last executing test programs: 5.431890868s ago: executing program 4 (id=1470): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r0 = socket(0x2a, 0x2, 0x0) ioctl$SIOCSIFMTU(r0, 0x541b, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r3 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r3, 0x8, 0x0, 0xff9e, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffedb, 0x0, 0x0, 0x10, 0x4}, 0x94) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}, 0x1, 0x0, 0x0, 0x48050}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES16=r8], 0x20}}, 0x0) sendmsg$nl_route(r7, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800090400000000000000000a000000000000030000000008001e0001"], 0x24}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000012c0)=ANY=[@ANYBLOB="640000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="003170b70ecf3e52a900000000000000440012800e00010069703601fc7370616e00000030000280140006002001000000000000000000000000000214000700fc02000000d09a40d10d624ca80000009f461200"], 0x64}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000100001000100"/20, @ANYRES32=0x0, @ANYBLOB="2004000000000000ff7f1b0000000000f30d"], 0x28}}, 0x0) recvmmsg$unix(r5, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1}}], 0x4000000000003b9, 0x26022, 0x0) 4.42253139s ago: executing program 4 (id=1476): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="358742"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x4040800) 4.337930785s ago: executing program 4 (id=1477): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xe0, 0xa0, 0x90, 0x10, 0x525, 0x1080, 0x5b44, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x93, 0x0, 0x2, 0x5c, 0x8a, 0x4f, 0x0, [], [{{0x9, 0x5, 0xa, 0x2, 0x20, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x450}}]}}]}}]}}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x1a1) syz_usb_control_io(r0, 0x0, 0x0) 4.151922306s ago: executing program 2 (id=1482): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="9f020000000000007f00000000070708000000000008f800"], 0x18) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) 3.981863104s ago: executing program 2 (id=1485): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000) write$char_usb(r1, &(0x7f0000000bc0)="be", 0x1) syz_usb_disconnect(r0) 3.763373657s ago: executing program 3 (id=1488): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) open_tree(0xffffffffffffff9c, 0x0, 0x1) 3.51786861s ago: executing program 3 (id=1489): ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000140)={0xffffffffffffffff, 0x8, 0xefc1, 0x7ff}) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) 3.497023353s ago: executing program 3 (id=1490): r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ppoll(&(0x7f0000000000)=[{r0, 0x9280}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000480)={0x0, 0xfffd, 0x2000, {0x0, 0x1}, {0x38, 0x2}, @rumble={0x200, 0xe}}) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 2.817889198s ago: executing program 0 (id=1499): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200087fc, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020d00400000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r6}, 0x10) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) r7 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000340)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a3000"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) 2.755641165s ago: executing program 4 (id=1500): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0x5}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x40c, 0x2, [@TCA_BASIC_POLICE={0x408, 0x4, [@TCA_POLICE_RATE={0x404, 0x2, [0x3, 0x8, 0x62, 0x2, 0x0, 0xc, 0x2, 0x7fff, 0x0, 0xffffff70, 0x19, 0xffffffa9, 0x2, 0x7, 0x80000001, 0x7, 0x3, 0x36, 0xc, 0x6, 0x6, 0x5d0bef1f, 0x400, 0x1, 0x837, 0xffffffff, 0x9fec, 0x401, 0x68, 0x9, 0xdd64, 0x1, 0x4, 0x8001, 0xfffffffe, 0x2, 0x0, 0x200, 0xfff, 0xfffffff1, 0x7, 0x4, 0xf, 0x7, 0x7469, 0xb, 0x2, 0x200, 0xff32, 0x6, 0xca, 0x4ec1, 0x1, 0x9, 0x80, 0x0, 0x10000, 0x0, 0xb4, 0x7, 0x6, 0x0, 0x0, 0x8156b2a, 0x2, 0xd5c, 0x4, 0xa0, 0x2, 0x7, 0x4, 0x0, 0x81, 0xff, 0x6, 0xe6b, 0x9, 0xa, 0xc8c, 0x1, 0xd2a, 0x6, 0xf4e, 0x9, 0x3a0, 0x3, 0x10000, 0x7ff, 0x47, 0x1, 0x2, 0x800, 0x3, 0x8, 0x0, 0x6, 0x922e, 0x0, 0x8, 0x3, 0xf, 0x4, 0x2, 0x2c000, 0x80, 0x5, 0x7, 0x2, 0x5, 0x0, 0x9, 0x6, 0x0, 0x3365, 0x1, 0x5, 0xffffffff, 0x1000, 0x0, 0x4, 0x0, 0x1, 0x2, 0x81, 0x111, 0x2, 0x5c20, 0x7f, 0x0, 0xe, 0xfffffffb, 0x6, 0x391, 0x0, 0x0, 0x3, 0x9, 0xc95d90e, 0xff, 0x2, 0x7, 0x7fffffff, 0xc7, 0x4, 0x6, 0x0, 0x9, 0xffffffff, 0x9, 0x1, 0x4, 0x3, 0x7, 0xfffffff9, 0x10, 0x2, 0xfff, 0x2, 0x6, 0x8b4, 0x600000, 0x1, 0x6, 0x0, 0x10000, 0x0, 0x3, 0x5, 0x0, 0x1000, 0x6, 0x9, 0x0, 0x1, 0x81, 0x2, 0xffff6c4b, 0x800, 0x7, 0x5, 0x7fff, 0x8, 0xffffffff, 0x9, 0x6, 0x0, 0x40, 0x67e1, 0x80000000, 0x2, 0x603c, 0x4, 0x1, 0x0, 0xfffffff8, 0x7, 0x3, 0x10, 0x400, 0xfffffe00, 0x1, 0x3, 0x0, 0xffff, 0x4, 0x6, 0x8, 0x0, 0x400, 0x1, 0x87, 0x10, 0x2, 0x0, 0xfffffffd, 0x3, 0x7, 0x616, 0x2, 0x2, 0xd1, 0x2, 0xfffffffc, 0x8, 0xe, 0x800, 0x1, 0x4, 0xd87, 0x80000001, 0x48e0, 0x8, 0x9, 0x40, 0x400, 0x5, 0x1020, 0x4e1b, 0x1, 0x1000, 0x8, 0x4, 0x3, 0x0, 0x2, 0x9, 0x2, 0x3, 0x10001, 0xffff, 0x4d, 0x10000d, 0x8, 0x2, 0x2, 0x8]}]}]}}]}, 0x43c}}, 0x4000) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="070000000000000000000200000008002500000000000c0099"], 0x28}}, 0x0) 2.680994793s ago: executing program 4 (id=1502): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0) ioctl$HIDIOCGREPORT(0xffffffffffffffff, 0x400c4807, &(0x7f0000000040)={0x3, 0x100, 0x7}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"]) 2.569979187s ago: executing program 3 (id=1504): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x10, &(0x7f0000000140)={0x40, 0x0, 0x1, "d0"}, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x0, 0xb, 0x7, &(0x7f0000000040)={0x16, "c6c1f7b51030c4b7c54bf28facb1ed3ee2dfe17a04bc517b5452b3b94bce64509d"}}) 1.993350569s ago: executing program 2 (id=1506): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000100)={0x40, r0, 0x801, 0x0, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "7ee5d52ffd"}]}]}, 0x40}}, 0x40000) 1.896695928s ago: executing program 2 (id=1507): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x14, 0x15, 0xa, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x24040810}, 0x24040808) 1.839641518s ago: executing program 0 (id=1508): r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x639) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x48}, {0x0, 0x2}], 0x2) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x6, 0xfefe, 0x0, 'syz0\x00', 0xfffffefd}, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) 1.782820335s ago: executing program 2 (id=1509): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r0 = socket(0x2a, 0x2, 0x0) ioctl$SIOCSIFMTU(r0, 0x541b, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r3 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r3, 0x8, 0x0, 0xff9e, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffedb, 0x0, 0x0, 0x10, 0x4}, 0x94) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}, 0x1, 0x0, 0x0, 0x48050}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES16=r8], 0x20}}, 0x0) sendmsg$nl_route(r7, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800090400000000000000000a000000000000030000000008001e0001"], 0x24}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000012c0)=ANY=[@ANYBLOB="640000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="003170b70ecf3e52a900000000000000440012800e00010069703601fc7370616e00000030000280140006002001000000000000000000000000000214000700fc02000000d09a40d10d624ca80000009f461200"], 0x64}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000100001000100"/20, @ANYRES32=0x0, @ANYBLOB="2004000000000000ff7f1b0000000000f30d"], 0x28}}, 0x0) recvmmsg$unix(r5, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1}}], 0x4000000000003b9, 0x26022, 0x0) 1.658171485s ago: executing program 0 (id=1511): syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='syscall\x00') connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/fib_triestat\x00') read$FUSE(r1, &(0x7f0000000800)={0x2020}, 0x2020) creat(&(0x7f00000002c0)='./file0\x00', 0x109) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000300)=[0x6], 0x0, 0x0, 0x1}}, 0x40) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) shmctl$SHM_LOCK(0x0, 0xb) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) r3 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x101}) ppoll(&(0x7f0000002280)=[{r3, 0x800}], 0x1, 0x0, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x4, 0x0) futex(0x0, 0x3, 0x801, 0x0, 0x0, 0xfffffffc) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x100000000a, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) 1.133775453s ago: executing program 1 (id=1513): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x28, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x22008000) 989.271919ms ago: executing program 1 (id=1514): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x44884) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB="04010000100001002bbd7000f4dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000008000200140003006e657464657673696d300000000000000a000100aaaaaaaaaaaa0000c4001680c0000180100006"], 0x104}, 0x1, 0x0, 0x0, 0x4044810}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 715.80558ms ago: executing program 0 (id=1515): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$cont(0x20, r0, 0x9, 0x3) ptrace$getregs(0xc, r0, 0x21aa, &(0x7f0000000000)=""/56) 666.81528ms ago: executing program 1 (id=1516): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x78}]}]}, 0x28}}, 0x0) 522.860103ms ago: executing program 3 (id=1517): write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX, @ANYBLOB=',wfdno', @ANYRESHEX]) socket(0xa, 0x3, 0x87) syz_emit_ethernet(0x4e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000001aaaaaaaaaa1586dd6003136c00188700fc0200000000000000000000000000fdff020000000000000000000000000001"], 0x0) 474.034682ms ago: executing program 1 (id=1518): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x1e3003, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000300)) ioctl$SNDCTL_SEQ_RESET(r0, 0x5100) 436.075516ms ago: executing program 0 (id=1519): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000005c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x24, r0, 0x121, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xc}]}, 0x24}, 0x1, 0x0, 0x0, 0x1000}, 0x0) 402.483364ms ago: executing program 1 (id=1520): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000c00)={0x2c, r1, 0x1, 0x0, 0x20000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_BSS_BASIC_RATES={0x4}]}, 0x2c}}, 0x0) 391.514478ms ago: executing program 2 (id=1521): syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='syscall\x00') connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/fib_triestat\x00') read$FUSE(r1, &(0x7f0000000800)={0x2020}, 0x2020) creat(&(0x7f00000002c0)='./file0\x00', 0x109) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000300)=[0x6], 0x0, 0x0, 0x1}}, 0x40) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) write$tcp_mem(0xffffffffffffffff, &(0x7f0000000480)={0x5, 0x20, 0x6, 0x20, 0x7}, 0x48) shmctl$SHM_LOCK(0x0, 0xb) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) r3 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x101}) ppoll(&(0x7f0000002280)=[{r3, 0x800}], 0x1, 0x0, 0x0, 0x0) futex(0x0, 0x3, 0x801, 0x0, 0x0, 0xfffffffc) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x100000000a, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) 381.10837ms ago: executing program 3 (id=1522): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) syz_clone3(&(0x7f0000002340)={0x40082a440, 0x0, 0x0, 0x0, {0x2c}, 0x0, 0x0, 0x0, 0x0}, 0x58) 95.151116ms ago: executing program 4 (id=1523): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x4c, 0x2c, 0xd27, 0xffffffff, 0x0, {0x0, 0x0, 0x0, r1, {0x4, 0xffe0}, {}, {0x1c}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8847}, @TCA_FLOWER_KEY_MPLS_OPTS={0x10, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0xfe}]}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40081}, 0x24000084) 49.756106ms ago: executing program 1 (id=1524): r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'vlan0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x24, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xf, 0x8}, {}, {0x7, 0xfff3}}}, 0x24}}, 0x24040084) 0s ago: executing program 0 (id=1525): syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='syscall\x00') connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/fib_triestat\x00') read$FUSE(r1, &(0x7f0000000800)={0x2020}, 0x2020) creat(&(0x7f00000002c0)='./file0\x00', 0x109) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) shmctl$SHM_LOCK(0x0, 0xb) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) r3 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x101}) ppoll(&(0x7f0000002280)=[{r3, 0x800}], 0x1, 0x0, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x4, 0x0) futex(0x0, 0x3, 0x801, 0x0, 0x0, 0xfffffffc) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x100000000a, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) kernel console output (not intermixed with test programs): 463] ? ns_capable+0xd7/0x110 [ 542.977530][T11463] genl_rcv_msg+0x55c/0x800 [ 542.977562][T11463] ? __pfx_genl_rcv_msg+0x10/0x10 [ 542.977591][T11463] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 542.977623][T11463] netlink_rcv_skb+0x155/0x420 [ 542.977648][T11463] ? __pfx_genl_rcv_msg+0x10/0x10 [ 542.977678][T11463] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 542.977714][T11463] ? netlink_deliver_tap+0x1ae/0xd30 [ 542.977741][T11463] genl_rcv+0x28/0x40 [ 542.977765][T11463] netlink_unicast+0x5aa/0x870 [ 542.977794][T11463] ? __pfx_netlink_unicast+0x10/0x10 [ 542.977820][T11463] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 542.977853][T11463] netlink_sendmsg+0x8c8/0xdd0 [ 542.977883][T11463] ? __pfx_netlink_sendmsg+0x10/0x10 [ 542.977919][T11463] ____sys_sendmsg+0xa95/0xc70 [ 542.977948][T11463] ? copy_msghdr_from_user+0x10a/0x160 [ 542.977971][T11463] ? __pfx_____sys_sendmsg+0x10/0x10 [ 542.978018][T11463] ___sys_sendmsg+0x134/0x1d0 [ 542.978043][T11463] ? __pfx____sys_sendmsg+0x10/0x10 [ 542.978102][T11463] __sys_sendmsg+0x16d/0x220 [ 542.978126][T11463] ? __pfx___sys_sendmsg+0x10/0x10 [ 542.978160][T11463] ? __secure_computing+0x28e/0x3b0 [ 542.978186][T11463] do_syscall_64+0xcd/0x4e0 [ 542.978214][T11463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.978232][T11463] RIP: 0033:0x7fcac958eec9 [ 542.978248][T11463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 542.978266][T11463] RSP: 002b:00007fcaca37c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 542.978284][T11463] RAX: ffffffffffffffda RBX: 00007fcac97e6180 RCX: 00007fcac958eec9 [ 542.978296][T11463] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 542.978308][T11463] RBP: 00007fcac9611f91 R08: 0000000000000000 R09: 0000000000000000 [ 542.978319][T11463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 542.978330][T11463] R13: 00007fcac97e6218 R14: 00007fcac97e6180 R15: 00007fff654cd5a8 [ 542.978356][T11463] [ 543.530784][ T5912] usb 5-1: USB disconnect, device number 12 [ 543.562214][ T5970] usb 3-1: USB disconnect, device number 18 [ 543.819417][ T30] kauditd_printk_skb: 32 callbacks suppressed [ 543.819447][ T30] audit: type=1400 audit(1759626841.688:2673): avc: denied { write } for pid=11478 comm="syz.1.950" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 544.059527][ T30] audit: type=1400 audit(1759626841.998:2674): avc: denied { read } for pid=5491 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 544.319277][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5780 ms [ 544.327277][ C1] lec:lec_tx_timeout: lec0 [ 544.376633][ T30] audit: type=1400 audit(1759626842.178:2675): avc: denied { write } for pid=11484 comm="syz.4.952" name="fib_triestat" dev="proc" ino=4026533200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 544.559564][ T30] audit: type=1400 audit(1759626842.358:2676): avc: denied { create } for pid=11486 comm="syz.1.951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 544.893347][T11498] mkiss: ax0: crc mode is auto. [ 545.090942][ T30] audit: type=1400 audit(1759626843.038:2677): avc: denied { bind } for pid=11486 comm="syz.1.951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 545.303438][ T30] audit: type=1400 audit(1759626843.038:2678): avc: denied { listen } for pid=11486 comm="syz.1.951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 545.776301][ T30] audit: type=1400 audit(1759626843.038:2679): avc: denied { write } for pid=11486 comm="syz.1.951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 545.846085][ T30] audit: type=1400 audit(1759626843.038:2680): avc: denied { accept } for pid=11486 comm="syz.1.951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 545.906962][ T30] audit: type=1400 audit(1759626843.288:2681): avc: denied { search } for pid=5491 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 545.977770][ T30] audit: type=1400 audit(1759626843.288:2682): avc: denied { search } for pid=5491 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 546.749399][ T6796] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 546.757315][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 546.909348][ T6796] usb 3-1: device descriptor read/64, error -32 [ 547.185312][ T6796] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 547.666312][T11543] netlink: 16 bytes leftover after parsing attributes in process `syz.1.966'. [ 547.684312][T11543] netlink: 'syz.1.966': attribute type 16 has an invalid length. [ 547.692139][T11543] netlink: 'syz.1.966': attribute type 17 has an invalid length. [ 547.699982][T11543] netlink: 'syz.1.966': attribute type 27 has an invalid length. [ 548.063178][ T6796] usb 3-1: Using ep0 maxpacket: 8 [ 548.071520][T11544] netlink: 8 bytes leftover after parsing attributes in process `syz.3.964'. [ 548.082808][ T6796] usb 3-1: config 0 has an invalid interface number: 234 but max is 2 [ 548.106348][ T6796] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 3 [ 548.163986][ T6796] usb 3-1: config 0 has no interface number 1 [ 548.182162][ T6796] usb 3-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=47.83 [ 548.191299][ T6796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.223206][ T6796] usb 3-1: Product: syz [ 548.229303][ T6796] usb 3-1: Manufacturer: syz [ 548.239317][ T6796] usb 3-1: SerialNumber: syz [ 548.299993][ T6796] usb 3-1: config 0 descriptor?? [ 548.380813][ T6796] usb 3-1: unknown number of interfaces: 2 [ 548.527606][ T6796] usb 3-1: USB disconnect, device number 20 [ 548.769660][T11565] netlink: 12 bytes leftover after parsing attributes in process `syz.3.971'. [ 549.427791][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 549.427806][ T30] audit: type=1400 audit(1759626847.388:2693): avc: denied { create } for pid=11567 comm="syz.2.976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 549.544002][ T30] audit: type=1400 audit(1759626847.428:2694): avc: denied { write } for pid=11567 comm="syz.2.976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 549.638940][T11573] fuse: Unknown parameter '0x0000000000000003' [ 550.138332][ T30] audit: type=1400 audit(1759626847.478:2695): avc: denied { read } for pid=11574 comm="syz.3.977" name="card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 550.370666][T11579] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 550.453779][ T30] audit: type=1400 audit(1759626847.478:2696): avc: denied { open } for pid=11574 comm="syz.3.977" path="/dev/dri/card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 550.584374][ T30] audit: type=1400 audit(1759626847.598:2697): avc: denied { read write } for pid=11568 comm="syz.0.974" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 550.637807][ T30] audit: type=1400 audit(1759626847.598:2698): avc: denied { open } for pid=11568 comm="syz.0.974" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 550.687147][T11584] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 550.714013][ T30] audit: type=1400 audit(1759626847.598:2699): avc: denied { mounton } for pid=11568 comm="syz.0.974" path="/183/file0" dev="tmpfs" ino=996 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 550.759490][ T30] audit: type=1400 audit(1759626847.618:2700): avc: denied { ioctl } for pid=11574 comm="syz.3.977" path="/dev/dri/card0" dev="devtmpfs" ino=626 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 551.699469][ T30] audit: type=1400 audit(1759626847.618:2701): avc: denied { allowed } for pid=11568 comm="syz.0.974" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 551.882198][T11600] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 551.949314][ T30] audit: type=1400 audit(1759626848.528:2702): avc: denied { read write } for pid=11574 comm="syz.3.977" name="nullb0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 552.169343][ T5970] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 552.309993][T11607] netlink: 68 bytes leftover after parsing attributes in process `syz.0.982'. [ 552.321997][T11607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.982'. [ 552.593948][ T5970] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 552.630702][ T5970] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 552.664987][ T5970] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 552.733923][ T5970] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 552.750671][ T5970] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.900083][ T5970] usb 3-1: Product: syz [ 552.977201][T11627] netlink: 8 bytes leftover after parsing attributes in process `syz.4.989'. [ 553.040330][ T5970] usb 3-1: Manufacturer: syz [ 553.055459][T11627] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 553.066164][ T5970] usb 3-1: SerialNumber: syz [ 553.263502][ T5970] hub 3-1:1.0: bad descriptor, ignoring hub [ 553.311939][T11627] block device autoloading is deprecated and will be removed. [ 553.324061][T11455] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 553.479672][ T5970] hub 3-1:1.0: probe with driver hub failed with error -5 [ 553.834359][ T5970] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 21 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 553.861998][T11455] usb 4-1: config 0 has an invalid interface number: 11 but max is 0 [ 553.873328][T11455] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 553.909284][T11455] usb 4-1: config 0 has no interface number 0 [ 553.915440][T11455] usb 4-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 554.042644][T11455] usb 4-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 554.057065][T11455] usb 4-1: config 0 interface 11 has no altsetting 0 [ 554.065157][T11455] usb 4-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 554.074207][T11455] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.149811][T11640] siw: device registration error -23 [ 554.203977][ T5970] usb 3-1: USB disconnect, device number 21 [ 554.531711][ T5970] usblp0: removed [ 554.536100][T11455] usb 4-1: config 0 descriptor?? [ 554.563129][T11455] keyspan 4-1:0.11: Keyspan 2 port adapter converter detected [ 554.613190][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 7 [ 554.643712][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 81 [ 554.659591][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 82 [ 554.685066][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 1 [ 554.701449][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 2 [ 554.772132][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 85 [ 554.786254][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 5 [ 554.807818][T11455] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 554.881027][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 83 [ 554.888880][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 84 [ 554.899384][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 3 [ 554.909482][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 4 [ 554.930271][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 86 [ 554.951153][T11455] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 6 [ 554.987244][T11455] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 555.247810][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 555.247825][ T30] audit: type=1326 audit(1759626853.208:2711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11653 comm="syz.1.1000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 555.278512][ T30] audit: type=1326 audit(1759626853.208:2712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11653 comm="syz.1.1000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 555.303209][ T30] audit: type=1326 audit(1759626853.208:2713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11653 comm="syz.1.1000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 555.422159][T11660] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1001'. [ 555.539475][ T30] audit: type=1400 audit(1759626853.208:2714): avc: denied { write } for pid=11653 comm="syz.1.1000" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 555.607193][ T30] audit: type=1326 audit(1759626853.208:2715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11653 comm="syz.1.1000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 555.658000][ T30] audit: type=1326 audit(1759626853.208:2716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11653 comm="syz.1.1000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 555.856327][ T30] audit: type=1400 audit(1759626853.208:2717): avc: denied { create } for pid=11653 comm="syz.1.1000" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 556.001998][T11666] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1002'. [ 556.011990][T11666] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1002'. [ 556.049410][ T30] audit: type=1326 audit(1759626853.208:2718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11653 comm="syz.1.1000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f036458ef03 code=0x7ffc0000 [ 556.140685][ T30] audit: type=1400 audit(1759626853.208:2719): avc: denied { map } for pid=11653 comm="syz.1.1000" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=31359 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 556.220449][ T30] audit: type=1400 audit(1759626853.208:2720): avc: denied { read write } for pid=11653 comm="syz.1.1000" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=31359 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 556.304706][T11670] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 556.316584][T11670] CPU: 1 UID: 0 PID: 11670 Comm: syz.2.1003 Not tainted syzkaller #0 PREEMPT(full) [ 556.316614][T11670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 556.316625][T11670] Call Trace: [ 556.316632][T11670] [ 556.316639][T11670] dump_stack_lvl+0x16c/0x1f0 [ 556.316670][T11670] sysfs_warn_dup+0x7f/0xa0 [ 556.316697][T11670] sysfs_do_create_link_sd+0x124/0x140 [ 556.316727][T11670] sysfs_create_link+0x61/0xc0 [ 556.316754][T11670] device_add+0x62c/0x1aa0 [ 556.316775][T11670] ? __pfx_device_add+0x10/0x10 [ 556.316793][T11670] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 556.316822][T11670] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 556.316852][T11670] wiphy_register+0x1eb0/0x2b20 [ 556.316878][T11670] ? netdev_run_todo+0x864/0x1320 [ 556.316902][T11670] ? __dev_printk+0x1c0/0x270 [ 556.316933][T11670] ? __pfx_wiphy_register+0x10/0x10 [ 556.316969][T11670] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 556.317000][T11670] ieee80211_register_hw+0x253d/0x4120 [ 556.317038][T11670] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 556.317065][T11670] ? __pfx___debug_object_init+0x10/0x10 [ 556.317100][T11670] ? find_held_lock+0x2b/0x80 [ 556.317128][T11670] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 556.317155][T11670] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 556.317181][T11670] ? __hrtimer_setup+0x176/0x280 [ 556.317209][T11670] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 556.317247][T11670] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 556.317271][T11670] ? __asan_memcpy+0x3c/0x60 [ 556.317294][T11670] hwsim_new_radio_nl+0xba2/0x1330 [ 556.317318][T11670] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 556.317349][T11670] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 556.317380][T11670] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 556.317416][T11670] genl_family_rcv_msg_doit+0x206/0x2f0 [ 556.317448][T11670] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 556.317486][T11670] ? bpf_lsm_capable+0x9/0x10 [ 556.317509][T11670] ? security_capable+0x7e/0x260 [ 556.317540][T11670] ? ns_capable+0xd7/0x110 [ 556.317568][T11670] genl_rcv_msg+0x55c/0x800 [ 556.317599][T11670] ? __pfx_genl_rcv_msg+0x10/0x10 [ 556.317635][T11670] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 556.317667][T11670] netlink_rcv_skb+0x155/0x420 [ 556.317693][T11670] ? __pfx_genl_rcv_msg+0x10/0x10 [ 556.317724][T11670] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 556.317763][T11670] ? netlink_deliver_tap+0x1ae/0xd30 [ 556.317793][T11670] genl_rcv+0x28/0x40 [ 556.317819][T11670] netlink_unicast+0x5aa/0x870 [ 556.317848][T11670] ? __pfx_netlink_unicast+0x10/0x10 [ 556.317870][T11670] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 556.317902][T11670] netlink_sendmsg+0x8c8/0xdd0 [ 556.317927][T11670] ? __pfx_netlink_sendmsg+0x10/0x10 [ 556.317948][T11670] ____sys_sendmsg+0xa95/0xc70 [ 556.317966][T11670] ? copy_msghdr_from_user+0x10a/0x160 [ 556.317980][T11670] ? __pfx_____sys_sendmsg+0x10/0x10 [ 556.318004][T11670] ___sys_sendmsg+0x134/0x1d0 [ 556.318018][T11670] ? __pfx____sys_sendmsg+0x10/0x10 [ 556.318052][T11670] __sys_sendmsg+0x16d/0x220 [ 556.318066][T11670] ? __pfx___sys_sendmsg+0x10/0x10 [ 556.318085][T11670] ? __secure_computing+0x28e/0x3b0 [ 556.318100][T11670] do_syscall_64+0xcd/0x4e0 [ 556.318116][T11670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.318128][T11670] RIP: 0033:0x7fcac958eec9 [ 556.318138][T11670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 556.318150][T11670] RSP: 002b:00007fcaca37c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 556.318161][T11670] RAX: ffffffffffffffda RBX: 00007fcac97e6180 RCX: 00007fcac958eec9 [ 556.318168][T11670] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 556.318174][T11670] RBP: 00007fcac9611f91 R08: 0000000000000000 R09: 0000000000000000 [ 556.318181][T11670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 556.318187][T11670] R13: 00007fcac97e6218 R14: 00007fcac97e6180 R15: 00007fff654cd5a8 [ 556.318202][T11670] [ 556.869954][ T6796] usb 4-1: USB disconnect, device number 13 [ 556.911403][ T6796] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 556.938945][ T6796] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 557.160490][ T6796] keyspan 4-1:0.11: device disconnected [ 557.902057][T11686] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1010'. [ 557.946090][T11686] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 558.249427][ T6796] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 558.274353][T11702] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1012'. [ 558.284838][T11702] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1012'. [ 558.409452][ T6796] usb 4-1: Using ep0 maxpacket: 8 [ 558.416128][ T6796] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 558.438158][ T6796] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 558.472759][ T6796] usb 4-1: config 0 has no interface number 0 [ 558.493995][ T6796] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 558.503250][ T6796] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.528933][ T6796] usb 4-1: Product: syz [ 558.542582][ T6796] usb 4-1: Manufacturer: syz [ 558.558866][ T6796] usb 4-1: SerialNumber: syz [ 558.578114][ T6796] usb 4-1: config 0 descriptor?? [ 558.895606][ T6796] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 558.902846][ T6796] uvcvideo 4-1:0.31: No valid video chain found. [ 559.663829][ T6796] usb 4-1: USB disconnect, device number 14 [ 560.378702][T11751] netlink: 'syz.1.1031': attribute type 27 has an invalid length. [ 560.771936][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 560.771952][ T30] audit: type=1400 audit(1759626858.738:2757): avc: denied { setopt } for pid=11748 comm="syz.0.1034" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 561.175402][T11770] netlink: 'syz.0.1038': attribute type 27 has an invalid length. [ 561.387463][T11772] tmpfs: Bad value for 'mpol' [ 561.759319][ T30] audit: type=1326 audit(1759626859.578:2758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11768 comm="syz.4.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 561.855136][ T30] audit: type=1326 audit(1759626859.578:2759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11768 comm="syz.4.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 561.879029][ C1] vkms_vblank_simulate: vblank timer overrun [ 561.886552][ T30] audit: type=1326 audit(1759626859.578:2760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11768 comm="syz.4.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 561.909983][ C1] vkms_vblank_simulate: vblank timer overrun [ 562.021366][ T30] audit: type=1326 audit(1759626859.578:2761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11768 comm="syz.4.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 562.044724][ C1] vkms_vblank_simulate: vblank timer overrun [ 562.357640][T11789] netlink: 'syz.1.1046': attribute type 27 has an invalid length. [ 562.642720][ T30] audit: type=1326 audit(1759626859.578:2762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11768 comm="syz.4.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 562.649156][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.666266][ T30] audit: type=1326 audit(1759626859.588:2763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11768 comm="syz.4.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 562.676715][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.781438][ T1294] lec:lec_start_xmit: lec0:No lecd attached [ 563.072009][ T30] audit: type=1326 audit(1759626859.588:2764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11768 comm="syz.4.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 563.111256][T11796] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1051'. [ 563.125514][ T30] audit: type=1326 audit(1759626859.588:2765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11768 comm="syz.4.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 563.214398][ T30] audit: type=1326 audit(1759626859.588:2766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11768 comm="syz.4.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 563.482755][T11810] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1055'. [ 563.708456][T11813] netlink: 'syz.0.1054': attribute type 27 has an invalid length. [ 564.294530][T11806] lo speed is unknown, defaulting to 1000 [ 564.544421][T11802] lec:lec_atm_close: lec0: Shut down! [ 564.797181][T11830] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1061'. [ 565.973808][T11806] tunl0 speed is unknown, defaulting to 1000 [ 566.192953][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 566.192969][ T30] audit: type=1400 audit(1759626864.158:2779): avc: denied { read } for pid=11859 comm="syz.1.1074" name="event2" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 566.229560][ T30] audit: type=1400 audit(1759626864.158:2780): avc: denied { open } for pid=11859 comm="syz.1.1074" path="/dev/input/event2" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 566.255126][ T30] audit: type=1400 audit(1759626864.198:2781): avc: denied { ioctl } for pid=11859 comm="syz.1.1074" path="/dev/input/event2" dev="devtmpfs" ino=921 ioctlcmd=0x4592 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 566.294255][T11806] lo speed is unknown, defaulting to 1000 [ 566.333126][ T30] audit: type=1400 audit(1759626864.298:2782): avc: denied { create } for pid=11861 comm="syz.1.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 566.393753][ T30] audit: type=1400 audit(1759626864.298:2783): avc: denied { setopt } for pid=11861 comm="syz.1.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 566.663713][T11872] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1077'. [ 567.106348][ T30] audit: type=1400 audit(1759626865.068:2784): avc: denied { read } for pid=11876 comm="syz.3.1082" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 567.196186][ T30] audit: type=1400 audit(1759626865.068:2785): avc: denied { open } for pid=11876 comm="syz.3.1082" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 567.248801][ T30] audit: type=1400 audit(1759626865.068:2786): avc: denied { ioctl } for pid=11876 comm="syz.3.1082" path="/dev/binderfs/binder0" dev="binder" ino=13 ioctlcmd=0x6211 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 567.321756][ T30] audit: type=1400 audit(1759626865.278:2787): avc: denied { read } for pid=11884 comm="syz.3.1085" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 567.719639][T11911] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1098'. [ 567.740393][ T30] audit: type=1400 audit(1759626865.688:2788): avc: denied { bind } for pid=11907 comm="syz.0.1096" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 567.998111][T11918] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1097'. [ 568.056186][T11922] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1097'. [ 568.292901][T11929] dlm: no local IP address has been set [ 568.299538][T11929] dlm: cannot start dlm midcomms -107 [ 568.785623][T11939] netlink: 'syz.2.1109': attribute type 1 has an invalid length. [ 568.814656][T11939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1109'. [ 569.659900][T11967] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1118'. [ 570.309255][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5770 ms [ 570.317271][ C1] lec:lec_tx_timeout: lec0 [ 570.367474][T11973] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 571.305928][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 571.305943][ T30] audit: type=1326 audit(1759626869.268:2797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11982 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9178eec9 code=0x7ffc0000 [ 571.875415][ T30] audit: type=1326 audit(1759626869.308:2798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11982 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9178eec9 code=0x7ffc0000 [ 571.989328][ T30] audit: type=1326 audit(1759626869.308:2799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11982 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6e9178eec9 code=0x7ffc0000 [ 572.085409][ T30] audit: type=1326 audit(1759626869.308:2800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11982 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9178eec9 code=0x7ffc0000 [ 572.150340][ T30] audit: type=1326 audit(1759626869.308:2801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11982 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9178eec9 code=0x7ffc0000 [ 572.215205][ T30] audit: type=1326 audit(1759626869.308:2802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11982 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f6e9178eec9 code=0x7ffc0000 [ 572.329848][ T30] audit: type=1326 audit(1759626869.308:2803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11982 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6e9178ef03 code=0x7ffc0000 [ 572.359332][ T30] audit: type=1326 audit(1759626869.338:2804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11982 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6e9178ef03 code=0x7ffc0000 [ 572.383338][T11455] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 572.841766][T11455] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 572.857245][T11455] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 572.889272][T11455] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 572.905212][T12019] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 572.949185][T11455] usb 4-1: config 220 has no interface number 2 [ 572.972270][ T30] audit: type=1326 audit(1759626869.338:2805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11982 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9178eec9 code=0x7ffc0000 [ 572.975550][T11455] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 573.117204][ T30] audit: type=1326 audit(1759626869.338:2806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11982 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9178eec9 code=0x7ffc0000 [ 573.158665][T11455] usb 4-1: config 220 interface 0 has no altsetting 0 [ 573.168246][T11455] usb 4-1: config 220 interface 76 has no altsetting 0 [ 573.205475][T11455] usb 4-1: config 220 interface 1 has no altsetting 0 [ 573.215556][T11455] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 573.224758][T11455] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.233491][T11455] usb 4-1: Product: syz [ 573.237897][T11455] usb 4-1: Manufacturer: syz [ 573.242588][T11455] usb 4-1: SerialNumber: syz [ 573.489330][ T5970] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 573.680566][ T5970] usb 2-1: Using ep0 maxpacket: 16 [ 573.710049][ T5970] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 573.732579][ T5970] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.742179][ T5970] usb 2-1: Product: syz [ 573.746388][ T5970] usb 2-1: Manufacturer: syz [ 573.752300][ T5970] usb 2-1: SerialNumber: syz [ 574.140514][T11455] usb 4-1: selecting invalid altsetting 0 [ 574.153724][T11455] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 574.192324][ T5970] usb 2-1: config 0 descriptor?? [ 574.197322][T11455] uvcvideo 4-1:220.0: No valid video chain found. [ 574.212127][ T5970] visor 2-1:0.0: Sony Clie 3.5 converter detected [ 574.238925][T11455] usb 4-1: selecting invalid altsetting 0 [ 574.258910][T11455] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 574.294309][T11455] usb 4-1: USB disconnect, device number 15 [ 574.417414][T12051] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1145'. [ 574.423241][ T5970] usb 2-1: clie_3_5_startup: get config number bad return length: 0 [ 574.507101][ T5970] visor 2-1:0.0: probe with driver visor failed with error -5 [ 574.703253][ T5970] usb 2-1: USB disconnect, device number 14 [ 575.219182][T12084] netlink: 'syz.2.1155': attribute type 3 has an invalid length. [ 575.232370][T12084] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1155'. [ 575.259341][ T6796] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 575.453018][ T6796] usb 5-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76 [ 575.469336][ T6796] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 575.482970][ T6796] usb 5-1: Product: syz [ 575.487131][ T6796] usb 5-1: Manufacturer: syz [ 575.544109][ T6796] usb 5-1: SerialNumber: syz [ 575.561061][ T6796] usb 5-1: config 0 descriptor?? [ 575.745066][T12114] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1161'. [ 575.776699][ T6796] usb 5-1: ignoring: not an USB2CAN converter [ 576.130347][ T6796] usb 5-1: USB disconnect, device number 13 [ 576.569389][ T6806] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 576.730813][ T6806] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 576.758132][ T6806] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 576.825992][ T6806] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 576.855370][ T6806] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.888456][T12130] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 576.916197][ T6806] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 576.994894][ T5970] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 577.088266][ T30] kauditd_printk_skb: 116 callbacks suppressed [ 577.088281][ T30] audit: type=1400 audit(1759626875.048:2923): avc: denied { mount } for pid=12148 comm="syz.1.1171" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 577.099072][T12149] max out of range [ 577.145555][ T30] audit: type=1400 audit(1759626875.058:2924): avc: denied { remount } for pid=12148 comm="syz.1.1171" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 577.168724][ T6806] usb 3-1: USB disconnect, device number 22 [ 577.175058][ T5970] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.179300][ T30] audit: type=1400 audit(1759626875.118:2925): avc: denied { ioctl } for pid=12150 comm="syz.0.1173" path="cgroup:[4026532840]" dev="nsfs" ino=4026532840 ioctlcmd=0x640a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 577.209269][ T5970] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 577.210885][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.242578][ T5970] usb 5-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 577.244727][ T30] audit: type=1400 audit(1759626875.208:2926): avc: denied { unmount } for pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 577.254201][ T5970] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.288790][ T5970] usb 5-1: config 0 descriptor?? [ 577.711603][ T30] audit: type=1400 audit(1759626875.668:2927): avc: denied { write } for pid=12164 comm="syz.0.1177" path="socket:[33501]" dev="sockfs" ino=33501 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 577.863822][T12171] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1178'. [ 577.888104][T12171] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1178'. [ 577.895059][ T5970] razer 0003:1532:010E.0002: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.4-1/input0 [ 578.148801][ T5970] usb 5-1: USB disconnect, device number 14 [ 578.221338][ T30] audit: type=1400 audit(1759626876.188:2928): avc: denied { append } for pid=12178 comm="syz.0.1182" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 578.750153][T12172] fido_id[12172]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 579.128820][T12195] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 579.778795][ T30] audit: type=1400 audit(1759626877.738:2929): avc: denied { create } for pid=12203 comm="syz.2.1189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 579.811387][ T30] audit: type=1400 audit(1759626877.738:2930): avc: denied { connect } for pid=12203 comm="syz.2.1189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 579.922766][ T6806] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 579.946591][ T30] audit: type=1326 audit(1759626877.828:2931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12199 comm="syz.1.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 580.139309][ T6806] usb 1-1: Using ep0 maxpacket: 8 [ 580.163653][ T6806] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 580.215595][ T30] audit: type=1326 audit(1759626877.828:2932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12199 comm="syz.1.1187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 580.239316][ T6806] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.247323][ T6806] usb 1-1: Product: syz [ 580.400594][ T6806] usb 1-1: Manufacturer: syz [ 580.405342][ T6806] usb 1-1: SerialNumber: syz [ 580.411919][ T6806] usb 1-1: config 0 descriptor?? [ 580.724920][ T6806] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 581.112970][T12230] netlink: 'syz.3.1198': attribute type 3 has an invalid length. [ 581.138287][ T6806] usb write operation failed. (-71) [ 581.146700][ T6806] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 581.189807][ T6806] dvbdev: DVB: registering new adapter (Terratec H7) [ 581.204482][ T6806] usb 1-1: media controller created [ 581.233699][ T6806] usb read operation failed. (-71) [ 581.270710][ T6806] usb write operation failed. (-71) [ 581.310579][ T6806] dvb_usb_az6007 1-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 581.356193][ T6806] usb 1-1: USB disconnect, device number 21 [ 581.501743][T12240] netdevsim netdevsim1: Direct firmware load for  failed with error -2 [ 581.510199][T12240] netdevsim netdevsim1: Falling back to sysfs fallback for:  [ 581.616706][T12250] netlink: 'syz.4.1206': attribute type 1 has an invalid length. [ 582.937729][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 582.937744][ T30] audit: type=1326 audit(1759626880.898:2992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12247 comm="syz.3.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6058eec9 code=0x7ffc0000 [ 583.250761][ T30] audit: type=1326 audit(1759626881.218:2993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12247 comm="syz.3.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6058eec9 code=0x7ffc0000 [ 583.338265][ T30] audit: type=1400 audit(1759626881.258:2994): avc: denied { read write } for pid=12267 comm="syz.1.1212" name="nvram" dev="devtmpfs" ino=622 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 583.362698][ T30] audit: type=1400 audit(1759626881.258:2995): avc: denied { open } for pid=12267 comm="syz.1.1212" path="/dev/nvram" dev="devtmpfs" ino=622 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 583.386585][ T30] audit: type=1326 audit(1759626881.298:2996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12247 comm="syz.3.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7ffa6058eec9 code=0x7ffc0000 [ 583.434994][ T30] audit: type=1400 audit(1759626881.398:2997): avc: denied { recv } for pid=5809 comm="syz-executor" saddr=10.128.0.169 src=30006 daddr=10.128.1.39 dest=51286 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 583.496296][ T30] audit: type=1400 audit(1759626881.458:2998): avc: denied { sqpoll } for pid=12271 comm="syz.0.1213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 583.530371][ T30] audit: type=1326 audit(1759626881.498:2999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12247 comm="syz.3.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6058eec9 code=0x7ffc0000 [ 583.565469][ T30] audit: type=1326 audit(1759626881.498:3000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12247 comm="syz.3.1205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6058eec9 code=0x7ffc0000 [ 583.628940][ T6806] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 583.637022][ T30] audit: type=1400 audit(1759626881.568:3001): avc: denied { create } for pid=12276 comm="syz.1.1215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 583.867252][ T6806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 583.878836][ T6806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 583.888731][ T6806] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 583.897899][ T6806] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.044142][ T5970] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 584.159784][ T6806] usb 3-1: config 0 descriptor?? [ 584.252122][ T5970] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 584.266349][ T5970] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 584.304182][ T5970] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 584.337915][ T5970] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 584.439005][ T5970] usb 1-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 584.451678][ T5970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.459844][ T5970] usb 1-1: Product: syz [ 584.464065][ T5970] usb 1-1: Manufacturer: syz [ 584.468642][ T5970] usb 1-1: SerialNumber: syz [ 584.546108][ T5970] usb 1-1: config 0 descriptor?? [ 584.574136][ T5970] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input16 [ 584.599305][ T5912] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 584.707477][ T6806] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 584.720638][ T6806] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 584.750008][ T6806] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0003/input/input17 [ 585.096006][ T5912] usb 4-1: Using ep0 maxpacket: 16 [ 585.129134][ T5912] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 585.147782][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.161820][ T6806] cm6533_jd 0003:0D8C:0022.0003: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 585.186743][ T5912] usb 4-1: Product: syz [ 585.203074][ T5912] usb 4-1: Manufacturer: syz [ 585.214222][ T5912] usb 4-1: SerialNumber: syz [ 585.243257][ T5970] usb 1-1: USB disconnect, device number 22 [ 585.258707][ T5912] r8152-cfgselector 4-1: Unknown version 0x0000 [ 585.274255][ T5912] r8152-cfgselector 4-1: config 0 descriptor?? [ 585.288938][ T5912] hub 4-1:0.0: bad descriptor, ignoring hub [ 585.301404][ T5912] hub 4-1:0.0: probe with driver hub failed with error -5 [ 585.324924][ T6806] usb 3-1: USB disconnect, device number 23 [ 585.691293][T12306] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 585.698975][T12306] CPU: 0 UID: 0 PID: 12306 Comm: syz.4.1223 Not tainted syzkaller #0 PREEMPT(full) [ 585.698999][T12306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 585.699011][T12306] Call Trace: [ 585.699018][T12306] [ 585.699026][T12306] dump_stack_lvl+0x16c/0x1f0 [ 585.699055][T12306] sysfs_warn_dup+0x7f/0xa0 [ 585.699083][T12306] sysfs_do_create_link_sd+0x124/0x140 [ 585.699112][T12306] sysfs_create_link+0x61/0xc0 [ 585.699140][T12306] device_add+0x62c/0x1aa0 [ 585.699162][T12306] ? __pfx_device_add+0x10/0x10 [ 585.699179][T12306] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 585.699213][T12306] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 585.699247][T12306] wiphy_register+0x1eb0/0x2b20 [ 585.699271][T12306] ? netdev_run_todo+0x864/0x1320 [ 585.699294][T12306] ? __dev_printk+0x1c0/0x270 [ 585.699324][T12306] ? __pfx_wiphy_register+0x10/0x10 [ 585.699361][T12306] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 585.699389][T12306] ieee80211_register_hw+0x253d/0x4120 [ 585.699425][T12306] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 585.699443][T12306] ? __pfx___debug_object_init+0x10/0x10 [ 585.699464][T12306] ? find_held_lock+0x2b/0x80 [ 585.699480][T12306] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 585.699496][T12306] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 585.699512][T12306] ? __hrtimer_setup+0x176/0x280 [ 585.699527][T12306] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 585.699549][T12306] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 585.699563][T12306] ? __asan_memcpy+0x3c/0x60 [ 585.699575][T12306] hwsim_new_radio_nl+0xba2/0x1330 [ 585.699589][T12306] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 585.699607][T12306] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 585.699625][T12306] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 585.699646][T12306] genl_family_rcv_msg_doit+0x206/0x2f0 [ 585.699665][T12306] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 585.699686][T12306] ? bpf_lsm_capable+0x9/0x10 [ 585.699700][T12306] ? security_capable+0x7e/0x260 [ 585.699718][T12306] ? ns_capable+0xd7/0x110 [ 585.699735][T12306] genl_rcv_msg+0x55c/0x800 [ 585.699752][T12306] ? __pfx_genl_rcv_msg+0x10/0x10 [ 585.699770][T12306] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 585.699787][T12306] netlink_rcv_skb+0x155/0x420 [ 585.699802][T12306] ? __pfx_genl_rcv_msg+0x10/0x10 [ 585.699819][T12306] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 585.699840][T12306] ? netlink_deliver_tap+0x1ae/0xd30 [ 585.699857][T12306] genl_rcv+0x28/0x40 [ 585.699871][T12306] netlink_unicast+0x5aa/0x870 [ 585.699888][T12306] ? __pfx_netlink_unicast+0x10/0x10 [ 585.699902][T12306] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 585.699922][T12306] netlink_sendmsg+0x8c8/0xdd0 [ 585.699939][T12306] ? __pfx_netlink_sendmsg+0x10/0x10 [ 585.699960][T12306] ____sys_sendmsg+0xa95/0xc70 [ 585.699977][T12306] ? copy_msghdr_from_user+0x10a/0x160 [ 585.699991][T12306] ? __pfx_____sys_sendmsg+0x10/0x10 [ 585.700014][T12306] ___sys_sendmsg+0x134/0x1d0 [ 585.700029][T12306] ? __pfx____sys_sendmsg+0x10/0x10 [ 585.700061][T12306] __sys_sendmsg+0x16d/0x220 [ 585.700075][T12306] ? __pfx___sys_sendmsg+0x10/0x10 [ 585.700088][T12306] ? __x64_sys_futex+0x1e0/0x4c0 [ 585.700109][T12306] do_syscall_64+0xcd/0x4e0 [ 585.700125][T12306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.700136][T12306] RIP: 0033:0x7fd42458eec9 [ 585.700146][T12306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 585.700158][T12306] RSP: 002b:00007fd4227b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 585.700169][T12306] RAX: ffffffffffffffda RBX: 00007fd4247e6180 RCX: 00007fd42458eec9 [ 585.700176][T12306] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000005 [ 585.700183][T12306] RBP: 00007fd424611f91 R08: 0000000000000000 R09: 0000000000000000 [ 585.700190][T12306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 585.700204][T12306] R13: 00007fd4247e6218 R14: 00007fd4247e6180 R15: 00007ffe7d591cb8 [ 585.700219][T12306] [ 586.679882][ T6796] r8152-cfgselector 4-1: reset high-speed USB device number 16 using dummy_hcd [ 587.050063][T12326] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1230'. [ 587.167125][T12330] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 587.489509][ T6796] r8152-cfgselector 4-1: USB disconnect, device number 16 [ 587.769535][ T5970] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 587.999846][ T5970] usb 3-1: Using ep0 maxpacket: 16 [ 588.016422][ T5970] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 588.029348][ T5970] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 588.123799][T12357] 8021q: adding VLAN 0 to HW filter on device team0 [ 588.131690][T12357] batman_adv: batadv0: Interface activated: team0 [ 588.463529][T12357] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 588.489412][ T5970] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 588.498473][ T5970] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.648136][ T5970] usb 3-1: config 0 descriptor?? [ 589.206194][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 589.206209][ T30] audit: type=1400 audit(1759626887.168:3061): avc: denied { write } for pid=12365 comm="syz.4.1246" name="event3" dev="devtmpfs" ino=1000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 589.280622][ T5970] hid-multitouch 0003:1FD2:6007.0004: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0 [ 589.407178][T12375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1250'. [ 589.523311][ T6796] usb 3-1: USB disconnect, device number 24 [ 589.662555][ T30] audit: type=1326 audit(1759626887.628:3062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.1.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 589.687324][ T30] audit: type=1326 audit(1759626887.628:3063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.1.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 589.773398][ T30] audit: type=1326 audit(1759626887.628:3064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.1.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 590.152211][T12391] debugfs: 'ttyS3' already exists in 'caif_serial' [ 590.158841][ T30] audit: type=1326 audit(1759626887.628:3065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.1.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 590.194811][ T30] audit: type=1326 audit(1759626887.628:3066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.1.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 590.238897][ T30] audit: type=1326 audit(1759626887.628:3067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.1.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 590.309669][T12387] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 590.327377][T12387] CPU: 0 UID: 0 PID: 12387 Comm: syz.1.1253 Not tainted syzkaller #0 PREEMPT(full) [ 590.327405][T12387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 590.327417][T12387] Call Trace: [ 590.327424][T12387] [ 590.327431][T12387] dump_stack_lvl+0x16c/0x1f0 [ 590.327460][T12387] sysfs_warn_dup+0x7f/0xa0 [ 590.327488][T12387] sysfs_do_create_link_sd+0x124/0x140 [ 590.327517][T12387] sysfs_create_link+0x61/0xc0 [ 590.327543][T12387] device_add+0x62c/0x1aa0 [ 590.327565][T12387] ? __pfx_device_add+0x10/0x10 [ 590.327582][T12387] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 590.327610][T12387] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 590.327640][T12387] wiphy_register+0x1eb0/0x2b20 [ 590.327667][T12387] ? netdev_run_todo+0x864/0x1320 [ 590.327692][T12387] ? __dev_printk+0x1c0/0x270 [ 590.327722][T12387] ? __pfx_wiphy_register+0x10/0x10 [ 590.327758][T12387] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 590.327789][T12387] ieee80211_register_hw+0x253d/0x4120 [ 590.327828][T12387] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 590.327854][T12387] ? __pfx___debug_object_init+0x10/0x10 [ 590.327891][T12387] ? find_held_lock+0x2b/0x80 [ 590.327919][T12387] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 590.327946][T12387] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 590.327971][T12387] ? __hrtimer_setup+0x176/0x280 [ 590.327997][T12387] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 590.328033][T12387] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 590.328057][T12387] ? __asan_memcpy+0x3c/0x60 [ 590.328079][T12387] hwsim_new_radio_nl+0xba2/0x1330 [ 590.328103][T12387] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 590.328132][T12387] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 590.328163][T12387] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 590.328207][T12387] genl_family_rcv_msg_doit+0x206/0x2f0 [ 590.328240][T12387] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 590.328281][T12387] ? bpf_lsm_capable+0x9/0x10 [ 590.328304][T12387] ? security_capable+0x7e/0x260 [ 590.328334][T12387] ? ns_capable+0xd7/0x110 [ 590.328362][T12387] genl_rcv_msg+0x55c/0x800 [ 590.328393][T12387] ? __pfx_genl_rcv_msg+0x10/0x10 [ 590.328423][T12387] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 590.328454][T12387] netlink_rcv_skb+0x155/0x420 [ 590.328479][T12387] ? __pfx_genl_rcv_msg+0x10/0x10 [ 590.328509][T12387] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 590.328546][T12387] ? netlink_deliver_tap+0x1ae/0xd30 [ 590.328574][T12387] genl_rcv+0x28/0x40 [ 590.328599][T12387] netlink_unicast+0x5aa/0x870 [ 590.328629][T12387] ? __pfx_netlink_unicast+0x10/0x10 [ 590.328655][T12387] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 590.328688][T12387] netlink_sendmsg+0x8c8/0xdd0 [ 590.328718][T12387] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.328755][T12387] ____sys_sendmsg+0xa95/0xc70 [ 590.328784][T12387] ? copy_msghdr_from_user+0x10a/0x160 [ 590.328808][T12387] ? __pfx_____sys_sendmsg+0x10/0x10 [ 590.328849][T12387] ___sys_sendmsg+0x134/0x1d0 [ 590.328874][T12387] ? __pfx____sys_sendmsg+0x10/0x10 [ 590.328933][T12387] __sys_sendmsg+0x16d/0x220 [ 590.328957][T12387] ? __pfx___sys_sendmsg+0x10/0x10 [ 590.328991][T12387] ? __secure_computing+0x28e/0x3b0 [ 590.329017][T12387] do_syscall_64+0xcd/0x4e0 [ 590.329043][T12387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.329062][T12387] RIP: 0033:0x7f036458eec9 [ 590.329078][T12387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 590.329096][T12387] RSP: 002b:00007f0365378038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 590.329115][T12387] RAX: ffffffffffffffda RBX: 00007f03647e6180 RCX: 00007f036458eec9 [ 590.329127][T12387] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 590.329140][T12387] RBP: 00007f0364611f91 R08: 0000000000000000 R09: 0000000000000000 [ 590.329152][T12387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 590.329163][T12387] R13: 00007f03647e6218 R14: 00007f03647e6180 R15: 00007ffe8dac22f8 [ 590.329195][T12387] [ 590.919874][ T30] audit: type=1326 audit(1759626888.888:3068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.1.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 590.943760][ T30] audit: type=1326 audit(1759626888.908:3069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.1.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 591.331451][T12417] openvswitch: netlink: Actions may not be safe on all matching packets [ 591.456429][ T30] audit: type=1326 audit(1759626889.408:3070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.1.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f036458eec9 code=0x7ffc0000 [ 591.944320][T12431] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1263'. [ 591.954447][T12431] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1263'. [ 593.755398][T12457] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 594.420748][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 594.420763][ T30] audit: type=1326 audit(1759626892.388:3099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12479 comm="syz.4.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 594.450312][ C0] vkms_vblank_simulate: vblank timer overrun [ 594.463839][ T5970] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 594.494901][ T30] audit: type=1326 audit(1759626892.388:3100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12479 comm="syz.4.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 594.518344][ C0] vkms_vblank_simulate: vblank timer overrun [ 594.649314][ T5970] usb 1-1: Using ep0 maxpacket: 16 [ 594.716868][ T5970] usb 1-1: config 0 has an invalid interface number: 214 but max is 0 [ 594.729608][T12490] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1279'. [ 594.740261][T12492] usb usb9: usbfs: process 12492 (syz.3.1280) did not claim interface 47 before use [ 594.746885][ T30] audit: type=1326 audit(1759626892.388:3101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12479 comm="syz.4.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 594.789701][ T5970] usb 1-1: config 0 has no interface number 0 [ 594.795797][ T5970] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 594.816993][T12490] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1279'. [ 594.832919][ T30] audit: type=1326 audit(1759626892.388:3102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12479 comm="syz.4.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 594.893423][ T5970] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 594.917092][ T5970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.955919][ T5970] usb 1-1: Product: syz [ 594.957588][ T30] audit: type=1326 audit(1759626892.388:3103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12479 comm="syz.4.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 594.983531][ C0] vkms_vblank_simulate: vblank timer overrun [ 594.989599][ T5970] usb 1-1: Manufacturer: syz [ 594.994285][ T5970] usb 1-1: SerialNumber: syz [ 595.030977][ T5970] usb 1-1: config 0 descriptor?? [ 595.121130][ T30] audit: type=1326 audit(1759626892.388:3104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12479 comm="syz.4.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 595.350311][ T5970] usbtouchscreen 1-1:0.214: Failed to read FW rev: -71 [ 595.357390][ T5970] usbtouchscreen 1-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 595.447871][ T5970] usb 1-1: USB disconnect, device number 23 [ 595.465667][ T30] audit: type=1326 audit(1759626892.388:3105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12479 comm="syz.4.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd42458ef03 code=0x7ffc0000 [ 595.649292][ T30] audit: type=1326 audit(1759626892.388:3106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12479 comm="syz.4.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd42458ef03 code=0x7ffc0000 [ 595.919301][ T5970] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 595.973909][ T30] audit: type=1326 audit(1759626892.388:3107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12479 comm="syz.4.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 595.997366][ C0] vkms_vblank_simulate: vblank timer overrun [ 596.079798][ T30] audit: type=1326 audit(1759626892.438:3108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12479 comm="syz.4.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd42458eec9 code=0x7ffc0000 [ 596.109916][ T5970] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 596.118634][ T5970] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 596.128983][ T5970] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 596.140057][ T5970] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 596.151145][ T5970] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 596.163847][ T5970] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 596.172962][ T5970] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 596.181014][ T5970] usb 3-1: Product: syz [ 596.201168][ T5970] usb 3-1: Manufacturer: syz [ 596.222539][ T5970] cdc_wdm 3-1:1.0: skipping garbage [ 596.227747][ T5970] cdc_wdm 3-1:1.0: skipping garbage [ 596.242693][ T5970] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 596.249479][ T5970] cdc_wdm 3-1:1.0: Unknown control protocol [ 596.287912][T12526] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1290'. [ 596.332552][T12527] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 596.340260][T12527] CPU: 1 UID: 0 PID: 12527 Comm: syz.3.1289 Not tainted syzkaller #0 PREEMPT(full) [ 596.340285][T12527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 596.340297][T12527] Call Trace: [ 596.340304][T12527] [ 596.340311][T12527] dump_stack_lvl+0x16c/0x1f0 [ 596.340346][T12527] sysfs_warn_dup+0x7f/0xa0 [ 596.340373][T12527] sysfs_do_create_link_sd+0x124/0x140 [ 596.340403][T12527] sysfs_create_link+0x61/0xc0 [ 596.340430][T12527] device_add+0x62c/0x1aa0 [ 596.340452][T12527] ? __pfx_device_add+0x10/0x10 [ 596.340469][T12527] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 596.340494][T12527] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 596.340518][T12527] wiphy_register+0x1eb0/0x2b20 [ 596.340538][T12527] ? netdev_run_todo+0x864/0x1320 [ 596.340557][T12527] ? __dev_printk+0x1c0/0x270 [ 596.340580][T12527] ? __pfx_wiphy_register+0x10/0x10 [ 596.340607][T12527] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 596.340630][T12527] ieee80211_register_hw+0x253d/0x4120 [ 596.340659][T12527] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 596.340679][T12527] ? __pfx___debug_object_init+0x10/0x10 [ 596.340708][T12527] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 596.340729][T12527] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 596.340749][T12527] ? __hrtimer_setup+0x176/0x280 [ 596.340769][T12527] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 596.340797][T12527] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 596.340815][T12527] ? __asan_memcpy+0x3c/0x60 [ 596.340832][T12527] hwsim_new_radio_nl+0xba2/0x1330 [ 596.340850][T12527] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 596.340873][T12527] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 596.340896][T12527] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 596.340923][T12527] genl_family_rcv_msg_doit+0x206/0x2f0 [ 596.340946][T12527] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 596.340975][T12527] ? bpf_lsm_capable+0x9/0x10 [ 596.340993][T12527] ? security_capable+0x7e/0x260 [ 596.341016][T12527] ? ns_capable+0xd7/0x110 [ 596.341037][T12527] genl_rcv_msg+0x55c/0x800 [ 596.341061][T12527] ? __pfx_genl_rcv_msg+0x10/0x10 [ 596.341083][T12527] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 596.341107][T12527] netlink_rcv_skb+0x155/0x420 [ 596.341126][T12527] ? __pfx_genl_rcv_msg+0x10/0x10 [ 596.341148][T12527] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 596.341183][T12527] genl_rcv+0x28/0x40 [ 596.341202][T12527] netlink_unicast+0x5aa/0x870 [ 596.341224][T12527] ? __pfx_netlink_unicast+0x10/0x10 [ 596.341244][T12527] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 596.341269][T12527] netlink_sendmsg+0x8c8/0xdd0 [ 596.341292][T12527] ? __pfx_netlink_sendmsg+0x10/0x10 [ 596.341324][T12527] ____sys_sendmsg+0xa95/0xc70 [ 596.341346][T12527] ? copy_msghdr_from_user+0x10a/0x160 [ 596.341363][T12527] ? __pfx_____sys_sendmsg+0x10/0x10 [ 596.341384][T12527] ? kvm_sched_clock_read+0x11/0x20 [ 596.341406][T12527] ? lock_acquire+0x179/0x350 [ 596.341422][T12527] ? find_held_lock+0x2b/0x80 [ 596.341446][T12527] ___sys_sendmsg+0x134/0x1d0 [ 596.341464][T12527] ? __pfx____sys_sendmsg+0x10/0x10 [ 596.341509][T12527] __sys_sendmsg+0x16d/0x220 [ 596.341527][T12527] ? __pfx___sys_sendmsg+0x10/0x10 [ 596.341544][T12527] ? rcu_is_watching+0x12/0xc0 [ 596.341580][T12527] do_syscall_64+0xcd/0x4e0 [ 596.341599][T12527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.341614][T12527] RIP: 0033:0x7ffa6058eec9 [ 596.341627][T12527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.341640][T12527] RSP: 002b:00007ffa5e7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 596.341654][T12527] RAX: ffffffffffffffda RBX: 00007ffa607e6180 RCX: 00007ffa6058eec9 [ 596.341663][T12527] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000005 [ 596.341672][T12527] RBP: 00007ffa60611f91 R08: 0000000000000000 R09: 0000000000000000 [ 596.341680][T12527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.341688][T12527] R13: 00007ffa607e6218 R14: 00007ffa607e6180 R15: 00007ffea18b4cd8 [ 596.341708][T12527] [ 596.740842][T12526] netlink: 11 bytes leftover after parsing attributes in process `syz.4.1290'. [ 596.749838][T12526] netlink: 'syz.4.1290': attribute type 6 has an invalid length. [ 596.757657][T12526] netlink: 'syz.4.1290': attribute type 6 has an invalid length. [ 597.214332][ T6806] usb 3-1: USB disconnect, device number 25 [ 597.473238][ T6796] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 597.680589][ T6796] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 597.698422][ T6796] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 597.723338][ T6796] usb 5-1: config 0 interface 0 has no altsetting 0 [ 597.751662][ T6796] usb 5-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 597.770153][ T6796] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.786199][ T6796] usb 5-1: config 0 descriptor?? [ 598.207205][ T6796] hid-u2fzero 0003:20A0:4287.0005: item fetching failed at offset 4/5 [ 598.233953][ T6796] hid-u2fzero 0003:20A0:4287.0005: probe with driver hid-u2fzero failed with error -22 [ 598.431442][ T6796] usb 5-1: USB disconnect, device number 15 [ 598.533764][T12575] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1307'. [ 598.546996][T12575] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1307'. [ 599.471604][ T30] kauditd_printk_skb: 56 callbacks suppressed [ 599.471618][ T30] audit: type=1400 audit(1759626897.438:3165): avc: denied { bind } for pid=12588 comm="syz.1.1310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 599.659923][ T6796] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 600.266665][T12605] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 600.291459][T12600] ALSA: mixer_oss: invalid OSS volume '' [ 600.340873][ T6796] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 68, setting to 64 [ 600.365718][T12608] Bluetooth: MGMT ver 1.23 [ 600.373396][ T30] audit: type=1400 audit(1759626898.328:3166): avc: denied { write } for pid=12604 comm="syz.1.1315" path="socket:[35408]" dev="sockfs" ino=35408 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 600.398334][ T6796] usb 5-1: config 0 interface 0 has no altsetting 0 [ 600.412016][ T6796] usb 5-1: New USB device found, idVendor=04b4, idProduct=de64, bcdDevice= 0.00 [ 600.433557][ T6796] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.463147][ T6796] usb 5-1: config 0 descriptor?? [ 600.477097][T12590] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 600.698033][T12618] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1317'. [ 600.707728][T12618] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1317'. [ 600.985591][ T6796] cypress 0003:04B4:DE64.0006: item fetching failed at offset 0/3 [ 601.067903][ T6796] cypress 0003:04B4:DE64.0006: parse failed [ 601.076450][ T6796] cypress 0003:04B4:DE64.0006: probe with driver cypress failed with error -22 [ 601.215671][ T6806] usb 5-1: USB disconnect, device number 16 [ 601.419307][ T6796] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 601.580685][ T6796] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 601.590189][ T6796] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.618766][ T6796] usb 2-1: config 0 descriptor?? [ 601.640640][ T6796] cp210x 2-1:0.0: cp210x converter detected [ 601.821477][ T30] audit: type=1400 audit(1759626899.778:3167): avc: denied { write } for pid=12659 comm="syz.0.1327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 602.315464][T12677] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 602.614843][ T6796] usb 2-1: cp210x converter now attached to ttyUSB0 [ 602.628286][ T6796] usb 2-1: USB disconnect, device number 15 [ 602.638669][ T6796] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 602.649749][ T6796] cp210x 2-1:0.0: device disconnected [ 602.686288][ T30] audit: type=1400 audit(1759626900.648:3168): avc: denied { ioctl } for pid=12680 comm="syz.2.1333" path="/dev/nullb0" dev="devtmpfs" ino=695 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 603.420379][ T30] audit: type=1400 audit(1759626901.388:3169): avc: denied { bind } for pid=12704 comm="syz.4.1339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 603.554538][T12713] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 603.562321][T12713] CPU: 1 UID: 0 PID: 12713 Comm: syz.0.1340 Not tainted syzkaller #0 PREEMPT(full) [ 603.562346][T12713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 603.562358][T12713] Call Trace: [ 603.562365][T12713] [ 603.562372][T12713] dump_stack_lvl+0x16c/0x1f0 [ 603.562401][T12713] sysfs_warn_dup+0x7f/0xa0 [ 603.562428][T12713] sysfs_do_create_link_sd+0x124/0x140 [ 603.562458][T12713] sysfs_create_link+0x61/0xc0 [ 603.562485][T12713] device_add+0x62c/0x1aa0 [ 603.562507][T12713] ? __pfx_device_add+0x10/0x10 [ 603.562524][T12713] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 603.562552][T12713] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 603.562582][T12713] wiphy_register+0x1eb0/0x2b20 [ 603.562608][T12713] ? netdev_run_todo+0x864/0x1320 [ 603.562633][T12713] ? __dev_printk+0x1c0/0x270 [ 603.562663][T12713] ? __pfx_wiphy_register+0x10/0x10 [ 603.562699][T12713] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 603.562729][T12713] ieee80211_register_hw+0x253d/0x4120 [ 603.562767][T12713] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 603.562793][T12713] ? __pfx___debug_object_init+0x10/0x10 [ 603.562832][T12713] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 603.562859][T12713] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 603.562886][T12713] ? __hrtimer_setup+0x176/0x280 [ 603.562912][T12713] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 603.562950][T12713] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 603.562974][T12713] ? __asan_memcpy+0x3c/0x60 [ 603.562993][T12713] hwsim_new_radio_nl+0xba2/0x1330 [ 603.563017][T12713] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 603.563048][T12713] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 603.563079][T12713] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 603.563114][T12713] genl_family_rcv_msg_doit+0x206/0x2f0 [ 603.563145][T12713] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 603.563180][T12713] ? bpf_lsm_capable+0x9/0x10 [ 603.563201][T12713] ? security_capable+0x7e/0x260 [ 603.563238][T12713] ? ns_capable+0xd7/0x110 [ 603.563266][T12713] genl_rcv_msg+0x55c/0x800 [ 603.563298][T12713] ? __pfx_genl_rcv_msg+0x10/0x10 [ 603.563329][T12713] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 603.563361][T12713] netlink_rcv_skb+0x155/0x420 [ 603.563388][T12713] ? __pfx_genl_rcv_msg+0x10/0x10 [ 603.563419][T12713] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 603.563457][T12713] ? netlink_deliver_tap+0x1ae/0xd30 [ 603.563486][T12713] genl_rcv+0x28/0x40 [ 603.563513][T12713] netlink_unicast+0x5aa/0x870 [ 603.563542][T12713] ? __pfx_netlink_unicast+0x10/0x10 [ 603.563568][T12713] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 603.563602][T12713] netlink_sendmsg+0x8c8/0xdd0 [ 603.563632][T12713] ? __pfx_netlink_sendmsg+0x10/0x10 [ 603.563669][T12713] ____sys_sendmsg+0xa95/0xc70 [ 603.563698][T12713] ? copy_msghdr_from_user+0x10a/0x160 [ 603.563720][T12713] ? __pfx_____sys_sendmsg+0x10/0x10 [ 603.563761][T12713] ___sys_sendmsg+0x134/0x1d0 [ 603.563782][T12713] ? __pfx____sys_sendmsg+0x10/0x10 [ 603.563828][T12713] __sys_sendmsg+0x16d/0x220 [ 603.563846][T12713] ? __pfx___sys_sendmsg+0x10/0x10 [ 603.563863][T12713] ? __x64_sys_futex+0x1e0/0x4c0 [ 603.563892][T12713] do_syscall_64+0xcd/0x4e0 [ 603.563912][T12713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.563926][T12713] RIP: 0033:0x7f6e9178eec9 [ 603.563939][T12713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 603.563953][T12713] RSP: 002b:00007f6e92665038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 603.563967][T12713] RAX: ffffffffffffffda RBX: 00007f6e919e6180 RCX: 00007f6e9178eec9 [ 603.563976][T12713] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 603.563986][T12713] RBP: 00007f6e91811f91 R08: 0000000000000000 R09: 0000000000000000 [ 603.563996][T12713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 603.564006][T12713] R13: 00007f6e919e6218 R14: 00007f6e919e6180 R15: 00007ffd015f8248 [ 603.564027][T12713] [ 603.987791][ T7631] lec:lec_start_xmit: lec0:No lecd attached [ 604.016656][T12717] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1343'. [ 604.111034][T12717] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1343'. [ 604.134183][T12717] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1343'. [ 604.143191][T12717] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1343'. [ 604.182620][T12723] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 604.190351][T12723] CPU: 0 UID: 0 PID: 12723 Comm: syz.3.1342 Not tainted syzkaller #0 PREEMPT(full) [ 604.190375][T12723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 604.190388][T12723] Call Trace: [ 604.190395][T12723] [ 604.190403][T12723] dump_stack_lvl+0x16c/0x1f0 [ 604.190432][T12723] sysfs_warn_dup+0x7f/0xa0 [ 604.190464][T12723] sysfs_do_create_link_sd+0x124/0x140 [ 604.190495][T12723] sysfs_create_link+0x61/0xc0 [ 604.190522][T12723] device_add+0x62c/0x1aa0 [ 604.190545][T12723] ? __pfx_device_add+0x10/0x10 [ 604.190562][T12723] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 604.190591][T12723] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 604.190622][T12723] wiphy_register+0x1eb0/0x2b20 [ 604.190648][T12723] ? netdev_run_todo+0x864/0x1320 [ 604.190673][T12723] ? __dev_printk+0x1c0/0x270 [ 604.190703][T12723] ? __pfx_wiphy_register+0x10/0x10 [ 604.190740][T12723] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 604.190771][T12723] ieee80211_register_hw+0x253d/0x4120 [ 604.190809][T12723] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 604.190835][T12723] ? __pfx___debug_object_init+0x10/0x10 [ 604.190871][T12723] ? find_held_lock+0x2b/0x80 [ 604.190899][T12723] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 604.190926][T12723] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 604.190953][T12723] ? __hrtimer_setup+0x176/0x280 [ 604.190980][T12723] mac80211_hwsim_new_radio+0x32c7/0x5650 [ 604.191017][T12723] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 604.191041][T12723] ? __asan_memcpy+0x3c/0x60 [ 604.191064][T12723] hwsim_new_radio_nl+0xba2/0x1330 [ 604.191089][T12723] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 604.191120][T12723] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 604.191151][T12723] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 604.191187][T12723] genl_family_rcv_msg_doit+0x206/0x2f0 [ 604.191218][T12723] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 604.191262][T12723] ? bpf_lsm_capable+0x9/0x10 [ 604.191286][T12723] ? security_capable+0x7e/0x260 [ 604.191317][T12723] ? ns_capable+0xd7/0x110 [ 604.191345][T12723] genl_rcv_msg+0x55c/0x800 [ 604.191377][T12723] ? __pfx_genl_rcv_msg+0x10/0x10 [ 604.191408][T12723] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 604.191442][T12723] netlink_rcv_skb+0x155/0x420 [ 604.191467][T12723] ? __pfx_genl_rcv_msg+0x10/0x10 [ 604.191497][T12723] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 604.191534][T12723] ? netlink_deliver_tap+0x1ae/0xd30 [ 604.191564][T12723] genl_rcv+0x28/0x40 [ 604.191588][T12723] netlink_unicast+0x5aa/0x870 [ 604.191618][T12723] ? __pfx_netlink_unicast+0x10/0x10 [ 604.191644][T12723] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 604.191677][T12723] netlink_sendmsg+0x8c8/0xdd0 [ 604.191708][T12723] ? __pfx_netlink_sendmsg+0x10/0x10 [ 604.191740][T12723] ____sys_sendmsg+0xa95/0xc70 [ 604.191763][T12723] ? copy_msghdr_from_user+0x10a/0x160 [ 604.191780][T12723] ? __pfx_____sys_sendmsg+0x10/0x10 [ 604.191807][T12723] ? __pfx_futex_wake_mark+0x10/0x10 [ 604.191829][T12723] ___sys_sendmsg+0x134/0x1d0 [ 604.191848][T12723] ? __pfx____sys_sendmsg+0x10/0x10 [ 604.191895][T12723] __sys_sendmsg+0x16d/0x220 [ 604.191912][T12723] ? __pfx___sys_sendmsg+0x10/0x10 [ 604.191929][T12723] ? __x64_sys_futex+0x1e0/0x4c0 [ 604.191959][T12723] do_syscall_64+0xcd/0x4e0 [ 604.191979][T12723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.191995][T12723] RIP: 0033:0x7ffa6058eec9 [ 604.192007][T12723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.192023][T12723] RSP: 002b:00007ffa5e7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 604.192038][T12723] RAX: ffffffffffffffda RBX: 00007ffa607e6180 RCX: 00007ffa6058eec9 [ 604.192047][T12723] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006 [ 604.192055][T12723] RBP: 00007ffa60611f91 R08: 0000000000000000 R09: 0000000000000000 [ 604.192064][T12723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 604.192072][T12723] R13: 00007ffa607e6218 R14: 00007ffa607e6180 R15: 00007ffea18b4cd8 [ 604.192092][T12723] [ 604.590724][ C0] vkms_vblank_simulate: vblank timer overrun [ 605.186338][ T30] audit: type=1400 audit(1759626903.148:3170): avc: denied { kexec_image_load } for pid=12741 comm="syz.4.1354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 605.299281][ T5970] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 605.503982][ T5970] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.514962][ T5970] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.524735][ T5970] usb 2-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 605.533878][ T5970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.553276][ T30] audit: type=1400 audit(1759626903.518:3171): avc: denied { append } for pid=12754 comm="syz.4.1360" name="sg0" dev="devtmpfs" ino=766 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 605.553416][ T5970] usb 2-1: config 0 descriptor?? [ 605.577398][ T6796] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 605.594096][T12756] program syz.4.1360 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 605.770748][ T6796] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.780678][ T6796] usb 3-1: New USB device found, idVendor=056a, idProduct=00e3, bcdDevice= 0.00 [ 605.795175][ T6796] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.806224][ T6796] usb 3-1: config 0 descriptor?? [ 605.929921][ T5912] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 606.032764][ T5970] waltop 0003:172F:0501.0007: hidraw0: USB HID v0.00 Device [HID 172f:0501] on usb-dummy_hcd.1-1/input0 [ 606.055121][T12764] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1363'. [ 606.090642][ T5912] usb 1-1: config 0 has an invalid interface number: 238 but max is 0 [ 606.098923][ T5912] usb 1-1: config 0 has no interface number 0 [ 606.108629][T12771] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1363'. [ 606.117730][ T5912] usb 1-1: config 0 interface 238 altsetting 243 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 606.130574][ T5912] usb 1-1: config 0 interface 238 altsetting 243 endpoint 0x81 has invalid wMaxPacketSize 0 [ 606.147183][ T5912] usb 1-1: config 0 interface 238 has no altsetting 0 [ 606.195844][T12776] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1367'. [ 606.206031][T12776] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1367'. [ 606.281569][ T5912] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 606.299324][ T6796] wacom 0003:056A:00E3.0008: hidraw1: USB HID v0.02 Device [HID 056a:00e3] on usb-dummy_hcd.2-1/input0 [ 606.301026][ T5970] usb 2-1: USB disconnect, device number 16 [ 606.331306][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 606.472184][ T5912] usb 1-1: config 0 descriptor?? [ 606.496724][ T5969] usb 3-1: USB disconnect, device number 26 [ 606.902297][ T5912] uclogic 0003:256C:006D.0009: interface is invalid, ignoring [ 606.952050][T12781] netlink: 'syz.1.1369': attribute type 2 has an invalid length. [ 607.039448][ T5969] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 607.115854][ T5912] usb 1-1: USB disconnect, device number 24 [ 607.211848][ T5969] usb 4-1: config 0 interface 0 has no altsetting 0 [ 607.211878][ T5969] usb 4-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00 [ 607.211898][ T5969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.254377][ T5969] usb 4-1: config 0 descriptor?? [ 607.276038][T12798] netlink: 'syz.4.1371': attribute type 1 has an invalid length. [ 607.942454][T12802] xt_l2tp: missing protocol rule (udp|l2tpip) [ 608.060996][ T5969] zeroplus 0003:0C12:0005.000A: hidraw0: USB HID v1.01 Device [HID 0c12:0005] on usb-dummy_hcd.3-1/input0 [ 608.105297][ T5969] zeroplus 0003:0C12:0005.000A: no inputs found [ 608.123046][ T30] audit: type=1400 audit(1759626906.078:3172): avc: denied { watch watch_reads } for pid=12804 comm="syz.2.1378" path="/263" dev="tmpfs" ino=1473 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 608.254607][ T6796] usb 4-1: USB disconnect, device number 17 [ 608.362119][T12813] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1379'. [ 608.371982][T12813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1379'. [ 608.752182][T12796] tunl0 speed is unknown, defaulting to 1000 [ 609.193108][T12824] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1382'. [ 609.203055][T12824] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1382'. [ 609.229562][ T30] audit: type=1400 audit(1759626907.078:3173): avc: denied { read } for pid=12817 comm="syz.3.1381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 609.349270][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5360 ms [ 609.357280][ C1] lec:lec_tx_timeout: lec0 [ 609.404744][T12826] netdevsim netdevsim3: Direct firmware load for  failed with error -2 [ 609.413150][T12826] netdevsim netdevsim3: Falling back to sysfs fallback for:  [ 609.450232][T12784] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 610.094581][T12796] lo speed is unknown, defaulting to 1000 [ 610.279290][ T5969] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 610.303081][T12853] IPVS: stopping master sync thread 9478 ... [ 610.442683][ T5969] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 610.514036][ T5969] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 610.554243][ T5969] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 610.587369][ T30] audit: type=1400 audit(1759626908.538:3174): avc: denied { name_bind } for pid=12860 comm="syz.0.1399" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 610.639960][ T5969] usb 2-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00 [ 610.659152][ T5969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.689722][ T5969] usb 2-1: config 0 descriptor?? [ 610.958625][T12875] netlink: 'syz.2.1405': attribute type 1 has an invalid length. [ 610.982895][T12862] tunl0 speed is unknown, defaulting to 1000 [ 611.039849][T12877] netlink: 'syz.0.1406': attribute type 3 has an invalid length. [ 611.132015][T12880] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1407'. [ 611.154637][T12880] netlink: 'syz.2.1407': attribute type 16 has an invalid length. [ 611.157231][ T5969] megaworld 0003:07B5:0312.000B: unknown main item tag 0x2 [ 611.163510][T12880] netlink: 'syz.2.1407': attribute type 17 has an invalid length. [ 611.177714][T12880] netlink: 'syz.2.1407': attribute type 27 has an invalid length. [ 611.363042][ T5969] megaworld 0003:07B5:0312.000B: unexpected long global item [ 611.421659][ T5969] megaworld 0003:07B5:0312.000B: parse failed [ 611.438667][ T5969] megaworld 0003:07B5:0312.000B: probe with driver megaworld failed with error -22 [ 611.489501][ T5969] usb 2-1: USB disconnect, device number 17 [ 611.636036][T12862] lo speed is unknown, defaulting to 1000 [ 611.740175][ T6796] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 611.869443][ T6806] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 611.895544][ T6796] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 611.905272][ T6796] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 611.917473][ T6796] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 611.926825][ T6796] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 611.935268][ T6796] usb 1-1: Manufacturer: syz [ 611.945342][ T6796] usb 1-1: config 0 descriptor?? [ 612.047104][ T6806] usb 5-1: Using ep0 maxpacket: 32 [ 612.060496][ T5969] IPVS: starting estimator thread 0... [ 612.069898][ T6806] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d [ 612.099271][ T6806] usb 5-1: New USB device strings: Mfr=0, Product=8, SerialNumber=0 [ 612.107258][ T6806] usb 5-1: Product: syz [ 612.111548][ T6796] rc_core: IR keymap rc-hauppauge not found [ 612.117434][ T6796] Registered IR keymap rc-empty [ 612.164826][T12892] IPVS: using max 73 ests per chain, 175200 per kthread [ 612.182662][ T6796] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 612.200690][ T6806] usb 5-1: config 0 descriptor?? [ 612.247292][T12898] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1413'. [ 612.261477][ T6796] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input22 [ 612.355125][ C0] igorplugusb 1-1:0.0: Error: urb status = -32 [ 612.411641][ T6796] usb 1-1: USB disconnect, device number 25 [ 612.424108][ T6806] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 612.438454][T12905] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1414'. [ 612.460642][T12905] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1414'. [ 612.500154][ T6806] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 612.558197][ T6806] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 612.579439][ T6806] usb 5-1: media controller created [ 612.614614][ T6806] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 612.654887][ T6806] az6027: usb out operation failed. (-71) [ 612.661691][ T6806] az6027: usb out operation failed. (-71) [ 612.667457][ T6806] stb0899_attach: Driver disabled by Kconfig [ 612.673797][ T6806] az6027: no front-end attached [ 612.673797][ T6806] [ 612.682276][ T6806] az6027: usb out operation failed. (-71) [ 612.688016][ T6806] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 612.696394][ T6806] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input23 [ 612.710022][ T6806] dvb-usb: schedule remote query interval to 400 msecs. [ 612.717495][ T6806] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 612.728346][ T6806] usb 5-1: USB disconnect, device number 17 [ 612.775443][ T6806] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 613.215951][T12926] netlink: 'syz.0.1420': attribute type 15 has an invalid length. [ 613.224116][T10741] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 613.232948][T12926] netlink: 71 bytes leftover after parsing attributes in process `syz.0.1420'. [ 613.335703][ T30] audit: type=1400 audit(1759626911.298:3175): avc: denied { read } for pid=12935 comm="syz.4.1423" name="usbmon8" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 613.381482][T10741] usb 2-1: Using ep0 maxpacket: 32 [ 613.388509][T10741] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 613.413336][T10741] usb 2-1: config 0 has no interface number 0 [ 613.427295][T10741] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 613.439898][ T30] audit: type=1400 audit(1759626911.298:3176): avc: denied { open } for pid=12935 comm="syz.4.1423" path="/dev/usbmon8" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 613.447834][T10741] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 613.516263][T10741] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.541064][T10741] usb 2-1: Product: syz [ 613.551192][T10741] usb 2-1: Manufacturer: syz [ 613.552350][ T30] audit: type=1326 audit(1759626911.348:3177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12906 comm="syz.2.1415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcac958eec9 code=0x7fc00000 [ 613.557753][T10741] usb 2-1: SerialNumber: syz [ 613.616258][T10741] usb 2-1: config 0 descriptor?? [ 613.626092][T10741] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 613.636307][T10741] em28xx 2-1:0.132: Video interface 132 found: [ 613.652611][ T30] audit: type=1400 audit(1759626911.388:3178): avc: denied { bind } for pid=12937 comm="syz.4.1424" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 613.679299][ T6806] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 613.687019][ T30] audit: type=1400 audit(1759626911.388:3179): avc: denied { name_bind } for pid=12937 comm="syz.4.1424" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 613.738216][ T30] audit: type=1400 audit(1759626911.388:3180): avc: denied { node_bind } for pid=12937 comm="syz.4.1424" saddr=172.20.20.170 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 613.761304][ T30] audit: type=1400 audit(1759626911.388:3181): avc: denied { write } for pid=12937 comm="syz.4.1424" laddr=172.20.20.170 lport=20001 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 613.871064][ T6806] usb 1-1: Using ep0 maxpacket: 8 [ 613.877593][ T6806] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 613.903472][T12948] tunl0 speed is unknown, defaulting to 1000 [ 613.959272][ T6806] usb 1-1: config 0 has no interface number 0 [ 613.965390][ T6806] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 613.989777][ T6806] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 614.009318][ T6806] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 614.031213][T10741] em28xx 2-1:0.132: chip ID is em2800 [ 614.039817][ T6806] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 614.069310][ T6806] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 614.078364][ T6806] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.099280][ T6796] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 614.122254][ T6806] usb 1-1: config 0 descriptor?? [ 614.139535][ T6806] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 614.178202][T12948] lo speed is unknown, defaulting to 1000 [ 614.248674][T12942] lec:lec_atm_close: lec0: Shut down! [ 614.270623][ T6796] usb 4-1: Using ep0 maxpacket: 32 [ 614.277825][ T6796] usb 4-1: config 0 has an invalid interface number: 255 but max is 0 [ 614.290367][ T6796] usb 4-1: config 0 has no interface number 0 [ 614.305501][T10741] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 614.315594][ T6796] usb 4-1: config 0 interface 255 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 614.331255][T10741] em28xx 2-1:0.132: board has no eeprom [ 614.336892][ T6796] usb 4-1: config 0 interface 255 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 614.365373][ T6796] usb 4-1: config 0 interface 255 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 614.367774][ T5969] usb 1-1: USB disconnect, device number 26 [ 614.402702][ T6796] usb 4-1: config 0 interface 255 has no altsetting 0 [ 614.412451][ T6796] usb 4-1: New USB device found, idVendor=28bd, idProduct=1903, bcdDevice= 0.00 [ 614.422869][ T5969] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 614.425745][T10741] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 614.457330][T10741] em28xx 2-1:0.132: analog set to bulk mode. [ 614.465135][ T6796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.486626][ T6806] em28xx 2-1:0.132: Registering V4L2 extension [ 614.527634][ T6796] usb 4-1: config 0 descriptor?? [ 614.606619][ T6806] em28xx 2-1:0.132: failed to trigger read from i2c address 0x4a (error=-5) [ 614.624774][T10741] usb 2-1: USB disconnect, device number 18 [ 614.646287][ T6806] em28xx 2-1:0.132: failed to trigger read from i2c address 0x48 (error=-19) [ 614.657144][T10741] em28xx 2-1:0.132: Disconnecting em28xx [ 614.780615][ T6806] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 614.788110][ T6806] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 614.796059][ T6806] em28xx 2-1:0.132: No AC97 audio processor [ 614.812538][ T6806] usb 2-1: Decoder not found [ 614.817200][ T6806] em28xx 2-1:0.132: failed to create media graph [ 614.823636][ T6806] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 614.859330][ T6806] em28xx 2-1:0.132: Remote control support is not available for this card. [ 614.868023][T10741] em28xx 2-1:0.132: Closing input extension [ 614.879277][ T5969] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 614.913805][T10741] em28xx 2-1:0.132: Freeing device [ 614.969074][ T6796] uclogic 0003:28BD:1903.000C: interface is invalid, ignoring [ 615.047324][ T5969] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 615.062041][ T5969] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 615.078876][ T5969] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 615.100026][ T5969] usb 3-1: config 0 interface 0 has no altsetting 0 [ 615.107691][ T5969] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 615.126952][ T5969] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 615.148675][ T5969] usb 3-1: config 0 interface 0 has no altsetting 0 [ 615.156517][ T5969] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 615.166865][ T5969] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 615.178758][ T5969] usb 3-1: config 0 interface 0 has no altsetting 0 [ 615.186480][ T5969] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 615.196964][ T5969] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 615.208315][ T5969] usb 3-1: config 0 interface 0 has no altsetting 0 [ 615.216038][ T5969] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 615.225321][ T5969] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 615.236508][ T5969] usb 3-1: config 0 interface 0 has no altsetting 0 [ 615.242933][T10741] usb 4-1: USB disconnect, device number 18 [ 615.244291][ T5969] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 615.277842][T13003] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1436'. [ 615.287636][T13003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1436'. [ 615.345817][ T5969] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 615.459362][ T5969] usb 3-1: config 0 interface 0 has no altsetting 0 [ 615.512450][T13006] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1439'. [ 615.523584][T13006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1439'. [ 615.540406][ T5969] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 615.549536][ T5969] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 615.560578][ T5969] usb 3-1: config 0 interface 0 has no altsetting 0 [ 615.579119][ T5969] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 615.589588][ T5969] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 615.600745][ T5969] usb 3-1: config 0 interface 0 has no altsetting 0 [ 615.702637][ T5969] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 615.713053][ T5969] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 615.725981][ T5969] usb 3-1: Product: syz [ 615.846672][ T5969] usb 3-1: Manufacturer: syz [ 615.851644][ T5969] usb 3-1: SerialNumber: syz [ 615.948051][ T5969] usb 3-1: config 0 descriptor?? [ 615.971770][ T5969] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 616.240867][ T5912] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 616.259761][T13024] @: renamed from vlan0 [ 616.263982][ T30] audit: type=1400 audit(1759626914.228:3182): avc: denied { ioctl } for pid=13022 comm="syz.1.1446" path="socket:[37240]" dev="sockfs" ino=37240 ioctlcmd=0x8923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 616.431109][ T30] audit: type=1400 audit(1759626914.398:3183): avc: denied { nlmsg_read } for pid=13029 comm="syz.0.1448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 616.432778][ T5969] usb 3-1: USB disconnect, device number 27 [ 616.454359][T13032] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1448'. [ 616.466818][ T5912] usb 5-1: Using ep0 maxpacket: 8 [ 616.485225][ T5912] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 616.498890][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 616.511055][ T5969] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 616.524531][ T5912] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 616.533772][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 616.541967][ T5912] usb 5-1: Product: syz [ 616.615485][ T5912] usb 5-1: Manufacturer: syz [ 616.654639][ T5912] usb 5-1: SerialNumber: syz [ 616.674352][ T5912] usb 5-1: config 0 descriptor?? [ 616.759275][ T5912] rc_core: IR keymap rc-streamzap not found [ 616.775340][ T5912] Registered IR keymap rc-empty [ 616.790374][ T5912] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 616.834425][ T5912] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input24 [ 616.903912][ T5912] usb 5-1: USB disconnect, device number 18 [ 617.049400][T10741] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 617.099277][ T6796] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 617.209268][T10741] usb 2-1: Using ep0 maxpacket: 8 [ 617.221789][T10741] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 617.232857][T10741] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.253512][T10741] usb 2-1: Product: syz [ 617.257851][T10741] usb 2-1: Manufacturer: syz [ 617.264508][T10741] usb 2-1: SerialNumber: syz [ 617.272838][ T6796] usb 1-1: Using ep0 maxpacket: 8 [ 617.331234][ T6796] usb 1-1: unable to get BOS descriptor or descriptor too short [ 617.402656][ T6796] usb 1-1: config 4 interface 0 has no altsetting 0 [ 617.419862][ T5912] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 617.449816][T10741] usb 2-1: config 0 descriptor?? [ 617.500334][ T6796] usb 1-1: string descriptor 0 read error: -22 [ 617.529127][ T6796] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 617.560263][ T6796] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.585915][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 617.617749][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 617.618648][ T6796] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 617.642575][ T5912] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 617.669353][T10741] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 617.670768][ T5912] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 617.676120][ T6796] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 617.696227][ T6796] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 617.704860][ T6796] usb 1-1: media controller created [ 617.722385][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.727203][ T6796] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 617.741605][ T5912] usb 3-1: config 0 descriptor?? [ 617.867639][T10741] gspca_sunplus: reg_w_riv err -71 [ 617.872917][T10741] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 618.053347][T10741] usb 2-1: USB disconnect, device number 19 [ 618.115244][T13059] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1458'. [ 618.125381][T13059] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1458'. [ 618.291556][ T5912] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 618.299077][ T5912] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 618.306551][ T5912] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 618.369965][ T5912] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 618.394625][ T5912] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 618.402332][ T5912] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 618.413250][ T5912] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 618.424423][ T5912] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 618.431929][ T5912] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 618.439958][ T5912] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 618.452433][ T5912] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 618.499362][ T5969] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 618.547938][ T5912] usb 3-1: USB disconnect, device number 28 [ 618.649269][ T5969] usb 4-1: Using ep0 maxpacket: 8 [ 618.661316][ T5969] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 618.671391][ T5969] usb 4-1: config 0 has no interface number 0 [ 618.677525][ T5969] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 618.689024][ T5969] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 618.698146][ T5969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 618.709958][ T5969] usb 4-1: config 0 descriptor?? [ 618.728324][ T5969] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 618.924389][ T6806] usb 4-1: USB disconnect, device number 19 [ 618.970676][T10741] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 619.049390][ T5969] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 619.125883][ T6796] usb 1-1: USB disconnect, device number 27 [ 619.139371][T10741] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 619.166267][T10741] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 619.175857][T10741] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 619.185109][T10741] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 619.199911][T10741] usb 5-1: config 0 descriptor?? [ 619.202711][ T5969] usb 2-1: Using ep0 maxpacket: 16 [ 619.211503][T10741] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 619.220942][T10741] dvb-usb: bulk message failed: -22 (3/0) [ 619.221537][ T5969] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 619.237350][T10741] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 619.245804][ T5969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 619.249799][T10741] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 619.260823][ T5969] usb 2-1: Product: syz [ 619.260842][ T5969] usb 2-1: Manufacturer: syz [ 619.260857][ T5969] usb 2-1: SerialNumber: syz [ 619.275144][T10741] usb 5-1: media controller created [ 619.283975][T10741] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 619.290060][ T5969] usb 2-1: config 0 descriptor?? [ 619.304227][ T5969] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 619.304326][T10741] dvb-usb: bulk message failed: -22 (6/0) [ 619.317787][T10741] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 619.322803][ T5969] usb 2-1: Detected FT-X [ 619.341149][T10741] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input25 [ 619.355144][T10741] dvb-usb: schedule remote query interval to 150 msecs. [ 619.359255][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5110 ms [ 619.362394][T10741] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 619.370063][ C1] lec:lec_tx_timeout: lec0 [ 619.479178][T13066] dvb-usb: bulk message failed: -22 (2/0) [ 619.490649][T10741] usb 5-1: USB disconnect, device number 19 [ 619.511003][ T5969] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 619.525811][T10741] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 619.528420][ T5969] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 619.556197][ T5969] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 619.576507][ T5969] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 619.588961][ T5969] usb 2-1: USB disconnect, device number 20 [ 619.599675][ T5969] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 619.609837][ T5969] ftdi_sio 2-1:0.0: device disconnected [ 619.759297][ T5970] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 619.819553][ T6796] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 619.924047][ T5970] usb 4-1: Using ep0 maxpacket: 8 [ 619.930576][ T5970] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 619.944819][ T5970] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 619.961500][ T5970] pvrusb2: Hardware description: Terratec Grabster AV400 [ 619.976316][ T5970] pvrusb2: ********** [ 619.979264][ T6796] usb 3-1: Using ep0 maxpacket: 32 [ 619.981406][ T5970] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 619.986806][ T6796] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 619.997136][ T5970] pvrusb2: Important functionality might not be entirely working. [ 620.011692][ T5970] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 620.019405][ T6796] usb 3-1: config 0 has no interface number 0 [ 620.029339][ T5970] pvrusb2: ********** [ 620.048824][ T6796] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 620.068350][ T6796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 620.086678][ T6796] usb 3-1: Product: syz [ 620.091471][ T6796] usb 3-1: Manufacturer: syz [ 620.096227][ T6796] usb 3-1: SerialNumber: syz [ 620.103134][ T6796] usb 3-1: config 0 descriptor?? [ 620.120646][ T6796] quatech2 3-1:0.1: Quatech 2nd gen USB to Serial Driver converter detected [ 620.175847][ T2325] pvrusb2: Invalid write control endpoint [ 620.246914][ T2325] pvrusb2: Invalid write control endpoint [ 620.281785][T13094] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1470'. [ 620.291685][T13094] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1470'. [ 620.319852][ T2325] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 620.330941][ T6796] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 620.342688][ T2325] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 620.346204][ T6796] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 620.359244][ T2325] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 620.376732][ T2325] pvrusb2: Device being rendered inoperable [ 620.382877][ T5969] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 620.415269][T13073] pvrusb2: Attempted to execute control transfer when device not ok [ 620.450794][ T6796] usb 4-1: USB disconnect, device number 20 [ 620.453928][ T2325] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 620.499742][ T2325] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 620.522735][ T2325] pvrusb2: Attached sub-driver cx25840 [ 620.535117][ T2325] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 620.567080][ T5969] usb 2-1: Using ep0 maxpacket: 32 [ 620.569335][ T2325] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 620.588761][ T5969] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 620.609968][ T5969] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 620.639304][ T5969] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 620.650997][ T5969] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 620.660191][ T5969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 620.673256][ T5969] usb 2-1: config 0 descriptor?? [ 620.682664][T13091] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 620.710206][ T5969] hub 2-1:0.0: USB hub found [ 620.738054][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 620.747489][T10741] usb 3-1: USB disconnect, device number 29 [ 620.756471][T10741] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 620.777828][T10741] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 620.789791][T10741] quatech2 3-1:0.1: device disconnected [ 620.922739][ T5969] hub 2-1:0.0: 2 ports detected [ 621.059473][ T6796] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 621.166239][T13110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1478'. [ 621.213052][ T6796] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 621.221584][ T6796] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 621.235920][ T6796] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 621.259271][ T6796] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 621.270098][ T6796] usb 1-1: Manufacturer: syz [ 621.294264][ T6796] usb 1-1: config 0 descriptor?? [ 621.389977][ T5970] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 621.429786][ T6796] rc_core: IR keymap rc-hauppauge not found [ 621.452241][ T6796] Registered IR keymap rc-empty [ 621.470079][ T6796] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 621.500946][ T6796] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input26 [ 621.543326][ T5969] usb 2-1: USB disconnect, device number 21 [ 621.549324][ T5970] usb 5-1: Using ep0 maxpacket: 16 [ 621.555219][ T6796] usb 1-1: USB disconnect, device number 28 [ 621.562332][ T5970] usb 5-1: config 0 has an invalid interface number: 147 but max is 0 [ 621.572775][ T5970] usb 5-1: config 0 has no interface number 0 [ 621.578885][ T5970] usb 5-1: config 0 interface 147 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32 [ 621.592427][ T5970] usb 5-1: config 0 interface 147 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024 [ 621.606988][ T5970] usb 5-1: config 0 interface 147 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 621.628980][ T5970] usb 5-1: New USB device found, idVendor=0525, idProduct=1080, bcdDevice=5b.44 [ 621.644216][ T5970] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.656947][ T5970] usb 5-1: Product: syz [ 621.662500][ T5970] usb 5-1: Manufacturer: syz [ 621.667185][ T5970] usb 5-1: SerialNumber: syz [ 621.685674][ T5970] usb 5-1: config 0 descriptor?? [ 621.695960][T13108] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 621.703848][T13108] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 621.739282][ T5912] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 621.899291][ T5912] usb 3-1: Using ep0 maxpacket: 32 [ 621.919937][ T5912] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 621.928138][ T5912] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 621.950654][T13108] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 621.967999][T13108] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 621.979330][ T5912] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 621.992599][ T5912] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 622.017877][ T5970] net1080 5-1:0.147 usb0: register 'net1080' at usb-dummy_hcd.4-1, NetChip TurboCONNECT, e2:f6:c0:9c:8b:03 [ 622.030797][ T5912] usb 3-1: config 0 interface 0 has no altsetting 0 [ 622.047430][ T5912] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 622.063298][ T5912] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 622.073275][ T5912] usb 3-1: Product: syz [ 622.077483][ T5912] usb 3-1: Manufacturer: syz [ 622.082173][ T5912] usb 3-1: SerialNumber: syz [ 622.090370][ T5912] usb 3-1: config 0 descriptor?? [ 622.104660][ T5912] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 622.144264][ T5912] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 622.202465][ T6796] usb 5-1: USB disconnect, device number 20 [ 622.208416][ T30] audit: type=1400 audit(1759626920.168:3184): avc: denied { connect } for pid=13143 comm="syz.0.1492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 622.236359][T13147] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1493'. [ 622.242160][ T6796] net1080 5-1:0.147 usb0: unregister 'net1080' usb-dummy_hcd.4-1, NetChip TurboCONNECT [ 622.262994][ T30] audit: type=1400 audit(1759626920.168:3185): avc: denied { write } for pid=13143 comm="syz.0.1492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 622.417234][T13125] ldusb 3-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 622.430026][T10741] usb 3-1: USB disconnect, device number 30 [ 622.435962][ C0] ldusb 3-1:0.0: usb_submit_urb failed (-19) [ 622.449054][T10741] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 623.012892][T13187] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1499'. [ 623.499585][T10741] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 623.569323][ T6796] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 623.614527][T13195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1507'. [ 623.659267][T10741] usb 5-1: Using ep0 maxpacket: 32 [ 623.665983][T10741] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 623.682560][T10741] usb 5-1: config 0 has no interface number 0 [ 623.706292][T10741] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 623.719281][ T6796] usb 4-1: Using ep0 maxpacket: 32 [ 623.724444][T10741] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.745956][ T6796] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 623.761791][T10741] usb 5-1: Product: syz [ 623.779592][ T6796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.790455][T10741] usb 5-1: Manufacturer: syz [ 623.795051][T10741] usb 5-1: SerialNumber: syz [ 623.810500][ T6796] usb 4-1: config 0 descriptor?? [ 623.832356][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.838632][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 623.847907][ T1294] lec:lec_start_xmit: lec0:No lecd attached [ 623.874796][T10741] usb 5-1: config 0 descriptor?? [ 624.177465][T10741] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 624.210585][T13212] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1509'. [ 624.219767][ T6796] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 624.236854][T10741] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 624.248132][ T6796] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 624.279677][T13212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1509'. [ 624.312711][T10741] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 624.322930][ T6796] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 624.340634][ T6796] usb 4-1: media controller created [ 624.414079][ T6796] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 624.515139][ T6796] az6027: usb out operation failed. (-71) [ 624.582259][T13221] netlink: 172 bytes leftover after parsing attributes in process `syz.1.1514'. [ 624.601791][T13221] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 624.601842][ T6796] az6027: usb out operation failed. (-71) [ 624.657588][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 624.665320][T10741] usb 5-1: USB disconnect, device number 21 [ 624.679182][T10741] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 624.697616][T10741] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 624.719438][ T6796] stb0899_attach: Driver disabled by Kconfig [ 624.728695][T10741] quatech2 5-1:0.51: device disconnected [ 624.734473][ T6796] az6027: no front-end attached [ 624.734473][ T6796] [ 624.758494][ T6796] az6027: usb out operation failed. (-71) [ 624.780992][ T6796] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 624.817194][ T6796] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input27 [ 624.872125][ T6796] dvb-usb: schedule remote query interval to 400 msecs. [ 624.902720][ T6796] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 624.958644][ T6796] usb 4-1: USB disconnect, device number 21 [ 625.130851][ T6796] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 625.487291][ T30] audit: type=1400 audit(1759626923.448:3186): avc: denied { map } for pid=13237 comm="syz.3.1522" path="/dev/dri/card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 625.524403][T13240] ================================================================== [ 625.532471][T13240] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220 [ 625.539666][T13240] Read of size 8 at addr ffff888079a3e520 by task syz.3.1522/13240 [ 625.547547][T13240] [ 625.549870][T13240] CPU: 0 UID: 0 PID: 13240 Comm: syz.3.1522 Not tainted syzkaller #0 PREEMPT(full) [ 625.549896][T13240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 625.549908][T13240] Call Trace: [ 625.549915][T13240] [ 625.549922][T13240] dump_stack_lvl+0x116/0x1f0 [ 625.549950][T13240] print_report+0xcd/0x630 [ 625.549973][T13240] ? __virt_addr_valid+0x81/0x610 [ 625.550001][T13240] ? __phys_addr+0xe8/0x180 [ 625.550030][T13240] ? __cpa_addr+0x1d3/0x220 [ 625.550049][T13240] kasan_report+0xe0/0x110 [ 625.550073][T13240] ? __cpa_addr+0x1d3/0x220 [ 625.550097][T13240] __cpa_addr+0x1d3/0x220 [ 625.550118][T13240] cpa_flush+0x28b/0x8a0 [ 625.550141][T13240] ? __pfx_cpa_flush+0x10/0x10 [ 625.550163][T13240] ? pgprot2cachemode+0x9a/0x130 [ 625.550191][T13240] ? __pfx_pgprot2cachemode+0x10/0x10 [ 625.550219][T13240] ? drm_gem_get_pages+0x6a0/0xa10 [ 625.550244][T13240] change_page_attr_set_clr+0x34e/0x4a0 [ 625.550270][T13240] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 625.550302][T13240] _set_pages_array+0x1ab/0x2c0 [ 625.550326][T13240] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 625.550346][T13240] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 625.550367][T13240] ? __pfx___might_resched+0x10/0x10 [ 625.550397][T13240] drm_gem_shmem_mmap+0xc9/0x550 [ 625.550415][T13240] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 625.550435][T13240] drm_gem_mmap_obj+0x1b5/0x560 [ 625.550457][T13240] drm_gem_mmap+0x40b/0x620 [ 625.550480][T13240] ? __pfx_drm_gem_mmap+0x10/0x10 [ 625.550500][T13240] ? vm_area_alloc+0x1f/0x160 [ 625.550529][T13240] ? lockdep_init_map_type+0x5c/0x280 [ 625.550553][T13240] __mmap_region+0x1306/0x27a0 [ 625.550571][T13240] ? __pfx___mmap_region+0x10/0x10 [ 625.550588][T13240] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 625.550614][T13240] ? audit_log_end+0x1f/0x30 [ 625.550634][T13240] ? audit_log_end+0x1f/0x30 [ 625.550654][T13240] ? common_lsm_audit+0x260/0x300 [ 625.550703][T13240] ? __lock_acquire+0xb97/0x1ce0 [ 625.550732][T13240] mmap_region+0x1ab/0x3f0 [ 625.550749][T13240] ? __get_unmapped_area+0x267/0x440 [ 625.550771][T13240] do_mmap+0xa3e/0x1210 [ 625.550795][T13240] ? __pfx_do_mmap+0x10/0x10 [ 625.550816][T13240] ? __pfx_down_write_killable+0x10/0x10 [ 625.550844][T13240] vm_mmap_pgoff+0x29e/0x470 [ 625.550867][T13240] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 625.550891][T13240] ? __fget_files+0x20e/0x3c0 [ 625.550913][T13240] ksys_mmap_pgoff+0x32c/0x5c0 [ 625.550935][T13240] __x64_sys_mmap+0x125/0x190 [ 625.550956][T13240] do_syscall_64+0xcd/0x4e0 [ 625.550979][T13240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.550999][T13240] RIP: 0033:0x7ffa6058eec9 [ 625.551014][T13240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.551032][T13240] RSP: 002b:00007ffa6136b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 625.551050][T13240] RAX: ffffffffffffffda RBX: 00007ffa607e5fa0 RCX: 00007ffa6058eec9 [ 625.551062][T13240] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 625.551074][T13240] RBP: 00007ffa60611f91 R08: 0000000000000003 R09: 0000000100000000 [ 625.551086][T13240] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 625.551098][T13240] R13: 00007ffa607e6038 R14: 00007ffa607e5fa0 R15: 00007ffea18b4cd8 [ 625.551117][T13240] [ 625.551124][T13240] [ 625.876281][T13240] Allocated by task 13240: [ 625.880675][T13240] kasan_save_stack+0x33/0x60 [ 625.885342][T13240] kasan_save_track+0x14/0x30 [ 625.890003][T13240] __kasan_kmalloc+0xaa/0xb0 [ 625.894579][T13240] __kvmalloc_node_noprof+0x3a3/0x9c0 [ 625.899929][T13240] drm_gem_get_pages+0x144/0xa10 [ 625.904850][T13240] drm_gem_shmem_get_pages_locked+0x1e6/0x490 [ 625.910895][T13240] drm_gem_shmem_mmap+0xc9/0x550 [ 625.915812][T13240] drm_gem_mmap_obj+0x1b5/0x560 [ 625.920643][T13240] drm_gem_mmap+0x40b/0x620 [ 625.925127][T13240] __mmap_region+0x1306/0x27a0 [ 625.929871][T13240] mmap_region+0x1ab/0x3f0 [ 625.934262][T13240] do_mmap+0xa3e/0x1210 [ 625.938399][T13240] vm_mmap_pgoff+0x29e/0x470 [ 625.942971][T13240] ksys_mmap_pgoff+0x32c/0x5c0 [ 625.947719][T13240] __x64_sys_mmap+0x125/0x190 [ 625.952378][T13240] do_syscall_64+0xcd/0x4e0 [ 625.956871][T13240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.962740][T13240] [ 625.965042][T13240] The buggy address belongs to the object at ffff888079a3e400 [ 625.965042][T13240] which belongs to the cache kmalloc-512 of size 512 [ 625.979070][T13240] The buggy address is located 0 bytes to the right of [ 625.979070][T13240] allocated 288-byte region [ffff888079a3e400, ffff888079a3e520) [ 625.993543][T13240] [ 625.995847][T13240] The buggy address belongs to the physical page: [ 626.002235][T13240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79a3c [ 626.010972][T13240] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 626.019445][T13240] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 626.027397][T13240] page_type: f5(slab) [ 626.031358][T13240] raw: 00fff00000000040 ffff88801b026c80 0000000000000000 dead000000000001 [ 626.039921][T13240] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 626.048482][T13240] head: 00fff00000000040 ffff88801b026c80 0000000000000000 dead000000000001 [ 626.057131][T13240] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 626.065783][T13240] head: 00fff00000000002 ffffea0001e68f01 00000000ffffffff 00000000ffffffff [ 626.074431][T13240] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 626.083071][T13240] page dumped because: kasan: bad access detected [ 626.089456][T13240] page_owner tracks the page as allocated [ 626.095142][T13240] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5204, tgid 5204 (udevd), ts 22200712899, free_ts 22180848970 [ 626.115871][T13240] post_alloc_hook+0x1c0/0x230 [ 626.120625][T13240] get_page_from_freelist+0x10a3/0x3a30 [ 626.126156][T13240] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 626.132035][T13240] alloc_pages_mpol+0x1fb/0x550 [ 626.136866][T13240] new_slab+0x24a/0x360 [ 626.141002][T13240] ___slab_alloc+0xdc4/0x1ae0 [ 626.145662][T13240] __slab_alloc.constprop.0+0x63/0x110 [ 626.151108][T13240] __kmalloc_cache_noprof+0x477/0x780 [ 626.156462][T13240] kernfs_fop_open+0x244/0xda0 [ 626.161203][T13240] do_dentry_open+0x982/0x1530 [ 626.165944][T13240] vfs_open+0x82/0x3f0 [ 626.169992][T13240] path_openat+0x1de4/0x2cb0 [ 626.174559][T13240] do_filp_open+0x20b/0x470 [ 626.179038][T13240] do_sys_openat2+0x11b/0x1d0 [ 626.183694][T13240] __x64_sys_openat+0x174/0x210 [ 626.188541][T13240] do_syscall_64+0xcd/0x4e0 [ 626.193035][T13240] page last free pid 5196 tgid 5196 stack trace: [ 626.199336][T13240] __free_frozen_pages+0x7df/0x1160 [ 626.204524][T13240] qlist_free_all+0x4d/0x120 [ 626.209102][T13240] kasan_quarantine_reduce+0x195/0x1e0 [ 626.214541][T13240] __kasan_slab_alloc+0x69/0x90 [ 626.219370][T13240] __kmalloc_noprof+0x2e8/0x880 [ 626.224206][T13240] tomoyo_encode2+0x100/0x3e0 [ 626.228865][T13240] tomoyo_encode+0x29/0x50 [ 626.233259][T13240] tomoyo_realpath_from_path+0x18f/0x6e0 [ 626.238877][T13240] tomoyo_check_open_permission+0x2ab/0x3c0 [ 626.244754][T13240] tomoyo_file_open+0x6b/0x90 [ 626.249418][T13240] security_file_open+0x84/0x1e0 [ 626.254339][T13240] do_dentry_open+0x596/0x1530 [ 626.259082][T13240] vfs_open+0x82/0x3f0 [ 626.263131][T13240] path_openat+0x1de4/0x2cb0 [ 626.267700][T13240] do_filp_open+0x20b/0x470 [ 626.272179][T13240] do_sys_openat2+0x11b/0x1d0 [ 626.276839][T13240] [ 626.279140][T13240] Memory state around the buggy address: [ 626.284743][T13240] ffff888079a3e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 626.292786][T13240] ffff888079a3e480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 626.300830][T13240] >ffff888079a3e500: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 626.308865][T13240] ^ [ 626.313944][T13240] ffff888079a3e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 626.321979][T13240] ffff888079a3e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 626.330014][T13240] ================================================================== [ 626.338860][ T30] audit: type=1400 audit(1759626923.448:3187): avc: denied { execute } for pid=13237 comm="syz.3.1522" path="/dev/dri/card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 626.398836][T13240] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 626.406036][T13240] CPU: 1 UID: 0 PID: 13240 Comm: syz.3.1522 Not tainted syzkaller #0 PREEMPT(full) [ 626.415399][T13240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 626.425447][T13240] Call Trace: [ 626.428721][T13240] [ 626.431647][T13240] dump_stack_lvl+0x3d/0x1f0 [ 626.436240][T13240] vpanic+0x640/0x6f0 [ 626.440221][T13240] panic+0xca/0xd0 [ 626.443939][T13240] ? __pfx_panic+0x10/0x10 [ 626.448349][T13240] ? __cpa_addr+0x1d3/0x220 [ 626.452850][T13240] ? preempt_schedule_common+0x44/0xc0 [ 626.458308][T13240] ? preempt_schedule_thunk+0x16/0x30 [ 626.463686][T13240] check_panic_on_warn+0xab/0xb0 [ 626.468624][T13240] end_report+0x107/0x170 [ 626.472952][T13240] kasan_report+0xee/0x110 [ 626.477369][T13240] ? __cpa_addr+0x1d3/0x220 [ 626.481871][T13240] __cpa_addr+0x1d3/0x220 [ 626.486199][T13240] cpa_flush+0x28b/0x8a0 [ 626.490444][T13240] ? __pfx_cpa_flush+0x10/0x10 [ 626.495207][T13240] ? pgprot2cachemode+0x9a/0x130 [ 626.500151][T13240] ? __pfx_pgprot2cachemode+0x10/0x10 [ 626.505524][T13240] ? drm_gem_get_pages+0x6a0/0xa10 [ 626.510634][T13240] change_page_attr_set_clr+0x34e/0x4a0 [ 626.516183][T13240] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 626.522260][T13240] _set_pages_array+0x1ab/0x2c0 [ 626.527113][T13240] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 626.533176][T13240] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 626.539758][T13240] ? __pfx___might_resched+0x10/0x10 [ 626.545051][T13240] drm_gem_shmem_mmap+0xc9/0x550 [ 626.549981][T13240] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 626.556128][T13240] drm_gem_mmap_obj+0x1b5/0x560 [ 626.560980][T13240] drm_gem_mmap+0x40b/0x620 [ 626.565482][T13240] ? __pfx_drm_gem_mmap+0x10/0x10 [ 626.570496][T13240] ? vm_area_alloc+0x1f/0x160 [ 626.575154][T13240] ? lockdep_init_map_type+0x5c/0x280 [ 626.580497][T13240] __mmap_region+0x1306/0x27a0 [ 626.585231][T13240] ? __pfx___mmap_region+0x10/0x10 [ 626.590309][T13240] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 626.596265][T13240] ? audit_log_end+0x1f/0x30 [ 626.600825][T13240] ? audit_log_end+0x1f/0x30 [ 626.605383][T13240] ? common_lsm_audit+0x260/0x300 [ 626.610390][T13240] ? __lock_acquire+0xb97/0x1ce0 [ 626.615300][T13240] mmap_region+0x1ab/0x3f0 [ 626.619685][T13240] ? __get_unmapped_area+0x267/0x440 [ 626.624946][T13240] do_mmap+0xa3e/0x1210 [ 626.629074][T13240] ? __pfx_do_mmap+0x10/0x10 [ 626.633634][T13240] ? __pfx_down_write_killable+0x10/0x10 [ 626.639245][T13240] vm_mmap_pgoff+0x29e/0x470 [ 626.643808][T13240] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 626.648889][T13240] ? __fget_files+0x20e/0x3c0 [ 626.653549][T13240] ksys_mmap_pgoff+0x32c/0x5c0 [ 626.658285][T13240] __x64_sys_mmap+0x125/0x190 [ 626.662936][T13240] do_syscall_64+0xcd/0x4e0 [ 626.667426][T13240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.673289][T13240] RIP: 0033:0x7ffa6058eec9 [ 626.677673][T13240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.697257][T13240] RSP: 002b:00007ffa6136b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 626.705643][T13240] RAX: ffffffffffffffda RBX: 00007ffa607e5fa0 RCX: 00007ffa6058eec9 [ 626.713585][T13240] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 626.721528][T13240] RBP: 00007ffa60611f91 R08: 0000000000000003 R09: 0000000100000000 [ 626.729470][T13240] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 626.737411][T13240] R13: 00007ffa607e6038 R14: 00007ffa607e5fa0 R15: 00007ffea18b4cd8 [ 626.745355][T13240] [ 626.748550][T13240] Kernel Offset: disabled [ 626.752847][T13240] Rebooting in 86400 seconds..