last executing test programs: 6.045072323s ago: executing program 3 (id=10): r0 = openat$kvm(0xffffff9c, &(0x7f0000000000), 0x40080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x3, 0x0, @pic={0x39, 0x0, 0x6, 0x2, 0xfa, 0x6, 0x10, 0x64, 0x1, 0x8, 0x8, 0xf, 0x6, 0x6, 0xa, 0x1}}) 5.985926914s ago: executing program 4 (id=5): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x3c1, 0x3, 0x290, 0xfc, 0x2b8, 0x182, 0xfc, 0x0, 0x1c8, 0x3a8, 0x3a8, 0x1c8, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xdc, 0xfc, 0x0, {0x0, 0x1800}, [@common=@unspec=@statistic={{0x38}, {0x0, 0x0, 0x0, 0x6c, 0x3}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@mcast1, @remote, [], [], 'macsec0\x00', 'netdevsim0\x00', {}, {0xff}}, 0x0, 0xa4, 0xcc}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x8e64, 0x1000, 0x2}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24, '\x00', 0x0, 0xfffffffb}}}}, 0x2ec) 5.913562403s ago: executing program 4 (id=12): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r1, &(0x7f00000007c0)=[{&(0x7f0000000500)="a5", 0x1}], 0x1) 5.913359923s ago: executing program 3 (id=13): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000100000004040000fb007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e4845500a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491dc6aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de453f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291beea56ed7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124e16b64a5d1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba515d4cc28d702287fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xfe, 0x60000004, &(0x7f0000000100)="b9ff03076044238cb89e14f008000de0ffff00184000633c77fbac141412e000002062079f4b4d2f87e5feca6aab845013f2325f1a3903050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x25, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f90931dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x2c) 5.338306704s ago: executing program 3 (id=22): syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f00000aa000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000080)=0x1) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x4, 0x8, 0xc, 0x0, 0x9, 0x10, 0x5, 0x2, 0xe, 0x3, 0x6, 0x11, 0x0, 0x0, 0x615, 0x3, 0x4, 0x3e, 0xa, '\x00', 0x7, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.313970594s ago: executing program 3 (id=25): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000001580)={0x2c, &(0x7f00000013c0)=ANY=[@ANYBLOB='@\":'], 0x0, 0x0, 0x0, 0x0}, 0x0) 4.736588175s ago: executing program 1 (id=36): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$poke(0x4, r0, &(0x7f0000000080), 0x0) syz_usb_connect(0x0, 0x36, 0x0, 0x0) 4.209699925s ago: executing program 2 (id=41): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) socketpair(0x4, 0x4, 0xffffffff, &(0x7f0000000100)) socket$inet6(0xa, 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.209318985s ago: executing program 2 (id=42): r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000000)) 4.209113515s ago: executing program 2 (id=43): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x11, 0x0, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000000)={0x0, 0x2, "ec9fe44d4dbe56a65274d7c727e7e53c1bb714e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bcb7d08e36655c00"}) socket$nl_route(0x10, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000080)='blkio.throttle.read_bps_device\x00', 0x2, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendfile(r7, r6, 0x0, 0x4) 4.208896905s ago: executing program 1 (id=44): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) bind$802154_raw(r0, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f00000003c0)={0x1f, 0xe, 0xfffd, 0x2, 0x0, 0x8000, &(0x7f00000005c0)}) 3.417666117s ago: executing program 2 (id=51): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000010003b0c00"/18, @ANYBLOB], 0x40}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/34, @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000140)={0x100, 0x640, &(0x7f0000000240)="02e19d2dfa8f6e35b50f080d91ef49d3d9d43c03e74949522ff7b13a19c3886aaa71445dad1d7c85287332e046c59debce995da0b96973bd013b2e749981d1e1e556e3f35b9651bc9b6229f2a989695c475f6f2e43d168d4b020eb7bd8ddac0575419d0690ce40fb43", 0x0, 0x69}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.349099987s ago: executing program 1 (id=52): syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f00000aa000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000080)=0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000680)={&(0x7f0000000340)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8}]}, 0x28}}, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x4, 0x8, 0xc, 0x0, 0x9, 0x10, 0x5, 0x2, 0xe, 0x3, 0x6, 0x11, 0x0, 0x0, 0x615, 0x3, 0x4, 0x3e, 0xa, '\x00', 0x7, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.261619347s ago: executing program 1 (id=53): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) 2.902413817s ago: executing program 1 (id=54): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @main=@item_012={0x2, 0x0, 0xb, '\x00\x00'}, @main=@item_4={0x3, 0x0, 0x9, "5aa8257f"}, @main=@item_012={0x0, 0x0, 0x9}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x400c4808, 0x0) 2.859160357s ago: executing program 3 (id=55): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x7, 0x4, 0x8, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6c6f616420656372797074d8101a1dbbbe766c23f0dc6afe88fa667320757365723a6e6577202430303030303030"], 0x2e, 0x0) 2.663970877s ago: executing program 4 (id=56): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000002800)={&(0x7f00000002c0)={0x34, 0x0, 0xb, 0x201, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_COMPAT_TYPE={0x8, 0x3, 0x1, 0x0, 0x200000}, @NFTA_COMPAT_NAME={0xd, 0x1, 'rpfilter\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x4040010) 2.610626988s ago: executing program 4 (id=57): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x11, 0x800000003, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x11, 0x0, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000000)={0x0, 0x2, "ec9fe44d4dbe56a65274d7c727e7e53c1bb714e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bcb7d08e36655c00"}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3000000010000100000000000000000000000000cc201e675aa632cda9a1b4c8e1d9f803b3afebd6f3fe1ec143c296adb21c3d6f576e6fe6c9680e672d33bf799264502427bb572d837d39f840ee9e88afe7d36c97d6dd508770b20f0006f0fb7c01a9682532aee91d14106389a64bb508de79ecef69aed90d1a9c2d232cb352624112575ee203e3cac23fe0ab3ca7a4c62fd3c884b2", @ANYRES32=0x0, @ANYBLOB="0000000000000000080004000006000008001b0000000000"], 0x30}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r6 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='blkio.throttle.read_bps_device\x00', 0x2, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendfile(r7, r6, &(0x7f0000000240)=0x401, 0x4) 2.551720467s ago: executing program 0 (id=58): setresuid(0xee01, 0xee00, 0x0) getresuid(&(0x7f00000002c0), &(0x7f0000000080)=0x0, 0x0) setfsuid(0x0) setresuid(0xffffffffffffffff, r0, 0x0) 2.377406727s ago: executing program 0 (id=59): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$ARCH_SHSTK_DISABLE(0x1e, r0, 0x1, 0x5002) 2.307789227s ago: executing program 2 (id=60): r0 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r1}, 0x18) fgetxattr(r0, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0) 2.283402077s ago: executing program 0 (id=61): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x11, 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000000000)={0x0, 0x2, "ec9fe44d4dbe56a65274d7c727e7e53c1bb714e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bcb7d08e36655c00"}) socket$nl_route(0x10, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000080)='blkio.throttle.read_bps_device\x00', 0x2, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendfile(r6, r5, 0x0, 0x4) 1.533571388s ago: executing program 3 (id=62): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x20, 0x0, 0x4, {0x1c00, 0x20}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.368183618s ago: executing program 0 (id=63): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000001c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "ecf0ff19", "4e67cb72f328ac2f"}, 0x28) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000240)="54d5611b63a92c8daafd6f97ae941e8167e55f505a49489d1a1f773683a709917322015ef655", 0x26}], 0x1) 1.367957629s ago: executing program 0 (id=64): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, 0x0) 1.341249499s ago: executing program 2 (id=65): syz_emit_ethernet(0x3a, &(0x7f0000000580)={@local, @random="08c82553c54d", @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x5, 0x6, 0x0, @private=0xa010102, @broadcast, {[@generic={0x7, 0x3, '\x00'}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x7}}}}}}, 0x0) unshare(0x40000000) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @remote}, 0x10) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000080)={0x1}, 0x8) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000751c0110e60f00979ad1010203010902240001000000000904290202b48cbb0009050402100000fa000905820240"], 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r3, 0xfffff000, 0xe, 0x0, &(0x7f0000001700)="61df7100c80400d5721ff59fe864", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) sendmmsg$sock(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@txtime={{0x18, 0x1, 0x3d, 0x803}}], 0x18}}], 0x1, 0x20000844) 1.276899849s ago: executing program 0 (id=66): syz_usb_connect(0x5, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x110, 0x3e, 0x8, 0x3f, 0x10, 0x4cc, 0x2533, 0xfc58, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x5, 0x9, 0x40, 0x19, [{{0x9, 0x4, 0xa8, 0x7, 0x2, 0x8, 0x55, 0xfe, 0x98, [], [{{0x9, 0x5, 0x67037027c940c0eb, 0x2, 0x400, 0x2, 0x2, 0x5}}, {{0x9, 0x5, 0x4, 0x12, 0x3ff, 0x8, 0x9, 0x23}}]}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x36, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, 0x0, 0x0) read$char_usb(r1, 0x0, 0x0) syz_usb_disconnect(r0) write$char_usb(r1, 0x0, 0x0) syz_usb_connect$uac1(0x0, 0xaf, 0x0, 0x0) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000800)={{0x12, 0x1, 0x0, 0xc6, 0x65, 0xcf, 0x40, 0x8dd, 0x90ff, 0x5d5a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xcd, 0xf8, 0xf3}}]}}]}}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x1, {[@main]}}, 0x0}, 0x0) r3 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0xc38, &(0x7f0000000200)=ANY=[]) 1.240136839s ago: executing program 4 (id=67): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28de, 0x1102, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1, 0xf9, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x50}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="200b4000000028b1"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f00000005c0)={0x14, &(0x7f00000001c0)={0x0, 0x0, 0xe, {0xe, 0x0, "6c46936e41c5838bf3d423ab"}}, 0x0}, 0x0) write$char_usb(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000002300), 0x1, 0x14a042) syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x0) 0s ago: executing program 1 (id=68): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x11, 0x800000003, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x11, 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000000000)={0x0, 0x2, "ec9fe44d4dbe56a65274d7c727e7e53c1bb714e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bcb7d08e36655c00"}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3000000010000100000000000000000000000000cc201e675aa632cda9a1b4c8e1d9f803b3afebd6f3fe1ec143c296adb21c3d6f576e6fe6c9680e672d33bf799264502427bb572d837d39f840ee9e88afe7d36c97d6dd508770b20f0006f0fb7c01a9682532aee91d14106389a64bb508de79ecef69aed90d1a9c2d232cb352624112575ee203e3cac23fe0ab3ca7a4c62fd3c884b2", @ANYRES32=0x0, @ANYBLOB="0000000000000000080004000006000008001b0000000000"], 0x30}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000080)='blkio.throttle.read_bps_device\x00', 0x2, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) sendfile(r9, r8, &(0x7f0000000240)=0x401, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.2' (ED25519) to the list of known hosts. [ 19.489509][ T30] audit: type=1400 audit(1741221862.321:66): avc: denied { integrity } for pid=280 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 19.493912][ T30] audit: type=1400 audit(1741221862.321:67): avc: denied { mounton } for pid=280 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.494933][ T280] cgroup: Unknown subsys name 'net' [ 19.497212][ T30] audit: type=1400 audit(1741221862.321:68): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.500812][ T30] audit: type=1400 audit(1741221862.331:69): avc: denied { unmount } for pid=280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.500949][ T280] cgroup: Unknown subsys name 'devices' [ 19.646927][ T280] cgroup: Unknown subsys name 'hugetlb' [ 19.652320][ T280] cgroup: Unknown subsys name 'rlimit' [ 19.818220][ T30] audit: type=1400 audit(1741221862.651:70): avc: denied { setattr } for pid=280 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.841232][ T30] audit: type=1400 audit(1741221862.651:71): avc: denied { mounton } for pid=280 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 19.846193][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 19.866000][ T30] audit: type=1400 audit(1741221862.651:72): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 19.896990][ T30] audit: type=1400 audit(1741221862.701:73): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.922211][ T30] audit: type=1400 audit(1741221862.701:74): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.949958][ T30] audit: type=1400 audit(1741221862.781:75): avc: denied { read } for pid=280 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.950318][ T280] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 20.585345][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.592194][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.599461][ T291] device bridge_slave_0 entered promiscuous mode [ 20.606117][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.612950][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.620429][ T291] device bridge_slave_1 entered promiscuous mode [ 20.663799][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.670747][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.677831][ T289] device bridge_slave_0 entered promiscuous mode [ 20.687202][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.694035][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.701544][ T289] device bridge_slave_1 entered promiscuous mode [ 20.715610][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.722447][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.729639][ T293] device bridge_slave_0 entered promiscuous mode [ 20.749793][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.756643][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.763819][ T293] device bridge_slave_1 entered promiscuous mode [ 20.806730][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.813566][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.820827][ T292] device bridge_slave_0 entered promiscuous mode [ 20.828459][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.835284][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.842460][ T292] device bridge_slave_1 entered promiscuous mode [ 20.882188][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.889048][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.896249][ T290] device bridge_slave_0 entered promiscuous mode [ 20.915589][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.922422][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.929593][ T290] device bridge_slave_1 entered promiscuous mode [ 21.014947][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.021801][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.028892][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.035683][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.059793][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.066948][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.075070][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.082479][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.104051][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.118839][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.126977][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.133795][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.141078][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 21.149256][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.157186][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.164006][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.171205][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.179211][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.186042][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.193181][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 21.201135][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.209085][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.215914][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.223179][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 21.259132][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.267175][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.274825][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.287958][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.300266][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.319996][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.335879][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.343811][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.350649][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.357924][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.368989][ T293] device veth0_vlan entered promiscuous mode [ 21.385521][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 21.393087][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.400512][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.408883][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.416759][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.423876][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.431508][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.439220][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.446480][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.453658][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.461615][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.468443][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.475680][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.483550][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.490331][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.497516][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.505560][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.512380][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.519630][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.527555][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.534364][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.541563][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 21.548950][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 21.561468][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.569335][ T291] device veth0_vlan entered promiscuous mode [ 21.583413][ T289] device veth0_vlan entered promiscuous mode [ 21.595002][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.603173][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.610851][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.618226][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.625776][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.633428][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.641210][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.660254][ T289] device veth1_macvtap entered promiscuous mode [ 21.666694][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 21.674777][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.682853][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.689709][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.697002][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.704753][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.712722][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.720633][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.728476][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.736431][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.744334][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.753982][ T293] device veth1_macvtap entered promiscuous mode [ 21.762857][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.771043][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.779113][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.786675][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.794534][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.807630][ T291] device veth1_macvtap entered promiscuous mode [ 21.813945][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.821411][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.829599][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.839526][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.847588][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.856281][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.864355][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.880446][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.888495][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.896732][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.904631][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.912783][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.920484][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.928311][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.936357][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.945225][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.952764][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.960297][ T292] device veth0_vlan entered promiscuous mode [ 21.971329][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.979614][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.987824][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.996180][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.007874][ T290] device veth0_vlan entered promiscuous mode [ 22.023385][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.023711][ T293] request_module fs-gadgetfs succeeded, but still no fs? [ 22.031270][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.050296][ T292] device veth1_macvtap entered promiscuous mode [ 22.057789][ T316] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 22.080376][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.093100][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.100381][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.108636][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.117164][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.125731][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.133574][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.143602][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.151659][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.161192][ T290] device veth1_macvtap entered promiscuous mode [ 22.183651][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.205935][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.215273][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.244873][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.253414][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.303705][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.332134][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.366722][ T349] af_packet: tpacket_rcv: packet too big, clamped from 40 to 4294967272. macoff=96 [ 22.404193][ T352] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15'. [ 22.635385][ T20] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 22.971747][ T387] loop0: detected capacity change from 0 to 512 [ 23.027722][ T387] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 23.038765][ T387] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 23.086969][ T389] kvm [388]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000 [ 23.155417][ T20] usb 5-1: Using ep0 maxpacket: 8 [ 23.225364][ T39] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 23.275431][ T20] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 23.285114][ T20] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 23.294967][ T20] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 23.305201][ T401] syz.0.31 (401) used greatest stack depth: 21504 bytes left [ 23.312677][ T20] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 23.335885][ T20] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 23.344784][ T20] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 23.448340][ T409] netlink: 12 bytes leftover after parsing attributes in process `syz.0.35'. [ 23.498237][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 23.509714][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 23.524075][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 23.533798][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 23.542132][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 23.550460][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 23.558874][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 23.567087][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 23.585416][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 23.603739][ T39] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 23.605478][ T409] syz.0.35 (409) used greatest stack depth: 21472 bytes left [ 23.621453][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 23.643061][ T39] usb 4-1: config 0 descriptor?? [ 24.562636][ T39] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor [ 24.591068][ T39] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0001/input/input4 [ 24.632715][ T30] kauditd_printk_skb: 73 callbacks suppressed [ 24.632727][ T30] audit: type=1400 audit(1741221867.461:149): avc: denied { write } for pid=441 comm="syz.0.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 24.678541][ T39] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 24.690155][ T30] audit: type=1400 audit(1741221867.511:150): avc: denied { ioctl } for pid=445 comm="syz.0.47" path="socket:[15904]" dev="sockfs" ino=15904 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 24.715964][ T30] audit: type=1400 audit(1741221867.531:151): avc: denied { bind } for pid=445 comm="syz.0.47" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 24.746483][ T450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.48'. [ 24.749781][ T39] usb 4-1: USB disconnect, device number 2 [ 24.779746][ T452] syz.0.49[452] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 24.779788][ T452] syz.0.49[452] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 24.820534][ T30] audit: type=1400 audit(1741221867.651:152): avc: denied { create } for pid=453 comm="syz.0.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 24.946218][ T456] kvm [455]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000 [ 25.025939][ T465] netlink: 16 bytes leftover after parsing attributes in process `syz.0.50'. [ 25.209423][ T30] audit: type=1400 audit(1741221868.041:153): avc: denied { name_bind } for pid=463 comm="syz.1.53" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 25.231244][ T30] audit: type=1400 audit(1741221868.041:154): avc: denied { node_bind } for pid=463 comm="syz.1.53" saddr=255.255.255.255 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 25.592344][ T39] usb 5-1: USB disconnect, device number 2 [ 25.645488][ T60] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 25.950656][ T487] netlink: 16 bytes leftover after parsing attributes in process `syz.4.57'. [ 26.832921][ T497] syz.2.60[497] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 26.832996][ T497] syz.2.60[497] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 26.878607][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.903445][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.913055][ T60] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 26.935997][ T60] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 26.944835][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.975857][ T60] usb 2-1: config 0 descriptor?? [ 27.135350][ T6] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 27.295356][ T482] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 27.305404][ T480] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 27.375347][ T6] usb 4-1: Using ep0 maxpacket: 32 [ 27.446209][ T60] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 27.454840][ T60] plantronics 0003:047F:FFFF.0002: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 27.505469][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.516252][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.525727][ T6] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 27.534540][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.542393][ T482] usb 3-1: Using ep0 maxpacket: 16 [ 27.547951][ T6] usb 4-1: config 0 descriptor?? [ 27.585975][ T6] hub 4-1:0.0: USB hub found [ 27.675404][ T480] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 27.686238][ T482] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 27.694060][ T482] usb 3-1: config 0 has no interface number 0 [ 27.699989][ T480] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.709702][ T482] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 27.715903][ T26] usb 2-1: USB disconnect, device number 2 [ 27.720338][ T480] usb 5-1: config 0 interface 0 has no altsetting 0 [ 27.731400][ T482] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 27.741198][ T480] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 27.749953][ T482] usb 3-1: config 0 interface 41 has no altsetting 0 [ 27.756509][ T480] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.764739][ T480] usb 5-1: config 0 descriptor?? [ 27.805399][ T6] hub 4-1:0.0: 1 port detected [ 27.935373][ T482] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 27.944263][ T482] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.952048][ T482] usb 3-1: Product: syz [ 27.956065][ T482] usb 3-1: Manufacturer: syz [ 27.960436][ T482] usb 3-1: SerialNumber: syz [ 27.965359][ T482] usb 3-1: config 0 descriptor?? [ 27.985385][ T505] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 27.992184][ T505] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 28.205983][ T505] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 28.212743][ T505] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 28.226820][ T480] hid-steam 0003:28DE:1102.0003: unknown main item tag 0x0 [ 28.234957][ T480] hid-steam 0003:28DE:1102.0003: unknown main item tag 0x0 [ 28.242244][ T480] hid-steam 0003:28DE:1102.0003: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0 [ 28.253970][ T480] hid-steam 0003:28DE:1102.0004: unknown main item tag 0x0 [ 28.261049][ T480] hid-steam 0003:28DE:1102.0004: unknown main item tag 0x0 [ 28.269739][ T480] hid-steam 0003:28DE:1102.0004: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0 [ 28.345359][ T480] hid-steam 0003:28DE:1102.0003: Steam Controller 'XXXXXXXXXX' connected [ 28.354266][ T480] input: Steam Controller as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28DE:1102.0003/input/input5 [ 28.423440][ T515] netlink: 16 bytes leftover after parsing attributes in process `syz.1.68'. [ 28.540481][ T509] input: Steam Controller as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28DE:1102.0003/input/input6 [ 28.551920][ T6] hub 4-1:0.0: activate --> -90 [ 28.552749][ T26] usb 5-1: USB disconnect, device number 3 [ 28.564282][ T26] hid-steam 0003:28DE:1102.0003: Steam Controller 'XXXXXXXXXX' disconnected [ 28.715392][ T482] Error reading MAC address [ 28.735420][ T505] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 28.742254][ T505] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 28.787178][ T447] ================================================================== [ 28.795050][ T447] BUG: KASAN: use-after-free in mutex_lock+0xa9/0x1e0 [ 28.801644][ T447] Write of size 8 at addr ffff88812c721450 by task udevd/447 [ 28.808848][ T447] [ 28.811022][ T447] CPU: 0 PID: 447 Comm: udevd Not tainted 5.15.178-syzkaller-00013-g7d1f9b5c2ff5 #0 [ 28.820220][ T447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 28.830120][ T447] Call Trace: [ 28.833238][ T447] [ 28.836015][ T447] dump_stack_lvl+0x151/0x1c0 [ 28.840528][ T447] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.845998][ T447] ? __wake_up_klogd+0xd5/0x110 [ 28.850684][ T447] ? panic+0x760/0x760 [ 28.854587][ T447] ? vfs_open+0x73/0x80 [ 28.858581][ T447] print_address_description+0x87/0x3b0 [ 28.863962][ T447] kasan_report+0x179/0x1c0 [ 28.868303][ T447] ? mutex_lock+0xa9/0x1e0 [ 28.872557][ T447] ? mutex_lock+0xa9/0x1e0 [ 28.876805][ T447] kasan_check_range+0x293/0x2a0 [ 28.881582][ T447] __kasan_check_write+0x14/0x20 [ 28.886355][ T447] mutex_lock+0xa9/0x1e0 [ 28.890435][ T447] ? wait_for_completion_killable_timeout+0x10/0x10 [ 28.896857][ T447] steam_input_open+0x91/0x1a0 [ 28.901459][ T447] ? steam_input_register+0xa70/0xa70 [ 28.906664][ T447] ? __kasan_check_write+0x14/0x20 [ 28.911611][ T447] ? mutex_lock_interruptible+0xb6/0x1e0 [ 28.917080][ T447] ? __kasan_check_write+0x14/0x20 [ 28.922030][ T447] input_open_device+0x1a5/0x310 [ 28.926799][ T447] ? kobject_get_unless_zero+0x229/0x320 [ 28.932267][ T447] evdev_open+0x3df/0x620 [ 28.936436][ T447] chrdev_open+0x4f7/0x620 [ 28.940689][ T447] ? cd_forget+0x170/0x170 [ 28.944939][ T447] ? fsnotify_perm+0x3e5/0x5b0 [ 28.949541][ T447] ? cd_forget+0x170/0x170 [ 28.953793][ T447] do_dentry_open+0x81c/0xfd0 [ 28.956791][ T26] usb 4-1: USB disconnect, device number 3 [ 28.958307][ T447] vfs_open+0x73/0x80 [ 28.958327][ T447] path_openat+0x26f0/0x2f40 [ 28.972195][ T447] ? __kasan_slab_alloc+0xb1/0xe0 [ 28.977052][ T447] ? kmem_cache_alloc+0xf5/0x250 [ 28.981825][ T447] ? getname_flags+0xba/0x520 [ 28.986339][ T447] ? __x64_sys_openat+0x243/0x290 [ 28.991199][ T447] ? do_filp_open+0x460/0x460 [ 28.995715][ T447] do_filp_open+0x21c/0x460 [ 29.000069][ T447] ? vfs_tmpfile+0x2c0/0x2c0 [ 29.004481][ T447] do_sys_openat2+0x13f/0x820 [ 29.008992][ T447] ? kmem_cache_free+0x115/0x330 [ 29.013764][ T447] ? user_path_at_empty+0x14e/0x1a0 [ 29.018800][ T447] ? do_sys_open+0x220/0x220 [ 29.023226][ T447] __x64_sys_openat+0x243/0x290 [ 29.027915][ T447] ? __ia32_sys_open+0x270/0x270 [ 29.032686][ T447] ? debug_smp_processor_id+0x17/0x20 [ 29.037895][ T447] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 29.043797][ T447] ? exit_to_user_mode_prepare+0x39/0xa0 [ 29.049269][ T447] x64_sys_call+0x6bf/0x9a0 [ 29.053604][ T447] do_syscall_64+0x3b/0xb0 [ 29.057855][ T447] ? clear_bhb_loop+0x35/0x90 [ 29.062370][ T447] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 29.068112][ T447] RIP: 0033:0x7f8f9bbd79a4 [ 29.072352][ T447] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83 [ 29.091792][ T447] RSP: 002b:00007ffcfebebd90 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 29.100037][ T447] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8f9bbd79a4 [ 29.107848][ T447] RDX: 0000000000080000 RSI: 0000563acb106630 RDI: 00000000ffffff9c [ 29.115659][ T447] RBP: 0000563acb106630 R08: 0000563acb15abc8 R09: fffffffffffffe98 [ 29.123469][ T447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080000 [ 29.131283][ T447] R13: 00007ffcfebebf58 R14: 0000000000000000 R15: 0000563a9d95ded5 [ 29.139095][ T447] [ 29.141957][ T447] [ 29.144128][ T447] Allocated by task 480: [ 29.148207][ T447] ____kasan_kmalloc+0xdb/0x110 [ 29.152893][ T447] __kasan_kmalloc+0x9/0x10 [ 29.157234][ T447] __kmalloc_track_caller+0x13e/0x2c0 [ 29.162441][ T447] devm_kmalloc+0x4f/0x160 [ 29.166694][ T447] steam_probe+0x11d/0xa80 [ 29.170947][ T447] hid_device_probe+0x261/0x390 [ 29.175633][ T447] really_probe+0x28d/0x970 [ 29.179973][ T447] __driver_probe_device+0x1a0/0x310 [ 29.185094][ T447] driver_probe_device+0x54/0x3d0 [ 29.189954][ T447] __device_attach_driver+0x2c5/0x470 [ 29.195163][ T447] bus_for_each_drv+0x183/0x200 [ 29.199848][ T447] __device_attach+0x312/0x510 [ 29.204449][ T447] device_initial_probe+0x1a/0x20 [ 29.209308][ T447] bus_probe_device+0xbe/0x1e0 [ 29.213909][ T447] device_add+0xb60/0xf10 [ 29.218075][ T447] hid_add_device+0x39c/0x4e0 [ 29.222589][ T447] usbhid_probe+0xb0e/0xea0 [ 29.226927][ T447] usb_probe_interface+0x5b6/0xa90 [ 29.231880][ T447] really_probe+0x28d/0x970 [ 29.236216][ T447] __driver_probe_device+0x1a0/0x310 [ 29.241335][ T447] driver_probe_device+0x54/0x3d0 [ 29.246198][ T447] __device_attach_driver+0x2c5/0x470 [ 29.251406][ T447] bus_for_each_drv+0x183/0x200 [ 29.256092][ T447] __device_attach+0x312/0x510 [ 29.260690][ T447] device_initial_probe+0x1a/0x20 [ 29.265551][ T447] bus_probe_device+0xbe/0x1e0 [ 29.270151][ T447] device_add+0xb60/0xf10 [ 29.274318][ T447] usb_set_configuration+0x190f/0x1e80 [ 29.279613][ T447] usb_generic_driver_probe+0x8b/0x150 [ 29.284907][ T447] usb_probe_device+0x144/0x260 [ 29.289595][ T447] really_probe+0x28d/0x970 [ 29.293933][ T447] __driver_probe_device+0x1a0/0x310 [ 29.299054][ T447] driver_probe_device+0x54/0x3d0 [ 29.303913][ T447] __device_attach_driver+0x2c5/0x470 [ 29.309123][ T447] bus_for_each_drv+0x183/0x200 [ 29.313807][ T447] __device_attach+0x312/0x510 [ 29.318408][ T447] device_initial_probe+0x1a/0x20 [ 29.323268][ T447] bus_probe_device+0xbe/0x1e0 [ 29.327868][ T447] device_add+0xb60/0xf10 [ 29.332034][ T447] usb_new_device+0x1038/0x1c10 [ 29.336722][ T447] hub_event+0x2def/0x4770 [ 29.340976][ T447] process_one_work+0x6bb/0xc10 [ 29.345661][ T447] worker_thread+0xad5/0x12a0 [ 29.350180][ T447] kthread+0x421/0x510 [ 29.354080][ T447] ret_from_fork+0x1f/0x30 [ 29.358333][ T447] [ 29.360503][ T447] Freed by task 26: [ 29.364152][ T447] kasan_set_track+0x4b/0x70 [ 29.368574][ T447] kasan_set_free_info+0x23/0x40 [ 29.373348][ T447] ____kasan_slab_free+0x126/0x160 [ 29.378297][ T447] __kasan_slab_free+0x11/0x20 [ 29.382896][ T447] slab_free_freelist_hook+0xbd/0x190 [ 29.388106][ T447] kfree+0xcc/0x270 [ 29.391750][ T447] release_nodes+0xf1/0x230 [ 29.396087][ T447] devres_release_all+0x148/0x1a0 [ 29.400948][ T447] device_release_driver_internal+0x51a/0x7d0 [ 29.406852][ T447] device_release_driver+0x19/0x20 [ 29.411797][ T447] bus_remove_device+0x2f8/0x360 [ 29.416573][ T447] device_del+0x663/0xe90 [ 29.420737][ T447] hid_destroy_device+0x68/0x110 [ 29.425511][ T447] usbhid_disconnect+0x9e/0xc0 [ 29.430109][ T447] usb_unbind_interface+0x1fa/0x8c0 [ 29.435146][ T447] device_release_driver_internal+0x50b/0x7d0 [ 29.441047][ T447] device_release_driver+0x19/0x20 [ 29.445997][ T447] bus_remove_device+0x2f8/0x360 [ 29.450768][ T447] device_del+0x663/0xe90 [ 29.454942][ T447] usb_disable_device+0x380/0x720 [ 29.459793][ T447] usb_disconnect+0x32a/0x890 [ 29.464306][ T447] hub_event+0x1d42/0x4770 [ 29.468559][ T447] process_one_work+0x6bb/0xc10 [ 29.473246][ T447] worker_thread+0xad5/0x12a0 [ 29.477760][ T447] kthread+0x421/0x510 [ 29.481666][ T447] ret_from_fork+0x1f/0x30 [ 29.485929][ T447] [ 29.488088][ T447] The buggy address belongs to the object at ffff88812c721400 [ 29.488088][ T447] which belongs to the cache kmalloc-512 of size 512 [ 29.501978][ T447] The buggy address is located 80 bytes inside of [ 29.501978][ T447] 512-byte region [ffff88812c721400, ffff88812c721600) [ 29.514995][ T447] The buggy address belongs to the page: [ 29.520475][ T447] page:ffffea0004b1c800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12c720 [ 29.530531][ T447] head:ffffea0004b1c800 order:2 compound_mapcount:0 compound_pincount:0 [ 29.538691][ T447] flags: 0x4000000000010200(slab|head|zone=1) [ 29.544610][ T447] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100042f00 [ 29.553018][ T447] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 29.561428][ T447] page dumped because: kasan: bad access detected [ 29.567684][ T447] page_owner tracks the page as allocated [ 29.573234][ T447] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 0, ts 27655393260, free_ts 0 [ 29.591819][ T447] post_alloc_hook+0x1a3/0x1b0 [ 29.596411][ T447] prep_new_page+0x1b/0x110 [ 29.600747][ T447] get_page_from_freelist+0x3550/0x35d0 [ 29.606127][ T447] __alloc_pages+0x27e/0x8f0 [ 29.610553][ T447] new_slab+0x9a/0x4e0 [ 29.614459][ T447] ___slab_alloc+0x39e/0x830 [ 29.618887][ T447] __slab_alloc+0x4a/0x90 [ 29.623052][ T447] __kmalloc_track_caller+0x171/0x2c0 [ 29.628262][ T447] __alloc_skb+0x10c/0x550 [ 29.632859][ T447] ndisc_alloc_skb+0xf3/0x2d0 [ 29.637380][ T447] ndisc_send_rs+0x26c/0x6a0 [ 29.641805][ T447] addrconf_rs_timer+0x2d1/0x600 [ 29.646576][ T447] call_timer_fn+0x3b/0x2d0 [ 29.650910][ T447] __run_timers+0x72a/0xa10 [ 29.655251][ T447] run_timer_softirq+0x69/0xf0 [ 29.659853][ T447] handle_softirqs+0x25e/0x5c0 [ 29.664450][ T447] page_owner free stack trace missing [ 29.669660][ T447] [ 29.671839][ T447] Memory state around the buggy address: [ 29.677301][ T447] ffff88812c721300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.685202][ T447] ffff88812c721380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.693097][ T447] >ffff88812c721400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.700991][ T447] ^ [ 29.707506][ T447] ffff88812c721480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.715404][ T447] ffff88812c721500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.723299][ T447] ================================================================== [ 29.731196][ T447] Disabling lock debugging due to kernel taint [ 29.740203][ T447] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.749022][ T447] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.757813][ T447] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.773626][ T447] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.782583][ T447] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.792074][ T86] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.802769][ T86] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.811758][ T86] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.820644][ T86] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.829414][ T86] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.838278][ T86] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.847130][ T86] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.855910][ T86] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.864595][ T86] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.873284][ T86] hid 0003:28DE:1102.0003: No HID_FEATURE_REPORT submitted - nothing to read [ 29.955389][ T482] sr9700 3-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address [ 29.965038][ T482] usb 3-1: USB disconnect, device number 2 [ 33.950914][ T30] audit: type=1400 audit(1741221876.781:155): avc: denied { append } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.972744][ T30] audit: type=1400 audit(1741221876.781:156): avc: denied { open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.994805][ T30] audit: type=1400 audit(1741221876.781:157): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1