last executing test programs: 15m56.750519504s ago: executing program 0 (id=4229): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x54, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3") 15m54.881356211s ago: executing program 0 (id=4247): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)=ANY=[@ANYBLOB="201101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r1, 0x720, 0x0) 15m53.460311937s ago: executing program 0 (id=4257): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x400000000000f01c, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000001800)={'#! ', './file1/../file0', [{0x20, '\x86\xd7\xb5r\x03z\xf5\xe42\xad\xed\x122\x9db}\xd1\xff\xff\xff\x812\xd4\xef\xcd.\x8b\xf4\xa71iQA\x8d5\x8d\xaf\xe1\xd8\xae-\n\x95\x98\x96\xe8\x0e^\x80S\x9a\xca\xbf\x0e4C\'~_\xd0X\xb9\x94[\xf5,\xe0\xcd\x89\x1c\t\xd0\xf2\xfb\xf8\xfbe\xb2\r\xeeI\x86\xca\xd0k\xb0\x1b\xe96\xedpm\xcc\xdc\x91\xb9\xbft\xfb\x98\xe2\x02!\xfeq\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x009\xf7\x81\xf4\xa9j\xc9\xbb\xf8\xf2K\"\x86\xf5h\xf5;\xd2\xaf\x9b\xea\xef-\xd7\xd6\xfa\x97-*\\\x98bE\r\xdc\x89\xd8&\x91\x1c+\x15\x89\xd7\xa7ceT\xea`5\xf9\x88\n \xdcA\xa6\x10\x93\"\xa4Y\x84\xee\xb2\xf9\xa9\x80uf\xab\xb3\xd1\x10i\x94x\x0f\xee\x94j2\xf9\x9ah\xf3b\x19P4\\\xad\xbaX]\xbc\xbbTA\x17d\a\x8fa\xe0\xc3K\x959'}]}, 0xf7) write$UHID_INPUT(r1, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf063a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b124e4ebe0d9883ef100f1934e42794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746733d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c1169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a63941564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9fe9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc5492b4e1083a2e3d77215a34abef947b5b9a950e780662de18873e55899c92db3ad3d437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb0466c237376ca2944ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c7c636b3a2b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e4", 0x1000}}, 0x1006) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "9001001c551265406c7f306003d8a0f4bd0000000300"}}) 15m53.344938838s ago: executing program 0 (id=4258): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x10000, 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r1, 0x9362, 0x0) 15m53.206673977s ago: executing program 0 (id=4259): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) memfd_secret(0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000040)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 15m52.884066011s ago: executing program 0 (id=4264): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000080)="0f2180f30fbd04f2abd9eb2680e1000f22670f01cf0fc7b000000f300f20e06635200000000f22e0", 0x28}], 0x1, 0x2, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15m52.513856012s ago: executing program 32 (id=4264): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000080)="0f2180f30fbd04f2abd9eb2680e1000f22670f01cf0fc7b000000f300f20e06635200000000f22e0", 0x28}], 0x1, 0x2, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15m48.108240994s ago: executing program 1 (id=4288): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)=ANY=[@ANYBLOB="201101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x0, 0x70, 0x6, 0x0}) 15m45.882973859s ago: executing program 4 (id=4267): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x400000000000f01c, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000001800)={'#! ', './file1/../file0', [{0x20, '\x86\xd7\xb5r\x03z\xf5\xe42\xad\xed\x122\x9db}\xd1\xff\xff\xff\x812\xd4\xef\xcd.\x8b\xf4\xa71iQA\x8d5\x8d\xaf\xe1\xd8\xae-\n\x95\x98\x96\xe8\x0e^\x80S\x9a\xca\xbf\x0e4C\'~_\xd0X\xb9\x94[\xf5,\xe0\xcd\x89\x1c\t\xd0\xf2\xfb\xf8\xfbe\xb2\r\xeeI\x86\xca\xd0k\xb0\x1b\xe96\xedpm\xcc\xdc\x91\xb9\xbft\xfb\x98\xe2\x02!\xfeq\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x009\xf7\x81\xf4\xa9j\xc9\xbb\xf8\xf2K\"\x86\xf5h\xf5;\xd2\xaf\x9b\xea\xef-\xd7\xd6\xfa\x97-*\\\x98bE\r\xdc\x89\xd8&\x91\x1c+\x15\x89\xd7\xa7ceT\xea`5\xf9\x88\n \xdcA\xa6\x10\x93\"\xa4Y\x84\xee\xb2\xf9\xa9\x80uf\xab\xb3\xd1\x10i\x94x\x0f\xee\x94j2\xf9\x9ah\xf3b\x19P4\\\xad\xbaX]\xbc\xbbTA\x17d\a\x8fa\xe0\xc3K\x959'}]}, 0xf7) write$UHID_INPUT(r1, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf063a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b124e4ebe0d9883ef100f1934e42794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746733d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c1169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a63941564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9fe9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc5492b4e1083a2e3d77215a34abef947b5b9a950e780662de18873e55899c92db3ad3d437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb0466c237376ca2944ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c7c636b3a2b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e4", 0x1000}}, 0x1006) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "9001001c551265406c7f306003d8a0f4bd0000000300"}}) 15m45.763563859s ago: executing program 4 (id=4297): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 15m44.996431468s ago: executing program 1 (id=4301): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x2, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x6, 0x1e}, @ptr={0x70742a85, 0x4, 0x0, 0x0, 0x1, 0x29}, @flat=@handle={0x73682a85, 0x110a, 0x1}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x400}], 0x0, 0x0, 0x0}) 15m44.917062139s ago: executing program 1 (id=4304): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 15m44.209786409s ago: executing program 1 (id=4310): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x10000, 0x0) 15m44.148146392s ago: executing program 1 (id=4311): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) shutdown(r0, 0x1) recvfrom(r0, &(0x7f0000000000)=""/116, 0xffffffdd, 0x734, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x10001, 0x0) 15m43.600254125s ago: executing program 1 (id=4315): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) setrlimit(0x6, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3000008, 0x8010, 0xffffffffffffffff, 0x0) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000040)={@broadcast, @multicast1, 0x1, "3dab2026179e3f9e94f795c462aef6c3ea5725a79a084ad573851312355a1302", 0xff, 0x3, 0x6, 0x2}, 0x3c) setsockopt$MRT_DEL_MFC(0xffffffffffffffff, 0x0, 0xcd, &(0x7f0000000080)={@local, @loopback, 0x1, "a25cfc95e75c9c55d5257a3fc5cf22adcb205d64f04fc93f830b020f52814d58", 0x2, 0xffffffff, 0x5, 0xfff}, 0x3c) socket(0x1d, 0x5, 0x6) r4 = fsopen(&(0x7f00000000c0)='ocfs2_dlmfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0x1) fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, &(0x7f0000000180)='rw\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x30, r2, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x9004) 15m43.293293826s ago: executing program 33 (id=4315): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) setrlimit(0x6, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3000008, 0x8010, 0xffffffffffffffff, 0x0) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000040)={@broadcast, @multicast1, 0x1, "3dab2026179e3f9e94f795c462aef6c3ea5725a79a084ad573851312355a1302", 0xff, 0x3, 0x6, 0x2}, 0x3c) setsockopt$MRT_DEL_MFC(0xffffffffffffffff, 0x0, 0xcd, &(0x7f0000000080)={@local, @loopback, 0x1, "a25cfc95e75c9c55d5257a3fc5cf22adcb205d64f04fc93f830b020f52814d58", 0x2, 0xffffffff, 0x5, 0xfff}, 0x3c) socket(0x1d, 0x5, 0x6) r4 = fsopen(&(0x7f00000000c0)='ocfs2_dlmfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0x1) fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, &(0x7f0000000180)='rw\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x30, r2, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x9004) 15m42.993907636s ago: executing program 4 (id=4317): getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x0, 0x2}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x44}}, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r1, 0x400452c8, &(0x7f0000000100)) ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c9, &(0x7f0000000100)) 15m42.783159833s ago: executing program 4 (id=4319): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x10000, 0x0) 15m42.426292853s ago: executing program 4 (id=4322): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5800000002060102000034e40000000000000008050005000a000000050001000600000005000400000000000900020073797a310000000011000300686173683a69702c"], 0x58}, 0x1, 0x0, 0x0, 0x81}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x6}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 15m41.492312905s ago: executing program 4 (id=4329): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(0x0, r0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x10000, 0x0) 15m41.043964623s ago: executing program 34 (id=4329): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(0x0, r0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x10000, 0x0) 5.818391944s ago: executing program 2 (id=11606): unshare(0x26020480) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0) ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000040)=0x1) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, 0x0) (fail_nth: 2) 5.804485031s ago: executing program 5 (id=11607): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000480)=ANY=[@ANYBLOB="44010000000000000000000000000000000a01010000000000000000000000000000000000200000000000000000000000000000000000000b45dd66fa648d32c8475dfe0af7b604000000000000000f7c42d6f0cc7275ee976d625a2ef29b6d6424c04211a0257a588abfecc595a356d821a303ac34858e5e2896505004bf6fc779d9a6c42788dc9fe42d2de60998da821732687a98beafd15a0548253a29630e972dc8685e7664365730c48c1186d97a1e5c2609822533c5dd1a50233e44695ea4b28ad92d9c8e66141ff23c4501d670e462f8a1d5", @ANYRES32=0x0, @ANYRES8, @ANYBLOB="ffffffff000000000000000000000000000000006c000000ac1414bb00000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000100000000000000000000000000000000004"], 0x144}}, 0x20004041) openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x50bba0, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9", 0x5, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) clock_getres(0xe6c120c6abd66ccb, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_CPUID(r4, 0x4008ae8a, &(0x7f0000000180)={0x3, 0x0, [{0x80000007, 0x9, 0x79, 0x24, 0x10}, {0x40000001, 0xb, 0xfffffff6, 0x7, 0x2}, {0xc0000000, 0xc, 0x1, 0xff, 0x4}]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 5.260349163s ago: executing program 2 (id=11610): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000180)={0x1, 0x7, 0x3, &(0x7f0000000100)={0x48, "c6c103007a04bc517b5452b3b94bce47509d00"}}) 5.21135081s ago: executing program 5 (id=11613): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000122000/0x1000)=nil, 0x1000, &(0x7f0000000000)) read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) r3 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x50, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_FRAME={0x20, 0x33, @data_frame={@msdu=@type10={{0x0, 0x2, 0x7, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x9}, @random="589733b902f1", @broadcast, @device_a, {0x2, 0x500}, "", @void, @value=@ver_80211n={0x0, 0xdf, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, @a_msdu}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_usb_disconnect(r2) read$FUSE(r3, 0x0, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000040)={0x1f, 0x1}, 0x6) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000006c0), r9) sendmsg$NLBL_MGMT_C_REMOVE(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="f9002dbd7000fcdbdf2502002000050001"], 0x1c}, 0x1, 0x0, 0x0, 0x20008011}, 0x10) write$bt_hci(r8, &(0x7f0000000100)=ANY=[@ANYRES64=r7], 0x6) ioctl$SIOCSIFHWADDR(r7, 0x8b2b, &(0x7f0000000040)={'wlan1\x00', @random="010000000002"}) ioctl(r1, 0x8b2a, &(0x7f0000000040)) ioctl$AUTOFS_IOC_PROTOVER(r7, 0x80049363, &(0x7f0000000080)) 3.878779696s ago: executing program 2 (id=11619): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r4, &(0x7f0000000000)="e6", 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0xa, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x100f, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x9, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0xb, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x5, 0x4, 0x1, 0x400, 0x2, 0x0, 0x5, 0x6, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0x9, 0x10000, 0x6, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x9, 0x420, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x2, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x1, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x0, 0x2, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x805, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0xfffff800, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0xc, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x7fffffff, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x80b, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb5, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0xf142, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0xff, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x10000226, 0x5, 0x3, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x1fd, 0xffff343e, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) bind$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000080)={0x0, 0xffff, 0xe2}, 0x8) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000040)={0x7, 0x7, 0xc, 0x9, 0x0, 0xc, 0x4, 0x6, 0x8, 0x2, 0xa1, 0x4, 0x3, 0x80}, 0xe) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.976082961s ago: executing program 6 (id=11626): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) getsockopt$bt_hci(r3, 0x0, 0x3, &(0x7f0000000040)=""/38, &(0x7f00000000c0)=0x26) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, 0x0) 2.955147036s ago: executing program 3 (id=11627): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 2.615884907s ago: executing program 3 (id=11628): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000000000000000000002c"], 0xfdef) 2.467948488s ago: executing program 2 (id=11629): r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() getpeername(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r4, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={r5, 0x0, 0x0, 0x0, 0x0, [], [], [0x0, 0x0, 0x0, 0xffffffff]}) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000280)={r5, 0x0, 0x0, 0x0, 0x0, [], [], [0xfd], [0x0, 0x3, 0x400000006]}) 1.992706824s ago: executing program 6 (id=11630): syz_emit_vhci(&(0x7f0000001040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_conn_req={{0x2, 0x1, 0x4}, {0x9, 0x5}}]}}, 0x11) 1.961575565s ago: executing program 5 (id=11631): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x4, r2, 0x0, r0}, 0x10) 1.867081816s ago: executing program 6 (id=11632): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) write$binfmt_elf64(r0, &(0x7f0000000e80)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x4, 0x7, 0x6, 0x10001, 0x3, 0x3e, 0xce, 0x86, 0x40, 0x1cb, 0x4, 0xe, 0x38, 0x1, 0x0, 0x7, 0x4}, [{0x7, 0x9e57, 0x401, 0x2, 0x101, 0x1, 0xa, 0xffffffffffffa07f}], "35a8d1f82e8bd26871a3f659010baeb4e29345803d8d4a78dd09bed57b5a08e0296bd2053743e59ea032e92c4a0b6e0f4d9823f8f5aabbc74f7f9d2325a140a3bab7ccd6814fc64e8ac1be44e3050eebcb18a2af4f7b0ce8f8ee1271df2abcdc9d674f628173dc0353324c7f5bce2cd17cd10ad7467b18d9494799d92907dfc6c6", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x8f9) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1.69233799s ago: executing program 5 (id=11633): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88000000", @ANYRES16=r1, @ANYBLOB="01002abd7000fedbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="6a0033008000e1000802110000000802110000005050505050500000030000000000000064000140010003010e0406f8970000020005030037022a01032d1a02000c0200000000000000300001000f0000000700060000000472060303b92603037107"], 0x88}, 0x1, 0x0, 0x0, 0x880}, 0x0) 1.692004079s ago: executing program 6 (id=11634): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts-cbc-aes-neon\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="3c75c2015e8724b5a4c586f2ae924b27", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$sock(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="4256b7f93a528a81c6924141abaa2170af0ecda4", 0x14}, {&(0x7f0000000300)="c1ce1580debc421ee5e5000542", 0xd}], 0x2}, 0x800) recvmmsg(r1, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000800)=""/91, 0x5b}], 0x1}}], 0x1, 0x0, 0x0) 1.69173125s ago: executing program 3 (id=11635): epoll_create1(0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mount(0x0, 0x0, 0x0, 0x1a0c000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb3d68000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r3, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x40012100, 0x0) 1.166943907s ago: executing program 5 (id=11636): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x8, 0x7fff7ffc}]}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000b80)) r4 = socket$packet(0x11, 0x3, 0x300) r5 = dup(r2) r6 = fcntl$dupfd(r1, 0x406, r4) r7 = openat$rdma_cm(0xffffff9c, &(0x7f0000000340), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r7, &(0x7f0000000380)={0xc, 0x8, 0xfa00, {0x0}}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0}) ioctl$VHOST_NET_SET_BACKEND(r6, 0x4008af30, &(0x7f0000000080)={0x0, r5}) close_range(r0, 0xffffffffffffffff, 0x0) 976.972565ms ago: executing program 2 (id=11637): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$uinput_user_dev(r0, &(0x7f0000000fc0)={'syz1\x00', {0x6, 0x8001, 0x0, 0x529}, 0x26, [0xf5, 0x8, 0x80000001, 0x2, 0x202, 0xffffffff, 0x8e, 0x9, 0x9, 0x4, 0x0, 0x9, 0x7, 0x1, 0xfffffffe, 0x38, 0xffffff7f, 0xac, 0x5, 0x1443, 0x0, 0xea7, 0x1, 0x9be4bf38, 0x2, 0x20002, 0x4, 0x5, 0x20c, 0x6, 0x84, 0xd3, 0x8001, 0x3, 0x2001, 0xb, 0x2, 0x0, 0xfffffffe, 0x80000000, 0x9da, 0x939a, 0x8000, 0x6, 0x5c, 0x8, 0x7f, 0x3, 0xf2b, 0x1, 0x6, 0xfffffffa, 0xffff, 0x8, 0x7, 0x6, 0xffffff7a, 0xf3, 0x6, 0xd2, 0x8001, 0x5, 0x53, 0x40001], [0x5, 0x2, 0xd93, 0x8, 0x401, 0x8, 0x1, 0x5, 0xfffffffe, 0x40a89, 0xffb, 0xffffff4b, 0x1, 0x2, 0x0, 0x7, 0x8, 0x8, 0xfd02c36, 0x405, 0x2, 0x9, 0x5, 0x5, 0xd, 0x9, 0xc144, 0x9, 0xa, 0x5, 0xf, 0xb2cf, 0x1, 0x200, 0xec, 0x9, 0x100, 0x9, 0x5, 0x10001, 0x1, 0x865f, 0x8ec5, 0x3, 0x802, 0x7, 0x3, 0x29e3, 0xce, 0x40b4e5, 0x20000, 0x200, 0x5, 0x4, 0xff, 0x9, 0x1d, 0x3, 0x10000, 0xa, 0x26, 0x2, 0x6, 0xad], [0x4343fe9f, 0xfffffffd, 0x101, 0xffffffff, 0x80, 0x8, 0x3, 0x3, 0xc, 0x0, 0xcb06, 0xfffeffff, 0x4, 0x37, 0x5, 0x80003, 0xc8, 0xc, 0x8000, 0x2, 0xdf9e, 0x40005, 0x8, 0xa, 0x3, 0x7, 0x401, 0x5, 0x5, 0x1000002, 0xa, 0x2, 0x1, 0x0, 0x10000004, 0x911, 0x7, 0x8000, 0x31c1, 0x8, 0xb, 0x4, 0xfffffffe, 0x1f83, 0x9, 0x1, 0x2, 0x8, 0x7, 0x402, 0x9, 0xffff, 0x400, 0x80000000, 0x0, 0xb, 0x80, 0xf, 0xb, 0x8, 0x2, 0x4, 0x4, 0xffffedad], [0x27b, 0xa, 0x6, 0x10, 0x7, 0x4009, 0x8004, 0xff, 0x7fffffff, 0xe012, 0xfffffff8, 0x8, 0x7, 0xffffffff, 0x401, 0x100, 0x2, 0x0, 0xb, 0x4a8, 0x5, 0x5, 0xfffffc00, 0x91, 0x9, 0x4, 0x80000000, 0x2, 0xa, 0x27, 0x40400, 0x70, 0x9, 0xffc, 0x400002, 0x2, 0xffffffff, 0x49, 0x80088, 0x10, 0x5, 0x4d, 0x5, 0xf010, 0x400, 0x103000, 0x8, 0x5, 0x0, 0xfffffffe, 0xb, 0x1, 0xc3, 0x9, 0x807ff, 0x1, 0x3, 0xfffffc02, 0x3, 0xb, 0x5, 0x8, 0xa, 0xfffffff7]}, 0xfffffdc6) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r0, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r1, 0x10c, 0x7, 0x0, &(0x7f0000000300)) 252.297521ms ago: executing program 6 (id=11638): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom(r0, 0x0, 0x0, 0x40, 0x0, 0x0) 227.280466ms ago: executing program 3 (id=11639): syz_emit_vhci(&(0x7f0000000500)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0x75}}}, 0xa) 155.500465ms ago: executing program 3 (id=11640): syz_emit_vhci(&(0x7f0000001040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_conn_req={{0x2, 0x1, 0x4}, {0x9, 0x5}}]}}, 0x11) 154.772604ms ago: executing program 6 (id=11648): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) pselect6(0x81, &(0x7f0000000000)={0xa, 0x7ff, 0x100, 0xffffffff, 0x8, 0xba4, 0xffffffffffffffff, 0xfffffffffffffff8}, 0x0, &(0x7f00000000c0)={0x6b40, 0x3, 0x0, 0x8, 0x1, 0x4000006, 0x8, 0x8080}, 0x0, 0x0) 108.794153ms ago: executing program 5 (id=11641): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000380)={0x0, 0xffffffca, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x8, 0x7f, 0x10000000, 0x0, [0x0], [0x0, 0x29, 0x2], [], [0x0, 0x0, 0xfffffffffffffffd, 0x8000]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000340)={0x83ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6}) close_range(r0, 0xffffffffffffffff, 0x0) 704.372µs ago: executing program 2 (id=11642): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f0000000440)={'syztnl1\x00', 0x0, 0x4, 0x2, 0x2, 0x80000001, 0x58, @remote, @rand_addr=' \x01\x00', 0x8000, 0x86b0, 0xc36d}}) 0s ago: executing program 3 (id=11643): timer_create(0x0, 0x0, &(0x7f0000002a80)=0x0) timer_settime(r0, 0x0, &(0x7f0000002b00)={{}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000002ec0)) kernel console output (not intermixed with test programs): 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1696.801740][ T2568] RSP: 002b:00007f1e5d204038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 1696.801760][ T2568] RAX: ffffffffffffffda RBX: 00007f1e5c5c5fa0 RCX: 00007f1e5c38ebe9 [ 1696.801774][ T2568] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 1696.801786][ T2568] RBP: 00007f1e5d204090 R08: 0000000000000000 R09: 0000000000000000 [ 1696.801798][ T2568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1696.801810][ T2568] R13: 00007f1e5c5c6038 R14: 00007f1e5c5c5fa0 R15: 00007ffed0122108 [ 1696.801842][ T2568] [ 1697.460330][ T9] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 1697.610267][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 1697.617413][ T9] usb 3-1: config 8 has an invalid interface number: 203 but max is 0 [ 1697.625892][ T9] usb 3-1: config 8 has no interface number 0 [ 1697.635229][ T9] usb 3-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83 [ 1697.647521][ T9] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1697.658087][ T9] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023 [ 1697.668395][ T9] usb 3-1: config 8 interface 203 has no altsetting 0 [ 1697.677078][ T9] usb 3-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 1697.686247][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1697.694282][ T9] usb 3-1: Product: syz [ 1697.698737][ T9] usb 3-1: Manufacturer: syz [ 1697.703433][ T9] usb 3-1: SerialNumber: syz [ 1697.711536][ T2575] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1697.723659][ T2575] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1697.951621][ C0] port100 3-1:8.203: NFC: Urb failure (status -71) [ 1697.958937][ C0] port100 3-1:8.203: NFC: Urb failure (status -71) [ 1697.966387][ T9] port100 3-1:8.203: NFC: Could not get supported command types [ 1697.985102][ T9] usb 3-1: USB disconnect, device number 90 [ 1698.517021][ T2603] FAULT_INJECTION: forcing a failure. [ 1698.517021][ T2603] name failslab, interval 1, probability 0, space 0, times 0 [ 1698.530431][ T2603] CPU: 0 UID: 0 PID: 2603 Comm: syz.2.11193 Not tainted syzkaller #0 PREEMPT(full) [ 1698.530456][ T2603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1698.530467][ T2603] Call Trace: [ 1698.530475][ T2603] [ 1698.530483][ T2603] dump_stack_lvl+0x189/0x250 [ 1698.530514][ T2603] ? __pfx____ratelimit+0x10/0x10 [ 1698.530539][ T2603] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1698.530565][ T2603] ? __pfx__printk+0x10/0x10 [ 1698.530597][ T2603] ? __pfx___might_resched+0x10/0x10 [ 1698.530617][ T2603] ? fs_reclaim_acquire+0x7d/0x100 [ 1698.530643][ T2603] should_fail_ex+0x414/0x560 [ 1698.530666][ T2603] should_failslab+0xa8/0x100 [ 1698.530689][ T2603] __kmalloc_noprof+0xcb/0x7f0 [ 1698.530718][ T2603] ? tomoyo_encode+0x28b/0x550 [ 1698.530750][ T2603] tomoyo_encode+0x28b/0x550 [ 1698.530781][ T2603] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1698.530818][ T2603] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1698.530840][ T2603] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1698.530866][ T2603] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1698.530925][ T2603] ? __fget_files+0x2a/0x420 [ 1698.530952][ T2603] ? __fget_files+0x3a0/0x420 [ 1698.530974][ T2603] ? __fget_files+0x2a/0x420 [ 1698.531001][ T2603] security_file_ioctl+0xcb/0x2d0 [ 1698.531024][ T2603] __se_sys_ioctl+0x47/0x170 [ 1698.531045][ T2603] do_syscall_64+0xfa/0xfa0 [ 1698.531069][ T2603] ? lockdep_hardirqs_on+0x9c/0x150 [ 1698.531093][ T2603] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1698.531111][ T2603] ? clear_bhb_loop+0x60/0xb0 [ 1698.531133][ T2603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1698.531150][ T2603] RIP: 0033:0x7fd37138ebe9 [ 1698.531165][ T2603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1698.531181][ T2603] RSP: 002b:00007fd3722c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1698.531200][ T2603] RAX: ffffffffffffffda RBX: 00007fd3715c5fa0 RCX: 00007fd37138ebe9 [ 1698.531213][ T2603] RDX: 0000200000001900 RSI: 000000000000541c RDI: 0000000000000003 [ 1698.531225][ T2603] RBP: 00007fd3722c4090 R08: 0000000000000000 R09: 0000000000000000 [ 1698.531236][ T2603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1698.531247][ T2603] R13: 00007fd3715c6038 R14: 00007fd3715c5fa0 R15: 00007ffe6550b6d8 [ 1698.531278][ T2603] [ 1698.531297][ T2603] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1698.728165][ T2610] tmpfs: Bad value for 'mpol' [ 1698.912599][ T2614] FAULT_INJECTION: forcing a failure. [ 1698.912599][ T2614] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1698.938593][ T2614] CPU: 1 UID: 0 PID: 2614 Comm: syz.2.11199 Not tainted syzkaller #0 PREEMPT(full) [ 1698.938617][ T2614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1698.938628][ T2614] Call Trace: [ 1698.938635][ T2614] [ 1698.938643][ T2614] dump_stack_lvl+0x189/0x250 [ 1698.938673][ T2614] ? __pfx____ratelimit+0x10/0x10 [ 1698.938698][ T2614] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1698.938724][ T2614] ? __pfx__printk+0x10/0x10 [ 1698.938762][ T2614] should_fail_ex+0x414/0x560 [ 1698.938786][ T2614] strncpy_from_user+0x36/0x290 [ 1698.938809][ T2614] getname_flags+0xf3/0x540 [ 1698.938838][ T2614] __x64_sys_renameat2+0xad/0xe0 [ 1698.938864][ T2614] do_syscall_64+0xfa/0xfa0 [ 1698.938888][ T2614] ? lockdep_hardirqs_on+0x9c/0x150 [ 1698.938913][ T2614] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1698.938930][ T2614] ? clear_bhb_loop+0x60/0xb0 [ 1698.938952][ T2614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1698.938969][ T2614] RIP: 0033:0x7fd37138ebe9 [ 1698.938986][ T2614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1698.939001][ T2614] RSP: 002b:00007fd3722c4038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 1698.939021][ T2614] RAX: ffffffffffffffda RBX: 00007fd3715c5fa0 RCX: 00007fd37138ebe9 [ 1698.939035][ T2614] RDX: ffffffffffffffff RSI: 0000200000000180 RDI: ffffffffffffffff [ 1698.939048][ T2614] RBP: 00007fd3722c4090 R08: 0000000000000000 R09: 0000000000000000 [ 1698.939059][ T2614] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1698.939071][ T2614] R13: 00007fd3715c6038 R14: 00007fd3715c5fa0 R15: 00007ffe6550b6d8 [ 1698.939100][ T2614] [ 1699.402334][ T10] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 1699.440158][T20340] usb 7-1: new high-speed USB device number 91 using dummy_hcd [ 1699.448431][ T2635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1699.463816][ T2635] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1699.560284][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 1699.576227][ T10] usb 3-1: too many configurations: 17, using maximum allowed: 8 [ 1699.585761][ T10] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 1699.594257][ T10] usb 3-1: config 0 has no interface number 0 [ 1699.601427][ T10] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 1699.609603][ T10] usb 3-1: config 0 has no interface number 0 [ 1699.615886][T20340] usb 7-1: Using ep0 maxpacket: 8 [ 1699.622860][ T10] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 1699.631602][ T10] usb 3-1: config 0 has no interface number 0 [ 1699.641462][ T10] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 1699.654979][T20340] usb 7-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1699.664200][ T10] usb 3-1: config 0 has no interface number 0 [ 1699.671374][T20340] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1699.681313][T20340] usb 7-1: Product: syz [ 1699.685814][T20340] usb 7-1: Manufacturer: syz [ 1699.691134][T20340] usb 7-1: SerialNumber: syz [ 1699.696186][ T10] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 1699.706031][ T10] usb 3-1: config 0 has no interface number 0 [ 1699.710167][ T9776] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1699.713621][T20340] usb 7-1: config 0 descriptor?? [ 1699.730852][ T10] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 1699.739609][ T10] usb 3-1: config 0 has no interface number 0 [ 1699.747678][ T2643] FAULT_INJECTION: forcing a failure. [ 1699.747678][ T2643] name failslab, interval 1, probability 0, space 0, times 0 [ 1699.750170][T20340] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1699.767990][ T10] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 1699.768093][ T2643] CPU: 1 UID: 0 PID: 2643 Comm: syz.5.11209 Not tainted syzkaller #0 PREEMPT(full) [ 1699.768120][ T2643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1699.768134][ T2643] Call Trace: [ 1699.768143][ T2643] [ 1699.768152][ T2643] dump_stack_lvl+0x189/0x250 [ 1699.768191][ T2643] ? __pfx____ratelimit+0x10/0x10 [ 1699.768221][ T2643] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1699.768258][ T2643] ? __pfx__printk+0x10/0x10 [ 1699.768297][ T2643] ? __pfx___might_resched+0x10/0x10 [ 1699.768321][ T2643] ? fs_reclaim_acquire+0x7d/0x100 [ 1699.768350][ T2643] should_fail_ex+0x414/0x560 [ 1699.768380][ T2643] should_failslab+0xa8/0x100 [ 1699.768437][ T2643] __kmalloc_noprof+0xcb/0x7f0 [ 1699.768459][ T2643] ? tomoyo_encode+0x28b/0x550 [ 1699.768522][ T2643] tomoyo_encode+0x28b/0x550 [ 1699.768562][ T2643] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1699.768612][ T2643] ? tomoyo_domain+0xd9/0x130 [ 1699.768641][ T2643] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1699.768669][ T2643] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1699.768702][ T2643] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1699.768775][ T2643] ? __fget_files+0x2a/0x420 [ 1699.768811][ T2643] ? __fget_files+0x3a0/0x420 [ 1699.768839][ T2643] ? __fget_files+0x2a/0x420 [ 1699.768873][ T2643] security_file_ioctl+0xcb/0x2d0 [ 1699.768903][ T2643] __se_sys_ioctl+0x47/0x170 [ 1699.768930][ T2643] do_syscall_64+0xfa/0xfa0 [ 1699.768960][ T2643] ? lockdep_hardirqs_on+0x9c/0x150 [ 1699.768991][ T2643] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1699.769014][ T2643] ? clear_bhb_loop+0x60/0xb0 [ 1699.769042][ T2643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1699.769062][ T2643] RIP: 0033:0x7f1e5c38ebe9 [ 1699.769083][ T2643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1699.769104][ T2643] RSP: 002b:00007f1e5d204038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1699.769128][ T2643] RAX: ffffffffffffffda RBX: 00007f1e5c5c5fa0 RCX: 00007f1e5c38ebe9 [ 1699.769145][ T2643] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1699.769159][ T2643] RBP: 00007f1e5d204090 R08: 0000000000000000 R09: 0000000000000000 [ 1699.769174][ T2643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1699.769188][ T2643] R13: 00007f1e5c5c6038 R14: 00007f1e5c5c5fa0 R15: 00007ffed0122108 [ 1699.769226][ T2643] [ 1699.769250][ T2643] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1699.776581][ T10] usb 3-1: config 0 has no interface number 0 [ 1699.880234][ T9776] usb 4-1: Using ep0 maxpacket: 8 [ 1699.905635][ T10] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 1699.945523][ T9776] usb 4-1: config 2 has an invalid interface number: 31 but max is 0 [ 1699.963383][ T10] usb 3-1: config 0 has no interface number 0 [ 1699.995313][ T9776] usb 4-1: config 2 has no interface number 0 [ 1700.043490][ T10] usb 3-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 1700.063283][ T9776] usb 4-1: config 2 interface 31 has no altsetting 0 [ 1700.077179][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1700.090375][ T10] usb 3-1: Product: syz [ 1700.094603][ T10] usb 3-1: Manufacturer: syz [ 1700.099251][ T10] usb 3-1: SerialNumber: syz [ 1700.107395][ T10] usb 3-1: config 0 descriptor?? [ 1700.119896][ T10] etas_es58x 3-1:0.2: Starting syz syz (Serial Number syz) [ 1700.139151][ T9776] usb 4-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1700.149931][ T9776] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1700.164204][ T9776] usb 4-1: Product: syz [ 1700.168387][ T9776] usb 4-1: Manufacturer: syz [ 1700.174868][ T9776] usb 4-1: SerialNumber: syz [ 1700.315315][ T10] etas_es58x 3-1:0.2: could not parse product info: '424242424242' [ 1700.667569][ T2667] tmpfs: Bad value for 'mpol' [ 1700.824473][ T9776] ch9200 4-1:2.31: probe with driver ch9200 failed with error -22 [ 1700.849698][ T9776] usb 4-1: USB disconnect, device number 5 [ 1700.877405][ T2676] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1700.895627][ T2676] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1700.927283][ T5934] usb 3-1: USB disconnect, device number 91 [ 1700.935209][ T5934] etas_es58x 3-1:0.2: Disconnecting syz syz [ 1701.233567][ T2625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1701.255465][ T2625] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1701.490316][ T5934] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 1701.661927][ T5934] usb 3-1: config 0 has an invalid interface number: 49 but max is 0 [ 1701.688603][ T5934] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1701.701491][T20340] gspca_sonixj: reg_r err -71 [ 1701.727021][ T5934] usb 3-1: config 0 has no interface number 0 [ 1701.740102][T20340] sonixj 7-1:0.0: probe with driver sonixj failed with error -71 [ 1701.748433][ T5934] usb 3-1: too many endpoints for config 0 interface 49 altsetting 50: 56, using maximum allowed: 30 [ 1701.758368][T20340] usb 7-1: USB disconnect, device number 91 [ 1701.766435][ T5934] usb 3-1: config 0 interface 49 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 56 [ 1701.789387][ T5934] usb 3-1: config 0 interface 49 has no altsetting 0 [ 1701.796929][ T5934] usb 3-1: New USB device found, idVendor=0471, idProduct=0308, bcdDevice=e4.df [ 1701.816106][ T5934] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1701.839087][ T5934] usb 3-1: config 0 descriptor?? [ 1701.978822][ T2726] tmpfs: Bad value for 'mpol' [ 1702.058010][ T5934] usb 3-1: string descriptor 0 read error: -71 [ 1702.072290][ T5934] usb 3-1: USB disconnect, device number 92 [ 1702.230169][T20340] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1702.394025][ T2737] netlink: 1624 bytes leftover after parsing attributes in process `syz.5.11230'. [ 1702.400684][T20340] usb 4-1: Using ep0 maxpacket: 32 [ 1702.423394][T20340] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1702.431929][T20340] usb 4-1: config 0 has no interface number 0 [ 1702.438058][T20340] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1702.469365][T20340] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1702.491893][T20340] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1702.502050][T20340] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1702.515040][T20340] usb 4-1: config 0 descriptor?? [ 1703.012718][ T2763] FAULT_INJECTION: forcing a failure. [ 1703.012718][ T2763] name failslab, interval 1, probability 0, space 0, times 0 [ 1703.036245][ T2763] CPU: 0 UID: 0 PID: 2763 Comm: syz.2.11242 Not tainted syzkaller #0 PREEMPT(full) [ 1703.036266][ T2763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1703.036280][ T2763] Call Trace: [ 1703.036288][ T2763] [ 1703.036296][ T2763] dump_stack_lvl+0x189/0x250 [ 1703.036327][ T2763] ? __pfx____ratelimit+0x10/0x10 [ 1703.036352][ T2763] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1703.036380][ T2763] ? __pfx__printk+0x10/0x10 [ 1703.036411][ T2763] ? __pfx___might_resched+0x10/0x10 [ 1703.036431][ T2763] ? fs_reclaim_acquire+0x7d/0x100 [ 1703.036457][ T2763] should_fail_ex+0x414/0x560 [ 1703.036481][ T2763] should_failslab+0xa8/0x100 [ 1703.036522][ T2763] __kmalloc_noprof+0xcb/0x7f0 [ 1703.036544][ T2763] ? tomoyo_encode+0x28b/0x550 [ 1703.036582][ T2763] tomoyo_encode+0x28b/0x550 [ 1703.036619][ T2763] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1703.036654][ T2763] ? tomoyo_domain+0xd9/0x130 [ 1703.036679][ T2763] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1703.036706][ T2763] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1703.036736][ T2763] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1703.036805][ T2763] ? __fget_files+0x2a/0x420 [ 1703.036839][ T2763] ? __fget_files+0x3a0/0x420 [ 1703.036865][ T2763] ? __fget_files+0x2a/0x420 [ 1703.036896][ T2763] security_file_ioctl+0xcb/0x2d0 [ 1703.036925][ T2763] __se_sys_ioctl+0x47/0x170 [ 1703.036949][ T2763] do_syscall_64+0xfa/0xfa0 [ 1703.036980][ T2763] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1703.037000][ T2763] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1703.037021][ T2763] ? clear_bhb_loop+0x60/0xb0 [ 1703.037046][ T2763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1703.037066][ T2763] RIP: 0033:0x7fd37138ebe9 [ 1703.037086][ T2763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1703.037103][ T2763] RSP: 002b:00007fd3722c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1703.037126][ T2763] RAX: ffffffffffffffda RBX: 00007fd3715c5fa0 RCX: 00007fd37138ebe9 [ 1703.037141][ T2763] RDX: 0000200000000000 RSI: 000000004020ae76 RDI: 0000000000000004 [ 1703.037155][ T2763] RBP: 00007fd3722c4090 R08: 0000000000000000 R09: 0000000000000000 [ 1703.037168][ T2763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1703.037181][ T2763] R13: 00007fd3715c6038 R14: 00007fd3715c5fa0 R15: 00007ffe6550b6d8 [ 1703.037216][ T2763] [ 1703.037271][ T2763] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1703.287666][T20340] uclogic 0003:28BD:0094.003F: pen parameters not found [ 1703.294780][T20340] uclogic 0003:28BD:0094.003F: interface is invalid, ignoring [ 1703.430214][ T9776] usb 4-1: USB disconnect, device number 6 [ 1704.580871][ T2839] FAULT_INJECTION: forcing a failure. [ 1704.580871][ T2839] name failslab, interval 1, probability 0, space 0, times 0 [ 1704.601406][ T2839] CPU: 1 UID: 0 PID: 2839 Comm: syz.3.11268 Not tainted syzkaller #0 PREEMPT(full) [ 1704.601433][ T2839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1704.601446][ T2839] Call Trace: [ 1704.601454][ T2839] [ 1704.601462][ T2839] dump_stack_lvl+0x189/0x250 [ 1704.601496][ T2839] ? __pfx____ratelimit+0x10/0x10 [ 1704.601523][ T2839] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1704.601552][ T2839] ? __pfx__printk+0x10/0x10 [ 1704.601586][ T2839] ? __pfx___might_resched+0x10/0x10 [ 1704.601607][ T2839] ? fs_reclaim_acquire+0x7d/0x100 [ 1704.601634][ T2839] should_fail_ex+0x414/0x560 [ 1704.601660][ T2839] should_failslab+0xa8/0x100 [ 1704.601696][ T2839] __kmalloc_noprof+0xcb/0x7f0 [ 1704.601713][ T2839] ? tomoyo_encode+0x28b/0x550 [ 1704.601746][ T2839] tomoyo_encode+0x28b/0x550 [ 1704.601777][ T2839] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1704.601806][ T2839] ? tomoyo_domain+0xd9/0x130 [ 1704.601828][ T2839] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1704.601851][ T2839] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1704.601876][ T2839] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1704.601934][ T2839] ? __fget_files+0x2a/0x420 [ 1704.601961][ T2839] ? __fget_files+0x3a0/0x420 [ 1704.601983][ T2839] ? __fget_files+0x2a/0x420 [ 1704.602009][ T2839] security_file_ioctl+0xcb/0x2d0 [ 1704.602033][ T2839] __se_sys_ioctl+0x47/0x170 [ 1704.602054][ T2839] do_syscall_64+0xfa/0xfa0 [ 1704.602085][ T2839] ? lockdep_hardirqs_on+0x9c/0x150 [ 1704.602110][ T2839] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1704.602128][ T2839] ? clear_bhb_loop+0x60/0xb0 [ 1704.602149][ T2839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1704.602166][ T2839] RIP: 0033:0x7f7b5bb8ebe9 [ 1704.602182][ T2839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1704.602197][ T2839] RSP: 002b:00007f7b5ca9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1704.602217][ T2839] RAX: ffffffffffffffda RBX: 00007f7b5bdc5fa0 RCX: 00007f7b5bb8ebe9 [ 1704.602230][ T2839] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1704.602241][ T2839] RBP: 00007f7b5ca9d090 R08: 0000000000000000 R09: 0000000000000000 [ 1704.602253][ T2839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1704.602263][ T2839] R13: 00007f7b5bdc6038 R14: 00007f7b5bdc5fa0 R15: 00007ffd7be90778 [ 1704.602294][ T2839] [ 1704.602312][ T2839] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1704.752011][ T2853] tmpfs: Bad value for 'mpol' [ 1705.081786][ T9776] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 1705.250158][ T9776] usb 6-1: Using ep0 maxpacket: 32 [ 1705.275053][ T9776] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 1705.290677][ T9776] usb 6-1: config 0 has no interface number 0 [ 1705.298492][ T9776] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1705.311277][ T9776] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1705.321585][ T9776] usb 6-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1705.331052][ T9776] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1705.350880][ T9776] usb 6-1: config 0 descriptor?? [ 1705.526287][ T2884] netlink: 'syz.2.11283': attribute type 8 has an invalid length. [ 1705.969300][ T9776] uclogic 0003:28BD:0094.0040: pen parameters not found [ 1705.990270][ T9776] uclogic 0003:28BD:0094.0040: interface is invalid, ignoring [ 1706.035963][ T2918] fuse: Bad value for 'fd' [ 1706.120400][ T5934] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1706.174041][ T9776] usb 6-1: USB disconnect, device number 64 [ 1706.280160][ T5934] usb 4-1: Using ep0 maxpacket: 32 [ 1706.287359][ T5934] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 1706.303777][ T5934] usb 4-1: config 0 has no interface number 0 [ 1706.317788][ T5934] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1706.342360][ T5934] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 1706.357340][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1706.375761][ T5934] usb 4-1: Product: syz [ 1706.390396][ T5934] usb 4-1: Manufacturer: syz [ 1706.395054][ T5934] usb 4-1: SerialNumber: syz [ 1706.421397][ T5934] usb 4-1: config 0 descriptor?? [ 1706.458159][ T5934] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 1706.499524][ T5934] em28xx 4-1:0.132: Video interface 132 found: [ 1706.767225][ T2939] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1706.801501][ T2937] netlink: 1752 bytes leftover after parsing attributes in process `syz.6.11304'. [ 1706.836055][ T5934] em28xx 4-1:0.132: unknown em28xx chip ID (0) [ 1707.037485][ T2949] fuse: Bad value for 'fd' [ 1707.050300][ T2909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1707.074543][ T2909] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1707.540445][ T9776] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 1707.548290][ T5934] em28xx 4-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5) [ 1707.558575][ T5934] em28xx 4-1:0.132: failed to read eeprom (err=-5) [ 1707.583744][ T5934] em28xx 4-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 1707.633900][ T2964] tmpfs: Bad value for 'mpol' [ 1707.661831][ T5934] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 1707.671579][ T5934] em28xx 4-1:0.132: analog set to bulk mode. [ 1707.677601][ T1947] em28xx 4-1:0.132: Registering V4L2 extension [ 1707.695029][ T5934] usb 4-1: USB disconnect, device number 7 [ 1707.704322][ T5934] em28xx 4-1:0.132: Disconnecting em28xx [ 1707.734767][ T9776] usb 3-1: config 127 has an invalid interface number: 5 but max is 0 [ 1707.743620][ T9776] usb 3-1: config 127 has an invalid interface number: 229 but max is 0 [ 1707.754347][ T9776] usb 3-1: config 127 has an invalid descriptor of length 85, skipping remainder of the config [ 1707.765161][ T9776] usb 3-1: config 127 has 2 interfaces, different from the descriptor's value: 1 [ 1707.776365][ T9776] usb 3-1: config 127 has no interface number 0 [ 1707.782690][ T9776] usb 3-1: config 127 has no interface number 1 [ 1707.789070][ T9776] usb 3-1: config 127 interface 5 altsetting 0 has a duplicate endpoint with address 0xA, skipping [ 1707.799918][ T9776] usb 3-1: config 127 interface 5 altsetting 0 has a duplicate endpoint with address 0xB, skipping [ 1707.827921][ T9776] usb 3-1: config 127 interface 5 altsetting 0 has a duplicate endpoint with address 0xA, skipping [ 1707.839247][ T9776] usb 3-1: config 127 interface 5 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1024 [ 1707.856174][ T9776] usb 3-1: config 127 interface 5 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1707.860292][ T5935] usb 6-1: new low-speed USB device number 65 using dummy_hcd [ 1707.867165][ T9776] usb 3-1: config 127 interface 5 altsetting 0 has a duplicate endpoint with address 0xC, skipping [ 1707.890082][T20340] usb 7-1: new high-speed USB device number 92 using dummy_hcd [ 1707.895112][ T9776] usb 3-1: config 127 interface 5 altsetting 0 endpoint 0xD has invalid maxpacket 1024, setting to 64 [ 1707.908922][ T1947] em28xx 4-1:0.132: Config register raw data: 0xffffffed [ 1707.916178][ T1947] em28xx 4-1:0.132: AC97 chip type couldn't be determined [ 1707.926213][ T1947] em28xx 4-1:0.132: No AC97 audio processor [ 1707.935932][ T1947] usb 4-1: Decoder not found [ 1707.940585][ T9776] usb 3-1: config 127 interface 5 altsetting 0 has 10 endpoint descriptors, different from the interface descriptor's value: 16 [ 1707.953872][ T1947] em28xx 4-1:0.132: failed to create media graph [ 1707.960401][ T1947] em28xx 4-1:0.132: V4L2 device video103 deregistered [ 1707.968364][ T9776] usb 3-1: too many endpoints for config 127 interface 229 altsetting 182: 98, using maximum allowed: 30 [ 1707.969161][ T1947] em28xx 4-1:0.132: Remote control support is not available for this card. [ 1707.990374][ T9776] usb 3-1: config 127 interface 229 altsetting 182 has an invalid descriptor for endpoint zero, skipping [ 1708.002034][ T9776] usb 3-1: config 127 interface 229 altsetting 182 has a duplicate endpoint with address 0x4, skipping [ 1708.013496][ T5934] em28xx 4-1:0.132: Closing input extension [ 1708.019743][ T9776] usb 3-1: config 127 interface 229 altsetting 182 has a duplicate endpoint with address 0xA, skipping [ 1708.034928][ T9776] usb 3-1: config 127 interface 229 altsetting 182 has 5 endpoint descriptors, different from the interface descriptor's value: 98 [ 1708.050883][T20340] usb 7-1: Using ep0 maxpacket: 32 [ 1708.052684][ T5934] em28xx 4-1:0.132: Freeing device [ 1708.062076][ T5935] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1708.064082][ T9776] usb 3-1: config 127 interface 229 has no altsetting 0 [ 1708.081915][ T5935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1708.087827][ T9776] usb 3-1: New USB device found, idVendor=05d8, idProduct=8108, bcdDevice=4c.44 [ 1708.091765][T20340] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1708.099905][ T9776] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1708.131771][ T5935] usb 6-1: config 0 descriptor?? [ 1708.142135][T20340] usb 7-1: config 0 has no interface number 0 [ 1708.155717][ T2957] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1708.167151][T20340] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1708.191155][T20340] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1708.202835][T20340] usb 7-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1708.211970][T20340] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1708.237335][T20340] usb 7-1: config 0 descriptor?? [ 1708.351683][ T5935] asix 6-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 1708.406875][ T9776] usb 3-1: string descriptor 0 read error: -71 [ 1708.426996][ T9776] dvb-usb: found a 'Artec T1 USB1.1 TVBOX with AN2235' in warm state. [ 1708.443020][ T9776] dvb-usb: bulk message failed: -8 (3/0) [ 1708.470318][ T9776] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1708.501122][ T9776] dvbdev: DVB: registering new adapter (Artec T1 USB1.1 TVBOX with AN2235) [ 1708.509877][ T9776] usb 3-1: media controller created [ 1708.538275][ T9776] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1708.576112][ T9776] dvb-usb: bulk message failed: -8 (6/0) [ 1708.593559][ T9776] dvb-usb: no frontend was attached by 'Artec T1 USB1.1 TVBOX with AN2235' [ 1708.612845][ T9776] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input224 [ 1708.640813][ T9776] dvb-usb: schedule remote query interval to 150 msecs. [ 1708.648064][ T9776] dvb-usb: bulk message failed: -8 (3/0) [ 1708.672113][ T9776] dvb-usb: Artec T1 USB1.1 TVBOX with AN2235 successfully initialized and connected. [ 1708.726020][ T9776] dvb-usb: found a 'Artec T1 USB1.1 TVBOX with AN2235' in warm state. [ 1708.752153][ T9776] dvb-usb: bulk message failed: -8 (3/0) [ 1708.775471][ T9776] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1708.791880][ T9776] dvbdev: DVB: registering new adapter (Artec T1 USB1.1 TVBOX with AN2235) [ 1708.804596][ T5934] dvb-usb: bulk message failed: -8 (1/0) [ 1708.811659][ T5934] dvb-usb: error while querying for an remote control event. [ 1708.824075][ T9776] usb 3-1: media controller created [ 1708.849525][ T9776] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1708.875524][T20340] uclogic 0003:28BD:0094.0041: pen parameters not found [ 1708.889342][ T9776] dvb-usb: bulk message failed: -8 (6/0) [ 1708.900713][T20340] uclogic 0003:28BD:0094.0041: interface is invalid, ignoring [ 1708.930749][ T9776] dvb-usb: no frontend was attached by 'Artec T1 USB1.1 TVBOX with AN2235' [ 1708.954915][ T9776] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input225 [ 1708.977606][ T9776] dvb-usb: schedule remote query interval to 150 msecs. [ 1708.984829][T13674] dvb-usb: bulk message failed: -8 (1/0) [ 1708.990773][T13674] dvb-usb: error while querying for an remote control event. [ 1709.011814][ T9776] dvb-usb: bulk message failed: -8 (3/0) [ 1709.031897][ T9776] dvb-usb: Artec T1 USB1.1 TVBOX with AN2235 successfully initialized and connected. [ 1709.060684][ T9776] usb 3-1: USB disconnect, device number 93 [ 1709.111159][T20340] usb 7-1: USB disconnect, device number 92 [ 1709.197434][T13674] dvb-usb: bulk message failed: -19 (1/0) [ 1709.206260][ T9776] dvb-usb: Artec T1 USB1.1 TVBOX with AN2235 successfully deinitialized and disconnected. [ 1709.217448][T13674] dvb-usb: error while querying for an remote control event. [ 1709.237242][ T2986] FAULT_INJECTION: forcing a failure. [ 1709.237242][ T2986] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1709.258560][ T2986] CPU: 0 UID: 0 PID: 2986 Comm: syz.2.11328 Not tainted syzkaller #0 PREEMPT(full) [ 1709.258597][ T2986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1709.258611][ T2986] Call Trace: [ 1709.258621][ T2986] [ 1709.258630][ T2986] dump_stack_lvl+0x189/0x250 [ 1709.258667][ T2986] ? __pfx____ratelimit+0x10/0x10 [ 1709.258697][ T2986] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1709.258729][ T2986] ? __pfx__printk+0x10/0x10 [ 1709.258774][ T2986] should_fail_ex+0x414/0x560 [ 1709.258804][ T2986] _copy_to_user+0x31/0xb0 [ 1709.258839][ T2986] simple_read_from_buffer+0xe1/0x170 [ 1709.258872][ T2986] proc_fail_nth_read+0x1b3/0x220 [ 1709.258908][ T2986] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1709.258944][ T2986] ? rw_verify_area+0x2a6/0x4d0 [ 1709.258966][ T2986] ? __lock_acquire+0xab9/0xd20 [ 1709.258987][ T2986] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1709.259021][ T2986] vfs_read+0x200/0xa30 [ 1709.259044][ T2986] ? fdget_pos+0x247/0x320 [ 1709.259076][ T2986] ? __pfx___mutex_lock+0x10/0x10 [ 1709.259108][ T2986] ? __pfx_vfs_read+0x10/0x10 [ 1709.259132][ T2986] ? __fget_files+0x2a/0x420 [ 1709.259164][ T2986] ? __fget_files+0x3a0/0x420 [ 1709.259190][ T2986] ? __fget_files+0x2a/0x420 [ 1709.259227][ T2986] ksys_read+0x145/0x250 [ 1709.259253][ T2986] ? __pfx_ksys_read+0x10/0x10 [ 1709.259281][ T2986] ? do_syscall_64+0xbe/0xfa0 [ 1709.259315][ T2986] do_syscall_64+0xfa/0xfa0 [ 1709.259342][ T2986] ? lockdep_hardirqs_on+0x9c/0x150 [ 1709.259371][ T2986] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1709.259391][ T2986] ? clear_bhb_loop+0x60/0xb0 [ 1709.259417][ T2986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1709.259437][ T2986] RIP: 0033:0x7fd37138d5fc [ 1709.259456][ T2986] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1709.259475][ T2986] RSP: 002b:00007fd3722c4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1709.259497][ T2986] RAX: ffffffffffffffda RBX: 00007fd3715c5fa0 RCX: 00007fd37138d5fc [ 1709.259513][ T2986] RDX: 000000000000000f RSI: 00007fd3722c40a0 RDI: 0000000000000005 [ 1709.259527][ T2986] RBP: 00007fd3722c4090 R08: 0000000000000000 R09: 0000000000000000 [ 1709.259541][ T2986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1709.259554][ T2986] R13: 00007fd3715c6038 R14: 00007fd3715c5fa0 R15: 00007ffe6550b6d8 [ 1709.259596][ T2986] [ 1709.634705][ T9776] dvb-usb: Artec T1 USB1.1 TVBOX with AN2235 successfully deinitialized and disconnected. [ 1709.806862][ T3006] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1710.130310][ T5935] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1710.160052][ T5935] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 1710.195643][ T5935] asix 6-1:0.0: probe with driver asix failed with error -71 [ 1710.204843][ T3020] FAULT_INJECTION: forcing a failure. [ 1710.204843][ T3020] name failslab, interval 1, probability 0, space 0, times 0 [ 1710.230290][ T5935] usb 6-1: USB disconnect, device number 65 [ 1710.249930][ T3020] CPU: 1 UID: 0 PID: 3020 Comm: syz.6.11339 Not tainted syzkaller #0 PREEMPT(full) [ 1710.249954][ T3020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1710.249969][ T3020] Call Trace: [ 1710.249976][ T3020] [ 1710.249984][ T3020] dump_stack_lvl+0x189/0x250 [ 1710.250015][ T3020] ? __pfx____ratelimit+0x10/0x10 [ 1710.250039][ T3020] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1710.250065][ T3020] ? __pfx__printk+0x10/0x10 [ 1710.250097][ T3020] ? __pfx___might_resched+0x10/0x10 [ 1710.250123][ T3020] should_fail_ex+0x414/0x560 [ 1710.250147][ T3020] should_failslab+0xa8/0x100 [ 1710.250170][ T3020] __kmalloc_noprof+0xcb/0x7f0 [ 1710.250187][ T3020] ? kfree+0x4d/0x6d0 [ 1710.250201][ T3020] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1710.250235][ T3020] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1710.250281][ T3020] ? tomoyo_domain+0xd9/0x130 [ 1710.250304][ T3020] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1710.250328][ T3020] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1710.250355][ T3020] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1710.250425][ T3020] ? __fget_files+0x2a/0x420 [ 1710.250453][ T3020] ? __fget_files+0x3a0/0x420 [ 1710.250475][ T3020] ? __fget_files+0x2a/0x420 [ 1710.250509][ T3020] security_file_ioctl+0xcb/0x2d0 [ 1710.250551][ T3020] __se_sys_ioctl+0x47/0x170 [ 1710.250587][ T3020] do_syscall_64+0xfa/0xfa0 [ 1710.250610][ T3020] ? lockdep_hardirqs_on+0x9c/0x150 [ 1710.250635][ T3020] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1710.250653][ T3020] ? clear_bhb_loop+0x60/0xb0 [ 1710.250674][ T3020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1710.250691][ T3020] RIP: 0033:0x7f5f8458ebe9 [ 1710.250707][ T3020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1710.250723][ T3020] RSP: 002b:00007f5f854a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1710.250741][ T3020] RAX: ffffffffffffffda RBX: 00007f5f847c6090 RCX: 00007f5f8458ebe9 [ 1710.250754][ T3020] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 1710.250765][ T3020] RBP: 00007f5f854a8090 R08: 0000000000000000 R09: 0000000000000000 [ 1710.250776][ T3020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1710.250787][ T3020] R13: 00007f5f847c6128 R14: 00007f5f847c6090 R15: 00007ffc7aef3f68 [ 1710.250818][ T3020] [ 1710.478148][ C1] vkms_vblank_simulate: vblank timer overrun [ 1710.499674][ T3020] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1710.765862][ T3027] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11344'. [ 1710.917812][ T3033] netlink: 5 bytes leftover after parsing attributes in process `syz.6.11345'. [ 1710.957969][ T3033] netlink: 5 bytes leftover after parsing attributes in process `syz.6.11345'. [ 1710.977230][ T3033] netlink: 5 bytes leftover after parsing attributes in process `syz.6.11345'. [ 1710.989781][ T3039] tmpfs: Bad value for 'mpol' [ 1710.989850][ T3033] netlink: 5 bytes leftover after parsing attributes in process `syz.6.11345'. [ 1711.004688][ T3033] netlink: 5 bytes leftover after parsing attributes in process `syz.6.11345'. [ 1711.014523][ T3033] netlink: 5 bytes leftover after parsing attributes in process `syz.6.11345'. [ 1711.018220][ T3038] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.11347'. [ 1711.024290][ T3033] netlink: 5 bytes leftover after parsing attributes in process `syz.6.11345'. [ 1711.033482][ T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 1711.049060][ T3033] netlink: 5 bytes leftover after parsing attributes in process `syz.6.11345'. [ 1711.234609][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1711.250720][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1711.259781][ T10] usb 4-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1711.277365][ T10] usb 4-1: config 1 interface 0 has no altsetting 1 [ 1711.297207][ T10] usb 4-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75 [ 1711.306511][T20340] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 1711.321506][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1711.330665][ T10] usb 4-1: Product: syz [ 1711.334848][ T10] usb 4-1: Manufacturer: syz [ 1711.339533][ T10] usb 4-1: SerialNumber: syz [ 1711.362585][ T10] smsusb:smsusb_probe: board id=8, interface number 0 [ 1711.460126][ T1947] usb 7-1: new high-speed USB device number 93 using dummy_hcd [ 1711.480184][T20340] usb 6-1: Using ep0 maxpacket: 32 [ 1711.493872][T20340] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 1711.508864][T20340] usb 6-1: config 0 has no interface number 0 [ 1711.518542][T20340] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1711.539753][T20340] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1711.559137][T20340] usb 6-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1711.585085][T20340] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1711.632810][ T1947] usb 7-1: Using ep0 maxpacket: 32 [ 1711.634386][T20340] usb 6-1: config 0 descriptor?? [ 1711.654481][ T1947] usb 7-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1711.678255][ T10] smsusb:smsusb_probe: usb_set_interface failed, rc -71 [ 1711.700097][ T1947] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1711.706371][ T10] smsusb 4-1:1.0: probe with driver smsusb failed with error -71 [ 1711.727234][ T1947] usb 7-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 1711.740010][ T1947] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1711.756120][ T10] usb 4-1: USB disconnect, device number 8 [ 1711.769312][ T1947] usb 7-1: config 0 descriptor?? [ 1711.873675][ T3052] FAULT_INJECTION: forcing a failure. [ 1711.873675][ T3052] name failslab, interval 1, probability 0, space 0, times 0 [ 1711.887771][ T3052] CPU: 0 UID: 0 PID: 3052 Comm: syz.2.11352 Not tainted syzkaller #0 PREEMPT(full) [ 1711.887795][ T3052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1711.887808][ T3052] Call Trace: [ 1711.887815][ T3052] [ 1711.887826][ T3052] dump_stack_lvl+0x189/0x250 [ 1711.887858][ T3052] ? __pfx____ratelimit+0x10/0x10 [ 1711.887886][ T3052] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1711.887914][ T3052] ? __pfx__printk+0x10/0x10 [ 1711.887946][ T3052] ? __pfx___might_resched+0x10/0x10 [ 1711.887967][ T3052] ? fs_reclaim_acquire+0x7d/0x100 [ 1711.887993][ T3052] should_fail_ex+0x414/0x560 [ 1711.888018][ T3052] should_failslab+0xa8/0x100 [ 1711.888041][ T3052] __kmalloc_noprof+0xcb/0x7f0 [ 1711.888068][ T3052] ? tomoyo_encode+0x28b/0x550 [ 1711.888100][ T3052] tomoyo_encode+0x28b/0x550 [ 1711.888132][ T3052] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1711.888169][ T3052] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1711.888211][ T3052] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1711.888238][ T3052] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1711.888301][ T3052] ? __fget_files+0x2a/0x420 [ 1711.888340][ T3052] ? __fget_files+0x3a0/0x420 [ 1711.888362][ T3052] ? __fget_files+0x2a/0x420 [ 1711.888389][ T3052] security_file_ioctl+0xcb/0x2d0 [ 1711.888412][ T3052] __se_sys_ioctl+0x47/0x170 [ 1711.888433][ T3052] do_syscall_64+0xfa/0xfa0 [ 1711.888473][ T3052] ? lockdep_hardirqs_on+0x9c/0x150 [ 1711.888500][ T3052] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1711.888519][ T3052] ? clear_bhb_loop+0x60/0xb0 [ 1711.888542][ T3052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1711.888560][ T3052] RIP: 0033:0x7fd37138ebe9 [ 1711.888577][ T3052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1711.888593][ T3052] RSP: 002b:00007fd3722c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1711.888613][ T3052] RAX: ffffffffffffffda RBX: 00007fd3715c5fa0 RCX: 00007fd37138ebe9 [ 1711.888635][ T3052] RDX: 0000000000000000 RSI: 0000000000001274 RDI: 0000000000000004 [ 1711.888647][ T3052] RBP: 00007fd3722c4090 R08: 0000000000000000 R09: 0000000000000000 [ 1711.888659][ T3052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1711.888670][ T3052] R13: 00007fd3715c6038 R14: 00007fd3715c5fa0 R15: 00007ffe6550b6d8 [ 1711.888703][ T3052] [ 1711.888743][ T3052] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1712.009584][ T3046] program syz.6.11351 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1712.344656][T20340] uclogic 0003:28BD:0094.0042: pen parameters not found [ 1712.353714][T20340] uclogic 0003:28BD:0094.0042: interface is invalid, ignoring [ 1712.555465][T20340] usb 6-1: USB disconnect, device number 66 [ 1712.572398][ T1947] usbhid 7-1:0.0: can't add hid device: -71 [ 1712.593261][ T1947] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1712.635700][ T1947] usb 7-1: USB disconnect, device number 93 [ 1713.007741][ T3080] netlink: 'syz.3.11365': attribute type 72 has an invalid length. [ 1713.449736][ T3100] netlink: 'syz.6.11375': attribute type 72 has an invalid length. [ 1713.860128][T20340] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 1714.030354][T20340] usb 4-1: Using ep0 maxpacket: 8 [ 1714.042738][T20340] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1714.054288][T20340] usb 4-1: can't read configurations, error -61 [ 1714.116478][ T3124] netlink: 'syz.6.11386': attribute type 72 has an invalid length. [ 1714.200255][T20340] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1714.373074][T20340] usb 4-1: Using ep0 maxpacket: 8 [ 1714.392415][T20340] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1714.400220][T20340] usb 4-1: can't read configurations, error -61 [ 1714.409056][T20340] usb usb4-port1: attempt power cycle [ 1714.860130][T20340] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 1714.882772][T20340] usb 4-1: Using ep0 maxpacket: 8 [ 1714.896397][T20340] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1714.943713][T20340] usb 4-1: can't read configurations, error -61 [ 1715.091942][T20340] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 1715.132084][T20340] usb 4-1: Using ep0 maxpacket: 8 [ 1715.143060][T20340] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1715.155047][T20340] usb 4-1: can't read configurations, error -61 [ 1715.180466][T20340] usb usb4-port1: unable to enumerate USB device [ 1715.261824][ T10] usb 6-1: new high-speed USB device number 67 using dummy_hcd [ 1715.420036][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 1715.439193][ T10] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1715.461649][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1715.477952][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1715.489828][ T10] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1715.504213][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1715.518355][ T10] usb 6-1: Product: syz [ 1715.523849][ T10] usb 6-1: Manufacturer: syz [ 1715.528542][ T10] usb 6-1: SerialNumber: syz [ 1715.951093][ T10] usb 6-1: 0:2 : does not exist [ 1715.993723][ T3189] __nla_validate_parse: 66 callbacks suppressed [ 1715.993741][ T3189] netlink: 1752 bytes leftover after parsing attributes in process `syz.6.11416'. [ 1716.118556][ T3196] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.11418'. [ 1716.320164][T20340] usb 7-1: new high-speed USB device number 94 using dummy_hcd [ 1716.348533][ T3208] FAULT_INJECTION: forcing a failure. [ 1716.348533][ T3208] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.362209][ T3208] CPU: 1 UID: 0 PID: 3208 Comm: syz.2.11422 Not tainted syzkaller #0 PREEMPT(full) [ 1716.362232][ T3208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1716.362244][ T3208] Call Trace: [ 1716.362252][ T3208] [ 1716.362259][ T3208] dump_stack_lvl+0x189/0x250 [ 1716.362290][ T3208] ? __pfx____ratelimit+0x10/0x10 [ 1716.362313][ T3208] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1716.362340][ T3208] ? __pfx__printk+0x10/0x10 [ 1716.362371][ T3208] ? __pfx___might_resched+0x10/0x10 [ 1716.362391][ T3208] ? fs_reclaim_acquire+0x7d/0x100 [ 1716.362417][ T3208] should_fail_ex+0x414/0x560 [ 1716.362440][ T3208] should_failslab+0xa8/0x100 [ 1716.362467][ T3208] __kmalloc_noprof+0xcb/0x7f0 [ 1716.362485][ T3208] ? tomoyo_encode+0x28b/0x550 [ 1716.362516][ T3208] tomoyo_encode+0x28b/0x550 [ 1716.362548][ T3208] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1716.362583][ T3208] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1716.362608][ T3208] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1716.362626][ T3208] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1716.362684][ T3208] ? __fget_files+0x2a/0x420 [ 1716.362712][ T3208] ? __fget_files+0x3a0/0x420 [ 1716.362733][ T3208] ? __fget_files+0x2a/0x420 [ 1716.362759][ T3208] security_file_ioctl+0xcb/0x2d0 [ 1716.362776][ T3208] __se_sys_ioctl+0x47/0x170 [ 1716.362791][ T3208] do_syscall_64+0xfa/0xfa0 [ 1716.362808][ T3208] ? lockdep_hardirqs_on+0x9c/0x150 [ 1716.362833][ T3208] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1716.362851][ T3208] ? clear_bhb_loop+0x60/0xb0 [ 1716.362872][ T3208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1716.362888][ T3208] RIP: 0033:0x7fd37138ebe9 [ 1716.362904][ T3208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1716.362917][ T3208] RSP: 002b:00007fd3722c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1716.362931][ T3208] RAX: ffffffffffffffda RBX: 00007fd3715c5fa0 RCX: 00007fd37138ebe9 [ 1716.362940][ T3208] RDX: 0000200000000280 RSI: 00000000c0306201 RDI: 0000000000000005 [ 1716.362948][ T3208] RBP: 00007fd3722c4090 R08: 0000000000000000 R09: 0000000000000000 [ 1716.362956][ T3208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1716.362965][ T3208] R13: 00007fd3715c6038 R14: 00007fd3715c5fa0 R15: 00007ffe6550b6d8 [ 1716.362997][ T3208] [ 1716.363045][ T3208] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1716.488810][T20340] usb 7-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73 [ 1716.623581][T20340] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1716.664271][T20340] usb 7-1: Product: syz [ 1716.668733][T20340] usb 7-1: Manufacturer: syz [ 1716.677525][T20340] usb 7-1: SerialNumber: syz [ 1716.683323][ T10] usb 6-1: 1:0: failed to get current value for ch 0 (-22) [ 1716.716708][T20340] usb 7-1: config 0 descriptor?? [ 1716.730241][ T10] usb 6-1: USB disconnect, device number 67 [ 1717.018785][ T3222] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.11427'. [ 1717.165114][ T3193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1717.180738][ T3193] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1717.192053][ T3193] netlink: 12 bytes leftover after parsing attributes in process `syz.6.11417'. [ 1717.253084][T20340] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1717.280620][T20340] asix 7-1:0.0: probe with driver asix failed with error -71 [ 1717.308321][T20340] usb 7-1: USB disconnect, device number 94 [ 1717.413216][ T3231] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11431'. [ 1717.628594][ T3243] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.11436'. [ 1717.852961][ T3255] overlayfs: missing 'lowerdir' [ 1718.262593][T20340] usb 7-1: new high-speed USB device number 95 using dummy_hcd [ 1718.337724][ T3269] FAULT_INJECTION: forcing a failure. [ 1718.337724][ T3269] name failslab, interval 1, probability 0, space 0, times 0 [ 1718.385665][ T3269] CPU: 1 UID: 0 PID: 3269 Comm: syz.5.11447 Not tainted syzkaller #0 PREEMPT(full) [ 1718.385695][ T3269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1718.385709][ T3269] Call Trace: [ 1718.385717][ T3269] [ 1718.385727][ T3269] dump_stack_lvl+0x189/0x250 [ 1718.385764][ T3269] ? __pfx____ratelimit+0x10/0x10 [ 1718.385794][ T3269] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1718.385825][ T3269] ? __pfx__printk+0x10/0x10 [ 1718.385874][ T3269] ? __pfx___might_resched+0x10/0x10 [ 1718.385897][ T3269] ? fs_reclaim_acquire+0x7d/0x100 [ 1718.385926][ T3269] should_fail_ex+0x414/0x560 [ 1718.385953][ T3269] should_failslab+0xa8/0x100 [ 1718.385979][ T3269] __kmalloc_noprof+0xcb/0x7f0 [ 1718.385999][ T3269] ? tomoyo_encode+0x28b/0x550 [ 1718.386036][ T3269] tomoyo_encode+0x28b/0x550 [ 1718.386071][ T3269] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1718.386105][ T3269] ? tomoyo_domain+0xd9/0x130 [ 1718.386129][ T3269] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1718.386156][ T3269] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1718.386185][ T3269] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1718.386255][ T3269] ? __fget_files+0x2a/0x420 [ 1718.386287][ T3269] ? __fget_files+0x3a0/0x420 [ 1718.386312][ T3269] ? __fget_files+0x2a/0x420 [ 1718.386343][ T3269] security_file_ioctl+0xcb/0x2d0 [ 1718.386370][ T3269] __se_sys_ioctl+0x47/0x170 [ 1718.386394][ T3269] do_syscall_64+0xfa/0xfa0 [ 1718.386421][ T3269] ? lockdep_hardirqs_on+0x9c/0x150 [ 1718.386448][ T3269] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1718.386468][ T3269] ? clear_bhb_loop+0x60/0xb0 [ 1718.386491][ T3269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1718.386528][ T3269] RIP: 0033:0x7f1e5c38ebe9 [ 1718.386547][ T3269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1718.386565][ T3269] RSP: 002b:00007f1e5d204038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1718.386587][ T3269] RAX: ffffffffffffffda RBX: 00007f1e5c5c5fa0 RCX: 00007f1e5c38ebe9 [ 1718.386602][ T3269] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1718.386615][ T3269] RBP: 00007f1e5d204090 R08: 0000000000000000 R09: 0000000000000000 [ 1718.386635][ T3269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1718.386648][ T3269] R13: 00007f1e5c5c6038 R14: 00007f1e5c5c5fa0 R15: 00007ffed0122108 [ 1718.386683][ T3269] [ 1718.386774][ T3269] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1718.420086][T20340] usb 7-1: Using ep0 maxpacket: 32 [ 1718.561398][ T3273] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.11448'. [ 1718.575162][T20340] usb 7-1: config 0 has an invalid interface number: 35 but max is 0 [ 1718.783476][T20340] usb 7-1: config 0 has no interface number 0 [ 1718.804551][T20340] usb 7-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 1718.817253][T20340] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1718.837290][T20340] usb 7-1: Product: syz [ 1718.841824][T20340] usb 7-1: Manufacturer: syz [ 1718.850193][T20340] usb 7-1: SerialNumber: syz [ 1718.871251][T20340] usb 7-1: config 0 descriptor?? [ 1718.894225][T20340] radio-si470x 7-1:0.35: could not find interrupt in endpoint [ 1718.902821][T20340] radio-si470x 7-1:0.35: probe with driver radio-si470x failed with error -5 [ 1719.026090][ T3283] loop8: detected capacity change from 0 to 8 [ 1719.046301][ T3283] loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 [ 1719.070539][ T3283] loop8: p1 start 540042604 is beyond EOD, truncated [ 1719.079277][ T3286] syz.2.11454 (3286): /proc/3285/oom_adj is deprecated, please use /proc/3285/oom_score_adj instead. [ 1719.098024][T20340] radio-raremono 7-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 1719.106586][ T3283] loop8: p2 start 528661076 is beyond EOD, truncated [ 1719.144374][ T3283] loop8: p3 start 8 is beyond EOD, truncated [ 1719.158755][ T3283] loop8: p4 start 3529794595 is beyond EOD, truncated [ 1719.168991][ T3283] loop8: p5 start 2690239768 is beyond EOD, truncated [ 1719.176566][ T3283] loop8: p6 start 1431538145 is beyond EOD, truncated [ 1719.184061][ T3283] loop8: p7 start 1634731803 is beyond EOD, truncated [ 1719.192366][ T3283] loop8: p8 start 614672050 is beyond EOD, truncated [ 1719.201285][ T3283] loop8: p9 start 609447309 is beyond EOD, truncated [ 1719.208139][ T3283] loop8: p10 start 3832541991 is beyond EOD, truncated [ 1719.236302][ T3283] loop8: p11 start 3286981679 is beyond EOD, truncated [ 1719.308124][T20340] radio-raremono 7-1:0.35: raremono_cmd_main failed (-71) [ 1719.327514][T20340] radio-raremono 7-1:0.35: V4L2 device registered as radio48 [ 1719.371842][T20340] usb 7-1: USB disconnect, device number 95 [ 1719.391104][T20340] radio-raremono 7-1:0.35: Thanko's Raremono disconnected [ 1719.584597][ T3296] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.11457'. [ 1719.756279][ T3304] FAULT_INJECTION: forcing a failure. [ 1719.756279][ T3304] name failslab, interval 1, probability 0, space 0, times 0 [ 1719.801648][ T3304] CPU: 1 UID: 0 PID: 3304 Comm: syz.5.11461 Not tainted syzkaller #0 PREEMPT(full) [ 1719.801676][ T3304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1719.801690][ T3304] Call Trace: [ 1719.801698][ T3304] [ 1719.801708][ T3304] dump_stack_lvl+0x189/0x250 [ 1719.801743][ T3304] ? __pfx____ratelimit+0x10/0x10 [ 1719.801772][ T3304] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1719.801802][ T3304] ? __pfx__printk+0x10/0x10 [ 1719.801837][ T3304] ? __pfx___might_resched+0x10/0x10 [ 1719.801861][ T3304] ? fs_reclaim_acquire+0x7d/0x100 [ 1719.801890][ T3304] should_fail_ex+0x414/0x560 [ 1719.801917][ T3304] should_failslab+0xa8/0x100 [ 1719.801943][ T3304] kmem_cache_alloc_node_noprof+0x77/0x710 [ 1719.801964][ T3304] ? __alloc_skb+0x112/0x2d0 [ 1719.801992][ T3304] ? netlink_autobind+0xdb/0x300 [ 1719.802027][ T3304] __alloc_skb+0x112/0x2d0 [ 1719.802059][ T3304] netlink_sendmsg+0x5c6/0xb30 [ 1719.802097][ T3304] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1719.802129][ T3304] ? aa_sock_msg_perm+0xf1/0x1d0 [ 1719.802160][ T3304] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1719.802187][ T3304] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1719.802216][ T3304] __sock_sendmsg+0x21c/0x270 [ 1719.802245][ T3304] ____sys_sendmsg+0x505/0x830 [ 1719.802270][ T3304] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1719.802299][ T3304] ? import_iovec+0x74/0xa0 [ 1719.802332][ T3304] ___sys_sendmsg+0x21f/0x2a0 [ 1719.802354][ T3304] ? __pfx____sys_sendmsg+0x10/0x10 [ 1719.802405][ T3304] ? __fget_files+0x2a/0x420 [ 1719.802430][ T3304] ? __fget_files+0x3a0/0x420 [ 1719.802476][ T3304] __x64_sys_sendmsg+0x19b/0x260 [ 1719.802499][ T3304] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1719.802530][ T3304] ? __pfx_ksys_write+0x10/0x10 [ 1719.802557][ T3304] ? do_syscall_64+0xbe/0xfa0 [ 1719.802590][ T3304] do_syscall_64+0xfa/0xfa0 [ 1719.802617][ T3304] ? lockdep_hardirqs_on+0x9c/0x150 [ 1719.802644][ T3304] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1719.802662][ T3304] ? clear_bhb_loop+0x60/0xb0 [ 1719.802684][ T3304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1719.802702][ T3304] RIP: 0033:0x7f1e5c38ebe9 [ 1719.802720][ T3304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1719.802738][ T3304] RSP: 002b:00007f1e5d204038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1719.802758][ T3304] RAX: ffffffffffffffda RBX: 00007f1e5c5c5fa0 RCX: 00007f1e5c38ebe9 [ 1719.802773][ T3304] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 1719.802786][ T3304] RBP: 00007f1e5d204090 R08: 0000000000000000 R09: 0000000000000000 [ 1719.802798][ T3304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1719.802809][ T3304] R13: 00007f1e5c5c6038 R14: 00007f1e5c5c5fa0 R15: 00007ffed0122108 [ 1719.802840][ T3304] [ 1720.660214][ T5934] usb 7-1: new high-speed USB device number 96 using dummy_hcd [ 1720.850833][ T5934] usb 7-1: config 0 has no interfaces? [ 1720.858653][ T5934] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1720.870709][ T5934] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1720.887579][ T5934] usb 7-1: Product: syz [ 1720.898206][ T5934] usb 7-1: Manufacturer: syz [ 1720.908071][ T5934] usb 7-1: SerialNumber: syz [ 1720.923437][ T5934] usb 7-1: config 0 descriptor?? [ 1720.930372][T13674] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 1721.091960][T13674] usb 3-1: Using ep0 maxpacket: 32 [ 1721.099342][T13674] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1721.120070][T13674] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1721.134294][ T3343] FAULT_INJECTION: forcing a failure. [ 1721.134294][ T3343] name failslab, interval 1, probability 0, space 0, times 0 [ 1721.155313][T13674] usb 3-1: config 0 descriptor?? [ 1721.193862][ T3343] CPU: 0 UID: 0 PID: 3343 Comm: syz.3.11475 Not tainted syzkaller #0 PREEMPT(full) [ 1721.193888][ T3343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1721.193900][ T3343] Call Trace: [ 1721.193907][ T3343] [ 1721.193916][ T3343] dump_stack_lvl+0x189/0x250 [ 1721.193950][ T3343] ? __pfx____ratelimit+0x10/0x10 [ 1721.193977][ T3343] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1721.194005][ T3343] ? __pfx__printk+0x10/0x10 [ 1721.194039][ T3343] ? __pfx___might_resched+0x10/0x10 [ 1721.194061][ T3343] ? fs_reclaim_acquire+0x7d/0x100 [ 1721.194096][ T3343] should_fail_ex+0x414/0x560 [ 1721.194122][ T3343] should_failslab+0xa8/0x100 [ 1721.194146][ T3343] __kmalloc_noprof+0xcb/0x7f0 [ 1721.194165][ T3343] ? tomoyo_encode+0x28b/0x550 [ 1721.194210][ T3343] tomoyo_encode+0x28b/0x550 [ 1721.194242][ T3343] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1721.194279][ T3343] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1721.194302][ T3343] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1721.194327][ T3343] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1721.194388][ T3343] ? __fget_files+0x2a/0x420 [ 1721.194416][ T3343] ? __fget_files+0x3a0/0x420 [ 1721.194438][ T3343] ? __fget_files+0x2a/0x420 [ 1721.194465][ T3343] security_file_ioctl+0xcb/0x2d0 [ 1721.194493][ T3343] __se_sys_ioctl+0x47/0x170 [ 1721.194515][ T3343] do_syscall_64+0xfa/0xfa0 [ 1721.194539][ T3343] ? lockdep_hardirqs_on+0x9c/0x150 [ 1721.194563][ T3343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1721.194597][ T3343] ? clear_bhb_loop+0x60/0xb0 [ 1721.194621][ T3343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1721.194645][ T3343] RIP: 0033:0x7f7b5bb8ebe9 [ 1721.194662][ T3343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1721.194678][ T3343] RSP: 002b:00007f7b5ca7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1721.194698][ T3343] RAX: ffffffffffffffda RBX: 00007f7b5bdc6090 RCX: 00007f7b5bb8ebe9 [ 1721.194712][ T3343] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000004 [ 1721.194725][ T3343] RBP: 00007f7b5ca7c090 R08: 0000000000000000 R09: 0000000000000000 [ 1721.194737][ T3343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1721.194748][ T3343] R13: 00007f7b5bdc6128 R14: 00007f7b5bdc6090 R15: 00007ffd7be90778 [ 1721.194780][ T3343] [ 1721.194800][ T3343] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1721.266285][ T1947] usb 7-1: USB disconnect, device number 96 [ 1721.490212][T13674] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1721.514112][T13674] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1721.532644][T20340] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 1721.534182][T13674] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1721.562960][T13674] usb 3-1: media controller created [ 1721.619194][T13674] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1721.690456][T20340] usb 6-1: Using ep0 maxpacket: 8 [ 1721.708499][T20340] usb 6-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1721.720368][T20340] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1721.724679][T13674] az6027: usb out operation failed. (-71) [ 1721.738119][T13674] az6027: usb out operation failed. (-71) [ 1721.747090][T13674] stb0899_attach: Driver disabled by Kconfig [ 1721.754865][T13674] az6027: no front-end attached [ 1721.754865][T13674] [ 1721.758975][T20340] usb 6-1: Product: syz [ 1721.764877][T13674] az6027: usb out operation failed. (-71) [ 1721.772595][T13674] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1721.779381][T20340] usb 6-1: Manufacturer: syz [ 1721.785889][T20340] usb 6-1: SerialNumber: syz [ 1721.806948][T20340] usb 6-1: config 0 descriptor?? [ 1721.808281][T13674] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input227 [ 1721.826626][T20340] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1721.827876][T13674] dvb-usb: schedule remote query interval to 400 msecs. [ 1721.841274][T13674] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1721.853363][T13674] usb 3-1: USB disconnect, device number 94 [ 1721.913289][T13674] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1722.372177][ T3352] tmpfs: Bad value for 'mpol' [ 1722.620142][ T10] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 1722.770069][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 1722.777175][ T10] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1722.787494][ T10] usb 3-1: config 0 has no interface number 0 [ 1722.793787][ T10] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1722.804955][ T10] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1722.814767][ T10] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1722.826113][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1722.840151][ T10] usb 3-1: config 0 descriptor?? [ 1723.239817][ T3345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1723.250693][ T3345] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1723.290326][T20340] gspca_sonixj: i2c_w8 err -71 [ 1723.380214][T20340] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 1723.398547][T20340] usb 6-1: USB disconnect, device number 68 [ 1723.459894][ T10] uclogic 0003:28BD:0094.0043: pen parameters not found [ 1723.472216][ T10] uclogic 0003:28BD:0094.0043: interface is invalid, ignoring [ 1723.650078][T13674] usb 7-1: new high-speed USB device number 97 using dummy_hcd [ 1723.662240][ T10] usb 3-1: USB disconnect, device number 95 [ 1723.801469][T13674] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 1723.811432][T13674] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1723.821104][T13674] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1723.835056][T13674] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1723.844871][T13674] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1723.854203][T13674] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1723.865464][T13674] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1723.877796][T13674] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1723.892841][T13674] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1723.904500][T13674] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1723.913920][T13674] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1723.923157][T13674] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1723.934368][T13674] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1723.942761][T13674] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1723.953550][T13674] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1723.964835][T13674] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1723.972962][T13674] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1723.982300][T13674] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1723.993632][T13674] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1724.003407][T13674] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.014051][T13674] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.025210][T13674] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1724.033056][T13674] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.042431][T13674] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.055109][T13674] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1724.070341][T13674] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1724.079614][T13674] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1724.094487][T13674] usb 7-1: Product: syz [ 1724.098669][T13674] usb 7-1: Manufacturer: syz [ 1724.105321][T13674] usb 7-1: SerialNumber: syz [ 1724.115084][T13674] usb 7-1: config 0 descriptor?? [ 1724.127741][T13674] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 1724.334861][ T1947] usb 7-1: USB disconnect, device number 97 [ 1724.349657][ T1947] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 1724.382394][ T3371] netlink: 'syz.2.11488': attribute type 12 has an invalid length. [ 1724.453810][T20340] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 1724.615203][T20340] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 1724.624199][T20340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.634011][T20340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.646093][T20340] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1724.653863][T20340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.668429][T20340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.670264][T13674] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 1724.684504][T20340] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1724.707140][T20340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.718337][T20340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.735276][T20340] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1724.744674][T20340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.757108][T20340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.770614][T20340] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1724.778522][T20340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.787808][T20340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.798962][T20340] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1724.807469][T20340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.817165][T20340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.828310][T20340] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1724.836725][T20340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.846144][T20340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.851740][T13674] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 1724.857622][T20340] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1724.874344][T20340] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.887589][T13674] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.897826][T13674] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.900070][T20340] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.909242][T13674] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1724.932429][T13674] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.942855][T13674] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.954598][T13674] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1724.960111][T20340] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1724.963443][T13674] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1724.981007][T13674] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1724.991592][T20340] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1724.992545][T13674] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1725.009259][T13674] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1725.012403][T20340] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1725.020104][T13674] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1725.028115][ T3385] tmpfs: Bad value for 'mpol' [ 1725.038238][T13674] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1725.052645][T13674] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1725.062004][T20340] usb 6-1: Product: syz [ 1725.062063][T13674] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1725.066277][T20340] usb 6-1: Manufacturer: syz [ 1725.066296][T20340] usb 6-1: SerialNumber: syz [ 1725.077890][T20340] usb 6-1: config 0 descriptor?? [ 1725.091730][T20340] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 1725.122495][T13674] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1725.130702][T13674] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1725.141431][T13674] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1725.153300][T13674] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1725.161807][T13674] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1725.171791][T13674] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1725.185024][T13674] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1725.192869][T13674] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1725.202116][T13674] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1725.214222][T13674] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1725.223193][T13674] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1725.235481][T13674] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1725.244326][T13674] usb 3-1: Product: syz [ 1725.248517][T13674] usb 3-1: Manufacturer: syz [ 1725.253276][T13674] usb 3-1: SerialNumber: syz [ 1725.260621][T13674] usb 3-1: config 0 descriptor?? [ 1725.273429][T13674] yurex 3-1:0.0: USB YUREX device now attached to Yurex #1 [ 1725.281403][ T3365] FAULT_INJECTION: forcing a failure. [ 1725.281403][ T3365] name failslab, interval 1, probability 0, space 0, times 0 [ 1725.281433][ T3365] CPU: 0 UID: 0 PID: 3365 Comm: syz.5.11485 Not tainted syzkaller #0 PREEMPT(full) [ 1725.281457][ T3365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1725.281470][ T3365] Call Trace: [ 1725.281477][ T3365] [ 1725.281486][ T3365] dump_stack_lvl+0x189/0x250 [ 1725.281519][ T3365] ? __pfx____ratelimit+0x10/0x10 [ 1725.281545][ T3365] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1725.281574][ T3365] ? __pfx__printk+0x10/0x10 [ 1725.281608][ T3365] ? __pfx___might_resched+0x10/0x10 [ 1725.281629][ T3365] ? fs_reclaim_acquire+0x7d/0x100 [ 1725.281656][ T3365] should_fail_ex+0x414/0x560 [ 1725.281682][ T3365] should_failslab+0xa8/0x100 [ 1725.281706][ T3365] __kmalloc_noprof+0xcb/0x7f0 [ 1725.281725][ T3365] ? tomoyo_encode+0x28b/0x550 [ 1725.281759][ T3365] tomoyo_encode+0x28b/0x550 [ 1725.281792][ T3365] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1725.281835][ T3365] tomoyo_check_open_permission+0x1c1/0x3b0 [ 1725.281860][ T3365] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 1725.281884][ T3365] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1725.281951][ T3365] ? __fget_files+0x2a/0x420 [ 1725.281975][ T3365] ? __fget_files+0x3a0/0x420 [ 1725.281999][ T3365] ? tomoyo_file_fcntl+0x17e/0x210 [ 1725.282021][ T3365] security_file_fcntl+0x9b/0x2d0 [ 1725.282049][ T3365] __se_sys_fcntl+0x8b/0x150 [ 1725.282084][ T3365] do_syscall_64+0xfa/0xfa0 [ 1725.282115][ T3365] ? lockdep_hardirqs_on+0x9c/0x150 [ 1725.282145][ T3365] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1725.282166][ T3365] ? clear_bhb_loop+0x60/0xb0 [ 1725.282191][ T3365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1725.282213][ T3365] RIP: 0033:0x7f1e5c38ebe9 [ 1725.282232][ T3365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1725.282250][ T3365] RSP: 002b:00007f1e5d204038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 1725.282273][ T3365] RAX: ffffffffffffffda RBX: 00007f1e5c5c5fa0 RCX: 00007f1e5c38ebe9 [ 1725.282288][ T3365] RDX: 0000000000042400 RSI: 0000000000000004 RDI: 0000000000000004 [ 1725.282302][ T3365] RBP: 00007f1e5d204090 R08: 0000000000000000 R09: 0000000000000000 [ 1725.282314][ T3365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1725.282327][ T3365] R13: 00007f1e5c5c6038 R14: 00007f1e5c5c5fa0 R15: 00007ffed0122108 [ 1725.282372][ T3365] [ 1725.282417][ T3365] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1725.350158][ T1947] usb 7-1: new high-speed USB device number 98 using dummy_hcd [ 1725.432244][T20340] usb 6-1: USB disconnect, device number 69 [ 1725.556931][T20340] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 1725.568037][ T3373] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1725.580042][ T3373] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1725.582803][ T1947] usb 7-1: Using ep0 maxpacket: 32 [ 1725.594099][ T10] usb 3-1: USB disconnect, device number 96 [ 1725.598951][ T10] yurex 3-1:0.0: USB YUREX #1 now disconnected [ 1725.633094][ T1947] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1725.660285][ T1947] usb 7-1: config 0 has no interface number 0 [ 1725.672988][ T1947] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1725.695524][ T1947] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1725.707115][ T1947] usb 7-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1725.716912][ T1947] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1725.732088][ T1947] usb 7-1: config 0 descriptor?? [ 1726.279225][ T3404] fuse: Bad value for 'group_id' [ 1726.287558][ T3404] fuse: Bad value for 'group_id' [ 1726.350227][ T1947] uclogic 0003:28BD:0094.0044: pen parameters not found [ 1726.371407][ T1947] uclogic 0003:28BD:0094.0044: interface is invalid, ignoring [ 1726.570029][ T10] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 1726.582586][T20340] usb 7-1: USB disconnect, device number 98 [ 1726.730344][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 1726.740969][ T10] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1726.771190][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1726.790779][ T10] usb 3-1: config 0 descriptor?? [ 1726.889604][ T3421] FAULT_INJECTION: forcing a failure. [ 1726.889604][ T3421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1726.905804][ T3421] CPU: 0 UID: 0 PID: 3421 Comm: syz.5.11507 Not tainted syzkaller #0 PREEMPT(full) [ 1726.905828][ T3421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1726.905839][ T3421] Call Trace: [ 1726.905851][ T3421] [ 1726.905859][ T3421] dump_stack_lvl+0x189/0x250 [ 1726.905910][ T3421] ? __pfx____ratelimit+0x10/0x10 [ 1726.905936][ T3421] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1726.905965][ T3421] ? __pfx__printk+0x10/0x10 [ 1726.906003][ T3421] ? __might_fault+0xb0/0x130 [ 1726.906033][ T3421] should_fail_ex+0x414/0x560 [ 1726.906057][ T3421] _copy_to_iter+0x404/0x1790 [ 1726.906097][ T3421] ? __pfx__copy_to_iter+0x10/0x10 [ 1726.906139][ T3421] ? transaction_log_show+0x73d/0x7c0 [ 1726.906178][ T3421] seq_read_iter+0xbf5/0xe20 [ 1726.906228][ T3421] seq_read+0x369/0x480 [ 1726.906254][ T3421] ? __pfx_seq_read+0x10/0x10 [ 1726.906272][ T3421] ? __debugfs_file_get+0x5dd/0x710 [ 1726.906301][ T3421] ? __pfx___debugfs_file_get+0x10/0x10 [ 1726.906338][ T3421] full_proxy_read+0x127/0x1f0 [ 1726.906365][ T3421] ? __pfx_full_proxy_read+0x10/0x10 [ 1726.906393][ T3421] vfs_read+0x200/0xa30 [ 1726.906412][ T3421] ? fdget_pos+0x247/0x320 [ 1726.906439][ T3421] ? __pfx___mutex_lock+0x10/0x10 [ 1726.906466][ T3421] ? __pfx_vfs_read+0x10/0x10 [ 1726.906488][ T3421] ? __fget_files+0x2a/0x420 [ 1726.906534][ T3421] ? __fget_files+0x3a0/0x420 [ 1726.906559][ T3421] ? __fget_files+0x2a/0x420 [ 1726.906597][ T3421] ksys_read+0x145/0x250 [ 1726.906624][ T3421] ? __pfx_ksys_read+0x10/0x10 [ 1726.906652][ T3421] ? do_syscall_64+0xbe/0xfa0 [ 1726.906686][ T3421] do_syscall_64+0xfa/0xfa0 [ 1726.906714][ T3421] ? lockdep_hardirqs_on+0x9c/0x150 [ 1726.906748][ T3421] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1726.906769][ T3421] ? clear_bhb_loop+0x60/0xb0 [ 1726.906794][ T3421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1726.906814][ T3421] RIP: 0033:0x7f1e5c38ebe9 [ 1726.906833][ T3421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1726.906851][ T3421] RSP: 002b:00007f1e5d204038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1726.906873][ T3421] RAX: ffffffffffffffda RBX: 00007f1e5c5c5fa0 RCX: 00007f1e5c38ebe9 [ 1726.906889][ T3421] RDX: 00000000000000ad RSI: 0000200000000140 RDI: 0000000000000003 [ 1726.906903][ T3421] RBP: 00007f1e5d204090 R08: 0000000000000000 R09: 0000000000000000 [ 1726.906916][ T3421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1726.906929][ T3421] R13: 00007f1e5c5c6038 R14: 00007f1e5c5c5fa0 R15: 00007ffed0122108 [ 1726.906966][ T3421] [ 1727.182779][ T10] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1727.198309][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1727.216445][ T10] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1727.233780][ T10] usb 3-1: media controller created [ 1727.258676][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1727.431546][ T10] az6027: usb out operation failed. (-71) [ 1727.439134][ T10] az6027: usb out operation failed. (-71) [ 1727.444967][ T10] stb0899_attach: Driver disabled by Kconfig [ 1727.451047][ T10] az6027: no front-end attached [ 1727.451047][ T10] [ 1727.460275][ T10] az6027: usb out operation failed. (-71) [ 1727.468569][ T10] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1727.485959][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input228 [ 1727.505840][ T10] dvb-usb: schedule remote query interval to 400 msecs. [ 1727.513312][ T10] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1727.548729][ T10] usb 3-1: USB disconnect, device number 97 [ 1727.583463][ T5935] IPVS: starting estimator thread 0... [ 1727.661217][ T10] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1727.700306][ T9776] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 1727.701144][ T3440] IPVS: using max 30 ests per chain, 72000 per kthread [ 1727.855259][ T9776] usb 6-1: config 0 has an invalid interface number: 49 but max is 0 [ 1727.867909][ T9776] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1727.878594][ T9776] usb 6-1: config 0 has no interface number 0 [ 1727.885189][ T9776] usb 6-1: too many endpoints for config 0 interface 49 altsetting 50: 56, using maximum allowed: 30 [ 1727.896469][ T9776] usb 6-1: config 0 interface 49 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 56 [ 1727.911212][ T9776] usb 6-1: config 0 interface 49 has no altsetting 0 [ 1727.917928][ T9776] usb 6-1: New USB device found, idVendor=0471, idProduct=0308, bcdDevice=e4.df [ 1727.927581][ T9776] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1727.948562][ T9776] usb 6-1: config 0 descriptor?? [ 1728.080108][T13674] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1728.169400][ T9776] usb 6-1: string descriptor 0 read error: -71 [ 1728.186276][ T9776] usb 6-1: USB disconnect, device number 70 [ 1728.231970][T13674] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 1728.240244][ T1947] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 1728.249908][T13674] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1728.250061][ T5935] usb 7-1: new full-speed USB device number 99 using dummy_hcd [ 1728.258926][T13674] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1728.258953][T13674] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1728.285918][T13674] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1728.298261][T13674] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1728.309199][T13674] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1728.317266][T13674] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1728.326493][T13674] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1728.337506][T13674] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1728.345008][T13674] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1728.355785][T13674] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1728.367237][T13674] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1728.374790][T13674] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1728.383756][T13674] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1728.394840][T13674] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1728.404729][T13674] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1728.414633][T13674] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1728.426189][T13674] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1728.432770][ T5935] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1728.432811][ T5935] usb 7-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00 [ 1728.439461][ T1947] usb 3-1: Using ep0 maxpacket: 8 [ 1728.459754][ T5935] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1728.467413][ T1947] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1728.477335][ T5935] usb 7-1: config 0 descriptor?? [ 1728.477538][ T1947] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1728.490649][T13674] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1728.499584][T13674] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1728.510709][T13674] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1728.517401][ T1947] usb 3-1: Product: syz [ 1728.522662][ T1947] usb 3-1: Manufacturer: syz [ 1728.527297][ T1947] usb 3-1: SerialNumber: syz [ 1728.533060][T13674] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1728.542019][T13674] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1728.564052][T13674] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1728.574697][T13674] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1728.584894][ T1947] usb 3-1: config 0 descriptor?? [ 1728.590195][T13674] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1728.599159][T13674] usb 4-1: Product: syz [ 1728.606371][ T1947] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1728.612759][T13674] usb 4-1: Manufacturer: syz [ 1728.617409][T13674] usb 4-1: SerialNumber: syz [ 1728.626063][T13674] usb 4-1: config 0 descriptor?? [ 1728.637126][T13674] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 1728.850638][T13674] usb 4-1: USB disconnect, device number 13 [ 1728.878275][T13674] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 1728.895552][ T3460] usb usb8: usbfs: process 3460 (syz.5.11526) did not claim interface 0 before use [ 1728.916597][ T3454] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1728.935378][ T3454] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1728.967874][ T5935] hid-udraw 0003:20D6:CB17.0045: unknown main item tag 0x0 [ 1728.975485][ T5935] hid-udraw 0003:20D6:CB17.0045: unknown main item tag 0x0 [ 1728.983486][ T5935] hid-udraw 0003:20D6:CB17.0045: unknown main item tag 0x0 [ 1728.991844][ T5935] hid-udraw 0003:20D6:CB17.0045: unknown main item tag 0x0 [ 1728.999068][ T5935] hid-udraw 0003:20D6:CB17.0045: unknown main item tag 0x0 [ 1729.012885][ T5935] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:20D6:CB17.0045/input/input229 [ 1729.110308][ T5935] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:20D6:CB17.0045/input/input230 [ 1729.182801][ T5935] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:20D6:CB17.0045/input/input231 [ 1729.237230][ T5935] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:20D6:CB17.0045/input/input232 [ 1729.294171][ T5935] hid-udraw 0003:20D6:CB17.0045: hidraw0: USB HID v8.80 Device [HID 20d6:cb17] on usb-dummy_hcd.6-1/input0 [ 1729.365449][ T5935] usb 7-1: USB disconnect, device number 99 [ 1729.468525][ T3466] fido_id[3466]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory [ 1729.864357][ T3482] FAULT_INJECTION: forcing a failure. [ 1729.864357][ T3482] name failslab, interval 1, probability 0, space 0, times 0 [ 1729.879069][ T3482] CPU: 0 UID: 0 PID: 3482 Comm: syz.3.11533 Not tainted syzkaller #0 PREEMPT(full) [ 1729.879094][ T3482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1729.879106][ T3482] Call Trace: [ 1729.879113][ T3482] [ 1729.879121][ T3482] dump_stack_lvl+0x189/0x250 [ 1729.879153][ T3482] ? __pfx____ratelimit+0x10/0x10 [ 1729.879178][ T3482] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1729.879206][ T3482] ? __pfx__printk+0x10/0x10 [ 1729.879236][ T3482] ? __pfx___might_resched+0x10/0x10 [ 1729.879256][ T3482] ? fs_reclaim_acquire+0x7d/0x100 [ 1729.879281][ T3482] should_fail_ex+0x414/0x560 [ 1729.879305][ T3482] should_failslab+0xa8/0x100 [ 1729.879328][ T3482] __kmalloc_cache_noprof+0x6f/0x6f0 [ 1729.879347][ T3482] ? resv_map_alloc+0x88/0x2c0 [ 1729.879379][ T3482] resv_map_alloc+0x88/0x2c0 [ 1729.879419][ T3482] hugetlbfs_get_inode+0x68/0x660 [ 1729.879442][ T3482] ? fput+0xa0/0xd0 [ 1729.879471][ T3482] hugetlb_file_setup+0x21d/0x630 [ 1729.879496][ T3482] ksys_mmap_pgoff+0x22f/0x760 [ 1729.879519][ T3482] do_syscall_64+0xfa/0xfa0 [ 1729.879542][ T3482] ? lockdep_hardirqs_on+0x9c/0x150 [ 1729.879567][ T3482] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1729.879584][ T3482] ? clear_bhb_loop+0x60/0xb0 [ 1729.879605][ T3482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1729.879623][ T3482] RIP: 0033:0x7f7b5bb8ebe9 [ 1729.879639][ T3482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1729.879654][ T3482] RSP: 002b:00007f7b5ca9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1729.879674][ T3482] RAX: ffffffffffffffda RBX: 00007f7b5bdc5fa0 RCX: 00007f7b5bb8ebe9 [ 1729.879686][ T3482] RDX: 0000000000000003 RSI: 0000000000ff5000 RDI: 0000200000000000 [ 1729.879698][ T3482] RBP: 00007f7b5ca9d090 R08: ffffffffffffffff R09: 0000000000000000 [ 1729.879710][ T3482] R10: 000200000005c832 R11: 0000000000000246 R12: 0000000000000001 [ 1729.879722][ T3482] R13: 00007f7b5bdc6038 R14: 00007f7b5bdc5fa0 R15: 00007ffd7be90778 [ 1729.879751][ T3482] [ 1730.081234][ T3456] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1730.092557][ T3456] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1730.122239][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1730.132258][ T1947] gspca_sonixj: i2c_w8 err -71 [ 1730.221845][ T1947] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 1730.233586][ T1947] usb 3-1: USB disconnect, device number 98 [ 1730.240687][ T5935] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 1730.369847][ T3493] FAULT_INJECTION: forcing a failure. [ 1730.369847][ T3493] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.407105][ T3493] CPU: 1 UID: 0 PID: 3493 Comm: syz.3.11540 Not tainted syzkaller #0 PREEMPT(full) [ 1730.407142][ T3493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1730.407155][ T3493] Call Trace: [ 1730.407165][ T3493] [ 1730.407174][ T3493] dump_stack_lvl+0x189/0x250 [ 1730.407212][ T3493] ? __pfx____ratelimit+0x10/0x10 [ 1730.407241][ T3493] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1730.407273][ T3493] ? __pfx__printk+0x10/0x10 [ 1730.407310][ T3493] ? __pfx___might_resched+0x10/0x10 [ 1730.407333][ T3493] ? fs_reclaim_acquire+0x7d/0x100 [ 1730.407363][ T3493] should_fail_ex+0x414/0x560 [ 1730.407393][ T3493] should_failslab+0xa8/0x100 [ 1730.407419][ T3493] __kmalloc_noprof+0xcb/0x7f0 [ 1730.407441][ T3493] ? tomoyo_encode+0x28b/0x550 [ 1730.407479][ T3493] tomoyo_encode+0x28b/0x550 [ 1730.407517][ T3493] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1730.407561][ T3493] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1730.407588][ T3493] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1730.407618][ T3493] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1730.407697][ T3493] ? __fget_files+0x2a/0x420 [ 1730.407739][ T3493] ? __fget_files+0x3a0/0x420 [ 1730.407763][ T3493] ? __fget_files+0x2a/0x420 [ 1730.407792][ T3493] security_file_ioctl+0xcb/0x2d0 [ 1730.407816][ T3493] __se_sys_ioctl+0x47/0x170 [ 1730.407839][ T3493] do_syscall_64+0xfa/0xfa0 [ 1730.407864][ T3493] ? lockdep_hardirqs_on+0x9c/0x150 [ 1730.407891][ T3493] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1730.407910][ T3493] ? clear_bhb_loop+0x60/0xb0 [ 1730.407933][ T3493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1730.407951][ T3493] RIP: 0033:0x7f7b5bb8ebe9 [ 1730.407968][ T3493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1730.407984][ T3493] RSP: 002b:00007f7b5ca9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1730.408005][ T3493] RAX: ffffffffffffffda RBX: 00007f7b5bdc5fa0 RCX: 00007f7b5bb8ebe9 [ 1730.408019][ T3493] RDX: 0000200000000080 RSI: 00000000c0285628 RDI: 0000000000000003 [ 1730.408032][ T3493] RBP: 00007f7b5ca9d090 R08: 0000000000000000 R09: 0000000000000000 [ 1730.408044][ T3493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1730.408055][ T3493] R13: 00007f7b5bdc6038 R14: 00007f7b5bdc5fa0 R15: 00007ffd7be90778 [ 1730.408087][ T3493] [ 1730.408107][ T3493] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1730.432676][ T5935] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1730.669815][ T5935] usb 6-1: New USB device found, idVendor=0471, idProduct=0308, bcdDevice=e4.df [ 1730.679245][ T5935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1730.803633][ T5935] usb 6-1: config 0 descriptor?? [ 1730.846975][ T5935] pwc: Philips PCVC680K (Vesta Pro) USB webcam detected. [ 1731.025720][ T3503] tmpfs: Bad value for 'mpol' [ 1731.032980][ T5935] pwc: send_video_command error -71 [ 1731.038213][ T5935] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 1731.067181][ T5935] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71 [ 1731.089672][ T5935] usb 6-1: USB disconnect, device number 71 [ 1731.173043][T23872] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1731.184345][T23872] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1731.192711][T23872] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1731.203387][T23872] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1731.210994][T23872] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1731.300581][T32105] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1731.310139][ T5921] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 1731.350396][T20340] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1731.392969][T32105] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1731.467168][T32105] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1731.477639][ T5921] usb 3-1: Using ep0 maxpacket: 32 [ 1731.489386][ T5921] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1731.498067][ T5921] usb 3-1: config 0 has no interface number 0 [ 1731.504699][ T5921] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1731.517588][ T5921] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1731.528954][T20340] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1731.541970][T20340] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1731.552353][ T5921] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1731.561960][T20340] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1731.571646][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1731.580222][T20340] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1731.599116][ T5921] usb 3-1: config 0 descriptor?? [ 1731.600726][T32105] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1731.608764][ T3505] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1731.649337][T20340] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1731.841943][ T1947] usb 4-1: USB disconnect, device number 14 [ 1731.899285][ T3506] chnl_net:caif_netlink_parms(): no params data found [ 1732.114113][T32105] bridge_slave_1: left allmulticast mode [ 1732.119823][T32105] bridge_slave_1: left promiscuous mode [ 1732.127414][T32105] bridge0: port 2(bridge_slave_1) entered disabled state [ 1732.144040][T32105] bridge_slave_0: left allmulticast mode [ 1732.152042][T32105] bridge_slave_0: left promiscuous mode [ 1732.160357][T32105] bridge0: port 1(bridge_slave_0) entered disabled state [ 1732.250275][ T5921] uclogic 0003:28BD:0094.0046: pen parameters not found [ 1732.257279][ T5921] uclogic 0003:28BD:0094.0046: interface is invalid, ignoring [ 1732.463339][ T5921] usb 3-1: USB disconnect, device number 99 [ 1732.868753][T32105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1732.879780][T32105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1732.890123][T32105] bond0 (unregistering): Released all slaves [ 1733.000159][ T1947] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1733.082231][ T3506] bridge0: port 1(bridge_slave_0) entered blocking state [ 1733.089579][ T3506] bridge0: port 1(bridge_slave_0) entered disabled state [ 1733.098787][ T3506] bridge_slave_0: entered allmulticast mode [ 1733.106974][ T3506] bridge_slave_0: entered promiscuous mode [ 1733.160199][ T1947] usb 4-1: Using ep0 maxpacket: 8 [ 1733.186207][ T1947] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1733.199203][ T3506] bridge0: port 2(bridge_slave_1) entered blocking state [ 1733.205860][ T1947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1733.208619][ T3506] bridge0: port 2(bridge_slave_1) entered disabled state [ 1733.216705][ T1947] usb 4-1: Product: syz [ 1733.234940][ T1947] usb 4-1: Manufacturer: syz [ 1733.238860][ T3506] bridge_slave_1: entered allmulticast mode [ 1733.239666][ T1947] usb 4-1: SerialNumber: syz [ 1733.248247][ T3506] bridge_slave_1: entered promiscuous mode [ 1733.251661][ T5183] Bluetooth: hci0: command tx timeout [ 1733.283623][ T1947] usb 4-1: config 0 descriptor?? [ 1733.294768][ T1947] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1733.363532][ T3506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1733.380985][T13674] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 1733.410908][T32105] hsr_slave_0: left promiscuous mode [ 1733.418663][T32105] hsr_slave_1: left promiscuous mode [ 1733.429058][T32105] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1733.441177][T32105] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1733.449189][T32105] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1733.457530][T32105] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1733.480342][ T9] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 1733.505146][T32105] veth1_macvtap: left promiscuous mode [ 1733.517265][T32105] veth0_macvtap: left promiscuous mode [ 1733.525507][T32105] veth1_vlan: left promiscuous mode [ 1733.538450][T32105] veth0_vlan: left promiscuous mode [ 1733.542191][T13674] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1733.554233][T13674] usb 6-1: New USB device found, idVendor=0471, idProduct=0308, bcdDevice=e4.df [ 1733.564742][T13674] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1733.591259][T13674] usb 6-1: config 0 descriptor?? [ 1733.610623][T13674] pwc: Philips PCVC680K (Vesta Pro) USB webcam detected. [ 1733.662716][ T9] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1733.694965][ T9] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1733.742991][ T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1733.767645][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1733.797092][ T3549] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1733.811654][T13674] pwc: send_video_command error -71 [ 1733.832312][ T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1733.841102][T13674] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 1733.858937][T13674] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71 [ 1733.916418][T13674] usb 6-1: USB disconnect, device number 72 [ 1734.061281][ T9776] usb 3-1: USB disconnect, device number 100 [ 1734.578772][T32105] team0 (unregistering): Port device team_slave_1 removed [ 1734.624156][T32105] team0 (unregistering): Port device team_slave_0 removed [ 1734.671337][ T9776] usb 6-1: new full-speed USB device number 73 using dummy_hcd [ 1734.721575][ T3538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1734.731301][ T3538] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1734.834478][ T9776] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 1734.843223][ T9776] usb 6-1: config 0 has no interface number 0 [ 1734.849455][ T9776] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1734.861185][ T9776] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1734.876334][ T9776] usb 6-1: config 0 descriptor?? [ 1734.885578][ T9776] usb 6-1: selecting invalid altsetting 1 [ 1734.911007][ T9776] dvb_ttusb_budget: ttusb_init_controller: error [ 1734.917420][ T9776] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1734.960032][ T1947] gspca_sonixj: i2c_w8 err -71 [ 1735.021585][ T1947] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 1735.048995][ T1947] usb 4-1: USB disconnect, device number 15 [ 1735.077079][ T9776] DVB: Unable to find symbol cx22700_attach() [ 1735.187974][ T9776] DVB: Unable to find symbol tda10046_attach() [ 1735.202162][ T5183] Bluetooth: hci4: unexpected event for opcode 0x2031 [ 1735.214745][ T9776] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1735.234028][ T9776] usb 6-1: USB disconnect, device number 73 [ 1735.320417][ T5183] Bluetooth: hci0: command tx timeout [ 1735.394041][ T3506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1735.490901][ T3506] team0: Port device team_slave_0 added [ 1735.531375][ T3506] team0: Port device team_slave_1 added [ 1735.626471][ T3506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1735.638889][ T3506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1735.664981][ C1] vkms_vblank_simulate: vblank timer overrun [ 1735.682354][ T3506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1735.711141][ T3506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1735.718803][ T3506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1735.753580][ T3506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1735.913608][ T3506] hsr_slave_0: entered promiscuous mode [ 1735.930659][ T3506] hsr_slave_1: entered promiscuous mode [ 1735.937028][ T3506] debugfs: 'hsr0' already exists in 'hsr' [ 1735.942996][ T9776] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1735.961158][ T3506] Cannot create hsr debugfs directory [ 1736.100040][ T9776] usb 4-1: Using ep0 maxpacket: 16 [ 1736.107003][ T9776] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 1736.136959][ T9776] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 1736.179884][T32105] IPVS: stop unused estimator thread 0... [ 1736.180863][ T9776] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1736.206335][ T9776] usb 4-1: Product: syz [ 1736.223782][ T9776] usb 4-1: Manufacturer: syz [ 1736.228433][ T9776] usb 4-1: SerialNumber: syz [ 1736.262664][ T9776] usb 4-1: config 0 descriptor?? [ 1736.297697][ T9776] hub 4-1:0.0: bad descriptor, ignoring hub [ 1736.320115][ T9776] hub 4-1:0.0: probe with driver hub failed with error -5 [ 1736.364038][ T9776] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1736.499880][ T3603] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.11568'. [ 1736.530054][ T1947] usb 6-1: new high-speed USB device number 74 using dummy_hcd [ 1736.544460][ T3581] netlink: 92 bytes leftover after parsing attributes in process `syz.3.11562'. [ 1736.682091][ T9776] usb 4-1: USB disconnect, device number 16 [ 1736.720536][ T1947] usb 6-1: Using ep0 maxpacket: 16 [ 1736.735798][ T1947] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1736.797185][ T1947] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1736.839129][ T1947] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1736.877865][ T3608] tmpfs: Bad value for 'mpol' [ 1736.882925][ T1947] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1736.906940][ T1947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1736.933947][ T1947] usb 6-1: config 0 descriptor?? [ 1737.130148][ T5872] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 1737.290818][ T5872] usb 3-1: Using ep0 maxpacket: 32 [ 1737.301769][ T5872] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1737.321094][ T5872] usb 3-1: config 0 has no interface number 0 [ 1737.330203][ T5872] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1737.358875][ T3506] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1737.369215][ T5872] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1737.389636][ T1947] microsoft 0003:045E:07DA.0047: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 1737.408510][ T5872] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1737.410405][ T5183] Bluetooth: hci0: command tx timeout [ 1737.430081][ T1947] microsoft 0003:045E:07DA.0047: no inputs found [ 1737.448276][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1737.467230][ T3506] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1737.468573][ T1947] microsoft 0003:045E:07DA.0047: could not initialize ff, continuing anyway [ 1737.505649][ T5872] usb 3-1: config 0 descriptor?? [ 1737.519085][ T3506] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1737.559361][ T3506] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1737.572346][ T1947] usb 6-1: USB disconnect, device number 74 [ 1737.744969][ T3506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1737.760038][ T9776] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1737.789441][ T3506] 8021q: adding VLAN 0 to HW filter on device team0 [ 1737.812005][T32105] bridge0: port 1(bridge_slave_0) entered blocking state [ 1737.819189][T32105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1737.838778][T32105] bridge0: port 2(bridge_slave_1) entered blocking state [ 1737.845943][T32105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1737.935838][ T9776] usb 4-1: Using ep0 maxpacket: 8 [ 1737.968817][ T9776] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1737.995784][ T9776] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1738.009283][ T9776] usb 4-1: Product: syz [ 1738.016795][ T9776] usb 4-1: Manufacturer: syz [ 1738.024699][ T9776] usb 4-1: SerialNumber: syz [ 1738.051052][ T9776] usb 4-1: config 0 descriptor?? [ 1738.088435][ T9776] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1738.142295][ T5872] uclogic 0003:28BD:0094.0048: pen parameters not found [ 1738.159186][ T5872] uclogic 0003:28BD:0094.0048: interface is invalid, ignoring [ 1738.286373][ T3506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1738.349811][ T5872] usb 3-1: USB disconnect, device number 101 [ 1739.068836][ T3506] veth0_vlan: entered promiscuous mode [ 1739.104535][ T3506] veth1_vlan: entered promiscuous mode [ 1739.196325][ T5183] Bluetooth: hci1: unexpected subevent 0x01 length: 6 < 18 [ 1739.208496][ T3506] veth0_macvtap: entered promiscuous mode [ 1739.223388][ T3650] netlink: 20 bytes leftover after parsing attributes in process `syz.5.11574'. [ 1739.251406][ T3666] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.11576'. [ 1739.269324][ T3506] veth1_macvtap: entered promiscuous mode [ 1739.346020][ T3506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1739.395395][ T3506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1739.437017][T32105] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1739.467152][T32105] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1739.480695][ T5183] Bluetooth: hci0: command tx timeout [ 1739.485276][ T3617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1739.521712][T32105] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1739.537397][ T3617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1739.539702][T32105] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1739.761685][T28776] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1739.781193][T13674] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 1739.793173][T28776] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1739.810442][ T9776] gspca_sonixj: i2c_w8 err -71 [ 1739.855139][T28776] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1739.871454][ T9776] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 1739.879329][T28776] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1739.922376][ T9776] usb 4-1: USB disconnect, device number 17 [ 1739.981129][T13674] usb 3-1: Using ep0 maxpacket: 32 [ 1739.995747][T13674] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1740.015626][T13674] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1740.035386][T13674] usb 3-1: config 0 descriptor?? [ 1740.246469][T13674] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1740.261505][T13674] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1740.282419][T13674] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1740.290273][T13674] usb 3-1: media controller created [ 1740.292055][ T5921] usb 7-1: new high-speed USB device number 100 using dummy_hcd [ 1740.362884][T13674] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1740.455581][T13674] az6027: usb out operation failed. (-71) [ 1740.475326][T13674] az6027: usb out operation failed. (-71) [ 1740.495509][T13674] stb0899_attach: Driver disabled by Kconfig [ 1740.497271][ T5921] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1740.525622][T13674] az6027: no front-end attached [ 1740.525622][T13674] [ 1740.558024][T13674] az6027: usb out operation failed. (-71) [ 1740.559737][ T5921] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1740.576488][T13674] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1740.590139][ T5921] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1740.619724][ T5921] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1740.621710][T13674] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input234 [ 1740.684576][ T3687] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1740.705379][ T5921] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 1740.708933][T13674] dvb-usb: schedule remote query interval to 400 msecs. [ 1740.780436][T13674] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1740.814593][T13674] usb 3-1: USB disconnect, device number 102 [ 1740.915601][ T5921] usb 7-1: USB disconnect, device number 100 [ 1741.098641][ T3714] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.11584'. [ 1741.123538][ T3687] FAULT_INJECTION: forcing a failure. [ 1741.123538][ T3687] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1741.123806][T13674] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1741.141793][ T3687] CPU: 0 UID: 0 PID: 3687 Comm: syz.6.11539 Not tainted syzkaller #0 PREEMPT(full) [ 1741.141822][ T3687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1741.141836][ T3687] Call Trace: [ 1741.141846][ T3687] [ 1741.141855][ T3687] dump_stack_lvl+0x189/0x250 [ 1741.141894][ T3687] ? __pfx____ratelimit+0x10/0x10 [ 1741.141922][ T3687] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1741.141954][ T3687] ? __pfx__printk+0x10/0x10 [ 1741.141985][ T3687] ? __might_fault+0xb0/0x130 [ 1741.142020][ T3687] should_fail_ex+0x414/0x560 [ 1741.142048][ T3687] _copy_from_user+0x2d/0xb0 [ 1741.142081][ T3687] core_sys_select+0x609/0xa20 [ 1741.142120][ T3687] ? __pfx_core_sys_select+0x10/0x10 [ 1741.142172][ T3687] ? __pfx_set_user_sigmask+0x10/0x10 [ 1741.142209][ T3687] __se_sys_pselect6+0x27a/0x300 [ 1741.142242][ T3687] ? __pfx___se_sys_pselect6+0x10/0x10 [ 1741.142287][ T3687] ? __pfx_ksys_write+0x10/0x10 [ 1741.142316][ T3687] ? __x64_sys_pselect6+0x21/0xf0 [ 1741.142342][ T3687] do_syscall_64+0xfa/0xfa0 [ 1741.142369][ T3687] ? lockdep_hardirqs_on+0x9c/0x150 [ 1741.142395][ T3687] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1741.142416][ T3687] ? clear_bhb_loop+0x60/0xb0 [ 1741.142440][ T3687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1741.142460][ T3687] RIP: 0033:0x7f45c638ebe9 [ 1741.142477][ T3687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1741.142512][ T3687] RSP: 002b:00007f45c72e0038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 1741.142535][ T3687] RAX: ffffffffffffffda RBX: 00007f45c65c5fa0 RCX: 00007f45c638ebe9 [ 1741.142551][ T3687] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000040 [ 1741.142564][ T3687] RBP: 00007f45c72e0090 R08: 0000000000000000 R09: 0000000000000000 [ 1741.142577][ T3687] R10: 00002000000008c0 R11: 0000000000000246 R12: 0000000000000001 [ 1741.142591][ T3687] R13: 00007f45c65c6038 R14: 00007f45c65c5fa0 R15: 00007ffe2aaf5238 [ 1741.142635][ T3687] [ 1741.361654][ T3718] FAULT_INJECTION: forcing a failure. [ 1741.361654][ T3718] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1741.374856][ T3718] CPU: 1 UID: 0 PID: 3718 Comm: syz.2.11585 Not tainted syzkaller #0 PREEMPT(full) [ 1741.374883][ T3718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1741.374896][ T3718] Call Trace: [ 1741.374905][ T3718] [ 1741.374914][ T3718] dump_stack_lvl+0x189/0x250 [ 1741.374950][ T3718] ? __pfx____ratelimit+0x10/0x10 [ 1741.374985][ T3718] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1741.375016][ T3718] ? __pfx__printk+0x10/0x10 [ 1741.375060][ T3718] should_fail_ex+0x414/0x560 [ 1741.375088][ T3718] _copy_from_user+0x2d/0xb0 [ 1741.375119][ T3718] __copy_msghdr+0x3c5/0x5b0 [ 1741.375145][ T3718] ___sys_sendmsg+0x1a5/0x2a0 [ 1741.375168][ T3718] ? __pfx____sys_sendmsg+0x10/0x10 [ 1741.375225][ T3718] ? __fget_files+0x2a/0x420 [ 1741.375250][ T3718] ? __fget_files+0x3a0/0x420 [ 1741.375288][ T3718] __x64_sys_sendmsg+0x19b/0x260 [ 1741.375311][ T3718] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1741.375342][ T3718] ? __pfx_ksys_write+0x10/0x10 [ 1741.375371][ T3718] ? do_syscall_64+0xbe/0xfa0 [ 1741.375403][ T3718] do_syscall_64+0xfa/0xfa0 [ 1741.375430][ T3718] ? lockdep_hardirqs_on+0x9c/0x150 [ 1741.375458][ T3718] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1741.375477][ T3718] ? clear_bhb_loop+0x60/0xb0 [ 1741.375502][ T3718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1741.375522][ T3718] RIP: 0033:0x7fd37138ebe9 [ 1741.375540][ T3718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1741.375557][ T3718] RSP: 002b:00007fd3722c4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1741.375579][ T3718] RAX: ffffffffffffffda RBX: 00007fd3715c5fa0 RCX: 00007fd37138ebe9 [ 1741.375594][ T3718] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000006 [ 1741.375607][ T3718] RBP: 00007fd3722c4090 R08: 0000000000000000 R09: 0000000000000000 [ 1741.375620][ T3718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1741.375633][ T3718] R13: 00007fd3715c6038 R14: 00007fd3715c5fa0 R15: 00007ffe6550b6d8 [ 1741.375666][ T3718] [ 1741.581084][ T5872] IPVS: starting estimator thread 0... [ 1741.710091][ T3719] IPVS: using max 31 ests per chain, 74400 per kthread [ 1741.721136][ T3723] fuse: Unknown parameter 'grou00000000000000000000' [ 1742.050346][ T5872] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1742.200367][ T5872] usb 4-1: Using ep0 maxpacket: 8 [ 1742.209362][ T5872] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1742.218989][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1742.239473][ T5872] usb 4-1: Product: syz [ 1742.244633][ T5872] usb 4-1: Manufacturer: syz [ 1742.249254][ T5872] usb 4-1: SerialNumber: syz [ 1742.264981][ T5872] usb 4-1: config 0 descriptor?? [ 1742.277589][ T5872] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1742.432603][T13674] usb 6-1: new high-speed USB device number 75 using dummy_hcd [ 1742.590128][T13674] usb 6-1: Using ep0 maxpacket: 32 [ 1742.599175][T13674] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1742.612055][T13674] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1742.623663][T13674] usb 6-1: config 0 descriptor?? [ 1742.690151][ T9776] usb 7-1: new high-speed USB device number 101 using dummy_hcd [ 1742.840421][ T9776] usb 7-1: Using ep0 maxpacket: 32 [ 1742.845839][T13674] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 1742.869285][ T9776] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1742.888247][T13674] usb 6-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 1742.899184][ T9776] usb 7-1: config 0 has no interface number 0 [ 1742.909333][ T9776] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1742.929026][T13674] usb 6-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 1742.943192][ T9776] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1742.953295][ T9776] usb 7-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1742.962986][ T9776] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1742.975023][ T9776] usb 7-1: config 0 descriptor?? [ 1743.587128][ T9776] uclogic 0003:28BD:0094.0049: pen parameters not found [ 1743.591450][ T3768] fuse: Unknown parameter 'grou00000000000000000000' [ 1743.601342][ T9776] uclogic 0003:28BD:0094.0049: interface is invalid, ignoring [ 1743.688180][ T3729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1743.704261][ T3729] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1743.799939][ T9776] usb 7-1: USB disconnect, device number 101 [ 1743.940186][ T5872] gspca_sonixj: i2c_w8 err -71 [ 1744.001174][ T5872] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 1744.032823][ T5872] usb 4-1: USB disconnect, device number 18 [ 1744.208024][ T3773] FAULT_INJECTION: forcing a failure. [ 1744.208024][ T3773] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.252951][ T3773] CPU: 1 UID: 0 PID: 3773 Comm: syz.2.11606 Not tainted syzkaller #0 PREEMPT(full) [ 1744.252980][ T3773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1744.252992][ T3773] Call Trace: [ 1744.253001][ T3773] [ 1744.253010][ T3773] dump_stack_lvl+0x189/0x250 [ 1744.253043][ T3773] ? __pfx____ratelimit+0x10/0x10 [ 1744.253070][ T3773] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1744.253099][ T3773] ? __pfx__printk+0x10/0x10 [ 1744.253133][ T3773] ? __pfx___might_resched+0x10/0x10 [ 1744.253154][ T3773] ? fs_reclaim_acquire+0x7d/0x100 [ 1744.253192][ T3773] should_fail_ex+0x414/0x560 [ 1744.253217][ T3773] should_failslab+0xa8/0x100 [ 1744.253240][ T3773] __kmalloc_noprof+0xcb/0x7f0 [ 1744.253258][ T3773] ? tomoyo_encode+0x28b/0x550 [ 1744.253290][ T3773] tomoyo_encode+0x28b/0x550 [ 1744.253322][ T3773] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1744.253359][ T3773] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1744.253382][ T3773] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1744.253407][ T3773] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1744.253432][ T3773] ? sb_end_write+0xe9/0x1c0 [ 1744.253457][ T3773] ? vfs_write+0x956/0xb30 [ 1744.253511][ T3773] ? ksys_write+0x1e1/0x250 [ 1744.253537][ T3773] security_file_ioctl+0xcb/0x2d0 [ 1744.253561][ T3773] __se_sys_ioctl+0x47/0x170 [ 1744.253583][ T3773] do_syscall_64+0xfa/0xfa0 [ 1744.253606][ T3773] ? lockdep_hardirqs_on+0x9c/0x150 [ 1744.253648][ T3773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1744.253665][ T3773] ? clear_bhb_loop+0x60/0xb0 [ 1744.253689][ T3773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1744.253727][ T3773] RIP: 0033:0x7fd37138ebe9 [ 1744.253744][ T3773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1744.253760][ T3773] RSP: 002b:00007fd3722c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1744.253779][ T3773] RAX: ffffffffffffffda RBX: 00007fd3715c5fa0 RCX: 00007fd37138ebe9 [ 1744.253792][ T3773] RDX: 0000000000000000 RSI: 0000000040047459 RDI: 0000000000000006 [ 1744.253803][ T3773] RBP: 00007fd3722c4090 R08: 0000000000000000 R09: 0000000000000000 [ 1744.253814][ T3773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1744.253824][ T3773] R13: 00007fd3715c6038 R14: 00007fd3715c5fa0 R15: 00007ffe6550b6d8 [ 1744.253871][ T3773] [ 1744.253891][ T3773] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1744.561306][ T3781] 9pnet_fd: Insufficient options for proto=fd [ 1744.910063][ T5872] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 1745.037035][ T3797] fuse: Unknown parameter 'group_i00000000000000000000' [ 1745.060139][ T5872] usb 3-1: Using ep0 maxpacket: 32 [ 1745.092698][ T5872] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1745.120565][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1745.161191][ T5872] usb 3-1: config 0 descriptor?? [ 1745.280121][ T9776] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1745.372143][ T5872] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 1745.430040][ T9776] usb 4-1: Using ep0 maxpacket: 32 [ 1745.442291][ T9776] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1745.459992][ T9776] usb 4-1: config 0 has no interface number 0 [ 1745.467005][ T9776] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1745.510015][ T9776] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1745.540023][ T9776] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1745.549094][ T9776] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1745.586626][ T9776] usb 4-1: config 0 descriptor?? [ 1746.056888][ T3804] netlink: 'syz.6.11618': attribute type 1 has an invalid length. [ 1746.079374][ T3804] netlink: 228 bytes leftover after parsing attributes in process `syz.6.11618'. [ 1746.216358][ T9776] uclogic 0003:28BD:0094.004A: pen parameters not found [ 1746.246117][ T9776] uclogic 0003:28BD:0094.004A: interface is invalid, ignoring [ 1746.427483][ T5921] usb 4-1: USB disconnect, device number 19 [ 1746.638451][ T3818] CUSE: unknown device info "" [ 1746.649840][ T3818] CUSE: zero length info key specified [ 1749.833423][ T5183] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 1749.912903][ T3871] ================================================================== [ 1749.921019][ T3871] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0 [ 1749.929460][ T3871] Read of size 8 at addr ffff88805b27cbe0 by task syz.5.11641/3871 [ 1749.937386][ T3871] [ 1749.939754][ T3871] CPU: 1 UID: 0 PID: 3871 Comm: syz.5.11641 Not tainted syzkaller #0 PREEMPT(full) [ 1749.939781][ T3871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1749.939797][ T3871] Call Trace: [ 1749.939807][ T3871] [ 1749.939833][ T3871] dump_stack_lvl+0x189/0x250 [ 1749.939870][ T3871] ? __kasan_check_byte+0x12/0x40 [ 1749.939897][ T3871] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1749.939931][ T3871] ? lock_release+0x4b/0x3e0 [ 1749.939958][ T3871] ? __virt_addr_valid+0x4a5/0x5c0 [ 1749.939994][ T3871] print_report+0xca/0x240 [ 1749.940017][ T3871] ? change_page_attr_set_clr+0x625/0xfc0 [ 1749.940041][ T3871] kasan_report+0x118/0x150 [ 1749.940068][ T3871] ? change_page_attr_set_clr+0x625/0xfc0 [ 1749.940098][ T3871] change_page_attr_set_clr+0x625/0xfc0 [ 1749.940127][ T3871] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 1749.940152][ T3871] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 1749.940187][ T3871] ? memtype_reserve+0x874/0xb30 [ 1749.940230][ T3871] _set_pages_array+0x145/0x270 [ 1749.940260][ T3871] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 1749.940296][ T3871] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 1749.940355][ T3871] drm_gem_shmem_pin_locked+0x22c/0x460 [ 1749.940386][ T3871] ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10 [ 1749.940420][ T3871] ? ww_mutex_lock+0x3f/0x1c0 [ 1749.940454][ T3871] drm_gem_map_attach+0x19c/0x1f0 [ 1749.940486][ T3871] dma_buf_dynamic_attach+0x1e7/0x3d0 [ 1749.940515][ T3871] ? __fget_files+0x3a0/0x420 [ 1749.940544][ T3871] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 1749.940578][ T3871] drm_gem_shmem_prime_import_no_map+0xc1/0x2f0 [ 1749.940611][ T3871] ? drm_gem_prime_fd_to_handle+0x185/0x4d0 [ 1749.940642][ T3871] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 1749.940674][ T3871] drm_gem_prime_fd_to_handle+0x196/0x4d0 [ 1749.940708][ T3871] drm_ioctl_kernel+0x2cc/0x390 [ 1749.940733][ T3871] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 1749.940764][ T3871] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 1749.940792][ T3871] drm_ioctl+0x67f/0xb10 [ 1749.940819][ T3871] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 1749.940852][ T3871] ? __pfx_drm_ioctl+0x10/0x10 [ 1749.940883][ T3871] ? __fget_files+0x3a0/0x420 [ 1749.940910][ T3871] ? __fget_files+0x2a/0x420 [ 1749.940939][ T3871] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1749.940983][ T3871] ? __pfx_drm_ioctl+0x10/0x10 [ 1749.941006][ T3871] __se_sys_ioctl+0xfc/0x170 [ 1749.941026][ T3871] do_syscall_64+0xfa/0xfa0 [ 1749.941053][ T3871] ? lockdep_hardirqs_on+0x9c/0x150 [ 1749.941080][ T3871] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1749.941100][ T3871] ? clear_bhb_loop+0x60/0xb0 [ 1749.941122][ T3871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1749.941141][ T3871] RIP: 0033:0x7f1e5c38ebe9 [ 1749.941159][ T3871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1749.941177][ T3871] RSP: 002b:00007f1e5d204038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1749.941198][ T3871] RAX: ffffffffffffffda RBX: 00007f1e5c5c5fa0 RCX: 00007f1e5c38ebe9 [ 1749.941214][ T3871] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000005 [ 1749.941228][ T3871] RBP: 00007f1e5c411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1749.941240][ T3871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1749.941251][ T3871] R13: 00007f1e5c5c6038 R14: 00007f1e5c5c5fa0 R15: 00007ffed0122108 [ 1749.941274][ T3871] [ 1749.941281][ T3871] [ 1750.274435][ T3871] Allocated by task 3871: [ 1750.278770][ T3871] kasan_save_track+0x3e/0x80 [ 1750.283459][ T3871] __kasan_kmalloc+0x93/0xb0 [ 1750.288063][ T3871] __kvmalloc_node_noprof+0x5cd/0x910 [ 1750.293441][ T3871] drm_gem_get_pages+0x166/0xa20 [ 1750.298372][ T3871] drm_gem_shmem_get_pages_locked+0x201/0x440 [ 1750.304436][ T3871] drm_gem_shmem_pin_locked+0x22c/0x460 [ 1750.309981][ T3871] drm_gem_map_attach+0x19c/0x1f0 [ 1750.315005][ T3871] dma_buf_dynamic_attach+0x1e7/0x3d0 [ 1750.320373][ T3871] drm_gem_shmem_prime_import_no_map+0xc1/0x2f0 [ 1750.326628][ T3871] drm_gem_prime_fd_to_handle+0x196/0x4d0 [ 1750.332360][ T3871] drm_ioctl_kernel+0x2cc/0x390 [ 1750.337217][ T3871] drm_ioctl+0x67f/0xb10 [ 1750.341463][ T3871] __se_sys_ioctl+0xfc/0x170 [ 1750.346044][ T3871] do_syscall_64+0xfa/0xfa0 [ 1750.350546][ T3871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1750.356429][ T3871] [ 1750.358743][ T3871] The buggy address belongs to the object at ffff88805b27c000 [ 1750.358743][ T3871] which belongs to the cache kmalloc-4k of size 4096 [ 1750.372791][ T3871] The buggy address is located 0 bytes to the right of [ 1750.372791][ T3871] allocated 3040-byte region [ffff88805b27c000, ffff88805b27cbe0) [ 1750.387371][ T3871] [ 1750.389690][ T3871] The buggy address belongs to the physical page: [ 1750.396096][ T3871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b278 [ 1750.404843][ T3871] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1750.413349][ T3871] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1750.420889][ T3871] page_type: f5(slab) [ 1750.424867][ T3871] raw: 00fff00000000040 ffff88801a842140 dead000000000100 dead000000000122 [ 1750.433460][ T3871] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 1750.442038][ T3871] head: 00fff00000000040 ffff88801a842140 dead000000000100 dead000000000122 [ 1750.450707][ T3871] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 1750.459366][ T3871] head: 00fff00000000003 ffffea00016c9e01 00000000ffffffff 00000000ffffffff [ 1750.468030][ T3871] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1750.476693][ T3871] page dumped because: kasan: bad access detected [ 1750.483135][ T3871] page_owner tracks the page as allocated [ 1750.488836][ T3871] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 996, tgid 996 (kworker/u8:5), ts 748971851314, free_ts 748871459621 [ 1750.509578][ T3871] post_alloc_hook+0x240/0x2a0 [ 1750.514336][ T3871] get_page_from_freelist+0x21e4/0x22c0 [ 1750.519873][ T3871] __alloc_frozen_pages_noprof+0x181/0x370 [ 1750.525671][ T3871] alloc_pages_mpol+0x232/0x4a0 [ 1750.530522][ T3871] allocate_slab+0x8a/0x330 [ 1750.535029][ T3871] ___slab_alloc+0xbd1/0x13f0 [ 1750.539723][ T3871] __slab_alloc+0x55/0xa0 [ 1750.544043][ T3871] __kmalloc_node_track_caller_noprof+0x5c7/0x800 [ 1750.550453][ T3871] kmalloc_reserve+0x136/0x290 [ 1750.555214][ T3871] __alloc_skb+0x142/0x2d0 [ 1750.559625][ T3871] nsim_dev_trap_report_work+0x29a/0xb80 [ 1750.565247][ T3871] process_scheduled_works+0xae1/0x17b0 [ 1750.570788][ T3871] worker_thread+0x8a0/0xda0 [ 1750.575379][ T3871] kthread+0x70e/0x8a0 [ 1750.579449][ T3871] ret_from_fork+0x47c/0x820 [ 1750.584036][ T3871] ret_from_fork_asm+0x1a/0x30 [ 1750.588801][ T3871] page last free pid 5883 tgid 5883 stack trace: [ 1750.595116][ T3871] __free_frozen_pages+0xbc4/0xd30 [ 1750.600228][ T3871] __put_partials+0x146/0x170 [ 1750.604901][ T3871] put_cpu_partial+0x17c/0x250 [ 1750.609675][ T3871] __slab_free+0x2b9/0x390 [ 1750.614085][ T3871] qlist_free_all+0x97/0x140 [ 1750.618665][ T3871] kasan_quarantine_reduce+0x148/0x160 [ 1750.624112][ T3871] __kasan_slab_alloc+0x22/0x80 [ 1750.628957][ T3871] kmem_cache_alloc_noprof+0x367/0x6e0 [ 1750.634405][ T3871] getname_flags+0xb8/0x540 [ 1750.638907][ T3871] do_sys_openat2+0xbc/0x1c0 [ 1750.643514][ T3871] __x64_sys_openat+0x138/0x170 [ 1750.648355][ T3871] do_syscall_64+0xfa/0xfa0 [ 1750.652856][ T3871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1750.658740][ T3871] [ 1750.661053][ T3871] Memory state around the buggy address: [ 1750.666677][ T3871] ffff88805b27ca80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1750.674737][ T3871] ffff88805b27cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1750.682791][ T3871] >ffff88805b27cb80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 1750.690837][ T3871] ^ [ 1750.698019][ T3871] ffff88805b27cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1750.706071][ T3871] ffff88805b27cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1750.714122][ T3871] ================================================================== [ 1750.722265][ C1] vkms_vblank_simulate: vblank timer overrun [ 1750.740242][ T3871] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1750.747467][ T3871] CPU: 0 UID: 0 PID: 3871 Comm: syz.5.11641 Not tainted syzkaller #0 PREEMPT(full) [ 1750.756840][ T3871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1750.766901][ T3871] Call Trace: [ 1750.770179][ T3871] [ 1750.773103][ T3871] dump_stack_lvl+0x99/0x250 [ 1750.777702][ T3871] ? __asan_memcpy+0x40/0x70 [ 1750.782309][ T3871] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1750.787521][ T3871] ? __pfx__printk+0x10/0x10 [ 1750.792122][ T3871] vpanic+0x237/0x6d0 [ 1750.796101][ T3871] ? __pfx_vpanic+0x10/0x10 [ 1750.800603][ T3871] ? preempt_schedule+0xae/0xc0 [ 1750.805454][ T3871] ? __pfx_preempt_schedule+0x10/0x10 [ 1750.810824][ T3871] panic+0xb9/0xc0 [ 1750.814537][ T3871] ? __pfx_panic+0x10/0x10 [ 1750.818948][ T3871] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 1750.824844][ T3871] ? change_page_attr_set_clr+0x625/0xfc0 [ 1750.830556][ T3871] check_panic_on_warn+0x89/0xb0 [ 1750.835487][ T3871] ? change_page_attr_set_clr+0x625/0xfc0 [ 1750.841226][ T3871] end_report+0x78/0x160 [ 1750.845468][ T3871] kasan_report+0x129/0x150 [ 1750.849971][ T3871] ? change_page_attr_set_clr+0x625/0xfc0 [ 1750.855699][ T3871] change_page_attr_set_clr+0x625/0xfc0 [ 1750.861255][ T3871] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 1750.867324][ T3871] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 1750.873489][ T3871] ? memtype_reserve+0x874/0xb30 [ 1750.878437][ T3871] _set_pages_array+0x145/0x270 [ 1750.883287][ T3871] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 1750.889367][ T3871] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 1750.895968][ T3871] drm_gem_shmem_pin_locked+0x22c/0x460 [ 1750.901513][ T3871] ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10 [ 1750.907585][ T3871] ? ww_mutex_lock+0x3f/0x1c0 [ 1750.912275][ T3871] drm_gem_map_attach+0x19c/0x1f0 [ 1750.917304][ T3871] dma_buf_dynamic_attach+0x1e7/0x3d0 [ 1750.922696][ T3871] ? __fget_files+0x3a0/0x420 [ 1750.927399][ T3871] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 1750.934262][ T3871] drm_gem_shmem_prime_import_no_map+0xc1/0x2f0 [ 1750.940504][ T3871] ? drm_gem_prime_fd_to_handle+0x185/0x4d0 [ 1750.946401][ T3871] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 1750.953291][ T3871] drm_gem_prime_fd_to_handle+0x196/0x4d0 [ 1750.959022][ T3871] drm_ioctl_kernel+0x2cc/0x390 [ 1750.963873][ T3871] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 1750.970289][ T3871] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 1750.975672][ T3871] drm_ioctl+0x67f/0xb10 [ 1750.979921][ T3871] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 1750.986355][ T3871] ? __pfx_drm_ioctl+0x10/0x10 [ 1750.991127][ T3871] ? __fget_files+0x3a0/0x420 [ 1750.995827][ T3871] ? __fget_files+0x2a/0x420 [ 1751.000429][ T3871] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1751.005377][ T3871] ? __pfx_drm_ioctl+0x10/0x10 [ 1751.010140][ T3871] __se_sys_ioctl+0xfc/0x170 [ 1751.014728][ T3871] do_syscall_64+0xfa/0xfa0 [ 1751.019233][ T3871] ? lockdep_hardirqs_on+0x9c/0x150 [ 1751.024447][ T3871] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1751.030512][ T3871] ? clear_bhb_loop+0x60/0xb0 [ 1751.035187][ T3871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1751.041077][ T3871] RIP: 0033:0x7f1e5c38ebe9 [ 1751.045500][ T3871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1751.065129][ T3871] RSP: 002b:00007f1e5d204038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1751.073558][ T3871] RAX: ffffffffffffffda RBX: 00007f1e5c5c5fa0 RCX: 00007f1e5c38ebe9 [ 1751.081526][ T3871] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000005 [ 1751.089495][ T3871] RBP: 00007f1e5c411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1751.097469][ T3871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1751.105440][ T3871] R13: 00007f1e5c5c6038 R14: 00007f1e5c5c5fa0 R15: 00007ffed0122108 [ 1751.113424][ T3871] [ 1751.116746][ T3871] Kernel Offset: disabled [ 1751.121072][ T3871] Rebooting in 86400 seconds..