last executing test programs: 5.254711451s ago: executing program 2 (id=2266): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) syz_usb_disconnect(r1) close_range(r0, 0xffffffffffffffff, 0x0) 5.015940993s ago: executing program 3 (id=2271): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x7ff, 0x1}, 0xe) 4.91940746s ago: executing program 3 (id=2273): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0xc000003, 0xf, &(0x7f0000000180)=[0x138a, 0x9, 0xf909, 0x899d, 0x80, 0x98a, 0x7, 0x1010, 0xfffffe01, 0x1, 0x4, 0x2, 0x6, 0x4, 0x0], 0x1, 0x4000007}) 4.865631504s ago: executing program 3 (id=2276): syz_usb_connect(0x3, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0x89, 0xd6, 0x9b, 0x10, 0x1189, 0x893, 0xe232, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x9, 0x40, 0xff, [{{0x9, 0x4, 0x76, 0xb, 0x0, 0x37, 0x29, 0x82, 0xd}}]}}]}}, 0xfffffffffffffffe) 4.740963117s ago: executing program 0 (id=2278): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000080), 0x12) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) r3 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_int(r3, &(0x7f0000000040), 0x1) 4.150377454s ago: executing program 1 (id=2279): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000002200)={&(0x7f0000002140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000021c0)={&(0x7f0000002180)={0x30, 0x1410, 0x1, 0x70bd27, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x60008080) 4.150184548s ago: executing program 2 (id=2280): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) shutdown(r4, 0x0) recvmmsg(r4, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000004a00)=[{&(0x7f0000001a00)=""/4099, 0x1003}], 0x1}}], 0x1003, 0x10122, 0x0) 4.144596082s ago: executing program 0 (id=2287): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f0000000040)={0x1, 0x1, @raw_data=[0x6, 0xffffffff, 0x100a, 0x100, 0x0, 0x0, 0x0, 0x7, 0xfffffffe, 0x0, 0x1, 0x0, 0x200000, 0x10000, 0x676d]}) 2.488349773s ago: executing program 2 (id=2281): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ftruncate(r0, 0x4) 2.465189886s ago: executing program 0 (id=2282): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x4, 0xca}, 0x9c) 2.464302535s ago: executing program 1 (id=2283): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r3, 0xc01064bd, &(0x7f0000000280)={&(0x7f00000008c0), 0xffa4}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) socket(0x2, 0x80805, 0x0) 2.243767355s ago: executing program 0 (id=2284): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x20, r0, 0x10ada85e65c25359, 0x0, 0x8000000, {{0x6b}, {@void, @val={0xc, 0x99, {0x2, 0x72}}}}}, 0x20}}, 0x24000000) 2.243602044s ago: executing program 3 (id=2285): r0 = getpid() setresuid(0xee01, 0x0, 0xffffffffffffffff) prlimit64(r0, 0xe, 0x0, 0x0) 2.160744033s ago: executing program 0 (id=2286): r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x82480, 0x0) r1 = getpgrp(0xffffffffffffffff) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r2, 0x7b1, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x55b4}) ptrace$setopts(0x4206, r1, 0x0, 0x20004f) pread64(r0, &(0x7f0000000140)=""/15, 0xf, 0xe5d1) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x1, 0x0, &(0x7f0000000100)) io_setup(0x2, &(0x7f0000000000)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = dup(r3) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) eventfd(0x7) 2.127480886s ago: executing program 3 (id=2288): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000016c0)=@newsa={0x138, 0x10, 0x1, 0xfff7fffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@remote, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc, 0x40}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x38}, {0x0, 0x192, 0x6, 0x6, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 1.97636402s ago: executing program 0 (id=2289): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_clone(0x4800080, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, r1) 1.976180954s ago: executing program 3 (id=2290): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6047, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)={0x0, 0x15, 0x1f, {0x1f, 0x22, "a7ea3163fd3bc518194b120c1e73d54cfc4ad2841ef4f6a3027c59ccb7"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 1.748357066s ago: executing program 1 (id=2292): r0 = socket(0x200000000000011, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e23, 0x3, @rand_addr=' \x01\x00', 0x80}, 0x1c) 1.51555426s ago: executing program 1 (id=2293): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x860b01) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0) write$char_usb(r0, &(0x7f0000000080)="6af14e42e47160ba7d94707c68afe4f3f6a8b8a846042e3d", 0x18) 1.300056363s ago: executing program 2 (id=2294): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001040)=[@text64={0x40, &(0x7f00000012c0)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x80, 0x0, &(0x7f00000010c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000005c0)={[0x5836, 0x8, 0x7, 0x4000000000000e52, 0x1, 0x5479, 0x1043, 0x200000000006, 0x0, 0x1, 0xfffffffffffffffe, 0x100000000, 0x9ca6, 0x1, 0x8000000000005, 0x5c], 0x8080000, 0x42590}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.212661142s ago: executing program 1 (id=2295): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, 0x0, &(0x7f0000001ac0)) 1.028448778s ago: executing program 1 (id=2296): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000080), 0x4a) sendmmsg$inet(r1, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r2) 899.704402ms ago: executing program 2 (id=2297): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0) pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000580)="9a6fe98581ff0e", 0x7}], 0x1, 0x7fffffff, 0x1) 0s ago: executing program 2 (id=2298): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x9d, 0xea, 0x78, 0x40, 0x18b4, 0xfffb, 0xdc7b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0xa0, 0x1f, 0x71}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000000)={0x0, 0x0, 0x1, "01"}, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x1, &(0x7f00000001c0)='\x00'}], 0x1}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): 1: config 0 descriptor?? [ 387.327706][T11435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 387.339543][T11435] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 387.418550][ T24] usb 4-1: USB disconnect, device number 126 [ 387.727258][T11449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 387.743962][T11449] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 387.790497][T11449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 387.803929][T11449] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 388.000319][T11463] fuse: Bad value for 'user_id' [ 388.005379][T11463] fuse: Bad value for 'user_id' [ 388.013284][T11463] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1795'. [ 388.040182][T11463] bridge_slave_1: left allmulticast mode [ 388.045902][T11463] bridge_slave_1: left promiscuous mode [ 388.075299][T11463] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.102203][T11463] bridge_slave_0: left allmulticast mode [ 388.110061][T11463] bridge_slave_0: left promiscuous mode [ 388.118813][T11463] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.307958][T11473] syzkaller1: entered promiscuous mode [ 388.318636][T11473] syzkaller1: entered allmulticast mode [ 388.603534][T11472] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1797'. [ 388.636332][ T8383] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 388.734496][T11493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 388.744977][T11493] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 388.801953][ T8383] usb 2-1: config 1 has an invalid interface number: 7 but max is 0 [ 388.810215][ T8383] usb 2-1: config 1 has no interface number 0 [ 388.816444][ T8383] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 388.828076][ T8383] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 388.830410][ T5855] usb 4-1: new high-speed USB device number 127 using dummy_hcd [ 388.838206][ T8383] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.862230][ T8383] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 388.872391][ T8383] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.880845][ T8383] usb 2-1: Product: syz [ 388.885066][ T8383] usb 2-1: Manufacturer: syz [ 388.889834][ T8383] usb 2-1: SerialNumber: syz [ 388.897475][T11479] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 389.000118][ T5855] usb 4-1: Invalid ep0 maxpacket: 9 [ 389.107381][T11479] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 389.130233][ T5855] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 389.300091][ T5855] usb 4-1: Invalid ep0 maxpacket: 9 [ 389.310509][ T5855] usb usb4-port1: attempt power cycle [ 389.494383][T11504] FAULT_INJECTION: forcing a failure. [ 389.494383][T11504] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 389.508062][T11504] CPU: 0 UID: 0 PID: 11504 Comm: syz.0.1807 Tainted: G L syzkaller #0 PREEMPT(full) [ 389.508098][T11504] Tainted: [L]=SOFTLOCKUP [ 389.508108][T11504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 389.508122][T11504] Call Trace: [ 389.508131][T11504] [ 389.508141][T11504] dump_stack_lvl+0xe8/0x150 [ 389.508171][T11504] should_fail_ex+0x414/0x560 [ 389.508209][T11504] _copy_from_user+0x2d/0xb0 [ 389.508235][T11504] sock_do_ioctl+0x182/0x300 [ 389.508268][T11504] ? __pfx_sock_do_ioctl+0x10/0x10 [ 389.508295][T11504] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 389.508338][T11504] sock_ioctl+0x576/0x790 [ 389.508369][T11504] ? __pfx_sock_ioctl+0x10/0x10 [ 389.508398][T11504] ? __fget_files+0x2a/0x420 [ 389.508427][T11504] ? __fget_files+0x3a0/0x420 [ 389.508453][T11504] ? __fget_files+0x2a/0x420 [ 389.508484][T11504] ? bpf_lsm_file_ioctl+0x9/0x20 [ 389.508507][T11504] ? __pfx_sock_ioctl+0x10/0x10 [ 389.508535][T11504] __se_sys_ioctl+0xfc/0x170 [ 389.508572][T11504] do_syscall_64+0xec/0xf80 [ 389.508596][T11504] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.508618][T11504] ? trace_irq_disable+0x37/0x100 [ 389.508644][T11504] ? clear_bhb_loop+0x40/0x90 [ 389.508671][T11504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.508693][T11504] RIP: 0033:0x7fd20138f749 [ 389.508714][T11504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 389.508732][T11504] RSP: 002b:00007fd202231038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 389.508756][T11504] RAX: ffffffffffffffda RBX: 00007fd2015e5fa0 RCX: 00007fd20138f749 [ 389.508772][T11504] RDX: 0000200000000480 RSI: 0000000000008923 RDI: 0000000000000004 [ 389.508787][T11504] RBP: 00007fd202231090 R08: 0000000000000000 R09: 0000000000000000 [ 389.508801][T11504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 389.508815][T11504] R13: 00007fd2015e6038 R14: 00007fd2015e5fa0 R15: 00007ffdb4e4af38 [ 389.508850][T11504] [ 389.721023][ T8383] usb 2-1: Incompatible driver and firmware versions [ 389.743857][ T8383] usb 2-1: USB disconnect, device number 109 [ 389.790233][ T5855] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 389.820844][ T5855] usb 4-1: Invalid ep0 maxpacket: 9 [ 389.960314][ T5855] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 389.984222][ T5855] usb 4-1: Invalid ep0 maxpacket: 9 [ 389.998913][ T5855] usb usb4-port1: unable to enumerate USB device [ 390.775065][T11548] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 390.787003][T11548] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.051101][ T5915] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 391.190326][ T5915] usb 2-1: device descriptor read/64, error -71 [ 391.430365][ T5915] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 391.570201][ T5915] usb 2-1: device descriptor read/64, error -71 [ 391.690761][ T5915] usb usb2-port1: attempt power cycle [ 392.040197][ T5915] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 392.071438][ T5915] usb 2-1: device descriptor read/8, error -71 [ 392.167102][T11590] FAULT_INJECTION: forcing a failure. [ 392.167102][T11590] name failslab, interval 1, probability 0, space 0, times 0 [ 392.181415][T11590] CPU: 1 UID: 0 PID: 11590 Comm: syz.0.1837 Tainted: G L syzkaller #0 PREEMPT(full) [ 392.181452][T11590] Tainted: [L]=SOFTLOCKUP [ 392.181460][T11590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 392.181474][T11590] Call Trace: [ 392.181483][T11590] [ 392.181493][T11590] dump_stack_lvl+0xe8/0x150 [ 392.181524][T11590] should_fail_ex+0x414/0x560 [ 392.181563][T11590] should_failslab+0xa8/0x100 [ 392.181591][T11590] kmem_cache_alloc_noprof+0x88/0x710 [ 392.181622][T11590] ? __netlink_lookup+0xbd/0x8a0 [ 392.181651][T11590] ? skb_clone+0x212/0x3a0 [ 392.181682][T11590] skb_clone+0x212/0x3a0 [ 392.181712][T11590] __netlink_deliver_tap+0x424/0x8b0 [ 392.181759][T11590] ? netlink_deliver_tap+0x2e/0x1b0 [ 392.181801][T11590] netlink_deliver_tap+0x19c/0x1b0 [ 392.181830][T11590] netlink_unicast+0x7fa/0x9e0 [ 392.181863][T11590] ? __pfx_netlink_unicast+0x10/0x10 [ 392.181887][T11590] ? __alloc_skb+0x198/0x3a0 [ 392.181908][T11590] ? netlink_sendmsg+0x642/0xb30 [ 392.181933][T11590] ? skb_put+0x11b/0x210 [ 392.181959][T11590] netlink_sendmsg+0x805/0xb30 [ 392.181985][T11590] ? aa_sk_perm+0x15f/0x920 [ 392.182023][T11590] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.182053][T11590] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 392.182096][T11590] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.182123][T11590] sock_sendmsg_nosec+0x18f/0x1d0 [ 392.182158][T11590] ____sys_sendmsg+0x577/0x880 [ 392.182183][T11590] ? __might_fault+0xb0/0x130 [ 392.182221][T11590] ? __pfx_____sys_sendmsg+0x10/0x10 [ 392.182256][T11590] ? import_iovec+0x74/0xa0 [ 392.182286][T11590] ___sys_sendmsg+0x21f/0x2a0 [ 392.182312][T11590] ? __pfx____sys_sendmsg+0x10/0x10 [ 392.182378][T11590] ? __fget_files+0x2a/0x420 [ 392.182407][T11590] ? __fget_files+0x3a0/0x420 [ 392.182445][T11590] __x64_sys_sendmsg+0x19b/0x260 [ 392.182473][T11590] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 392.182508][T11590] ? __pfx_ksys_write+0x10/0x10 [ 392.182543][T11590] do_syscall_64+0xec/0xf80 [ 392.182566][T11590] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.182589][T11590] ? trace_irq_disable+0x37/0x100 [ 392.182615][T11590] ? clear_bhb_loop+0x40/0x90 [ 392.182642][T11590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.182665][T11590] RIP: 0033:0x7fd20138f749 [ 392.182687][T11590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.182707][T11590] RSP: 002b:00007fd202231038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 392.182732][T11590] RAX: ffffffffffffffda RBX: 00007fd2015e5fa0 RCX: 00007fd20138f749 [ 392.182756][T11590] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 392.182771][T11590] RBP: 00007fd202231090 R08: 0000000000000000 R09: 0000000000000000 [ 392.182786][T11590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 392.182799][T11590] R13: 00007fd2015e6038 R14: 00007fd2015e5fa0 R15: 00007ffdb4e4af38 [ 392.182835][T11590] [ 392.563082][T11595] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 392.579525][T11595] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 392.593404][T11596] loop5: detected capacity change from 0 to 7 [ 392.609820][T11596] Dev loop5: unable to read RDB block 7 [ 392.616822][T11596] loop5: unable to read partition table [ 392.630472][ T5915] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 392.650106][T11596] loop5: partition table beyond EOD, truncated [ 392.660808][ T5915] usb 2-1: device descriptor read/8, error -71 [ 392.661845][T11596] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 392.771012][ T5915] usb usb2-port1: unable to enumerate USB device [ 393.041250][T11607] pimreg: entered allmulticast mode [ 393.236933][T11619] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1847'. [ 393.256020][T11619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.266756][T11619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.281904][T11619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.292202][T11619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.322030][T11619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.332231][T11619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.350396][T11619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.359754][T11619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.425841][T11625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.438888][T11625] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.744331][T11636] input: syz1 as /devices/virtual/input/input56 [ 393.951962][T11644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.962561][T11644] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 394.090286][ T5909] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 394.260110][ T5909] usb 4-1: Using ep0 maxpacket: 16 [ 394.267700][ T5909] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.284581][ T5909] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 394.314776][ T5909] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 394.324218][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.337058][ T5909] usb 4-1: config 0 descriptor?? [ 394.970137][ T36] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 395.120238][ T36] usb 2-1: device descriptor read/64, error -71 [ 395.126763][T11666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 395.142982][T11666] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 395.154525][T11666] 9p: Bad value for 'rfdno' [ 395.360248][ T36] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 395.500147][ T36] usb 2-1: device descriptor read/64, error -71 [ 395.611074][ T36] usb usb2-port1: attempt power cycle [ 395.677461][T11674] netlink: 'syz.0.1866': attribute type 21 has an invalid length. [ 395.685952][T11674] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1866'. [ 395.970155][ T36] usb 2-1: new high-speed USB device number 116 using dummy_hcd [ 396.001864][ T36] usb 2-1: device descriptor read/8, error -71 [ 396.260309][ T36] usb 2-1: new high-speed USB device number 117 using dummy_hcd [ 396.269665][T11687] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 396.279089][T11687] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 396.291311][ T36] usb 2-1: device descriptor read/8, error -71 [ 396.417744][ T36] usb usb2-port1: unable to enumerate USB device [ 396.619786][T11694] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 396.817217][T11700] binder: 11699:11700 ioctl c0306201 200000000080 returned -14 [ 396.912316][ T5909] usbhid 4-1:0.0: can't add hid device: -71 [ 396.919521][ T5909] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 396.941894][ T5909] usb 4-1: USB disconnect, device number 5 [ 397.136068][T11709] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 397.150872][T11709] netlink: 'syz.0.1879': attribute type 30 has an invalid length. [ 397.159126][T11709] netlink: 'syz.0.1879': attribute type 33 has an invalid length. [ 397.168188][T11709] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1879'. [ 397.237205][T11711] block nbd0: NBD_DISCONNECT [ 397.246081][T11711] block nbd0: NBD_DISCONNECT [ 397.251526][T11711] block nbd0: NBD_DISCONNECT [ 397.258499][T11711] block nbd0: NBD_DISCONNECT [ 397.264373][T11711] block nbd0: NBD_DISCONNECT [ 397.269403][T11711] block nbd0: NBD_DISCONNECT [ 397.274509][T11711] block nbd0: NBD_DISCONNECT [ 397.279565][T11711] block nbd0: NBD_DISCONNECT [ 397.285383][T11711] block nbd0: NBD_DISCONNECT [ 397.300295][T11711] block nbd0: NBD_DISCONNECT [ 397.305689][T11711] block nbd0: NBD_DISCONNECT [ 397.310665][T11711] block nbd0: NBD_DISCONNECT [ 397.315450][T11711] block nbd0: NBD_DISCONNECT [ 397.326094][T11711] block nbd0: NBD_DISCONNECT [ 397.331024][T11711] block nbd0: NBD_DISCONNECT [ 397.336508][T11711] block nbd0: NBD_DISCONNECT [ 397.342257][T11711] block nbd0: NBD_DISCONNECT [ 397.347208][T11711] block nbd0: NBD_DISCONNECT [ 397.352204][T11711] block nbd0: NBD_DISCONNECT [ 397.357008][T11711] block nbd0: NBD_DISCONNECT [ 397.364283][T11711] block nbd0: NBD_DISCONNECT [ 397.369843][T11711] block nbd0: NBD_DISCONNECT [ 397.375067][T11711] block nbd0: NBD_DISCONNECT [ 397.380101][T11711] block nbd0: NBD_DISCONNECT [ 397.385197][T11711] block nbd0: NBD_DISCONNECT [ 397.390059][T11711] block nbd0: NBD_DISCONNECT [ 397.394843][T11711] block nbd0: NBD_DISCONNECT [ 397.399812][T11711] block nbd0: NBD_DISCONNECT [ 397.410281][T11711] block nbd0: NBD_DISCONNECT [ 397.415564][T11711] block nbd0: NBD_DISCONNECT [ 397.421259][T11711] block nbd0: NBD_DISCONNECT [ 397.426061][T11711] block nbd0: NBD_DISCONNECT [ 397.432153][T11711] block nbd0: NBD_DISCONNECT [ 397.437079][T11711] block nbd0: NBD_DISCONNECT [ 397.448791][T11711] block nbd0: NBD_DISCONNECT [ 397.454015][T11711] block nbd0: NBD_DISCONNECT [ 397.458833][T11711] block nbd0: NBD_DISCONNECT [ 397.464211][T11711] block nbd0: NBD_DISCONNECT [ 397.472345][T11711] block nbd0: NBD_DISCONNECT [ 397.477392][T11711] block nbd0: NBD_DISCONNECT [ 397.482595][T11711] block nbd0: NBD_DISCONNECT [ 397.487428][T11711] block nbd0: NBD_DISCONNECT [ 397.492561][T11711] block nbd0: NBD_DISCONNECT [ 397.497364][T11711] block nbd0: NBD_DISCONNECT [ 397.503962][T11711] block nbd0: NBD_DISCONNECT [ 397.508767][T11711] block nbd0: NBD_DISCONNECT [ 397.516936][T11711] block nbd0: NBD_DISCONNECT [ 397.522964][T11711] block nbd0: NBD_DISCONNECT [ 397.528786][T11711] block nbd0: NBD_DISCONNECT [ 397.534249][T11711] block nbd0: NBD_DISCONNECT [ 397.539050][T11711] block nbd0: NBD_DISCONNECT [ 397.545700][T11711] block nbd0: NBD_DISCONNECT [ 397.550820][T11711] block nbd0: NBD_DISCONNECT [ 397.555721][T11711] block nbd0: NBD_DISCONNECT [ 397.561046][T11711] block nbd0: NBD_DISCONNECT [ 397.565946][T11711] block nbd0: NBD_DISCONNECT [ 397.572669][T11711] block nbd0: NBD_DISCONNECT [ 397.577465][T11711] block nbd0: NBD_DISCONNECT [ 397.585868][T11711] block nbd0: NBD_DISCONNECT [ 397.590980][T11711] block nbd0: NBD_DISCONNECT [ 397.595793][T11711] block nbd0: NBD_DISCONNECT [ 397.601568][T11711] block nbd0: NBD_DISCONNECT [ 397.606372][T11711] block nbd0: NBD_DISCONNECT [ 397.612396][T11711] block nbd0: NBD_DISCONNECT [ 397.617368][T11711] block nbd0: NBD_DISCONNECT [ 397.628679][T11710] block nbd0: Disconnected due to user request. [ 397.637026][T11710] block nbd0: shutting down sockets [ 397.690887][T11722] batadv_slave_1: entered promiscuous mode [ 397.836896][T11724] netlink: 'syz.2.1884': attribute type 21 has an invalid length. [ 397.902567][T11721] batadv_slave_1: left promiscuous mode [ 397.942514][T11729] vxcan1: entered allmulticast mode [ 398.005462][T11731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 398.020998][T11731] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 398.223443][T11740] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 398.234750][T11740] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 398.460446][ T5915] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 398.573489][T11747] FAULT_INJECTION: forcing a failure. [ 398.573489][T11747] name failslab, interval 1, probability 0, space 0, times 0 [ 398.586767][T11747] CPU: 0 UID: 0 PID: 11747 Comm: syz.0.1892 Tainted: G L syzkaller #0 PREEMPT(full) [ 398.586793][T11747] Tainted: [L]=SOFTLOCKUP [ 398.586800][T11747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 398.586810][T11747] Call Trace: [ 398.586817][T11747] [ 398.586823][T11747] dump_stack_lvl+0xe8/0x150 [ 398.586846][T11747] should_fail_ex+0x414/0x560 [ 398.586874][T11747] should_failslab+0xa8/0x100 [ 398.586894][T11747] kmem_cache_alloc_noprof+0x88/0x710 [ 398.586917][T11747] ? __kvm_mmu_topup_memory_cache+0x463/0x610 [ 398.586943][T11747] ? __kvm_mmu_topup_memory_cache+0x1b4/0x610 [ 398.586972][T11747] __kvm_mmu_topup_memory_cache+0x1b4/0x610 [ 398.587006][T11747] mmu_topup_memory_caches+0x21/0x170 [ 398.587024][T11747] kvm_mmu_load+0x9d/0x22d0 [ 398.587040][T11747] ? kvm_msr_allowed+0x9a/0x490 [ 398.587059][T11747] ? kvm_msr_allowed+0x9a/0x490 [ 398.587078][T11747] ? kvm_msr_allowed+0x9a/0x490 [ 398.587097][T11747] ? kvm_msr_allowed+0x9a/0x490 [ 398.587114][T11747] ? kvm_apic_has_interrupt+0x744/0x770 [ 398.587143][T11747] vcpu_run+0x5497/0x7670 [ 398.587228][T11747] ? __pfx_vcpu_run+0x10/0x10 [ 398.587254][T11747] ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90 [ 398.587278][T11747] ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90 [ 398.587300][T11747] ? fpu_swap_kvm_fpstate+0xc2/0x4f0 [ 398.587321][T11747] ? rcu_is_watching+0x15/0xb0 [ 398.587341][T11747] kvm_arch_vcpu_ioctl_run+0x1148/0x1c90 [ 398.587372][T11747] ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90 [ 398.587394][T11747] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 398.587418][T11747] ? __lock_acquire+0x6b6/0x2cf0 [ 398.587444][T11747] ? __mutex_lock+0x335/0x1350 [ 398.587469][T11747] ? kasan_quarantine_put+0xbb/0x1f0 [ 398.587503][T11747] ? do_raw_write_lock+0x120/0x260 [ 398.587534][T11747] kvm_vcpu_ioctl+0x99a/0xed0 [ 398.587557][T11747] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 398.587574][T11747] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 398.587607][T11747] ? __fget_files+0x2a/0x420 [ 398.587630][T11747] ? __fget_files+0x2a/0x420 [ 398.587649][T11747] ? __fget_files+0x3a0/0x420 [ 398.587669][T11747] ? __fget_files+0x2a/0x420 [ 398.587691][T11747] ? bpf_lsm_file_ioctl+0x9/0x20 [ 398.587707][T11747] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 398.587725][T11747] __se_sys_ioctl+0xfc/0x170 [ 398.587752][T11747] do_syscall_64+0xec/0xf80 [ 398.587768][T11747] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.587784][T11747] ? trace_irq_disable+0x37/0x100 [ 398.587802][T11747] ? clear_bhb_loop+0x40/0x90 [ 398.587822][T11747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.587838][T11747] RIP: 0033:0x7fd20138f749 [ 398.587854][T11747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.587867][T11747] RSP: 002b:00007fd202231038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 398.587884][T11747] RAX: ffffffffffffffda RBX: 00007fd2015e5fa0 RCX: 00007fd20138f749 [ 398.587896][T11747] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 398.587906][T11747] RBP: 00007fd202231090 R08: 0000000000000000 R09: 0000000000000000 [ 398.587917][T11747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 398.587926][T11747] R13: 00007fd2015e6038 R14: 00007fd2015e5fa0 R15: 00007ffdb4e4af38 [ 398.587951][T11747] [ 398.921941][ T5915] usb 4-1: config 0 has an invalid interface number: 255 but max is 0 [ 398.930366][ T5915] usb 4-1: config 0 has no interface number 0 [ 398.936526][ T5915] usb 4-1: New USB device found, idVendor=0733, idProduct=0401, bcdDevice=ad.7d [ 398.953083][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 398.963975][ T5915] usb 4-1: config 0 descriptor?? [ 398.977594][ T5915] gspca_main: spca501-2.14.0 probing 0733:0401 [ 399.349841][ T5915] gspca_spca501: reg write: error -71 [ 399.365941][ T5915] spca501 4-1:0.255: Reg write failed for 0x00,0xaa,0x00 [ 399.384524][ T5915] spca501 4-1:0.255: probe with driver spca501 failed with error -22 [ 399.412692][ T5915] usb 4-1: USB disconnect, device number 6 [ 399.525032][T11761] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1896'. [ 399.693104][T11763] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 399.702986][T11763] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 400.274917][T11776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 400.284684][T11776] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 400.460213][ T5909] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 400.610133][ T5909] usb 4-1: Using ep0 maxpacket: 8 [ 400.617176][ T5909] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 400.625727][ T5909] usb 4-1: config 179 has no interface number 0 [ 400.632141][ T5909] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 400.644951][ T5909] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 400.656329][ T5909] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 400.667642][ T5909] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 400.679182][ T5909] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 400.692807][ T5909] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 400.702004][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.713774][T11774] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 400.959499][ T5909] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input57 [ 401.156389][ T8382] usb 4-1: USB disconnect, device number 7 [ 401.156542][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 401.170749][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 401.218965][T11787] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 401.228789][T11787] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 401.270065][ T5822] Bluetooth: hci3: command 0x0405 tx timeout [ 401.443747][T11796] ptrace attach of "./syz-executor exec"[5816] was attempted by "ÉôÔ“€7çE\x09Å» 宬›ò¾áPÕ"[11796] [ 402.347041][T11838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 402.361728][T11838] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 402.680101][ T8382] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 402.870731][ T8382] usb 4-1: Using ep0 maxpacket: 32 [ 402.878414][ T8382] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 402.887776][ T8382] usb 4-1: config 0 has no interface number 0 [ 402.908275][ T8382] usb 4-1: config 0 interface 184 has no altsetting 0 [ 402.927778][ T8382] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 402.950080][ T8382] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.964028][ T8382] usb 4-1: Product: syz [ 402.972977][ T8382] usb 4-1: Manufacturer: syz [ 402.980016][ T8382] usb 4-1: SerialNumber: syz [ 403.002578][ T8382] usb 4-1: config 0 descriptor?? [ 403.019671][ T8382] smsc75xx v1.0.0 [ 403.705110][T11868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 403.723892][T11868] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 403.742333][T11868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 403.754389][T11868] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 403.765342][T11868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1929'. [ 403.776685][T11868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1929'. [ 403.890123][ T24] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 403.990692][T11868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 404.001338][T11868] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 404.052018][ T24] usb 2-1: config 0 interface 0 has no altsetting 0 [ 404.058714][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 404.074494][ T8382] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 404.087155][ T8382] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 404.099270][ T8382] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 404.110404][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.116902][ T24] usb 2-1: config 0 descriptor?? [ 404.126715][ T8382] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 404.138228][ T8382] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 404.161128][ T8382] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 404.171811][ T8382] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 404.191564][ T8382] usb 4-1: USB disconnect, device number 8 [ 404.575649][T11874] random: crng reseeded on system resumption [ 404.934538][ T5870] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 405.092384][ T5870] usb 4-1: config 1 has an invalid interface number: 7 but max is 0 [ 405.102569][ T5870] usb 4-1: config 1 has no interface number 0 [ 405.108775][ T5870] usb 4-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 405.121865][ T5870] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 405.132297][ T5870] usb 4-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 405.152577][ T5870] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 405.162275][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.172426][ T5870] usb 4-1: Product: syz [ 405.182063][ T24] video4linux radio48: keene_cmd_set failed (-71) [ 405.197360][ T5870] usb 4-1: Manufacturer: syz [ 405.208831][ T24] radio-keene 2-1:0.0: V4L2 device registered as radio48 [ 405.217869][ T5870] usb 4-1: SerialNumber: syz [ 405.234684][T11879] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 405.267409][ T24] usb 2-1: USB disconnect, device number 118 [ 405.398880][T11891] 9pnet_fd: Insufficient options for proto=fd [ 405.453191][T11879] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 405.474421][T11893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 405.483609][T11893] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 405.777697][T11896] netlink: 'syz.1.1940': attribute type 4 has an invalid length. [ 405.799820][ T5870] usb 4-1: Incompatible driver and firmware versions [ 405.821736][T11897] sp0: Synchronizing with TNC [ 405.833954][ T5870] usb 4-1: USB disconnect, device number 9 [ 405.840483][T11897] netlink: 'syz.1.1940': attribute type 4 has an invalid length. [ 405.863479][T11895] [U] è` [ 406.016627][T11904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 406.037281][T11904] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 406.339566][T11917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 406.361538][T11917] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 406.385445][T11917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 406.396638][T11917] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 406.905088][T11950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 406.917457][T11950] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.017889][T11954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.029417][T11954] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.045553][T11954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.057520][T11954] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.074271][T11954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.083780][ T8382] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 407.092187][T11954] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.252152][ T8382] usb 4-1: config 1 has an invalid interface number: 7 but max is 0 [ 407.260416][ T8382] usb 4-1: config 1 has no interface number 0 [ 407.266666][ T8382] usb 4-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 407.284358][ T8382] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 407.294550][ T8382] usb 4-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 407.310628][ T8382] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 407.319774][ T8382] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.328100][ T8382] usb 4-1: Product: syz [ 407.332362][ T8382] usb 4-1: Manufacturer: syz [ 407.336969][ T8382] usb 4-1: SerialNumber: syz [ 407.345185][T11946] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 407.561446][T11946] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 407.804477][T11965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.816783][T11965] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 408.057242][ T8382] usb 4-1: Incompatible driver and firmware versions [ 408.077041][ T8382] usb 4-1: USB disconnect, device number 10 [ 408.165359][T11979] mac80211_hwsim hwsim6 ÿÿÿÿÿÿ: renamed from wlan1 (while UP) [ 408.267300][T11985] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 408.278273][T11985] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 408.413959][ T8383] usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 408.555398][T11995] netlink: 'syz.2.1978': attribute type 1 has an invalid length. [ 408.563505][T11995] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1978'. [ 408.574051][ T8383] usb 2-1: config 1 has an invalid interface number: 7 but max is 0 [ 408.582393][ T8383] usb 2-1: config 1 has no interface number 0 [ 408.588697][ T8383] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 408.602471][ T8383] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 408.618779][ T8383] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 408.631804][T11995] input input59: cannot allocate more than FF_MAX_EFFECTS effects [ 408.644369][ T8383] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 408.654352][ T8383] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.667396][ T8383] usb 2-1: Product: syz [ 408.672870][ T8383] usb 2-1: Manufacturer: syz [ 408.682388][ T8383] usb 2-1: SerialNumber: syz [ 408.702654][T11981] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 408.882752][T12001] netlink: 14568 bytes leftover after parsing attributes in process `syz.0.1988'. [ 408.921797][T11981] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 408.971353][ T8382] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 408.988314][T12004] mac80211_hwsim hwsim3 ÿÿÿÿÿÿ: renamed from wlan1 (while UP) [ 409.107259][T12010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.119696][T12010] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.130189][ T8382] usb 4-1: Using ep0 maxpacket: 8 [ 409.160244][ T8382] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 409.200191][ T8382] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 409.230537][ T8382] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 409.260920][ T8382] usb 4-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 409.290113][ T8382] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.324881][ T8382] usb 4-1: config 0 descriptor?? [ 409.395081][ T8383] usb 2-1: Incompatible driver and firmware versions [ 409.424569][ T8383] usb 2-1: USB disconnect, device number 119 [ 409.608128][T12018] dns_resolver: Unsupported content type (240) [ 409.846785][T12022] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1986'. [ 410.311281][T12034] overlayfs: workdir and upperdir must be separate subtrees [ 410.330224][ T8382] usbhid 4-1:0.0: can't add hid device: -71 [ 410.336309][ T8382] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 410.358480][T12036] fuse: Bad value for 'group_id' [ 410.360925][ T8382] usb 4-1: USB disconnect, device number 11 [ 410.375265][T12036] fuse: Bad value for 'group_id' [ 410.382950][T12037] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1990'. [ 410.431758][T12036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 410.450792][T12036] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 410.459072][T12039] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1992'. [ 410.766844][T12047] binder: BINDER_SET_CONTEXT_MGR already set [ 410.773402][T12047] binder: 12046:12047 ioctl 4018620d 200000004a80 returned -16 [ 411.081487][T12057] FAULT_INJECTION: forcing a failure. [ 411.081487][T12057] name failslab, interval 1, probability 0, space 0, times 0 [ 411.096039][T12057] CPU: 1 UID: 0 PID: 12057 Comm: syz.0.1997 Tainted: G L syzkaller #0 PREEMPT(full) [ 411.096076][T12057] Tainted: [L]=SOFTLOCKUP [ 411.096085][T12057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 411.096098][T12057] Call Trace: [ 411.096107][T12057] [ 411.096117][T12057] dump_stack_lvl+0xe8/0x150 [ 411.096147][T12057] should_fail_ex+0x414/0x560 [ 411.096186][T12057] should_failslab+0xa8/0x100 [ 411.096215][T12057] kmem_cache_alloc_noprof+0x88/0x710 [ 411.096246][T12057] ? apparmor_capable+0x137/0x1a0 [ 411.096270][T12057] ? skb_clone+0x212/0x3a0 [ 411.096301][T12057] skb_clone+0x212/0x3a0 [ 411.096326][T12057] ? nfnetlink_rcv+0x4ba/0x2590 [ 411.096352][T12057] nfnetlink_rcv+0x4ec/0x2590 [ 411.096379][T12057] ? __kernel_text_address+0xd/0x40 [ 411.096409][T12057] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 411.096437][T12057] ? arch_stack_walk+0xfc/0x150 [ 411.096471][T12057] ? stack_trace_save+0x9c/0xe0 [ 411.096499][T12057] ? __pfx_stack_trace_save+0x10/0x10 [ 411.096531][T12057] ? trim_netdev_trace+0x2a3/0x3d0 [ 411.096563][T12057] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 411.096599][T12057] ? __pfx_save_netdev_trace_buffer+0x10/0x10 [ 411.096631][T12057] ? ref_tracker_free+0x63a/0x7d0 [ 411.096665][T12057] ? netlink_unicast+0x7fa/0x9e0 [ 411.096686][T12057] ? netlink_sendmsg+0x805/0xb30 [ 411.096712][T12057] ? sock_sendmsg_nosec+0x18f/0x1d0 [ 411.096740][T12057] ? ____sys_sendmsg+0x577/0x880 [ 411.096763][T12057] ? ___sys_sendmsg+0x21f/0x2a0 [ 411.096784][T12057] ? __x64_sys_sendmsg+0x19b/0x260 [ 411.096808][T12057] ? do_syscall_64+0xec/0xf80 [ 411.096831][T12057] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.096861][T12057] ? __skb_clone+0x483/0x7a0 [ 411.097020][T12057] ? skb_clone+0x246/0x3a0 [ 411.097058][T12057] ? __netlink_deliver_tap+0x866/0x8b0 [ 411.097176][T12057] ? netlink_deliver_tap+0x2e/0x1b0 [ 411.097220][T12057] netlink_unicast+0x82f/0x9e0 [ 411.097253][T12057] ? __pfx_netlink_unicast+0x10/0x10 [ 411.097278][T12057] ? __alloc_skb+0x198/0x3a0 [ 411.097302][T12057] ? netlink_sendmsg+0x642/0xb30 [ 411.097327][T12057] ? skb_put+0x11b/0x210 [ 411.097354][T12057] netlink_sendmsg+0x805/0xb30 [ 411.097381][T12057] ? aa_sk_perm+0x15f/0x920 [ 411.097420][T12057] ? __pfx_netlink_sendmsg+0x10/0x10 [ 411.097450][T12057] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 411.097495][T12057] ? __pfx_netlink_sendmsg+0x10/0x10 [ 411.097523][T12057] sock_sendmsg_nosec+0x18f/0x1d0 [ 411.097556][T12057] ____sys_sendmsg+0x577/0x880 [ 411.097582][T12057] ? __might_fault+0xb0/0x130 [ 411.097620][T12057] ? __pfx_____sys_sendmsg+0x10/0x10 [ 411.097656][T12057] ? import_iovec+0x74/0xa0 [ 411.097686][T12057] ___sys_sendmsg+0x21f/0x2a0 [ 411.097713][T12057] ? __pfx____sys_sendmsg+0x10/0x10 [ 411.097772][T12057] ? __fget_files+0x2a/0x420 [ 411.097801][T12057] ? __fget_files+0x3a0/0x420 [ 411.097840][T12057] __x64_sys_sendmsg+0x19b/0x260 [ 411.097869][T12057] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 411.097905][T12057] ? __pfx_ksys_write+0x10/0x10 [ 411.097940][T12057] do_syscall_64+0xec/0xf80 [ 411.097973][T12057] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.097996][T12057] ? trace_irq_disable+0x37/0x100 [ 411.098023][T12057] ? clear_bhb_loop+0x40/0x90 [ 411.098051][T12057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.098074][T12057] RIP: 0033:0x7fd20138f749 [ 411.098097][T12057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.098118][T12057] RSP: 002b:00007fd202231038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 411.098143][T12057] RAX: ffffffffffffffda RBX: 00007fd2015e5fa0 RCX: 00007fd20138f749 [ 411.098161][T12057] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 411.098176][T12057] RBP: 00007fd202231090 R08: 0000000000000000 R09: 0000000000000000 [ 411.098190][T12057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.098204][T12057] R13: 00007fd2015e6038 R14: 00007fd2015e5fa0 R15: 00007ffdb4e4af38 [ 411.098238][T12057] [ 411.596890][T12059] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1998'. [ 411.784585][T12061] FAULT_INJECTION: forcing a failure. [ 411.784585][T12061] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 411.806013][T12061] CPU: 0 UID: 0 PID: 12061 Comm: syz.2.1999 Tainted: G L syzkaller #0 PREEMPT(full) [ 411.806054][T12061] Tainted: [L]=SOFTLOCKUP [ 411.806064][T12061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 411.806079][T12061] Call Trace: [ 411.806088][T12061] [ 411.806098][T12061] dump_stack_lvl+0xe8/0x150 [ 411.806131][T12061] should_fail_ex+0x414/0x560 [ 411.806171][T12061] _copy_from_user+0x2d/0xb0 [ 411.806198][T12061] ? __pfx_do_set_msr+0x10/0x10 [ 411.806232][T12061] msr_io+0xa2/0x8d0 [ 411.806268][T12061] ? kvm_arch_vcpu_ioctl+0x6bd/0x2a70 [ 411.806305][T12061] ? kvm_arch_vcpu_ioctl+0x6bd/0x2a70 [ 411.806341][T12061] ? __pfx_msr_io+0x10/0x10 [ 411.806377][T12061] ? __srcu_check_read_flavor+0x106/0x250 [ 411.806417][T12061] kvm_arch_vcpu_ioctl+0x6f7/0x2a70 [ 411.806462][T12061] ? kvm_arch_vcpu_ioctl+0x6bd/0x2a70 [ 411.806500][T12061] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 411.806541][T12061] ? unwind_next_frame+0xa5/0x23d0 [ 411.806569][T12061] ? is_bpf_text_address+0x26/0x2b0 [ 411.806612][T12061] ? is_bpf_text_address+0x26/0x2b0 [ 411.806654][T12061] ? is_bpf_text_address+0x292/0x2b0 [ 411.806682][T12061] ? is_bpf_text_address+0x26/0x2b0 [ 411.806715][T12061] ? kernel_text_address+0xa5/0xe0 [ 411.806745][T12061] ? __kernel_text_address+0xd/0x40 [ 411.806773][T12061] ? unwind_get_return_address+0x4d/0x90 [ 411.806796][T12061] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 411.806825][T12061] ? arch_stack_walk+0xfc/0x150 [ 411.806861][T12061] ? stack_trace_save+0x9c/0xe0 [ 411.806889][T12061] ? __pfx_stack_trace_save+0x10/0x10 [ 411.806921][T12061] ? __lock_acquire+0x6b6/0x2cf0 [ 411.806960][T12061] ? kasan_save_track+0x4f/0x80 [ 411.806980][T12061] ? kasan_save_track+0x3e/0x80 [ 411.806999][T12061] ? kasan_save_free_info+0x46/0x50 [ 411.807028][T12061] ? __kasan_slab_free+0x5c/0x80 [ 411.807049][T12061] ? kfree+0x1c0/0x660 [ 411.807075][T12061] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 411.807103][T12061] ? security_file_ioctl+0xcb/0x2d0 [ 411.807128][T12061] ? __se_sys_ioctl+0x47/0x170 [ 411.807161][T12061] ? do_syscall_64+0xec/0xf80 [ 411.807185][T12061] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.807223][T12061] ? __mutex_trylock_common+0x153/0x260 [ 411.807252][T12061] ? __pfx___mutex_trylock_common+0x10/0x10 [ 411.807283][T12061] ? rcu_is_watching+0x15/0xb0 [ 411.807307][T12061] ? trace_contention_end+0x39/0x100 [ 411.807333][T12061] ? __mutex_lock+0x335/0x1350 [ 411.807367][T12061] ? kasan_quarantine_put+0xbb/0x1f0 [ 411.807404][T12061] ? kvm_vcpu_ioctl+0x269/0xed0 [ 411.807435][T12061] ? __pfx___mutex_lock+0x10/0x10 [ 411.807462][T12061] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 411.807495][T12061] ? do_vfs_ioctl+0xbe8/0x1430 [ 411.807520][T12061] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 411.807547][T12061] kvm_vcpu_ioctl+0x78b/0xed0 [ 411.807581][T12061] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 411.807605][T12061] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 411.807660][T12061] ? __fget_files+0x2a/0x420 [ 411.807692][T12061] ? __fget_files+0x2a/0x420 [ 411.807719][T12061] ? __fget_files+0x3a0/0x420 [ 411.807746][T12061] ? __fget_files+0x2a/0x420 [ 411.807779][T12061] ? bpf_lsm_file_ioctl+0x9/0x20 [ 411.807801][T12061] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 411.807834][T12061] __se_sys_ioctl+0xfc/0x170 [ 411.807872][T12061] do_syscall_64+0xec/0xf80 [ 411.807896][T12061] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.807918][T12061] ? trace_irq_disable+0x37/0x100 [ 411.807944][T12061] ? clear_bhb_loop+0x40/0x90 [ 411.807972][T12061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.807999][T12061] RIP: 0033:0x7fce3898f749 [ 411.808021][T12061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.808039][T12061] RSP: 002b:00007fce398b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 411.808063][T12061] RAX: ffffffffffffffda RBX: 00007fce38be5fa0 RCX: 00007fce3898f749 [ 411.808080][T12061] RDX: 0000200000000280 RSI: 000000004008ae89 RDI: 0000000000000007 [ 411.808096][T12061] RBP: 00007fce398b0090 R08: 0000000000000000 R09: 0000000000000000 [ 411.808111][T12061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.808125][T12061] R13: 00007fce38be6038 R14: 00007fce38be5fa0 R15: 00007fff0ed3b578 [ 411.808160][T12061] [ 411.990391][ T5915] usb 2-1: new full-speed USB device number 120 using dummy_hcd [ 412.244056][ T5909] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 412.402650][ T5909] usb 4-1: config 1 has an invalid interface number: 7 but max is 0 [ 412.410854][ T5909] usb 4-1: config 1 has no interface number 0 [ 412.417007][ T5909] usb 4-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 412.450172][ T5909] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 412.467476][ T5915] usb 2-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 412.478752][ T5915] usb 2-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 412.492770][ T5909] usb 4-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.504471][ T5915] usb 2-1: config 0 interface 0 has no altsetting 0 [ 412.511752][ T5915] usb 2-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 412.522698][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.532712][ T5909] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 412.542443][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.556395][ T5915] usb 2-1: config 0 descriptor?? [ 412.562412][ T5909] usb 4-1: Product: syz [ 412.567098][ T5909] usb 4-1: Manufacturer: syz [ 412.572292][ T5909] usb 4-1: SerialNumber: syz [ 412.603207][T12055] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 412.816515][T12055] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 412.992205][ T5915] zydacron 0003:13EC:0006.001A: unknown main item tag 0x0 [ 413.001255][ T5915] zydacron 0003:13EC:0006.001A: unknown main item tag 0x0 [ 413.008570][ T5915] zydacron 0003:13EC:0006.001A: unknown main item tag 0x0 [ 413.022902][ T5915] zydacron 0003:13EC:0006.001A: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.1-1/input0 [ 413.185134][T12050] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 413.197612][T12050] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 413.208909][ T5915] usb 2-1: USB disconnect, device number 120 [ 413.234696][ T5909] usb 4-1: Incompatible driver and firmware versions [ 413.270635][ T5909] usb 4-1: USB disconnect, device number 12 [ 413.494714][T12086] syzkaller1: entered promiscuous mode [ 413.501939][T12086] syzkaller1: entered allmulticast mode [ 413.513626][T12086] FAULT_FLAG_ALLOW_RETRY missing 801 [ 413.519007][T12086] CPU: 0 UID: 0 PID: 12086 Comm: syz.0.2010 Tainted: G L syzkaller #0 PREEMPT(full) [ 413.519045][T12086] Tainted: [L]=SOFTLOCKUP [ 413.519057][T12086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 413.519068][T12086] Call Trace: [ 413.519075][T12086] [ 413.519082][T12086] dump_stack_lvl+0xe8/0x150 [ 413.519105][T12086] handle_userfault+0x14c3/0x17b0 [ 413.519131][T12086] ? __folio_put+0x21b/0x2c0 [ 413.519154][T12086] ? __pfx_handle_userfault+0x10/0x10 [ 413.519191][T12086] handle_mm_fault+0x1b26/0x32b0 [ 413.519215][T12086] ? pte_offset_map_lock+0x13e/0x210 [ 413.519246][T12086] ? handle_mm_fault+0xdb/0x32b0 [ 413.519274][T12086] ? __pfx_handle_mm_fault+0x10/0x10 [ 413.519298][T12086] ? follow_page_pte+0x7ef/0x13e0 [ 413.519326][T12086] ? __pfx_follow_page_pte+0x10/0x10 [ 413.519354][T12086] __get_user_pages+0x1650/0x29f0 [ 413.519396][T12086] populate_vma_page_range+0x29f/0x3a0 [ 413.519418][T12086] ? __pfx_populate_vma_page_range+0x10/0x10 [ 413.519436][T12086] ? vma_wants_writenotify+0xb3/0x2a0 [ 413.519466][T12086] ? vma_set_page_prot+0xc3/0x100 [ 413.519490][T12086] mprotect_fixup+0x845/0xa30 [ 413.519513][T12086] ? __pfx_mprotect_fixup+0x10/0x10 [ 413.519539][T12086] do_mprotect_pkey+0x8c5/0xcd0 [ 413.519567][T12086] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 413.519594][T12086] ? __se_sys_futex+0x36f/0x400 [ 413.519627][T12086] ? rcu_is_watching+0x15/0xb0 [ 413.519649][T12086] __x64_sys_mprotect+0x80/0x90 [ 413.519667][T12086] do_syscall_64+0xec/0xf80 [ 413.519684][T12086] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.519701][T12086] ? trace_irq_disable+0x37/0x100 [ 413.519721][T12086] ? clear_bhb_loop+0x40/0x90 [ 413.519741][T12086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.519758][T12086] RIP: 0033:0x7fd20138f749 [ 413.519773][T12086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.519788][T12086] RSP: 002b:00007fd202231038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 413.519805][T12086] RAX: ffffffffffffffda RBX: 00007fd2015e5fa0 RCX: 00007fd20138f749 [ 413.519817][T12086] RDX: 000000000000000f RSI: 0000000000004000 RDI: 0000200000ffc000 [ 413.519828][T12086] RBP: 00007fd201413f91 R08: 0000000000000000 R09: 0000000000000000 [ 413.519838][T12086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 413.519849][T12086] R13: 00007fd2015e6038 R14: 00007fd2015e5fa0 R15: 00007ffdb4e4af38 [ 413.519874][T12086] [ 414.027332][T12092] dtv5100: wlen = 15, aborting. [ 414.081777][T12094] dtv5100: wlen = 15, aborting. [ 414.165557][T12097] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 414.195547][T12101] FAULT_INJECTION: forcing a failure. [ 414.195547][T12101] name failslab, interval 1, probability 0, space 0, times 0 [ 414.212420][T12101] CPU: 0 UID: 0 PID: 12101 Comm: syz.0.2017 Tainted: G L syzkaller #0 PREEMPT(full) [ 414.212456][T12101] Tainted: [L]=SOFTLOCKUP [ 414.212465][T12101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 414.212479][T12101] Call Trace: [ 414.212488][T12101] [ 414.212498][T12101] dump_stack_lvl+0xe8/0x150 [ 414.212528][T12101] should_fail_ex+0x414/0x560 [ 414.212567][T12101] should_failslab+0xa8/0x100 [ 414.212595][T12101] __kmalloc_noprof+0xdf/0x800 [ 414.212629][T12101] ? sock_kmalloc+0xd6/0x160 [ 414.212671][T12101] sock_kmalloc+0xd6/0x160 [ 414.212699][T12101] skcipher_recvmsg+0x571/0x11d0 [ 414.212750][T12101] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 414.212778][T12101] ? __lock_acquire+0x6b6/0x2cf0 [ 414.212817][T12101] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 414.212848][T12101] sock_recvmsg_nosec+0x186/0x1c0 [ 414.212886][T12101] ____sys_recvmsg+0x21e/0x4c0 [ 414.212921][T12101] ? __pfx_____sys_recvmsg+0x10/0x10 [ 414.212964][T12101] ? import_iovec+0x74/0xa0 [ 414.212993][T12101] ___sys_recvmsg+0x1b5/0x510 [ 414.213016][T12101] ? get_pid_task+0x20/0x1f0 [ 414.213047][T12101] ? __pfx____sys_recvmsg+0x10/0x10 [ 414.213079][T12101] ? __fget_files+0x2a/0x420 [ 414.213127][T12101] ? __fget_files+0x3a0/0x420 [ 414.213167][T12101] __x64_sys_recvmsg+0x198/0x260 [ 414.213203][T12101] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 414.213240][T12101] ? __pfx_ksys_write+0x10/0x10 [ 414.213275][T12101] do_syscall_64+0xec/0xf80 [ 414.213299][T12101] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.213322][T12101] ? trace_irq_disable+0x37/0x100 [ 414.213348][T12101] ? clear_bhb_loop+0x40/0x90 [ 414.213376][T12101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.213399][T12101] RIP: 0033:0x7fd20138f749 [ 414.213420][T12101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.213441][T12101] RSP: 002b:00007fd202231038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 414.213466][T12101] RAX: ffffffffffffffda RBX: 00007fd2015e5fa0 RCX: 00007fd20138f749 [ 414.213483][T12101] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004 [ 414.213499][T12101] RBP: 00007fd202231090 R08: 0000000000000000 R09: 0000000000000000 [ 414.213513][T12101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 414.213527][T12101] R13: 00007fd2015e6038 R14: 00007fd2015e5fa0 R15: 00007ffdb4e4af38 [ 414.213563][T12101] [ 414.521667][T12105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 414.532931][T12105] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 414.693967][T12114] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2020'. [ 414.748323][T12117] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 414.757420][T12117] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 414.766892][T12117] 9p: Bad value for 'wfdno' [ 415.031942][ T5915] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 415.056233][T12121] fuse: Bad value for 'fd' [ 415.126274][T12123] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2024'. [ 415.196276][ T5915] usb 4-1: config 1 has an invalid interface number: 7 but max is 0 [ 415.204513][ T5915] usb 4-1: config 1 has no interface number 0 [ 415.212544][ T5915] usb 4-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 415.224644][ T5915] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 415.235093][ T5915] usb 4-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 415.250514][ T5915] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 415.260705][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 415.268934][ T5915] usb 4-1: Product: syz [ 415.273733][ T5915] usb 4-1: Manufacturer: syz [ 415.278986][ T5915] usb 4-1: SerialNumber: syz [ 415.290784][T12119] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 415.507897][T12119] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 415.710925][T12139] FAULT_INJECTION: forcing a failure. [ 415.710925][T12139] name failslab, interval 1, probability 0, space 0, times 0 [ 415.729628][T12139] CPU: 0 UID: 0 PID: 12139 Comm: syz.2.2029 Tainted: G L syzkaller #0 PREEMPT(full) [ 415.729666][T12139] Tainted: [L]=SOFTLOCKUP [ 415.729676][T12139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 415.729691][T12139] Call Trace: [ 415.729700][T12139] [ 415.729710][T12139] dump_stack_lvl+0xe8/0x150 [ 415.729742][T12139] should_fail_ex+0x414/0x560 [ 415.729782][T12139] should_failslab+0xa8/0x100 [ 415.729811][T12139] __kmalloc_noprof+0xdf/0x800 [ 415.729845][T12139] ? kfree+0x4d/0x660 [ 415.729872][T12139] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 415.729914][T12139] tomoyo_realpath_from_path+0xe3/0x5d0 [ 415.729952][T12139] ? tomoyo_domain+0xd8/0x130 [ 415.729992][T12139] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 415.730022][T12139] tomoyo_path_number_perm+0x1e8/0x5a0 [ 415.730053][T12139] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 415.730080][T12139] ? __lock_acquire+0x6b6/0x2cf0 [ 415.730126][T12139] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 415.730171][T12139] ? __fget_files+0x2a/0x420 [ 415.730201][T12139] ? __fget_files+0x2a/0x420 [ 415.730225][T12139] ? __fget_files+0x3a0/0x420 [ 415.730258][T12139] ? __fget_files+0x2a/0x420 [ 415.730290][T12139] security_file_ioctl+0xcb/0x2d0 [ 415.730319][T12139] __se_sys_ioctl+0x47/0x170 [ 415.730355][T12139] do_syscall_64+0xec/0xf80 [ 415.730380][T12139] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.730402][T12139] ? trace_irq_disable+0x37/0x100 [ 415.730427][T12139] ? clear_bhb_loop+0x40/0x90 [ 415.730456][T12139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.730477][T12139] RIP: 0033:0x7fce3898f749 [ 415.730498][T12139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 415.730519][T12139] RSP: 002b:00007fce398b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 415.730542][T12139] RAX: ffffffffffffffda RBX: 00007fce38be5fa0 RCX: 00007fce3898f749 [ 415.730558][T12139] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000a [ 415.730573][T12139] RBP: 00007fce398b0090 R08: 0000000000000000 R09: 0000000000000000 [ 415.730587][T12139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 415.730599][T12139] R13: 00007fce38be6038 R14: 00007fce38be5fa0 R15: 00007fff0ed3b578 [ 415.730633][T12139] [ 416.010233][T12139] ERROR: Out of memory at tomoyo_realpath_from_path. [ 416.048531][T12147] fuse: Unknown parameter 'roOtmode' [ 416.099579][ T5915] usb 4-1: Incompatible driver and firmware versions [ 416.130388][ T5915] usb 4-1: USB disconnect, device number 13 [ 416.219175][T12151] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2033'. [ 416.346031][T12153] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 416.352974][T12153] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 416.362937][T12153] vhci_hcd vhci_hcd.0: Device attached [ 416.374371][T12156] vhci_hcd: connection closed [ 416.376661][ T60] vhci_hcd vhci_hcd.2: stop threads [ 416.388538][ T60] vhci_hcd vhci_hcd.2: release socket [ 416.396817][ T60] vhci_hcd vhci_hcd.2: disconnect device [ 416.507721][T12161] syzkaller1: entered promiscuous mode [ 416.520781][T12161] syzkaller1: entered allmulticast mode [ 416.541732][T12161] FAULT_FLAG_ALLOW_RETRY missing 801 [ 416.547113][T12161] CPU: 1 UID: 0 PID: 12161 Comm: syz.1.2036 Tainted: G L syzkaller #0 PREEMPT(full) [ 416.547149][T12161] Tainted: [L]=SOFTLOCKUP [ 416.547162][T12161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 416.547175][T12161] Call Trace: [ 416.547183][T12161] [ 416.547193][T12161] dump_stack_lvl+0xe8/0x150 [ 416.547221][T12161] handle_userfault+0x14c3/0x17b0 [ 416.547252][T12161] ? __folio_put+0x21b/0x2c0 [ 416.547277][T12161] ? __pfx_handle_userfault+0x10/0x10 [ 416.547319][T12161] handle_mm_fault+0x1b26/0x32b0 [ 416.547344][T12161] ? pte_offset_map_lock+0x13e/0x210 [ 416.547379][T12161] ? handle_mm_fault+0xdb/0x32b0 [ 416.547412][T12161] ? __pfx_handle_mm_fault+0x10/0x10 [ 416.547438][T12161] ? follow_page_pte+0x7ef/0x13e0 [ 416.547469][T12161] ? __pfx_follow_page_pte+0x10/0x10 [ 416.547501][T12161] __get_user_pages+0x1650/0x29f0 [ 416.547547][T12161] populate_vma_page_range+0x29f/0x3a0 [ 416.547572][T12161] ? __pfx_populate_vma_page_range+0x10/0x10 [ 416.547592][T12161] ? vma_wants_writenotify+0xb3/0x2a0 [ 416.547619][T12161] ? vma_set_page_prot+0xc3/0x100 [ 416.547645][T12161] mprotect_fixup+0x845/0xa30 [ 416.547671][T12161] ? __pfx_mprotect_fixup+0x10/0x10 [ 416.547699][T12161] do_mprotect_pkey+0x8c5/0xcd0 [ 416.547730][T12161] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 416.547760][T12161] ? __se_sys_futex+0x36f/0x400 [ 416.547801][T12161] ? rcu_is_watching+0x15/0xb0 [ 416.547826][T12161] __x64_sys_mprotect+0x80/0x90 [ 416.547846][T12161] do_syscall_64+0xec/0xf80 [ 416.547865][T12161] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.547883][T12161] ? trace_irq_disable+0x37/0x100 [ 416.547905][T12161] ? clear_bhb_loop+0x40/0x90 [ 416.547927][T12161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.547945][T12161] RIP: 0033:0x7f272238f749 [ 416.547964][T12161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.547980][T12161] RSP: 002b:00007f2723205038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 416.548000][T12161] RAX: ffffffffffffffda RBX: 00007f27225e5fa0 RCX: 00007f272238f749 [ 416.548014][T12161] RDX: 000000000000000f RSI: 0000000000004000 RDI: 0000200000ffc000 [ 416.548025][T12161] RBP: 00007f2722413f91 R08: 0000000000000000 R09: 0000000000000000 [ 416.548038][T12161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 416.548049][T12161] R13: 00007f27225e6038 R14: 00007f27225e5fa0 R15: 00007ffcfa54c008 [ 416.548077][T12161] [ 416.898084][T12165] FAULT_INJECTION: forcing a failure. [ 416.898084][T12165] name failslab, interval 1, probability 0, space 0, times 0 [ 416.930248][T12165] CPU: 1 UID: 0 PID: 12165 Comm: syz.0.2038 Tainted: G L syzkaller #0 PREEMPT(full) [ 416.930285][T12165] Tainted: [L]=SOFTLOCKUP [ 416.930294][T12165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 416.930307][T12165] Call Trace: [ 416.930316][T12165] [ 416.930326][T12165] dump_stack_lvl+0xe8/0x150 [ 416.930355][T12165] should_fail_ex+0x414/0x560 [ 416.930392][T12165] should_failslab+0xa8/0x100 [ 416.930419][T12165] __kmalloc_noprof+0xdf/0x800 [ 416.930451][T12165] ? kfree+0x4d/0x660 [ 416.930478][T12165] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 416.930519][T12165] tomoyo_realpath_from_path+0xe3/0x5d0 [ 416.930555][T12165] ? tomoyo_domain+0xd8/0x130 [ 416.930594][T12165] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 416.930623][T12165] tomoyo_path_number_perm+0x1e8/0x5a0 [ 416.930654][T12165] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 416.930682][T12165] ? __lock_acquire+0x6b6/0x2cf0 [ 416.930731][T12165] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 416.930779][T12165] ? __fget_files+0x2a/0x420 [ 416.930810][T12165] ? __fget_files+0x2a/0x420 [ 416.930837][T12165] ? __fget_files+0x3a0/0x420 [ 416.930864][T12165] ? __fget_files+0x2a/0x420 [ 416.930897][T12165] security_file_ioctl+0xcb/0x2d0 [ 416.930926][T12165] __se_sys_ioctl+0x47/0x170 [ 416.930964][T12165] do_syscall_64+0xec/0xf80 [ 416.930987][T12165] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.931009][T12165] ? trace_irq_disable+0x37/0x100 [ 416.931035][T12165] ? clear_bhb_loop+0x40/0x90 [ 416.931063][T12165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.931085][T12165] RIP: 0033:0x7fd20138f749 [ 416.931107][T12165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.931133][T12165] RSP: 002b:00007fd202231038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 416.931156][T12165] RAX: ffffffffffffffda RBX: 00007fd2015e5fa0 RCX: 00007fd20138f749 [ 416.931173][T12165] RDX: 0000200000000580 RSI: 00000000c040565f RDI: 0000000000000003 [ 416.931188][T12165] RBP: 00007fd202231090 R08: 0000000000000000 R09: 0000000000000000 [ 416.931202][T12165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 416.931215][T12165] R13: 00007fd2015e6038 R14: 00007fd2015e5fa0 R15: 00007ffdb4e4af38 [ 416.931250][T12165] [ 416.931260][T12165] ERROR: Out of memory at tomoyo_realpath_from_path. [ 416.972466][T12167] sctp: [Deprecated]: syz.1.2039 (pid 12167) Use of struct sctp_assoc_value in delayed_ack socket option. [ 416.972466][T12167] Use struct sctp_sack_info instead [ 417.373892][ T29] audit: type=1326 audit(1767949383.097:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12174 comm="syz.2.2043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce3898f749 code=0x7ffc0000 [ 417.399080][T12175] input: syz1 as /devices/virtual/input/input60 [ 417.440238][ T29] audit: type=1326 audit(1767949383.097:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12174 comm="syz.2.2043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce3898f749 code=0x7ffc0000 [ 417.470631][ T29] audit: type=1326 audit(1767949383.097:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12174 comm="syz.2.2043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fce3898f749 code=0x7ffc0000 [ 417.511016][T12183] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2043'. [ 417.551904][ T29] audit: type=1326 audit(1767949383.097:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12174 comm="syz.2.2043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce3898f749 code=0x7ffc0000 [ 417.622803][ T29] audit: type=1326 audit(1767949383.097:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12174 comm="syz.2.2043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce3898f749 code=0x7ffc0000 [ 417.653727][ T29] audit: type=1326 audit(1767949383.117:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12174 comm="syz.2.2043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fce3898f749 code=0x7ffc0000 [ 417.681463][ T29] audit: type=1326 audit(1767949383.117:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12174 comm="syz.2.2043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce3898f749 code=0x7ffc0000 [ 417.705238][ T29] audit: type=1326 audit(1767949383.117:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12174 comm="syz.2.2043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce3898f749 code=0x7ffc0000 [ 417.830535][ T8382] usb 2-1: new high-speed USB device number 121 using dummy_hcd [ 417.847535][T12191] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.861690][T12191] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.886698][T12193] fuse: Bad value for 'group_id' [ 417.893132][T12193] fuse: Bad value for 'group_id' [ 417.902939][T12193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.915568][T12193] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.939110][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.995147][ T8382] usb 2-1: config 1 has an invalid interface number: 7 but max is 0 [ 418.003813][ T8382] usb 2-1: config 1 has no interface number 0 [ 418.010683][ T8382] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 418.022928][ T8382] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 418.039425][ T8382] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 418.053602][ T8382] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 418.063132][ T8382] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.072165][ T8382] usb 2-1: Product: syz [ 418.076569][ T8382] usb 2-1: Manufacturer: syz [ 418.082023][ T8382] usb 2-1: SerialNumber: syz [ 418.101516][T12186] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 418.312351][T12186] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 418.600151][ T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 418.718044][ T8382] usb 2-1: Incompatible driver and firmware versions [ 418.739004][ T8382] usb 2-1: USB disconnect, device number 121 [ 418.745336][ T9] usb 4-1: device descriptor read/64, error -71 [ 418.894193][T12222] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 418.904266][T12222] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 418.991240][ T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 419.049447][T12226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.058448][T12226] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 419.130191][ T9] usb 4-1: device descriptor read/64, error -71 [ 419.251200][ T9] usb usb4-port1: attempt power cycle [ 419.590193][ T9] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 419.610817][ T9] usb 4-1: device descriptor read/8, error -71 [ 419.637905][T12236] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.655013][T12236] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 419.663656][ T24] usb 2-1: new high-speed USB device number 122 using dummy_hcd [ 419.698904][T12236] hpfs: Bad magic ... probably not HPFS [ 419.824213][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 419.835929][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 419.852348][ T24] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 419.861721][ T24] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 419.869769][ T24] usb 2-1: Manufacturer: syz [ 419.880476][ T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 419.887360][ T24] usb 2-1: config 0 descriptor?? [ 419.916660][ T9] usb 4-1: device descriptor read/8, error -71 [ 420.030399][ T9] usb usb4-port1: unable to enumerate USB device [ 420.158482][T12246] FAULT_INJECTION: forcing a failure. [ 420.158482][T12246] name failslab, interval 1, probability 0, space 0, times 0 [ 420.171562][T12246] CPU: 0 UID: 0 PID: 12246 Comm: syz.0.2070 Tainted: G L syzkaller #0 PREEMPT(full) [ 420.171598][T12246] Tainted: [L]=SOFTLOCKUP [ 420.171607][T12246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 420.171621][T12246] Call Trace: [ 420.171631][T12246] [ 420.171640][T12246] dump_stack_lvl+0xe8/0x150 [ 420.171670][T12246] should_fail_ex+0x414/0x560 [ 420.171706][T12246] should_failslab+0xa8/0x100 [ 420.171733][T12246] __kmalloc_noprof+0xdf/0x800 [ 420.171765][T12246] ? kfree+0x4d/0x660 [ 420.171793][T12246] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 420.171839][T12246] tomoyo_realpath_from_path+0xe3/0x5d0 [ 420.171875][T12246] ? tomoyo_domain+0xd8/0x130 [ 420.171915][T12246] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 420.171945][T12246] tomoyo_path_number_perm+0x1e8/0x5a0 [ 420.171977][T12246] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 420.172005][T12246] ? __lock_acquire+0x6b6/0x2cf0 [ 420.172054][T12246] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 420.172100][T12246] ? __fget_files+0x2a/0x420 [ 420.172139][T12246] ? __fget_files+0x2a/0x420 [ 420.172166][T12246] ? __fget_files+0x3a0/0x420 [ 420.172193][T12246] ? __fget_files+0x2a/0x420 [ 420.172238][T12246] security_file_ioctl+0xcb/0x2d0 [ 420.172266][T12246] __se_sys_ioctl+0x47/0x170 [ 420.172304][T12246] do_syscall_64+0xec/0xf80 [ 420.172328][T12246] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.172349][T12246] ? trace_irq_disable+0x37/0x100 [ 420.172375][T12246] ? clear_bhb_loop+0x40/0x90 [ 420.172403][T12246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.172427][T12246] RIP: 0033:0x7fd20138f749 [ 420.172447][T12246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.172468][T12246] RSP: 002b:00007fd202210038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 420.172491][T12246] RAX: ffffffffffffffda RBX: 00007fd2015e6090 RCX: 00007fd20138f749 [ 420.172508][T12246] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 420.172522][T12246] RBP: 00007fd202210090 R08: 0000000000000000 R09: 0000000000000000 [ 420.172536][T12246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 420.172550][T12246] R13: 00007fd2015e6128 R14: 00007fd2015e6090 R15: 00007ffdb4e4af38 [ 420.172585][T12246] [ 420.172653][T12246] ERROR: Out of memory at tomoyo_realpath_from_path. [ 420.528595][T12249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 420.537964][T12249] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 420.922024][ T24] uclogic 0003:256C:006D.001B: v1 frame probing failed: -71 [ 420.930584][ T24] uclogic 0003:256C:006D.001B: failed probing parameters: -71 [ 420.938253][ T24] uclogic 0003:256C:006D.001B: probe with driver uclogic failed with error -71 [ 420.953997][ T24] usb 2-1: USB disconnect, device number 122 [ 421.254603][T12252] netlink: 830 bytes leftover after parsing attributes in process `syz.0.2080'. [ 421.264498][T12252] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 421.276241][T12252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 421.291934][T12252] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 421.301244][T12254] syzkaller1: entered promiscuous mode [ 421.306915][T12254] syzkaller1: entered allmulticast mode [ 421.329120][T12254] handle_userfault: 29 callbacks suppressed [ 421.329143][T12254] FAULT_FLAG_ALLOW_RETRY missing 801 [ 421.358839][T12254] CPU: 1 UID: 0 PID: 12254 Comm: syz.2.2072 Tainted: G L syzkaller #0 PREEMPT(full) [ 421.358878][T12254] Tainted: [L]=SOFTLOCKUP [ 421.358888][T12254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 421.358904][T12254] Call Trace: [ 421.358914][T12254] [ 421.358924][T12254] dump_stack_lvl+0xe8/0x150 [ 421.358956][T12254] handle_userfault+0x14c3/0x17b0 [ 421.358993][T12254] ? __folio_put+0x21b/0x2c0 [ 421.359027][T12254] ? __pfx_handle_userfault+0x10/0x10 [ 421.359083][T12254] handle_mm_fault+0x1b26/0x32b0 [ 421.359115][T12254] ? pte_offset_map_lock+0x13e/0x210 [ 421.359162][T12254] ? handle_mm_fault+0xdb/0x32b0 [ 421.359202][T12254] ? __pfx_handle_mm_fault+0x10/0x10 [ 421.359234][T12254] ? follow_page_pte+0x7ef/0x13e0 [ 421.359275][T12254] ? __pfx_follow_page_pte+0x10/0x10 [ 421.359314][T12254] __get_user_pages+0x1650/0x29f0 [ 421.359375][T12254] populate_vma_page_range+0x29f/0x3a0 [ 421.359407][T12254] ? __pfx_populate_vma_page_range+0x10/0x10 [ 421.359434][T12254] ? vma_wants_writenotify+0xb3/0x2a0 [ 421.359469][T12254] ? vma_set_page_prot+0xc3/0x100 [ 421.359503][T12254] mprotect_fixup+0x845/0xa30 [ 421.359537][T12254] ? __pfx_mprotect_fixup+0x10/0x10 [ 421.359575][T12254] do_mprotect_pkey+0x8c5/0xcd0 [ 421.359615][T12254] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 421.359656][T12254] ? __se_sys_futex+0x36f/0x400 [ 421.359713][T12254] ? rcu_is_watching+0x15/0xb0 [ 421.359746][T12254] __x64_sys_mprotect+0x80/0x90 [ 421.359773][T12254] do_syscall_64+0xec/0xf80 [ 421.359799][T12254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.359823][T12254] ? trace_irq_disable+0x37/0x100 [ 421.359851][T12254] ? clear_bhb_loop+0x40/0x90 [ 421.359880][T12254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.359903][T12254] RIP: 0033:0x7fce3898f749 [ 421.359926][T12254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.359946][T12254] RSP: 002b:00007fce398b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 421.359974][T12254] RAX: ffffffffffffffda RBX: 00007fce38be5fa0 RCX: 00007fce3898f749 [ 421.359990][T12254] RDX: 000000000000000f RSI: 0000000000004000 RDI: 0000200000ffc000 [ 421.360005][T12254] RBP: 00007fce38a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 421.360020][T12254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 421.360033][T12254] R13: 00007fce38be6038 R14: 00007fce38be5fa0 R15: 00007fff0ed3b578 [ 421.360065][T12254] [ 422.145681][T12283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 422.162151][T12283] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.353093][ T8383] usb 2-1: new high-speed USB device number 123 using dummy_hcd [ 422.513135][ T8383] usb 2-1: config 1 has an invalid interface number: 7 but max is 0 [ 422.521769][ T8383] usb 2-1: config 1 has no interface number 0 [ 422.528394][ T8383] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 422.553580][ T8383] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 422.567988][ T8383] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 422.598554][ T8383] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 422.608068][ T8383] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.616779][ T8383] usb 2-1: Product: syz [ 422.622756][ T8383] usb 2-1: Manufacturer: syz [ 422.627421][ T8383] usb 2-1: SerialNumber: syz [ 422.643501][T12281] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 422.657507][T12296] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2086'. [ 422.680510][ T5915] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 422.840196][ T5915] usb 4-1: Using ep0 maxpacket: 32 [ 422.848661][ T5915] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 422.859784][T12281] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 422.871270][ T5915] usb 4-1: config 0 has no interface number 0 [ 422.877550][ T5915] usb 4-1: config 0 interface 184 has no altsetting 0 [ 422.921012][ T5915] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 422.941329][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.961730][ T5915] usb 4-1: Product: syz [ 422.982130][ T5915] usb 4-1: Manufacturer: syz [ 422.986826][ T5915] usb 4-1: SerialNumber: syz [ 423.010308][ T5915] usb 4-1: config 0 descriptor?? [ 423.024710][ T5915] smsc75xx v1.0.0 [ 423.238745][T12308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 423.249272][T12308] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 423.260840][ T8383] usb 2-1: Incompatible driver and firmware versions [ 423.288454][ T8383] usb 2-1: USB disconnect, device number 123 [ 423.634021][ T5915] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 423.646704][ T5915] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 423.706257][T12310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 423.715694][T12310] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 423.870257][ T5915] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -32 [ 423.892650][ T5915] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -32 [ 423.904575][T12291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 423.916267][ T5915] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32 [ 423.927604][T12291] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 423.944234][ T5915] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -32 [ 423.972386][ T5915] usb 4-1: USB disconnect, device number 18 [ 423.980761][T12316] netlink: 830 bytes leftover after parsing attributes in process `syz.1.2093'. [ 423.991046][T12316] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 424.261286][ T36] usb 2-1: new high-speed USB device number 124 using dummy_hcd [ 424.314411][T12330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 424.324306][T12330] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 424.343074][T12330] program syz.0.2098 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 424.430197][ T36] usb 2-1: Using ep0 maxpacket: 32 [ 424.443650][ T36] usb 2-1: config 0 has an invalid interface number: 119 but max is 0 [ 424.452770][ T36] usb 2-1: config 0 has no interface number 0 [ 424.458923][ T36] usb 2-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 424.472470][ T36] usb 2-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 424.504269][ T36] usb 2-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 424.532878][ T36] usb 2-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 424.551978][ T36] usb 2-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 424.581225][ T36] usb 2-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 424.600126][ T36] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.621385][ T36] usb 2-1: Product: syz [ 424.626208][ T36] usb 2-1: Manufacturer: syz [ 424.631200][ T36] usb 2-1: SerialNumber: syz [ 424.647966][ T36] usb 2-1: config 0 descriptor?? [ 424.659573][T12316] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 424.676336][ T36] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.119/input/input61 [ 424.687749][ T5175] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 424.992460][T12344] FAULT_INJECTION: forcing a failure. [ 424.992460][T12344] name failslab, interval 1, probability 0, space 0, times 0 [ 425.010107][T12344] CPU: 1 UID: 0 PID: 12344 Comm: syz.3.2104 Tainted: G L syzkaller #0 PREEMPT(full) [ 425.010143][T12344] Tainted: [L]=SOFTLOCKUP [ 425.010152][T12344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 425.010165][T12344] Call Trace: [ 425.010174][T12344] [ 425.010184][T12344] dump_stack_lvl+0xe8/0x150 [ 425.010215][T12344] should_fail_ex+0x414/0x560 [ 425.010251][T12344] should_failslab+0xa8/0x100 [ 425.010280][T12344] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 425.010314][T12344] ? __alloc_skb+0x1dc/0x3a0 [ 425.010334][T12344] ? __local_bh_enable_ip+0xd0/0x130 [ 425.010368][T12344] ? __alloc_skb+0x198/0x3a0 [ 425.010389][T12344] __alloc_skb+0x1dc/0x3a0 [ 425.010415][T12344] mgmt_cmd_status+0x41/0x500 [ 425.010462][T12344] set_external_config+0x24c/0x670 [ 425.010498][T12344] ? __pfx_set_external_config+0x10/0x10 [ 425.010538][T12344] hci_mgmt_cmd+0xa14/0xfa0 [ 425.010582][T12344] hci_sock_sendmsg+0x6d7/0xf30 [ 425.010620][T12344] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 425.010656][T12344] ? __pfx_aa_file_perm+0x10/0x10 [ 425.010694][T12344] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 425.010741][T12344] sock_sendmsg_nosec+0x18f/0x1d0 [ 425.010775][T12344] sock_write_iter+0x2d9/0x3d0 [ 425.010806][T12344] ? __pfx_sock_write_iter+0x10/0x10 [ 425.010845][T12344] ? bpf_lsm_file_permission+0x9/0x20 [ 425.010866][T12344] ? security_file_permission+0x75/0x290 [ 425.010900][T12344] vfs_write+0x5c9/0xb30 [ 425.010928][T12344] ? __pfx_sock_write_iter+0x10/0x10 [ 425.010957][T12344] ? __pfx_vfs_write+0x10/0x10 [ 425.010988][T12344] ? __fget_files+0x2a/0x420 [ 425.011026][T12344] ksys_write+0x145/0x250 [ 425.011051][T12344] ? __pfx_ksys_write+0x10/0x10 [ 425.011084][T12344] do_syscall_64+0xec/0xf80 [ 425.011108][T12344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.011129][T12344] ? trace_irq_disable+0x37/0x100 [ 425.011153][T12344] ? clear_bhb_loop+0x40/0x90 [ 425.011180][T12344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.011203][T12344] RIP: 0033:0x7f5d9858f749 [ 425.011225][T12344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.011243][T12344] RSP: 002b:00007f5d994e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 425.011266][T12344] RAX: ffffffffffffffda RBX: 00007f5d987e5fa0 RCX: 00007f5d9858f749 [ 425.011283][T12344] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000004 [ 425.011296][T12344] RBP: 00007f5d994e5090 R08: 0000000000000000 R09: 0000000000000000 [ 425.011310][T12344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.011323][T12344] R13: 00007f5d987e6038 R14: 00007f5d987e5fa0 R15: 00007fff4eb41b98 [ 425.011357][T12344] [ 425.386717][ T5915] usb 2-1: USB disconnect, device number 124 [ 425.660644][T12358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 425.680186][T12360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 425.689508][T12358] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 425.704214][T12360] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 425.725937][T12360] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2109'. [ 425.761262][T12359] delete_channel: no stack [ 426.027111][T12365] FAULT_INJECTION: forcing a failure. [ 426.027111][T12365] name failslab, interval 1, probability 0, space 0, times 0 [ 426.044539][T12365] CPU: 1 UID: 0 PID: 12365 Comm: syz.3.2111 Tainted: G L syzkaller #0 PREEMPT(full) [ 426.044576][T12365] Tainted: [L]=SOFTLOCKUP [ 426.044584][T12365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 426.044598][T12365] Call Trace: [ 426.044607][T12365] [ 426.044616][T12365] dump_stack_lvl+0xe8/0x150 [ 426.044644][T12365] should_fail_ex+0x414/0x560 [ 426.044680][T12365] should_failslab+0xa8/0x100 [ 426.044705][T12365] __kmalloc_noprof+0xdf/0x800 [ 426.044735][T12365] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 426.044759][T12365] ? sock_kmalloc+0xd6/0x160 [ 426.044788][T12365] sock_kmalloc+0xd6/0x160 [ 426.044817][T12365] af_alg_alloc_areq+0x99/0x200 [ 426.044846][T12365] skcipher_recvmsg+0x359/0x11d0 [ 426.044880][T12365] ? __lock_acquire+0x6b6/0x2cf0 [ 426.044924][T12365] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 426.044951][T12365] ? __lock_acquire+0x6b6/0x2cf0 [ 426.044989][T12365] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 426.045019][T12365] sock_recvmsg_nosec+0x186/0x1c0 [ 426.045054][T12365] ____sys_recvmsg+0x21e/0x4c0 [ 426.045089][T12365] ? __pfx_____sys_recvmsg+0x10/0x10 [ 426.045130][T12365] ? import_iovec+0x74/0xa0 [ 426.045159][T12365] ___sys_recvmsg+0x1b5/0x510 [ 426.045179][T12365] ? get_pid_task+0x20/0x1f0 [ 426.045206][T12365] ? __pfx____sys_recvmsg+0x10/0x10 [ 426.045234][T12365] ? __fget_files+0x2a/0x420 [ 426.045276][T12365] ? __fget_files+0x3a0/0x420 [ 426.045321][T12365] __x64_sys_recvmsg+0x198/0x260 [ 426.045346][T12365] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 426.045377][T12365] ? __pfx_ksys_write+0x10/0x10 [ 426.045406][T12365] do_syscall_64+0xec/0xf80 [ 426.045427][T12365] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.045446][T12365] ? trace_irq_disable+0x37/0x100 [ 426.045469][T12365] ? clear_bhb_loop+0x40/0x90 [ 426.045495][T12365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.045518][T12365] RIP: 0033:0x7f5d9858f749 [ 426.045538][T12365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.045557][T12365] RSP: 002b:00007f5d994e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 426.045581][T12365] RAX: ffffffffffffffda RBX: 00007f5d987e5fa0 RCX: 00007f5d9858f749 [ 426.045596][T12365] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004 [ 426.045611][T12365] RBP: 00007f5d994e5090 R08: 0000000000000000 R09: 0000000000000000 [ 426.045625][T12365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 426.045639][T12365] R13: 00007f5d987e6038 R14: 00007f5d987e5fa0 R15: 00007fff4eb41b98 [ 426.045670][T12365] [ 426.075092][T12364] PKCS7: Unknown OID: [5] (bad) [ 426.322814][T12364] PKCS7: Only support pkcs7_signedData type [ 426.418909][T12364] netlink: 'syz.1.2110': attribute type 1 has an invalid length. [ 426.442596][T12371] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 426.459806][T12371] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 426.704324][T12386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 426.715525][T12386] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 426.837535][T12389] netlink: 830 bytes leftover after parsing attributes in process `syz.2.2119'. [ 426.850021][T12389] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 426.878128][T12389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 426.890292][T12389] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 427.054299][T12395] FAULT_INJECTION: forcing a failure. [ 427.054299][T12395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 427.073235][T12395] CPU: 1 UID: 0 PID: 12395 Comm: syz.1.2120 Tainted: G L syzkaller #0 PREEMPT(full) [ 427.073273][T12395] Tainted: [L]=SOFTLOCKUP [ 427.073282][T12395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 427.073297][T12395] Call Trace: [ 427.073307][T12395] [ 427.073317][T12395] dump_stack_lvl+0xe8/0x150 [ 427.073349][T12395] should_fail_ex+0x414/0x560 [ 427.073389][T12395] _copy_from_user+0x2d/0xb0 [ 427.073416][T12395] kstrtouint_from_user+0xc4/0x170 [ 427.073455][T12395] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 427.073507][T12395] proc_fail_nth_write+0x88/0x200 [ 427.073538][T12395] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 427.073569][T12395] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 427.073596][T12395] vfs_write+0x27e/0xb30 [ 427.073630][T12395] ? __pfx_vfs_write+0x10/0x10 [ 427.073654][T12395] ? __fget_files+0x2a/0x420 [ 427.073689][T12395] ? __fget_files+0x3a0/0x420 [ 427.073716][T12395] ? __fget_files+0x2a/0x420 [ 427.073755][T12395] ksys_write+0x145/0x250 [ 427.073781][T12395] ? __pfx_ksys_write+0x10/0x10 [ 427.073816][T12395] do_syscall_64+0xec/0xf80 [ 427.073841][T12395] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.073864][T12395] ? trace_irq_disable+0x37/0x100 [ 427.073890][T12395] ? clear_bhb_loop+0x40/0x90 [ 427.073918][T12395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.073942][T12395] RIP: 0033:0x7f272238e1ff [ 427.073964][T12395] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 427.073984][T12395] RSP: 002b:00007f2723205030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 427.074009][T12395] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f272238e1ff [ 427.074025][T12395] RDX: 0000000000000001 RSI: 00007f27232050a0 RDI: 0000000000000003 [ 427.074040][T12395] RBP: 00007f2723205090 R08: 0000000000000000 R09: 0000000000000000 [ 427.074054][T12395] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 427.074068][T12395] R13: 00007f27225e6038 R14: 00007f27225e5fa0 R15: 00007ffcfa54c008 [ 427.074105][T12395] [ 427.391595][T12386] fuse: Unknown parameter '0x00000000000000000x0000000000000004' [ 427.670487][ T8382] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 427.780122][ T36] usb 2-1: new high-speed USB device number 125 using dummy_hcd [ 427.847258][ T8382] usb 4-1: config 1 has an invalid interface number: 7 but max is 0 [ 427.858535][ T8382] usb 4-1: config 1 has no interface number 0 [ 427.865101][ T8382] usb 4-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 427.877849][ T8382] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 427.889412][ T8382] usb 4-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 427.903757][ T8382] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 427.915800][ T8382] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.923947][ T8382] usb 4-1: Product: syz [ 427.928303][ T8382] usb 4-1: Manufacturer: syz [ 427.933180][ T8382] usb 4-1: SerialNumber: syz [ 427.940058][ T36] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 427.949782][ T36] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.964888][T12400] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 427.992551][ T36] usb 2-1: config 0 descriptor?? [ 428.005396][ T36] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 428.198426][T12400] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 428.324592][T12421] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 428.344530][T12419] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 428.349222][T12421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 428.364173][T12419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 428.373198][T12421] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 428.382286][T12419] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 428.395540][T12419] program syz.0.2132 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 428.424254][ T36] gspca_cpia1: usb_control_msg 03, error -32 [ 428.568571][ T8382] usb 4-1: Incompatible driver and firmware versions [ 428.592919][ T8382] usb 4-1: USB disconnect, device number 19 [ 428.619755][ T36] gspca_cpia1: usb_control_msg 03, error -71 [ 428.629724][ T36] gspca_cpia1: usb_control_msg 01, error -71 [ 428.639459][ T36] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 428.651402][ T36] usb 2-1: USB disconnect, device number 125 [ 428.985680][T12432] loop9: detected capacity change from 0 to 7 [ 428.997525][T12432] Dev loop9: unable to read RDB block 7 [ 429.004002][T12432] loop9: unable to read partition table [ 429.011504][T12432] loop9: partition table beyond EOD, truncated [ 429.017987][T12432] loop_reread_partitions: partition scan of loop9 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 429.083838][T12432] Dev loop9: unable to read RDB block 7 [ 429.089890][T12432] loop9: unable to read partition table [ 429.097705][T12432] loop9: partition table beyond EOD, truncated [ 429.098000][T12432] loop_reread_partitions: partition scan of loop9 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 429.324593][T12440] kAFS: unable to lookup cell '/yz1' [ 429.854391][ T8383] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 429.896607][T12458] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 429.911419][T12458] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 429.942019][T12460] FAULT_INJECTION: forcing a failure. [ 429.942019][T12460] name failslab, interval 1, probability 0, space 0, times 0 [ 429.954820][T12460] CPU: 0 UID: 0 PID: 12460 Comm: syz.0.2145 Tainted: G L syzkaller #0 PREEMPT(full) [ 429.954855][T12460] Tainted: [L]=SOFTLOCKUP [ 429.954863][T12460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 429.954877][T12460] Call Trace: [ 429.954885][T12460] [ 429.954894][T12460] dump_stack_lvl+0xe8/0x150 [ 429.954925][T12460] should_fail_ex+0x414/0x560 [ 429.954972][T12460] should_failslab+0xa8/0x100 [ 429.954999][T12460] __kmalloc_node_track_caller_noprof+0xe2/0x820 [ 429.955037][T12460] ? vfs_parse_monolithic_sep+0x206/0x320 [ 429.955076][T12460] kmemdup_nul+0x36/0xf0 [ 429.955101][T12460] vfs_parse_monolithic_sep+0x206/0x320 [ 429.955133][T12460] ? __pfx_ovl_next_opt+0x10/0x10 [ 429.955154][T12460] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 429.955189][T12460] ? get_user_ns+0xff/0x1f0 [ 429.955222][T12460] ? alloc_fs_context+0x4b1/0x590 [ 429.955258][T12460] do_new_mount+0x2cb/0xa10 [ 429.955283][T12460] ? apparmor_capable+0x137/0x1a0 [ 429.955308][T12460] ? security_capable+0x7e/0x2e0 [ 429.955337][T12460] ? __pfx_do_new_mount+0x10/0x10 [ 429.955363][T12460] ? ns_capable+0x8a/0xf0 [ 429.955395][T12460] ? path_mount+0x628/0xff0 [ 429.955419][T12460] ? kmem_cache_free+0x197/0x620 [ 429.955462][T12460] __se_sys_mount+0x313/0x410 [ 429.955494][T12460] ? __pfx___se_sys_mount+0x10/0x10 [ 429.955528][T12460] ? __x64_sys_mount+0x20/0xc0 [ 429.955557][T12460] do_syscall_64+0xec/0xf80 [ 429.955580][T12460] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.955603][T12460] ? trace_irq_disable+0x37/0x100 [ 429.955628][T12460] ? clear_bhb_loop+0x40/0x90 [ 429.955656][T12460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.955677][T12460] RIP: 0033:0x7fd20138f749 [ 429.955697][T12460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 429.955718][T12460] RSP: 002b:00007fd202231038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 429.955742][T12460] RAX: ffffffffffffffda RBX: 00007fd2015e5fa0 RCX: 00007fd20138f749 [ 429.955758][T12460] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 429.955772][T12460] RBP: 00007fd202231090 R08: 0000200000000900 R09: 0000000000000000 [ 429.955787][T12460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 429.955800][T12460] R13: 00007fd2015e6038 R14: 00007fd2015e5fa0 R15: 00007ffdb4e4af38 [ 429.955833][T12460] [ 430.218973][ T8383] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 430.228356][ T8383] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 430.239856][ T8383] usb 4-1: Product: syz [ 430.244576][ T8383] usb 4-1: SerialNumber: syz [ 430.256092][ T8383] usb 4-1: config 0 descriptor?? [ 430.291602][T12464] FAULT_INJECTION: forcing a failure. [ 430.291602][T12464] name failslab, interval 1, probability 0, space 0, times 0 [ 430.305312][T12464] CPU: 1 UID: 0 PID: 12464 Comm: syz.0.2147 Tainted: G L syzkaller #0 PREEMPT(full) [ 430.305338][T12464] Tainted: [L]=SOFTLOCKUP [ 430.305344][T12464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 430.305357][T12464] Call Trace: [ 430.305364][T12464] [ 430.305370][T12464] dump_stack_lvl+0xe8/0x150 [ 430.305394][T12464] should_fail_ex+0x414/0x560 [ 430.305421][T12464] should_failslab+0xa8/0x100 [ 430.305440][T12464] __kmalloc_cache_noprof+0x84/0x700 [ 430.305466][T12464] ? nfnetlink_rcv+0xf97/0x2590 [ 430.305487][T12464] nfnetlink_rcv+0xf97/0x2590 [ 430.305527][T12464] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 430.305553][T12464] ? __pfx_save_netdev_trace_buffer+0x10/0x10 [ 430.305575][T12464] ? ref_tracker_free+0x63a/0x7d0 [ 430.305600][T12464] ? netlink_unicast+0x7fa/0x9e0 [ 430.305615][T12464] ? netlink_sendmsg+0x805/0xb30 [ 430.305654][T12464] ? __netlink_deliver_tap+0x866/0x8b0 [ 430.305674][T12464] ? netlink_deliver_tap+0x2e/0x1b0 [ 430.305705][T12464] netlink_unicast+0x82f/0x9e0 [ 430.305734][T12464] ? __pfx_netlink_unicast+0x10/0x10 [ 430.305750][T12464] ? __alloc_skb+0x198/0x3a0 [ 430.305795][T12464] ? netlink_sendmsg+0x642/0xb30 [ 430.305820][T12464] ? skb_put+0x11b/0x210 [ 430.305854][T12464] netlink_sendmsg+0x805/0xb30 [ 430.305879][T12464] ? aa_sk_perm+0x15f/0x920 [ 430.305917][T12464] ? __pfx_netlink_sendmsg+0x10/0x10 [ 430.305939][T12464] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 430.305971][T12464] ? __pfx_netlink_sendmsg+0x10/0x10 [ 430.305990][T12464] sock_sendmsg_nosec+0x18f/0x1d0 [ 430.306035][T12464] ____sys_sendmsg+0x577/0x880 [ 430.306052][T12464] ? __might_fault+0xb0/0x130 [ 430.306079][T12464] ? __pfx_____sys_sendmsg+0x10/0x10 [ 430.306128][T12464] ? import_iovec+0x74/0xa0 [ 430.306157][T12464] ___sys_sendmsg+0x21f/0x2a0 [ 430.306184][T12464] ? __pfx____sys_sendmsg+0x10/0x10 [ 430.306248][T12464] ? __fget_files+0x2a/0x420 [ 430.306269][T12464] ? __fget_files+0x3a0/0x420 [ 430.306298][T12464] __x64_sys_sendmsg+0x19b/0x260 [ 430.306318][T12464] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 430.306343][T12464] ? __pfx_ksys_write+0x10/0x10 [ 430.306367][T12464] do_syscall_64+0xec/0xf80 [ 430.306384][T12464] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.306400][T12464] ? trace_irq_disable+0x37/0x100 [ 430.306419][T12464] ? clear_bhb_loop+0x40/0x90 [ 430.306439][T12464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.306455][T12464] RIP: 0033:0x7fd20138f749 [ 430.306470][T12464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 430.306486][T12464] RSP: 002b:00007fd202231038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 430.306503][T12464] RAX: ffffffffffffffda RBX: 00007fd2015e5fa0 RCX: 00007fd20138f749 [ 430.306515][T12464] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 430.306525][T12464] RBP: 00007fd202231090 R08: 0000000000000000 R09: 0000000000000000 [ 430.306536][T12464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 430.306545][T12464] R13: 00007fd2015e6038 R14: 00007fd2015e5fa0 R15: 00007ffdb4e4af38 [ 430.306570][T12464] [ 430.640903][T12448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2140'. [ 430.682528][ T8383] usb 4-1: USB disconnect, device number 20 [ 430.750232][ T8382] usb 2-1: new high-speed USB device number 126 using dummy_hcd [ 430.901824][ T8382] usb 2-1: Using ep0 maxpacket: 32 [ 430.910817][T12472] binder: BINDER_SET_CONTEXT_MGR already set [ 430.925621][T12472] binder: 12471:12472 ioctl 4018620d 2000000002c0 returned -16 [ 430.936902][ T8382] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 430.945486][ T8382] usb 2-1: config 0 has no interface number 0 [ 430.966155][ T8382] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 431.039807][T12476] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 431.053024][T12476] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.059280][ T8382] usb 2-1: config 0 interface 85 has no altsetting 0 [ 431.075336][ T8382] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 431.100039][ T8382] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.108195][ T8382] usb 2-1: Product: syz [ 431.120541][ T8382] usb 2-1: Manufacturer: syz [ 431.125179][ T8382] usb 2-1: SerialNumber: syz [ 431.134599][ T8382] usb 2-1: config 0 descriptor?? [ 431.386381][T12487] netlink: 'syz.3.2156': attribute type 23 has an invalid length. [ 431.746210][ T8382] appletouch 2-1:0.85: Geyser mode initialized. [ 431.758179][ T8382] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input62 [ 431.790173][ T36] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 431.940322][ T36] usb 4-1: Using ep0 maxpacket: 16 [ 431.946638][T12501] FAULT_INJECTION: forcing a failure. [ 431.946638][T12501] name failslab, interval 1, probability 0, space 0, times 0 [ 431.965927][T12501] CPU: 0 UID: 0 PID: 12501 Comm: syz.0.2162 Tainted: G L syzkaller #0 PREEMPT(full) [ 431.965963][T12501] Tainted: [L]=SOFTLOCKUP [ 431.965971][T12501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 431.965989][T12501] Call Trace: [ 431.965998][T12501] [ 431.966007][T12501] dump_stack_lvl+0xe8/0x150 [ 431.966038][T12501] should_fail_ex+0x414/0x560 [ 431.966077][T12501] should_failslab+0xa8/0x100 [ 431.966103][T12501] __kmalloc_noprof+0xdf/0x800 [ 431.966135][T12501] ? tomoyo_encode+0x28b/0x550 [ 431.966182][T12501] tomoyo_encode+0x28b/0x550 [ 431.966220][T12501] tomoyo_realpath_from_path+0x58d/0x5d0 [ 431.966264][T12501] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 431.966290][T12501] tomoyo_path_number_perm+0x1e8/0x5a0 [ 431.966319][T12501] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 431.966346][T12501] ? __lock_acquire+0x6b6/0x2cf0 [ 431.966393][T12501] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 431.966438][T12501] ? __fget_files+0x2a/0x420 [ 431.966470][T12501] ? __fget_files+0x2a/0x420 [ 431.966496][T12501] ? __fget_files+0x3a0/0x420 [ 431.966523][T12501] ? __fget_files+0x2a/0x420 [ 431.966555][T12501] security_file_ioctl+0xcb/0x2d0 [ 431.966584][T12501] __se_sys_ioctl+0x47/0x170 [ 431.966621][T12501] do_syscall_64+0xec/0xf80 [ 431.966645][T12501] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.966668][T12501] ? trace_irq_disable+0x37/0x100 [ 431.966694][T12501] ? clear_bhb_loop+0x40/0x90 [ 431.966729][T12501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.966752][T12501] RIP: 0033:0x7fd20138f749 [ 431.966780][T12501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.966794][T12501] RSP: 002b:00007fd202231038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 431.966811][T12501] RAX: ffffffffffffffda RBX: 00007fd2015e5fa0 RCX: 00007fd20138f749 [ 431.966892][T12501] RDX: 0000200000000980 RSI: 0000000000000720 RDI: 0000000000000003 [ 431.966909][T12501] RBP: 00007fd202231090 R08: 0000000000000000 R09: 0000000000000000 [ 431.966919][T12501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 431.966930][T12501] R13: 00007fd2015e6038 R14: 00007fd2015e5fa0 R15: 00007ffdb4e4af38 [ 431.966988][T12501] [ 431.967095][T12501] ERROR: Out of memory at tomoyo_realpath_from_path. [ 432.210989][ T36] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 432.221028][ T36] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.221260][ T8383] usb 2-1: USB disconnect, device number 126 [ 432.229280][ T36] usb 4-1: Product: syz [ 432.229305][ T36] usb 4-1: Manufacturer: syz [ 432.229322][ T36] usb 4-1: SerialNumber: syz [ 432.244521][T12501] dtv5100: wlen = 15, aborting. [ 432.255584][ T36] usb 4-1: config 0 descriptor?? [ 432.277103][ T36] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 432.306236][ T8383] appletouch 2-1:0.85: input: appletouch disconnected [ 432.832592][T12511] dtv5100: wlen = 15, aborting. [ 432.904542][T12513] dtv5100: wlen = 15, aborting. [ 433.031670][T12517] FAULT_INJECTION: forcing a failure. [ 433.031670][T12517] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 433.046363][T12517] CPU: 0 UID: 0 PID: 12517 Comm: syz.1.2167 Tainted: G L syzkaller #0 PREEMPT(full) [ 433.046389][T12517] Tainted: [L]=SOFTLOCKUP [ 433.046399][T12517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 433.046409][T12517] Call Trace: [ 433.046415][T12517] [ 433.046422][T12517] dump_stack_lvl+0xe8/0x150 [ 433.046445][T12517] should_fail_ex+0x414/0x560 [ 433.046478][T12517] _copy_to_user+0x31/0xb0 [ 433.046503][T12517] simple_read_from_buffer+0xe1/0x170 [ 433.046527][T12517] proc_fail_nth_read+0x1b3/0x220 [ 433.046551][T12517] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 433.046575][T12517] ? rw_verify_area+0x2a6/0x4d0 [ 433.046600][T12517] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 433.046617][T12517] vfs_read+0x200/0xa30 [ 433.046641][T12517] ? fdget_pos+0x247/0x320 [ 433.046665][T12517] ? __pfx___mutex_lock+0x10/0x10 [ 433.046690][T12517] ? __pfx_vfs_read+0x10/0x10 [ 433.046717][T12517] ? __fget_files+0x2a/0x420 [ 433.046740][T12517] ? __fget_files+0x3a0/0x420 [ 433.046759][T12517] ? __fget_files+0x2a/0x420 [ 433.046785][T12517] ksys_read+0x145/0x250 [ 433.046802][T12517] ? __pfx_ksys_read+0x10/0x10 [ 433.046825][T12517] do_syscall_64+0xec/0xf80 [ 433.046842][T12517] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.046858][T12517] ? clear_bhb_loop+0x40/0x90 [ 433.046878][T12517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.046894][T12517] RIP: 0033:0x7f272238e15c [ 433.046910][T12517] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 433.046924][T12517] RSP: 002b:00007f2723205030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 433.046943][T12517] RAX: ffffffffffffffda RBX: 00007f27225e5fa0 RCX: 00007f272238e15c [ 433.046956][T12517] RDX: 000000000000000f RSI: 00007f27232050a0 RDI: 0000000000000005 [ 433.046966][T12517] RBP: 00007f2723205090 R08: 0000000000000000 R09: 0000000000000000 [ 433.046976][T12517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 433.046985][T12517] R13: 00007f27225e6038 R14: 00007f27225e5fa0 R15: 00007ffcfa54c008 [ 433.047014][T12517] [ 433.301800][T12519] netlink: 1072 bytes leftover after parsing attributes in process `syz.1.2168'. [ 433.313108][T12519] netlink: 280 bytes leftover after parsing attributes in process `syz.1.2168'. [ 433.505745][T12524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.517099][T12524] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 433.560222][ T8382] usb 2-1: new full-speed USB device number 127 using dummy_hcd [ 433.634357][ T36] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 433.656846][ T36] usb 4-1: USB disconnect, device number 21 [ 433.727625][ T8382] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 433.739628][ T8382] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 433.751302][ T8382] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 433.763180][ T8382] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 433.773534][ T8382] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.786134][T12519] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 433.996654][T12519] netlink: 1072 bytes leftover after parsing attributes in process `syz.1.2168'. [ 434.003157][T12528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 434.006510][T12519] netlink: 280 bytes leftover after parsing attributes in process `syz.1.2168'. [ 434.026151][T12528] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 434.054375][ T8382] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 434.078322][ T8382] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input63 [ 434.139355][ T8382] usb 2-1: USB disconnect, device number 127 [ 434.139420][ C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 434.185533][ T8433] udevd[8433]: setting owner of /dev/input/mouse1 to uid=0, gid=104 failed: No such file or directory [ 434.348603][T12535] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2173'. [ 434.363853][T12535] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2173'. [ 434.379188][T12536] cgroup: Unknown subsys name 'appraise' [ 434.441949][T12542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 434.455361][T12542] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 434.611272][T12547] FAULT_INJECTION: forcing a failure. [ 434.611272][T12547] name failslab, interval 1, probability 0, space 0, times 0 [ 434.637227][T12547] CPU: 0 UID: 0 PID: 12547 Comm: syz.2.2178 Tainted: G L syzkaller #0 PREEMPT(full) [ 434.637267][T12547] Tainted: [L]=SOFTLOCKUP [ 434.637277][T12547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 434.637291][T12547] Call Trace: [ 434.637299][T12547] [ 434.637309][T12547] dump_stack_lvl+0xe8/0x150 [ 434.637340][T12547] should_fail_ex+0x414/0x560 [ 434.637379][T12547] should_failslab+0xa8/0x100 [ 434.637407][T12547] __kmalloc_noprof+0xdf/0x800 [ 434.637441][T12547] ? tomoyo_encode+0x28b/0x550 [ 434.637480][T12547] tomoyo_encode+0x28b/0x550 [ 434.637519][T12547] tomoyo_realpath_from_path+0x58d/0x5d0 [ 434.637556][T12547] ? tomoyo_domain+0xd8/0x130 [ 434.637595][T12547] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 434.637625][T12547] tomoyo_path_number_perm+0x1e8/0x5a0 [ 434.637657][T12547] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 434.637695][T12547] ? __lock_acquire+0x6b6/0x2cf0 [ 434.637745][T12547] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 434.637794][T12547] ? __fget_files+0x2a/0x420 [ 434.637827][T12547] ? __fget_files+0x2a/0x420 [ 434.637854][T12547] ? __fget_files+0x3a0/0x420 [ 434.637881][T12547] ? __fget_files+0x2a/0x420 [ 434.637914][T12547] security_file_ioctl+0xcb/0x2d0 [ 434.637942][T12547] __se_sys_ioctl+0x47/0x170 [ 434.637981][T12547] do_syscall_64+0xec/0xf80 [ 434.638003][T12547] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.638025][T12547] ? trace_irq_disable+0x37/0x100 [ 434.638050][T12547] ? clear_bhb_loop+0x40/0x90 [ 434.638079][T12547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.638101][T12547] RIP: 0033:0x7fce3898f749 [ 434.638123][T12547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.638143][T12547] RSP: 002b:00007fce398b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 434.638167][T12547] RAX: ffffffffffffffda RBX: 00007fce38be5fa0 RCX: 00007fce3898f749 [ 434.638184][T12547] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000a [ 434.638198][T12547] RBP: 00007fce398b0090 R08: 0000000000000000 R09: 0000000000000000 [ 434.638213][T12547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 434.638227][T12547] R13: 00007fce38be6038 R14: 00007fce38be5fa0 R15: 00007fff0ed3b578 [ 434.638263][T12547] [ 434.638287][T12547] ERROR: Out of memory at tomoyo_realpath_from_path. [ 435.052459][T12556] IPv6: syztnl0: Disabled Multicast RS [ 435.119031][T12560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 435.141073][T12560] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 435.243627][T12564] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2184'. [ 435.429748][T12575] x_tables: duplicate underflow at hook 4 [ 435.532363][T12579] FAULT_INJECTION: forcing a failure. [ 435.532363][T12579] name failslab, interval 1, probability 0, space 0, times 0 [ 435.549527][T12579] CPU: 1 UID: 0 PID: 12579 Comm: syz.1.2189 Tainted: G L syzkaller #0 PREEMPT(full) [ 435.549566][T12579] Tainted: [L]=SOFTLOCKUP [ 435.549575][T12579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 435.549590][T12579] Call Trace: [ 435.549600][T12579] [ 435.549610][T12579] dump_stack_lvl+0xe8/0x150 [ 435.549643][T12579] should_fail_ex+0x414/0x560 [ 435.549691][T12579] should_failslab+0xa8/0x100 [ 435.549719][T12579] __kmalloc_noprof+0xdf/0x800 [ 435.549748][T12579] ? tomoyo_encode+0x28b/0x550 [ 435.549785][T12579] tomoyo_encode+0x28b/0x550 [ 435.549822][T12579] tomoyo_realpath_from_path+0x58d/0x5d0 [ 435.549868][T12579] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 435.549897][T12579] tomoyo_path_number_perm+0x1e8/0x5a0 [ 435.549930][T12579] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 435.549962][T12579] ? __lock_acquire+0x6b6/0x2cf0 [ 435.550009][T12579] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 435.550058][T12579] ? __fget_files+0x2a/0x420 [ 435.550090][T12579] ? __fget_files+0x2a/0x420 [ 435.550116][T12579] ? __fget_files+0x3a0/0x420 [ 435.550144][T12579] ? __fget_files+0x2a/0x420 [ 435.550177][T12579] security_file_ioctl+0xcb/0x2d0 [ 435.550206][T12579] __se_sys_ioctl+0x47/0x170 [ 435.550244][T12579] do_syscall_64+0xec/0xf80 [ 435.550269][T12579] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.550291][T12579] ? trace_irq_disable+0x37/0x100 [ 435.550317][T12579] ? clear_bhb_loop+0x40/0x90 [ 435.550345][T12579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.550368][T12579] RIP: 0033:0x7f272238f749 [ 435.550389][T12579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.550409][T12579] RSP: 002b:00007f2723205038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 435.550434][T12579] RAX: ffffffffffffffda RBX: 00007f27225e5fa0 RCX: 00007f272238f749 [ 435.550451][T12579] RDX: 0000200000000580 RSI: 00000000c040565f RDI: 0000000000000003 [ 435.550465][T12579] RBP: 00007f2723205090 R08: 0000000000000000 R09: 0000000000000000 [ 435.550478][T12579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 435.550490][T12579] R13: 00007f27225e6038 R14: 00007f27225e5fa0 R15: 00007ffcfa54c008 [ 435.550521][T12579] [ 435.782523][T12579] ERROR: Out of memory at tomoyo_realpath_from_path. [ 436.174190][T12594] SQUASHFS error: Failed to read block 0x0: -5 [ 436.183429][T12594] unable to read squashfs_super_block [ 436.541762][T12606] FAULT_INJECTION: forcing a failure. [ 436.541762][T12606] name failslab, interval 1, probability 0, space 0, times 0 [ 436.561637][T12606] CPU: 1 UID: 0 PID: 12606 Comm: syz.3.2198 Tainted: G L syzkaller #0 PREEMPT(full) [ 436.561674][T12606] Tainted: [L]=SOFTLOCKUP [ 436.561683][T12606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 436.561697][T12606] Call Trace: [ 436.561712][T12606] [ 436.561723][T12606] dump_stack_lvl+0xe8/0x150 [ 436.561755][T12606] should_fail_ex+0x414/0x560 [ 436.561794][T12606] should_failslab+0xa8/0x100 [ 436.561823][T12606] kmem_cache_alloc_noprof+0x88/0x710 [ 436.561855][T12606] ? __kvm_mmu_topup_memory_cache+0x463/0x610 [ 436.561890][T12606] ? __kvm_mmu_topup_memory_cache+0x1b4/0x610 [ 436.561930][T12606] __kvm_mmu_topup_memory_cache+0x1b4/0x610 [ 436.561980][T12606] mmu_topup_memory_caches+0x21/0x170 [ 436.562006][T12606] kvm_mmu_load+0x9d/0x22d0 [ 436.562029][T12606] ? kvm_msr_allowed+0x9a/0x490 [ 436.562056][T12606] ? kvm_msr_allowed+0x9a/0x490 [ 436.562082][T12606] ? kvm_msr_allowed+0x9a/0x490 [ 436.562109][T12606] ? kvm_msr_allowed+0x9a/0x490 [ 436.562134][T12606] ? kvm_apic_has_interrupt+0x744/0x770 [ 436.562175][T12606] vcpu_run+0x5497/0x7670 [ 436.562287][T12606] ? __pfx_vcpu_run+0x10/0x10 [ 436.562316][T12606] ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90 [ 436.562348][T12606] ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90 [ 436.562380][T12606] ? fpu_swap_kvm_fpstate+0xc2/0x4f0 [ 436.562409][T12606] ? rcu_is_watching+0x15/0xb0 [ 436.562437][T12606] kvm_arch_vcpu_ioctl_run+0x1148/0x1c90 [ 436.562483][T12606] ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90 [ 436.562521][T12606] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 436.562555][T12606] ? __lock_acquire+0x6b6/0x2cf0 [ 436.562595][T12606] ? __mutex_lock+0x335/0x1350 [ 436.562629][T12606] ? kasan_quarantine_put+0xbb/0x1f0 [ 436.562682][T12606] ? do_raw_write_lock+0x120/0x260 [ 436.562729][T12606] kvm_vcpu_ioctl+0x99a/0xed0 [ 436.562762][T12606] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 436.562786][T12606] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 436.562833][T12606] ? __fget_files+0x2a/0x420 [ 436.562865][T12606] ? __fget_files+0x2a/0x420 [ 436.562891][T12606] ? __fget_files+0x3a0/0x420 [ 436.562918][T12606] ? __fget_files+0x2a/0x420 [ 436.562950][T12606] ? bpf_lsm_file_ioctl+0x9/0x20 [ 436.562972][T12606] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 436.562999][T12606] __se_sys_ioctl+0xfc/0x170 [ 436.563036][T12606] do_syscall_64+0xec/0xf80 [ 436.563061][T12606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.563084][T12606] ? trace_irq_disable+0x37/0x100 [ 436.563110][T12606] ? clear_bhb_loop+0x40/0x90 [ 436.563139][T12606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.563162][T12606] RIP: 0033:0x7f5d9858f749 [ 436.563183][T12606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 436.563202][T12606] RSP: 002b:00007f5d994c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 436.563226][T12606] RAX: ffffffffffffffda RBX: 00007f5d987e6090 RCX: 00007f5d9858f749 [ 436.563243][T12606] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 436.563258][T12606] RBP: 00007f5d994c4090 R08: 0000000000000000 R09: 0000000000000000 [ 436.563272][T12606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 436.563286][T12606] R13: 00007f5d987e6128 R14: 00007f5d987e6090 R15: 00007fff4eb41b98 [ 436.563322][T12606] [ 437.191080][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 437.350147][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 437.393607][ T9] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 437.407023][ T9] usb 2-1: config 179 has no interface number 0 [ 437.416781][ T9] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 437.436913][T12631] netlink: 7 bytes leftover after parsing attributes in process `syz.0.2210'. [ 437.459689][ T9] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 437.492068][ T9] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 437.519489][ T9] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 437.535498][ T9] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 437.549169][ T9] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 437.558777][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.583674][T12610] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 437.783125][T12643] netlink: 'syz.0.2216': attribute type 32 has an invalid length. [ 437.843281][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input64 [ 437.989781][T12649] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2219'. [ 438.012557][ T5870] usb 2-1: USB disconnect, device number 2 [ 438.012578][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 438.026814][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 438.215312][T12657] netlink: 'syz.3.2222': attribute type 29 has an invalid length. [ 438.241535][T12657] netlink: 'syz.3.2222': attribute type 29 has an invalid length. [ 438.257442][T12657] netlink: 500 bytes leftover after parsing attributes in process `syz.3.2222'. [ 438.672337][T12683] netlink: 'syz.3.2236': attribute type 12 has an invalid length. [ 438.680913][T12683] netlink: 124 bytes leftover after parsing attributes in process `syz.3.2236'. [ 438.858740][T12684] tap0: tun_chr_ioctl cmd 1074025677 [ 438.864836][T12684] tap0: linktype set to 774 [ 439.017714][T12699] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2243'. [ 440.980999][T12705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2245'. [ 441.235296][T12719] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2253'. [ 441.260087][T12719] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 441.444114][T12728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2257'. [ 441.471317][T12729] netlink: 'syz.2.2259': attribute type 5 has an invalid length. [ 441.491058][T12729] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2259'. [ 441.718337][T12743] netlink: 84 bytes leftover after parsing attributes in process `syz.3.2265'. [ 441.729516][T12743] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 441.781393][T12745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 441.811680][T12745] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 442.360218][ T5855] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 442.521294][ T5855] usb 4-1: Using ep0 maxpacket: 16 [ 442.529090][ T5855] usb 4-1: config 1 has an invalid interface number: 118 but max is 0 [ 442.548040][ T5855] usb 4-1: config 1 has no interface number 0 [ 442.559275][ T5855] usb 4-1: config 1 interface 118 has no altsetting 0 [ 442.578007][ T5855] usb 4-1: string descriptor 0 read error: -71 [ 442.589878][ T5855] usb 4-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice=e2.32 [ 442.601763][ T5855] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 442.610472][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 442.624162][ T5855] usb 4-1: rejected 1 configuration due to insufficient available bus power [ 442.638322][ T5855] usb 4-1: no configuration chosen from 1 choice [ 442.647803][ T5855] usb 4-1: USB disconnect, device number 22 [ 443.343937][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 443.353388][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 443.446546][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 443.456350][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 443.548669][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 443.548698][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 443.558738][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 443.651193][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 445.240105][ T5855] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 445.359203][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.365849][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.412028][ T5855] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 445.430398][ T5855] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 445.439565][ T5855] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.475805][ T5822] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 445.493684][ T5822] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 445.503391][ T5822] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 445.511688][ T5822] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 445.519417][ T5822] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 445.530592][ T5855] usb 4-1: config 0 descriptor?? [ 445.813862][T12817] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 445.983111][ T5855] lenovo 0003:17EF:6047.001C: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.3-1/input0 [ 446.044871][T12809] chnl_net:caif_netlink_parms(): no params data found [ 446.962471][T12835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 446.971727][T12835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 447.016122][T12835] ------------[ cut here ]------------ [ 447.021891][T12835] usb 3-1: BOGUS control dir, pipe 80006480 doesn't match bRequestType c0 [ 447.031324][T12835] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x105c/0x18d0, CPU#1: syz.2.2298/12835 [ 447.042984][T12835] Modules linked in: [ 447.047436][T12835] CPU: 1 UID: 0 PID: 12835 Comm: syz.2.2298 Tainted: G L syzkaller #0 PREEMPT(full) [ 447.058724][T12835] Tainted: [L]=SOFTLOCKUP SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 447.063144][T12835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 447.073399][T12835] RIP: 0010:usb_submit_urb+0x111c/0x18d0 [ 447.080475][T12835] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9 [ 447.090996][ T8382] usb 1-1: USB disconnect, device number 120 [ 447.100354][T12835] RSP: 0018:ffffc90003cff920 EFLAGS: 00010246 [ 447.100386][T12835] RAX: 0000000000000000 RBX: ffff88814c42e000 RCX: 0000000080006480 [ 447.100405][T12835] RDX: ffff88807b7b43a0 RSI: ffffffff8c363be0 RDI: ffffffff8fd0cf50 [ 447.100424][T12835] RBP: 1ffff1100415ea2c R08: 00000000000000c0 R09: 0000000000000000 [ 447.100441][T12835] R10: ffffc90003cffa20 R11: fffff5200079ff50 R12: ffff88807ddcd100 [ 447.100461][T12835] R13: ffff888020af5160 R14: 0000000080006480 R15: ffff88807b7b43a0 [ 447.100481][T12835] FS: 00007fce398b06c0(0000) GS:ffff888125abb000(0000) knlGS:0000000000000000 [ 447.100504][T12835] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 447.100522][T12835] CR2: 000000110c359106 CR3: 00000000787fa000 CR4: 00000000003526f0 [ 447.100545][T12835] Call Trace: [ 447.181944][T12835] [ 447.184939][T12835] ? __init_swait_queue_head+0xa9/0x150 [ 447.188911][ T5855] usb 4-1: USB disconnect, device number 23 [ 447.190576][T12835] usb_start_wait_urb+0x115/0x4f0 [ 447.190628][T12835] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 447.190687][T12835] usb_control_msg+0x232/0x3e0 [ 447.190730][T12835] dtv5100_i2c_msg+0x231/0x2f0 [ 447.216970][T12835] dtv5100_i2c_xfer+0x1a4/0x3c0 [ 447.221910][T12835] __i2c_transfer+0x79a/0x1f00 [ 447.226799][T12835] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 447.232796][T12835] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 447.239368][T12835] ? i2c_transfer+0xc8/0x2d0 [ 447.244535][T12835] i2c_transfer+0x1cc/0x2d0 [ 447.249171][T12835] i2cdev_ioctl_rdwr+0x460/0x740 [ 447.254214][T12835] i2cdev_ioctl+0x64b/0x820 [ 447.258744][T12835] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 447.263960][T12835] ? __fget_files+0x3a0/0x420 [ 447.268692][T12835] ? __fget_files+0x2a/0x420 [ 447.273368][T12835] ? bpf_lsm_file_ioctl+0x9/0x20 [ 447.278327][T12835] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 447.283428][T12835] __se_sys_ioctl+0xfc/0x170 [ 447.288222][T12835] do_syscall_64+0xec/0xf80 [ 447.292819][T12835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.298992][T12835] ? trace_irq_disable+0x37/0x100 [ 447.304134][T12835] ? clear_bhb_loop+0x40/0x90 [ 447.308873][T12835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.314877][T12835] RIP: 0033:0x7fce3898f749 [ 447.319322][T12835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 447.339596][T12835] RSP: 002b:00007fce398b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 447.349032][T12835] RAX: ffffffffffffffda RBX: 00007fce38be5fa0 RCX: 00007fce3898f749 [ 447.357219][T12835] RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004 [ 447.365288][T12835] RBP: 00007fce38a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 447.373343][T12835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 447.381361][T12835] R13: 00007fce38be6038 R14: 00007fce38be5fa0 R15: 00007fff0ed3b578 [ 447.389494][T12835] [ 447.392576][T12835] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 447.399876][T12835] CPU: 1 UID: 0 PID: 12835 Comm: syz.2.2298 Tainted: G L syzkaller #0 PREEMPT(full) [ 447.410843][T12835] Tainted: [L]=SOFTLOCKUP [ 447.415204][T12835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 447.425815][T12835] Call Trace: [ 447.429115][T12835] [ 447.432058][T12835] vpanic+0x1e0/0x670 [ 447.436079][T12835] panic+0xb9/0xc0 [ 447.439838][T12835] ? __pfx_panic+0x10/0x10 [ 447.444319][T12835] __warn+0x317/0x4b0 [ 447.448550][T12835] ? usb_submit_urb+0x105c/0x18d0 [ 447.453785][T12835] ? usb_submit_urb+0x105c/0x18d0 [ 447.459025][T12835] __report_bug+0x288/0x500 [ 447.463658][T12835] ? unwind_get_return_address+0x4d/0x90 [ 447.469332][T12835] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 447.475523][T12835] ? usb_submit_urb+0x105c/0x18d0 [ 447.480639][T12835] ? __pfx___report_bug+0x10/0x10 [ 447.485787][T12835] ? __pfx_stack_trace_save+0x10/0x10 [ 447.491203][T12835] ? stack_depot_save_flags+0x33/0x810 [ 447.496691][T12835] report_bug_entry+0x19a/0x290 [ 447.501564][T12835] ? usb_submit_urb+0x111c/0x18d0 [ 447.506631][T12835] ? usb_submit_urb+0x1121/0x18d0 [ 447.511691][T12835] handle_bug+0xca/0x200 [ 447.515971][T12835] exc_invalid_op+0x1a/0x50 [ 447.520507][T12835] asm_exc_invalid_op+0x1a/0x20 [ 447.525375][T12835] RIP: 0010:usb_submit_urb+0x111c/0x18d0 [ 447.531234][T12835] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9 [ 447.551231][T12835] RSP: 0018:ffffc90003cff920 EFLAGS: 00010246 [ 447.557340][T12835] RAX: 0000000000000000 RBX: ffff88814c42e000 RCX: 0000000080006480 [ 447.565513][T12835] RDX: ffff88807b7b43a0 RSI: ffffffff8c363be0 RDI: ffffffff8fd0cf50 [ 447.573692][T12835] RBP: 1ffff1100415ea2c R08: 00000000000000c0 R09: 0000000000000000 [ 447.581921][T12835] R10: ffffc90003cffa20 R11: fffff5200079ff50 R12: ffff88807ddcd100 [ 447.590016][T12835] R13: ffff888020af5160 R14: 0000000080006480 R15: ffff88807b7b43a0 [ 447.598041][T12835] ? __init_swait_queue_head+0xa9/0x150 [ 447.603605][T12835] usb_start_wait_urb+0x115/0x4f0 [ 447.608702][T12835] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 447.614281][T12835] usb_control_msg+0x232/0x3e0 [ 447.619082][T12835] dtv5100_i2c_msg+0x231/0x2f0 [ 447.623878][T12835] dtv5100_i2c_xfer+0x1a4/0x3c0 [ 447.628782][T12835] __i2c_transfer+0x79a/0x1f00 [ 447.633595][T12835] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 447.639445][T12835] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 447.645444][T12835] ? i2c_transfer+0xc8/0x2d0 [ 447.650114][T12835] i2c_transfer+0x1cc/0x2d0 [ 447.654732][T12835] i2cdev_ioctl_rdwr+0x460/0x740 [ 447.659746][T12835] i2cdev_ioctl+0x64b/0x820 [ 447.664325][T12835] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 447.669387][T12835] ? __fget_files+0x3a0/0x420 [ 447.674097][T12835] ? __fget_files+0x2a/0x420 [ 447.678720][T12835] ? bpf_lsm_file_ioctl+0x9/0x20 [ 447.683786][T12835] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 447.688854][T12835] __se_sys_ioctl+0xfc/0x170 [ 447.693523][T12835] do_syscall_64+0xec/0xf80 [ 447.698239][T12835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.704516][T12835] ? trace_irq_disable+0x37/0x100 [ 447.709564][T12835] ? clear_bhb_loop+0x40/0x90 [ 447.714269][T12835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.720330][T12835] RIP: 0033:0x7fce3898f749 [ 447.724779][T12835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 447.744413][T12835] RSP: 002b:00007fce398b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 447.752856][T12835] RAX: ffffffffffffffda RBX: 00007fce38be5fa0 RCX: 00007fce3898f749 [ 447.760857][T12835] RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004 [ 447.768843][T12835] RBP: 00007fce38a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 447.776851][T12835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 447.784839][T12835] R13: 00007fce38be6038 R14: 00007fce38be5fa0 R15: 00007fff0ed3b578 [ 447.792839][T12835] [ 447.796475][T12835] Kernel Offset: disabled [ 447.800823][T12835] Rebooting in 86400 seconds..