last executing test programs: 11.660269115s ago: executing program 4 (id=3559): socket$inet6(0xa, 0xa, 0xfffffffc) syz_usb_connect(0x1, 0x3d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000240)={0xe, 0x1, 0x1, "005a03f073e22f00000000002000fffe00009a0300000000000000000400", 0x20363159}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8080, 0x0) r2 = epoll_create(0x203) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r4, 0x4068aea3, &(0x7f0000000000)={0x79}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_GET_SREGS2(r5, 0x8140aecc, 0x0) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000100)=0x4) ioctl$KVM_RUN(r5, 0xae80, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x8044) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000130001004dd47000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="006000008301000008002900d6f7070014000300766c616e3000"/36], 0x3c}, 0x1, 0x0, 0x0, 0x80640c1}, 0x4000000) sendmmsg(r6, &(0x7f0000000140), 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0x18}) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) r7 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x9) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000040)=0xa) ioctl$TIOCVHANGUP(r7, 0x5437, 0x0) socket$kcm(0x2, 0x200000000000001, 0x106) 9.541428307s ago: executing program 3 (id=3565): syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x82842, 0x0) ioctl$TIOCSTI(r0, 0x5412, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = open(&(0x7f0000000180)='./bus\x00', 0xa37e, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, 0x0) mount(0x0, &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,') prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) setuid(0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'xfrm0\x00'}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 9.154244652s ago: executing program 3 (id=3566): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000000c0), 0x2, 0x204402) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$selinux_policy(0xffffff9c, &(0x7f0000000300), 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3000001, 0x1010, r2, 0x5000) readlinkat(r3, 0x0, &(0x7f00000001c0)=""/5, 0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000f5001300000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064d1, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a80)={0xffffffffffffffff, &(0x7f0000000700), 0x0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB, @ANYBLOB], 0x1c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 9.021702292s ago: executing program 2 (id=3567): socket(0x1e, 0x4, 0x0) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x50) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={0x0, &(0x7f0000000180)=""/67, 0x0, 0x43, 0x1, 0x5e37fa1c, 0x10000}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x4, '\x00', 0x0, r1, 0x1, 0x1}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {}, {0x6, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x890}, 0x800) 8.487871795s ago: executing program 4 (id=3568): r0 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@hyper}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x42, [0x9, 0x2, 0x8, 0x6, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x8, 0xfffffb9a, 0xfffffffc, 0x7, 0xfffffffb, 0x2004, 0x1, 0x4, 0xf252, 0x80, 0x800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x0, 0x1ff, 0x8000, 0x0, 0x1, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x2, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x7fffffff, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x8, 0xa, 0x5], [0x3, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x401, 0xc, 0x3, 0x37a, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200], [0x401, 0xc586, 0xffff, 0xcd5, 0x7, 0x1f, 0x404, 0x4, 0x8, 0x8001, 0x7, 0x9, 0x800e8b, 0x5, 0x80000001, 0x48, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x1, 0x1000, 0x80040101, 0x4, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x3, 0x0, 0x7fff, 0x4, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0xf5c1, 0x3ff, 0x3, 0xcac, 0x100fffd, 0x2004, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x8320fb05, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x6, 0x4, 0xe47, 0x3, 0x1654, 0x4, 0x8, 0x2851, 0x3b, 0x20000002, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a8, 0x6, 0x44, 0x409, 0x3, 0x744, 0x4, 0x12, 0x4, 0x10, 0x7fff, 0x2, 0xfffffff8, 0x401, 0xf, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x6]}, 0x45c) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0x4, &(0x7f0000000140)={0xa, 0x5}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ptrace$peekuser(0x3, r4, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, 0x0, 0x4c0d0) 7.406867473s ago: executing program 1 (id=3569): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_012={0x2, 0x2, 0x0, "c1a1"}, @main=@item_4={0x3, 0x0, 0x9, "5aa8257f"}, @main=@item_012={0x0, 0x0, 0x9}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) close(0x3) ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f0000000080)={0x2, 0x100, 0x20a6}) (fail_nth: 3) 7.401632889s ago: executing program 4 (id=3570): openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8) r2 = socket(0x1e, 0x1, 0x0) r3 = socket$igmp6(0xa, 0x3, 0x2) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000440)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x5}}, 0x80, r5}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000140)={@loopback, 0x80, r5}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x2a, 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x24, r8, 0x1, 0x0, 0x4000, {{0x2}, {@val={0x8, 0x3, r7}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16f8}]]}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000001) bind$pptp(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x2, {0x7fc, @loopback}}, 0x1e) connect$pptp(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x2, {0x0, @loopback}}, 0x1e) socket$pptp(0x18, 0x1, 0x2) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0xc4}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) 6.972931856s ago: executing program 4 (id=3572): r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000040)) r2 = dup2(r1, r1) r3 = epoll_create(0xb9f1) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000)={0x2001}) read$FUSE(r2, &(0x7f0000001d80)={0x2020}, 0x2020) bind$inet6(r2, &(0x7f0000000380)={0xa, 0x4e21, 0x7, @loopback, 0xc7}, 0x1c) bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r4 = accept4(r0, 0x0, 0x0, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000020b30100000000000700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x26}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r5, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x0) r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, 0x0) socket(0x400000000010, 0x3, 0x0) ioctl$BINDER_FREEZE(r5, 0x400c620e, &(0x7f0000000200)={0x0, 0x1, 0xe5bf}) sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000000200)={0x0, 0xffffffffffffff8d, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[], 0x12f4}, 0x1, 0x0, 0x0, 0x48051}, 0x40040c4) r8 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0) syz_usb_control_io$printer(r8, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r8, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"]) syz_usb_control_io$cdc_ecm(r8, &(0x7f00000004c0)={0x14, &(0x7f00000003c0)={0x20, 0x4, 0xa9, {0xa9, 0xf, "9640f16a59709404be25834595030d207d3bdb5796a50930ccb7b72c61fbfb370dac45b7d06f33819a4384a74b3739b7e4b65167f438a9313264e1eaf4448ba4fb092db9b3fd9682954c542c07090f37ab853a7473d3b30b7f41d946c732dabb958c6509e8b8a0faf1de5c3e341d8eda1649c9721ff3993c74ab4734d26c25574e83547a28989a906383504821c5abf6e39e971064a897a84b53202f4893c261d675dedd5e014e"}}, &(0x7f0000000480)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000005c0)={0x1c, &(0x7f0000000500)={0x0, 0x14, 0x35, "4b9361dfddb73e99393d1a2e56a5485b90d709ee37f1229f662752aea87cb4f57df7bf90f46336f888a5e391344518f79d7247f627"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000580)={0x0, 0x8, 0x1, 0x9}}) recvmmsg(r4, &(0x7f0000000340)=[{{&(0x7f0000000000)=@un=@abs, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)=""/43}, {&(0x7f00000000c0)=""/2}, {&(0x7f0000000100)=""/24}, {&(0x7f0000000140)=""/28}], 0x0, &(0x7f0000000240)=""/210}, 0x9}], 0x2, 0x6161, 0x0) 6.877466801s ago: executing program 2 (id=3573): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x201, 0x1, 0x1}, 0x1c) recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) mkdir(0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[]) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000540)=0x5, 0x4) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400), 0x0, 0x0, 0x0, 0x0) recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) sendmmsg(r0, &(0x7f00000030c0), 0x0, 0x9200000000000000) 6.760858529s ago: executing program 0 (id=3574): open(&(0x7f00000001c0)='./file0\x00', 0x48afd, 0x0) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) syz_open_dev$video4linux(&(0x7f0000000540), 0xf, 0x101002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000200)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) 6.678515471s ago: executing program 0 (id=3575): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x201, 0x1, 0x1}, 0x1c) recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) mkdir(0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[]) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000540)=0x5, 0x4) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400), 0x0, 0x0, 0x0, 0x0) recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) sendmmsg(r0, &(0x7f00000030c0), 0x0, 0x9200000000000000) 6.538968841s ago: executing program 2 (id=3576): socket$inet6(0xa, 0xa, 0xfffffffc) syz_usb_connect(0x1, 0x3d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000240)={0xe, 0x1, 0x1, "005a03f073e22f00000000002000fffe00009a0300000000000000000400", 0x20363159}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8080, 0x0) r2 = epoll_create(0x203) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r4, 0x4068aea3, &(0x7f0000000000)={0x79}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_GET_SREGS2(r5, 0x8140aecc, 0x0) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000100)=0x4) ioctl$KVM_RUN(r5, 0xae80, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x8044) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000130001004dd47000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="006000008301000008002900d6f7070014000300766c616e3000"/36], 0x3c}, 0x1, 0x0, 0x0, 0x80640c1}, 0x4000000) sendmmsg(r6, &(0x7f0000000140), 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0x18}) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) r7 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x9) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000040)=0xa) ioctl$TIOCVHANGUP(r7, 0x5437, 0x0) socket$kcm(0x2, 0x200000000000001, 0x106) 6.331021994s ago: executing program 0 (id=3577): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, &(0x7f0000000200)) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = fsopen(&(0x7f00000029c0)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='+\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x8417f, 0x0) setresuid(0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3}) r3 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) setrlimit(0x7, &(0x7f0000000400)) r4 = fsmount(r3, 0x0, 0xf) dup(r4) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x8}, 0x1c) r5 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000100)=0x1, 0x41) sendmsg$IPVS_CMD_GET_CONFIG(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000) r6 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r6, 0x541a, 0x0) sendmsg$WG_CMD_GET_DEVICE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x2b08}}, 0x44080) 5.459556807s ago: executing program 0 (id=3578): socket$inet6(0xa, 0xa, 0xfffffffc) syz_usb_connect(0x1, 0x3d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000240)={0xe, 0x1, 0x1, "005a03f073e22f00000000002000fffe00009a0300000000000000000400", 0x20363159}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8080, 0x0) r2 = epoll_create(0x203) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r4, 0x4068aea3, &(0x7f0000000000)={0x79}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_GET_SREGS2(r5, 0x8140aecc, 0x0) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000100)=0x4) ioctl$KVM_RUN(r5, 0xae80, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x8044) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000130001004dd47000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="006000008301000008002900d6f7070014000300766c616e3000"/36], 0x3c}, 0x1, 0x0, 0x0, 0x80640c1}, 0x4000000) sendmmsg(r6, &(0x7f0000000140), 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0x18}) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) r7 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x9) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000040)=0xa) ioctl$TIOCVHANGUP(r7, 0x5437, 0x0) socket$kcm(0x2, 0x200000000000001, 0x106) 5.322808297s ago: executing program 3 (id=3579): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_buf(r0, 0x1, 0x37, &(0x7f00000001c0)=""/216, &(0x7f00000002c0)=0xd8) quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x80000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400400bce) r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000007c0)={0x48}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_int(r3, 0x29, 0x10, 0x0, &(0x7f0000000080)) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)={0x44, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x17e5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0) r4 = socket(0x1, 0x803, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4000000) accept4$netrom(r4, &(0x7f0000000040)={{0x3, @rose}, [@remote, @null, @rose, @default, @rose, @null, @rose, @default]}, &(0x7f00000000c0)=0x48, 0x80000) 5.151895444s ago: executing program 1 (id=3580): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00') prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001240)=@filter={'filter\x00', 0xe, 0x4, 0x488, 0xffffffff, 0x240, 0x240, 0x0, 0xffffffff, 0xffffffff, 0x3e0, 0x3e0, 0x3e0, 0xffffffff, 0x4, &(0x7f00000000c0), {[{{@ipv6={@local, @mcast2, [0x0, 0xff000000, 0xff000000, 0xff], [0xff, 0xff000000, 0xff], 'veth1\x00', 'dvmrp0\x00', {}, {0xff}, 0x87, 0x7, 0x1, 0x38}, 0x0, 0x1e0, 0x218, 0x0, {}, [@common=@rt={{0x138}, {0x6, [0x3, 0x4], 0x9, 0x20, 0x1, [@empty, @mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, @local, @mcast1, @mcast1, @dev={0xfe, 0x80, '\x00', 0x2e}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, @remote, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @private1, @remote, @mcast2, @remote], 0xb}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x5, 0x6}, {0x0, 0x4, 0x1}, {0x1, 0x3}, 0x9, 0x6}}}, {{@ipv6={@empty, @empty, [0xffffff00, 0xff, 0xff, 0xff], [0xff, 0xffffff00, 0x0, 0xffffff00], 'ip6tnl0\x00', 'batadv_slave_1\x00', {0xff}, {0xff}, 0x8, 0x4, 0x1, 0x8}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x4}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4e8) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) readv(r2, &(0x7f0000000800)=[{&(0x7f0000000340)=""/48, 0x30}], 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r5, &(0x7f0000000200)={0x2a, 0x1, 0x1}, 0x66) syz_io_uring_setup(0x49a, &(0x7f0000000540)={0x0, 0x4663, 0x400, 0x10000006, 0x2cc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r5, 0x0, 0x0}) preadv(r0, &(0x7f00000026c0)=[{&(0x7f0000000240)=""/4088, 0xff8}], 0x1, 0x15f, 0x0) 4.888443653s ago: executing program 3 (id=3581): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$can_raw(0x1d, 0x3, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x2}, 0x94) mq_open(0x0, 0x80, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(0xffffffffffffffff, 0x7b1, &(0x7f0000002680)={0x0, 0x1, 0x0, 0x5}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) process_mrelease(0xffffffffffffffff, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x3c, 0x3e9, 0x100, 0x70bd2c, 0x25dfdbfe, {0x2, 0x1, 0x1, 0x0, 0x9, 0x1, 0x3ff, 0x6, 0x0, 0x7fffffff, 0x8}, ["", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x0) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f00000002c0)={'rose0\x00', 0x1}) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) syz_io_uring_setup(0x2a32, &(0x7f00000005c0)={0x0, 0xeaec, 0x1000, 0x2, 0x114}, &(0x7f0000000140), &(0x7f00000001c0)=0x0) (fail_nth: 3) syz_io_uring_submit(0x0, r4, &(0x7f0000000240)=@IORING_OP_NOP={0x0, 0x12}) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x24, 0x3d, 0x107, 0xfffffffd, 0x0, {0x2, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0x4040) 4.155425482s ago: executing program 3 (id=3582): openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) socket$inet6(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000019580)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000feffffff00000000170000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000800fcd1b70300006fbd0000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f0000000280)='skb_copy_datagram_iovec\x00', r0}, 0x18) r1 = socket(0x5, 0x7, 0x10000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r2, &(0x7f0000000580)=""/102392, 0x18ff8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x48}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r8, &(0x7f00000005c0)={0x0, 0xffffffffffffffb1, 0x0, 0x0, &(0x7f0000019640)=""/4098, 0x1002}, 0x0) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000040)=0x90000) write(r1, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) 3.993315588s ago: executing program 1 (id=3583): openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8) r2 = socket(0x1e, 0x1, 0x0) r3 = socket$igmp6(0xa, 0x3, 0x2) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000440)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x5}}, 0x80, r5}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000140)={@loopback, 0x80, r5}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x2a, 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x24, r8, 0x1, 0x0, 0x4000, {{0x2}, {@val={0x8, 0x3, r7}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16f8}]]}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000001) bind$pptp(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x2, {0x7fc, @loopback}}, 0x1e) connect$pptp(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x2, {0x0, @loopback}}, 0x1e) socket$pptp(0x18, 0x1, 0x2) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0xc4}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) 3.585088624s ago: executing program 4 (id=3584): socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socket$pppoe(0x18, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) syz_io_uring_setup(0xd1, &(0x7f0000000340)={0x0, 0xe12a, 0x800, 0x100002, 0x24c}, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x1c}}, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/15, 0xf}], 0x1}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x58, 0x1, 0x4, 0x801, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFULA_CFG_MODE={0xa, 0x2, {0xffffffff, 0x1}}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x1}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x91d7}, @NFULA_CFG_MODE={0xa, 0x2, {0x0, 0x2}}, @NFULA_CFG_MODE={0xa, 0x2, {0x9, 0x2}}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008814}, 0x20000040) ioctl$COMEDI_BUFCONFIG(0xffffffffffffffff, 0x8020640d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000000680)=""/102376, 0x18fe8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) 3.584143457s ago: executing program 1 (id=3585): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_rxfh_indir={0x39}}) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000000), &(0x7f0000000040)=0x4) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x64, 0x19, 0x1, 0x0, 0x25dfdbfb, {0x1d, 0xd601, 0x9}, [@nested={0x50, 0x12, 0x0, 0x1, [@nested={0x4c, 0xf8, 0x0, 0x1, [@typed={0x14, 0x133, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}}, @nested={0x31, 0xfb, 0x0, 0x1, [@generic="b5416b2b80f72979594745504f3a0aa6b036f86ce32d83591c6224e53de96804e6172083eaaa90cf56dd042b72"]}]}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x0) 3.441047365s ago: executing program 1 (id=3586): socket$netlink(0x10, 0x3, 0x0) ioctl$COMEDI_BUFCONFIG(0xffffffffffffffff, 0x8020640d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102368, 0x18fe0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xf}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_BETA={0x8, 0x6, 0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) (fail_nth: 3) fsmount(0xffffffffffffffff, 0x0, 0x6) pipe2$watch_queue(0x0, 0x80) 3.259923976s ago: executing program 3 (id=3587): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r0, 0xf504, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r2, 0x0, 0x0) r3 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x107, 0x14, &(0x7f0000000000), 0x4) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000)) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpeername$qrtr(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, 0x0, 0x20040000) sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c400000019000100fcffffff00000000ac14142c000000000000000000000000fe8000000000000000000000000000aa4e2200004e2400000a000060000000006ad85c5eb0d459af252f4c763dd639a87c18ccabc252069a64ea01edd2643f7ce2302c4d849346f819f47ab95f021ec4546c903c9bacb67c5b9fb3287ac231159cc14419bb", @ANYRES32=0x0, @ANYRES32=0x0], 0xc4}}, 0x8044) sendto$inet6(r6, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c) sendmsg$kcm(r3, &(0x7f0000000300)={&(0x7f00000000c0)=@phonet={0x23, 0x0, 0x0, 0x45}, 0x80, 0x0}, 0x20000080) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="58000000020601080000000000000000030000000900020073797a3100000000050001000700000005000500020000000c000780080006400000040111000300686173683a6e65742c6e657400000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f00005f626f6e64000000080002400000000064000000160a0101000b000000000000010000000900020073797a32000000000900010073797a3000000000300003802c0003801400010067656e6576653000000000000000000014000100766574"], 0x104}}, 0x0) 2.515053562s ago: executing program 2 (id=3588): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00') prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001240)=@filter={'filter\x00', 0xe, 0x4, 0x488, 0xffffffff, 0x240, 0x240, 0x0, 0xffffffff, 0xffffffff, 0x3e0, 0x3e0, 0x3e0, 0xffffffff, 0x4, &(0x7f00000000c0), {[{{@ipv6={@local, @mcast2, [0x0, 0xff000000, 0xff000000, 0xff], [0xff, 0xff000000, 0xff], 'veth1\x00', 'dvmrp0\x00', {}, {0xff}, 0x87, 0x7, 0x1, 0x38}, 0x0, 0x1e0, 0x218, 0x0, {}, [@common=@rt={{0x138}, {0x6, [0x3, 0x4], 0x9, 0x20, 0x1, [@empty, @mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, @local, @mcast1, @mcast1, @dev={0xfe, 0x80, '\x00', 0x2e}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, @remote, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @private1, @remote, @mcast2, @remote], 0xb}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x5, 0x6}, {0x0, 0x4, 0x1}, {0x1, 0x3}, 0x9, 0x6}}}, {{@ipv6={@empty, @empty, [0xffffff00, 0xff, 0xff, 0xff], [0xff, 0xffffff00, 0x0, 0xffffff00], 'ip6tnl0\x00', 'batadv_slave_1\x00', {0xff}, {0xff}, 0x8, 0x4, 0x1, 0x8}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x4}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4e8) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) readv(r2, &(0x7f0000000800)=[{&(0x7f0000000340)=""/48, 0x30}], 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r5, &(0x7f0000000200)={0x2a, 0x1, 0x1}, 0x66) r6 = syz_io_uring_setup(0x49a, &(0x7f0000000540)={0x0, 0x4663, 0x400, 0x10000006, 0x2cc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r6, 0x40f9, 0x217, 0xa5, 0x0, 0x0) preadv(r0, &(0x7f00000026c0)=[{&(0x7f0000000240)=""/4088, 0xff8}], 0x1, 0x15f, 0x0) 2.177860637s ago: executing program 0 (id=3589): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x0, &(0x7f000001b780)=0x1) r0 = syz_open_dev$MSR(&(0x7f000001b740), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000240)=0x7d75, 0x4) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e24, @local}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$MRT_DEL_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd3, &(0x7f0000000180)={@rand_addr=0x64010100, @broadcast, 0x1, "99cef5669846546bf65c6046cb4e0006dc1cafca8aeb194dfbadfb90c965931a", 0x6, 0x7, 0x8001, 0xffffffff}, 0x3c) r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1000, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f00000001c0)=@mmap={0x0, 0x1, 0x4, 0x20, 0x0, {0x77359400}, {0x4, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x291d}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000100)=0x1) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r4, &(0x7f0000000080)=""/102356, 0x18fd4, 0x21f) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10) 638.781899ms ago: executing program 1 (id=3590): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$sg(0x0, 0x2, 0x204402) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$selinux_policy(0xffffff9c, &(0x7f0000000300), 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3000001, 0x1010, r2, 0x5000) readlinkat(r3, 0x0, &(0x7f00000001c0)=""/5, 0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000f5001300000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064d1, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a80)={0xffffffffffffffff, &(0x7f0000000700), 0x0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB, @ANYBLOB], 0x1c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 638.211646ms ago: executing program 2 (id=3591): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001580)={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbff, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x40080c0}, 0x24000100) 346.16528ms ago: executing program 2 (id=3592): syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) socket$inet_tcp(0x2, 0x1, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) sched_setaffinity(r2, 0x8, &(0x7f00000000c0)=0xef) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x20010, 0xffffffffffffffff, 0x200000) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r4 = dup(r3) ioctl$SIOCSIFHWADDR(r4, 0x8926, 0x0) bind$tipc(r4, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10) listen(0xffffffffffffffff, 0x0) close(0xffffffffffffffff) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x8) 44.939991ms ago: executing program 0 (id=3593): socket$inet(0x2, 0x1, 0x0) socket(0x2, 0x80805, 0x0) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_elf32(r0, &(0x7f0000000e40)=ANY=[@ANYBLOB="7f454c460407000304000000000000000200030003000000"], 0x258) close(r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r5, 0x0) setsockopt$sock_int(r5, 0x1, 0x20, &(0x7f0000000140), 0x4) close_range(r4, 0xffffffffffffffff, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x5) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) getsockopt$sock_buf(r0, 0x1, 0x28, 0x0, &(0x7f0000000000)) 0s ago: executing program 4 (id=3594): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x141141, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x500, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="fcffffff0000000000000000ff010000850000000e000000850000005000000095318ed036cc6d45c0f1ee32de39345321c386f39838902ace84298d66568ce134e5cb3083d19cf2c6e88af517ff49726135e40e4b8f5eee6f7142c0e9cd70dff536c89dca81ad9ae21125a6acff6944ed07cde5d787a7d37f915deadee6947d565bfb1ad5a43f094d3cc8198550a61c93ab13f0bf77"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1) fcntl$setlease(r2, 0x400, 0x1) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10suse\x00\x00\x00\x00\x00\x00\x00dn\x00\x00\x00', 0x0) r5 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31) sendmmsg$inet6(r5, &(0x7f0000002940), 0x40000000000017d, 0x811) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc}) kernel console output (not intermixed with test programs): .335723][ T9] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 660.344336][ T9] usb 2-1: config 0 has no interface number 0 [ 660.350512][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 660.360452][T15194] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 660.368536][ T9] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 660.380363][ T9] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 660.392062][ T9] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 660.403918][ T5867] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 660.412998][ T10] usb 1-1: string descriptor 0 read error: -22 [ 660.419541][ T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 660.429434][ T9] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 660.442926][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 660.452550][ T9] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 660.453420][ T1087] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 660.468369][ T10] usb 1-1: 0:2 : does not exist [ 660.472611][ T1087] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 660.485472][ T9] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 660.499618][ T9] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 660.502637][ T1087] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 660.508821][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.530243][ T9] usb 2-1: config 0 descriptor?? [ 660.549548][ T1087] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 660.551447][T15270] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 660.568023][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 660.573429][T15270] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 660.579126][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 660.596528][ T5867] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 660.602734][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 660.614808][ T9] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 660.619544][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 660.629441][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.657705][ T5867] usb 3-1: config 0 descriptor?? [ 660.676398][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 660.684907][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 660.983747][ T5819] Bluetooth: hci2: command tx timeout [ 661.094281][ T5867] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0 [ 661.197624][ T5867] cp2112 0003:10C4:EA90.0010: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 662.190721][ T5819] Bluetooth: hci5: command 0x0406 tx timeout [ 662.204231][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 662.211440][ T5867] cp2112 0003:10C4:EA90.0010: Part Number: 0x82 Device Version: 0xFE [ 662.225502][ T5867] cp2112 0003:10C4:EA90.0010: error requesting SMBus config [ 662.237171][ T10] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 662.257884][ T5867] cp2112 0003:10C4:EA90.0010: probe with driver cp2112 failed with error -32 [ 662.449954][ T10] usb 1-1: 5:0: failed to get current value for ch 1 (-22) [ 662.472647][ T5867] usb 3-1: USB disconnect, device number 88 [ 662.494028][ T10] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 662.539015][ T10] usb 1-1: USB disconnect, device number 95 [ 662.823247][T15277] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 663.003242][T15277] usb 4-1: Using ep0 maxpacket: 8 [ 663.014634][T15277] usb 4-1: config 0 has no interfaces? [ 663.020224][T15277] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 663.029784][T15277] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.040937][ T3091] usb 2-1: USB disconnect, device number 84 [ 663.044919][T15277] usb 4-1: config 0 descriptor?? [ 663.074555][ T3091] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 663.261986][ T24] usb 4-1: USB disconnect, device number 88 [ 663.673225][ T3091] usb 2-1: new full-speed USB device number 85 using dummy_hcd [ 663.984409][ T3091] usb 2-1: unable to get BOS descriptor or descriptor too short [ 663.998529][ T3091] usb 2-1: not running at top speed; connect to a high speed hub [ 663.999562][ T3091] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 663.999586][ T3091] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 664.002492][ T3091] usb 2-1: string descriptor 0 read error: -22 [ 664.002597][ T3091] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 664.002621][ T3091] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.023696][ T3091] usb 2-1: 0:2 : does not exist [ 664.332886][T15316] syzkaller0: entered promiscuous mode [ 664.338478][T15316] syzkaller0: entered allmulticast mode [ 664.383497][ T5867] usb 4-1: new low-speed USB device number 89 using dummy_hcd [ 664.423220][ T5892] usb 3-1: new low-speed USB device number 89 using dummy_hcd [ 664.535738][ T5867] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 664.544093][ T5867] usb 4-1: config 0 has no interface number 0 [ 664.550286][ T5867] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 664.561380][ T5867] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 664.563169][ T5892] usb 3-1: device descriptor read/64, error -71 [ 664.572134][ T5867] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 664.590607][ T5867] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 664.602060][ T5867] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 664.613279][ T5867] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 664.627877][ T5867] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 664.637056][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.647001][ T5867] usb 4-1: config 0 descriptor?? [ 664.663288][T15311] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 664.670788][T15311] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 664.682008][ T5867] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 664.825510][ T5892] usb 3-1: new low-speed USB device number 90 using dummy_hcd [ 664.844255][ T3091] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 664.866513][ T3091] usb 2-1: 5:0: failed to get current value for ch 1 (-22) [ 664.898595][ T3091] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 664.925502][ T3091] usb 2-1: USB disconnect, device number 85 [ 664.963194][ T5892] usb 3-1: device descriptor read/64, error -71 [ 665.093462][ T5892] usb usb3-port1: attempt power cycle [ 665.143601][T11512] usb 1-1: new low-speed USB device number 96 using dummy_hcd [ 665.304575][T11512] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 665.312850][T11512] usb 1-1: config 0 has no interface number 0 [ 665.320326][T11512] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 665.331194][T11512] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 665.341875][T11512] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 665.353635][T11512] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 665.365173][T11512] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 665.366582][ T3091] usb 4-1: USB disconnect, device number 89 [ 665.376244][T11512] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 665.389029][ T3091] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 665.396616][T11512] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 665.428118][T11512] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.443269][ T5892] usb 3-1: new low-speed USB device number 91 using dummy_hcd [ 665.443868][T11512] usb 1-1: config 0 descriptor?? [ 665.465012][T15318] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 665.472447][T15318] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 665.562413][ T5892] usb 3-1: device descriptor read/8, error -71 [ 665.573935][T11512] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 665.873550][ T5892] usb 3-1: new low-speed USB device number 92 using dummy_hcd [ 665.894932][ T5892] usb 3-1: device descriptor read/8, error -71 [ 666.003437][ T5892] usb usb3-port1: unable to enumerate USB device [ 666.138227][T15328] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3174'. [ 666.173106][T11512] usb 1-1: USB disconnect, device number 96 [ 666.187099][T11512] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 667.905226][T15336] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 667.914220][T15336] overlayfs: missing 'lowerdir' [ 668.795800][T11512] usb 1-1: new full-speed USB device number 97 using dummy_hcd [ 668.974844][T11512] usb 1-1: unable to get BOS descriptor or descriptor too short [ 668.983933][T11512] usb 1-1: not running at top speed; connect to a high speed hub [ 668.997645][T11512] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 669.044097][T11512] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 669.055571][T11512] usb 1-1: string descriptor 0 read error: -22 [ 669.061826][T11512] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 669.103238][T11512] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.118065][T11512] usb 1-1: 0:2 : does not exist [ 669.163221][ T3091] usb 3-1: new low-speed USB device number 93 using dummy_hcd [ 669.317628][ T3091] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 669.342929][ T3091] usb 3-1: config 0 has no interface number 0 [ 669.349925][ T3091] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 669.361197][ T3091] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 669.372309][ T3091] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 669.384328][ T3091] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 669.401348][ T3091] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 669.415963][ T3091] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 669.430045][ T3091] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 669.439377][ T3091] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.452281][ T3091] usb 3-1: config 0 descriptor?? [ 669.465913][T15365] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 669.499708][T15365] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 669.553400][ T3091] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 670.138578][T11512] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 670.153539][T11512] usb 1-1: 5:0: failed to get current value for ch 1 (-22) [ 670.173202][ T5867] usb 2-1: new low-speed USB device number 86 using dummy_hcd [ 670.198939][T11512] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 670.219791][T11512] usb 1-1: USB disconnect, device number 97 [ 670.313218][ T5867] usb 2-1: device descriptor read/64, error -71 [ 670.435211][T11512] usb 3-1: USB disconnect, device number 93 [ 670.444133][T11512] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 670.553202][ T5867] usb 2-1: new low-speed USB device number 87 using dummy_hcd [ 670.684379][ T5867] usb 2-1: device descriptor read/64, error -71 [ 670.790387][T15387] fuse: Bad value for 'fd' [ 670.795190][ T5867] usb usb2-port1: attempt power cycle [ 671.534267][ T5867] usb 2-1: new low-speed USB device number 88 using dummy_hcd [ 671.573622][ T5867] usb 2-1: device descriptor read/8, error -71 [ 671.843189][ T5867] usb 2-1: new low-speed USB device number 89 using dummy_hcd [ 671.913337][ T5892] usb 4-1: new full-speed USB device number 90 using dummy_hcd [ 672.003594][ T5867] usb 2-1: device descriptor read/8, error -71 [ 672.450067][ T5867] usb usb2-port1: unable to enumerate USB device [ 672.542594][ T5892] usb 4-1: unable to get BOS descriptor or descriptor too short [ 672.559147][ T5892] usb 4-1: not running at top speed; connect to a high speed hub [ 672.590386][ T5892] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 672.607294][ T5892] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 672.619698][ T5892] usb 4-1: string descriptor 0 read error: -22 [ 672.627684][ T5892] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 672.637200][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 672.662722][ T5892] usb 4-1: 0:2 : does not exist [ 673.333312][ T9] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 673.469862][ T5892] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 673.480846][ T5892] usb 4-1: 5:0: failed to get current value for ch 1 (-22) [ 673.483655][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 673.495209][ T9] usb 2-1: config 0 has no interfaces? [ 673.501924][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 673.505051][ T5892] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 673.519670][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.555850][ T5892] usb 4-1: USB disconnect, device number 90 [ 673.593178][ T5867] usb 1-1: new low-speed USB device number 98 using dummy_hcd [ 673.618746][ T9] usb 2-1: config 0 descriptor?? [ 673.703871][T15424] mkiss: ax0: crc mode is auto. [ 673.835257][ T5867] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 673.852471][ T5867] usb 1-1: config 0 has no interface number 0 [ 673.939700][ T9] usb 2-1: USB disconnect, device number 90 [ 673.965986][ T5867] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 673.984543][ T5867] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 673.995768][ T5867] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 674.007698][ T5867] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 674.105456][ T5867] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 674.116851][ T5867] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 674.130315][ T5867] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 674.139481][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.677957][ T5867] usb 1-1: config 0 descriptor?? [ 674.685430][T15420] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 674.705219][T15420] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 674.724533][ T5867] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 675.053235][ T9] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 675.328415][ T9] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 675.345498][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.802663][ T9] usb 4-1: config 0 descriptor?? [ 676.013375][ T9] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 676.210691][T15277] usb 1-1: USB disconnect, device number 98 [ 676.225101][ T9] [drm:udl_init] *ERROR* Selecting channel failed [ 676.240851][T15277] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 676.257236][ T9] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 676.265490][ T9] [drm] Initialized udl on minor 2 [ 676.274669][ T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 676.298962][ T9] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 676.309240][T11512] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 676.325251][ T9] usb 4-1: USB disconnect, device number 91 [ 676.331818][T11512] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 676.443347][ T5867] usb 2-1: new low-speed USB device number 91 using dummy_hcd [ 676.614432][ T5867] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 676.622563][ T5867] usb 2-1: config 0 has no interface number 0 [ 676.628683][ T5867] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 676.639471][ T5867] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 676.650182][ T5867] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 676.661765][ T5867] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 676.672795][ T5867] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 676.683894][ T5867] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 676.698314][ T5867] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 676.707477][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.716809][ T5867] usb 2-1: config 0 descriptor?? [ 676.722411][T15452] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 676.729745][T15452] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 676.746129][ T5867] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 677.723194][ T5867] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 677.883238][ T5867] usb 1-1: Using ep0 maxpacket: 8 [ 677.900141][ T5867] usb 1-1: config 0 has no interfaces? [ 677.905914][ T5867] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 677.929666][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 677.960131][ T5867] usb 1-1: config 0 descriptor?? [ 678.035299][ T5867] usb 2-1: USB disconnect, device number 91 [ 678.142266][ T5867] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 678.192851][T15277] usb 1-1: USB disconnect, device number 99 [ 678.438534][T15482] syzkaller0: entered promiscuous mode [ 678.447618][T15482] syzkaller0: entered allmulticast mode [ 678.493338][ T9] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 678.673078][T15485] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 678.682116][T15485] overlayfs: missing 'lowerdir' [ 678.868573][ T9] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 678.880287][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.929679][ T9] usb 3-1: config 0 descriptor?? [ 678.933913][T15490] Bluetooth: hci0: invalid length 0, exp 2 for type 13 [ 679.163284][T15277] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 679.253658][ T5892] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 679.304492][T15498] No source specified [ 679.321296][T15498] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3224'. [ 679.374828][T15277] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 679.393594][T15277] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.403900][ T9] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 679.413900][ T9] [drm:udl_init] *ERROR* Selecting channel failed [ 679.421829][T15277] usb 2-1: config 0 descriptor?? [ 679.441625][ T9] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 679.448832][ T9] [drm] Initialized udl on minor 2 [ 679.455202][ T9] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 679.524655][T15502] No source specified [ 679.551897][T15502] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3226'. [ 679.576722][ T9] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 679.590812][ T5867] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 679.591357][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 679.598811][ T5867] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 679.632335][T15277] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 679.692319][ T9] usb 3-1: USB disconnect, device number 94 [ 679.694409][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 679.745870][ T5892] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 679.820909][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.838325][T15277] [drm:udl_init] *ERROR* Selecting channel failed [ 679.854225][T15277] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 3 [ 679.861540][T15277] [drm] Initialized udl on minor 3 [ 679.869497][T15277] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 679.878818][T15277] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 679.886535][ T5867] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 679.887577][ T5892] usb 1-1: config 0 descriptor?? [ 679.894780][ T5867] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 679.912793][T15277] usb 2-1: USB disconnect, device number 92 [ 680.369462][ T5892] cp2112 0003:10C4:EA90.0011: unknown main item tag 0x0 [ 680.392815][ T5892] cp2112 0003:10C4:EA90.0011: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 680.611212][ T5892] cp2112 0003:10C4:EA90.0011: Part Number: 0x82 Device Version: 0xFE [ 680.617713][T15510] syzkaller0: entered promiscuous mode [ 680.624951][T15510] syzkaller0: entered allmulticast mode [ 680.869609][ T5892] cp2112 0003:10C4:EA90.0011: error requesting SMBus config [ 680.894005][ T5892] cp2112 0003:10C4:EA90.0011: probe with driver cp2112 failed with error -5 [ 681.335856][ T9] usb 1-1: USB disconnect, device number 100 [ 682.272577][ T5819] Bluetooth: hci0: command 0x0406 tx timeout [ 682.295395][T15526] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 682.304447][T15526] overlayfs: missing 'lowerdir' [ 682.873196][ T5892] usb 3-1: new low-speed USB device number 95 using dummy_hcd [ 683.049801][ T5892] usb 3-1: device descriptor read/64, error -71 [ 683.294725][ T5892] usb 3-1: new low-speed USB device number 96 using dummy_hcd [ 683.444970][T15547] mkiss: ax0: crc mode is auto. [ 683.466432][ T3091] usb 4-1: new low-speed USB device number 92 using dummy_hcd [ 683.524306][ T5892] usb 3-1: device descriptor read/64, error -71 [ 683.643509][ T5892] usb usb3-port1: attempt power cycle [ 683.686544][ T3091] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 683.700942][ T3091] usb 4-1: config 0 has no interface number 0 [ 683.714238][ T3091] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 683.757503][ T3091] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 683.925209][ T3091] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 684.003028][ T5892] usb 3-1: new low-speed USB device number 97 using dummy_hcd [ 684.020695][ T3091] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 684.040200][ T3091] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 684.053338][ T3091] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 684.069094][ T5892] usb 3-1: device descriptor read/8, error -71 [ 684.075714][ T3091] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 684.085079][ T3091] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.297702][ T3091] usb 4-1: config 0 descriptor?? [ 684.304896][T15539] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 684.312613][T15539] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 685.334763][ T3091] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 685.343246][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.349676][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.515944][ T5892] usb 3-1: new low-speed USB device number 98 using dummy_hcd [ 685.713795][ T5892] usb 3-1: device descriptor read/8, error -71 [ 685.758216][T15561] Bluetooth: hci0: invalid length 0, exp 2 for type 13 [ 685.833380][ T5892] usb usb3-port1: unable to enumerate USB device [ 686.392083][T15569] mkiss: ax0: crc mode is auto. [ 687.106318][ T5867] usb 4-1: USB disconnect, device number 92 [ 687.121305][ T5867] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 687.783863][ T7542] usb 3-1: new low-speed USB device number 99 using dummy_hcd [ 688.015268][ T7542] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 688.023534][ T7542] usb 3-1: config 0 has no interface number 0 [ 688.029717][ T7542] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 688.041056][ T7542] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 688.052260][ T7542] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 688.064381][ T7542] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 688.083182][ T7542] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 688.101580][ T7542] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 688.338833][ T7542] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 688.368228][ T7542] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 688.483925][ T7542] usb 3-1: config 0 descriptor?? [ 688.615630][T15589] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 688.688584][T15589] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 688.824515][ T7542] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 689.073263][ T5867] usb 4-1: new low-speed USB device number 93 using dummy_hcd [ 689.334774][ T5867] usb 4-1: device descriptor read/64, error -71 [ 689.497277][T15605] mkiss: ax0: crc mode is auto. [ 689.576441][ T5867] usb 4-1: new low-speed USB device number 94 using dummy_hcd [ 689.694390][ T7542] usb 1-1: new high-speed USB device number 101 using dummy_hcd [ 689.785441][ T5867] usb 4-1: device descriptor read/64, error -71 [ 689.943619][ T7542] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 689.961247][ T7542] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 690.037834][ T5867] usb usb4-port1: attempt power cycle [ 690.151725][ T7542] usb 1-1: config 0 descriptor?? [ 690.304279][T15277] usb 3-1: USB disconnect, device number 99 [ 690.316889][T15277] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 690.523187][ T5867] usb 4-1: new low-speed USB device number 95 using dummy_hcd [ 690.554544][ T5867] usb 4-1: device descriptor read/8, error -71 [ 690.655707][ T7542] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 690.683649][ T7542] [drm:udl_init] *ERROR* Selecting channel failed [ 690.720265][ T7542] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 690.738584][ T7542] [drm] Initialized udl on minor 2 [ 690.753485][ T7542] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 690.767221][ T7542] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 690.781269][ T5892] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 690.793995][ T7542] usb 1-1: USB disconnect, device number 101 [ 690.803320][ T5867] usb 4-1: new low-speed USB device number 96 using dummy_hcd [ 690.804521][ T5892] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 690.824491][ T5867] usb 4-1: device descriptor read/8, error -71 [ 690.933412][ T5867] usb usb4-port1: unable to enumerate USB device [ 694.813097][T15663] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 694.822311][T15663] overlayfs: missing 'lowerdir' [ 695.090924][T15668] input: syz1 as /devices/virtual/input/input55 [ 695.293425][ T7542] usb 2-1: new low-speed USB device number 93 using dummy_hcd [ 695.433207][ T7542] usb 2-1: device descriptor read/64, error -71 [ 695.683199][ T7542] usb 2-1: new low-speed USB device number 94 using dummy_hcd [ 695.813548][ T7542] usb 2-1: device descriptor read/64, error -71 [ 695.932433][ T7542] usb usb2-port1: attempt power cycle [ 696.269351][ T9] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 696.323215][ T7542] usb 2-1: new low-speed USB device number 95 using dummy_hcd [ 696.345548][ T7542] usb 2-1: device descriptor read/8, error -71 [ 696.490249][ T9] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 696.509572][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 696.523993][ T9] usb 4-1: config 0 descriptor?? [ 696.684235][ T7542] usb 2-1: new low-speed USB device number 96 using dummy_hcd [ 696.713678][ T7542] usb 2-1: device descriptor read/8, error -71 [ 696.824559][ T7542] usb usb2-port1: unable to enumerate USB device [ 697.848111][ T9] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 697.953398][ T9] [drm:udl_init] *ERROR* Selecting channel failed [ 697.974643][ T9] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 697.990696][ T9] [drm] Initialized udl on minor 2 [ 698.005149][ T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 698.017799][ T9] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 698.025959][ T5867] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 698.034751][ T9] usb 4-1: USB disconnect, device number 97 [ 698.040949][ T5867] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 698.369784][T15704] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 698.369814][T15704] overlayfs: missing 'lowerdir' [ 698.756778][T15711] mkiss: ax0: crc mode is auto. [ 699.186830][T15713] Bluetooth: hci0: unsupported parameter 255 [ 699.192899][T15713] Bluetooth: hci0: unsupported parameter 255 [ 699.542849][ T9] usb 4-1: new low-speed USB device number 98 using dummy_hcd [ 699.820552][ T9] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 699.834817][ T9] usb 4-1: config 0 has no interface number 0 [ 699.863270][ T7542] usb 3-1: new low-speed USB device number 100 using dummy_hcd [ 700.001546][ T9] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 700.014562][ T9] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 700.064716][ T9] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 700.093733][ T9] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 700.107993][ T9] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 700.120750][ T9] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 700.135454][ T9] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 700.145406][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.156105][ T9] usb 4-1: config 0 descriptor?? [ 700.161771][T15716] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 700.172503][ T7542] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 700.181908][T15716] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 700.189147][ T7542] usb 3-1: config 0 has no interface number 0 [ 700.203711][ T7542] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 700.223320][ T7542] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 700.234651][ T7542] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 700.240852][ T9] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 700.246302][ T7542] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 700.273606][ T7542] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 700.285444][ T7542] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 700.304566][ T7542] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 700.315051][ T7542] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.325865][ T7542] usb 3-1: config 0 descriptor?? [ 700.331463][T15720] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 700.339384][T15720] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 700.351082][ T7542] ldusb 3-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 700.353878][ T10] usb 2-1: new low-speed USB device number 97 using dummy_hcd [ 700.515444][ T10] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 700.545312][ T10] usb 2-1: config 0 has no interface number 0 [ 700.570940][ T10] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 700.587631][ T9] usb 1-1: new low-speed USB device number 102 using dummy_hcd [ 700.636245][ T10] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 700.656878][ T10] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 700.672375][ T10] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 700.751128][ T10] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 700.762125][ T10] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 700.775651][ T10] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 700.787633][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.816259][ T10] usb 2-1: config 0 descriptor?? [ 700.822000][T15725] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 700.829825][T15725] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 700.837734][ T9] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 700.846713][ T9] usb 1-1: config 0 has no interface number 0 [ 700.852863][ T9] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 700.864054][ T9] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 700.898317][ T9] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 700.957888][ T10] ldusb 2-1:0.55: LD USB Device #2 now attached to major 180 minor 2 [ 700.966939][ T9] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 700.980279][ T9] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 700.991279][ T9] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 701.004503][ T9] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 701.013659][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.022941][ T9] usb 1-1: config 0 descriptor?? [ 701.028588][T15727] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 701.036368][T15727] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 701.063079][ T9] ldusb 1-1:0.55: LD USB Device #3 now attached to major 180 minor 3 [ 701.330793][ T7542] usb 1-1: USB disconnect, device number 102 [ 701.338556][ T7542] ldusb 1-1:0.55: LD USB Device #3 now disconnected [ 701.395517][ T5892] usb 4-1: USB disconnect, device number 98 [ 701.402738][ T5892] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 701.598106][ T9] usb 3-1: USB disconnect, device number 100 [ 701.617086][ T9] ldusb 3-1:0.55: LD USB Device #1 now disconnected [ 702.308728][ T9] usb 2-1: USB disconnect, device number 97 [ 702.325823][ T9] ldusb 2-1:0.55: LD USB Device #2 now disconnected [ 702.677436][T15746] mkiss: ax0: crc mode is auto. [ 704.204274][T15770] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3303'. [ 704.274694][T15774] input: syz1 as /devices/virtual/input/input56 [ 704.361089][T13432] udevd[13432]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 705.663188][ T9] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 705.713358][ T10] usb 1-1: new high-speed USB device number 103 using dummy_hcd [ 705.845334][ T9] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 705.855180][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 705.872591][ T9] usb 2-1: config 0 descriptor?? [ 705.881343][ T10] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 705.895788][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 705.913363][ T10] usb 1-1: config 0 descriptor?? [ 705.993220][ T5867] usb 4-1: new low-speed USB device number 99 using dummy_hcd [ 706.096163][ T9] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 706.140136][ T10] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 706.158731][ T5867] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 706.167063][ T5867] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 706.177971][ T5867] usb 4-1: config 0 has no interface number 0 [ 706.184311][ T5867] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 706.193871][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.207918][ T5867] usb 4-1: config 0 descriptor?? [ 706.226513][ T5867] ldusb 4-1:0.55: Interrupt in endpoint not found [ 706.357808][ T9] [drm:udl_init] *ERROR* Selecting channel failed [ 706.376132][ T10] [drm:udl_init] *ERROR* Selecting channel failed [ 706.399604][ T9] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 706.599953][ T9] [drm] Initialized udl on minor 2 [ 706.720090][ T10] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 3 [ 706.735722][ T9] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 706.749465][ T10] [drm] Initialized udl on minor 3 [ 706.754853][ T9] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 706.761631][T15277] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 706.795529][ T10] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 706.804935][T15277] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 706.817432][ T10] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 706.825465][T15277] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 706.851465][ T9] usb 2-1: USB disconnect, device number 98 [ 706.877052][ T5867] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 706.885387][ T10] usb 1-1: USB disconnect, device number 103 [ 706.964523][ T5867] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 707.545972][ T8073] bond0: (slave syz_tun): Releasing backup interface [ 707.952592][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.058471][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.186618][ T9] usb 4-1: USB disconnect, device number 99 [ 708.317494][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.445940][ T5819] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 708.454861][ T5819] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 708.464172][ T5819] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 708.472010][ T5819] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 708.479706][ T5819] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 708.488486][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.567492][ T12] bridge_slave_1: left allmulticast mode [ 709.573260][ T12] bridge_slave_1: left promiscuous mode [ 709.579092][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.594815][ T12] bridge_slave_0: left allmulticast mode [ 709.633471][ T12] bridge_slave_0: left promiscuous mode [ 709.785292][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 710.596878][ T5826] Bluetooth: hci3: command tx timeout [ 710.907064][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 710.924898][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 710.936237][ T12] bond0 (unregistering): Released all slaves [ 711.052182][ T12] tipc: Left network mode [ 711.147534][T15829] chnl_net:caif_netlink_parms(): no params data found [ 711.363185][ T7542] usb 1-1: new full-speed USB device number 104 using dummy_hcd [ 711.653568][ T7542] usb 1-1: unable to get BOS descriptor or descriptor too short [ 711.834983][ T7542] usb 1-1: not running at top speed; connect to a high speed hub [ 711.844277][ T7542] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 711.856574][ T7542] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 711.874146][ T7542] usb 1-1: string descriptor 0 read error: -22 [ 711.882724][ T7542] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 711.892411][ T12] hsr_slave_0: left promiscuous mode [ 711.898094][ T7542] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 711.911899][ T12] hsr_slave_1: left promiscuous mode [ 711.923823][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 711.927993][ T7542] usb 1-1: 0:2 : does not exist [ 711.940726][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 712.050130][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 712.068132][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 712.098873][ T12] veth1_macvtap: left promiscuous mode [ 712.113513][ T12] veth0_macvtap: left promiscuous mode [ 712.129285][ T12] veth1_vlan: left promiscuous mode [ 712.134935][ T12] veth0_vlan: left promiscuous mode [ 712.193475][ T9] usb 4-1: new low-speed USB device number 100 using dummy_hcd [ 712.369324][ T9] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 712.387002][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 712.420006][ T9] usb 4-1: config 0 has no interface number 0 [ 712.426616][ T9] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 712.458581][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 712.554595][ T9] usb 4-1: config 0 descriptor?? [ 712.571391][ T9] ldusb 4-1:0.55: Interrupt in endpoint not found [ 712.663994][ T5826] Bluetooth: hci3: command tx timeout [ 712.719090][T15898] No source specified [ 712.741014][ T7542] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 712.752964][ T7542] usb 1-1: 5:0: failed to get current value for ch 1 (-22) [ 712.819685][ T7542] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 712.929369][T15898] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3333'. [ 712.942266][ T7542] usb 1-1: USB disconnect, device number 104 [ 713.039404][ T12] team0 (unregistering): Port device team_slave_1 removed [ 713.195233][ T12] team0 (unregistering): Port device team_slave_0 removed [ 714.619224][T15829] bridge0: port 1(bridge_slave_0) entered blocking state [ 714.626808][T15829] bridge0: port 1(bridge_slave_0) entered disabled state [ 714.636204][T15829] bridge_slave_0: entered allmulticast mode [ 714.644287][T15829] bridge_slave_0: entered promiscuous mode [ 714.651496][ T5892] usb 4-1: USB disconnect, device number 100 [ 714.689914][T15829] bridge0: port 2(bridge_slave_1) entered blocking state [ 714.700378][T15829] bridge0: port 2(bridge_slave_1) entered disabled state [ 714.714174][T15829] bridge_slave_1: entered allmulticast mode [ 714.740445][T15829] bridge_slave_1: entered promiscuous mode [ 714.768267][ T5826] Bluetooth: hci3: command tx timeout [ 714.832709][T15829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 714.879906][T15829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 714.974109][T15829] team0: Port device team_slave_0 added [ 715.000352][T15829] team0: Port device team_slave_1 added [ 715.162564][T15829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 715.169628][T15829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 715.250232][T15829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 715.356991][T15829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 715.408473][T15829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 715.435441][T15829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 715.967342][T15829] hsr_slave_0: entered promiscuous mode [ 715.974416][T15829] hsr_slave_1: entered promiscuous mode [ 715.985828][T15829] debugfs: 'hsr0' already exists in 'hsr' [ 716.032725][T15829] Cannot create hsr debugfs directory [ 716.203238][ T9] usb 1-1: new low-speed USB device number 105 using dummy_hcd [ 716.274211][ T5892] usb 3-1: new low-speed USB device number 101 using dummy_hcd [ 716.355387][ T9] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 716.372998][ T9] usb 1-1: config 0 has no interface number 0 [ 716.403359][ T9] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 716.425214][ T5892] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 716.433146][ T9] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 716.443171][ T5892] usb 3-1: config 0 has no interface number 0 [ 716.449964][ T9] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 716.455491][T15829] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 716.471704][ T5892] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 716.487565][ T5892] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 716.498739][ T5892] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 716.517140][T15829] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 716.610898][ T9] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 716.626656][T15829] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 716.635435][ T5892] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 716.651213][ T9] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 716.654396][T15829] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 716.669809][ T5892] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 716.680750][ T9] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 716.681087][ T5892] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 716.693990][ T9] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 716.707645][ T5892] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 716.729954][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 716.743092][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 716.760835][ T9] usb 1-1: config 0 descriptor?? [ 716.767112][T15933] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 716.769714][ T5892] usb 3-1: config 0 descriptor?? [ 716.779782][T15933] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 716.833354][ T5826] Bluetooth: hci3: command tx timeout [ 716.853252][T15277] usb 2-1: new low-speed USB device number 99 using dummy_hcd [ 716.861091][T15935] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 716.868377][T15935] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 716.880722][ T9] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 716.928827][ T5892] ldusb 3-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 716.970904][T15829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 716.994451][T15829] 8021q: adding VLAN 0 to HW filter on device team0 [ 717.006934][T14032] bridge0: port 1(bridge_slave_0) entered blocking state [ 717.014029][T14032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 717.054878][T15277] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 717.073369][T15277] usb 2-1: config 0 has no interface number 0 [ 717.081532][T15829] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 717.092358][T15829] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 717.104841][T15277] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 717.108501][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state [ 717.122751][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 717.150930][T15277] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 717.188349][T15277] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 717.201014][T15277] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 717.212413][T15277] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 717.223938][T15277] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 717.237999][T15277] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 717.361874][T15277] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 717.486970][T15277] usb 2-1: config 0 descriptor?? [ 717.492642][T15939] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 717.502182][T15939] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 717.539214][T15277] ldusb 2-1:0.55: LD USB Device #2 now attached to major 180 minor 2 [ 717.853919][T15958] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3345'. [ 717.940190][T15829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 718.171613][T15829] veth0_vlan: entered promiscuous mode [ 718.189173][T15829] veth1_vlan: entered promiscuous mode [ 718.261967][T15829] veth0_macvtap: entered promiscuous mode [ 718.277006][T15829] veth1_macvtap: entered promiscuous mode [ 718.298036][T15277] usb 2-1: USB disconnect, device number 99 [ 718.319947][T15277] ldusb 2-1:0.55: LD USB Device #2 now disconnected [ 718.338037][T15829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 718.362235][T15829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 718.391441][ T1087] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.404964][ T1087] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.546000][ T1087] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.575803][ T1087] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.596638][ T5892] usb 3-1: USB disconnect, device number 101 [ 718.626001][ T5892] ldusb 3-1:0.55: LD USB Device #1 now disconnected [ 718.640806][ T5957] usb 1-1: USB disconnect, device number 105 [ 718.649816][ T5957] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 718.744938][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 718.752790][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 718.829591][T14032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 718.845766][T14032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 719.123707][ T5957] usb 4-1: new full-speed USB device number 101 using dummy_hcd [ 719.460942][ T5957] usb 4-1: unable to get BOS descriptor or descriptor too short [ 719.475732][ T5957] usb 4-1: not running at top speed; connect to a high speed hub [ 719.493733][ T5957] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 719.537294][ T5957] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 719.635836][ T5957] usb 4-1: string descriptor 0 read error: -22 [ 719.683304][T15277] usb 3-1: new low-speed USB device number 102 using dummy_hcd [ 719.803597][ T5957] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 719.881963][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 719.896562][T15277] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 719.904862][T15277] usb 3-1: config 0 has no interface number 0 [ 719.934470][T15277] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 719.963208][T15277] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 719.963241][T15277] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 719.963265][T15277] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 719.963288][T15277] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 719.963310][T15277] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 719.963347][T15277] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 719.963367][T15277] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 719.967669][T15277] usb 3-1: config 0 descriptor?? [ 719.968336][T15981] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 719.968445][T15981] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 719.990553][ T5957] usb 4-1: 0:2 : does not exist [ 719.993449][T15277] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 720.396927][T15994] fuse: Bad value for 'fd' [ 720.782054][ T5957] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 720.879412][ T5957] usb 4-1: 5:0: failed to get current value for ch 1 (-22) [ 721.014477][ T5957] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 721.115914][ T5957] usb 4-1: USB disconnect, device number 101 [ 721.620519][ T5957] usb 3-1: USB disconnect, device number 102 [ 721.633935][ T5957] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 721.753192][ T10] usb 4-1: new full-speed USB device number 102 using dummy_hcd [ 721.915105][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 721.923473][ T10] usb 4-1: not running at top speed; connect to a high speed hub [ 721.937507][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 721.951160][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 721.968524][ T10] usb 4-1: string descriptor 0 read error: -22 [ 721.984988][ T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 722.012397][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 722.077279][ T10] usb 4-1: 0:2 : does not exist [ 722.400446][T16023] No source specified [ 722.416782][T16023] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3360'. [ 722.768594][T16024] Bluetooth: Invalid esc byte 0xff [ 722.778546][T16025] ptm ptm1: ldisc open failed (-12), clearing slot 1 [ 723.006261][ T10] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 723.294510][ T10] usb 4-1: 5:0: failed to get current value for ch 1 (-22) [ 723.325994][ T10] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 723.347154][ T10] usb 4-1: USB disconnect, device number 102 [ 723.776497][ T30] audit: type=1400 audit(1760960032.238:312): avc: denied { read } for pid=16047 comm="syz.1.3366" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 723.887792][ C1] vkms_vblank_simulate: vblank timer overrun [ 723.895116][ T30] audit: type=1400 audit(1760960032.238:313): avc: denied { open } for pid=16047 comm="syz.1.3366" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 723.919287][ C1] vkms_vblank_simulate: vblank timer overrun [ 723.925477][ T30] audit: type=1400 audit(1760960032.238:314): avc: denied { ioctl } for pid=16047 comm="syz.1.3366" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x3ba0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 724.736435][T16061] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3369'. [ 726.571176][T16077] FAULT_INJECTION: forcing a failure. [ 726.571176][T16077] name failslab, interval 1, probability 0, space 0, times 0 [ 726.614088][T16077] CPU: 1 UID: 0 PID: 16077 Comm: syz.4.3372 Not tainted syzkaller #0 PREEMPT(full) [ 726.614113][T16077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 726.614124][T16077] Call Trace: [ 726.614130][T16077] [ 726.614137][T16077] dump_stack_lvl+0x16c/0x1f0 [ 726.614165][T16077] should_fail_ex+0x512/0x640 [ 726.614188][T16077] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 726.614212][T16077] should_failslab+0xc2/0x120 [ 726.614237][T16077] kmem_cache_alloc_noprof+0x75/0x6e0 [ 726.614258][T16077] ? alloc_empty_file+0x55/0x1e0 [ 726.614280][T16077] ? alloc_empty_file+0x55/0x1e0 [ 726.614295][T16077] alloc_empty_file+0x55/0x1e0 [ 726.614312][T16077] path_openat+0xda/0x2cb0 [ 726.614345][T16077] ? __pfx_path_openat+0x10/0x10 [ 726.614370][T16077] ? __lock_acquire+0xb8a/0x1c90 [ 726.614396][T16077] do_filp_open+0x20b/0x470 [ 726.614420][T16077] ? __pfx_do_filp_open+0x10/0x10 [ 726.614462][T16077] ? alloc_fd+0x471/0x7d0 [ 726.614492][T16077] do_sys_openat2+0x11b/0x1d0 [ 726.614509][T16077] ? __pfx_do_sys_openat2+0x10/0x10 [ 726.614528][T16077] ? __fget_files+0x20e/0x3c0 [ 726.614556][T16077] __x64_sys_openat+0x174/0x210 [ 726.614574][T16077] ? __pfx___x64_sys_openat+0x10/0x10 [ 726.614590][T16077] ? ksys_write+0x1ac/0x250 [ 726.614621][T16077] do_syscall_64+0xcd/0xfa0 [ 726.614645][T16077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.614662][T16077] RIP: 0033:0x7f283e38efc9 [ 726.614677][T16077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.614694][T16077] RSP: 002b:00007f283f284038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 726.614711][T16077] RAX: ffffffffffffffda RBX: 00007f283e5e6090 RCX: 00007f283e38efc9 [ 726.614722][T16077] RDX: 0000000000141a82 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 726.614733][T16077] RBP: 00007f283f284090 R08: 0000000000000000 R09: 0000000000000000 [ 726.614744][T16077] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 726.614754][T16077] R13: 00007f283e5e6128 R14: 00007f283e5e6090 R15: 00007fffd3fedc68 [ 726.614779][T16077] [ 726.973303][T15277] usb 2-1: new low-speed USB device number 100 using dummy_hcd [ 727.214627][T15277] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 727.222812][T15277] usb 2-1: config 0 has no interface number 0 [ 727.229121][T15277] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 727.243947][T15277] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 727.255031][T15277] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 727.273997][T15277] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 727.285419][T15277] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 727.298279][T15277] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 727.311959][T15277] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 727.321324][T15277] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.337293][T15277] usb 2-1: config 0 descriptor?? [ 727.347086][T16079] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 727.358513][T16079] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 727.377305][T15277] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 727.565870][ T30] audit: type=1400 audit(1760960036.018:315): avc: denied { setopt } for pid=16080 comm="syz.0.3375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 728.095437][ T5957] usb 4-1: new low-speed USB device number 103 using dummy_hcd [ 728.281662][ T5957] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 728.334789][ T5957] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 728.383961][ T5957] usb 4-1: config 0 has no interface number 0 [ 728.396985][ T5957] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 728.413624][ T5957] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 728.447741][ T5957] usb 4-1: config 0 descriptor?? [ 728.469855][ T5957] ldusb 4-1:0.55: Interrupt in endpoint not found [ 729.474501][ T3091] usb 2-1: USB disconnect, device number 100 [ 729.587113][ T3091] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 730.102353][T16120] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 730.502379][ T30] audit: type=1400 audit(1760960038.928:316): avc: denied { read } for pid=16130 comm="syz.1.3388" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 730.610543][ T30] audit: type=1400 audit(1760960038.928:317): avc: denied { open } for pid=16130 comm="syz.1.3388" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 731.584056][ T30] audit: type=1400 audit(1760960038.928:318): avc: denied { cmd } for pid=16130 comm="syz.1.3388" path="socket:[62871]" dev="sockfs" ino=62871 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 731.663329][ T30] audit: type=1400 audit(1760960038.998:319): avc: denied { setopt } for pid=16130 comm="syz.1.3388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 731.758604][ T3091] usb 4-1: USB disconnect, device number 103 [ 732.166988][ T30] audit: type=1400 audit(1760960040.608:320): avc: denied { read write } for pid=16157 comm="syz.1.3394" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 732.783463][ T30] audit: type=1400 audit(1760960040.608:321): avc: denied { open } for pid=16157 comm="syz.1.3394" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 733.297074][T16167] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3397'. [ 733.573316][ T5892] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 733.839325][ T5892] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 734.553627][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 734.583365][ T5892] usb 4-1: Product: syz [ 734.587591][ T5892] usb 4-1: Manufacturer: syz [ 734.592245][ T5892] usb 4-1: SerialNumber: syz [ 735.414736][ T5892] net_ratelimit: 30 callbacks suppressed [ 735.414768][ T5892] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000010. ret = -EPROTO [ 735.519003][ T5892] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 735.930184][ T5892] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 735.979679][ T5892] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 735.997169][ T5892] usb 4-1: USB disconnect, device number 104 [ 736.012551][T13432] udevd[13432]: setting mode of /dev/bus/usb/004/104 to 020664 failed: No such file or directory [ 736.035897][T13432] udevd[13432]: setting owner of /dev/bus/usb/004/104 to uid=0, gid=0 failed: No such file or directory [ 737.723214][ T5957] usb 4-1: new low-speed USB device number 105 using dummy_hcd [ 737.741398][T16239] audit: audit_lost=4 audit_rate_limit=0 audit_backlog_limit=64 [ 737.757687][T16239] audit: out of memory in audit_log_start [ 737.921737][T16249] FAULT_INJECTION: forcing a failure. [ 737.921737][T16249] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 737.934479][ T5957] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 737.943296][T16249] CPU: 0 UID: 0 PID: 16249 Comm: syz.1.3417 Not tainted syzkaller #0 PREEMPT(full) [ 737.943319][T16249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 737.943330][T16249] Call Trace: [ 737.943336][T16249] [ 737.943343][T16249] dump_stack_lvl+0x16c/0x1f0 [ 737.943370][T16249] should_fail_ex+0x512/0x640 [ 737.943396][T16249] _copy_from_user+0x2e/0xd0 [ 737.943420][T16249] kstrtouint_from_user+0xd6/0x1d0 [ 737.943438][T16249] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 737.943455][T16249] ? __lock_acquire+0xb8a/0x1c90 [ 737.943492][T16249] proc_fail_nth_write+0x83/0x220 [ 737.943518][T16249] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 737.943549][T16249] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 737.943572][T16249] vfs_write+0x2a0/0x11d0 [ 737.943599][T16249] ? __pfx___mutex_lock+0x10/0x10 [ 737.943623][T16249] ? __pfx_vfs_write+0x10/0x10 [ 737.943647][T16249] ? __rcu_read_unlock+0x2bc/0x550 [ 737.943675][T16249] ? __fget_files+0x20e/0x3c0 [ 737.943704][T16249] ksys_write+0x12a/0x250 [ 737.943725][T16249] ? __pfx_ksys_write+0x10/0x10 [ 737.943753][T16249] do_syscall_64+0xcd/0xfa0 [ 737.943776][T16249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.943793][T16249] RIP: 0033:0x7f042358da7f [ 737.943807][T16249] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 737.943824][T16249] RSP: 002b:00007f04217b4030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 737.943840][T16249] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f042358da7f [ 737.943850][T16249] RDX: 0000000000000001 RSI: 00007f04217b40a0 RDI: 0000000000000005 [ 737.943861][T16249] RBP: 00007f04217b4090 R08: 0000000000000000 R09: 0000000000000000 [ 737.943871][T16249] R10: 0000200000000300 R11: 0000000000000293 R12: 0000000000000001 [ 737.943881][T16249] R13: 00007f04237e6218 R14: 00007f04237e6180 R15: 00007ffe57ce8658 [ 737.943907][T16249] [ 738.369615][ T5957] usb 4-1: config 0 has no interface number 0 [ 738.393558][ T5957] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 738.404990][ T5957] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 738.440426][ T5957] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 738.786828][ T5957] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 738.805232][ T5957] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 738.831259][ T5957] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 738.846152][ T5957] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 738.860115][ T5957] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 739.160625][ T5957] usb 4-1: config 0 descriptor?? [ 739.168620][T16231] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 739.175956][T16231] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 739.212648][ T5957] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 739.379684][T16273] FAULT_INJECTION: forcing a failure. [ 739.379684][T16273] name failslab, interval 1, probability 0, space 0, times 0 [ 739.392858][T16273] CPU: 0 UID: 0 PID: 16273 Comm: syz.0.3423 Not tainted syzkaller #0 PREEMPT(full) [ 739.392880][T16273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 739.392890][T16273] Call Trace: [ 739.392897][T16273] [ 739.392903][T16273] dump_stack_lvl+0x16c/0x1f0 [ 739.392930][T16273] should_fail_ex+0x512/0x640 [ 739.392951][T16273] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 739.392977][T16273] should_failslab+0xc2/0x120 [ 739.393002][T16273] kmem_cache_alloc_node_noprof+0x78/0x770 [ 739.393023][T16273] ? __alloc_skb+0x2b2/0x380 [ 739.393047][T16273] ? __alloc_skb+0x2b2/0x380 [ 739.393065][T16273] ? __pfx_netlink_insert+0x10/0x10 [ 739.393088][T16273] __alloc_skb+0x2b2/0x380 [ 739.393110][T16273] ? __pfx___alloc_skb+0x10/0x10 [ 739.393131][T16273] ? netlink_autobind.isra.0+0xa8/0x370 [ 739.393158][T16273] netlink_alloc_large_skb+0x69/0x140 [ 739.393182][T16273] netlink_sendmsg+0x698/0xdd0 [ 739.393209][T16273] ? __pfx_netlink_sendmsg+0x10/0x10 [ 739.393236][T16273] ? __pfx___sanitizer_cov_trace_pc+0x10/0x10 [ 739.393260][T16273] ____sys_sendmsg+0xa98/0xc70 [ 739.393287][T16273] ? copy_msghdr_from_user+0x10a/0x160 [ 739.393308][T16273] ? __pfx_____sys_sendmsg+0x10/0x10 [ 739.393333][T16273] ? rcu_watching_snap_stopped_since+0x71/0x110 [ 739.393356][T16273] ? __lock_acquire+0xb8a/0x1c90 [ 739.393384][T16273] ___sys_sendmsg+0x134/0x1d0 [ 739.393414][T16273] ? __pfx____sys_sendmsg+0x10/0x10 [ 739.393465][T16273] __sys_sendmsg+0x16d/0x220 [ 739.393488][T16273] ? __pfx___sys_sendmsg+0x10/0x10 [ 739.393507][T16273] ? __pfx___schedule+0x10/0x10 [ 739.393543][T16273] do_syscall_64+0xcd/0xfa0 [ 739.393567][T16273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.393584][T16273] RIP: 0033:0x7f32d4d8efc9 [ 739.393599][T16273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 739.393616][T16273] RSP: 002b:00007f32d5be2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 739.393632][T16273] RAX: ffffffffffffffda RBX: 00007f32d4fe6090 RCX: 00007f32d4d8efc9 [ 739.393644][T16273] RDX: 0000000000000010 RSI: 0000200000000400 RDI: 0000000000000007 [ 739.393653][T16273] RBP: 00007f32d5be2090 R08: 0000000000000000 R09: 0000000000000000 [ 739.393663][T16273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 739.393673][T16273] R13: 00007f32d4fe6128 R14: 00007f32d4fe6090 R15: 00007ffc1dad8058 [ 739.393697][T16273] [ 740.024014][T16278] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 2, id = 0 [ 740.044620][T16280] input: syz1 as /devices/virtual/input/input57 [ 740.436689][ T30] audit: type=1400 audit(1760960048.878:322): avc: denied { map } for pid=16279 comm="syz.0.3425" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 740.477232][T15277] usb 4-1: USB disconnect, device number 105 [ 740.621277][T15277] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 741.649844][T16292] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3428'. [ 742.539131][T16314] FAULT_INJECTION: forcing a failure. [ 742.539131][T16314] name failslab, interval 1, probability 0, space 0, times 0 [ 742.551804][T16314] CPU: 1 UID: 0 PID: 16314 Comm: syz.2.3434 Not tainted syzkaller #0 PREEMPT(full) [ 742.551826][T16314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 742.551836][T16314] Call Trace: [ 742.551842][T16314] [ 742.551850][T16314] dump_stack_lvl+0x16c/0x1f0 [ 742.551877][T16314] should_fail_ex+0x512/0x640 [ 742.551901][T16314] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 742.551925][T16314] should_failslab+0xc2/0x120 [ 742.551952][T16314] kmem_cache_alloc_node_noprof+0x78/0x770 [ 742.551974][T16314] ? __alloc_skb+0x2b2/0x380 [ 742.552000][T16314] ? __alloc_skb+0x2b2/0x380 [ 742.552017][T16314] ? __pfx_avc_has_perm+0x10/0x10 [ 742.552035][T16314] __alloc_skb+0x2b2/0x380 [ 742.552055][T16314] ? __pfx___alloc_skb+0x10/0x10 [ 742.552074][T16314] ? selinux_socket_getpeersec_dgram+0x1a4/0x370 [ 742.552097][T16314] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 742.552128][T16314] netlink_alloc_large_skb+0x69/0x140 [ 742.552155][T16314] netlink_sendmsg+0x698/0xdd0 [ 742.552184][T16314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 742.552218][T16314] ____sys_sendmsg+0xa98/0xc70 [ 742.552246][T16314] ? copy_msghdr_from_user+0x10a/0x160 [ 742.552268][T16314] ? __pfx_____sys_sendmsg+0x10/0x10 [ 742.552307][T16314] ___sys_sendmsg+0x134/0x1d0 [ 742.552331][T16314] ? __pfx____sys_sendmsg+0x10/0x10 [ 742.552351][T16314] ? __lock_acquire+0x622/0x1c90 [ 742.552410][T16314] __sys_sendmsg+0x16d/0x220 [ 742.552433][T16314] ? __pfx___sys_sendmsg+0x10/0x10 [ 742.552472][T16314] do_syscall_64+0xcd/0xfa0 [ 742.552496][T16314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.552515][T16314] RIP: 0033:0x7fdb7d58efc9 [ 742.552529][T16314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 742.552546][T16314] RSP: 002b:00007fdb7e417038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 742.552563][T16314] RAX: ffffffffffffffda RBX: 00007fdb7d7e5fa0 RCX: 00007fdb7d58efc9 [ 742.552575][T16314] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004 [ 742.552585][T16314] RBP: 00007fdb7e417090 R08: 0000000000000000 R09: 0000000000000000 [ 742.552596][T16314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 742.552607][T16314] R13: 00007fdb7d7e6038 R14: 00007fdb7d7e5fa0 R15: 00007ffe35ecc518 [ 742.552631][T16314] [ 743.991548][ T30] audit: type=1400 audit(1760960052.448:323): avc: denied { read } for pid=16337 comm="syz.3.3441" path="socket:[63435]" dev="sockfs" ino=63435 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 744.014970][T15277] usb 1-1: new low-speed USB device number 106 using dummy_hcd [ 744.805172][T15277] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 744.813533][T15277] usb 1-1: config 0 has no interface number 0 [ 744.819596][T15277] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 744.883532][T16346] FAULT_INJECTION: forcing a failure. [ 744.883532][T16346] name failslab, interval 1, probability 0, space 0, times 0 [ 744.899024][T15277] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 744.947259][T15277] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 744.954983][T16346] CPU: 1 UID: 0 PID: 16346 Comm: syz.3.3441 Not tainted syzkaller #0 PREEMPT(full) [ 744.955002][T16346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 744.955011][T16346] Call Trace: [ 744.955018][T16346] [ 744.955024][T16346] dump_stack_lvl+0x16c/0x1f0 [ 744.955048][T16346] should_fail_ex+0x512/0x640 [ 744.955067][T16346] ? fs_reclaim_acquire+0xae/0x150 [ 744.955091][T16346] should_failslab+0xc2/0x120 [ 744.955113][T16346] __kmalloc_noprof+0xdd/0x880 [ 744.955130][T16346] ? tomoyo_encode2+0x100/0x3e0 [ 744.955155][T16346] ? tomoyo_encode2+0x100/0x3e0 [ 744.955176][T16346] tomoyo_encode2+0x100/0x3e0 [ 744.955199][T16346] tomoyo_encode+0x29/0x50 [ 744.955219][T16346] tomoyo_realpath_from_path+0x18f/0x6e0 [ 744.955243][T16346] ? tomoyo_profile+0x47/0x60 [ 744.955259][T16346] tomoyo_path_number_perm+0x245/0x580 [ 744.955277][T16346] ? tomoyo_path_number_perm+0x237/0x580 [ 744.955298][T16346] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 744.955318][T16346] ? find_held_lock+0x2b/0x80 [ 744.955352][T16346] ? find_held_lock+0x2b/0x80 [ 744.955365][T16346] ? hook_file_ioctl_common+0x145/0x410 [ 744.955393][T16346] ? __fget_files+0x20e/0x3c0 [ 744.955417][T16346] security_file_ioctl+0x9b/0x240 [ 744.955440][T16346] __x64_sys_ioctl+0xb7/0x210 [ 744.955458][T16346] do_syscall_64+0xcd/0xfa0 [ 744.955479][T16346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.955494][T16346] RIP: 0033:0x7f665d98efc9 [ 744.955508][T16346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 744.955522][T16346] RSP: 002b:00007f665e8de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 744.955538][T16346] RAX: ffffffffffffffda RBX: 00007f665dbe6090 RCX: 00007f665d98efc9 [ 744.955548][T16346] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000b [ 744.955557][T16346] RBP: 00007f665e8de090 R08: 0000000000000000 R09: 0000000000000000 [ 744.955566][T16346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 744.955575][T16346] R13: 00007f665dbe6128 R14: 00007f665dbe6090 R15: 00007ffed9645cf8 [ 744.955597][T16346] [ 744.955612][T16346] ERROR: Out of memory at tomoyo_realpath_from_path. [ 745.193176][T15277] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 745.204496][T15277] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 745.215459][T15277] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 745.231429][T15277] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 745.258950][T15277] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 745.285765][T15277] usb 1-1: config 0 descriptor?? [ 745.352557][T16334] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 745.374316][T16334] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 745.384231][T15277] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 745.594606][ T10] usb 2-1: new full-speed USB device number 101 using dummy_hcd [ 745.713433][T15277] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 745.797998][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 745.806422][ T10] usb 2-1: not running at top speed; connect to a high speed hub [ 745.819784][ T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 745.831730][ T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 745.865394][ T10] usb 2-1: string descriptor 0 read error: -22 [ 745.871598][ T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 745.880946][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 745.904379][T15277] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 745.953590][T15277] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 746.115271][T15277] usb 4-1: config 0 descriptor?? [ 746.126625][ T10] usb 2-1: 0:2 : does not exist [ 746.358948][T15277] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 746.428614][ T5892] usb 1-1: USB disconnect, device number 106 [ 746.437605][ T5892] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 746.492567][T16365] netlink: 'syz.2.3447': attribute type 10 has an invalid length. [ 746.505118][T16365] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 746.513348][T16365] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 746.543345][T16365] netlink: 'syz.2.3447': attribute type 10 has an invalid length. [ 746.551230][T16365] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3447'. [ 746.562195][T15277] [drm:udl_init] *ERROR* Selecting channel failed [ 746.604572][T15277] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 746.612699][T16365] batadv0: entered promiscuous mode [ 746.621035][T15277] [drm] Initialized udl on minor 2 [ 746.627238][T16365] batadv0: entered allmulticast mode [ 746.632667][T15277] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 746.644089][T16365] bond0: (slave batadv0): Releasing backup interface [ 746.653289][T15277] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 746.660073][ T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 746.674538][ T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 746.684671][T15277] usb 4-1: USB disconnect, device number 106 [ 746.694699][T16365] bridge0: port 3(batadv0) entered blocking state [ 746.703327][ T9] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 746.723987][T16365] bridge0: port 3(batadv0) entered disabled state [ 746.747378][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.753734][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 746.773817][ T55] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 746.783121][ T55] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 746.843192][ T7542] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 747.014559][ T7542] usb 3-1: Using ep0 maxpacket: 16 [ 747.029494][ T7542] usb 3-1: config 0 has an invalid interface number: 126 but max is 0 [ 747.049022][ T7542] usb 3-1: config 0 has an invalid descriptor of length 49, skipping remainder of the config [ 747.077581][ T7542] usb 3-1: config 0 has no interface number 0 [ 747.091357][ T7542] usb 3-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87 [ 747.105157][ T10] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 747.123067][ T7542] usb 3-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024 [ 747.140449][T16372] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3450'. [ 747.153181][ T7542] usb 3-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 747.162310][ T10] usb 2-1: 5:0: failed to get current value for ch 1 (-22) [ 747.173240][T16372] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3450'. [ 747.186208][ T7542] usb 3-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid maxpacket 26159, setting to 1024 [ 747.198870][ T10] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 747.221485][ T7542] usb 3-1: config 0 interface 126 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 747.246179][ T7542] usb 3-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 747.257744][ T10] usb 2-1: USB disconnect, device number 101 [ 747.272671][ T7542] usb 3-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88 [ 747.292795][ T7542] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.438267][ T7542] usb 3-1: config 0 descriptor?? [ 747.444110][T16366] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 747.451977][T16366] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 747.467561][ T7542] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 747.967547][ T7542] usb 3-1: USB disconnect, device number 103 [ 748.903737][ T5819] Bluetooth: hci1: command 0x0406 tx timeout [ 749.493150][ T30] audit: type=1400 audit(1760960057.889:324): avc: denied { bind } for pid=16392 comm="syz.1.3455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 749.774341][T16406] FAULT_INJECTION: forcing a failure. [ 749.774341][T16406] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 749.787638][T16406] CPU: 0 UID: 0 PID: 16406 Comm: syz.4.3456 Not tainted syzkaller #0 PREEMPT(full) [ 749.787660][T16406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 749.787671][T16406] Call Trace: [ 749.787678][T16406] [ 749.787685][T16406] dump_stack_lvl+0x16c/0x1f0 [ 749.787712][T16406] should_fail_ex+0x512/0x640 [ 749.787738][T16406] _copy_to_user+0x32/0xd0 [ 749.787764][T16406] simple_read_from_buffer+0xcb/0x170 [ 749.787788][T16406] proc_fail_nth_read+0x197/0x240 [ 749.787815][T16406] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 749.787843][T16406] ? rw_verify_area+0xcf/0x6c0 [ 749.787862][T16406] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 749.787888][T16406] vfs_read+0x1e4/0xcf0 [ 749.787913][T16406] ? __pfx___mutex_lock+0x10/0x10 [ 749.787937][T16406] ? __pfx_vfs_read+0x10/0x10 [ 749.787966][T16406] ? __fget_files+0x20e/0x3c0 [ 749.787996][T16406] ksys_read+0x12a/0x250 [ 749.788018][T16406] ? __pfx_ksys_read+0x10/0x10 [ 749.788047][T16406] do_syscall_64+0xcd/0xfa0 [ 749.788071][T16406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.788089][T16406] RIP: 0033:0x7f283e38d9dc [ 749.788104][T16406] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 749.788121][T16406] RSP: 002b:00007f283f263030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 749.788138][T16406] RAX: ffffffffffffffda RBX: 00007f283e5e6180 RCX: 00007f283e38d9dc [ 749.788150][T16406] RDX: 000000000000000f RSI: 00007f283f2630a0 RDI: 000000000000000a [ 749.788160][T16406] RBP: 00007f283f263090 R08: 0000000000000000 R09: 0000000000000000 [ 749.788171][T16406] R10: 0000800000000004 R11: 0000000000000246 R12: 0000000000000001 [ 749.788181][T16406] R13: 00007f283e5e6218 R14: 00007f283e5e6180 R15: 00007fffd3fedc68 [ 749.788207][T16406] [ 750.145166][ T30] audit: type=1400 audit(1760960057.889:325): avc: denied { setopt } for pid=16392 comm="syz.1.3455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 750.165227][ T30] audit: type=1400 audit(1760960058.219:326): avc: denied { mount } for pid=16398 comm="syz.4.3456" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 751.411819][ T30] audit: type=1400 audit(1760960059.869:327): avc: denied { create } for pid=16407 comm="syz.1.3459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 752.447481][T16421] FAULT_INJECTION: forcing a failure. [ 752.447481][T16421] name failslab, interval 1, probability 0, space 0, times 0 [ 752.461430][T16421] CPU: 1 UID: 0 PID: 16421 Comm: syz.3.3464 Not tainted syzkaller #0 PREEMPT(full) [ 752.461453][T16421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 752.461464][T16421] Call Trace: [ 752.461471][T16421] [ 752.461477][T16421] dump_stack_lvl+0x16c/0x1f0 [ 752.461504][T16421] should_fail_ex+0x512/0x640 [ 752.461527][T16421] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 752.461559][T16421] should_failslab+0xc2/0x120 [ 752.461585][T16421] kmem_cache_alloc_node_noprof+0x78/0x770 [ 752.461606][T16421] ? __alloc_skb+0x2b2/0x380 [ 752.461632][T16421] ? __alloc_skb+0x2b2/0x380 [ 752.461650][T16421] ? __pfx_netlink_insert+0x10/0x10 [ 752.461673][T16421] __alloc_skb+0x2b2/0x380 [ 752.461693][T16421] ? __pfx___alloc_skb+0x10/0x10 [ 752.461714][T16421] ? netlink_autobind.isra.0+0x158/0x370 [ 752.461744][T16421] netlink_alloc_large_skb+0x69/0x140 [ 752.461770][T16421] netlink_sendmsg+0x698/0xdd0 [ 752.461797][T16421] ? __pfx_netlink_sendmsg+0x10/0x10 [ 752.461831][T16421] ____sys_sendmsg+0xa98/0xc70 [ 752.461858][T16421] ? copy_msghdr_from_user+0x10a/0x160 [ 752.461880][T16421] ? __pfx_____sys_sendmsg+0x10/0x10 [ 752.461918][T16421] ___sys_sendmsg+0x134/0x1d0 [ 752.461941][T16421] ? __pfx____sys_sendmsg+0x10/0x10 [ 752.461961][T16421] ? __lock_acquire+0x622/0x1c90 [ 752.462013][T16421] __sys_sendmsg+0x16d/0x220 [ 752.462036][T16421] ? __pfx___sys_sendmsg+0x10/0x10 [ 752.462072][T16421] do_syscall_64+0xcd/0xfa0 [ 752.462093][T16421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.462109][T16421] RIP: 0033:0x7f665d98efc9 [ 752.462123][T16421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.462137][T16421] RSP: 002b:00007f665e8ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 752.462153][T16421] RAX: ffffffffffffffda RBX: 00007f665dbe5fa0 RCX: 00007f665d98efc9 [ 752.462163][T16421] RDX: 0000000000004800 RSI: 0000200000000300 RDI: 0000000000000003 [ 752.462173][T16421] RBP: 00007f665e8ff090 R08: 0000000000000000 R09: 0000000000000000 [ 752.462182][T16421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 752.462192][T16421] R13: 00007f665dbe6038 R14: 00007f665dbe5fa0 R15: 00007ffed9645cf8 [ 752.462215][T16421] [ 753.653220][ T7542] usb 3-1: new full-speed USB device number 104 using dummy_hcd [ 753.904914][ T7542] usb 3-1: unable to get BOS descriptor or descriptor too short [ 754.089946][ T7542] usb 3-1: not running at top speed; connect to a high speed hub [ 754.153831][ T7542] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 754.187126][ T7542] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 754.214322][ T7542] usb 3-1: string descriptor 0 read error: -22 [ 754.222692][ T7542] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 754.383601][ T7542] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.522091][T16446] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3469'. [ 755.110741][ T7542] usb 3-1: 0:2 : does not exist [ 756.659001][ T7542] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5) [ 756.671153][ T7542] usb 3-1: 5:0: failed to get current value for ch 1 (-22) [ 756.711896][ T7542] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5) [ 756.766037][ T7542] usb 3-1: USB disconnect, device number 104 [ 757.199143][ T30] audit: type=1400 audit(1760960065.629:328): avc: denied { getopt } for pid=16467 comm="syz.2.3476" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 757.218612][ C0] vkms_vblank_simulate: vblank timer overrun [ 757.445813][T16468] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3476'. [ 757.454849][T16468] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3476'. [ 757.464196][T16468] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3476'. [ 757.585239][T16468] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3476'. [ 758.455050][T16477] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 758.464735][T16477] overlayfs: missing 'lowerdir' [ 758.545117][ T30] audit: type=1400 audit(1760960067.009:329): avc: denied { append } for pid=16478 comm="syz.3.3479" name="video7" dev="devtmpfs" ino=949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 759.311294][ T30] audit: type=1400 audit(1760960067.039:330): avc: denied { bind } for pid=16478 comm="syz.3.3479" lport=9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 759.332180][ T30] audit: type=1400 audit(1760960067.039:331): avc: denied { name_bind } for pid=16478 comm="syz.3.3479" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 759.358432][ T30] audit: type=1400 audit(1760960067.039:332): avc: denied { node_bind } for pid=16478 comm="syz.3.3479" saddr=ff01::1 src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 759.385230][ T30] audit: type=1400 audit(1760960067.089:333): avc: denied { bind } for pid=16478 comm="syz.3.3479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 760.793680][T16491] 9pnet_virtio: no channels available for device syz [ 761.587227][ T30] audit: type=1400 audit(1760960069.949:334): avc: denied { kexec_image_load } for pid=16490 comm="syz.3.3481" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 762.156862][T16505] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3487'. [ 762.315056][T16502] 9pnet_virtio: no channels available for device syz [ 762.710889][T16513] 9pnet_virtio: no channels available for device syz [ 763.341355][ T3091] usb 4-1: new full-speed USB device number 107 using dummy_hcd [ 763.351967][ T5892] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 765.393184][ T5892] usb 2-1: Using ep0 maxpacket: 8 [ 765.456423][ T3091] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 765.467970][ T3091] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 765.479607][ T3091] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64 [ 765.490732][ T3091] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 765.683240][ T5892] usb 2-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 765.692980][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.705887][ T3091] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 765.716737][ T5892] usb 2-1: config 0 descriptor?? [ 765.733396][ T5892] usb 2-1: can't set config #0, error -71 [ 765.742781][ T3091] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 765.871232][ T5892] usb 2-1: USB disconnect, device number 102 [ 765.884447][ T3091] usb 4-1: Manufacturer: syz [ 765.913450][ T3091] usb 4-1: config 0 descriptor?? [ 765.916616][T16540] FAULT_INJECTION: forcing a failure. [ 765.916616][T16540] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 765.936132][T16540] CPU: 0 UID: 0 PID: 16540 Comm: syz.3.3497 Not tainted syzkaller #0 PREEMPT(full) [ 765.936155][T16540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 765.936165][T16540] Call Trace: [ 765.936179][T16540] [ 765.936186][T16540] dump_stack_lvl+0x16c/0x1f0 [ 765.936214][T16540] should_fail_ex+0x512/0x640 [ 765.936241][T16540] should_fail_alloc_page+0xe7/0x130 [ 765.936269][T16540] prepare_alloc_pages+0x3c2/0x610 [ 765.936297][T16540] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 765.936322][T16540] ? __lock_acquire+0x622/0x1c90 [ 765.936353][T16540] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 765.936377][T16540] ? find_held_lock+0x2b/0x80 [ 765.936398][T16540] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 765.936419][T16540] ? is_bpf_text_address+0x94/0x1a0 [ 765.936445][T16540] ? kernel_text_address+0x8d/0x100 [ 765.936470][T16540] ? __kernel_text_address+0xd/0x40 [ 765.936498][T16540] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 765.936526][T16540] ? policy_nodemask+0xea/0x4e0 [ 765.936553][T16540] alloc_pages_mpol+0x1fb/0x550 [ 765.936580][T16540] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 765.936612][T16540] folio_alloc_mpol_noprof+0x36/0x2f0 [ 765.936632][T16540] vma_alloc_folio_noprof+0xed/0x1e0 [ 765.936650][T16540] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 765.936677][T16540] do_pte_missing+0x2202/0x3ba0 [ 765.936696][T16540] ? find_held_lock+0x2b/0x80 [ 765.936720][T16540] __handle_mm_fault+0x1556/0x2aa0 [ 765.936741][T16540] ? mt_find+0x3e2/0xa20 [ 765.936766][T16540] ? __pfx___handle_mm_fault+0x10/0x10 [ 765.936782][T16540] ? __pfx_mt_find+0x10/0x10 [ 765.936820][T16540] ? find_vma+0xbf/0x140 [ 765.936843][T16540] ? __pfx_find_vma+0x10/0x10 [ 765.936870][T16540] handle_mm_fault+0x589/0xd10 [ 765.936889][T16540] ? __pkru_allows_pkey+0x11/0xb0 [ 765.936914][T16540] do_user_addr_fault+0x7a6/0x1370 [ 765.936940][T16540] ? rcu_is_watching+0x12/0xc0 [ 765.936961][T16540] exc_page_fault+0x64/0xc0 [ 765.936981][T16540] asm_exc_page_fault+0x26/0x30 [ 765.936997][T16540] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 765.937025][T16540] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 7f 3e 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 765.937041][T16540] RSP: 0018:ffffc9000c2379a8 EFLAGS: 00050206 [ 765.937057][T16540] RAX: 0000000000000001 RBX: 0000000000000352 RCX: 0000000000000352 [ 765.937068][T16540] RDX: ffffed1006be346b RSI: ffff888035f1a000 RDI: 00002000000034c0 [ 765.937078][T16540] RBP: 0000000000000352 R08: 0000000000000000 R09: ffffed1006be346a [ 765.937089][T16540] R10: ffff888035f1a351 R11: 0000000000000000 R12: 0000000000000000 [ 765.937098][T16540] R13: ffffc9000c237bc0 R14: ffff888035f1a000 R15: 00002000000034c0 [ 765.937124][T16540] _copy_to_iter+0x4eb/0x1710 [ 765.937154][T16540] ? __pfx__copy_to_iter+0x10/0x10 [ 765.937182][T16540] ? print_binder_stats+0x1fe/0x410 [ 765.937209][T16540] ? stats_show+0x579/0x650 [ 765.937235][T16540] seq_read_iter+0xd02/0x12d0 [ 765.937268][T16540] seq_read+0x3a3/0x570 [ 765.937288][T16540] ? __pfx_seq_read+0x10/0x10 [ 765.937328][T16540] full_proxy_read+0x131/0x1a0 [ 765.937347][T16540] ? __pfx_full_proxy_read+0x10/0x10 [ 765.937366][T16540] vfs_read+0x1e4/0xcf0 [ 765.937392][T16540] ? __pfx___mutex_lock+0x10/0x10 [ 765.937414][T16540] ? __pfx_vfs_read+0x10/0x10 [ 765.937441][T16540] ? __fget_files+0x20e/0x3c0 [ 765.937472][T16540] ksys_read+0x12a/0x250 [ 765.937491][T16540] ? __pfx_ksys_read+0x10/0x10 [ 765.937520][T16540] do_syscall_64+0xcd/0xfa0 [ 765.937544][T16540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.937561][T16540] RIP: 0033:0x7f665d98efc9 [ 765.937574][T16540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 765.937591][T16540] RSP: 002b:00007f665e8ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 765.937606][T16540] RAX: ffffffffffffffda RBX: 00007f665dbe5fa0 RCX: 00007f665d98efc9 [ 765.937616][T16540] RDX: 0000000000000cac RSI: 00002000000034c0 RDI: 0000000000000006 [ 765.937627][T16540] RBP: 00007f665e8ff090 R08: 0000000000000000 R09: 0000000000000000 [ 765.937637][T16540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 765.937647][T16540] R13: 00007f665dbe6038 R14: 00007f665dbe5fa0 R15: 00007ffed9645cf8 [ 765.937672][T16540] [ 766.952152][ T3091] usb 4-1: can't set config #0, error -71 [ 766.987504][ T3091] usb 4-1: USB disconnect, device number 107 [ 770.985343][ T9] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 774.684952][T16602] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 774.694033][T16602] overlayfs: missing 'lowerdir' [ 775.800297][ T30] audit: type=1400 audit(1760960083.929:335): avc: denied { name_connect } for pid=16611 comm="syz.4.3518" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 775.846998][T16614] netlink: 7 bytes leftover after parsing attributes in process `syz.0.3519'. [ 775.894517][ T30] audit: type=1400 audit(1760960084.309:336): avc: denied { write } for pid=16613 comm="syz.0.3519" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 775.903480][T16614] netlink: 7 bytes leftover after parsing attributes in process `syz.0.3519'. [ 776.019407][ T30] audit: type=1400 audit(1760960084.309:337): avc: denied { open } for pid=16613 comm="syz.0.3519" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 776.703426][ T30] audit: type=1400 audit(1760960084.309:338): avc: denied { ioctl } for pid=16613 comm="syz.0.3519" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 776.730176][ T30] audit: type=1400 audit(1760960084.529:339): avc: denied { watch } for pid=16613 comm="syz.0.3519" path="/136/net_prio.prioidx" dev="tmpfs" ino=724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 776.773666][ T30] audit: type=1400 audit(1760960084.529:340): avc: denied { watch_sb watch_reads } for pid=16613 comm="syz.0.3519" path="/136/net_prio.prioidx" dev="tmpfs" ino=724 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 776.843276][ T30] audit: type=1400 audit(1760960084.629:341): avc: denied { watch_mount watch_reads } for pid=16613 comm="syz.0.3519" path="/136" dev="tmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 777.953285][ T7542] usb 4-1: new low-speed USB device number 108 using dummy_hcd [ 778.650023][ T7542] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 778.674579][ T7542] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 779.317957][ T30] audit: type=1400 audit(1760960087.199:342): avc: denied { map } for pid=16642 comm="syz.2.3528" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 779.341037][ T7542] usb 4-1: config 0 has no interface number 0 [ 779.351146][ T7542] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 779.395036][ T7542] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 779.408515][ T30] audit: type=1400 audit(1760960087.199:343): avc: denied { execute } for pid=16642 comm="syz.2.3528" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 779.436300][ T7542] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 779.448119][ T7542] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 779.489294][ T7542] usb 4-1: config 0 descriptor?? [ 779.499967][T16644] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 779.509034][ T7542] ldusb 4-1:0.55: Interrupt in endpoint not found [ 779.554871][ T5826] Bluetooth: hci2: command 0x0406 tx timeout [ 779.651669][ T30] audit: type=1326 audit(1760960088.109:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16653 comm="syz.2.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7d58efc9 code=0x7ffc0000 [ 781.022951][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 781.022968][ T30] audit: type=1400 audit(1760960088.309:368): avc: denied { block_suspend } for pid=16655 comm="syz.1.3531" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 781.795420][ T30] audit: type=1400 audit(1760960088.419:369): avc: denied { connect } for pid=16653 comm="syz.2.3530" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 781.991511][ T30] audit: type=1326 audit(1760960089.459:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16653 comm="syz.2.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7d58efc9 code=0x7ffc0000 [ 782.042889][ T30] audit: type=1326 audit(1760960089.459:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16653 comm="syz.2.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7d58efc9 code=0x7ffc0000 [ 782.095456][ T30] audit: type=1326 audit(1760960090.259:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16653 comm="syz.2.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7d58efc9 code=0x7ffc0000 [ 782.129673][T16665] input: syz0 as /devices/virtual/input/input58 [ 782.230932][ T30] audit: type=1326 audit(1760960090.259:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16653 comm="syz.2.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7d58efc9 code=0x7ffc0000 [ 782.265828][ T30] audit: type=1326 audit(1760960090.259:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16653 comm="syz.2.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7d58efc9 code=0x7ffc0000 [ 782.833787][T16666] netlink: 116 bytes leftover after parsing attributes in process `syz.1.3531'. [ 782.839596][ T30] audit: type=1326 audit(1760960090.259:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16653 comm="syz.2.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7d58efc9 code=0x7ffc0000 [ 782.874142][ T30] audit: type=1326 audit(1760960090.259:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16653 comm="syz.2.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fdb7d58efc9 code=0x7ffc0000 [ 782.919472][ T30] audit: type=1400 audit(1760960090.259:377): avc: denied { write } for pid=16653 comm="syz.2.3530" path="socket:[65092]" dev="sockfs" ino=65092 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 783.259518][T16678] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 783.268613][T16678] overlayfs: missing 'lowerdir' [ 784.088438][ T5812] IPVS: starting estimator thread 0... [ 784.193251][T16686] IPVS: using max 79 ests per chain, 189600 per kthread [ 784.457001][ T7542] usb 4-1: USB disconnect, device number 108 [ 784.457671][T16688] 9pnet: Unknown protocol version 9p2000.ÄÔ…ïBoÿ:O‘´ñ­L [ 784.933208][ T7542] usb 1-1: new low-speed USB device number 107 using dummy_hcd [ 785.094413][ T7542] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 785.102617][ T7542] usb 1-1: config 0 has no interface number 0 [ 785.108750][ T7542] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 785.119582][ T7542] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 785.130779][ T7542] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 785.142380][ T7542] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 785.156774][ T7542] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 785.178165][ T7542] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 785.200996][ T7542] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 785.210410][ T7542] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.227484][ T7542] usb 1-1: config 0 descriptor?? [ 785.245445][T16696] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 785.252817][T16696] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 785.267168][ T7542] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 786.342409][ T5812] usb 1-1: USB disconnect, device number 107 [ 786.353603][ T5812] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 786.486014][T16714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3546'. [ 786.557887][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 786.557903][ T30] audit: type=1400 audit(1760960095.019:388): avc: denied { connect } for pid=16715 comm="syz.2.3547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 786.743942][T16718] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 786.843180][ T5892] usb 3-1: new high-speed USB device number 105 using dummy_hcd [ 786.887852][T16722] input: syz1 as /devices/virtual/input/input59 [ 787.005327][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 787.016522][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 787.026291][ T5892] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 787.039215][ T5892] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 787.048509][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 787.053146][ T5812] usb 2-1: new low-speed USB device number 104 using dummy_hcd [ 787.064504][ T5892] usb 3-1: config 0 descriptor?? [ 787.236407][ T5812] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 787.245474][ T5812] usb 2-1: config 0 has no interface number 0 [ 787.251614][ T5812] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 787.262958][ T5812] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 787.274503][ T5812] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 787.286186][ T5812] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 787.297290][ T5812] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 787.307639][ T5812] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 787.320776][ T5812] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 787.329890][ T5812] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 787.341625][T16726] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 787.350754][T16726] overlayfs: missing 'lowerdir' [ 787.363467][ T5812] usb 2-1: config 0 descriptor?? [ 787.390069][T16720] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 787.437245][ T5812] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 787.624763][T16731] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 788.458945][ T5892] plantronics 0003:047F:FFFF.0012: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 788.635750][ T9] usb 3-1: USB disconnect, device number 105 [ 788.829546][ T30] audit: type=1400 audit(1760960097.289:389): avc: denied { create } for pid=16741 comm="syz.4.3555" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 788.880091][ T30] audit: type=1400 audit(1760960097.309:390): avc: denied { write } for pid=16741 comm="syz.4.3555" path="socket:[65448]" dev="sockfs" ino=65448 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 788.903311][ C0] vkms_vblank_simulate: vblank timer overrun [ 788.993152][ T5892] usb 1-1: new high-speed USB device number 108 using dummy_hcd [ 789.155563][ T5892] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 789.182665][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 789.258557][ T5892] usb 1-1: config 0 descriptor?? [ 789.489699][ T5892] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 789.618125][T16753] netlink: 9 bytes leftover after parsing attributes in process `syz.2.3558'. [ 789.634239][ T3091] usb 2-1: USB disconnect, device number 104 [ 789.658779][T16753] gretap0: entered promiscuous mode [ 789.670102][ T3091] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 789.680056][T16755] netlink: 5 bytes leftover after parsing attributes in process `syz.2.3558'. [ 789.689405][T16755] 0ªî{X¹¦: renamed from gretap0 [ 789.701628][T16755] 0ªî{X¹¦: left promiscuous mode [ 789.707282][T16755] 0ªî{X¹¦: entered allmulticast mode [ 789.717416][T16755] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 789.803975][ T5892] [drm:udl_init] *ERROR* Selecting channel failed [ 789.861567][ T5892] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 789.885156][ T5892] [drm] Initialized udl on minor 2 [ 789.909345][ T5892] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 789.943662][ T5892] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 789.976641][ T7542] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 789.976840][ T7542] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 789.989003][ T5892] usb 1-1: USB disconnect, device number 108 [ 790.863028][ T30] audit: type=1400 audit(1760960099.029:391): avc: denied { read } for pid=16762 comm="syz.0.3561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 791.139817][T16767] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3562'. [ 791.593295][ T3091] usb 1-1: new high-speed USB device number 109 using dummy_hcd [ 791.964880][ T3091] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 791.976671][ T3091] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 792.012156][ T3091] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 792.045541][ T3091] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 792.072322][ T3091] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 792.100258][ T3091] usb 1-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 792.119340][ T3091] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 792.133431][ T3091] usb 1-1: Product: syz [ 792.138953][ T3091] usb 1-1: Manufacturer: syz [ 792.152251][ T3091] usb 1-1: SerialNumber: syz [ 792.184721][ T3091] usb 1-1: config 0 descriptor?? [ 792.204057][ T3091] iguanair 1-1:0.0: probe with driver iguanair failed with error -12 [ 792.409886][ T3091] usb 1-1: USB disconnect, device number 109 [ 794.063173][ T9] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 794.092402][T16797] binder_alloc: binder_alloc_mmap_handler: 16796 200000ffc000-200000ffd000 already mapped failed -16 [ 794.118732][T16797] binder: 16796:16797 ioctl 400c620e 200000000200 returned -22 [ 794.126924][T16795] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 794.234878][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 794.245908][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 794.255954][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 794.269042][ T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 794.368180][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.405707][ T9] usb 2-1: config 0 descriptor?? [ 794.713521][ T3091] usb 3-1: new low-speed USB device number 106 using dummy_hcd [ 794.888153][ T3091] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 794.901515][ T3091] usb 3-1: config 0 has no interface number 0 [ 794.909684][ T3091] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 794.911765][ T9] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 794.925427][ T3091] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 794.950246][ T3091] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 795.010557][ T3091] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 795.011656][ T30] audit: type=1400 audit(1760960103.409:392): avc: denied { mount } for pid=16809 comm="syz.0.3577" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 795.042165][ T3091] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 795.110030][T16792] FAULT_INJECTION: forcing a failure. [ 795.110030][T16792] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 795.143988][ T7542] usb 2-1: USB disconnect, device number 105 [ 795.157875][ T3091] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 795.175278][T16792] CPU: 0 UID: 0 PID: 16792 Comm: syz.1.3569 Not tainted syzkaller #0 PREEMPT(full) [ 795.175299][T16792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 795.175309][T16792] Call Trace: [ 795.175315][T16792] [ 795.175322][T16792] dump_stack_lvl+0x16c/0x1f0 [ 795.175349][T16792] should_fail_ex+0x512/0x640 [ 795.175376][T16792] _copy_from_user+0x2e/0xd0 [ 795.175395][T16792] hiddev_ioctl+0x4d3/0x15a0 [ 795.175419][T16792] ? __pfx_hiddev_ioctl+0x10/0x10 [ 795.175450][T16792] ? selinux_file_ioctl+0x180/0x270 [ 795.175470][T16792] ? selinux_file_ioctl+0xb4/0x270 [ 795.175490][T16792] ? __pfx_hiddev_ioctl+0x10/0x10 [ 795.175511][T16792] __x64_sys_ioctl+0x18e/0x210 [ 795.175529][T16792] do_syscall_64+0xcd/0xfa0 [ 795.175548][T16792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.175562][T16792] RIP: 0033:0x7f042358efc9 [ 795.175573][T16792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 795.175586][T16792] RSP: 002b:00007f04217f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 795.175600][T16792] RAX: ffffffffffffffda RBX: 00007f04237e5fa0 RCX: 00007f042358efc9 [ 795.175609][T16792] RDX: 0000200000000080 RSI: 00000000400c4808 RDI: 0000000000000004 [ 795.175617][T16792] RBP: 00007f04217f6090 R08: 0000000000000000 R09: 0000000000000000 [ 795.175625][T16792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 795.175634][T16792] R13: 00007f04237e6038 R14: 00007f04237e5fa0 R15: 00007ffe57ce8658 [ 795.175654][T16792] [ 795.177647][T16813] fido_id[16813]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 795.182124][ T3091] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 795.364342][ T3091] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 795.375230][ T3091] usb 3-1: config 0 descriptor?? [ 795.380964][T16808] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 795.391116][T16808] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 795.402779][ T3091] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 795.660287][ T30] audit: type=1400 audit(1760960104.119:393): avc: denied { getopt } for pid=16816 comm="syz.3.3579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 795.763351][T16818] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 795.863534][ T9] usb 1-1: new low-speed USB device number 110 using dummy_hcd [ 795.874557][ T30] audit: type=1400 audit(1760960104.309:394): avc: denied { accept } for pid=16816 comm="syz.3.3579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 796.083472][ T30] audit: type=1326 audit(1760960104.549:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16822 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f042358efc9 code=0x7ffc0000 [ 796.106862][ C0] vkms_vblank_simulate: vblank timer overrun [ 796.213337][ T30] audit: type=1326 audit(1760960104.549:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16822 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f042358efc9 code=0x7ffc0000 [ 796.236733][ C0] vkms_vblank_simulate: vblank timer overrun [ 796.324352][ T9] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 796.344706][ T9] usb 1-1: config 0 has no interface number 0 [ 796.441633][ T9] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 796.549577][ T9] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 796.754054][ T30] audit: type=1326 audit(1760960104.549:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16822 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f042358efc9 code=0x7ffc0000 [ 796.780884][ T9] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 796.795976][ T9] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 796.809870][ T30] audit: type=1326 audit(1760960104.549:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16822 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f042358efc9 code=0x7ffc0000 [ 796.850154][ T30] audit: type=1326 audit(1760960104.549:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16822 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f042358efc9 code=0x7ffc0000 [ 796.886503][ T9] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 796.887387][ T30] audit: type=1326 audit(1760960104.549:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16822 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f042358efc9 code=0x7ffc0000 [ 796.924855][ T30] audit: type=1326 audit(1760960104.549:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16822 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f042358efc9 code=0x7ffc0000 [ 797.319165][ T9] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 797.341163][ T9] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 797.353015][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.385448][ T9] usb 1-1: config 0 descriptor?? [ 797.409016][T16815] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 797.419785][T16815] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 797.461683][ T9] ldusb 1-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 797.730391][ T9] usb 1-1: USB disconnect, device number 110 [ 797.744753][ T9] ldusb 1-1:0.55: LD USB Device #1 now disconnected [ 797.794575][T16850] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16850 comm=syz.4.3584 [ 798.430639][ T5812] usb 3-1: USB disconnect, device number 106 [ 798.466595][T16855] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3587'. [ 798.476286][ T5812] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 798.952887][T16855] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3587'. [ 799.108058][T16863] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 801.189028][T16877] ================================================================== [ 801.197112][T16877] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70 [ 801.205097][T16877] Read of size 8 at addr ffff88801e6b8630 by task syz.0.3593/16877 [ 801.212976][T16877] [ 801.215288][T16877] CPU: 1 UID: 0 PID: 16877 Comm: syz.0.3593 Not tainted syzkaller #0 PREEMPT(full) [ 801.215310][T16877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 801.215322][T16877] Call Trace: [ 801.215329][T16877] [ 801.215337][T16877] dump_stack_lvl+0x116/0x1f0 [ 801.215363][T16877] print_report+0xcd/0x630 [ 801.215390][T16877] ? __virt_addr_valid+0x81/0x610 [ 801.215411][T16877] ? __phys_addr+0xe8/0x180 [ 801.215433][T16877] ? sysfs_remove_file_ns+0x63/0x70 [ 801.215459][T16877] kasan_report+0xe0/0x110 [ 801.215486][T16877] ? sysfs_remove_file_ns+0x63/0x70 [ 801.215516][T16877] sysfs_remove_file_ns+0x63/0x70 [ 801.215543][T16877] driver_remove_file+0x4a/0x60 [ 801.215567][T16877] bus_remove_driver+0x224/0x2c0 [ 801.215585][T16877] driver_unregister+0x76/0xb0 [ 801.215607][T16877] comedi_device_detach_locked+0x12f/0xa50 [ 801.215632][T16877] do_devconfig_ioctl+0x555/0x710 [ 801.215657][T16877] ? __mutex_lock+0x1c5/0x1060 [ 801.215685][T16877] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 801.215719][T16877] ? find_held_lock+0x2b/0x80 [ 801.215739][T16877] comedi_unlocked_ioctl+0x165d/0x2f00 [ 801.215772][T16877] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 801.215804][T16877] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 801.215835][T16877] ? do_vfs_ioctl+0x128/0x14f0 [ 801.215856][T16877] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 801.215875][T16877] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 801.215907][T16877] ? hook_file_ioctl_common+0x145/0x410 [ 801.215931][T16877] ? selinux_file_ioctl+0x180/0x270 [ 801.215956][T16877] ? selinux_file_ioctl+0xb4/0x270 [ 801.215982][T16877] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 801.216012][T16877] __x64_sys_ioctl+0x18e/0x210 [ 801.216032][T16877] do_syscall_64+0xcd/0xfa0 [ 801.216057][T16877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.216076][T16877] RIP: 0033:0x7f32d4d8efc9 [ 801.216091][T16877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 801.216109][T16877] RSP: 002b:00007f32d5bc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 801.216133][T16877] RAX: ffffffffffffffda RBX: 00007f32d4fe6180 RCX: 00007f32d4d8efc9 [ 801.216146][T16877] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000007 [ 801.216158][T16877] RBP: 00007f32d4e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 801.216170][T16877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 801.216181][T16877] R13: 00007f32d4fe6218 R14: 00007f32d4fe6180 R15: 00007ffc1dad8058 [ 801.216200][T16877] [ 801.216207][T16877] [ 801.467467][T16877] Allocated by task 9000: [ 801.471770][T16877] kasan_save_stack+0x33/0x60 [ 801.476434][T16877] kasan_save_track+0x14/0x30 [ 801.481092][T16877] __kasan_kmalloc+0xaa/0xb0 [ 801.485663][T16877] bus_add_driver+0x92/0x690 [ 801.490228][T16877] driver_register+0x15c/0x4b0 [ 801.494970][T16877] c6xdigio_attach+0xa3/0x4b0 [ 801.499627][T16877] comedi_device_attach+0x3b3/0x900 [ 801.504805][T16877] do_devconfig_ioctl+0x1b1/0x710 [ 801.509812][T16877] comedi_unlocked_ioctl+0x165d/0x2f00 [ 801.515257][T16877] __x64_sys_ioctl+0x18e/0x210 [ 801.519997][T16877] do_syscall_64+0xcd/0xfa0 [ 801.524482][T16877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.530352][T16877] [ 801.532650][T16877] Freed by task 16275: [ 801.536688][T16877] kasan_save_stack+0x33/0x60 [ 801.541347][T16877] kasan_save_track+0x14/0x30 [ 801.546005][T16877] __kasan_save_free_info+0x3b/0x60 [ 801.551179][T16877] __kasan_slab_free+0x5f/0x80 [ 801.555924][T16877] kfree+0x2b8/0x6d0 [ 801.559795][T16877] kobject_put+0x1e7/0x5a0 [ 801.564193][T16877] bus_remove_driver+0x16e/0x2c0 [ 801.569105][T16877] driver_unregister+0x76/0xb0 [ 801.573854][T16877] comedi_device_detach_locked+0x12f/0xa50 [ 801.579638][T16877] do_devconfig_ioctl+0x555/0x710 [ 801.584644][T16877] comedi_unlocked_ioctl+0x165d/0x2f00 [ 801.590087][T16877] __x64_sys_ioctl+0x18e/0x210 [ 801.594833][T16877] do_syscall_64+0xcd/0xfa0 [ 801.599316][T16877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.605184][T16877] [ 801.607483][T16877] The buggy address belongs to the object at ffff88801e6b8600 [ 801.607483][T16877] which belongs to the cache kmalloc-256 of size 256 [ 801.621512][T16877] The buggy address is located 48 bytes inside of [ 801.621512][T16877] freed 256-byte region [ffff88801e6b8600, ffff88801e6b8700) [ 801.635195][T16877] [ 801.637495][T16877] The buggy address belongs to the physical page: [ 801.643877][T16877] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801e6b8600 pfn:0x1e6b8 [ 801.653913][T16877] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 801.662384][T16877] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 801.670856][T16877] page_type: f5(slab) [ 801.674815][T16877] raw: 00fff00000000240 ffff88813ff26b40 ffffea0001e9de10 ffffea0001f8c190 [ 801.683377][T16877] raw: ffff88801e6b8600 000000000010000f 00000000f5000000 0000000000000000 [ 801.691936][T16877] head: 00fff00000000240 ffff88813ff26b40 ffffea0001e9de10 ffffea0001f8c190 [ 801.700581][T16877] head: ffff88801e6b8600 000000000010000f 00000000f5000000 0000000000000000 [ 801.709227][T16877] head: 00fff00000000001 ffffea000079ae01 00000000ffffffff 00000000ffffffff [ 801.717873][T16877] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 801.726515][T16877] page dumped because: kasan: bad access detected [ 801.732897][T16877] page_owner tracks the page as allocated [ 801.738585][T16877] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5183, tgid 5183 (udevd), ts 300170617324, free_ts 299906155976 [ 801.758705][T16877] post_alloc_hook+0x1c0/0x230 [ 801.763446][T16877] get_page_from_freelist+0x10a3/0x3a30 [ 801.768970][T16877] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 801.774841][T16877] alloc_pages_mpol+0x1fb/0x550 [ 801.779672][T16877] new_slab+0x24a/0x360 [ 801.783803][T16877] ___slab_alloc+0xdc4/0x1ae0 [ 801.788458][T16877] __slab_alloc.constprop.0+0x63/0x110 [ 801.793894][T16877] __kmalloc_noprof+0x501/0x880 [ 801.798722][T16877] security_inode_init_security+0x13f/0x390 [ 801.804592][T16877] shmem_mknod+0x22e/0x450 [ 801.808990][T16877] lookup_open.isra.0+0x11d3/0x1580 [ 801.814167][T16877] path_openat+0x893/0x2cb0 [ 801.818653][T16877] do_filp_open+0x20b/0x470 [ 801.823135][T16877] do_sys_openat2+0x11b/0x1d0 [ 801.827788][T16877] __x64_sys_openat+0x174/0x210 [ 801.832616][T16877] do_syscall_64+0xcd/0xfa0 [ 801.837100][T16877] page last free pid 8978 tgid 8977 stack trace: [ 801.843401][T16877] __free_frozen_pages+0x7df/0x1160 [ 801.848576][T16877] qlist_free_all+0x4d/0x120 [ 801.853145][T16877] kasan_quarantine_reduce+0x195/0x1e0 [ 801.858583][T16877] __kasan_slab_alloc+0x69/0x90 [ 801.863413][T16877] __kmalloc_cache_noprof+0x274/0x780 [ 801.868761][T16877] bus_add_driver+0x92/0x690 [ 801.873328][T16877] driver_register+0x15c/0x4b0 [ 801.878069][T16877] usb_gadget_register_driver_owner+0x132/0x330 [ 801.884286][T16877] raw_ioctl+0x17d0/0x2c30 [ 801.888678][T16877] __x64_sys_ioctl+0x18e/0x210 [ 801.893418][T16877] do_syscall_64+0xcd/0xfa0 [ 801.897903][T16877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.903773][T16877] [ 801.906075][T16877] Memory state around the buggy address: [ 801.911676][T16877] ffff88801e6b8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 801.919888][T16877] ffff88801e6b8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 801.927927][T16877] >ffff88801e6b8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 801.935960][T16877] ^ [ 801.941568][T16877] ffff88801e6b8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 801.949605][T16877] ffff88801e6b8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 801.957641][T16877] ================================================================== [ 801.966764][T16877] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 801.973962][T16877] CPU: 1 UID: 0 PID: 16877 Comm: syz.0.3593 Not tainted syzkaller #0 PREEMPT(full) [ 801.983322][T16877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 801.993374][T16877] Call Trace: [ 801.996629][T16877] [ 801.999535][T16877] dump_stack_lvl+0x3d/0x1f0 [ 802.004104][T16877] vpanic+0x640/0x6f0 [ 802.008065][T16877] panic+0xca/0xd0 [ 802.011757][T16877] ? __pfx_panic+0x10/0x10 [ 802.016154][T16877] ? sysfs_remove_file_ns+0x63/0x70 [ 802.021347][T16877] ? preempt_schedule_common+0x44/0xc0 [ 802.026782][T16877] ? preempt_schedule_thunk+0x16/0x30 [ 802.032130][T16877] check_panic_on_warn+0xab/0xb0 [ 802.037043][T16877] end_report+0x107/0x170 [ 802.041360][T16877] kasan_report+0xee/0x110 [ 802.045754][T16877] ? sysfs_remove_file_ns+0x63/0x70 [ 802.050940][T16877] sysfs_remove_file_ns+0x63/0x70 [ 802.055939][T16877] driver_remove_file+0x4a/0x60 [ 802.060765][T16877] bus_remove_driver+0x224/0x2c0 [ 802.065671][T16877] driver_unregister+0x76/0xb0 [ 802.070409][T16877] comedi_device_detach_locked+0x12f/0xa50 [ 802.076201][T16877] do_devconfig_ioctl+0x555/0x710 [ 802.081220][T16877] ? __mutex_lock+0x1c5/0x1060 [ 802.085965][T16877] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 802.091491][T16877] ? find_held_lock+0x2b/0x80 [ 802.096139][T16877] comedi_unlocked_ioctl+0x165d/0x2f00 [ 802.101587][T16877] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 802.107373][T16877] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 802.113244][T16877] ? do_vfs_ioctl+0x128/0x14f0 [ 802.117980][T16877] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 802.122974][T16877] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 802.129803][T16877] ? hook_file_ioctl_common+0x145/0x410 [ 802.135323][T16877] ? selinux_file_ioctl+0x180/0x270 [ 802.140504][T16877] ? selinux_file_ioctl+0xb4/0x270 [ 802.145590][T16877] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 802.151373][T16877] __x64_sys_ioctl+0x18e/0x210 [ 802.156109][T16877] do_syscall_64+0xcd/0xfa0 [ 802.160590][T16877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.166454][T16877] RIP: 0033:0x7f32d4d8efc9 [ 802.170855][T16877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 802.190433][T16877] RSP: 002b:00007f32d5bc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 802.198815][T16877] RAX: ffffffffffffffda RBX: 00007f32d4fe6180 RCX: 00007f32d4d8efc9 [ 802.206759][T16877] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000007 [ 802.214712][T16877] RBP: 00007f32d4e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 802.222655][T16877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 802.230599][T16877] R13: 00007f32d4fe6218 R14: 00007f32d4fe6180 R15: 00007ffc1dad8058 [ 802.238544][T16877] [ 802.241739][T16877] Kernel Offset: disabled [ 802.246034][T16877] Rebooting in 86400 seconds..