last executing test programs: 3.412422212s ago: executing program 0 (id=1): r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="850000002e00000016005c000000000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, 0xffffffffffffffff, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0xfe8e}, 0x3f) unshare(0x6020400) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000002ec0)=ANY=[@ANYBLOB="84010000000000009c110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03bf3a48dfe3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f541cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc36b3d7c734a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9d74aa222038994dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b223ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bf050c719661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebebf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc02846ac5791278f18c6759e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6ddeb67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff8279421778d4a914512ca803da18db6fcf89715c2d338f78d8b9220171b41f528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef00000000000000000000373494cd59e8ba04ec8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac038e9e17136e7c698f73faaabb3d00000000000080014573789425c4c32da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767cd755783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a4af7464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f952b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf41ba88c7eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac80574fa3ea312997ab81bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be80bac1b6be04fd98610000000000000000000000000000139af5493f74751c5e2501a4936bc4a0fa516117f4ccadc692003adee0a080eba2f1059660c0ee0e9aec72d4d0fe095632e4f641b0e34c611c5b3e0ba05fa36542d4f237dda323910672a9097d68398fd3539686e4288db0d6bf7cb8a1835f46dfe11865a66ef47e736dada06677a5bca133d6cbc8fe5c4557e51b006bdccd7c5f32ff1d9e8b130f77df09236870fb3de5b87b4f8acc13df534eba329b8667b4dd0c"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000840)) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340)=0xffffffffffffffff, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x200000000000011b, &(0x7f0000000180)=ANY=[@ANYBLOB="de1800fd0300"/20, @ANYRES64=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00bd0000bfa200000000000007820000f8ffffffb703000008000000b704000000000000850000004300000095febc4f161b96fd8e38ab1cbd", @ANYRESDEC=r0, @ANYRES8=r0, @ANYRES64=r0], 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2d, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r2, 0x0, 0x0}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x2) r4 = dup(r3) syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000000)='./file1\x00', 0x800, &(0x7f0000000840)=ANY=[@ANYBLOB='uni_xlate=1,shortname=mixed,uni_xlate=0,codepage=862,allow_utime=00000000000000000000005,shortname=win95,codepage=1251,shortname=lower,umask=00000000000000000000003,iocharset=macinuit,utf8=0,iocharset=iso8859-14,utf8=0,rodir,uni_xlate=0,nonumtail=0,smackfshat=shortname=win95,fowner<', @ANYRESDEC=0x0, @ANYBLOB=',smackfsdef=vfat\x00,uid>', @ANYRESDEC=0x0, @ANYBLOB="2c005cab51627b8b7dd8a6437793da7c1222417127040a166394c89f9eeca869ae42e82d86521118e496219161af36405e4b6bf1b1e66d300afebec2561305ea6d82414cb32b8cc8b6b0439a76330408e04089d74b1bac9f5f8fbb9323948582a9544224acb6c6f21f750d3883cac3cae07cf06803f2bdba446709fa30f89838a883240aacdf124776a70ae860e003ac3c997bda8930218849658c1603b1a428e5d02095bf9f218d3b3daca3abcccef1d40f2028122f532ff5239f35b96947c9e9f21f2ec1574eee92ea63e7987a7419c0b64075d3cfac2f164585690e01"], 0x81, 0x29b, &(0x7f0000000580)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==") fchdir(0xffffffffffffffff) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r5, &(0x7f0000001ac0)=""/4095, 0xfff) ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x103, 0x100, 0x551}}) 3.330554795s ago: executing program 2 (id=3): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = pidfd_getfd(r1, r1, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0xc) 3.239707988s ago: executing program 2 (id=7): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120110010000004058040350"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_connect$uac2(0x4, 0xb7, &(0x7f0000000180)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x48, 0x499, 0x1039, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa5, 0x3, 0x1, 0x85, 0xe6d65e2c16ddbb6c, 0x7, {0x8, 0xb, 0x2, 0x2, 0x1, 0x5, 0x20, 0x6}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0x9, 0x4, 0x35, 0x3}, [@feature_unit={0x7, 0x24, 0x6, 0x6, 0x4, [0x1]}, @effect_unit={0x11, 0x24, 0x7, 0x2, 0x4, 0x4, [0x1, 0x2, 0x2, 0x0, 0x2]}, @processing_unit={0xd, 0x24, 0x8, 0x3, 0x1, [0x3, 0x1, 0x2, 0x3]}, @multiply_unit={0x7, 0x24, 0xc, 0x1, 0x7, 0x8, 0x80}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x2, 0x1, 0x0, {0x8, 0x25, 0x1, 0x2, 0x3c, 0x3}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@as_header={0x10, 0x24, 0x1, 0x7, 0x9, 0x3, 0x3, 0x3, 0x7ff, 0x8e}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x1, 0x0, 0x28, {0x8, 0x25, 0x1, 0x83, 0x3f, 0x10, 0x8000}}}}}}}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x201, 0x8, 0xf, 0xfe, 0x40, 0xf4}, 0x2e, &(0x7f00000002c0)={0x5, 0xf, 0x2e, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x9, 0x1, 0x8000}, @generic={0x18, 0x10, 0x1, "61188a11255d74577b182422a68714abec3f048862"}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x1, 0x4, 0x5471}]}, 0x1, [{0x0, 0x0}]}) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_ep_write(r0, 0x81, 0xffffffffffffff6d, &(0x7f0000000100)="019a18370cfb661ba08c228ce6ca19b6a99a071ca34c72c891f8a260fa00000080977dae8d64a30e92cd51117c4a71e26518e804c00058e6c7c0c363027251668bb650d90000000000") 3.210296149s ago: executing program 3 (id=4): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120110010000004058040350"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_connect$uac2(0x4, 0xb3, &(0x7f0000000180)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x48, 0x499, 0x1039, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa1, 0x3, 0x1, 0x85, 0xe6d65e2c16ddbb6c, 0x7, {0x8, 0xb, 0x2, 0x2, 0x1, 0x5, 0x20, 0x6}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0x9, 0x4, 0x33, 0x3}, [@feature_unit={0x7, 0x24, 0x6, 0x6, 0x4, [0x1]}, @effect_unit={0x11, 0x24, 0x7, 0x2, 0x4, 0x4, [0x1, 0x2, 0x2, 0x0, 0x2]}, @processing_unit={0xb, 0x24, 0x8, 0x3, 0x1, [0x3, 0x1, 0x2]}, @multiply_unit={0x7, 0x24, 0xc, 0x1, 0x7, 0x8, 0x80}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x6, 0x1, 0xa3, 0x8, "d5e303d4b47f"}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x2, 0x1, 0x0, {0x8, 0x25, 0x1, 0x2, 0x3c, 0x3}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x1, 0x0, 0x28, {0x8, 0x25, 0x1, 0x83, 0x3f, 0x10, 0x8000}}}}}}}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_ep_write(r0, 0x81, 0xffffffffffffff6d, &(0x7f0000000100)="019a18370cfb661ba08c228ce6ca19b6a99a071ca34c72c891f8a260fa00000080977dae8d64a30e92cd51117c4a71e26518e804c00058e6c7c0c363027251668bb650d90000000000") 3.120738132s ago: executing program 1 (id=2): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 3.047051964s ago: executing program 0 (id=8): r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b510f210950b2a7773820102030109022400010000000009042200028953950009050a02ff0300fa000905820250"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000380)={0x1c, &(0x7f0000000240)=ANY=[@ANYBLOB="200507"], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000580)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="400d03"], 0x0, 0x0}) syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000001340)={0x44, &(0x7f0000000140)=ANY=[@ANYBLOB="201201010000f2"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 290.97184ms ago: executing program 4 (id=10): setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, &(0x7f00000000c0)) 289.5842ms ago: executing program 4 (id=11): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0xffffffff) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f00000000c0)=0x1) 137.404595ms ago: executing program 4 (id=12): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_KEY(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)={0x28, r0, 0x1, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0x4}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x40014) 111.775326ms ago: executing program 4 (id=13): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)="5c00000012006bcd9e3fe3dc6e48aa310b6b87033c00a6007f03000000000000040014000d000a000f0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb4a00f698", 0x5b}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) socket(0x11, 0xa, 0x5) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x20044000}, 0x8042) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x1c}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbe8}, {&(0x7f00000007c0)=""/154, 0x43}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x80) 39.297519ms ago: executing program 1 (id=14): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) ioctl$USBDEVFS_RELEASE_PORT(r0, 0x80045519, &(0x7f0000000040)) 14.28514ms ago: executing program 4 (id=15): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$PTP_PEROUT_REQUEST2(r0, 0x40043d0d, 0x0) 12.61268ms ago: executing program 4 (id=16): r0 = syz_usb_connect(0x0, 0x81, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000a7420040ab0501030001010203010902240001000000000904000002aad45c0009058e02000000000009050a06"], 0x0) syz_usb_control_io$uac2(r0, 0x0, 0x0) 0s ago: executing program 1 (id=17): syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4d0086d0492082a6d0000000109021b0001000000000904"], 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x2e8}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000080)={&(0x7f0000431000/0x4000)=nil, 0x4000}) openat$tun(0xffffffffffffff9c, 0x0, 0x40000, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.49' (ED25519) to the list of known hosts. [ 20.915701][ T30] audit: type=1400 audit(1781633538.681:64): avc: denied { mounton } for pid=277 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.916809][ T277] cgroup: Unknown subsys name 'net' [ 20.938367][ T30] audit: type=1400 audit(1781633538.681:65): avc: denied { mount } for pid=277 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.965631][ T30] audit: type=1400 audit(1781633538.721:66): avc: denied { unmount } for pid=277 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.965789][ T277] cgroup: Unknown subsys name 'devices' [ 21.051067][ T277] cgroup: Unknown subsys name 'hugetlb' [ 21.056684][ T277] cgroup: Unknown subsys name 'rlimit' [ 21.163234][ T30] audit: type=1400 audit(1781633538.931:67): avc: denied { setattr } for pid=277 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.186443][ T30] audit: type=1400 audit(1781633538.931:68): avc: denied { mounton } for pid=277 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.191885][ T279] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.211145][ T30] audit: type=1400 audit(1781633538.931:69): avc: denied { mount } for pid=277 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.242790][ T30] audit: type=1400 audit(1781633538.991:70): avc: denied { relabelto } for pid=279 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.268164][ T30] audit: type=1400 audit(1781633538.991:71): avc: denied { write } for pid=279 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.305772][ T30] audit: type=1400 audit(1781633539.071:72): avc: denied { read } for pid=277 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.331850][ T30] audit: type=1400 audit(1781633539.071:73): avc: denied { open } for pid=277 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.331911][ T277] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.089676][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.096716][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.104171][ T285] device bridge_slave_0 entered promiscuous mode [ 22.112032][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.119388][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.126673][ T285] device bridge_slave_1 entered promiscuous mode [ 22.155082][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.162158][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.169567][ T286] device bridge_slave_0 entered promiscuous mode [ 22.177307][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.184410][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.191852][ T286] device bridge_slave_1 entered promiscuous mode [ 22.231904][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.238961][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.246364][ T287] device bridge_slave_0 entered promiscuous mode [ 22.255634][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.262794][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.270064][ T287] device bridge_slave_1 entered promiscuous mode [ 22.359713][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.366762][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.374135][ T289] device bridge_slave_0 entered promiscuous mode [ 22.383453][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.390609][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.397857][ T289] device bridge_slave_1 entered promiscuous mode [ 22.461773][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.468822][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.476264][ T288] device bridge_slave_0 entered promiscuous mode [ 22.483097][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.490150][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.497525][ T288] device bridge_slave_1 entered promiscuous mode [ 22.518356][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.525415][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.532727][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.539767][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.564742][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.571806][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.579085][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.586095][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.602674][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.609737][ T285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.616992][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.624024][ T285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.661614][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.668933][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.676218][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.683439][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.690648][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.697738][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.705708][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.713140][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.732647][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.751034][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.758376][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.766682][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.773736][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.790955][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.799146][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.806158][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.813812][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.821748][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.829908][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.836908][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.851839][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.860082][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.867087][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.874500][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.882877][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.889920][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.899234][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.907325][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.914348][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.929515][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.937259][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.949761][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.974454][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.982956][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.989993][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.997336][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.005994][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.013029][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.020367][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.028240][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.036198][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.044135][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.070119][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.078412][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.087922][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.096127][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.106713][ T285] device veth0_vlan entered promiscuous mode [ 23.114984][ T286] device veth0_vlan entered promiscuous mode [ 23.121818][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.129824][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.138131][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.146315][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.154566][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.162128][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.169599][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.176947][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.194890][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.203353][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.211924][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.220637][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.234633][ T289] device veth0_vlan entered promiscuous mode [ 23.243012][ T285] device veth1_macvtap entered promiscuous mode [ 23.250008][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.257670][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.266195][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.274705][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.282757][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.290805][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.298587][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.306668][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.314100][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.321677][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.329044][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.337014][ T287] device veth0_vlan entered promiscuous mode [ 23.353014][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.360551][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.367940][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.376517][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.384845][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.391905][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.399426][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.407670][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.415807][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.422833][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.430333][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.438483][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.456062][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.463780][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.471977][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.480393][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.488338][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.496572][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.504996][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.513149][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.521289][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.541982][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.550321][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.558402][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.566476][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.578232][ T287] device veth1_macvtap entered promiscuous mode [ 23.585973][ T289] device veth1_macvtap entered promiscuous mode [ 23.592650][ T285] request_module fs-gadgetfs succeeded, but still no fs? [ 23.607717][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.615826][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.623490][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.631862][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.640391][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.648554][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.657088][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.665444][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.673879][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.682183][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.691589][ T286] device veth1_macvtap entered promiscuous mode [ 23.717154][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.732092][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.744876][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.768733][ T288] device veth0_vlan entered promiscuous mode [ 23.781510][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.792956][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.802290][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.811642][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.820235][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.828173][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.836904][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.846736][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.866907][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.878586][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.900943][ T288] device veth1_macvtap entered promiscuous mode [ 23.923345][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.933204][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.946685][ T327] loop0: detected capacity change from 0 to 256 [ 23.961414][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.979751][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.079216][ T307] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 24.139126][ T293] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 24.189154][ T26] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 24.269880][ T42] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 24.319211][ T307] usb 5-1: Using ep0 maxpacket: 32 [ 24.379382][ T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.439175][ T307] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 24.449551][ T307] usb 5-1: config 155 interface 0 altsetting 0 has an invalid endpoint with address 0xE2, skipping [ 24.460342][ T307] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 24.499166][ T293] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.510294][ T293] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 24.519371][ T293] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.520100][ T42] usb 2-1: Using ep0 maxpacket: 16 [ 24.528241][ T293] usb 3-1: config 0 descriptor?? [ 24.569273][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.580317][ T26] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 24.589612][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.599772][ T26] usb 4-1: config 0 descriptor?? [ 24.629161][ T307] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 24.638268][ T6] usb 1-1: Using ep0 maxpacket: 16 [ 24.643438][ T307] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.651594][ T307] usb 5-1: Product: syz [ 24.655748][ T307] usb 5-1: Manufacturer: syz [ 24.660358][ T307] usb 5-1: SerialNumber: syz [ 24.669731][ T42] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 24.677786][ T42] usb 2-1: config 0 has no interface number 0 [ 24.759190][ T6] usb 1-1: config 0 has an invalid interface number: 34 but max is 0 [ 24.767373][ T6] usb 1-1: config 0 has no interface number 0 [ 24.773546][ T6] usb 1-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 24.783741][ T6] usb 1-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 24.869241][ T293] usbhid 3-1:0.0: can't add hid device: -71 [ 24.869353][ T42] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 24.875301][ T293] usbhid: probe of 3-1:0.0 failed with error -71 [ 24.884515][ T42] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.892289][ T293] usb 3-1: USB disconnect, device number 2 [ 24.900799][ T42] usb 2-1: Product: syz [ 24.908906][ T42] usb 2-1: Manufacturer: syz [ 24.913702][ T42] usb 2-1: SerialNumber: syz [ 24.920927][ T42] usb 2-1: config 0 descriptor?? [ 24.949215][ T26] usbhid 4-1:0.0: can't add hid device: -71 [ 24.955315][ T26] usbhid: probe of 4-1:0.0 failed with error -71 [ 24.964842][ T26] usb 4-1: USB disconnect, device number 2 [ 24.969220][ T6] usb 1-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 24.979923][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.987941][ T6] usb 1-1: Product: syz [ 24.992461][ T6] usb 1-1: Manufacturer: syz [ 24.997040][ T6] usb 1-1: SerialNumber: syz [ 25.003895][ T6] usb 1-1: config 0 descriptor?? [ 25.019167][ T332] raw-gadget.4 gadget: fail, usb_ep_enable returned -22 [ 25.026240][ T332] raw-gadget.4 gadget: fail, usb_ep_enable returned -22 [ 25.240376][ T332] raw-gadget.4 gadget: fail, usb_ep_enable returned -22 [ 25.247366][ T332] raw-gadget.4 gadget: fail, usb_ep_enable returned -22 [ 25.349146][ T293] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 25.429154][ T26] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 25.479176][ T6] asix 1-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random [ 25.709161][ T293] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.720128][ T293] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40 [ 25.729285][ T293] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.738069][ T293] usb 3-1: config 0 descriptor?? [ 25.859247][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.870253][ T26] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40 [ 25.879304][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.887955][ T26] usb 4-1: config 0 descriptor?? [ 26.679149][ T293] aiptek 3-1:0.0: Aiptek using 400 ms programming speed [ 26.686631][ T293] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input4 [ 26.768203][ T20] usb 5-1: USB disconnect, device number 2 [ 26.778002][ T30] kauditd_printk_skb: 32 callbacks suppressed [ 26.778015][ T30] audit: type=1400 audit(1781633544.551:106): avc: denied { create } for pid=341 comm="syz.4.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 26.808910][ T30] audit: type=1400 audit(1781633544.571:107): avc: denied { create } for pid=343 comm="syz.4.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 26.834927][ T30] audit: type=1400 audit(1781633544.581:108): avc: denied { getopt } for pid=343 comm="syz.4.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 26.854665][ T30] audit: type=1400 audit(1781633544.601:109): avc: denied { read write } for pid=345 comm="syz.4.11" name="ppp" dev="devtmpfs" ino=153 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 26.877682][ T26] aiptek 4-1:0.0: Aiptek using 400 ms programming speed [ 26.879167][ T30] audit: type=1400 audit(1781633544.601:110): avc: denied { open } for pid=345 comm="syz.4.11" path="/dev/ppp" dev="devtmpfs" ino=153 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 26.885490][ T26] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input5 [ 26.907861][ T30] audit: type=1400 audit(1781633544.601:111): avc: denied { ioctl } for pid=345 comm="syz.4.11" path="/dev/ppp" dev="devtmpfs" ino=153 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 26.987349][ T30] audit: type=1400 audit(1781633544.751:112): avc: denied { create } for pid=347 comm="syz.4.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.999180][ T6] asix 1-1:0.34 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 27.012871][ T30] audit: type=1400 audit(1781633544.751:113): avc: denied { write } for pid=347 comm="syz.4.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.029535][ T6] asix 1-1:0.34 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 27.042584][ T30] audit: type=1400 audit(1781633544.751:114): avc: denied { read } for pid=347 comm="syz.4.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.051037][ T6] asix: probe of 1-1:0.34 failed with error -71 [ 27.070563][ T30] audit: type=1400 audit(1781633544.751:115): avc: denied { ioctl } for pid=347 comm="syz.4.12" path="socket:[16540]" dev="sockfs" ino=16540 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.092631][ T6] usb 1-1: USB disconnect, device number 2 [ 27.124056][ T20] usb 2-1: USB disconnect, device number 2 [ 27.199109][ C0] ================================================================================ [ 27.208399][ C0] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:741:31 [ 27.216967][ C0] index 259 is out of range for type 'const int[34]' [ 27.223615][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 [ 27.230619][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 27.240679][ C0] Call Trace: [ 27.243941][ C0] [ 27.246768][ C0] __dump_stack+0x21/0x30 [ 27.251091][ C0] dump_stack_lvl+0x110/0x170 [ 27.255753][ C0] ? show_regs_print_info+0x20/0x20 [ 27.260957][ C0] dump_stack+0x15/0x20 [ 27.265099][ C0] ubsan_epilogue+0xe/0x40 [ 27.269496][ C0] __ubsan_handle_out_of_bounds+0xdf/0xf0 [ 27.275213][ C0] aiptek_irq+0x2045/0x29b0 [ 27.279699][ C0] ? kcov_remote_start+0x217/0x350 [ 27.284791][ C0] __usb_hcd_giveback_urb+0x32f/0x4f0 [ 27.290140][ C0] usb_hcd_giveback_urb+0x11d/0x3f0 [ 27.295318][ C0] ? _raw_spin_unlock+0x4d/0x70 [ 27.300152][ C0] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120 [ 27.306053][ C0] dummy_timer+0xa34/0x31d0 [ 27.310545][ C0] ? dummy_free_streams+0x5c0/0x5c0 [ 27.315737][ C0] ? __kasan_check_write+0x14/0x20 [ 27.320846][ C0] ? _raw_spin_lock_irqsave+0x130/0x130 [ 27.326378][ C0] ? dummy_free_streams+0x5c0/0x5c0 [ 27.331583][ C0] call_timer_fn+0x38/0x290 [ 27.336069][ C0] ? dummy_free_streams+0x5c0/0x5c0 [ 27.341247][ C0] __run_timers+0x637/0x9a0 [ 27.345733][ C0] ? calc_index+0x200/0x200 [ 27.350223][ C0] ? sched_clock_cpu+0x18/0x3d0 [ 27.355055][ C0] run_timer_softirq+0x6a/0xf0 [ 27.359799][ C0] handle_softirqs+0x250/0x560 [ 27.364547][ C0] ? irqtime_account_irq+0xbe/0x390 [ 27.369727][ C0] __irq_exit_rcu+0x52/0xf0 [ 27.374218][ C0] irq_exit_rcu+0x9/0x10 [ 27.378458][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 27.384068][ C0] [ 27.386977][ C0] [ 27.389885][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 27.395846][ C0] RIP: 0010:default_idle+0xf/0x20 [ 27.400870][ C0] Code: 8c 4b ff ff ff 4c 89 f7 e8 6e d1 f5 fc e9 3e ff ff ff 00 00 cc cc 00 00 cc cc 00 55 48 89 e5 66 90 0f 00 2d 43 22 52 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 [ 27.420463][ C0] RSP: 0018:ffffffff86607d78 EFLAGS: 00000242 [ 27.426509][ C0] RAX: 0000000000003e52 RBX: ffffffff8661c400 RCX: 0000000000003e52 [ 27.434461][ C0] RDX: 0000000000000001 RSI: ffffffff856380e0 RDI: ffffffff856380a0 [ 27.442415][ C0] RBP: ffffffff86607d78 R08: ffff8881f7038c73 R09: 1ffff1103ee0718e [ 27.449151][ T26] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 27.450369][ C0] R10: dffffc0000000000 R11: ffffed103ee0718f R12: 0000000000000000 [ 27.450387][ C0] R13: 1ffffffff0cc3880 R14: dffffc0000000000 R15: dffffc0000000000 [ 27.473717][ C0] arch_cpu_idle+0xa/0x10 [ 27.478039][ C0] default_idle_call+0x71/0x1d0 [ 27.482876][ C0] do_idle+0x368/0x620 [ 27.486927][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 27.492104][ C0] ? do_idle+0x1/0x620 [ 27.496154][ C0] cpu_startup_entry+0x18/0x20 [ 27.500898][ C0] rest_init+0x10a/0x130 [ 27.505120][ C0] ? time_init+0x40/0x40 [ 27.509340][ C0] arch_call_rest_init+0xe/0x10 [ 27.514170][ C0] start_kernel+0x46d/0x4e0 [ 27.518649][ C0] x86_64_start_reservations+0x2a/0x30 [ 27.524086][ C0] x86_64_start_kernel+0x5b/0x60 [ 27.529004][ C0] secondary_startup_64_no_verify+0xb1/0xbb [ 27.534877][ C0] [ 27.537874][ C0] ================================================================================ [ 27.547139][ C0] ================================================================== [ 27.555176][ C0] BUG: KASAN: global-out-of-bounds in aiptek_irq+0x2063/0x29b0 [ 27.562721][ C0] Read of size 4 at addr ffffffff857edcac by task swapper/0/0 [ 27.570165][ C0] [ 27.572468][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 [ 27.579468][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 27.589502][ C0] Call Trace: [ 27.592760][ C0] [ 27.595593][ C0] __dump_stack+0x21/0x30 [ 27.599926][ C0] dump_stack_lvl+0x110/0x170 [ 27.604596][ C0] ? show_regs_print_info+0x20/0x20 [ 27.609784][ C0] ? load_image+0x3f0/0x3f0 [ 27.614272][ C0] ? dump_stack_lvl+0x134/0x170 [ 27.619113][ C0] print_address_description+0x7f/0x2c0 [ 27.624661][ C0] ? aiptek_irq+0x2063/0x29b0 [ 27.629324][ C0] kasan_report+0x10f/0x150 [ 27.633810][ C0] ? aiptek_irq+0x2063/0x29b0 [ 27.638467][ C0] __asan_report_load4_noabort+0x14/0x20 [ 27.644079][ C0] aiptek_irq+0x2063/0x29b0 [ 27.648580][ C0] ? kcov_remote_start+0x217/0x350 [ 27.653670][ C0] __usb_hcd_giveback_urb+0x32f/0x4f0 [ 27.659023][ C0] usb_hcd_giveback_urb+0x11d/0x3f0 [ 27.664214][ C0] ? _raw_spin_unlock+0x4d/0x70 [ 27.669044][ C0] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120 [ 27.674931][ C0] dummy_timer+0xa34/0x31d0 [ 27.679421][ C0] ? dummy_free_streams+0x5c0/0x5c0 [ 27.684598][ C0] ? __kasan_check_write+0x14/0x20 [ 27.689692][ C0] ? _raw_spin_lock_irqsave+0x130/0x130 [ 27.695219][ C0] ? dummy_free_streams+0x5c0/0x5c0 [ 27.700401][ C0] call_timer_fn+0x38/0x290 [ 27.704885][ C0] ? dummy_free_streams+0x5c0/0x5c0 [ 27.710063][ C0] __run_timers+0x637/0x9a0 [ 27.714566][ C0] ? calc_index+0x200/0x200 [ 27.719046][ C0] ? sched_clock_cpu+0x18/0x3d0 [ 27.723901][ C0] run_timer_softirq+0x6a/0xf0 [ 27.728643][ C0] handle_softirqs+0x250/0x560 [ 27.733407][ C0] ? irqtime_account_irq+0xbe/0x390 [ 27.738584][ C0] __irq_exit_rcu+0x52/0xf0 [ 27.743077][ C0] irq_exit_rcu+0x9/0x10 [ 27.747314][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 27.752927][ C0] [ 27.755835][ C0] [ 27.758750][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 27.764717][ C0] RIP: 0010:default_idle+0xf/0x20 [ 27.769732][ C0] Code: 8c 4b ff ff ff 4c 89 f7 e8 6e d1 f5 fc e9 3e ff ff ff 00 00 cc cc 00 00 cc cc 00 55 48 89 e5 66 90 0f 00 2d 43 22 52 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 [ 27.789316][ C0] RSP: 0018:ffffffff86607d78 EFLAGS: 00000242 [ 27.795366][ C0] RAX: 0000000000003e52 RBX: ffffffff8661c400 RCX: 0000000000003e52 [ 27.803316][ C0] RDX: 0000000000000001 RSI: ffffffff856380e0 RDI: ffffffff856380a0 [ 27.811271][ C0] RBP: ffffffff86607d78 R08: ffff8881f7038c73 R09: 1ffff1103ee0718e [ 27.819231][ C0] R10: dffffc0000000000 R11: ffffed103ee0718f R12: 0000000000000000 [ 27.827180][ C0] R13: 1ffffffff0cc3880 R14: dffffc0000000000 R15: dffffc0000000000 [ 27.835139][ C0] arch_cpu_idle+0xa/0x10 [ 27.839472][ C0] default_idle_call+0x71/0x1d0 [ 27.844315][ C0] do_idle+0x368/0x620 [ 27.848368][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 27.853551][ C0] ? do_idle+0x1/0x620 [ 27.857601][ C0] cpu_startup_entry+0x18/0x20 [ 27.862347][ C0] rest_init+0x10a/0x130 [ 27.866574][ C0] ? time_init+0x40/0x40 [ 27.870803][ C0] arch_call_rest_init+0xe/0x10 [ 27.875637][ C0] start_kernel+0x46d/0x4e0 [ 27.880122][ C0] x86_64_start_reservations+0x2a/0x30 [ 27.885571][ C0] x86_64_start_kernel+0x5b/0x60 [ 27.890496][ C0] secondary_startup_64_no_verify+0xb1/0xbb [ 27.896378][ C0] [ 27.899379][ C0] [ 27.901680][ C0] The buggy address belongs to the variable: [ 27.907628][ C0] .str.24+0xc/0x20 [ 27.911419][ C0] [ 27.913721][ C0] Memory state around the buggy address: [ 27.919332][ C0] ffffffff857edb80: 00 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 00 00 00 00 [ 27.927371][ C0] ffffffff857edc00: 00 03 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 07 f9 f9 f9 [ 27.935412][ C0] >ffffffff857edc80: 00 05 f9 f9 04 f9 f9 f9 00 f9 f9 f9 07 f9 f9 f9 [ 27.943448][ C0] ^ [ 27.948794][ C0] ffffffff857edd00: 06 f9 f9 f9 07 f9 f9 f9 00 00 00 00 00 00 00 00 [ 27.956832][ C0] ffffffff857edd80: f9 f9 f9 f9 00 00 f9 f9 00 01 f9 f9 00 01 f9 f9 [ 27.964869][ C0] ================================================================== [ 27.972904][ C0] Disabling lock debugging due to kernel taint [ 27.979035][ C0] ================================================================================ [ 27.988299][ C0] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:763:30 [ 27.996869][ C0] index 260 is out of range for type 'const int[34]' [ 28.003517][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B syzkaller #0 [ 28.011912][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 28.021946][ C0] Call Trace: [ 28.025206][ C0] [ 28.028030][ C0] __dump_stack+0x21/0x30 [ 28.032355][ C0] dump_stack_lvl+0x110/0x170 [ 28.037017][ C0] ? show_regs_print_info+0x20/0x20 [ 28.042202][ C0] dump_stack+0x15/0x20 [ 28.046343][ C0] ubsan_epilogue+0xe/0x40 [ 28.050747][ C0] __ubsan_handle_out_of_bounds+0xdf/0xf0 [ 28.056456][ C0] aiptek_irq+0x1f14/0x29b0 [ 28.060950][ C0] ? kcov_remote_start+0x217/0x350 [ 28.066050][ C0] __usb_hcd_giveback_urb+0x32f/0x4f0 [ 28.071493][ C0] usb_hcd_giveback_urb+0x11d/0x3f0 [ 28.076674][ C0] ? _raw_spin_unlock+0x4d/0x70 [ 28.081510][ C0] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120 [ 28.087385][ C0] dummy_timer+0xa34/0x31d0 [ 28.091879][ C0] ? dummy_free_streams+0x5c0/0x5c0 [ 28.097068][ C0] ? __kasan_check_write+0x14/0x20 [ 28.102163][ C0] ? _raw_spin_lock_irqsave+0x130/0x130 [ 28.107694][ C0] ? dummy_free_streams+0x5c0/0x5c0 [ 28.112875][ C0] call_timer_fn+0x38/0x290 [ 28.117366][ C0] ? dummy_free_streams+0x5c0/0x5c0 [ 28.122546][ C0] __run_timers+0x637/0x9a0 [ 28.127036][ C0] ? calc_index+0x200/0x200 [ 28.131525][ C0] ? sched_clock_cpu+0x18/0x3d0 [ 28.136363][ C0] run_timer_softirq+0x6a/0xf0 [ 28.141113][ C0] handle_softirqs+0x250/0x560 [ 28.145867][ C0] ? irqtime_account_irq+0xbe/0x390 [ 28.151406][ C0] __irq_exit_rcu+0x52/0xf0 [ 28.155920][ C0] irq_exit_rcu+0x9/0x10 [ 28.160157][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 28.165781][ C0] [ 28.168704][ C0] [ 28.171637][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 28.177622][ C0] RIP: 0010:default_idle+0xf/0x20 [ 28.182645][ C0] Code: 8c 4b ff ff ff 4c 89 f7 e8 6e d1 f5 fc e9 3e ff ff ff 00 00 cc cc 00 00 cc cc 00 55 48 89 e5 66 90 0f 00 2d 43 22 52 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 [ 28.202258][ C0] RSP: 0018:ffffffff86607d78 EFLAGS: 00000242 [ 28.208310][ C0] RAX: 0000000000003e52 RBX: ffffffff8661c400 RCX: 0000000000003e52 [ 28.216264][ C0] RDX: 0000000000000001 RSI: ffffffff856380e0 RDI: ffffffff856380a0 [ 28.224220][ C0] RBP: ffffffff86607d78 R08: ffff8881f7038c73 R09: 1ffff1103ee0718e [ 28.232178][ C0] R10: dffffc0000000000 R11: ffffed103ee0718f R12: 0000000000000000 [ 28.240133][ C0] R13: 1ffffffff0cc3880 R14: dffffc0000000000 R15: dffffc0000000000 [ 28.248094][ C0] arch_cpu_idle+0xa/0x10 [ 28.252413][ C0] default_idle_call+0x71/0x1d0 [ 28.257249][ C0] do_idle+0x368/0x620 [ 28.261300][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 28.266482][ C0] ? do_idle+0x1/0x620 [ 28.270535][ C0] cpu_startup_entry+0x18/0x20 [ 28.275281][ C0] rest_init+0x10a/0x130 [ 28.279508][ C0] ? time_init+0x40/0x40 [ 28.283745][ C0] arch_call_rest_init+0xe/0x10 [ 28.288580][ C0] start_kernel+0x46d/0x4e0 [ 28.293067][ C0] x86_64_start_reservations+0x2a/0x30 [ 28.298521][ C0] x86_64_start_kernel+0x5b/0x60 [ 28.303449][ C0] secondary_startup_64_no_verify+0xb1/0xbb [ 28.309331][ C0] [ 28.312334][ C0] ================================================================================ [ 28.323818][ T60] usb 4-1: USB disconnect, device number 3 [ 28.329682][ C1] aiptek 4-1:0.0: aiptek_irq - usb_submit_urb failed with result -19 [ 28.347770][ T307] usb 3-1: USB disconnect, device number 3 [ 28.353669][ C0] aiptek 3-1:0.0: aiptek_irq - usb_submit_urb failed with result -19 [ 28.459164][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 28.468976][ T26] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 28.478744][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 28.488462][ T26] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 28.579125][ T20] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 28.649129][ T26] usb 5-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 28.658225][ T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 28.666224][ T26] usb 5-1: Product: syz [ 28.670759][ T26] usb 5-1: Manufacturer: syz [ 28.675353][ T26] usb 5-1: SerialNumber: syz [ 28.682395][ T26] usb 5-1: config 0 descriptor?? [ 28.719722][ T26] ums-isd200 5-1:0.0: USB Mass Storage device detected [ 28.839097][ T20] usb 2-1: Using ep0 maxpacket: 8 [ 28.959355][ T26] scsi host1: usb-storage 5-1:0.0 [ 28.966344][ T26] usb 5-1: USB disconnect, device number 3 [ 28.979165][ T20] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 28.989662][ T20] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 28.998686][ T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.007561][ T20] usb 2-1: config 0 descriptor?? [ 29.256085][ T26] usb 2-1: USB disconnect, device number 3