010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2248'. [ 485.269005][ T5910] usb 5-1: USB disconnect, device number 43 [ 485.418344][T14030] ucma_write: process 1454 (syz.0.2256) changed security contexts after opening file descriptor, this is not allowed. [ 485.430723][ T30] audit: type=1400 audit(2000000121.150:1101): avc: denied { bind } for pid=14031 comm="syz.2.2257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 485.730827][ T5910] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 485.857403][ T30] audit: type=1400 audit(2000000121.580:1102): avc: denied { create } for pid=14080 comm="syz.3.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 485.881495][ T30] audit: type=1400 audit(2000000121.610:1103): avc: denied { ioctl } for pid=14080 comm="syz.3.2279" path="socket:[46705]" dev="sockfs" ino=46705 ioctlcmd=0x89ec scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 485.906212][ C0] vkms_vblank_simulate: vblank timer overrun [ 485.910871][ T5910] usb 2-1: Using ep0 maxpacket: 8 [ 485.939008][ T5910] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 485.958332][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.978522][ T5910] usb 2-1: Product: syz [ 485.981238][T14091] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 485.988654][ T5910] usb 2-1: Manufacturer: syz [ 485.995719][T14091] VFS: Can't find a romfs filesystem on dev nullb0. [ 485.995719][T14091] [ 485.997299][ T5910] usb 2-1: SerialNumber: syz [ 486.033418][ T5910] usb 2-1: config 0 descriptor?? [ 486.065478][ T30] audit: type=1400 audit(2000000121.790:1104): avc: denied { setopt } for pid=14096 comm="syz.3.2286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 486.172257][T14103] Bluetooth: MGMT ver 1.23 [ 486.242125][ T5910] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 486.420893][ T5894] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 486.570711][ T5894] usb 5-1: Using ep0 maxpacket: 16 [ 486.577075][ T5894] usb 5-1: config 0 has no interfaces? [ 486.583725][ T5894] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 486.592934][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 486.601960][ T5894] usb 5-1: config 0 descriptor?? [ 486.810947][T13226] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 486.839289][ T975] usb 5-1: USB disconnect, device number 44 [ 486.960791][T13226] usb 3-1: Using ep0 maxpacket: 8 [ 486.969283][T13226] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 486.978027][T13226] usb 3-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 486.988644][T13226] usb 3-1: config 179 has no interface number 0 [ 486.995166][T13226] usb 3-1: config 179 interface 65 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 23 [ 487.009726][T13226] usb 3-1: config 179 interface 65 has no altsetting 0 [ 487.016821][T13226] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 487.026180][T13226] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.250289][T13226] usb 3-1: USB disconnect, device number 42 [ 488.209442][T14162] loop7: detected capacity change from 0 to 6 [ 488.216768][T14162] Dev loop7: unable to read RDB block 6 [ 488.222604][T14162] loop7: unable to read partition table [ 488.228466][T14162] loop7: partition table beyond EOD, truncated [ 488.235269][T14162] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5) [ 488.267187][ T5910] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 488.279252][ T5910] usb 2-1: USB disconnect, device number 49 [ 488.281284][ T5894] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 488.441862][ T5894] usb 3-1: Using ep0 maxpacket: 16 [ 488.448182][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 488.458514][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 488.469565][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 488.481137][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 488.490940][ T5894] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 488.503850][T13226] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 488.512432][ T5894] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 488.521628][ T5894] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 488.529629][ T5894] usb 3-1: Manufacturer: syz [ 488.535651][ T5894] usb 3-1: config 0 descriptor?? [ 488.660710][T13226] usb 4-1: Using ep0 maxpacket: 32 [ 488.665944][ T9] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 488.674853][T13226] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 488.684805][T13226] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 488.697625][T13226] usb 4-1: config 0 interface 0 has no altsetting 0 [ 488.704267][T13226] usb 4-1: New USB device found, idVendor=04d9, idProduct=a0c2, bcdDevice= 0.00 [ 488.713407][T13226] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.722315][T13226] usb 4-1: config 0 descriptor?? [ 488.781805][ T5894] rc_core: IR keymap rc-hauppauge not found [ 488.787830][ T5894] Registered IR keymap rc-empty [ 488.792961][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 488.812975][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 488.822728][ T9] usb 5-1: config index 0 descriptor too short (expected 11561, got 41) [ 488.824459][T14173] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (247) [ 488.832340][ T5894] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 488.853421][ T9] usb 5-1: config 30 has too many interfaces: 167, using maximum allowed: 32 [ 488.866954][ T9] usb 5-1: config 30 has an invalid descriptor of length 185, skipping remainder of the config [ 488.879287][ T5894] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input49 [ 488.891990][ T9] usb 5-1: config 30 has 0 interfaces, different from the descriptor's value: 167 [ 488.908034][ T9] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c [ 488.919433][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 488.927870][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.940458][ T9] usb 5-1: Product: syz [ 488.946802][ T9] usb 5-1: Manufacturer: syz [ 488.952207][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 488.959471][ T9] usb 5-1: SerialNumber: syz [ 488.971043][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 489.001945][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 489.022122][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 489.041960][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 489.061837][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 489.092386][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 489.111284][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 489.131469][ T5894] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 489.150434][T13226] holtek_mouse 0003:04D9:A0C2.001D: unknown main item tag 0x0 [ 489.159909][ T5894] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 489.179000][T13226] holtek_mouse 0003:04D9:A0C2.001D: unknown main item tag 0x0 [ 489.192208][ T9] usb 5-1: USB disconnect, device number 45 [ 489.198338][ T5894] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 489.208054][T13226] holtek_mouse 0003:04D9:A0C2.001D: unknown main item tag 0x0 [ 489.218609][T13226] holtek_mouse 0003:04D9:A0C2.001D: unknown main item tag 0x0 [ 489.228292][ T5894] usb 3-1: USB disconnect, device number 43 [ 489.234333][T13226] holtek_mouse 0003:04D9:A0C2.001D: unknown main item tag 0x0 [ 489.243665][T13226] holtek_mouse 0003:04D9:A0C2.001D: unknown main item tag 0x0 [ 489.252244][T13226] holtek_mouse 0003:04D9:A0C2.001D: unknown main item tag 0x0 [ 489.271993][T13226] holtek_mouse 0003:04D9:A0C2.001D: hidraw0: USB HID v0.00 Device [HID 04d9:a0c2] on usb-dummy_hcd.3-1/input0 [ 489.384512][ T9] usb 4-1: USB disconnect, device number 41 [ 489.680729][T13226] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 489.832760][T13226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.843834][T13226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.853713][T13226] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 489.866943][T13226] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 489.877163][T13226] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.888879][T13226] usb 2-1: config 0 descriptor?? [ 489.927497][T14217] ------------[ cut here ]------------ [ 489.933153][T14217] WARNING: CPU: 0 PID: 14217 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 489.944042][T14217] Modules linked in: [ 489.947932][T14217] CPU: 0 UID: 0 PID: 14217 Comm: syz.3.2334 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 489.960244][T14217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 489.970609][T14217] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0 [ 489.977844][T14217] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 cf 7e 81 09 83 fe 0a 0f 86 0a fe ff ff 80 3d 3d 97 7e 0e 00 75 0b c6 05 34 97 7e 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8 [ 489.997920][T14217] RSP: 0018:ffffc9001065f7f0 EFLAGS: 00010246 [ 490.004406][T14217] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 490.012436][T14217] RDX: 0000000000000000 RSI: 000000000000002a RDI: 0000000000040d40 [ 490.020413][T14217] RBP: 000000000000002a R08: 0000000000000005 R09: 0000000000000009 [ 490.028567][T14217] R10: 000000000000002a R11: ffffffff8b9310cd R12: 0000000000040d40 [ 490.036623][T14217] R13: 1ffff920020cbf13 R14: ffffffff9ae78a24 R15: 000000000000002a [ 490.040772][ T5910] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 490.044678][T14217] FS: 00007f5d45fdb6c0(0000) GS:ffff8881246bc000(0000) knlGS:0000000000000000 [ 490.061282][T14217] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 490.067886][T14217] CR2: 0000200000001000 CR3: 000000002c3da000 CR4: 00000000003526f0 [ 490.076107][T14217] Call Trace: [ 490.079408][T14217] [ 490.082397][T14217] ? do_syscall_64+0xcd/0x4c0 [ 490.087092][T14217] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.093250][T14217] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 490.099589][T14217] ? rcu_is_watching+0x12/0xc0 [ 490.104414][T14217] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 490.110460][T14217] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 490.116388][T14217] ? policy_nodemask+0xea/0x4e0 [ 490.121290][T14217] alloc_pages_mpol+0x1fb/0x550 [ 490.126188][T14217] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 490.131587][T14217] ? v9fs_fid_get_acl+0x7a/0x120 [ 490.136526][T14217] ___kmalloc_large_node+0xed/0x160 [ 490.141834][T14217] ? v9fs_fid_get_acl+0x7a/0x120 [ 490.146780][T14217] __kmalloc_large_node_noprof+0x1c/0x70 [ 490.152519][T14217] __kmalloc_noprof.cold+0xc/0x61 [ 490.157559][T14217] ? __pfx_iget5_locked+0x10/0x10 [ 490.162615][T14217] ? v9fs_cache_inode_get_cookie+0x28f/0x3a0 [ 490.168593][T14217] ? p9_req_put+0x1c6/0x250 [ 490.173150][T14217] v9fs_fid_get_acl+0x7a/0x120 [ 490.177924][T14217] v9fs_get_acl+0xee/0x530 [ 490.182380][T14217] v9fs_inode_from_fid_dotl+0x264/0x2f0 [ 490.187923][T14217] v9fs_mount+0x4fd/0xa90 [ 490.192322][T14217] ? __pfx_v9fs_mount+0x10/0x10 [ 490.197175][T14217] ? cap_capable+0xb3/0x250 [ 490.201690][T14217] ? __pfx_v9fs_mount+0x10/0x10 [ 490.206548][T14217] legacy_get_tree+0x10c/0x220 [ 490.211394][T14217] vfs_get_tree+0x8b/0x340 [ 490.215822][T14217] path_mount+0x1482/0x1fd0 [ 490.220311][T14217] ? __pfx_path_mount+0x10/0x10 [ 490.225193][T14217] ? kmem_cache_free+0x2d1/0x4d0 [ 490.230120][T14217] ? putname+0x154/0x1a0 [ 490.230720][ T5910] usb 3-1: Using ep0 maxpacket: 16 [ 490.234414][T14217] ? putname+0x154/0x1a0 [ 490.243648][ T5910] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 490.243794][T14217] ? __x64_sys_mount+0x28d/0x310 [ 490.257732][T14217] __x64_sys_mount+0x28d/0x310 [ 490.258483][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.262570][T14217] ? __pfx___x64_sys_mount+0x10/0x10 [ 490.275944][T14217] ? fd_install+0x244/0x750 [ 490.275996][ T5910] usb 3-1: Product: syz [ 490.280456][T14217] do_syscall_64+0xcd/0x4c0 [ 490.280490][T14217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.286047][ T5910] usb 3-1: Manufacturer: syz [ 490.289157][T14217] RIP: 0033:0x7f5d4518ebe9 [ 490.295417][ T5910] usb 3-1: SerialNumber: syz [ 490.299647][T14217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.299670][T14217] RSP: 002b:00007f5d45fdb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 490.299689][T14217] RAX: ffffffffffffffda RBX: 00007f5d453b5fa0 RCX: 00007f5d4518ebe9 [ 490.326963][ T5910] r8152-cfgselector 3-1: Unknown version 0x0000 [ 490.328424][T14217] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000 [ 490.339830][ T5910] r8152-cfgselector 3-1: config 0 descriptor?? [ 490.344777][T14217] RBP: 00007f5d45211e19 R08: 0000200000000500 R09: 0000000000000000 [ 490.373234][T14217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 490.381269][T14217] R13: 00007f5d453b6038 R14: 00007f5d453b5fa0 R15: 00007ffd860204b8 [ 490.389264][T14217] [ 490.392316][T14217] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 490.399594][T14217] CPU: 0 UID: 0 PID: 14217 Comm: syz.3.2334 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(full) [ 490.411660][T14217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 490.421698][T14217] Call Trace: [ 490.424957][T14217] [ 490.427868][T14217] dump_stack_lvl+0x3d/0x1f0 [ 490.432443][T14217] vpanic+0x6e8/0x7a0 [ 490.436412][T14217] ? __pfx_vpanic+0x10/0x10 [ 490.440903][T14217] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 490.446949][T14217] panic+0xca/0xd0 [ 490.450664][T14217] ? __pfx_panic+0x10/0x10 [ 490.455077][T14217] check_panic_on_warn+0xab/0xb0 [ 490.459994][T14217] __warn+0xf6/0x3c0 [ 490.463863][T14217] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 490.469909][T14217] report_bug+0x3c3/0x580 [ 490.474228][T14217] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 490.480274][T14217] handle_bug+0x184/0x210 [ 490.484587][T14217] exc_invalid_op+0x17/0x50 [ 490.489071][T14217] asm_exc_invalid_op+0x1a/0x20 [ 490.493901][T14217] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0 [ 490.500578][T14217] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 cf 7e 81 09 83 fe 0a 0f 86 0a fe ff ff 80 3d 3d 97 7e 0e 00 75 0b c6 05 34 97 7e 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8 [ 490.520171][T14217] RSP: 0018:ffffc9001065f7f0 EFLAGS: 00010246 [ 490.526219][T14217] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 490.534170][T14217] RDX: 0000000000000000 RSI: 000000000000002a RDI: 0000000000040d40 [ 490.542117][T14217] RBP: 000000000000002a R08: 0000000000000005 R09: 0000000000000009 [ 490.550067][T14217] R10: 000000000000002a R11: ffffffff8b9310cd R12: 0000000000040d40 [ 490.558016][T14217] R13: 1ffff920020cbf13 R14: ffffffff9ae78a24 R15: 000000000000002a [ 490.565968][T14217] ? do_syscall_64+0xcd/0x4c0 [ 490.570642][T14217] ? do_syscall_64+0xcd/0x4c0 [ 490.575299][T14217] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.581349][T14217] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 490.587665][T14217] ? rcu_is_watching+0x12/0xc0 [ 490.592413][T14217] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 490.598400][T14217] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 490.604272][T14217] ? policy_nodemask+0xea/0x4e0 [ 490.609106][T14217] alloc_pages_mpol+0x1fb/0x550 [ 490.613940][T14217] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 490.619295][T14217] ? v9fs_fid_get_acl+0x7a/0x120 [ 490.624221][T14217] ___kmalloc_large_node+0xed/0x160 [ 490.629408][T14217] ? v9fs_fid_get_acl+0x7a/0x120 [ 490.634337][T14217] __kmalloc_large_node_noprof+0x1c/0x70 [ 490.639959][T14217] __kmalloc_noprof.cold+0xc/0x61 [ 490.644970][T14217] ? __pfx_iget5_locked+0x10/0x10 [ 490.649979][T14217] ? v9fs_cache_inode_get_cookie+0x28f/0x3a0 [ 490.655956][T14217] ? p9_req_put+0x1c6/0x250 [ 490.660439][T14217] v9fs_fid_get_acl+0x7a/0x120 [ 490.665209][T14217] v9fs_get_acl+0xee/0x530 [ 490.669641][T14217] v9fs_inode_from_fid_dotl+0x264/0x2f0 [ 490.675179][T14217] v9fs_mount+0x4fd/0xa90 [ 490.679494][T14217] ? __pfx_v9fs_mount+0x10/0x10 [ 490.684326][T14217] ? cap_capable+0xb3/0x250 [ 490.688824][T14217] ? __pfx_v9fs_mount+0x10/0x10 [ 490.693658][T14217] legacy_get_tree+0x10c/0x220 [ 490.698498][T14217] vfs_get_tree+0x8b/0x340 [ 490.702912][T14217] path_mount+0x1482/0x1fd0 [ 490.707407][T14217] ? __pfx_path_mount+0x10/0x10 [ 490.712243][T14217] ? kmem_cache_free+0x2d1/0x4d0 [ 490.717197][T14217] ? putname+0x154/0x1a0 [ 490.721425][T14217] ? putname+0x154/0x1a0 [ 490.725670][T14217] ? __x64_sys_mount+0x28d/0x310 [ 490.730592][T14217] __x64_sys_mount+0x28d/0x310 [ 490.735342][T14217] ? __pfx___x64_sys_mount+0x10/0x10 [ 490.740640][T14217] ? fd_install+0x244/0x750 [ 490.745131][T14217] do_syscall_64+0xcd/0x4c0 [ 490.749620][T14217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.755496][T14217] RIP: 0033:0x7f5d4518ebe9 [ 490.759895][T14217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.779500][T14217] RSP: 002b:00007f5d45fdb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 490.787923][T14217] RAX: ffffffffffffffda RBX: 00007f5d453b5fa0 RCX: 00007f5d4518ebe9 [ 490.795901][T14217] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000 [ 490.803872][T14217] RBP: 00007f5d45211e19 R08: 0000200000000500 R09: 0000000000000000 [ 490.811827][T14217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 490.819790][T14217] R13: 00007f5d453b6038 R14: 00007f5d453b5fa0 R15: 00007ffd860204b8 [ 490.827764][T14217] [ 490.830978][T14217] Kernel Offset: disabled [ 490.835309][T14217] Rebooting in 86400 seconds..