last executing test programs: 10.939059511s ago: executing program 3 (id=1227): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x8, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @main=@item_4={0x3, 0x0, 0x9, "5cd37607"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x6828, 0x0) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000000)={0x3, 0x20, 0xfffc, 0x8, "c400523a6f29155cce66e2e7aadce2988b5ec056b7007f87586a324b565ffcbb"}) 8.295000195s ago: executing program 3 (id=1238): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000700)={0x40, 0x0, 0xf, "012720dcfe14c639a500ba17162716"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b14, 0x0) 4.073323631s ago: executing program 4 (id=1263): userfaultfd(0x80801) prlimit64(0x0, 0xe, 0x0, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000c0000004208000040000000c0"], 0x50) r0 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) 3.962358047s ago: executing program 4 (id=1266): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000401e04012800000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000000)={0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="002324000000240c46a468c1"], 0x0}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') fstat(r1, &(0x7f0000002440)) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000080)) 3.914738226s ago: executing program 1 (id=1267): r0 = socket(0x10, 0x3, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, 0x0, 0x5) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x2, 0xb4, 0x8c, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) 3.857347056s ago: executing program 3 (id=1268): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) syz_usb_connect(0x3, 0x24, &(0x7f00000006c0)={{0x12, 0x1, 0x110, 0x5e, 0xfc, 0x3d, 0x10, 0x45e, 0x927, 0x4b68, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x9, 0x6, 0x90, 0xe9, [{{0x9, 0x4, 0x90, 0x4, 0x0, 0xff, 0x4, 0x15, 0xff}}]}}]}}, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='vegas', 0x5) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 3.839827973s ago: executing program 0 (id=1269): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x1e1802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000080)=0x4) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x2000004) pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000340)="00214717a7070000000003000000005c786d17fd8beb", 0x16}], 0x1, 0xee, 0x7) 3.756241214s ago: executing program 0 (id=1270): syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='syscall\x00') connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/fib_triestat\x00') read$FUSE(r1, &(0x7f0000000800)={0x2020}, 0x2020) creat(&(0x7f00000002c0)='./file0\x00', 0x109) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000300)=[0x6], 0x0, 0x0, 0x1}}, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) write$tcp_mem(0xffffffffffffffff, &(0x7f0000000480)={0x5, 0x20, 0x6, 0x20, 0x7}, 0x48) shmctl$SHM_LOCK(0x0, 0xb) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) ppoll(&(0x7f0000002280)=[{0xffffffffffffffff, 0x800}], 0x1, 0x0, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) futex(0x0, 0x3, 0x801, 0x0, 0x0, 0xfffffffc) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x100000000a, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) 3.317083616s ago: executing program 2 (id=1271): r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2) syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x99}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000) writev(r1, &(0x7f0000001500)=[{&(0x7f0000001540)="f9", 0x1}, {&(0x7f0000002040)="7232383ccbfe2498ec7376a723a491e2d46ba8ba0b6ad68ff8e3cdb5b461a0494c65266a6b9cc515ddf1820a5159531a86daea2cb2b54ba569a9cbf7d4584b8e8f836a4495c36782218858e22e58c76925b359adb5f778016b21cb224e9167f4ab9f70f1bc9a057879c875f68fc42096584828c822b5b79849bd7f16b5ff8b4185128c12138ef9e1f51c76ff2597b25ad430f34a1219db0a5e56baa9c4e82b2cd6a31c98eb34d3a7c364145fcfb3c81da3409cbd804655bfb781dce644f4128636", 0xc1}], 0x2) close_range(r0, 0xffffffffffffffff, 0x0) 2.854144581s ago: executing program 0 (id=1272): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) syz_open_dev$ttys(0xc, 0x2, 0x1) syz_open_dev$ttys(0xc, 0x2, 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xb49, 0x100000000, 0x8, 0x0, 0x3}, 0x0) shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') lseek(r5, 0x1000000, 0x0) bind$inet(r2, 0x0, 0x0) syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd60e400ff00403a00fe800000000000000000004000000027fe059078020000006f000000000000000000000000000001fe8000000000000000000000000000372900040001300200f1a96e3d0e3a60"], 0x0) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wg2\x00', 0x0}) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000200)=@broute={'broute\x00', 0x20, 0x3, 0x4ea, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000004c0], 0x0, &(0x7f0000000040), &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0100000011000000110000000017766574683000000000000000000000007767320000000000000000000000000064766d727030000000000000000000007866726d300000000000000000000000aaaaaaaaaaaaffffff000000aaaaaaaaaaaa0000000000ff1e0100001e0100004e010000636f6e6e62797465730000000000000000000000000000000000000000000000180000000000000003000000000000000400000000000000020200000000000070687973646576000000000000000000000000000000c3b7e2d460bc74ef000048000000000000007866726d300000000000000000000000000000000000000000000000000000007465616d3000000000000000000000000000000000000000000000000000000000100000000000004155444954000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000001000000010000000000000029000000000170696d7265673000000000000000000064766d727030000000000000000000006d6163766c616e30000000000000000070696d72656700000000000000000000000000000000000000ffffffaaaaaaaaaaaa00009887e1f1a7fc4e0000b700c60100003e0200006e0200006367726f7570000000000000000000000000000000000000000000000000000008000000000000008000000001000000636f6d6d656e7400000000000000000000000000000000000000000000000000000100000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000434c415353494659000000000000000000000000000000000000000000000000080000000000000081000000000000004552524f52000000000000000000000000000000000000000000000000000000200000000000000064fd0216455f55b4792b85ead600d58edee1b35fcb704a4aa813cac8f1da0000434c4153534946590000000000000000000000000000000000000000000000000800000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000feffffff01000000050000000000000000186261746164765f736c6176655f3000006970365f7674693000000000000000006e657464657673696d3000000000000076657468315f746f5f7465616d000000bbbbbbbbbbbb00ff0000ff00000000000000ffff00ff00ff6e0000006e0000009e0000004155444954000000000000000000000000000000000000000000000000000000080000000000000001"]}, 0x562) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000001100010125bd70000000000000000000", @ANYRES8=r6], 0x20}}, 0x8000) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000100)=0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() 2.404276028s ago: executing program 3 (id=1273): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x50) 2.160266107s ago: executing program 1 (id=1274): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40800}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) add_key$user(&(0x7f0000000040), 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffb) socket$nl_route(0x10, 0x3, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r2, 0x1, 0x0, 0x0, 0x2}) io_uring_enter(r2, 0x4c6e, 0xc67a, 0xc, 0x0, 0x0) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1) r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/devices.allow\x00', 0x0, 0x10) read$FUSE(r7, &(0x7f0000003180)={0x2020}, 0x2020) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x5, 0x5, 0x17, 0x0, 0x4000003, 0xfc, 0x2, 0x81, 0xfd, 0x8, 0x6, 0xff, 0x0, 0x7, 0x5, 0xfc, 0x3, 0x7, 0xfa, '\x00', 0x0, 0x9}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_GSI_ROUTING(r6, 0x4020ae46, &(0x7f00000003c0)=ANY=[]) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x4) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8004) io_setup(0x4, &(0x7f00000000c0)=0x0) io_destroy(r8) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 2.04938996s ago: executing program 4 (id=1275): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_SCHED_SCAN(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x48080) 2.017057924s ago: executing program 2 (id=1276): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000380)=@NCI_OP_CORE_CONN_CREDITS_NTF={0x0, 0x1, 0x3, 0x6, 0x5, {0x2, [{0x9, 0x3}, {0x1, 0x1e}]}}, 0x8) 1.572813469s ago: executing program 2 (id=1277): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) personality(0xfe47fef9f5ff7379) ppoll(0x0, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0, 0x0) 1.52597629s ago: executing program 4 (id=1278): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x10, 0x2, [@TCA_BASIC_EMATCHES={0xc, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}]}]}}]}, 0x40}}, 0x0) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="800000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a310000000054000380500000803e0001"], 0x80}}, 0x8000) 1.481494019s ago: executing program 0 (id=1279): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r1, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1, 0x0, 0x1c0d}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_REMOTE={0x14, 0x7, @mcast2}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x82) 1.386812012s ago: executing program 2 (id=1280): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) add_key$user(&(0x7f0000000040), 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffb) socket$nl_route(0x10, 0x3, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r2, 0x1, 0x0, 0x0, 0x2}) io_uring_enter(r2, 0x4c6e, 0xc67a, 0xc, 0x0, 0x0) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1) read$FUSE(0xffffffffffffffff, &(0x7f0000003180)={0x2020}, 0x2020) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x5, 0x5, 0x17, 0x0, 0x4000003, 0xfc, 0x2, 0x81, 0xfd, 0x8, 0x6, 0xff, 0x0, 0x7, 0x5, 0xfc, 0x3, 0x7, 0xfa, '\x00', 0x0, 0x9}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_GSI_ROUTING(r6, 0x4020ae46, &(0x7f00000003c0)=ANY=[]) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x4) io_setup(0x4, &(0x7f00000000c0)=0x0) io_destroy(r7) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 1.386040469s ago: executing program 3 (id=1281): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}}, 0x0) 1.357375958s ago: executing program 4 (id=1282): syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='syscall\x00') connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/fib_triestat\x00') read$FUSE(r1, &(0x7f0000000800)={0x2020}, 0x2020) creat(&(0x7f00000002c0)='./file0\x00', 0x109) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000300)=[0x6], 0x0, 0x0, 0x1}}, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) write$tcp_mem(0xffffffffffffffff, &(0x7f0000000480)={0x5, 0x20, 0x6, 0x20, 0x7}, 0x48) shmctl$SHM_LOCK(0x0, 0xb) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) ppoll(&(0x7f0000002280)=[{0xffffffffffffffff, 0x800}], 0x1, 0x0, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) futex(0x0, 0x3, 0x801, 0x0, 0x0, 0xfffffffc) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x100000000a, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) 960.564501ms ago: executing program 0 (id=1283): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, 0x0, 0x2, 0x0) write$cgroup_devices(r1, &(0x7f00000003c0)={'b', ' *:* ', 'r\x00'}, 0x8) r2 = openat$cgroup_devices(r0, &(0x7f0000000240)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r2, &(0x7f0000000280)={'b', ' *:* ', 'rm\x00'}, 0x9) 890.119842ms ago: executing program 3 (id=1284): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) syz_open_dev$ttys(0xc, 0x2, 0x1) syz_open_dev$ttys(0xc, 0x2, 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xb49, 0x100000000, 0x8, 0x0, 0x3}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') lseek(r5, 0x1000000, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd60e400ff00403a00fe800000000000000000004000000027fe059078020000006f000000000000000000000000000001fe80000000000000"], 0x0) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wg2\x00', 0x0}) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000200)=@broute={'broute\x00', 0x20, 0x3, 0x4ea, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000004c0], 0x0, &(0x7f0000000040), &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0100000011000000110000000017766574683000000000000000000000007767320000000000000000000000000064766d727030000000000000000000007866726d300000000000000000000000aaaaaaaaaaaaffffff000000aaaaaaaaaaaa0000000000ff1e0100001e0100004e010000636f6e6e62797465730000000000000000000000000000000000000000000000180000000000000003000000000000000400000000000000020200000000000070687973646576000000000000000000000000000000c3b7e2d460bc74ef000048000000000000007866726d300000000000000000000000000000000000000000000000000000007465616d3000000000000000000000000000000000000000000000000000000000100000000000004155444954000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000001000000010000000000000029000000000170696d7265673000000000000000000064766d727030000000000000000000006d6163766c616e30000000000000000070696d72656700000000000000000000000000000000000000ffffffaaaaaaaaaaaa00009887e1f1a7fc4e0000b700c60100003e0200006e0200006367726f7570000000000000000000000000000000000000000000000000000008000000000000008000000001000000636f6d6d656e7400000000000000000000000000000000000000000000000000000100000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000434c415353494659000000000000000000000000000000000000000000000000080000000000000081000000000000004552524f52000000000000000000000000000000000000000000000000000000200000000000000064fd0216455f55b4792b85ead600d58edee1b35fcb704a4aa813cac8f1da0000434c4153534946590000000000000000000000000000000000000000000000000800000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000feffffff01000000050000000000000000186261746164765f736c6176655f3000006970365f7674693000000000000000006e657464657673696d3000000000000076657468315f746f5f7465616d000000bbbbbbbbbbbb00ff0000ff00000000000000ffff00ff00ff6e0000006e0000009e0000004155444954000000000000000000000000000000000000000000000000000000080000000000000001"]}, 0x562) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000001100010125bd70000000000000000000", @ANYRES8=r6], 0x20}}, 0x8000) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000100)=0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() 888.700649ms ago: executing program 1 (id=1285): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) r2 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 818.951196ms ago: executing program 0 (id=1286): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0105b08, &(0x7f0000000040)) 724.674618ms ago: executing program 1 (id=1287): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430c1", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000009c0)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="3f5e978e345482", 0x7}, {&(0x7f0000000000)="ece600", 0x3}], 0x2, 0x0, 0x0, 0x20000000}], 0x1, 0x24000040) recvmmsg(r1, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001480)=""/194, 0x34000}], 0x1}, 0x4}], 0x1, 0x2120, 0x0) 546.773113ms ago: executing program 1 (id=1288): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0xda18, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x4, 0x0, 0x0, 0x1000}}}}}}, 0x0) 466.777075ms ago: executing program 1 (id=1289): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r0 = socket(0x2a, 0x2, 0x0) ioctl$SIOCSIFMTU(r0, 0x541b, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, 0x0, 0xff9e, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffedb, 0x0, 0x0, 0x10, 0x4}, 0x94) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x5, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}, 0x1, 0x0, 0x0, 0x48050}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES16=r7], 0x20}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800090400000000000000000a000000000000030000000008001e0001"], 0x24}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000012c0)=ANY=[@ANYBLOB="640000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="003170b70ecf3e52a900000000000000440012800e00010069703601fc7370616e00000030000280140006002001000000000000000000000000000214000700fc02000000d09a40d10d624ca80000009f461200"], 0x64}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000100001000100"/20, @ANYRES32=0x0, @ANYBLOB="2004000000000000ff7f1b0000000000f30d"], 0x28}}, 0x0) recvmmsg$unix(r4, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1}}], 0x4000000000003b9, 0x26022, 0x0) 424.479755ms ago: executing program 2 (id=1290): r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000900)={0x0, 0x0, 0x2, 0x7, 0x1ffd, 0x2}, 0x14) listen(r0, 0x1ff) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r1, &(0x7f00000002c0)="4bf3f1", 0x3, 0x200000c1, &(0x7f0000000280)={0x2, 0x4e22, @loopback}, 0x10) 288.082626ms ago: executing program 4 (id=1291): syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc51b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'team_slave_0\x00', 0x4000}) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f000000c000/0x3000)=nil, &(0x7f000000d000/0x1000)=nil, 0x3000, 0x3}) 0s ago: executing program 2 (id=1292): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil) r1 = syz_open_procfs$pagemap(0x0, &(0x7f00000000c0)) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00000f0000/0x4000)=nil, &(0x7f000051c000/0x3000)=nil, 0x1ea, 0x0, 0x0, 0x2, 0x0, 0x4c, 0x0, 0x2}) kernel console output (not intermixed with test programs): scriptor's value: 2 [ 430.611805][ T5897] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 430.681916][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.744855][ T5897] usb 2-1: config 0 descriptor?? [ 430.832554][ T5897] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 430.840139][ T5897] dvb-usb: bulk message failed: -22 (3/0) [ 430.850954][ T5897] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 430.865179][ T5897] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 430.873524][ T5897] usb 2-1: media controller created [ 430.881509][ T5897] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 430.892196][ T5876] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 430.923012][ T5897] dvb-usb: bulk message failed: -22 (6/0) [ 430.999303][ T5897] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 431.047374][ T5876] usb 3-1: Using ep0 maxpacket: 16 [ 431.052800][ T5897] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input9 [ 431.071495][ T5876] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 431.084215][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.103871][ T5897] dvb-usb: schedule remote query interval to 150 msecs. [ 431.112684][ T5876] usb 3-1: Product: syz [ 431.116860][ T5876] usb 3-1: Manufacturer: syz [ 431.126179][ T5897] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 431.138266][T11686] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1071'. [ 431.148499][ T5876] usb 3-1: SerialNumber: syz [ 431.158495][ T5897] usb 2-1: USB disconnect, device number 27 [ 431.190558][ T5876] usb 3-1: config 0 descriptor?? [ 431.211361][ T5876] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 431.233471][ T5876] usb 3-1: Detected FT-X [ 431.300368][ T5897] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 431.415367][ T5876] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 431.435506][ T5876] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 431.447005][ T5876] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 431.473743][ T5876] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 431.495741][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 431.495756][ T30] audit: type=1326 audit(1759626912.353:2317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11711 comm="syz.4.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 431.496494][ T5876] usb 3-1: USB disconnect, device number 21 [ 431.543743][ T30] audit: type=1326 audit(1759626912.353:2318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11711 comm="syz.4.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 431.587378][T11728] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 431.595777][T11728] CPU: 0 UID: 0 PID: 11728 Comm: syz.4.1074 Not tainted syzkaller #0 PREEMPT(full) [ 431.595804][T11728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 431.595813][T11728] Call Trace: [ 431.595818][T11728] [ 431.595825][T11728] dump_stack_lvl+0x16c/0x1f0 [ 431.595863][T11728] sysfs_warn_dup+0x7f/0xa0 [ 431.595890][T11728] sysfs_do_create_link_sd+0x124/0x140 [ 431.595918][T11728] sysfs_create_link+0x61/0xc0 [ 431.595945][T11728] device_add+0x62c/0x1aa0 [ 431.595967][T11728] ? __pfx_device_add+0x10/0x10 [ 431.595983][T11728] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 431.596013][T11728] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 431.596044][T11728] wiphy_register+0x1eb0/0x2b20 [ 431.596070][T11728] ? netdev_run_todo+0x864/0x1320 [ 431.596095][T11728] ? __dev_printk+0x1c0/0x270 [ 431.596124][T11728] ? __pfx_wiphy_register+0x10/0x10 [ 431.596160][T11728] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 431.596192][T11728] ieee80211_register_hw+0x253d/0x4120 [ 431.596230][T11728] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 431.596257][T11728] ? __pfx___debug_object_init+0x10/0x10 [ 431.596293][T11728] ? find_held_lock+0x2b/0x80 [ 431.596321][T11728] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 431.596348][T11728] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 431.596375][T11728] ? __hrtimer_setup+0x176/0x280 [ 431.596402][T11728] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 431.596440][T11728] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 431.596465][T11728] ? __asan_memcpy+0x3c/0x60 [ 431.596488][T11728] hwsim_new_radio_nl+0xba2/0x1330 [ 431.596512][T11728] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 431.596543][T11728] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 431.596573][T11728] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 431.596609][T11728] genl_family_rcv_msg_doit+0x206/0x2f0 [ 431.596641][T11728] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 431.596679][T11728] ? bpf_lsm_capable+0x9/0x10 [ 431.596703][T11728] ? security_capable+0x7e/0x260 [ 431.596732][T11728] ? ns_capable+0xd7/0x110 [ 431.596755][T11728] genl_rcv_msg+0x55c/0x800 [ 431.596785][T11728] ? __pfx_genl_rcv_msg+0x10/0x10 [ 431.596812][T11728] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 431.596835][T11728] ? __lock_acquire+0x62e/0x1ce0 [ 431.596862][T11728] netlink_rcv_skb+0x155/0x420 [ 431.596885][T11728] ? __pfx_genl_rcv_msg+0x10/0x10 [ 431.596913][T11728] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 431.596947][T11728] ? netlink_deliver_tap+0x1ae/0xd30 [ 431.596969][T11728] ? selinux_netlink_send+0x578/0x830 [ 431.596985][T11728] ? is_vmalloc_addr+0x86/0xa0 [ 431.597015][T11728] genl_rcv+0x28/0x40 [ 431.597039][T11728] netlink_unicast+0x5aa/0x870 [ 431.597066][T11728] ? __pfx_netlink_unicast+0x10/0x10 [ 431.597091][T11728] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 431.597123][T11728] netlink_sendmsg+0x8c8/0xdd0 [ 431.597151][T11728] ? __pfx_netlink_sendmsg+0x10/0x10 [ 431.597185][T11728] ____sys_sendmsg+0xa95/0xc70 [ 431.597213][T11728] ? copy_msghdr_from_user+0x10a/0x160 [ 431.597236][T11728] ? __pfx_____sys_sendmsg+0x10/0x10 [ 431.597277][T11728] ___sys_sendmsg+0x134/0x1d0 [ 431.597301][T11728] ? __pfx____sys_sendmsg+0x10/0x10 [ 431.597358][T11728] __sys_sendmsg+0x16d/0x220 [ 431.597382][T11728] ? __pfx___sys_sendmsg+0x10/0x10 [ 431.597416][T11728] ? __secure_computing+0x28e/0x3b0 [ 431.597440][T11728] do_syscall_64+0xcd/0x4e0 [ 431.597466][T11728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.597485][T11728] RIP: 0033:0x7fb99cd8eec9 [ 431.597501][T11728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.597519][T11728] RSP: 002b:00007fb99db41038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 431.597537][T11728] RAX: ffffffffffffffda RBX: 00007fb99cfe6090 RCX: 00007fb99cd8eec9 [ 431.597548][T11728] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 431.597559][T11728] RBP: 00007fb99ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 431.597569][T11728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.597580][T11728] R13: 00007fb99cfe6128 R14: 00007fb99cfe6090 R15: 00007ffe2611d468 [ 431.597606][T11728] [ 431.615713][ T5876] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 431.642218][ T30] audit: type=1326 audit(1759626912.353:2319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11711 comm="syz.4.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 431.702205][ T1204] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 431.727864][ T30] audit: type=1326 audit(1759626912.353:2320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11711 comm="syz.4.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 431.773833][ T5876] ftdi_sio 3-1:0.0: device disconnected [ 432.316969][ T30] audit: type=1326 audit(1759626912.353:2321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11711 comm="syz.4.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 432.344062][ T5944] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 432.426691][ T1204] usb 4-1: Using ep0 maxpacket: 32 [ 432.435098][ T1204] usb 4-1: config 0 has an invalid interface number: 126 but max is 0 [ 432.446080][ T1204] usb 4-1: config 0 has no interface number 0 [ 432.452533][ T1204] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 432.468952][ T1204] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8 [ 432.516323][ T1204] usb 4-1: config 0 interface 126 has no altsetting 0 [ 432.518288][ T30] audit: type=1326 audit(1759626912.353:2322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11711 comm="syz.4.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 432.525300][ T1204] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 432.638782][T11768] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1081'. [ 432.648727][T11768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1081'. [ 432.741239][ T5944] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 432.754434][ T5944] usb 2-1: config 0 has no interface number 0 [ 432.760769][ T30] audit: type=1326 audit(1759626912.353:2323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11711 comm="syz.4.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 432.806483][ T5944] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 432.832164][ T5944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.841150][ T5944] usb 2-1: Product: syz [ 432.848230][ T5944] usb 2-1: Manufacturer: syz [ 432.853475][ T30] audit: type=1326 audit(1759626912.353:2324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11711 comm="syz.4.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 432.877209][ T5944] usb 2-1: SerialNumber: syz [ 432.884230][ T30] audit: type=1400 audit(1759626912.463:2325): avc: denied { bind } for pid=11732 comm="syz.0.1077" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 432.905183][ T1204] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.905235][ T5944] usb 2-1: config 0 descriptor?? [ 432.922703][ T30] audit: type=1400 audit(1759626912.463:2326): avc: denied { name_bind } for pid=11732 comm="syz.0.1077" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 432.957413][ T1204] usb 4-1: Product: syz [ 433.054186][ T1204] usb 4-1: Manufacturer: syz [ 433.080015][ T1204] usb 4-1: SerialNumber: syz [ 433.101931][ T1204] usb 4-1: config 0 descriptor?? [ 433.118345][T11719] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 433.126749][T11719] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 433.216951][T11781] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1083'. [ 433.228350][T11781] netlink: 'syz.0.1083': attribute type 16 has an invalid length. [ 433.236333][T11781] netlink: 'syz.0.1083': attribute type 17 has an invalid length. [ 433.244376][T11781] netlink: 'syz.0.1083': attribute type 27 has an invalid length. [ 433.277421][ T5944] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 433.456502][ T5944] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 433.540904][ T1204] ir_usb 4-1:0.126: IR Dongle converter detected [ 433.558710][ T1204] usb 4-1: IRDA class descriptor not found, device not bound [ 433.592163][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 433.600211][ C1] lec:lec_tx_timeout: lec0 [ 433.604850][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 433.617896][ T1204] usb 4-1: USB disconnect, device number 13 [ 433.631182][ T5944] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 433.734390][ T5944] usb 2-1: media controller created [ 433.876200][ T5944] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 433.915655][ T5944] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 433.943788][T11806] debugfs: 'ttyS3' already exists in 'caif_serial' [ 434.081316][ T5944] usb 2-1: USB disconnect, device number 28 [ 434.167591][T11828] lo speed is unknown, defaulting to 1000 [ 434.182497][ T1204] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 434.342188][ T1204] usb 3-1: Using ep0 maxpacket: 8 [ 434.373433][ T1204] usb 3-1: config 0 interface 0 has no altsetting 0 [ 434.400936][T11861] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 434.437934][T11865] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1093'. [ 434.455877][ T1204] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 434.466011][ T1204] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.477571][ T1204] usb 3-1: Product: syz [ 434.487117][T11861] CPU: 0 UID: 0 PID: 11861 Comm: syz.4.1089 Not tainted syzkaller #0 PREEMPT(full) [ 434.487142][T11861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 434.487153][T11861] Call Trace: [ 434.487160][T11861] [ 434.487167][T11861] dump_stack_lvl+0x16c/0x1f0 [ 434.487194][T11861] sysfs_warn_dup+0x7f/0xa0 [ 434.487219][T11861] sysfs_do_create_link_sd+0x124/0x140 [ 434.487246][T11861] sysfs_create_link+0x61/0xc0 [ 434.487272][T11861] device_add+0x62c/0x1aa0 [ 434.487294][T11861] ? __pfx_device_add+0x10/0x10 [ 434.487309][T11861] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 434.487335][T11861] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 434.487366][T11861] wiphy_register+0x1eb0/0x2b20 [ 434.487391][T11861] ? netdev_run_todo+0x864/0x1320 [ 434.487414][T11861] ? __dev_printk+0x1c0/0x270 [ 434.487442][T11861] ? __pfx_wiphy_register+0x10/0x10 [ 434.487483][T11861] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 434.487513][T11861] ieee80211_register_hw+0x253d/0x4120 [ 434.487550][T11861] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 434.487576][T11861] ? __pfx___debug_object_init+0x10/0x10 [ 434.487610][T11861] ? find_held_lock+0x2b/0x80 [ 434.487637][T11861] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 434.487662][T11861] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 434.487687][T11861] ? __hrtimer_setup+0x176/0x280 [ 434.487712][T11861] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 434.487749][T11861] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 434.487771][T11861] ? __asan_memcpy+0x3c/0x60 [ 434.487792][T11861] hwsim_new_radio_nl+0xba2/0x1330 [ 434.487815][T11861] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 434.487844][T11861] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 434.487873][T11861] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 434.487907][T11861] genl_family_rcv_msg_doit+0x206/0x2f0 [ 434.487936][T11861] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 434.487973][T11861] ? bpf_lsm_capable+0x9/0x10 [ 434.487994][T11861] ? security_capable+0x7e/0x260 [ 434.488032][T11861] ? ns_capable+0xd7/0x110 [ 434.488060][T11861] genl_rcv_msg+0x55c/0x800 [ 434.488092][T11861] ? __pfx_genl_rcv_msg+0x10/0x10 [ 434.488119][T11861] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 434.488141][T11861] ? __lock_acquire+0x62e/0x1ce0 [ 434.488165][T11861] netlink_rcv_skb+0x155/0x420 [ 434.488188][T11861] ? __pfx_genl_rcv_msg+0x10/0x10 [ 434.488216][T11861] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 434.488251][T11861] ? netlink_deliver_tap+0x1ae/0xd30 [ 434.488272][T11861] ? selinux_netlink_send+0x578/0x830 [ 434.488288][T11861] ? is_vmalloc_addr+0x86/0xa0 [ 434.488318][T11861] genl_rcv+0x28/0x40 [ 434.488341][T11861] netlink_unicast+0x5aa/0x870 [ 434.488369][T11861] ? __pfx_netlink_unicast+0x10/0x10 [ 434.488392][T11861] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 434.488424][T11861] netlink_sendmsg+0x8c8/0xdd0 [ 434.488452][T11861] ? __pfx_netlink_sendmsg+0x10/0x10 [ 434.488486][T11861] ____sys_sendmsg+0xa95/0xc70 [ 434.488513][T11861] ? copy_msghdr_from_user+0x10a/0x160 [ 434.488534][T11861] ? __pfx_____sys_sendmsg+0x10/0x10 [ 434.488574][T11861] ___sys_sendmsg+0x134/0x1d0 [ 434.488596][T11861] ? __pfx____sys_sendmsg+0x10/0x10 [ 434.488651][T11861] __sys_sendmsg+0x16d/0x220 [ 434.488672][T11861] ? __pfx___sys_sendmsg+0x10/0x10 [ 434.488705][T11861] ? __secure_computing+0x28e/0x3b0 [ 434.488727][T11861] do_syscall_64+0xcd/0x4e0 [ 434.488751][T11861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.488778][T11861] RIP: 0033:0x7fb99cd8eec9 [ 434.488793][T11861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.488810][T11861] RSP: 002b:00007fb99aff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 434.488827][T11861] RAX: ffffffffffffffda RBX: 00007fb99cfe6180 RCX: 00007fb99cd8eec9 [ 434.488839][T11861] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 434.488849][T11861] RBP: 00007fb99ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 434.488859][T11861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 434.488868][T11861] R13: 00007fb99cfe6218 R14: 00007fb99cfe6180 R15: 00007ffe2611d468 [ 434.488893][T11861] [ 434.492940][ T1204] usb 3-1: Manufacturer: syz [ 434.831660][T11824] lec:lec_atm_close: lec0: Shut down! [ 434.876570][ T1204] usb 3-1: SerialNumber: syz [ 435.001443][ T1204] usb 3-1: config 0 descriptor?? [ 435.018496][ T1204] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found [ 435.239640][ T1204] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected [ 435.263305][ T1204] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 435.532776][ T1204] usb 3-1: USB disconnect, device number 22 [ 435.572614][ T5944] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 435.669784][T11955] netdevsim netdevsim4: Direct firmware load for  failed with error -2 [ 435.678335][T11955] netdevsim netdevsim4: Falling back to sysfs fallback for:  [ 435.733824][ T5944] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 435.754976][ T5944] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 435.766561][ T5944] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 435.792539][ T5944] usb 1-1: config 0 interface 0 has no altsetting 0 [ 435.829127][ T5944] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 435.844845][ T5944] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 435.880711][ T5944] usb 1-1: config 0 interface 0 has no altsetting 0 [ 435.909659][ T5944] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 435.951338][ T5944] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 435.985307][ T5944] usb 1-1: config 0 interface 0 has no altsetting 0 [ 435.999924][ T5944] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.015201][ T5944] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.038563][ T5944] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.050635][ T5944] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.060856][ T5944] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.072029][ T5944] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.080894][ T5944] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.090208][ T5944] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.105526][ T5944] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.114661][ T5944] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.124574][ T5944] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.137825][ T5944] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.146134][ T5944] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.155338][ T5944] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.166589][ T5944] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.174950][ T5944] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 436.184045][ T5944] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 436.192513][ T5944] usb 1-1: Product: syz [ 436.196684][ T5944] usb 1-1: Manufacturer: syz [ 436.201352][ T5944] usb 1-1: SerialNumber: syz [ 436.208377][ T5944] usb 1-1: config 0 descriptor?? [ 436.217853][ T5944] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 436.222378][ T1204] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 436.283345][ T5840] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 436.362629][ T5911] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 436.391979][ T1204] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid maxpacket 256, setting to 64 [ 436.413258][ T1204] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 436.434618][ T1204] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.443366][ T5840] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 436.452757][ T1204] usb 2-1: Product: syz [ 436.452777][ T1204] usb 2-1: Manufacturer: syz [ 436.452792][ T1204] usb 2-1: SerialNumber: syz [ 436.454705][ T1204] usb 2-1: config 0 descriptor?? [ 436.466786][ T5840] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.502569][ T5840] usb 3-1: config 0 descriptor?? [ 436.512188][ T5876] usb 1-1: USB disconnect, device number 15 [ 436.521349][ T5876] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 436.532230][ T5911] usb 4-1: Using ep0 maxpacket: 8 [ 436.539139][ T5911] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 436.555089][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 436.573760][ T5911] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 436.583515][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.591525][ T5911] usb 4-1: Product: syz [ 436.602899][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 436.602915][ T30] audit: type=1326 audit(1759626917.463:2366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11996 comm="syz.4.1108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 436.633030][ T30] audit: type=1326 audit(1759626917.483:2367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11996 comm="syz.4.1108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 436.657196][ T30] audit: type=1326 audit(1759626917.483:2368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11996 comm="syz.4.1108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 436.681367][ T30] audit: type=1326 audit(1759626917.483:2369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11996 comm="syz.4.1108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 436.713491][ T30] audit: type=1326 audit(1759626917.483:2370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11996 comm="syz.4.1108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 436.737546][ T30] audit: type=1326 audit(1759626917.483:2371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11996 comm="syz.4.1108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 436.747925][ T5911] usb 4-1: Manufacturer: syz [ 436.761990][ T30] audit: type=1326 audit(1759626917.483:2372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11996 comm="syz.4.1108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 436.792707][ T30] audit: type=1326 audit(1759626917.483:2373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11996 comm="syz.4.1108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 436.793827][T12012] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 436.817306][ T30] audit: type=1326 audit(1759626917.483:2374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11996 comm="syz.4.1108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 436.826144][ T5911] usb 4-1: SerialNumber: syz [ 436.852872][T12012] CPU: 0 UID: 0 PID: 12012 Comm: syz.4.1108 Not tainted syzkaller #0 PREEMPT(full) [ 436.852893][T12012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 436.852903][T12012] Call Trace: [ 436.852908][T12012] [ 436.852915][T12012] dump_stack_lvl+0x16c/0x1f0 [ 436.852944][T12012] sysfs_warn_dup+0x7f/0xa0 [ 436.852968][T12012] sysfs_do_create_link_sd+0x124/0x140 [ 436.852993][T12012] sysfs_create_link+0x61/0xc0 [ 436.853015][T12012] device_add+0x62c/0x1aa0 [ 436.853034][T12012] ? __pfx_device_add+0x10/0x10 [ 436.853047][T12012] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 436.853071][T12012] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 436.853097][T12012] wiphy_register+0x1eb0/0x2b20 [ 436.853119][T12012] ? netdev_run_todo+0x864/0x1320 [ 436.853141][T12012] ? __dev_printk+0x1c0/0x270 [ 436.853167][T12012] ? __pfx_wiphy_register+0x10/0x10 [ 436.853197][T12012] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 436.853224][T12012] ieee80211_register_hw+0x253d/0x4120 [ 436.853258][T12012] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 436.853282][T12012] ? __pfx___debug_object_init+0x10/0x10 [ 436.853312][T12012] ? find_held_lock+0x2b/0x80 [ 436.853337][T12012] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 436.853363][T12012] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 436.853388][T12012] ? __hrtimer_setup+0x176/0x280 [ 436.853412][T12012] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 436.853445][T12012] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 436.853467][T12012] ? __asan_memcpy+0x3c/0x60 [ 436.853486][T12012] hwsim_new_radio_nl+0xba2/0x1330 [ 436.853506][T12012] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 436.853532][T12012] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 436.853563][T12012] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 436.853598][T12012] genl_family_rcv_msg_doit+0x206/0x2f0 [ 436.853627][T12012] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 436.853662][T12012] ? bpf_lsm_capable+0x9/0x10 [ 436.853682][T12012] ? security_capable+0x7e/0x260 [ 436.853709][T12012] ? ns_capable+0xd7/0x110 [ 436.853735][T12012] genl_rcv_msg+0x55c/0x800 [ 436.853764][T12012] ? __pfx_genl_rcv_msg+0x10/0x10 [ 436.853796][T12012] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 436.853818][T12012] ? __lock_acquire+0x62e/0x1ce0 [ 436.853843][T12012] netlink_rcv_skb+0x155/0x420 [ 436.853867][T12012] ? __pfx_genl_rcv_msg+0x10/0x10 [ 436.853893][T12012] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 436.853929][T12012] ? netlink_deliver_tap+0x1ae/0xd30 [ 436.853950][T12012] ? selinux_netlink_send+0x578/0x830 [ 436.853967][T12012] ? is_vmalloc_addr+0x86/0xa0 [ 436.853998][T12012] genl_rcv+0x28/0x40 [ 436.854021][T12012] netlink_unicast+0x5aa/0x870 [ 436.854048][T12012] ? __pfx_netlink_unicast+0x10/0x10 [ 436.854070][T12012] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 436.854097][T12012] netlink_sendmsg+0x8c8/0xdd0 [ 436.854123][T12012] ? __pfx_netlink_sendmsg+0x10/0x10 [ 436.854153][T12012] ____sys_sendmsg+0xa95/0xc70 [ 436.854178][T12012] ? copy_msghdr_from_user+0x10a/0x160 [ 436.854198][T12012] ? __pfx_____sys_sendmsg+0x10/0x10 [ 436.854234][T12012] ___sys_sendmsg+0x134/0x1d0 [ 436.854254][T12012] ? __pfx____sys_sendmsg+0x10/0x10 [ 436.854304][T12012] __sys_sendmsg+0x16d/0x220 [ 436.854325][T12012] ? __pfx___sys_sendmsg+0x10/0x10 [ 436.854354][T12012] ? __secure_computing+0x28e/0x3b0 [ 436.854375][T12012] do_syscall_64+0xcd/0x4e0 [ 436.854398][T12012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.854414][T12012] RIP: 0033:0x7fb99cd8eec9 [ 436.854428][T12012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 436.854444][T12012] RSP: 002b:00007fb99aff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 436.854459][T12012] RAX: ffffffffffffffda RBX: 00007fb99cfe6180 RCX: 00007fb99cd8eec9 [ 436.854469][T12012] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 436.854478][T12012] RBP: 00007fb99ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 436.854487][T12012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 436.854496][T12012] R13: 00007fb99cfe6218 R14: 00007fb99cfe6180 R15: 00007ffe2611d468 [ 436.854517][T12012] [ 436.871365][ T5911] usb 4-1: config 0 descriptor?? [ 436.885543][ T30] audit: type=1326 audit(1759626917.733:2375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11996 comm="syz.4.1108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 436.962269][ T5911] rc_core: IR keymap rc-streamzap not found [ 437.057190][ T5944] usb 2-1: USB disconnect, device number 29 [ 437.061321][ T5911] Registered IR keymap rc-empty [ 437.272859][ T5840] ath6kl: mismatched byte count 0 vs. expected 12 [ 437.278225][ T5911] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 437.281296][ T5840] ath6kl: Failed to init ath6kl core: -22 [ 437.348305][ T5911] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input10 [ 437.406825][T12051] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 437.429407][T12051] CPU: 0 UID: 0 PID: 12051 Comm: syz.0.1109 Not tainted syzkaller #0 PREEMPT(full) [ 437.429435][T12051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 437.429445][T12051] Call Trace: [ 437.429451][T12051] [ 437.429459][T12051] dump_stack_lvl+0x16c/0x1f0 [ 437.429490][T12051] sysfs_warn_dup+0x7f/0xa0 [ 437.429517][T12051] sysfs_do_create_link_sd+0x124/0x140 [ 437.429546][T12051] sysfs_create_link+0x61/0xc0 [ 437.429571][T12051] device_add+0x62c/0x1aa0 [ 437.429593][T12051] ? __pfx_device_add+0x10/0x10 [ 437.429609][T12051] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 437.429636][T12051] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 437.429666][T12051] wiphy_register+0x1eb0/0x2b20 [ 437.429692][T12051] ? netdev_run_todo+0x864/0x1320 [ 437.429717][T12051] ? __dev_printk+0x1c0/0x270 [ 437.429745][T12051] ? __pfx_wiphy_register+0x10/0x10 [ 437.429778][T12051] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 437.429807][T12051] ieee80211_register_hw+0x253d/0x4120 [ 437.429843][T12051] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 437.429867][T12051] ? __pfx___debug_object_init+0x10/0x10 [ 437.429901][T12051] ? find_held_lock+0x2b/0x80 [ 437.429928][T12051] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 437.429950][T12051] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 437.429985][T12051] ? __hrtimer_setup+0x176/0x280 [ 437.430009][T12051] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 437.430042][T12051] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 437.430065][T12051] ? __asan_memcpy+0x3c/0x60 [ 437.430087][T12051] hwsim_new_radio_nl+0xba2/0x1330 [ 437.430109][T12051] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 437.430138][T12051] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 437.430167][T12051] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 437.430198][T12051] genl_family_rcv_msg_doit+0x206/0x2f0 [ 437.430228][T12051] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 437.430264][T12051] ? bpf_lsm_capable+0x9/0x10 [ 437.430285][T12051] ? security_capable+0x7e/0x260 [ 437.430316][T12051] ? ns_capable+0xd7/0x110 [ 437.430342][T12051] genl_rcv_msg+0x55c/0x800 [ 437.430372][T12051] ? __pfx_genl_rcv_msg+0x10/0x10 [ 437.430398][T12051] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 437.430427][T12051] netlink_rcv_skb+0x155/0x420 [ 437.430452][T12051] ? __pfx_genl_rcv_msg+0x10/0x10 [ 437.430481][T12051] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 437.430517][T12051] ? netlink_deliver_tap+0x1ae/0xd30 [ 437.430544][T12051] genl_rcv+0x28/0x40 [ 437.430568][T12051] netlink_unicast+0x5aa/0x870 [ 437.430596][T12051] ? __pfx_netlink_unicast+0x10/0x10 [ 437.430621][T12051] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 437.430653][T12051] netlink_sendmsg+0x8c8/0xdd0 [ 437.430683][T12051] ? __pfx_netlink_sendmsg+0x10/0x10 [ 437.430717][T12051] ____sys_sendmsg+0xa95/0xc70 [ 437.430744][T12051] ? copy_msghdr_from_user+0x10a/0x160 [ 437.430766][T12051] ? __pfx_____sys_sendmsg+0x10/0x10 [ 437.430806][T12051] ___sys_sendmsg+0x134/0x1d0 [ 437.430830][T12051] ? __pfx____sys_sendmsg+0x10/0x10 [ 437.430885][T12051] __sys_sendmsg+0x16d/0x220 [ 437.430908][T12051] ? __pfx___sys_sendmsg+0x10/0x10 [ 437.430940][T12051] ? __secure_computing+0x28e/0x3b0 [ 437.430972][T12051] do_syscall_64+0xcd/0x4e0 [ 437.430999][T12051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.431017][T12051] RIP: 0033:0x7facaa38eec9 [ 437.431033][T12051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.431051][T12051] RSP: 002b:00007facab225038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 437.431070][T12051] RAX: ffffffffffffffda RBX: 00007facaa5e6180 RCX: 00007facaa38eec9 [ 437.431082][T12051] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 437.431093][T12051] RBP: 00007facaa411f91 R08: 0000000000000000 R09: 0000000000000000 [ 437.431104][T12051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 437.431114][T12051] R13: 00007facaa5e6218 R14: 00007facaa5e6180 R15: 00007ffea0990428 [ 437.431141][T12051] [ 437.444708][ T5911] usb 4-1: USB disconnect, device number 14 [ 437.488393][ T5840] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 437.849001][ T5840] usb 3-1: USB disconnect, device number 23 [ 438.161688][T12090] debugfs: 'ttyS3' already exists in 'caif_serial' [ 438.369000][T12088] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1113'. [ 438.919791][T12124] netdevsim netdevsim2: Direct firmware load for  failed with error -2 [ 438.946592][T12124] netdevsim netdevsim2: Falling back to sysfs fallback for:  [ 439.026806][ T5944] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 439.225711][T12146] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1122'. [ 439.264162][ T5944] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.276790][ T5944] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.314250][ T5944] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 439.356260][ T5944] usb 5-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00 [ 439.401041][ T5944] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.445255][ T5944] usb 5-1: config 0 descriptor?? [ 439.560722][T12169] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 439.570217][T12169] CPU: 0 UID: 0 PID: 12169 Comm: syz.0.1124 Not tainted syzkaller #0 PREEMPT(full) [ 439.570245][T12169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 439.570257][T12169] Call Trace: [ 439.570264][T12169] [ 439.570272][T12169] dump_stack_lvl+0x16c/0x1f0 [ 439.570301][T12169] sysfs_warn_dup+0x7f/0xa0 [ 439.570330][T12169] sysfs_do_create_link_sd+0x124/0x140 [ 439.570361][T12169] sysfs_create_link+0x61/0xc0 [ 439.570388][T12169] device_add+0x62c/0x1aa0 [ 439.570410][T12169] ? __pfx_device_add+0x10/0x10 [ 439.570427][T12169] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 439.570457][T12169] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 439.570487][T12169] wiphy_register+0x1eb0/0x2b20 [ 439.570514][T12169] ? netdev_run_todo+0x864/0x1320 [ 439.570540][T12169] ? __dev_printk+0x1c0/0x270 [ 439.570570][T12169] ? __pfx_wiphy_register+0x10/0x10 [ 439.570606][T12169] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 439.570636][T12169] ieee80211_register_hw+0x253d/0x4120 [ 439.570674][T12169] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 439.570701][T12169] ? __pfx___debug_object_init+0x10/0x10 [ 439.570736][T12169] ? find_held_lock+0x2b/0x80 [ 439.570764][T12169] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 439.570799][T12169] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 439.570828][T12169] ? __hrtimer_setup+0x176/0x280 [ 439.570856][T12169] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 439.570896][T12169] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 439.570921][T12169] ? __asan_memcpy+0x3c/0x60 [ 439.570943][T12169] hwsim_new_radio_nl+0xba2/0x1330 [ 439.570968][T12169] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 439.570999][T12169] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 439.571028][T12169] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 439.571063][T12169] genl_family_rcv_msg_doit+0x206/0x2f0 [ 439.571095][T12169] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 439.571134][T12169] ? bpf_lsm_capable+0x9/0x10 [ 439.571156][T12169] ? security_capable+0x7e/0x260 [ 439.571187][T12169] ? ns_capable+0xd7/0x110 [ 439.571215][T12169] genl_rcv_msg+0x55c/0x800 [ 439.571247][T12169] ? __pfx_genl_rcv_msg+0x10/0x10 [ 439.571276][T12169] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 439.571308][T12169] netlink_rcv_skb+0x155/0x420 [ 439.571333][T12169] ? __pfx_genl_rcv_msg+0x10/0x10 [ 439.571363][T12169] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 439.571401][T12169] ? netlink_deliver_tap+0x1ae/0xd30 [ 439.571430][T12169] genl_rcv+0x28/0x40 [ 439.571455][T12169] netlink_unicast+0x5aa/0x870 [ 439.571485][T12169] ? __pfx_netlink_unicast+0x10/0x10 [ 439.571521][T12169] netlink_sendmsg+0x8c8/0xdd0 [ 439.571552][T12169] ? __pfx_netlink_sendmsg+0x10/0x10 [ 439.571588][T12169] ____sys_sendmsg+0xa95/0xc70 [ 439.571618][T12169] ? copy_msghdr_from_user+0x10a/0x160 [ 439.571640][T12169] ? __pfx_____sys_sendmsg+0x10/0x10 [ 439.571682][T12169] ___sys_sendmsg+0x134/0x1d0 [ 439.571706][T12169] ? __pfx____sys_sendmsg+0x10/0x10 [ 439.571754][T12169] ? __pfx_from_kuid+0x10/0x10 [ 439.571796][T12169] __sys_sendmsg+0x16d/0x220 [ 439.571821][T12169] ? __pfx___sys_sendmsg+0x10/0x10 [ 439.571845][T12169] ? __pfx_bpf_trace_run2+0x10/0x10 [ 439.571879][T12169] ? syscall_trace_enter+0x1cb/0x240 [ 439.571909][T12169] ? rcu_is_watching+0x12/0xc0 [ 439.571943][T12169] do_syscall_64+0xcd/0x4e0 [ 439.571970][T12169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.571989][T12169] RIP: 0033:0x7facaa38eec9 [ 439.572007][T12169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 439.572024][T12169] RSP: 002b:00007facab225038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 439.572044][T12169] RAX: ffffffffffffffda RBX: 00007facaa5e6180 RCX: 00007facaa38eec9 [ 439.572057][T12169] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 439.572069][T12169] RBP: 00007facaa411f91 R08: 0000000000000000 R09: 0000000000000000 [ 439.572080][T12169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 439.572092][T12169] R13: 00007facaa5e6218 R14: 00007facaa5e6180 R15: 00007ffea0990428 [ 439.572117][T12169] [ 439.968144][ C0] vkms_vblank_simulate: vblank timer overrun [ 440.007915][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.033139][ T5876] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 440.103340][ T5911] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 440.206061][ T5944] megaworld 0003:07B5:0312.000B: unknown main item tag 0x2 [ 440.211046][ T5876] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 440.213373][ T5944] megaworld 0003:07B5:0312.000B: unexpected long global item [ 440.229653][ T5944] megaworld 0003:07B5:0312.000B: parse failed [ 440.233709][ T5876] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 440.235840][ T5944] megaworld 0003:07B5:0312.000B: probe with driver megaworld failed with error -22 [ 440.262301][ T5911] usb 2-1: Using ep0 maxpacket: 32 [ 440.269579][ T5911] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 440.282570][ T5911] usb 2-1: config 0 has no interface number 0 [ 440.288865][ T5876] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 440.341269][ T5911] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 440.350653][ T5876] usb 4-1: config 1 has no interface number 0 [ 440.360646][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 440.382722][ T5876] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 440.413854][ T5911] usb 2-1: Product: syz [ 440.418055][ T5911] usb 2-1: Manufacturer: syz [ 440.429259][ T5876] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 440.442469][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5620 ms [ 440.442500][ C1] lec:lec_tx_timeout: lec0 [ 440.455373][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 440.472997][ T5911] usb 2-1: SerialNumber: syz [ 440.484713][ T5911] usb 2-1: config 0 descriptor?? [ 440.503134][ T5911] quatech2 2-1:0.1: Quatech 2nd gen USB to Serial Driver converter detected [ 440.511461][ T5896] usb 5-1: USB disconnect, device number 12 [ 440.512062][ T5876] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 440.534672][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.555167][ T5876] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 440.614827][ T5897] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 440.711817][ T5911] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 440.727497][ T5911] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 440.773846][ T5897] usb 3-1: Using ep0 maxpacket: 8 [ 440.786174][ T5897] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 440.804917][ T5897] usb 3-1: config 0 has no interface number 0 [ 440.817105][ T5897] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 440.828258][ T5897] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 440.840239][ T5897] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 440.851618][ T5897] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 440.865426][ T5897] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 440.874575][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.892213][ T5944] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 440.892499][ T5897] usb 3-1: config 0 descriptor?? [ 440.934912][ T5897] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 441.052525][ T5944] usb 1-1: Using ep0 maxpacket: 32 [ 441.063816][ T5944] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 441.079279][ T5944] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 441.090911][ T5944] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 441.107261][ T5944] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 441.114732][ T5876] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 441.126639][ T5944] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.155813][ T5944] usb 1-1: config 0 descriptor?? [ 441.171590][T12213] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 441.179592][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 441.181833][ T5896] usb 2-1: USB disconnect, device number 30 [ 441.207786][ T5876] usb 3-1: USB disconnect, device number 24 [ 441.229688][ T5944] hub 1-1:0.0: USB hub found [ 441.231492][ T5876] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 441.237871][ T5896] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 441.260268][ T5896] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 441.276394][ T5896] quatech2 2-1:0.1: device disconnected [ 441.428973][ T5897] usb 4-1: USB disconnect, device number 15 [ 441.440212][ T5897] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 441.551544][ T5944] hub 1-1:0.0: 2 ports detected [ 441.796871][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 441.796886][ T30] audit: type=1400 audit(1759626922.653:2404): avc: denied { connect } for pid=12276 comm="syz.1.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 441.827233][T12278] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 441.835601][T12278] CPU: 0 UID: 0 PID: 12278 Comm: syz.2.1135 Not tainted syzkaller #0 PREEMPT(full) [ 441.835624][T12278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 441.835631][T12278] Call Trace: [ 441.835635][T12278] [ 441.835640][T12278] dump_stack_lvl+0x16c/0x1f0 [ 441.835659][T12278] sysfs_warn_dup+0x7f/0xa0 [ 441.835685][T12278] sysfs_do_create_link_sd+0x124/0x140 [ 441.835703][T12278] sysfs_create_link+0x61/0xc0 [ 441.835719][T12278] device_add+0x62c/0x1aa0 [ 441.835733][T12278] ? __pfx_device_add+0x10/0x10 [ 441.835743][T12278] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 441.835761][T12278] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 441.835778][T12278] wiphy_register+0x1eb0/0x2b20 [ 441.835793][T12278] ? netdev_run_todo+0x864/0x1320 [ 441.835808][T12278] ? __dev_printk+0x1c0/0x270 [ 441.835825][T12278] ? __pfx_wiphy_register+0x10/0x10 [ 441.835846][T12278] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 441.835864][T12278] ieee80211_register_hw+0x253d/0x4120 [ 441.835885][T12278] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 441.835900][T12278] ? __pfx___debug_object_init+0x10/0x10 [ 441.835921][T12278] ? find_held_lock+0x2b/0x80 [ 441.835937][T12278] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 441.835953][T12278] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 441.835969][T12278] ? __hrtimer_setup+0x176/0x280 [ 441.835985][T12278] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 441.836006][T12278] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 441.836019][T12278] ? __asan_memcpy+0x3c/0x60 [ 441.836032][T12278] hwsim_new_radio_nl+0xba2/0x1330 [ 441.836047][T12278] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 441.836064][T12278] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 441.836082][T12278] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 441.836102][T12278] genl_family_rcv_msg_doit+0x206/0x2f0 [ 441.836121][T12278] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 441.836143][T12278] ? bpf_lsm_capable+0x9/0x10 [ 441.836156][T12278] ? security_capable+0x7e/0x260 [ 441.836173][T12278] ? ns_capable+0xd7/0x110 [ 441.836190][T12278] genl_rcv_msg+0x55c/0x800 [ 441.836208][T12278] ? __pfx_genl_rcv_msg+0x10/0x10 [ 441.836225][T12278] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 441.836243][T12278] netlink_rcv_skb+0x155/0x420 [ 441.836257][T12278] ? __pfx_genl_rcv_msg+0x10/0x10 [ 441.836275][T12278] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 441.836296][T12278] ? netlink_deliver_tap+0x1ae/0xd30 [ 441.836312][T12278] genl_rcv+0x28/0x40 [ 441.836326][T12278] netlink_unicast+0x5aa/0x870 [ 441.836343][T12278] ? __pfx_netlink_unicast+0x10/0x10 [ 441.836358][T12278] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 441.836377][T12278] netlink_sendmsg+0x8c8/0xdd0 [ 441.836395][T12278] ? __pfx_netlink_sendmsg+0x10/0x10 [ 441.836416][T12278] ____sys_sendmsg+0xa95/0xc70 [ 441.836433][T12278] ? copy_msghdr_from_user+0x10a/0x160 [ 441.836447][T12278] ? __pfx_____sys_sendmsg+0x10/0x10 [ 441.836470][T12278] ___sys_sendmsg+0x134/0x1d0 [ 441.836484][T12278] ? __pfx____sys_sendmsg+0x10/0x10 [ 441.836516][T12278] __sys_sendmsg+0x16d/0x220 [ 441.836530][T12278] ? __pfx___sys_sendmsg+0x10/0x10 [ 441.836550][T12278] ? __secure_computing+0x28e/0x3b0 [ 441.836564][T12278] do_syscall_64+0xcd/0x4e0 [ 441.836580][T12278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.836592][T12278] RIP: 0033:0x7fc16c38eec9 [ 441.836603][T12278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.836614][T12278] RSP: 002b:00007fc16a5d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 441.836625][T12278] RAX: ffffffffffffffda RBX: 00007fc16c5e6090 RCX: 00007fc16c38eec9 [ 441.836632][T12278] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 441.836639][T12278] RBP: 00007fc16c411f91 R08: 0000000000000000 R09: 0000000000000000 [ 441.836645][T12278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 441.836652][T12278] R13: 00007fc16c5e6128 R14: 00007fc16c5e6090 R15: 00007ffeb8dc45e8 [ 441.836672][T12278] [ 442.223887][ C0] vkms_vblank_simulate: vblank timer overrun [ 442.363114][ T30] audit: type=1326 audit(1759626922.683:2405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12273 comm="syz.2.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16c38eec9 code=0x7ffc0000 [ 442.407625][ T30] audit: type=1326 audit(1759626922.683:2406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12273 comm="syz.2.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fc16c38eec9 code=0x7ffc0000 [ 442.431670][ T30] audit: type=1326 audit(1759626922.683:2407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12273 comm="syz.2.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16c38eec9 code=0x7ffc0000 [ 442.456421][ T30] audit: type=1326 audit(1759626922.683:2408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12273 comm="syz.2.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc16c38eec9 code=0x7ffc0000 [ 442.480079][ T30] audit: type=1326 audit(1759626922.683:2409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12273 comm="syz.2.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16c38eec9 code=0x7ffc0000 [ 442.504214][ T30] audit: type=1326 audit(1759626922.683:2410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12273 comm="syz.2.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc16c38eec9 code=0x7ffc0000 [ 442.530113][ T5944] usb 1-1: USB disconnect, device number 16 [ 442.539431][ T30] audit: type=1400 audit(1759626923.253:2411): avc: denied { write } for pid=12276 comm="syz.1.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 442.561856][ T30] audit: type=1326 audit(1759626923.263:2412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12273 comm="syz.2.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16c38eec9 code=0x7ffc0000 [ 442.600829][ T30] audit: type=1326 audit(1759626923.263:2413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12273 comm="syz.2.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16c38eec9 code=0x7ffc0000 [ 442.912173][ T5876] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 443.013071][ T5944] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 443.170803][ T5944] usb 5-1: config 0 has no interfaces? [ 443.176890][ T5944] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 443.192263][ T5876] usb 2-1: Using ep0 maxpacket: 8 [ 443.193820][ T5944] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.225829][ T5876] usb 2-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 443.232798][ T5944] usb 5-1: config 0 descriptor?? [ 443.443820][ T5896] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 443.462822][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.472829][ T5876] usb 2-1: Product: syz [ 443.477004][ T5876] usb 2-1: Manufacturer: syz [ 443.481702][ T5876] usb 2-1: SerialNumber: syz [ 443.493751][ T5876] usb 2-1: config 0 descriptor?? [ 443.500881][ T5876] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 443.512265][ T5840] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 443.602297][ T5896] usb 3-1: Using ep0 maxpacket: 8 [ 443.611000][ T5896] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 443.620217][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.628389][ T5896] usb 3-1: Product: syz [ 443.632614][ T5896] usb 3-1: Manufacturer: syz [ 443.637205][ T5896] usb 3-1: SerialNumber: syz [ 443.643946][ T5896] usb 3-1: config 0 descriptor?? [ 443.666348][ T5840] usb 1-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 443.681268][ T5840] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.689439][ T5840] usb 1-1: Product: syz [ 443.693859][ T5840] usb 1-1: Manufacturer: syz [ 443.698764][ T5840] usb 1-1: SerialNumber: syz [ 443.699020][ T5897] usb 5-1: USB disconnect, device number 13 [ 443.705539][ T5840] usb 1-1: config 0 descriptor?? [ 443.858399][ T5896] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 444.061441][ T5896] gspca_sunplus: reg_w_riv err -71 [ 444.069801][ T5896] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 444.084029][ T5896] usb 3-1: USB disconnect, device number 25 [ 444.330557][T12371] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 444.340518][T12371] CPU: 1 UID: 0 PID: 12371 Comm: syz.4.1150 Not tainted syzkaller #0 PREEMPT(full) [ 444.340543][T12371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 444.340554][T12371] Call Trace: [ 444.340560][T12371] [ 444.340571][T12371] dump_stack_lvl+0x16c/0x1f0 [ 444.340594][T12371] sysfs_warn_dup+0x7f/0xa0 [ 444.340611][T12371] sysfs_do_create_link_sd+0x124/0x140 [ 444.340628][T12371] sysfs_create_link+0x61/0xc0 [ 444.340650][T12371] device_add+0x62c/0x1aa0 [ 444.340679][T12371] ? __pfx_device_add+0x10/0x10 [ 444.340694][T12371] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 444.340721][T12371] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 444.340741][T12371] wiphy_register+0x1eb0/0x2b20 [ 444.340757][T12371] ? netdev_run_todo+0x864/0x1320 [ 444.340773][T12371] ? __dev_printk+0x1c0/0x270 [ 444.340797][T12371] ? __pfx_wiphy_register+0x10/0x10 [ 444.340830][T12371] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 444.340858][T12371] ieee80211_register_hw+0x253d/0x4120 [ 444.340882][T12371] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 444.340899][T12371] ? __pfx___debug_object_init+0x10/0x10 [ 444.340921][T12371] ? find_held_lock+0x2b/0x80 [ 444.340945][T12371] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 444.340969][T12371] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 444.340993][T12371] ? __hrtimer_setup+0x176/0x280 [ 444.341013][T12371] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 444.341034][T12371] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 444.341049][T12371] ? __asan_memcpy+0x3c/0x60 [ 444.341062][T12371] hwsim_new_radio_nl+0xba2/0x1330 [ 444.341082][T12371] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 444.341111][T12371] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 444.341138][T12371] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 444.341163][T12371] genl_family_rcv_msg_doit+0x206/0x2f0 [ 444.341181][T12371] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 444.341203][T12371] ? bpf_lsm_capable+0x9/0x10 [ 444.341219][T12371] ? security_capable+0x7e/0x260 [ 444.341247][T12371] ? ns_capable+0xd7/0x110 [ 444.341272][T12371] genl_rcv_msg+0x55c/0x800 [ 444.341296][T12371] ? __pfx_genl_rcv_msg+0x10/0x10 [ 444.341313][T12371] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 444.341327][T12371] ? __lock_acquire+0x62e/0x1ce0 [ 444.341347][T12371] netlink_rcv_skb+0x155/0x420 [ 444.341371][T12371] ? __pfx_genl_rcv_msg+0x10/0x10 [ 444.341397][T12371] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 444.341430][T12371] ? netlink_deliver_tap+0x1ae/0xd30 [ 444.341453][T12371] ? selinux_netlink_send+0x578/0x830 [ 444.341470][T12371] ? is_vmalloc_addr+0x86/0xa0 [ 444.341498][T12371] genl_rcv+0x28/0x40 [ 444.341521][T12371] netlink_unicast+0x5aa/0x870 [ 444.341548][T12371] ? __pfx_netlink_unicast+0x10/0x10 [ 444.341573][T12371] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 444.341605][T12371] netlink_sendmsg+0x8c8/0xdd0 [ 444.341633][T12371] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.341674][T12371] ____sys_sendmsg+0xa95/0xc70 [ 444.341704][T12371] ? copy_msghdr_from_user+0x10a/0x160 [ 444.341724][T12371] ? __pfx_____sys_sendmsg+0x10/0x10 [ 444.341761][T12371] ___sys_sendmsg+0x134/0x1d0 [ 444.341784][T12371] ? __pfx____sys_sendmsg+0x10/0x10 [ 444.341837][T12371] __sys_sendmsg+0x16d/0x220 [ 444.341859][T12371] ? __pfx___sys_sendmsg+0x10/0x10 [ 444.341894][T12371] ? __secure_computing+0x28e/0x3b0 [ 444.341917][T12371] do_syscall_64+0xcd/0x4e0 [ 444.341941][T12371] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.341959][T12371] RIP: 0033:0x7fb99cd8eec9 [ 444.341976][T12371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.341993][T12371] RSP: 002b:00007fb99db41038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 444.342012][T12371] RAX: ffffffffffffffda RBX: 00007fb99cfe6090 RCX: 00007fb99cd8eec9 [ 444.342024][T12371] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 444.342037][T12371] RBP: 00007fb99ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 444.342049][T12371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.342058][T12371] R13: 00007fb99cfe6128 R14: 00007fb99cfe6090 R15: 00007ffe2611d468 [ 444.342084][T12371] [ 444.744361][ T5876] gspca_sonixj: reg_r err -71 [ 444.749054][ T5876] sonixj 2-1:0.0: probe with driver sonixj failed with error -71 [ 444.763432][ T5876] usb 2-1: USB disconnect, device number 31 [ 444.769773][ T5840] usb 1-1: f81604_write: reg: 105 data: 56 failed: -EPROTO [ 444.788069][ T5840] f81604 1-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 444.850735][ T5840] f81604 1-1:0.0: probe with driver f81604 failed with error -71 [ 444.878359][ T5840] usb 1-1: USB disconnect, device number 17 [ 445.172227][ T5911] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 445.248517][T12410] netlink: 'syz.1.1155': attribute type 4 has an invalid length. [ 445.341098][T12415] tun0: tun_chr_ioctl cmd 1074025675 [ 445.346940][T12415] tun0: persist enabled [ 445.355832][ T5911] usb 4-1: Using ep0 maxpacket: 32 [ 445.356515][T12415] tun0: tun_chr_ioctl cmd 1074025675 [ 445.365411][ T5911] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 445.382417][T12415] tun0: persist enabled [ 445.382453][ T5911] usb 4-1: config 0 has no interface number 0 [ 445.397742][ T5911] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 445.412862][ T5911] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 445.424260][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.439263][ T5911] usb 4-1: Product: syz [ 445.463892][ T5911] usb 4-1: Manufacturer: syz [ 445.482172][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5030 ms [ 445.490222][ C1] lec:lec_tx_timeout: lec0 [ 445.490458][T12423] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 445.502241][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 445.508836][T12423] CPU: 0 UID: 0 PID: 12423 Comm: syz.1.1159 Not tainted syzkaller #0 PREEMPT(full) [ 445.508853][T12423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 445.508862][T12423] Call Trace: [ 445.508866][T12423] [ 445.508871][T12423] dump_stack_lvl+0x16c/0x1f0 [ 445.508893][T12423] sysfs_warn_dup+0x7f/0xa0 [ 445.508912][T12423] sysfs_do_create_link_sd+0x124/0x140 [ 445.508931][T12423] sysfs_create_link+0x61/0xc0 [ 445.508950][T12423] device_add+0x62c/0x1aa0 [ 445.508966][T12423] ? __pfx_device_add+0x10/0x10 [ 445.508976][T12423] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 445.508994][T12423] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 445.509012][T12423] wiphy_register+0x1eb0/0x2b20 [ 445.509028][T12423] ? netdev_run_todo+0x864/0x1320 [ 445.509043][T12423] ? __dev_printk+0x1c0/0x270 [ 445.509060][T12423] ? __pfx_wiphy_register+0x10/0x10 [ 445.509081][T12423] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 445.509099][T12423] ieee80211_register_hw+0x253d/0x4120 [ 445.509123][T12423] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 445.509141][T12423] ? __pfx___debug_object_init+0x10/0x10 [ 445.509164][T12423] ? find_held_lock+0x2b/0x80 [ 445.509182][T12423] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 445.509200][T12423] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 445.509218][T12423] ? __hrtimer_setup+0x176/0x280 [ 445.509236][T12423] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 445.509257][T12423] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 445.509272][T12423] ? __asan_memcpy+0x3c/0x60 [ 445.509285][T12423] hwsim_new_radio_nl+0xba2/0x1330 [ 445.509299][T12423] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 445.509316][T12423] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 445.509336][T12423] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 445.509359][T12423] genl_family_rcv_msg_doit+0x206/0x2f0 [ 445.509378][T12423] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 445.509400][T12423] ? bpf_lsm_capable+0x9/0x10 [ 445.509414][T12423] ? security_capable+0x7e/0x260 [ 445.509433][T12423] ? ns_capable+0xd7/0x110 [ 445.509451][T12423] genl_rcv_msg+0x55c/0x800 [ 445.509477][T12423] ? __pfx_genl_rcv_msg+0x10/0x10 [ 445.509502][T12423] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 445.509529][T12423] netlink_rcv_skb+0x155/0x420 [ 445.509552][T12423] ? __pfx_genl_rcv_msg+0x10/0x10 [ 445.509578][T12423] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 445.509593][ T5911] usb 4-1: SerialNumber: syz [ 445.509612][T12423] ? netlink_deliver_tap+0x1ae/0xd30 [ 445.509636][T12423] genl_rcv+0x28/0x40 [ 445.509668][T12423] netlink_unicast+0x5aa/0x870 [ 445.509695][T12423] ? __pfx_netlink_unicast+0x10/0x10 [ 445.509719][T12423] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 445.509750][T12423] netlink_sendmsg+0x8c8/0xdd0 [ 445.509778][T12423] ? __pfx_netlink_sendmsg+0x10/0x10 [ 445.509809][T12423] ____sys_sendmsg+0xa95/0xc70 [ 445.509834][T12423] ? copy_msghdr_from_user+0x10a/0x160 [ 445.509853][T12423] ? __pfx_____sys_sendmsg+0x10/0x10 [ 445.509889][T12423] ___sys_sendmsg+0x134/0x1d0 [ 445.509910][T12423] ? __pfx____sys_sendmsg+0x10/0x10 [ 445.509960][T12423] __sys_sendmsg+0x16d/0x220 [ 445.509979][T12423] ? __pfx___sys_sendmsg+0x10/0x10 [ 445.510009][T12423] ? __secure_computing+0x28e/0x3b0 [ 445.510031][T12423] do_syscall_64+0xcd/0x4e0 [ 445.510053][T12423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.510075][T12423] RIP: 0033:0x7f1aea98eec9 [ 445.510089][T12423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 445.510105][T12423] RSP: 002b:00007f1aeb7d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 445.510122][T12423] RAX: ffffffffffffffda RBX: 00007f1aeabe6090 RCX: 00007f1aea98eec9 [ 445.510133][T12423] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 445.510143][T12423] RBP: 00007f1aeaa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 445.510154][T12423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 445.510164][T12423] R13: 00007f1aeabe6128 R14: 00007f1aeabe6090 R15: 00007ffe527fa888 [ 445.510189][T12423] [ 445.953933][ T5911] usb 4-1: config 0 descriptor?? [ 445.967640][ T5911] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 445.979754][ T5911] em28xx 4-1:0.132: Video interface 132 found: [ 446.028671][T12429] lo speed is unknown, defaulting to 1000 [ 446.061249][T12443] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1161'. [ 446.331759][T12426] lec:lec_atm_close: lec0: Shut down! [ 446.372422][ T5911] em28xx 4-1:0.132: unknown em28xx chip ID (0) [ 446.405129][T12476] input input11: cannot allocate more than FF_MAX_EFFECTS effects [ 446.802379][ T5911] em28xx 4-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 446.904239][ T30] kauditd_printk_skb: 179 callbacks suppressed [ 446.904256][ T30] audit: type=1400 audit(1759626927.753:2593): avc: denied { mount } for pid=12500 comm="syz.4.1172" name="/" dev="hugetlbfs" ino=28757 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 447.069095][ T5911] em28xx 4-1:0.132: board has no eeprom [ 447.069477][ T30] audit: type=1400 audit(1759626927.923:2594): avc: denied { create } for pid=12500 comm="syz.4.1172" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=blk_file permissive=1 [ 447.095863][T12518] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1173'. [ 447.145353][ T5911] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 447.162063][ T5911] em28xx 4-1:0.132: analog set to bulk mode. [ 447.221810][ T5876] em28xx 4-1:0.132: Registering V4L2 extension [ 447.262017][ T5911] usb 4-1: USB disconnect, device number 16 [ 447.279423][ T30] audit: type=1400 audit(1759626927.973:2595): avc: denied { mount } for pid=12496 comm="syz.0.1171" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 447.333498][ T5911] em28xx 4-1:0.132: Disconnecting em28xx [ 447.395798][ T30] audit: type=1400 audit(1759626928.093:2596): avc: denied { unmount } for pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 447.717454][ T5876] em28xx 4-1:0.132: Config register raw data: 0xffffffed [ 447.738065][ T5876] em28xx 4-1:0.132: AC97 chip type couldn't be determined [ 447.778492][ T52] block nbd1: Receive control failed (result -107) [ 447.801260][ T5876] em28xx 4-1:0.132: No AC97 audio processor [ 447.827856][T12553] block nbd1: shutting down sockets [ 447.844333][ T5876] usb 4-1: Decoder not found [ 447.851578][ T5876] em28xx 4-1:0.132: failed to create media graph [ 447.858467][ T5876] em28xx 4-1:0.132: V4L2 device video103 deregistered [ 447.882310][ T5876] em28xx 4-1:0.132: Remote control support is not available for this card. [ 447.891084][ T5911] em28xx 4-1:0.132: Closing input extension [ 447.922832][ T5911] em28xx 4-1:0.132: Freeing device [ 447.992243][ T5897] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 448.050917][ T30] audit: type=1400 audit(1759626928.903:2597): avc: denied { write } for pid=12576 comm="syz.1.1181" path="socket:[28890]" dev="sockfs" ino=28890 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 448.186340][ T5897] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 448.218772][ T5897] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 448.242186][ T5897] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 448.257572][ T5897] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 448.272173][ T5897] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.293801][ T5897] usb 1-1: config 0 descriptor?? [ 448.432652][ T5840] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 448.831630][ T5897] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 448.863311][ T5897] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 448.882935][ T5897] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 448.892283][ T5897] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 448.899696][ T5897] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 449.065338][ T5840] usb 5-1: Using ep0 maxpacket: 32 [ 449.080654][ T5840] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 449.088956][ T5840] usb 5-1: config 0 has no interface number 0 [ 449.166731][ T5840] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 449.172669][ T5897] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 449.189061][ T5840] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.217678][ T5840] usb 5-1: Product: syz [ 449.221876][ T5840] usb 5-1: Manufacturer: syz [ 449.227604][ T5897] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 449.245979][ T5840] usb 5-1: SerialNumber: syz [ 449.263501][ T5897] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 449.276173][ T5897] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 449.290322][ T5897] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 449.313279][ T5840] usb 5-1: config 0 descriptor?? [ 449.353883][ T5840] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 449.370650][ T5897] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 449.415246][ T5897] usb 1-1: USB disconnect, device number 18 [ 449.445695][T12633] input: syz0 as /devices/virtual/input/input12 [ 449.552469][ T5944] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 449.574776][ T5840] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 449.587389][ T5840] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 449.600801][T12640] fido_id[12640]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 449.713490][ T5944] usb 2-1: Using ep0 maxpacket: 16 [ 449.722731][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 449.765036][ T5944] usb 2-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 449.800728][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.843540][T12662] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1191'. [ 449.877802][ T5944] usb 2-1: config 0 descriptor?? [ 449.969709][T12668] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1193'. [ 449.980057][T12668] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1193'. [ 450.052971][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 450.060648][ T5840] usb 5-1: USB disconnect, device number 14 [ 450.079732][ T5840] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 450.106871][ T5840] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 450.304356][ T5944] ryos 0003:1E7D:31CE.000D: unbalanced collection at end of report description [ 450.315195][ T5840] quatech2 5-1:0.51: device disconnected [ 450.339272][ T5944] ryos 0003:1E7D:31CE.000D: parse failed [ 450.357939][ T5944] ryos 0003:1E7D:31CE.000D: probe with driver ryos failed with error -22 [ 450.476016][T12678] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1192'. [ 450.486074][T12678] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1192'. [ 450.567487][ T5944] usb 2-1: USB disconnect, device number 32 [ 451.492123][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5170 ms [ 451.500155][ C1] lec:lec_tx_timeout: lec0 [ 451.505857][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 451.622960][ T5876] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 451.632593][ T5897] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 451.847276][ T5897] usb 3-1: Using ep0 maxpacket: 8 [ 451.852930][ T5876] usb 1-1: Using ep0 maxpacket: 16 [ 451.870996][ T5897] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 451.884490][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.884839][ T5876] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 451.916804][ T5876] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 451.937739][ T5876] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 451.967120][ T5897] pvrusb2: Hardware description: Terratec Grabster AV400 [ 452.012619][ T5897] pvrusb2: ********** [ 452.021814][ T5876] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 452.045621][ T5897] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 452.092303][ T5876] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 452.112237][ T5897] pvrusb2: Important functionality might not be entirely working. [ 452.126903][ T5897] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 452.145638][ T5876] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 452.170975][ T5897] pvrusb2: ********** [ 452.175471][ T5876] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 452.185167][ T5876] usb 1-1: Manufacturer: syz [ 452.192770][ T5876] usb 1-1: config 0 descriptor?? [ 452.212681][ T2333] pvrusb2: Invalid write control endpoint [ 452.268992][ T30] audit: type=1400 audit(1759626933.123:2598): avc: denied { append } for pid=12742 comm="syz.1.1204" name="001" dev="devtmpfs" ino=720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 452.414447][ T2333] pvrusb2: Invalid write control endpoint [ 452.443486][ T2333] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 452.458588][ T5840] usb 3-1: USB disconnect, device number 26 [ 452.483638][ T2333] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 452.498713][ T2333] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 452.511340][ T2333] pvrusb2: Device being rendered inoperable [ 452.521520][ T2333] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 452.531216][ T2333] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 452.550796][ T2333] pvrusb2: Attached sub-driver cx25840 [ 452.557837][ T2333] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 452.569364][ T2333] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 452.580965][ T5876] rc_core: IR keymap rc-hauppauge not found [ 452.605915][ T5876] Registered IR keymap rc-empty [ 452.851444][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 452.942253][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 452.973181][ T5876] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 453.039456][ T5876] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input13 [ 453.112468][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 453.144837][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 453.192333][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 453.222247][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 453.262746][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 453.282336][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 453.322260][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 453.362233][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 453.432342][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 453.466898][ T5876] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 453.497944][ T30] audit: type=1400 audit(1759626934.353:2599): avc: denied { mount } for pid=12791 comm="syz.3.1207" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 453.523979][ T5876] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 453.550521][ T5876] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 453.553833][ T30] audit: type=1400 audit(1759626934.393:2600): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 453.636792][ T5876] usb 1-1: USB disconnect, device number 19 [ 453.798672][ T30] audit: type=1326 audit(1759626934.653:2601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 453.822443][ T30] audit: type=1326 audit(1759626934.653:2602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 453.827006][T12815] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 453.849122][ T5840] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 453.861752][T12815] CPU: 0 UID: 0 PID: 12815 Comm: syz.4.1209 Not tainted syzkaller #0 PREEMPT(full) [ 453.861776][T12815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 453.861786][T12815] Call Trace: [ 453.861792][T12815] [ 453.861799][T12815] dump_stack_lvl+0x16c/0x1f0 [ 453.861826][T12815] sysfs_warn_dup+0x7f/0xa0 [ 453.861853][T12815] sysfs_do_create_link_sd+0x124/0x140 [ 453.861879][T12815] sysfs_create_link+0x61/0xc0 [ 453.861902][T12815] device_add+0x62c/0x1aa0 [ 453.861923][T12815] ? __pfx_device_add+0x10/0x10 [ 453.861938][T12815] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 453.861965][T12815] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 453.861995][T12815] wiphy_register+0x1eb0/0x2b20 [ 453.862020][T12815] ? netdev_run_todo+0x864/0x1320 [ 453.862044][T12815] ? __dev_printk+0x1c0/0x270 [ 453.862074][T12815] ? __pfx_wiphy_register+0x10/0x10 [ 453.862111][T12815] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 453.862140][T12815] ieee80211_register_hw+0x253d/0x4120 [ 453.862173][T12815] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 453.862197][T12815] ? __pfx___debug_object_init+0x10/0x10 [ 453.862230][T12815] ? find_held_lock+0x2b/0x80 [ 453.862257][T12815] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 453.862281][T12815] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 453.862304][T12815] ? __hrtimer_setup+0x176/0x280 [ 453.862330][T12815] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 453.862365][T12815] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 453.862387][T12815] ? __asan_memcpy+0x3c/0x60 [ 453.862409][T12815] hwsim_new_radio_nl+0xba2/0x1330 [ 453.862447][T12815] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 453.862476][T12815] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 453.862506][T12815] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 453.862539][T12815] genl_family_rcv_msg_doit+0x206/0x2f0 [ 453.862567][T12815] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 453.862608][T12815] ? bpf_lsm_capable+0x9/0x10 [ 453.862629][T12815] ? security_capable+0x7e/0x260 [ 453.862658][T12815] ? ns_capable+0xd7/0x110 [ 453.862682][T12815] genl_rcv_msg+0x55c/0x800 [ 453.862713][T12815] ? __pfx_genl_rcv_msg+0x10/0x10 [ 453.862740][T12815] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 453.862762][T12815] ? __lock_acquire+0x62e/0x1ce0 [ 453.862788][T12815] netlink_rcv_skb+0x155/0x420 [ 453.862813][T12815] ? __pfx_genl_rcv_msg+0x10/0x10 [ 453.862843][T12815] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 453.862877][T12815] ? netlink_deliver_tap+0x1ae/0xd30 [ 453.862898][T12815] ? selinux_netlink_send+0x578/0x830 [ 453.862915][T12815] ? is_vmalloc_addr+0x86/0xa0 [ 453.862943][T12815] genl_rcv+0x28/0x40 [ 453.862967][T12815] netlink_unicast+0x5aa/0x870 [ 453.862994][T12815] ? __pfx_netlink_unicast+0x10/0x10 [ 453.863018][T12815] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 453.863048][T12815] netlink_sendmsg+0x8c8/0xdd0 [ 453.863078][T12815] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.863107][T12815] ____sys_sendmsg+0xa95/0xc70 [ 453.863134][T12815] ? copy_msghdr_from_user+0x10a/0x160 [ 453.863155][T12815] ? __pfx_____sys_sendmsg+0x10/0x10 [ 453.863196][T12815] ___sys_sendmsg+0x134/0x1d0 [ 453.863220][T12815] ? __pfx____sys_sendmsg+0x10/0x10 [ 453.863275][T12815] __sys_sendmsg+0x16d/0x220 [ 453.863299][T12815] ? __pfx___sys_sendmsg+0x10/0x10 [ 453.863331][T12815] ? __secure_computing+0x28e/0x3b0 [ 453.863354][T12815] do_syscall_64+0xcd/0x4e0 [ 453.863379][T12815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.863396][T12815] RIP: 0033:0x7fb99cd8eec9 [ 453.863412][T12815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.863428][T12815] RSP: 002b:00007fb99db41038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 453.863443][T12815] RAX: ffffffffffffffda RBX: 00007fb99cfe6090 RCX: 00007fb99cd8eec9 [ 453.863453][T12815] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 453.863462][T12815] RBP: 00007fb99ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 453.863470][T12815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.863478][T12815] R13: 00007fb99cfe6128 R14: 00007fb99cfe6090 R15: 00007ffe2611d468 [ 453.863500][T12815] [ 453.867639][ T30] audit: type=1326 audit(1759626934.653:2603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 454.130515][ T5840] usb 4-1: Using ep0 maxpacket: 8 [ 454.274906][ T30] audit: type=1326 audit(1759626934.653:2604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 454.343708][ T30] audit: type=1326 audit(1759626934.653:2605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 454.369018][ T30] audit: type=1326 audit(1759626934.653:2606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 454.404123][ T30] audit: type=1326 audit(1759626934.653:2607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 454.452856][T12826] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1211'. [ 454.517142][ T5840] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 454.546331][ T5840] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 454.570783][ T5840] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 454.587190][ T5840] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 454.621221][ T5840] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 454.637588][ T5840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.796146][T12858] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 454.803817][ T5876] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 454.811644][T12858] CPU: 0 UID: 0 PID: 12858 Comm: syz.0.1219 Not tainted syzkaller #0 PREEMPT(full) [ 454.811670][T12858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 454.811681][T12858] Call Trace: [ 454.811691][T12858] [ 454.811698][T12858] dump_stack_lvl+0x16c/0x1f0 [ 454.811725][T12858] sysfs_warn_dup+0x7f/0xa0 [ 454.811752][T12858] sysfs_do_create_link_sd+0x124/0x140 [ 454.811780][T12858] sysfs_create_link+0x61/0xc0 [ 454.811804][T12858] device_add+0x62c/0x1aa0 [ 454.811825][T12858] ? __pfx_device_add+0x10/0x10 [ 454.811841][T12858] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 454.811867][T12858] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 454.811895][T12858] wiphy_register+0x1eb0/0x2b20 [ 454.811920][T12858] ? netdev_run_todo+0x864/0x1320 [ 454.811943][T12858] ? __dev_printk+0x1c0/0x270 [ 454.811972][T12858] ? __pfx_wiphy_register+0x10/0x10 [ 454.812005][T12858] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 454.812035][T12858] ieee80211_register_hw+0x253d/0x4120 [ 454.812072][T12858] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 454.812096][T12858] ? __pfx___debug_object_init+0x10/0x10 [ 454.812127][T12858] ? find_held_lock+0x2b/0x80 [ 454.812154][T12858] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 454.812180][T12858] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 454.812206][T12858] ? __hrtimer_setup+0x176/0x280 [ 454.812231][T12858] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 454.812269][T12858] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 454.812292][T12858] ? __asan_memcpy+0x3c/0x60 [ 454.812315][T12858] hwsim_new_radio_nl+0xba2/0x1330 [ 454.812338][T12858] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 454.812366][T12858] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 454.812395][T12858] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 454.812431][T12858] genl_family_rcv_msg_doit+0x206/0x2f0 [ 454.812462][T12858] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 454.812500][T12858] ? bpf_lsm_capable+0x9/0x10 [ 454.812523][T12858] ? security_capable+0x7e/0x260 [ 454.812553][T12858] ? ns_capable+0xd7/0x110 [ 454.812581][T12858] genl_rcv_msg+0x55c/0x800 [ 454.812620][T12858] ? __pfx_genl_rcv_msg+0x10/0x10 [ 454.812651][T12858] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 454.812684][T12858] netlink_rcv_skb+0x155/0x420 [ 454.812712][T12858] ? __pfx_genl_rcv_msg+0x10/0x10 [ 454.812742][T12858] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 454.812782][T12858] ? netlink_deliver_tap+0x1ae/0xd30 [ 454.812810][T12858] genl_rcv+0x28/0x40 [ 454.812835][T12858] netlink_unicast+0x5aa/0x870 [ 454.812863][T12858] ? __pfx_netlink_unicast+0x10/0x10 [ 454.812888][T12858] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 454.812922][T12858] netlink_sendmsg+0x8c8/0xdd0 [ 454.812952][T12858] ? __pfx_netlink_sendmsg+0x10/0x10 [ 454.812989][T12858] ____sys_sendmsg+0xa95/0xc70 [ 454.813018][T12858] ? copy_msghdr_from_user+0x10a/0x160 [ 454.813041][T12858] ? __pfx_____sys_sendmsg+0x10/0x10 [ 454.813083][T12858] ___sys_sendmsg+0x134/0x1d0 [ 454.813107][T12858] ? __pfx____sys_sendmsg+0x10/0x10 [ 454.813166][T12858] __sys_sendmsg+0x16d/0x220 [ 454.813189][T12858] ? __pfx___sys_sendmsg+0x10/0x10 [ 454.813223][T12858] ? __secure_computing+0x28e/0x3b0 [ 454.813249][T12858] do_syscall_64+0xcd/0x4e0 [ 454.813274][T12858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.813293][T12858] RIP: 0033:0x7facaa38eec9 [ 454.813310][T12858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.813328][T12858] RSP: 002b:00007facab225038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 454.813347][T12858] RAX: ffffffffffffffda RBX: 00007facaa5e6180 RCX: 00007facaa38eec9 [ 454.813360][T12858] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 454.813371][T12858] RBP: 00007facaa411f91 R08: 0000000000000000 R09: 0000000000000000 [ 454.813382][T12858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.813393][T12858] R13: 00007facaa5e6218 R14: 00007facaa5e6180 R15: 00007ffea0990428 [ 454.813420][T12858] [ 455.200432][ C0] vkms_vblank_simulate: vblank timer overrun [ 455.245770][ T5840] usb 4-1: GET_CAPABILITIES returned 0 [ 455.251337][ T5840] usbtmc 4-1:16.0: can't read capabilities [ 455.293204][ T5876] usb 2-1: Using ep0 maxpacket: 32 [ 455.316041][ T5876] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 455.325173][ T5876] usb 2-1: config 0 has no interface number 0 [ 455.348408][ T5876] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 455.357890][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.366504][ T5876] usb 2-1: Product: syz [ 455.370776][ T5876] usb 2-1: Manufacturer: syz [ 455.375505][ T5876] usb 2-1: SerialNumber: syz [ 455.391682][ T5876] usb 2-1: config 0 descriptor?? [ 455.418551][ T5876] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 455.453959][ T5876] usb 2-1: selecting invalid altsetting 1 [ 455.461690][ T5911] usb 4-1: USB disconnect, device number 17 [ 455.491097][ T5876] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 455.507179][ T5876] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 455.590995][ T5876] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 455.644404][T12893] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1223'. [ 455.677621][ T5876] usb 2-1: media controller created [ 455.709076][ T5876] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 455.718106][ T5897] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 455.762832][ T5876] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 455.773947][ T5876] zl10353_read_register: readreg error (reg=127, ret==-71) [ 455.786811][ T5876] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 455.839722][ T5876] usb 2-1: USB disconnect, device number 33 [ 455.846128][ T1204] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 455.873611][ T5897] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 455.885242][ T5897] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 455.896175][ T5897] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 455.915359][ T5897] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 455.944156][ T5897] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 455.960833][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.971329][ T5897] usb 3-1: config 0 descriptor?? [ 456.017489][ T1204] usb 1-1: Using ep0 maxpacket: 32 [ 456.035101][ T1204] usb 1-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 456.046542][ T1204] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.064723][ T1204] usb 1-1: config 0 descriptor?? [ 456.079458][ T1204] gspca_main: sq930x-2.14.0 probing 041e:403c [ 456.272457][ T5840] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 456.333102][T12933] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 456.344573][T12933] CPU: 1 UID: 0 PID: 12933 Comm: syz.1.1230 Not tainted syzkaller #0 PREEMPT(full) [ 456.344590][T12933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 456.344597][T12933] Call Trace: [ 456.344602][T12933] [ 456.344607][T12933] dump_stack_lvl+0x16c/0x1f0 [ 456.344627][T12933] sysfs_warn_dup+0x7f/0xa0 [ 456.344643][T12933] sysfs_do_create_link_sd+0x124/0x140 [ 456.344660][T12933] sysfs_create_link+0x61/0xc0 [ 456.344676][T12933] device_add+0x62c/0x1aa0 [ 456.344693][T12933] ? __pfx_device_add+0x10/0x10 [ 456.344703][T12933] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 456.344720][T12933] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 456.344738][T12933] wiphy_register+0x1eb0/0x2b20 [ 456.344753][T12933] ? netdev_run_todo+0x864/0x1320 [ 456.344768][T12933] ? __dev_printk+0x1c0/0x270 [ 456.344785][T12933] ? __pfx_wiphy_register+0x10/0x10 [ 456.344806][T12933] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 456.344828][T12933] ieee80211_register_hw+0x253d/0x4120 [ 456.344850][T12933] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 456.344865][T12933] ? __pfx___debug_object_init+0x10/0x10 [ 456.344887][T12933] ? find_held_lock+0x2b/0x80 [ 456.344904][T12933] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 456.344921][T12933] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 456.344938][T12933] ? __hrtimer_setup+0x176/0x280 [ 456.344954][T12933] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 456.344975][T12933] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 456.344989][T12933] ? __asan_memcpy+0x3c/0x60 [ 456.345002][T12933] hwsim_new_radio_nl+0xba2/0x1330 [ 456.345016][T12933] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 456.345033][T12933] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 456.345051][T12933] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 456.345072][T12933] genl_family_rcv_msg_doit+0x206/0x2f0 [ 456.345090][T12933] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 456.345112][T12933] ? bpf_lsm_capable+0x9/0x10 [ 456.345126][T12933] ? security_capable+0x7e/0x260 [ 456.345144][T12933] ? ns_capable+0xd7/0x110 [ 456.345160][T12933] genl_rcv_msg+0x55c/0x800 [ 456.345178][T12933] ? __pfx_genl_rcv_msg+0x10/0x10 [ 456.345195][T12933] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 456.345213][T12933] netlink_rcv_skb+0x155/0x420 [ 456.345228][T12933] ? __pfx_genl_rcv_msg+0x10/0x10 [ 456.345245][T12933] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 456.345266][T12933] ? netlink_deliver_tap+0x1ae/0xd30 [ 456.345283][T12933] genl_rcv+0x28/0x40 [ 456.345297][T12933] netlink_unicast+0x5aa/0x870 [ 456.345314][T12933] ? __pfx_netlink_unicast+0x10/0x10 [ 456.345329][T12933] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 456.345348][T12933] netlink_sendmsg+0x8c8/0xdd0 [ 456.345366][T12933] ? __pfx_netlink_sendmsg+0x10/0x10 [ 456.345386][T12933] ____sys_sendmsg+0xa95/0xc70 [ 456.345403][T12933] ? copy_msghdr_from_user+0x10a/0x160 [ 456.345417][T12933] ? __pfx_____sys_sendmsg+0x10/0x10 [ 456.345441][T12933] ___sys_sendmsg+0x134/0x1d0 [ 456.345455][T12933] ? __pfx____sys_sendmsg+0x10/0x10 [ 456.345487][T12933] __sys_sendmsg+0x16d/0x220 [ 456.345501][T12933] ? __pfx___sys_sendmsg+0x10/0x10 [ 456.345520][T12933] ? __secure_computing+0x28e/0x3b0 [ 456.345535][T12933] do_syscall_64+0xcd/0x4e0 [ 456.345550][T12933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.345562][T12933] RIP: 0033:0x7f1aea98eec9 [ 456.345572][T12933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.345583][T12933] RSP: 002b:00007f1aeb7d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 456.345594][T12933] RAX: ffffffffffffffda RBX: 00007f1aeabe6090 RCX: 00007f1aea98eec9 [ 456.345602][T12933] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 456.345608][T12933] RBP: 00007f1aeaa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 456.345615][T12933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 456.345621][T12933] R13: 00007f1aeabe6128 R14: 00007f1aeabe6090 R15: 00007ffe527fa888 [ 456.345635][T12933] [ 456.462381][ T5840] usb 4-1: Using ep0 maxpacket: 16 [ 456.496093][ T5897] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 456.516082][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 456.516099][ C1] lec:lec_tx_timeout: lec0 [ 456.516174][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 456.794767][ T5840] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 456.806345][ T5840] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 456.809213][ T5897] usb 3-1: USB disconnect, device number 27 [ 456.822712][ T5840] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 456.837370][T12935] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 456.858975][T12935] CPU: 0 UID: 0 PID: 12935 Comm: syz.4.1228 Not tainted syzkaller #0 PREEMPT(full) [ 456.859001][T12935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 456.859012][T12935] Call Trace: [ 456.859018][T12935] [ 456.859026][T12935] dump_stack_lvl+0x16c/0x1f0 [ 456.859054][T12935] sysfs_warn_dup+0x7f/0xa0 [ 456.859081][T12935] sysfs_do_create_link_sd+0x124/0x140 [ 456.859108][T12935] sysfs_create_link+0x61/0xc0 [ 456.859132][T12935] device_add+0x62c/0x1aa0 [ 456.859152][T12935] ? __pfx_device_add+0x10/0x10 [ 456.859168][T12935] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 456.859196][T12935] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 456.859227][T12935] wiphy_register+0x1eb0/0x2b20 [ 456.859250][T12935] ? netdev_run_todo+0x864/0x1320 [ 456.859276][T12935] ? __dev_printk+0x1c0/0x270 [ 456.859306][T12935] ? __pfx_wiphy_register+0x10/0x10 [ 456.859341][T12935] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 456.859370][T12935] ieee80211_register_hw+0x253d/0x4120 [ 456.859405][T12935] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 456.859428][T12935] ? __pfx___debug_object_init+0x10/0x10 [ 456.859459][T12935] ? find_held_lock+0x2b/0x80 [ 456.859487][T12935] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 456.859512][T12935] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 456.859536][T12935] ? __hrtimer_setup+0x176/0x280 [ 456.859560][T12935] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 456.859603][T12935] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 456.859626][T12935] ? __asan_memcpy+0x3c/0x60 [ 456.859647][T12935] hwsim_new_radio_nl+0xba2/0x1330 [ 456.859670][T12935] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 456.859697][T12935] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 456.859725][T12935] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 456.859762][T12935] genl_family_rcv_msg_doit+0x206/0x2f0 [ 456.859791][T12935] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 456.859825][T12935] ? bpf_lsm_capable+0x9/0x10 [ 456.859846][T12935] ? security_capable+0x7e/0x260 [ 456.859875][T12935] ? ns_capable+0xd7/0x110 [ 456.859900][T12935] genl_rcv_msg+0x55c/0x800 [ 456.859931][T12935] ? __pfx_genl_rcv_msg+0x10/0x10 [ 456.859958][T12935] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 456.859980][T12935] ? __lock_acquire+0x62e/0x1ce0 [ 456.860004][T12935] netlink_rcv_skb+0x155/0x420 [ 456.860028][T12935] ? __pfx_genl_rcv_msg+0x10/0x10 [ 456.860056][T12935] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 456.860089][T12935] ? netlink_deliver_tap+0x1ae/0xd30 [ 456.860107][T12935] ? selinux_netlink_send+0x578/0x830 [ 456.860124][T12935] ? is_vmalloc_addr+0x86/0xa0 [ 456.860153][T12935] genl_rcv+0x28/0x40 [ 456.860175][T12935] netlink_unicast+0x5aa/0x870 [ 456.860204][T12935] ? __pfx_netlink_unicast+0x10/0x10 [ 456.860229][T12935] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 456.860262][T12935] netlink_sendmsg+0x8c8/0xdd0 [ 456.860290][T12935] ? __pfx_netlink_sendmsg+0x10/0x10 [ 456.860324][T12935] ____sys_sendmsg+0xa95/0xc70 [ 456.860357][T12935] ? copy_msghdr_from_user+0x10a/0x160 [ 456.860380][T12935] ? __pfx_____sys_sendmsg+0x10/0x10 [ 456.860420][T12935] ___sys_sendmsg+0x134/0x1d0 [ 456.860443][T12935] ? __pfx____sys_sendmsg+0x10/0x10 [ 456.860501][T12935] __sys_sendmsg+0x16d/0x220 [ 456.860525][T12935] ? __pfx___sys_sendmsg+0x10/0x10 [ 456.860558][T12935] ? __secure_computing+0x28e/0x3b0 [ 456.860591][T12935] do_syscall_64+0xcd/0x4e0 [ 456.860617][T12935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.860637][T12935] RIP: 0033:0x7fb99cd8eec9 [ 456.860652][T12935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.860669][T12935] RSP: 002b:00007fb99aff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 456.860687][T12935] RAX: ffffffffffffffda RBX: 00007fb99cfe6180 RCX: 00007fb99cd8eec9 [ 456.860699][T12935] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 456.860710][T12935] RBP: 00007fb99ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 456.860721][T12935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 456.860732][T12935] R13: 00007fb99cfe6218 R14: 00007fb99cfe6180 R15: 00007ffe2611d468 [ 456.860759][T12935] [ 457.264400][ C0] vkms_vblank_simulate: vblank timer overrun [ 457.302284][ T5840] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 457.306727][T12956] fido_id[12956]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 457.311371][ T5840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.325962][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 457.325979][ T30] audit: type=1326 audit(1759626938.143:2642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12926 comm="syz.4.1228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 457.326025][ T30] audit: type=1326 audit(1759626938.143:2643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12926 comm="syz.4.1228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 457.363536][ C0] vkms_vblank_simulate: vblank timer overrun [ 457.394712][ T5840] usb 4-1: config 0 descriptor?? [ 457.481767][ T30] audit: type=1326 audit(1759626938.333:2644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12926 comm="syz.4.1228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 457.587754][ T30] audit: type=1326 audit(1759626938.333:2645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12926 comm="syz.4.1228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 457.611207][ C0] vkms_vblank_simulate: vblank timer overrun [ 457.617410][ T30] audit: type=1326 audit(1759626938.333:2646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12926 comm="syz.4.1228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 457.640878][ C0] vkms_vblank_simulate: vblank timer overrun [ 457.647134][ T30] audit: type=1326 audit(1759626938.423:2647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12926 comm="syz.4.1228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 457.670653][ T30] audit: type=1326 audit(1759626938.423:2648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12926 comm="syz.4.1228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 457.694091][ C0] vkms_vblank_simulate: vblank timer overrun [ 457.700138][ T30] audit: type=1326 audit(1759626938.423:2649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12926 comm="syz.4.1228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 457.734691][ T30] audit: type=1326 audit(1759626938.423:2650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12926 comm="syz.4.1228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 457.758161][ C0] vkms_vblank_simulate: vblank timer overrun [ 457.816608][ T30] audit: type=1326 audit(1759626938.423:2651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12926 comm="syz.4.1228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 457.861305][ T1204] gspca_sq930x: ucbus_write failed -71 [ 457.868178][ T1204] sq930x 1-1:0.0: probe with driver sq930x failed with error -71 [ 457.881172][ T1204] usb 1-1: USB disconnect, device number 20 [ 457.888230][ T5840] HID 045e:07da: Invalid code 65791 type 1 [ 457.916937][ T5840] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.000F/input/input15 [ 457.979498][ T5840] microsoft 0003:045E:07DA.000F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 458.084408][ T1204] usb 4-1: USB disconnect, device number 18 [ 458.292212][ T5840] usb 2-1: new low-speed USB device number 34 using dummy_hcd [ 458.446742][ T5840] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 458.460776][ T5840] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 458.471725][ T5840] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 458.486038][ T5840] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 458.496921][ T5840] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 458.508363][ T5840] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 458.536132][T13011] lo speed is unknown, defaulting to 1000 [ 458.542835][ T5840] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 458.553475][ T5840] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 458.564839][ T5840] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 458.582470][ T5840] usb 2-1: string descriptor 0 read error: -22 [ 458.588740][ T5840] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 458.598565][ T5840] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.615252][ T5840] adutux 2-1:168.0: interrupt endpoints not found [ 458.902971][ T5840] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 459.008472][ T5896] usb 2-1: USB disconnect, device number 34 [ 459.102938][T13064] siw: device registration error -23 [ 459.505238][T13065] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1239'. [ 459.572185][ T5840] usb 4-1: Using ep0 maxpacket: 8 [ 459.592320][ T5840] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 459.608673][ T5840] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 459.649025][ T5840] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 459.770583][ T5840] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 459.810035][ T5840] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 459.936239][ T5840] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 459.977506][ T5840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.005690][T13076] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 460.013712][T13076] CPU: 1 UID: 0 PID: 13076 Comm: syz.4.1243 Not tainted syzkaller #0 PREEMPT(full) [ 460.013729][T13076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 460.013736][T13076] Call Trace: [ 460.013741][T13076] [ 460.013746][T13076] dump_stack_lvl+0x16c/0x1f0 [ 460.013767][T13076] sysfs_warn_dup+0x7f/0xa0 [ 460.013782][T13076] sysfs_do_create_link_sd+0x124/0x140 [ 460.013800][T13076] sysfs_create_link+0x61/0xc0 [ 460.013821][T13076] device_add+0x62c/0x1aa0 [ 460.013834][T13076] ? __pfx_device_add+0x10/0x10 [ 460.013844][T13076] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 460.013862][T13076] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 460.013882][T13076] wiphy_register+0x1eb0/0x2b20 [ 460.013899][T13076] ? netdev_run_todo+0x864/0x1320 [ 460.013915][T13076] ? __dev_printk+0x1c0/0x270 [ 460.013932][T13076] ? __pfx_wiphy_register+0x10/0x10 [ 460.013952][T13076] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 460.013971][T13076] ieee80211_register_hw+0x253d/0x4120 [ 460.013993][T13076] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 460.014008][T13076] ? __pfx___debug_object_init+0x10/0x10 [ 460.014029][T13076] ? find_held_lock+0x2b/0x80 [ 460.014045][T13076] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 460.014061][T13076] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 460.014077][T13076] ? __hrtimer_setup+0x176/0x280 [ 460.014093][T13076] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 460.014113][T13076] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 460.014128][T13076] ? __asan_memcpy+0x3c/0x60 [ 460.014140][T13076] hwsim_new_radio_nl+0xba2/0x1330 [ 460.014154][T13076] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 460.014172][T13076] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 460.014190][T13076] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 460.014211][T13076] genl_family_rcv_msg_doit+0x206/0x2f0 [ 460.014229][T13076] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 460.014250][T13076] ? bpf_lsm_capable+0x9/0x10 [ 460.014264][T13076] ? security_capable+0x7e/0x260 [ 460.014282][T13076] ? ns_capable+0xd7/0x110 [ 460.014298][T13076] genl_rcv_msg+0x55c/0x800 [ 460.014316][T13076] ? __pfx_genl_rcv_msg+0x10/0x10 [ 460.014333][T13076] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 460.014347][T13076] ? __lock_acquire+0x62e/0x1ce0 [ 460.014362][T13076] netlink_rcv_skb+0x155/0x420 [ 460.014376][T13076] ? __pfx_genl_rcv_msg+0x10/0x10 [ 460.014394][T13076] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 460.014414][T13076] ? netlink_deliver_tap+0x1ae/0xd30 [ 460.014428][T13076] ? selinux_netlink_send+0x578/0x830 [ 460.014439][T13076] ? is_vmalloc_addr+0x86/0xa0 [ 460.014458][T13076] genl_rcv+0x28/0x40 [ 460.014473][T13076] netlink_unicast+0x5aa/0x870 [ 460.014490][T13076] ? __pfx_netlink_unicast+0x10/0x10 [ 460.014510][T13076] netlink_sendmsg+0x8c8/0xdd0 [ 460.014527][T13076] ? __pfx_netlink_sendmsg+0x10/0x10 [ 460.014548][T13076] ____sys_sendmsg+0xa95/0xc70 [ 460.014566][T13076] ? copy_msghdr_from_user+0x10a/0x160 [ 460.014580][T13076] ? __pfx_____sys_sendmsg+0x10/0x10 [ 460.014604][T13076] ___sys_sendmsg+0x134/0x1d0 [ 460.014618][T13076] ? __pfx____sys_sendmsg+0x10/0x10 [ 460.014650][T13076] __sys_sendmsg+0x16d/0x220 [ 460.014665][T13076] ? __pfx___sys_sendmsg+0x10/0x10 [ 460.014684][T13076] ? __secure_computing+0x28e/0x3b0 [ 460.014698][T13076] do_syscall_64+0xcd/0x4e0 [ 460.014714][T13076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.014727][T13076] RIP: 0033:0x7fb99cd8eec9 [ 460.014737][T13076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 460.014752][T13076] RSP: 002b:00007fb99aff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 460.014763][T13076] RAX: ffffffffffffffda RBX: 00007fb99cfe6180 RCX: 00007fb99cd8eec9 [ 460.014771][T13076] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 460.014778][T13076] RBP: 00007fb99ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 460.014784][T13076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 460.014792][T13076] R13: 00007fb99cfe6218 R14: 00007fb99cfe6180 R15: 00007ffe2611d468 [ 460.014812][T13076] [ 461.522137][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 461.530159][ C1] lec:lec_tx_timeout: lec0 [ 461.538759][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 462.144217][T13139] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 462.151884][T13139] CPU: 1 UID: 0 PID: 13139 Comm: syz.4.1257 Not tainted syzkaller #0 PREEMPT(full) [ 462.151910][T13139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 462.151923][T13139] Call Trace: [ 462.151930][T13139] [ 462.151938][T13139] dump_stack_lvl+0x16c/0x1f0 [ 462.151969][T13139] sysfs_warn_dup+0x7f/0xa0 [ 462.151997][T13139] sysfs_do_create_link_sd+0x124/0x140 [ 462.152027][T13139] sysfs_create_link+0x61/0xc0 [ 462.152055][T13139] device_add+0x62c/0x1aa0 [ 462.152077][T13139] ? __pfx_device_add+0x10/0x10 [ 462.152096][T13139] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 462.152123][T13139] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 462.152152][T13139] wiphy_register+0x1eb0/0x2b20 [ 462.152175][T13139] ? netdev_run_todo+0x864/0x1320 [ 462.152195][T13139] ? __dev_printk+0x1c0/0x270 [ 462.152217][T13139] ? __pfx_wiphy_register+0x10/0x10 [ 462.152245][T13139] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 462.152268][T13139] ieee80211_register_hw+0x253d/0x4120 [ 462.152297][T13139] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 462.152317][T13139] ? __pfx___debug_object_init+0x10/0x10 [ 462.152347][T13139] ? find_held_lock+0x2b/0x80 [ 462.152368][T13139] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 462.152389][T13139] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 462.152410][T13139] ? __hrtimer_setup+0x176/0x280 [ 462.152430][T13139] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 462.152459][T13139] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 462.152478][T13139] ? __asan_memcpy+0x3c/0x60 [ 462.152496][T13139] hwsim_new_radio_nl+0xba2/0x1330 [ 462.152515][T13139] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 462.152539][T13139] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 462.152562][T13139] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 462.152590][T13139] genl_family_rcv_msg_doit+0x206/0x2f0 [ 462.152614][T13139] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 462.152644][T13139] ? bpf_lsm_capable+0x9/0x10 [ 462.152661][T13139] ? security_capable+0x7e/0x260 [ 462.152684][T13139] ? ns_capable+0xd7/0x110 [ 462.152706][T13139] genl_rcv_msg+0x55c/0x800 [ 462.152731][T13139] ? __pfx_genl_rcv_msg+0x10/0x10 [ 462.152759][T13139] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 462.152778][T13139] ? __lock_acquire+0x62e/0x1ce0 [ 462.152797][T13139] netlink_rcv_skb+0x155/0x420 [ 462.152816][T13139] ? __pfx_genl_rcv_msg+0x10/0x10 [ 462.152842][T13139] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 462.152874][T13139] ? netlink_deliver_tap+0x1ae/0xd30 [ 462.152892][T13139] ? selinux_netlink_send+0x578/0x830 [ 462.152906][T13139] ? is_vmalloc_addr+0x86/0xa0 [ 462.152931][T13139] genl_rcv+0x28/0x40 [ 462.152950][T13139] netlink_unicast+0x5aa/0x870 [ 462.152973][T13139] ? __pfx_netlink_unicast+0x10/0x10 [ 462.152993][T13139] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 462.153019][T13139] netlink_sendmsg+0x8c8/0xdd0 [ 462.153043][T13139] ? __pfx_netlink_sendmsg+0x10/0x10 [ 462.153072][T13139] ____sys_sendmsg+0xa95/0xc70 [ 462.153095][T13139] ? copy_msghdr_from_user+0x10a/0x160 [ 462.153112][T13139] ? __pfx_____sys_sendmsg+0x10/0x10 [ 462.153145][T13139] ___sys_sendmsg+0x134/0x1d0 [ 462.153165][T13139] ? __pfx____sys_sendmsg+0x10/0x10 [ 462.153211][T13139] __sys_sendmsg+0x16d/0x220 [ 462.153229][T13139] ? __pfx___sys_sendmsg+0x10/0x10 [ 462.153257][T13139] ? __secure_computing+0x28e/0x3b0 [ 462.153276][T13139] do_syscall_64+0xcd/0x4e0 [ 462.153296][T13139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.153311][T13139] RIP: 0033:0x7fb99cd8eec9 [ 462.153325][T13139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 462.153340][T13139] RSP: 002b:00007fb99aff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 462.153355][T13139] RAX: ffffffffffffffda RBX: 00007fb99cfe6180 RCX: 00007fb99cd8eec9 [ 462.153364][T13139] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 462.153373][T13139] RBP: 00007fb99ce11f91 R08: 0000000000000000 R09: 0000000000000000 [ 462.153382][T13139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 462.153391][T13139] R13: 00007fb99cfe6218 R14: 00007fb99cfe6180 R15: 00007ffe2611d468 [ 462.153412][T13139] [ 462.636600][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 462.636615][ T30] audit: type=1326 audit(1759626943.493:2672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13131 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 462.666473][ T30] audit: type=1326 audit(1759626943.523:2673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13131 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb99cd8eec9 code=0x7ffc0000 [ 462.877539][T13154] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1262'. [ 463.081029][ T5896] usb 4-1: USB disconnect, device number 19 [ 463.245498][ T5840] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 463.394584][ T5897] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 463.478395][ T5840] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 463.488854][ T5840] usb 5-1: config 0 has no interface number 0 [ 463.498292][ T5840] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.516771][ T5840] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.527080][ T5840] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 463.538223][ T5840] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.563604][ T5840] usb 5-1: config 0 descriptor?? [ 463.572234][ T5896] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 463.602179][ T5897] usb 2-1: Using ep0 maxpacket: 16 [ 463.616145][ T5897] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 463.627434][ T5897] usb 2-1: config 0 has no interface number 0 [ 463.635604][ T5897] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 463.646250][ T5897] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 463.656554][ T5897] usb 2-1: config 0 interface 41 has no altsetting 0 [ 463.665943][ T5897] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 463.675214][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.683941][ T5897] usb 2-1: Product: syz [ 463.688161][ T5897] usb 2-1: Manufacturer: syz [ 463.692838][ T5897] usb 2-1: SerialNumber: syz [ 463.699165][ T5897] usb 2-1: config 0 descriptor?? [ 463.705093][T13170] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 463.712508][T13170] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 463.732808][ T5896] usb 4-1: Using ep0 maxpacket: 16 [ 463.739516][ T5896] usb 4-1: config 9 has an invalid interface number: 144 but max is 0 [ 463.748163][ T5896] usb 4-1: config 9 has no interface number 0 [ 463.754573][ T5896] usb 4-1: config 9 interface 144 has no altsetting 0 [ 463.763732][ T5896] usb 4-1: New USB device found, idVendor=045e, idProduct=0927, bcdDevice=4b.68 [ 463.772935][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.780951][ T5896] usb 4-1: Product: syz [ 463.785740][ T5896] usb 4-1: Manufacturer: syz [ 463.790356][ T5896] usb 4-1: SerialNumber: syz [ 463.800191][ T5896] r8152-cfgselector 4-1: Unknown version 0x0000 [ 463.852222][ T5944] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 463.927528][T13170] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 463.934978][T13170] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 463.991413][ T5840] prodikeys 0003:041E:2801.0010: collection stack underflow [ 463.998878][ T5840] prodikeys 0003:041E:2801.0010: item 0 1 0 12 parsing failed [ 464.006658][ T5944] usb 3-1: Using ep0 maxpacket: 8 [ 464.012340][ T5840] prodikeys 0003:041E:2801.0010: hid parse failed [ 464.020707][ T5840] prodikeys 0003:041E:2801.0010: probe with driver prodikeys failed with error -22 [ 464.030505][ T5944] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 464.040212][ T5896] r8152 4-1:9.144: Expected endpoints are not found [ 464.053763][ T5896] r8152-cfgselector 4-1: USB disconnect, device number 20 [ 464.068988][ T5944] usb 3-1: config 0 has no interface number 0 [ 464.079753][ T5944] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 464.099637][ T5944] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 464.111888][ T5944] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 464.126969][ T5944] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 464.140777][ T5944] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 464.150281][ T5944] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 464.155965][ T5897] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): set LINK LED failed : -71 [ 464.165152][ T5944] usb 3-1: config 0 descriptor?? [ 464.169584][ T5897] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71 [ 464.186677][ T5944] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 464.193147][ T5911] usb 5-1: USB disconnect, device number 15 [ 464.233115][ T5897] usb 2-1: USB disconnect, device number 35 [ 464.388340][ T5896] usb 3-1: USB disconnect, device number 28 [ 464.395972][ T5896] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 464.878297][ T30] audit: type=1326 audit(1759626945.733:2674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13261 comm="syz.1.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aea98eec9 code=0x7ffc0000 [ 464.966363][ T30] audit: type=1326 audit(1759626945.763:2675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13261 comm="syz.1.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aea98eec9 code=0x7ffc0000 [ 465.022325][ T30] audit: type=1326 audit(1759626945.763:2676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13261 comm="syz.1.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f1aea98eec9 code=0x7ffc0000 [ 465.045853][ T30] audit: type=1326 audit(1759626945.763:2677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13261 comm="syz.1.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aea98eec9 code=0x7ffc0000 [ 465.076199][ T30] audit: type=1326 audit(1759626945.763:2678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13261 comm="syz.1.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1aea98eec9 code=0x7ffc0000 [ 465.100561][ T30] audit: type=1326 audit(1759626945.763:2679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13261 comm="syz.1.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aea98eec9 code=0x7ffc0000 [ 465.174993][ T30] audit: type=1326 audit(1759626945.763:2680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13261 comm="syz.1.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f1aea98eec9 code=0x7ffc0000 [ 465.231375][ T30] audit: type=1326 audit(1759626945.763:2681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13261 comm="syz.1.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1aea98ef03 code=0x7ffc0000 [ 465.448019][T13285] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1278'. [ 465.473220][T13285] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1278'. [ 465.492776][T13285] netlink: 50 bytes leftover after parsing attributes in process `syz.4.1278'. [ 465.606592][T13288] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1279'. [ 466.433657][ T5896] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 466.552136][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 466.560154][ C1] lec:lec_tx_timeout: lec0 [ 466.564706][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 466.738392][T13342] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1289'. [ 466.748530][T13342] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1289'. [ 466.958353][ T5896] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 467.020119][ T5840] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 467.071240][ T5896] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 467.086783][T13348] ================================================================== [ 467.094865][T13348] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220 [ 467.102071][T13348] Read of size 8 at addr ffff88802ce12d88 by task syz.2.1292/13348 [ 467.109950][T13348] [ 467.112273][T13348] CPU: 1 UID: 0 PID: 13348 Comm: syz.2.1292 Not tainted syzkaller #0 PREEMPT(full) [ 467.112296][T13348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 467.112308][T13348] Call Trace: [ 467.112315][T13348] [ 467.112322][T13348] dump_stack_lvl+0x116/0x1f0 [ 467.112350][T13348] print_report+0xcd/0x630 [ 467.112372][T13348] ? __virt_addr_valid+0x81/0x610 [ 467.112401][T13348] ? __phys_addr+0xe8/0x180 [ 467.112427][T13348] ? __cpa_addr+0x1d3/0x220 [ 467.112444][T13348] kasan_report+0xe0/0x110 [ 467.112465][T13348] ? __cpa_addr+0x1d3/0x220 [ 467.112485][T13348] __cpa_addr+0x1d3/0x220 [ 467.112503][T13348] cpa_flush+0x28b/0x8a0 [ 467.112525][T13348] ? __pfx_cpa_flush+0x10/0x10 [ 467.112546][T13348] ? pgprot2cachemode+0x9a/0x130 [ 467.112572][T13348] ? __pfx_pgprot2cachemode+0x10/0x10 [ 467.112598][T13348] ? drm_gem_get_pages+0x6a0/0xa10 [ 467.112620][T13348] change_page_attr_set_clr+0x34e/0x4a0 [ 467.112645][T13348] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 467.112676][T13348] _set_pages_array+0x1ab/0x2c0 [ 467.112700][T13348] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 467.112719][T13348] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 467.112743][T13348] ? __pfx___might_resched+0x10/0x10 [ 467.112773][T13348] drm_gem_shmem_mmap+0xc9/0x550 [ 467.112789][T13348] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 467.112808][T13348] drm_gem_mmap_obj+0x1b5/0x560 [ 467.112831][T13348] drm_gem_mmap+0x40b/0x620 [ 467.112852][T13348] ? __pfx_drm_gem_mmap+0x10/0x10 [ 467.112870][T13348] ? vm_area_alloc+0x1f/0x160 [ 467.112895][T13348] ? lockdep_init_map_type+0x5c/0x280 [ 467.112916][T13348] __mmap_region+0x1306/0x27a0 [ 467.112935][T13348] ? __pfx___mmap_region+0x10/0x10 [ 467.112953][T13348] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 467.112977][T13348] ? audit_log_end+0x1f/0x30 [ 467.112996][T13348] ? audit_log_end+0x1f/0x30 [ 467.113013][T13348] ? common_lsm_audit+0x260/0x300 [ 467.113053][T13348] ? __lock_acquire+0xb97/0x1ce0 [ 467.113076][T13348] mmap_region+0x1ab/0x3f0 [ 467.113093][T13348] ? __get_unmapped_area+0x267/0x440 [ 467.113114][T13348] do_mmap+0xa3e/0x1210 [ 467.113137][T13348] ? __pfx_do_mmap+0x10/0x10 [ 467.113158][T13348] ? __pfx_down_write_killable+0x10/0x10 [ 467.113186][T13348] vm_mmap_pgoff+0x29e/0x470 [ 467.113209][T13348] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 467.113233][T13348] ? __fget_files+0x20e/0x3c0 [ 467.113255][T13348] ksys_mmap_pgoff+0x32c/0x5c0 [ 467.113277][T13348] __x64_sys_mmap+0x125/0x190 [ 467.113298][T13348] do_syscall_64+0xcd/0x4e0 [ 467.113322][T13348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.113339][T13348] RIP: 0033:0x7fc16c38eec9 [ 467.113354][T13348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 467.113373][T13348] RSP: 002b:00007fc16a5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 467.113390][T13348] RAX: ffffffffffffffda RBX: 00007fc16c5e5fa0 RCX: 00007fc16c38eec9 [ 467.113402][T13348] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 467.113414][T13348] RBP: 00007fc16c411f91 R08: 0000000000000003 R09: 0000000100000000 [ 467.113425][T13348] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 467.113436][T13348] R13: 00007fc16c5e6038 R14: 00007fc16c5e5fa0 R15: 00007ffeb8dc45e8 [ 467.113454][T13348] [ 467.113461][T13348] [ 467.438924][T13348] Allocated by task 13348: [ 467.443308][T13348] kasan_save_stack+0x33/0x60 [ 467.447967][T13348] kasan_save_track+0x14/0x30 [ 467.452618][T13348] __kasan_kmalloc+0xaa/0xb0 [ 467.457187][T13348] __kvmalloc_node_noprof+0x3a3/0x9c0 [ 467.462529][T13348] drm_gem_get_pages+0x144/0xa10 [ 467.467437][T13348] drm_gem_shmem_get_pages_locked+0x1e6/0x490 [ 467.473575][T13348] drm_gem_shmem_mmap+0xc9/0x550 [ 467.478484][T13348] drm_gem_mmap_obj+0x1b5/0x560 [ 467.483306][T13348] drm_gem_mmap+0x40b/0x620 [ 467.487801][T13348] __mmap_region+0x1306/0x27a0 [ 467.492537][T13348] mmap_region+0x1ab/0x3f0 [ 467.496926][T13348] do_mmap+0xa3e/0x1210 [ 467.501053][T13348] vm_mmap_pgoff+0x29e/0x470 [ 467.505614][T13348] ksys_mmap_pgoff+0x32c/0x5c0 [ 467.510348][T13348] __x64_sys_mmap+0x125/0x190 [ 467.515025][T13348] do_syscall_64+0xcd/0x4e0 [ 467.519502][T13348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.525453][T13348] [ 467.527753][T13348] The buggy address belongs to the object at ffff88802ce12d00 [ 467.527753][T13348] which belongs to the cache kmalloc-192 of size 192 [ 467.541772][T13348] The buggy address is located 0 bytes to the right of [ 467.541772][T13348] allocated 136-byte region [ffff88802ce12d00, ffff88802ce12d88) [ 467.556234][T13348] [ 467.558533][T13348] The buggy address belongs to the physical page: [ 467.564913][T13348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ce12 [ 467.573642][T13348] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 467.581155][T13348] page_type: f5(slab) [ 467.585108][T13348] raw: 00fff00000000000 ffff88801b0263c0 0000000000000000 dead000000000001 [ 467.593661][T13348] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 467.602223][T13348] page dumped because: kasan: bad access detected [ 467.608601][T13348] page_owner tracks the page as allocated [ 467.614291][T13348] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5944, tgid 5944 (kworker/0:6), ts 201802655079, free_ts 201746142436 [ 467.633475][T13348] post_alloc_hook+0x1c0/0x230 [ 467.638224][T13348] get_page_from_freelist+0x10a3/0x3a30 [ 467.643766][T13348] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 467.649636][T13348] alloc_pages_mpol+0x1fb/0x550 [ 467.654459][T13348] new_slab+0x24a/0x360 [ 467.658592][T13348] ___slab_alloc+0xdc4/0x1ae0 [ 467.663261][T13348] __slab_alloc.constprop.0+0x63/0x110 [ 467.668709][T13348] __kmalloc_noprof+0x501/0x880 [ 467.673549][T13348] usb_alloc_urb+0x66/0xa0 [ 467.677940][T13348] usb_control_msg+0x1d3/0x4a0 [ 467.682680][T13348] hub_port_reset+0x725/0x1cb0 [ 467.687418][T13348] hub_port_init+0x1f6/0x3a70 [ 467.692085][T13348] hub_event+0x2ce1/0x4fe0 [ 467.696481][T13348] process_one_work+0x9cc/0x1b70 [ 467.701393][T13348] worker_thread+0x6c8/0xf10 [ 467.705970][T13348] kthread+0x3c5/0x780 [ 467.710023][T13348] page last free pid 5832 tgid 5832 stack trace: [ 467.716319][T13348] __free_frozen_pages+0x7df/0x1160 [ 467.721504][T13348] qlist_free_all+0x4d/0x120 [ 467.726069][T13348] kasan_quarantine_reduce+0x195/0x1e0 [ 467.731498][T13348] __kasan_slab_alloc+0x69/0x90 [ 467.736319][T13348] kmem_cache_alloc_noprof+0x250/0x6e0 [ 467.741755][T13348] getname_flags.part.0+0x4c/0x550 [ 467.746843][T13348] getname_flags+0x93/0xf0 [ 467.751244][T13348] do_sys_openat2+0xb8/0x1d0 [ 467.755809][T13348] __x64_sys_openat+0x174/0x210 [ 467.760635][T13348] do_syscall_64+0xcd/0x4e0 [ 467.765111][T13348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.770986][T13348] [ 467.773300][T13348] Memory state around the buggy address: [ 467.778900][T13348] ffff88802ce12c80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 467.786935][T13348] ffff88802ce12d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 467.794969][T13348] >ffff88802ce12d80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 467.802998][T13348] ^ [ 467.807295][T13348] ffff88802ce12e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 467.815325][T13348] ffff88802ce12e80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 467.823373][T13348] ================================================================== [ 467.835394][ T5896] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 467.846452][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.860822][T13348] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 467.868019][T13348] CPU: 0 UID: 0 PID: 13348 Comm: syz.2.1292 Not tainted syzkaller #0 PREEMPT(full) [ 467.877366][T13348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 467.887472][T13348] Call Trace: [ 467.890746][T13348] [ 467.893678][T13348] dump_stack_lvl+0x3d/0x1f0 [ 467.898252][T13348] vpanic+0x640/0x6f0 [ 467.902214][T13348] panic+0xca/0xd0 [ 467.905921][T13348] ? __pfx_panic+0x10/0x10 [ 467.910329][T13348] ? __cpa_addr+0x1d3/0x220 [ 467.914817][T13348] ? preempt_schedule_common+0x44/0xc0 [ 467.920288][T13348] ? preempt_schedule_thunk+0x16/0x30 [ 467.925654][T13348] check_panic_on_warn+0xab/0xb0 [ 467.930589][T13348] end_report+0x107/0x170 [ 467.934920][T13348] kasan_report+0xee/0x110 [ 467.939342][T13348] ? __cpa_addr+0x1d3/0x220 [ 467.943839][T13348] __cpa_addr+0x1d3/0x220 [ 467.948153][T13348] cpa_flush+0x28b/0x8a0 [ 467.952382][T13348] ? __pfx_cpa_flush+0x10/0x10 [ 467.957131][T13348] ? pgprot2cachemode+0x9a/0x130 [ 467.962071][T13348] ? __pfx_pgprot2cachemode+0x10/0x10 [ 467.967464][T13348] ? drm_gem_get_pages+0x6a0/0xa10 [ 467.972580][T13348] change_page_attr_set_clr+0x34e/0x4a0 [ 467.978146][T13348] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 467.984230][T13348] _set_pages_array+0x1ab/0x2c0 [ 467.989193][T13348] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 467.995274][T13348] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 468.001869][T13348] ? __pfx___might_resched+0x10/0x10 [ 468.007158][T13348] drm_gem_shmem_mmap+0xc9/0x550 [ 468.012081][T13348] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 468.018222][T13348] drm_gem_mmap_obj+0x1b5/0x560 [ 468.023064][T13348] drm_gem_mmap+0x40b/0x620 [ 468.027556][T13348] ? __pfx_drm_gem_mmap+0x10/0x10 [ 468.032562][T13348] ? vm_area_alloc+0x1f/0x160 [ 468.037230][T13348] ? lockdep_init_map_type+0x5c/0x280 [ 468.042585][T13348] __mmap_region+0x1306/0x27a0 [ 468.047338][T13348] ? __pfx___mmap_region+0x10/0x10 [ 468.052429][T13348] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 468.058406][T13348] ? audit_log_end+0x1f/0x30 [ 468.062978][T13348] ? audit_log_end+0x1f/0x30 [ 468.067569][T13348] ? common_lsm_audit+0x260/0x300 [ 468.072618][T13348] ? __lock_acquire+0xb97/0x1ce0 [ 468.077538][T13348] mmap_region+0x1ab/0x3f0 [ 468.081935][T13348] ? __get_unmapped_area+0x267/0x440 [ 468.087206][T13348] do_mmap+0xa3e/0x1210 [ 468.091347][T13348] ? __pfx_do_mmap+0x10/0x10 [ 468.095920][T13348] ? __pfx_down_write_killable+0x10/0x10 [ 468.101541][T13348] vm_mmap_pgoff+0x29e/0x470 [ 468.106119][T13348] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 468.111215][T13348] ? __fget_files+0x20e/0x3c0 [ 468.115875][T13348] ksys_mmap_pgoff+0x32c/0x5c0 [ 468.120629][T13348] __x64_sys_mmap+0x125/0x190 [ 468.125289][T13348] do_syscall_64+0xcd/0x4e0 [ 468.129786][T13348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.135666][T13348] RIP: 0033:0x7fc16c38eec9 [ 468.140067][T13348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 468.159658][T13348] RSP: 002b:00007fc16a5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 468.168088][T13348] RAX: ffffffffffffffda RBX: 00007fc16c5e5fa0 RCX: 00007fc16c38eec9 [ 468.176054][T13348] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 468.184005][T13348] RBP: 00007fc16c411f91 R08: 0000000000000003 R09: 0000000100000000 [ 468.191969][T13348] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 468.199940][T13348] R13: 00007fc16c5e6038 R14: 00007fc16c5e5fa0 R15: 00007ffeb8dc45e8 [ 468.207904][T13348] [ 468.211113][T13348] Kernel Offset: disabled [ 468.215412][T13348] Rebooting in 86400 seconds..