last executing test programs: 10.8528123s ago: executing program 2 (id=360): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r1 = getpid() syz_init_net_socket$netrom(0x6, 0x5, 0x0) r2 = syz_pidfd_open(r1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f0000000000)={0x3, 0x1000000000000000, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x0, 0x0, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 8.981643294s ago: executing program 2 (id=367): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r0 = getpid() syz_open_procfs(r0, &(0x7f0000000080)='net/ip_tables_names\x00') syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00') (fail_nth: 19) 7.645070436s ago: executing program 2 (id=371): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) r1 = mq_open(&(0x7f00000005c0)='eth0\x00#\x13\xaeu\xe0\xfb\x050*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\x19\xf1\xcce\xab\x80M\xc9\xcf\xaeR\xb69k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3\xff\a\x00\x00\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\aY\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3Cs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\x96{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\x03\x00\x00\x00y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\x8e\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9\xb3\x83\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|c\xf3\x8b\xc2E\x00\x00\x00\x00\x00\x00', 0x42, 0x0, 0x0) syz_io_uring_setup(0xd2, &(0x7f0000000880)={0x0, 0xdff9, 0x800, 0x1000}, &(0x7f0000000000)=0x0, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000200)='./bus\x00', 0x2000, 0x40) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="440000001000090400"/20, @ANYBLOB="020000000000000024001280110001006272696467655f736c617665000000000c00058005002b"], 0x44}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) bind$unix(r3, &(0x7f0000000980)=@file={0x1, './bus\x00'}, 0x6e) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="3400000011000100"/20, @ANYRES32=0x0, @ANYBLOB="0700c1267d8d70af9c2008010000040000140003006d6163766c616e300000000000000000a69e473d9b59c0d6d66c04"], 0x34}}, 0x4084) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs_stats\x00') pread64(r7, &(0x7f00000000c0)=""/75, 0x3a, 0x4000000006) r8 = socket$unix(0x1, 0x2, 0x0) bind$unix(r8, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000240)={'pimreg1\x00'}) sendto$unix(r8, 0x0, 0x0, 0x40000, &(0x7f0000000040)=@abs={0x1, 0x0, 0x4e20}, 0x6e) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x16) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) rmdir(&(0x7f0000000000)='.\x00') syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_CLOSE={0x13, 0x4e3b947d338dce40, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) syz_usb_connect(0x5, 0x3e3, &(0x7f0000000300)={{0x12, 0x1, 0x110, 0xee, 0x36, 0x37, 0x40, 0x12d6, 0x444, 0xe131, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3d1, 0x1, 0x2, 0xe3, 0x30, 0x8, [{{0x9, 0x4, 0x31, 0x6, 0xe, 0x93, 0x98, 0xe9, 0x0, [], [{{0x9, 0x5, 0xc, 0x0, 0x8, 0x2, 0x6, 0xa, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x8, 0x2}]}}, {{0x9, 0x5, 0x7, 0x10, 0x400, 0x2, 0x3, 0x40, [@generic={0x8, 0x2, "89ec02e92640"}]}}, {{0x9, 0x5, 0x5, 0x8, 0x40, 0x2, 0xc0, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x0, 0x7}, @generic={0xee, 0x6, "e48ae8b152f38a5e5acfba8482eeda9ae0c9f9e099a2b05b7d52b49240eafbfb0889e20e6d4159ebe0107d4132733e00c4c269ddd21ab39a63d1a3e5148476578fd4a9ef849a3ab967a5c0ddf4aae3aa0edc2d9e9a4f180d9141e4036ca3f41a402040a8311d04882b0071a8bdc8ea85f14bd9c38e3649abc9289382e76d8c0519fc43bb667063af462bc2afb0b7522e46e57c4d7d580ccccb31e5b87f5faacd41240c6189f50bf3b99f6c9a7652e756a5a1421077548e32736fb8bee631e77339d422c11df2e8481b799496d8820261c263ab9d0fa93a35d85e607bec6a84ca2d65fdd4b028b8485775806e"}]}}, {{0x9, 0x5, 0x8, 0xc, 0x400, 0x2, 0x6, 0x1, [@generic={0x45, 0xe, "b4eab4309829329986e3032e8f69b1fe05b621fbbbdb6ab00f692c0784c82c37725fd5c36b08cd890d08e039065fa4ef8c54020fe7f31e90372a1097729df8fe97de53"}]}}, {{0x9, 0x5, 0x4, 0x27d575c3f3565a82, 0x8, 0xea, 0x7a, 0x2}}, {{0x9, 0x5, 0xc, 0xc, 0x40, 0x3, 0x40, 0x0, [@generic={0x9, 0xe, "a708dd1f3af184"}]}}, {{0x9, 0x5, 0xc, 0x8, 0x200, 0x1, 0x80, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x7}]}}, {{0x9, 0x5, 0xe, 0x0, 0x3ff, 0x54, 0x2, 0x5, [@generic={0xf9, 0x21, "353453e91f2787b676b8f28b7bb0f7a085827b2838ee413a7eccedc74a99607ea1ec9d57d8566568b28678fe5d2547f88496e96e9ca906e01e0fd0c43d5a9571a6fda3519e4426534c3c39e1cc1e628eaeaae98f6cc7d448e75eb37cfd85aa508a69b10a789d87abb2c8fc635cb52d80430e0e20fa109bbcfe608b7b0732de73ea1543e5fd3c28cfe7f8eeb84457beb05cb133435e740e241dc273792ad351e7451f243d492637b652eb872e171f23a475ae3f8fbd4367feafd73cc15f95017a62218247e62a8fe8d8d7ce1e9807ee7b1baf1289a21f5e758aa1aab36ba0bd976aa0e31e23bce3524704048954ce87a17d4b536797afc0"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x40, 0x8, 0x3, 0x9}}, {{0x9, 0x5, 0x0, 0x10, 0x8, 0x5, 0x6, 0x5}}, {{0x9, 0x5, 0x9, 0x0, 0x8, 0x80, 0x4, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x2}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x2, 0xa9}]}}, {{0x9, 0x5, 0x0, 0x0, 0x20, 0x6, 0x3, 0x7, [@generic={0xda, 0x1, "53a73ea43e48ad814bb3864a31b020ff4e5d33e313b36b982661efab3935b5341071286a303af5c8074072ea2518d57d437bfdc0825818559b983858cb8d22558b91653ebcd2670e422e839e49d7cc58bcff7649ec13fa3de4b1b2b9aa9074f7d415ce4aa20240434977e563eb2f673ff60e5ff41dd37bc7b3cb28bba37a79d5fb6ccd82a643e681ee7482c191f308426ef7a891e934be3ef2a4e6f5fb1382cc882e9198ae486a66c4ca435d35f001f07fea4f1a76f7c341ed7e8ed3bd2ba69681ce23308a3bf6f4234b18a52480f14ba206233652fee4a1"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3b}]}}, {{0x9, 0x5, 0x8, 0x10, 0x40, 0xf7, 0x2, 0xee}}, {{0x9, 0x5, 0x0, 0x0, 0x40, 0x9, 0x8}}]}}]}}]}}, 0x0) 6.710649548s ago: executing program 0 (id=376): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r5, r0, &(0x7f0000000040)=0x64, 0x23b) 6.537837825s ago: executing program 0 (id=378): r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003ac9bcc20d118af1ebb5a01020301090224"], &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0}) socket$netlink(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000)=""/59, 0x3b) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) connect$ax25(0xffffffffffffffff, &(0x7f00000001c0)={{0x3, @default}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) r7 = syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x679a, 0x2000, 0x4, 0x3ce}, &(0x7f0000000040), &(0x7f0000000140)) io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000600)=ANY=[@ANYBLOB="400100001000010028bd7000ffdbdf25ac1414aa000000000000002d6b50794fc3db46010000000000000000000000004e23000020008000000020000c000020", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="64010101000000000000000000000000000000206c000000fe800000000000000000000000000023feffffffffffffff000000000000000000000000000000000100000000000008c802000000000100060000000000000000000000000004000000000000000000ffffffffff1f0000080000000000000000000000000000000400000000000000000000000900000000000000000000000000000002000100030000000000000008001f0004000000480003006465666c61746500"/248], 0x140}, 0x1, 0x0, 0x0, 0x4075}, 0x4800) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000100)=ANY=[@ANYBLOB="0012955c32a4e687"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.520667409s ago: executing program 4 (id=383): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan0\x00', 0x0}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r2) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEV(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x50, r3, 0x852dd6c070cd7e4d, 0x0, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r1}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa1}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x5000}]}, 0x50}, 0x4, 0x700000000000000}, 0x8850) 5.395583697s ago: executing program 4 (id=384): r0 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x5635, @mcast2, 0x4}}, [0x0, 0x40, 0x7ff, 0x5, 0xcd5, 0xb, 0xcfdd, 0x4, 0x3, 0x100000001, 0x7, 0x400, 0x9, 0x6, 0x7]}, &(0x7f0000000100)=0x100) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000140)={r1, @in6={{0xa, 0x4e22, 0x101, @empty, 0x3}}, 0x5, 0x3, 0x3, 0x3, 0x4}, &(0x7f0000000200)=0x98) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x20000000ed071, 0xffffffffffffffff, 0xfffff000) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000cc0)=[{&(0x7f0000000100)="03", 0x1}], 0x1, 0x0) sendto$inet6(r2, &(0x7f0000002240)="c36a80bab881fe25ed859032881a439e113b37e1678cc3b8877fbc71351bfc495a53716c481891f73440741d4bd2ff08", 0x30, 0x200040c4, &(0x7f0000002280)={0xa, 0x4e24, 0x7fffffff, @private1={0xfc, 0x1, '\x00', 0x1}, 0x1}, 0x1c) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0) 5.272803055s ago: executing program 4 (id=385): r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x1e2e81) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, 0x0) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000080)=@fragment={0x87, 0x0, 0x0, 0x1, 0x0, 0x6, 0x68}, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x1}, 0x8) sendto$inet6(r3, &(0x7f0000000240)='\f', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x100}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f00000002c0), 0x8) bpf$MAP_CREATE(0x0, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 2.676943782s ago: executing program 4 (id=386): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101040, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x40, 0x9, {}, {0x2, 0x2, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000180)=@mmap={0x1, 0x2, 0x4, 0xfffffffffffffffe, 0x9, {}, {0x4, 0x8, 0x8, 0x5, 0x29, 0xd, "0adb3fb8"}, 0xffff}) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) 2.397643651s ago: executing program 1 (id=387): openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket(0x1e, 0x1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4040095}, 0x8010) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f0000000000)={0xbc00000000000000}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0xc048aec8, &(0x7f0000000080)={0xfdfdffff, 0x12c, @ioapic={0xf000, 0x3fd4ff7f, 0xa, 0x8, 0x0, [{0x3a, 0x2, 0x2, '\x00', 0x6}, {0xb1, 0x81, 0x3, '\x00', 0x1b}, {0xf1, 0xb, 0x7, '\x00', 0xff}, {0x2, 0x1, 0x20, '\x00', 0x7f}, {0x2, 0x3, 0xc, '\x00', 0x5}, {0x5, 0x3, 0xe4, '\x00', 0xc3}, {0x2, 0xb, 0x5, '\x00', 0x80}, {0xe, 0x8, 0x8, '\x00', 0x8}, {0x6, 0x5, 0x0, '\x00', 0xff}, {0x5d, 0x0, 0xff, '\x00', 0xf3}, {0x9, 0x10, 0x7f, '\x00', 0x9}, {0xa0, 0x3, 0x2, '\x00', 0xb}, {0x4, 0xb8, 0x8, '\x00', 0x2}, {0x1c, 0xfb, 0x8, '\x00', 0xf8}, {0xe, 0x5, 0x2, '\x00', 0x7}, {0x0, 0x5, 0x6, '\x00', 0x3}, {0x2d, 0x0, 0x8, '\x00', 0x5d}, {0x7, 0x30, 0x6, '\x00', 0x6}, {0x6, 0x6, 0x6, '\x00', 0x77}, {0xeb, 0xfd, 0xc, '\x00', 0x4}, {0x5, 0x4b, 0x7, '\x00', 0x1}, {0x0, 0x5, 0x8, '\x00', 0x6}, {0xb, 0x74, 0x1, '\x00', 0xba}, {0x7, 0x7, 0x2, '\x00', 0x2}]}}) r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff) socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$FOU_CMD_ADD(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, r8, 0x1}, 0x14}}, 0x0) sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x24}}, 0x0) sendmsg$FOU_CMD_DEL(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r8, 0x1}, 0x14}}, 0x0) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, 0x0, 0x4001080) read$msr(0xffffffffffffffff, &(0x7f0000000500)=""/203, 0xcb) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) unshare(0xa020800) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) 2.396845161s ago: executing program 2 (id=388): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r0 = getpid() r1 = syz_open_procfs(r0, &(0x7f0000000080)='net/ip_tables_names\x00') r2 = syz_open_dev$sndctrl(&(0x7f0000000500), 0x1, 0x280) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f00000000c0)=0x81) r3 = getpgid(0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000340)={{0xffffffff, 0x0, 0x0, 0xfffffffc, 'syz0\x00'}, 0x2, 0x2, 0x8, r3, 0x0, 0xff, 'syz1\x00', 0x0, 0x1a}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0) ioctl$EVIOCGMASK(r5, 0x80104592, &(0x7f0000000300)={0x0, 0x2, &(0x7f0000000200)="952b"}) write$binfmt_script(r1, &(0x7f0000000540)={'#! ', './file0/file0', [{}, {0x20, 'syz1\x00'}, {0x20, '/dev/snd/controlC#\x00'}, {0x20, '\x00'}, {0x20, '.'}], 0xa, "5ed4e2ec4bca903b20d9cfcb3968c293459ebef74d88ffac721ec13dfeb0d7337346041a5b9da447b04691ec684f395c4e959d000157b99771b842b521084b1d991ece3018a0ff490e3acb4aea69406f2fe396ddf19b815863e9399a8ee717bcd678ed9255704b5410d2507f584ff44955e28b42c505cc39b2cab190460baecd80bc4069827e504a067c56c3bbc65286611e4185d4847f879fd36c02d640231fb53b7baaa76daf42d198fc2e7d1dc86f88f7808e01ca5f61568bcbc3ae1a545b4e2b805415e45f0543331e0b6de9a29b5ce472c239c95d21be47d7b27dd0c9365bb56c8a13ccd4d152f5c4"}, 0x11b) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00') 2.276789132s ago: executing program 3 (id=389): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580), 0x0, 0x0, 0x0}) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r5, r0, &(0x7f0000000040)=0x64, 0x23b) 2.269911084s ago: executing program 0 (id=390): r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x1e2e81) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, 0x0) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000080)=@fragment={0x87, 0x0, 0x0, 0x1, 0x0, 0x6, 0x68}, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x1}, 0x8) sendto$inet6(r3, &(0x7f0000000240)='\f', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x100}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f00000002c0), 0x8) bpf$MAP_CREATE(0x0, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 2.138497118s ago: executing program 2 (id=391): sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, 0x0, 0x4008000) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x1, 0x2, 0x10000000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40021}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x68, 0x0, 0x0, 0x2, 0x0, @private=0xa010101, @broadcast}, @timestamp_reply={0x11, 0xe0, 0x0, 0x0, 0x0, 0x62ea0000}}}}}, 0x0) syz_usb_connect(0x2, 0x24, 0x0, 0x0) 1.923619685s ago: executing program 3 (id=392): syz_usbip_server_init(0x1) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = open_tree(0xffffffffffffff9c, 0x0, 0x89901) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f00000001c0)="ae6b58384eb52649965e36c7d9ac43f97e7504d8fb02b26033234cd0554f9023073878515e19d537b14f2c9c7c710ecd5eb386489dd6fdb063011fd596e9b2f3e235420264b4a3af71f36fdf698da5bcff7b6b9a3dabe2f1fe4b0fbb98a2231c00e449e04186be9aa50e55cccd48fc6cdc8447a7fd7d80174dc253bcff51a2d2cb94ace3253a375f18566b2359372c3c9a2d19b8031529522439cc509abc79824d9b8feef76944c47a43df7d4d221d4fa270e26575c5ad4ca4c30b62e8e335ed519898b6a5273d88fade1e748db33060714e2de7389fad6581fdd98dae881ee6ea04e736e9c22e42cee7dd25d4dc38f934bf0ef72acf8b7002263d68fa2f40", &(0x7f0000000040)=@buf="e42ea65ec6330c52b74d3e2f0d116178b63fede3ea77e0f122478b7a0ba734511371ea17fcc011af4ef9a8e2daf4706d5c", 0x4}, 0x20) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(0xffffffffffffffff, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x0) read$FUSE(r1, &(0x7f0000002080)={0x2020}, 0x2020) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5f, 0x1) 1.725142716s ago: executing program 0 (id=393): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x812, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r1}, 0x8) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r2}, @call={0x85, 0x0, 0x0, 0x2b}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r1, r3, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000300)=@tcp=r0}, 0x20) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket(0x18, 0x5, 0x0) splice(r5, &(0x7f0000000040)=0x7, r4, 0x0, 0x3, 0x9) shutdown(r0, 0x1) 1.681642614s ago: executing program 1 (id=394): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x10a, 0x2}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x568bb2d9, 0x0) bind$802154_raw(0xffffffffffffffff, &(0x7f0000001440)={0x24, @short={0x2, 0x2, 0xffff}}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_udp(0x2, 0x2, 0x0) io_uring_setup(0x4edd, &(0x7f0000000080)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x4}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x20, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0xc, 0x1a, 0x0, 0x0, @u64=0x9}]}, 0x20}, 0x1, 0x0, 0x0, 0x2406c089}, 0x20000000) 1.116953572s ago: executing program 1 (id=395): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan0\x00', 0x0}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r2) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEV(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x50, r3, 0x852dd6c070cd7e4d, 0x0, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r1}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa1}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x5000}]}, 0x50}, 0x4, 0x700000000000000}, 0x8850) 1.11644065s ago: executing program 0 (id=396): r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x1e2e81) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, 0x0) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000080)=@fragment={0x87, 0x0, 0x0, 0x1, 0x0, 0x6, 0x68}, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x1}, 0x8) sendto$inet6(r3, &(0x7f0000000240)='\f', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x100}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f00000002c0), 0x8) bpf$MAP_CREATE(0x0, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1.106659033s ago: executing program 3 (id=397): r0 = eventfd2(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='net/ip6_tables_matches\x00') r2 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r3 = fcntl$dupfd(r2, 0x0, r1) write$binfmt_script(r3, &(0x7f0000000000)={'#! ', '', [], 0xa, "ddcce23254e1cac827b6609853fb821816d25ee71564b5ba58a12f6429faa84fc56e962f468cd666c2f9dbef0fa7f387dc0afc5a8cd158578a2d2097e127cd178ad4615a4690df3111e0050d8f78055b3131277f2470c72260582522952762"}, 0x63) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0) chroot(&(0x7f0000000300)='./file0\x00') mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0\x00') syz_open_dev$tty1(0xc, 0x4, 0x2) recvfrom$inet_nvme(r3, &(0x7f00000000c0)=""/209, 0xd1, 0x0, &(0x7f0000000200)=@qipcrtr={0x2a, 0x2, 0x4000}, 0x80) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000001c0), r4) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x4000, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB='Y\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100fffffdff00000000010000000c0002000400000000000000100007800c00018008000100", @ANYRES32=r5, @ANYBLOB="0c0005002700000000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x8040}, 0x20000000) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18, r0, {0xee00, 0xee00}}, './file0\x00'}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@index_off}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1.056843484s ago: executing program 4 (id=398): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000003c0007010000000000400000037c00000400fc80100001805fd05a607f"], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r5, 0x80044584, 0xfffffffffffffffe) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) r6 = epoll_create1(0x0) r7 = syz_open_dev$media(&(0x7f0000000180), 0x3e, 0x40) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f0000000240)={0x200b}) epoll_pwait(r6, &(0x7f0000000000)=[{}], 0x1, 0xa7f, 0x0, 0x0) mount_setattr(0xffffffffffffff9c, 0x0, 0x0, &(0x7f00000010c0)={0x95, 0x70, 0x20000}, 0x20) ioctl$KVM_RUN(r4, 0xae80, 0x0) fchdir(r1) r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r8, &(0x7f0000000f80)=""/4096, 0x1000) 968.154003ms ago: executing program 0 (id=399): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) r1 = mq_open(&(0x7f00000005c0)='eth0\x00#\x13\xaeu\xe0\xfb\x050*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\x19\xf1\xcce\xab\x80M\xc9\xcf\xaeR\xb69k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3\xff\a\x00\x00\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\aY\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3Cs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\x96{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\x03\x00\x00\x00y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\x8e\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9\xb3\x83\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|c\xf3\x8b\xc2E\x00\x00\x00\x00\x00\x00', 0x42, 0x0, 0x0) syz_io_uring_setup(0xd2, &(0x7f0000000880)={0x0, 0xdff9, 0x800, 0x1000}, &(0x7f0000000000)=0x0, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000200)='./bus\x00', 0x2000, 0x40) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYRES32=r6, @ANYBLOB="020000000000000024001280110001006272696467655f736c617665000000000c00058005002b"], 0x44}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) bind$unix(r3, &(0x7f0000000980)=@file={0x1, './bus\x00'}, 0x6e) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="3400000011000100"/20, @ANYRES32=0x0, @ANYBLOB="0700c1267d8d70af9c2008010000040000140003006d6163766c616e300000000000000000a69e473d9b59c0d6d66c04"], 0x34}}, 0x4084) r8 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs_stats\x00') pread64(r8, &(0x7f00000000c0)=""/75, 0x3a, 0x4000000006) r9 = socket$unix(0x1, 0x2, 0x0) bind$unix(r9, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000240)={'pimreg1\x00'}) sendto$unix(r9, 0x0, 0x0, 0x40000, &(0x7f0000000040)=@abs={0x1, 0x0, 0x4e20}, 0x6e) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x16) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) rmdir(&(0x7f0000000000)='.\x00') syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_CLOSE={0x13, 0x4e3b947d338dce40, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) syz_usb_connect(0x5, 0x3e3, &(0x7f0000000300)={{0x12, 0x1, 0x110, 0xee, 0x36, 0x37, 0x40, 0x12d6, 0x444, 0xe131, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3d1, 0x1, 0x2, 0xe3, 0x30, 0x8, [{{0x9, 0x4, 0x31, 0x6, 0xe, 0x93, 0x98, 0xe9, 0x0, [], [{{0x9, 0x5, 0xc, 0x0, 0x8, 0x2, 0x6, 0xa, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x8, 0x2}]}}, {{0x9, 0x5, 0x7, 0x10, 0x400, 0x2, 0x3, 0x40, [@generic={0x8, 0x2, "89ec02e92640"}]}}, {{0x9, 0x5, 0x5, 0x8, 0x40, 0x2, 0xc0, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x0, 0x7}, @generic={0xee, 0x6, "e48ae8b152f38a5e5acfba8482eeda9ae0c9f9e099a2b05b7d52b49240eafbfb0889e20e6d4159ebe0107d4132733e00c4c269ddd21ab39a63d1a3e5148476578fd4a9ef849a3ab967a5c0ddf4aae3aa0edc2d9e9a4f180d9141e4036ca3f41a402040a8311d04882b0071a8bdc8ea85f14bd9c38e3649abc9289382e76d8c0519fc43bb667063af462bc2afb0b7522e46e57c4d7d580ccccb31e5b87f5faacd41240c6189f50bf3b99f6c9a7652e756a5a1421077548e32736fb8bee631e77339d422c11df2e8481b799496d8820261c263ab9d0fa93a35d85e607bec6a84ca2d65fdd4b028b8485775806e"}]}}, {{0x9, 0x5, 0x8, 0xc, 0x400, 0x2, 0x6, 0x1, [@generic={0x45, 0xe, "b4eab4309829329986e3032e8f69b1fe05b621fbbbdb6ab00f692c0784c82c37725fd5c36b08cd890d08e039065fa4ef8c54020fe7f31e90372a1097729df8fe97de53"}]}}, {{0x9, 0x5, 0x4, 0x27d575c3f3565a82, 0x8, 0xea, 0x7a, 0x2}}, {{0x9, 0x5, 0xc, 0xc, 0x40, 0x3, 0x40, 0x0, [@generic={0x9, 0xe, "a708dd1f3af184"}]}}, {{0x9, 0x5, 0xc, 0x8, 0x200, 0x1, 0x80, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x7}]}}, {{0x9, 0x5, 0xe, 0x0, 0x3ff, 0x54, 0x2, 0x5, [@generic={0xf9, 0x21, "353453e91f2787b676b8f28b7bb0f7a085827b2838ee413a7eccedc74a99607ea1ec9d57d8566568b28678fe5d2547f88496e96e9ca906e01e0fd0c43d5a9571a6fda3519e4426534c3c39e1cc1e628eaeaae98f6cc7d448e75eb37cfd85aa508a69b10a789d87abb2c8fc635cb52d80430e0e20fa109bbcfe608b7b0732de73ea1543e5fd3c28cfe7f8eeb84457beb05cb133435e740e241dc273792ad351e7451f243d492637b652eb872e171f23a475ae3f8fbd4367feafd73cc15f95017a62218247e62a8fe8d8d7ce1e9807ee7b1baf1289a21f5e758aa1aab36ba0bd976aa0e31e23bce3524704048954ce87a17d4b536797afc0"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x40, 0x8, 0x3, 0x9}}, {{0x9, 0x5, 0x0, 0x10, 0x8, 0x5, 0x6, 0x5}}, {{0x9, 0x5, 0x9, 0x0, 0x8, 0x80, 0x4, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x2}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x2, 0xa9}]}}, {{0x9, 0x5, 0x0, 0x0, 0x20, 0x6, 0x3, 0x7, [@generic={0xda, 0x1, "53a73ea43e48ad814bb3864a31b020ff4e5d33e313b36b982661efab3935b5341071286a303af5c8074072ea2518d57d437bfdc0825818559b983858cb8d22558b91653ebcd2670e422e839e49d7cc58bcff7649ec13fa3de4b1b2b9aa9074f7d415ce4aa20240434977e563eb2f673ff60e5ff41dd37bc7b3cb28bba37a79d5fb6ccd82a643e681ee7482c191f308426ef7a891e934be3ef2a4e6f5fb1382cc882e9198ae486a66c4ca435d35f001f07fea4f1a76f7c341ed7e8ed3bd2ba69681ce23308a3bf6f4234b18a52480f14ba206233652fee4a1"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3b}]}}, {{0x9, 0x5, 0x8, 0x10, 0x40, 0xf7, 0x2, 0xee}}, {{0x9, 0x5, 0x0, 0x0, 0x40, 0x9, 0x8}}]}}]}}]}}, 0x0) 937.002499ms ago: executing program 1 (id=400): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) (async) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) lsetxattr$security_capability(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000600)=@v3={0x3000000, [{0x4, 0x3}, {0xffff, 0xc4}]}, 0x18, 0x0) chdir(&(0x7f0000000140)='./bus\x00') r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000005c0)={0x2020}, 0x2020) (async) read$FUSE(0xffffffffffffffff, &(0x7f00000005c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@redirect_dir_off}, {@workdir={'workdir', 0x3d, './bus'}}], [{@subj_type={'subj_type', 0x3d, 'upperdir'}}, {@uid_gt={'uid>', r1}}, {@uid_lt={'uid<', r1}}, {@appraise_type}]}) (async) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@redirect_dir_off}, {@workdir={'workdir', 0x3d, './bus'}}], [{@subj_type={'subj_type', 0x3d, 'upperdir'}}, {@uid_gt={'uid>', r1}}, {@uid_lt={'uid<', r1}}, {@appraise_type}]}) chdir(&(0x7f0000000140)='./bus\x00') statx(r0, &(0x7f0000000240)='./file0\x00', 0x0, 0x2, &(0x7f0000000480)) (async) statx(r0, &(0x7f0000000240)='./file0\x00', 0x0, 0x2, &(0x7f0000000480)) r2 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) read$FUSE(r2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) mknodat$loop(r2, &(0x7f0000000200)='./bus\x00', 0x4, 0x0) r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'ip6tnl0\x00', 0x0}) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000000000904000002bd22f00009050303000000000009058aff", @ANYRESDEC=0x0], 0x0) (async) r6 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000000000904000002bd22f00009050303000000000009058aff", @ANYRESDEC=0x0], 0x0) syz_usb_control_io$cdc_ecm(r6, &(0x7f00000005c0)={0x14, 0x0, &(0x7f0000000580)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) (async) syz_usb_control_io$cdc_ecm(r6, &(0x7f00000005c0)={0x14, 0x0, &(0x7f0000000580)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x34, r4, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8, 0x1, r5}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x34}}, 0x0) (async) sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x34, r4, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8, 0x1, r5}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x34}}, 0x0) 831.066717ms ago: executing program 3 (id=401): pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x4f0700, 0xc3) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB='C\x00|']) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYBLOB="44338b03f1469462fddaf8193f38ce", @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRES64=r0, @ANYRES64, @ANYRESDEC=0x0]) r3 = open(&(0x7f00000000c0)='./file1\x00', 0x4a03b7, 0x0) write$FUSE_INIT(r2, &(0x7f0000002300)={0x50, 0xffffffffffffffda, 0x0, {0x7, 0x9, 0x7, 0x1838a0a, 0xfffe, 0x4, 0x0, 0x2, 0x0, 0x0, 0x20, 0xfffffffd}}, 0x50) r4 = add_key(&(0x7f0000000280)='big_key\x00', &(0x7f0000000640)={'syz', 0x1}, &(0x7f0000000680)="adfd7875ffa19e", 0x7, 0xfffffffffffffffc) keyctl$read(0xb, r4, &(0x7f00000009c0)=""/6, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) read$FUSE(r2, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002240)={0x10, 0xfffffffffffffffe, r5}, 0x10) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x200100, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xc0000009}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20181, 0x0) socketpair(0x18, 0x5, 0x1, &(0x7f0000000100)) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000300)={0x3ba, 0x0, 0x10000}) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x41, 0x3, 0x3, '\x00', 0x8}) ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f0000000880)={0x1, 0x7}) r9 = syz_open_dev$vbi(&(0x7f00000001c0), 0x2, 0x2) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f00000003c0)=0x1) ioctl$VIDIOC_S_AUDIO(r9, 0x40345622, &(0x7f0000003640)={0x0, "45ee5b5df4bf409af30639042ad9234d746d4220894e9e34673882f53a403c50", 0x2, 0x1}) r10 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) write$UHID_CREATE2(r10, 0x0, 0x138) accept$alg(0xffffffffffffffff, 0x0, 0x0) memfd_create(&(0x7f0000000200)='-\\\xee(-#!+\x00', 0x0) 734.886938ms ago: executing program 4 (id=402): syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010002a2b8d240bb2170200b87010203010902240001a00800040904c81e010103f70909050803ff030406090221072501", @ANYRES8=r0], 0x0) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r1, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@bcast, @default, @default, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}) 692.968805ms ago: executing program 1 (id=403): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x10a, 0x2}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x568bb2d9, 0x0) bind$802154_raw(0xffffffffffffffff, &(0x7f0000001440)={0x24, @short={0x2, 0x2, 0xffff}}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_udp(0x2, 0x2, 0x0) io_uring_setup(0x4edd, &(0x7f0000000080)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x4}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x20, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0xc, 0x1a, 0x0, 0x0, @u64=0x9}]}, 0x20}, 0x1, 0x0, 0x0, 0x2406c089}, 0x20000000) 461.276307ms ago: executing program 3 (id=404): getpid() r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="a0214effd345d5b5b4a6f76ba63c65ca9379f76e30399321acdf33aa3b7b58ef23c3"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5b, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000440)='io_uring_cqring_wait\x00', r0}, 0x18) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x1, 0x18382) writev(r1, &(0x7f0000000ac0)=[{&(0x7f0000000540)="0d59f22c6ccb69fae05ce4b227a0a37915b72b6bdab068f1166cc622469bfd0d644722894a93e3848e07513094bca7d2d96d65bbe7bca1cc7f516209042277ba6fe761ee0b59af15fd2e5d5db92f633238c51b0aaafd166fa907358fbbfb363bb37b9ec4", 0x64}, {&(0x7f00000005c0)="5eebb9ed2c5e7c5392f92a3c9ede84f5e4c1d04946f5aae7baa74123b675cc8ba1f4791abae68504ee00dfb317aece117fc64cd82bbe9d42dc5e5d60ef4ef9079a16f379e5b801370fc54f33", 0x4c}, {&(0x7f0000000640)="0bb872289882f2765235f20dddca230a4f674be0a8898b2d708a7164fe69450d7692eaae93ff8d73bdacae6530faad9ee6e3da774ae7fc37c67705260f51350553e6ea6986cf37757747e1c6ce15bd86f8c6b0945fa9034532cde20ec3469b42d9cc72", 0x63}, {&(0x7f00000006c0)="bb65587c14e2ddd32fbd6ddfb4209f443df09b076b2177de6d2ed5a66da2b111886bd88cc393f041df12615d1da6090aa0fd399fd4fdeee32c20c07086d77c8e942fc918be0618f5374f32afe250b2c30e8d1946870336dabfc66a5cf841e0941d611f5cd26f7d8f9346ca00750622ae56a9590227a0022d6c7af4f5eb825aad295c30100520c6617ac6554420fab60651c2e030", 0x94}, {&(0x7f0000000780)="20b9c06ca60b81cbfd2bd652c519d02b07ea59afe6dad438cec21b03bd0facad22b85620981f0afdf660c62284b626e82dd2f4de3a882e1bee6cdafe8f056f790cea3e22b7591b1ed829e0311b9573a6eb044525a0b427ca944168e3d40f75043bf6f32b97ebd80d694cafabf573bfda976227524776d5e2330c126f7d4133ffc1fd0c0c2dcce12c0a7b90a53a36be65890e74fdedf90af199a8655dc54734ccca136a540fbd1473530cb26247f9c72a5bae961aa1cc6a8aa42e37a9dfd0e971", 0xc0}, {&(0x7f0000000840)="41491ba873f95e0c9b7d8ea98d806ea34bf8634a717450c533f8ca382b654c35124951d70f27d0ce63c8e9898e0e871c90f12348df13dd8d8e68d5212b715e9035ff4b568a710188fd93abf6301bbc061f585ff9ae297a7f684bf0556f0a8cdf3d71b7241a2d78aad6abfe326322ee44f715123ac5e47b65b42364693d96fbe473a5866159da8caeb65ced665fc705f2d939aad200d6da61eff66ac8fab84e", 0xfffffffffffffe88}, {&(0x7f0000000900)="c94caabc0b949dd6e1ec402745465a777793619897bd3a1d5a72291fa5d9b93cf609d46fa6c9bf1de2722ead5fe4efe7a416c829424107ab61450f9a8f615ae75680da280f20ad3f8b154a89500b3004a31cbe77993e7f4555bd0dc69d87628ddd36ff460987b4bdc1adbda0b0127ff569bbedb1e9fa14079e0587fbaf434ab89b145bf9e02851f68cbb7a0a77ad922ff05be2b0250a6d", 0x97}, {&(0x7f00000009c0)="6cbb2e488c17c9a0d67443a6a64d6eed1762c191401750fe1998ff1bcf8597e2d1efe126631899408dcc8a99dc3bbb6de5025056e0b277dad271d6d1acfe4b015fcf9de339e3976ce7ef40ac75ba442bcab85d512894a03d67ab9c6cdf0ec8ad8619887298e4bb76d02bad2c2608c696d0e411fef7d96c011a6dd80f51ac838f0ff87d66de7a82758ac25fb942f043429ffc148413426a12f8414aa459c58d5c7e19ec829b4902c3eff209735d9d1f073113e0b4020e0e21141b90f3f4bcb48f51407c7ca21cddb1860a264434f3042f546feeefcfd862c0", 0xd8}], 0x8) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000180)={0x7, "3841eb5c9f20e3dea6b9da1cf61129690e2d0006000000f5ffffffffffffff00", 0xffffffffffffffff}) r3 = syz_open_procfs(0x0, &(0x7f00000020c0)='net/wireless\x00') preadv(r3, &(0x7f0000001540)=[{0x0}], 0x0, 0x0, 0xfffffe00) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f00000001c0)={"c67616bd15395390ab28700c5a23028bdfa7d486f9e78bb1ee5c42950990188f", r3}) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) r5 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}) r6 = syz_open_dev$usbfs(&(0x7f0000000040), 0x12, 0x80801) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x80805510, 0x0}) r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r7, 0xc0105500, &(0x7f0000000040)={0x1f, 0x0, 0xc771, 0x6, 0x0, 0xb6db, 0x0}) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/diskstats\x00', 0x0, 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r9, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10) sendfile(r9, r8, 0x0, 0x20000023893) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c) 68.845731ms ago: executing program 3 (id=405): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000040)={[0xd32]}, 0x8) read(r1, &(0x7f00000002c0)=""/183, 0xeb) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r5}, 0x10) pipe(0x0) 49.973499ms ago: executing program 1 (id=406): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x14b080, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCGPGRP(r3, 0x540f, 0x0) (async, rerun: 64) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async, rerun: 64) futex(&(0x7f0000000000)=0x1, 0x10d, 0x1, 0x0, 0x0, 0x0) (async) futex(0x0, 0x5, 0x10000, 0x0, &(0x7f0000000000), 0x0) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, 0x0) (async, rerun: 64) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0) fcntl$lock(r5, 0x7, &(0x7f0000000140)={0x1}) truncate(&(0x7f0000000040)='./file1\x00', 0x0) (async, rerun: 64) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x800, 0x0) (async, rerun: 64) rt_tgsigqueueinfo(0x0, 0x0, 0x1c, &(0x7f0000000200)={0xa, 0x2, 0x7}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x24, 0x0, &(0x7f0000000180)=[@decrefs={0x40046307, 0x3}, @enter_looper, @decrefs={0x40046307, 0x2}, @clear_death={0x400c630f, 0x1}], 0x7f, 0x0, &(0x7f0000000280)="580adc3f03dfd4fa6444e870096f4c201b18bab995d5a7fb841af0b2021b33388a0f608a076b19f5e3de4123e23f52c179b8c79f9144741c8eb18da9147622066ce703f73c245aa2785929d394b389533306f6457b3296e34cde68c93db0de68998836b690af3346cbb0ad5d344c148a5b823b55b71b5443b188aebb176fb5"}) (async, rerun: 64) fanotify_mark(r5, 0x0, 0x8000010, r5, &(0x7f0000000080)='./file1\x00') (rerun: 64) sendto$inet6(r5, &(0x7f0000000480)="89a6f9621062a86bf6733b084f7ead60bcdba9de02913122fa70b334424b2e0e9ca5e1d5351bbc1656f717a9c7e26a1d998ce140040d724ca87e1760e66cf62dc701ef26e4f26dcc74f54786b6938ab659bbeae38a8299a63252d2e4ce18a54418aa4d1859bacac22e1b48687735a55787f9dcd8110cc397fc9ffb58", 0x7c, 0x44840, &(0x7f0000000340)={0xa, 0x4e24, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}, 0xd}, 0x1c) (async) r7 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={0x0, 0x70}}, 0x0) (async, rerun: 64) r8 = socket$netlink(0x10, 0x3, 0x4) (rerun: 64) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async) r9 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$TIOCL_BLANKSCREEN(r9, 0x541c, &(0x7f0000000000)) (async) writev(r8, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23442e792945f64009400050028925aaa000000c611000000000000feff2c707f8f00ff", 0x58}], 0x1) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r7, 0xc0045540, &(0x7f0000000000)=0x1) (async) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000380)=ANY=[@ANYRES64=r8], 0x184}, 0x1, 0x0, 0x0, 0x40004}, 0x10000000) 0s ago: executing program 2 (id=407): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000065c0)={0x2020, 0x0, 0x0}, 0x204b) open(&(0x7f00000000c0)='./file1\x00', 0x37, 0x0) (fail_nth: 11) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x1030002}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) kernel console output (not intermixed with test programs): 0 [ 80.001290][ T5865] usb 2-1: config 0 descriptor?? [ 80.007477][ T6114] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22 [ 80.326317][ T6138] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 80.332864][ T6138] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 80.345515][ T6138] vhci_hcd vhci_hcd.0: Device attached [ 80.486633][ T6139] vhci_hcd: connection closed [ 80.487147][ T2199] vhci_hcd: stop threads [ 80.489465][ T5865] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd [ 80.493290][ T2199] vhci_hcd: release socket [ 80.493378][ T2199] vhci_hcd: disconnect device [ 80.529904][ T5876] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 80.537524][ T5865] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 80.559047][ T43] vhci_hcd: vhci_device speed not set [ 80.717495][ T6143] capability: warning: `syz.2.64' uses deprecated v2 capabilities in a way that may be insecure [ 80.741557][ T6143] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 81.549764][ T10] usb 5-1: USB disconnect, device number 3 [ 81.555858][ T5865] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 81.578216][ T5865] usb 2-1: USB disconnect, device number 3 [ 82.500143][ T5876] usb 4-1: Using ep0 maxpacket: 16 [ 82.551936][ T6152] fido_id[6152]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 82.554011][ T5876] usb 4-1: too many configurations: 60, using maximum allowed: 8 [ 82.589836][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 82.590487][ T30] audit: type=1400 audit(1750622266.050:240): avc: denied { unmount } for pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 82.647117][ T6156] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 82.654425][ T30] audit: type=1400 audit(1750622266.100:241): avc: denied { call } for pid=6153 comm="syz.4.68" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 82.724775][ T5876] usb 4-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9 [ 82.734577][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204 [ 82.759014][ T5876] usb 4-1: Product: syz [ 82.773050][ T5876] usb 4-1: Manufacturer: syz [ 82.838548][ T6162] netlink: 8 bytes leftover after parsing attributes in process `syz.4.68'. [ 83.107350][ T5876] usb 4-1: SerialNumber: syz [ 83.125397][ T5876] usb 4-1: config 0 descriptor?? [ 83.153092][ T5876] pwc: Philips SPC 880NC USB webcam detected. [ 83.194207][ T30] audit: type=1400 audit(1750622266.660:242): avc: denied { ioctl } for pid=6165 comm="syz.0.70" path="socket:[8655]" dev="sockfs" ino=8655 ioctlcmd=0x943a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 83.274919][ T5876] pwc: Warning: more than 1 configuration available. [ 83.292959][ T5876] pwc: Failed to set LED on/off time (-71) [ 83.316667][ T5876] pwc: send_video_command error -71 [ 83.332695][ T5876] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 83.349768][ T5865] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 83.349784][ T9] vhci_hcd: vhci_device speed not set [ 83.364763][ T5170] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 83.539520][ T30] audit: type=1400 audit(1750622267.000:243): avc: denied { remount } for pid=6169 comm="syz.3.72" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 83.566164][ T5876] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71 [ 83.594752][ T5876] usb 4-1: USB disconnect, device number 3 [ 83.653982][ T5865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.681373][ T5865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.704994][ T5865] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 83.710870][ T5170] usb 1-1: device descriptor read/64, error -71 [ 83.728115][ T5865] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 83.737516][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.749613][ T5865] usb 2-1: config 0 descriptor?? [ 83.920789][ T6180] random: crng reseeded on system resumption [ 83.965568][ T30] audit: type=1400 audit(1750622267.380:244): avc: denied { write } for pid=6178 comm="syz.4.75" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 84.004147][ T30] audit: type=1400 audit(1750622267.380:245): avc: denied { open } for pid=6178 comm="syz.4.75" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 84.030361][ T5170] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 84.144951][ T30] audit: type=1400 audit(1750622267.420:246): avc: denied { ioctl } for pid=6178 comm="syz.4.75" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x3311 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 84.318790][ T5170] usb 1-1: device descriptor read/64, error -71 [ 84.589930][ T5170] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 84.643939][ T5170] usb 1-1: device descriptor read/8, error -71 [ 84.707009][ T6185] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 84.713543][ T6185] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 84.728903][ T6185] vhci_hcd vhci_hcd.0: Device attached [ 84.873516][ T6186] vhci_hcd: connection closed [ 84.873865][ T2199] vhci_hcd: stop threads [ 84.883168][ T2199] vhci_hcd: release socket [ 84.887712][ T2199] vhci_hcd: disconnect device [ 85.323270][ T9] vhci_hcd: vhci_device speed not set [ 85.409806][ T5170] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 85.430561][ T5170] usb 1-1: device descriptor read/8, error -71 [ 85.602121][ T5883] usb 1-1: USB disconnect, device number 2 [ 85.749780][ T5883] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 85.781478][ T5865] usbhid 2-1:0.0: can't add hid device: -71 [ 85.791045][ T5865] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 85.819437][ T5865] usb 2-1: USB disconnect, device number 4 [ 85.881954][ T5883] usb 1-1: device descriptor read/64, error -71 [ 86.274962][ T30] audit: type=1400 audit(1750622269.420:247): avc: denied { ioctl } for pid=6194 comm="syz.1.79" path="socket:[8071]" dev="sockfs" ino=8071 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 86.550558][ T5883] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 86.710612][ T30] audit: type=1400 audit(1750622269.420:248): avc: denied { read } for pid=6194 comm="syz.1.79" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 86.949585][ T30] audit: type=1400 audit(1750622269.420:249): avc: denied { open } for pid=6194 comm="syz.1.79" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 87.113992][ T6211] Illegal XDP return value 4294967274 on prog (id 25) dev N/A, expect packet loss! [ 87.140888][ T6211] netlink: 'syz.1.83': attribute type 1 has an invalid length. [ 87.206274][ T6217] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2304 sclass=netlink_route_socket pid=6217 comm=syz.1.83 [ 87.219400][ T6217] netlink: 'syz.1.83': attribute type 1 has an invalid length. [ 87.462809][ T6220] fuse: Bad value for 'fd' [ 87.872867][ T6208] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 87.879949][ T6208] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 87.889315][ T6208] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 87.897121][ T6208] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 87.903313][ T6208] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 87.912342][ T6208] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 87.920018][ T6208] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 87.926016][ T6208] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 87.936045][ T6208] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 87.943904][ T6208] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 87.949930][ T6208] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 87.956653][ T6208] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 87.965348][ T6208] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 87.971776][ T6208] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 87.978433][ T6208] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 88.085690][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 88.085706][ T30] audit: type=1400 audit(1750622271.550:257): avc: denied { read } for pid=6225 comm="syz.1.88" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 88.239898][ T5883] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 88.309704][ T30] audit: type=1400 audit(1750622271.550:258): avc: denied { open } for pid=6225 comm="syz.1.88" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 88.704583][ T30] audit: type=1400 audit(1750622271.580:259): avc: denied { write } for pid=6225 comm="syz.1.88" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 88.728116][ T30] audit: type=1400 audit(1750622271.580:260): avc: denied { ioctl } for pid=6225 comm="syz.1.88" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x640d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 88.769849][ T5927] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 88.936745][ T5927] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 88.996849][ T5927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 89.090548][ T6238] netlink: 8 bytes leftover after parsing attributes in process `syz.2.91'. [ 89.107261][ T30] audit: type=1400 audit(1750622272.570:261): avc: denied { write } for pid=6236 comm="syz.1.92" name="ip6_tables_matches" dev="proc" ino=4026533322 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 89.130865][ C1] vkms_vblank_simulate: vblank timer overrun [ 89.178632][ T5883] usb 4-1: Using ep0 maxpacket: 32 [ 89.178777][ T5927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 89.183922][ T5814] Bluetooth: hci1: command 0x0c1a tx timeout [ 89.195031][ T5927] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 89.215387][ T5927] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 89.276732][ T5883] usb 4-1: config 0 has an invalid interface number: 99 but max is 0 [ 89.290600][ T6237] dvmrp0: entered allmulticast mode [ 89.296632][ T5883] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 89.313564][ T5883] usb 4-1: config 0 has no interface number 0 [ 89.326294][ T5883] usb 4-1: too many endpoints for config 0 interface 99 altsetting 0: 243, using maximum allowed: 30 [ 89.359793][ T5883] usb 4-1: config 0 interface 99 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 243 [ 89.378400][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.423196][ T5883] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 89.426587][ T5927] usb 1-1: config 0 descriptor?? [ 89.444798][ T6237] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1013 sclass=netlink_route_socket pid=6237 comm=syz.1.92 [ 89.457949][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.524613][ T6210] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 89.531989][ T5883] usb 4-1: Product: syz [ 89.572337][ T6237] binder: 6236:6237 ioctl 4018620d 0 returned -22 [ 89.589912][ T5883] usb 4-1: Manufacturer: syz [ 89.594585][ T5883] usb 4-1: SerialNumber: syz [ 89.606196][ T5883] usb 4-1: config 0 descriptor?? [ 89.645935][ T6239] binder: 6236:6239 ioctl c018620c 0 returned -14 [ 89.840398][ T6213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.855243][ T6213] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.949934][ T5814] Bluetooth: hci0: command 0x0c1a tx timeout [ 89.976658][ T5927] plantronics 0003:047F:FFFF.0004: reserved main item tag 0xd [ 89.987427][ T5927] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 89.999775][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout [ 90.005800][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 90.012238][ T5814] Bluetooth: hci3: command 0x0c1a tx timeout [ 90.097165][ T5927] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 90.248553][ T5927] usb 1-1: USB disconnect, device number 5 [ 90.864541][ T30] audit: type=1400 audit(1750622274.330:262): avc: denied { ioctl } for pid=6261 comm="syz.2.99" path="socket:[8828]" dev="sockfs" ino=8828 ioctlcmd=0x52c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 91.170304][ T5883] smsc95xx v2.0.0 [ 91.173973][ T5883] smsc95xx 4-1:0.99 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 91.663348][ T5825] Bluetooth: hci1: command 0x0c1a tx timeout [ 91.702055][ T5883] smsc95xx 4-1:0.99: probe with driver smsc95xx failed with error -22 [ 91.719604][ T5883] usb 4-1: USB disconnect, device number 4 [ 91.756763][ T30] audit: type=1400 audit(1750622275.210:263): avc: denied { name_bind } for pid=6268 comm="syz.2.102" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 91.794295][ T6272] netlink: 'syz.1.103': attribute type 33 has an invalid length. [ 91.923046][ T30] audit: type=1400 audit(1750622275.370:264): avc: denied { getopt } for pid=6268 comm="syz.2.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 92.075697][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 92.091085][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 92.091130][ T5814] Bluetooth: hci2: command 0x0c1a tx timeout [ 92.103158][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout [ 92.171702][ T6278] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 93.198723][ T6283] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 93.825117][ T5825] Bluetooth: hci1: command 0x0c1a tx timeout [ 93.945426][ T30] audit: type=1400 audit(1750622277.390:265): avc: denied { create } for pid=6284 comm="syz.4.110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 93.964848][ C1] vkms_vblank_simulate: vblank timer overrun [ 94.185889][ T5825] Bluetooth: hci2: command 0x0c1a tx timeout [ 94.194823][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 94.201045][ T5825] Bluetooth: hci4: command 0x0c1a tx timeout [ 94.204311][ T5814] Bluetooth: hci0: command 0x0c1a tx timeout [ 94.229739][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 94.234791][ T30] audit: type=1400 audit(1750622277.420:266): avc: denied { ioctl } for pid=6287 comm="syz.3.109" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=9224 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 94.374568][ T30] audit: type=1400 audit(1750622277.640:267): avc: denied { setopt } for pid=6284 comm="syz.4.110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 94.394574][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 94.401491][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 94.409486][ T9] usb 2-1: config 0 has no interface number 0 [ 94.452092][ T9] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 94.487461][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.494946][ T6300] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 94.536905][ T30] audit: type=1400 audit(1750622278.000:268): avc: denied { connect } for pid=6294 comm="syz.3.112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 94.568781][ T9] usb 2-1: Product: syz [ 94.582103][ T9] usb 2-1: Manufacturer: syz [ 94.589125][ T9] usb 2-1: SerialNumber: syz [ 94.610162][ T9] usb 2-1: config 0 descriptor?? [ 94.615241][ T30] audit: type=1400 audit(1750622278.000:269): avc: denied { bind } for pid=6294 comm="syz.3.112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 94.657468][ T9] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 94.666301][ T6307] FAULT_INJECTION: forcing a failure. [ 94.666301][ T6307] name failslab, interval 1, probability 0, space 0, times 0 [ 94.692242][ T6307] CPU: 1 UID: 0 PID: 6307 Comm: syz.0.114 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 94.692266][ T6307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.692276][ T6307] Call Trace: [ 94.692281][ T6307] [ 94.692287][ T6307] dump_stack_lvl+0x16c/0x1f0 [ 94.692317][ T6307] should_fail_ex+0x512/0x640 [ 94.692339][ T6307] ? fs_reclaim_acquire+0xae/0x150 [ 94.692357][ T6307] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 94.692380][ T6307] should_failslab+0xc2/0x120 [ 94.692405][ T6307] __kmalloc_noprof+0xd2/0x510 [ 94.692434][ T6307] tomoyo_realpath_from_path+0xc2/0x6e0 [ 94.692465][ T6307] tomoyo_check_open_permission+0x2ab/0x3c0 [ 94.692486][ T6307] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 94.692504][ T6307] ? look_up_lock_class+0x6b/0x150 [ 94.692553][ T6307] ? do_raw_spin_lock+0x12c/0x2b0 [ 94.692579][ T6307] tomoyo_file_open+0x6b/0x90 [ 94.692607][ T6307] security_file_open+0x84/0x1e0 [ 94.692630][ T6307] do_dentry_open+0x596/0x1c10 [ 94.692660][ T6307] vfs_open+0x82/0x3f0 [ 94.692689][ T6307] path_openat+0x1de4/0x2cb0 [ 94.692729][ T6307] ? __pfx_path_openat+0x10/0x10 [ 94.692759][ T6307] do_filp_open+0x20b/0x470 [ 94.692782][ T6307] ? __pfx_do_filp_open+0x10/0x10 [ 94.692827][ T6307] ? _raw_spin_unlock+0x28/0x50 [ 94.692848][ T6307] ? alloc_fd+0x471/0x7d0 [ 94.692880][ T6307] do_sys_openat2+0x11b/0x1d0 [ 94.692894][ T6307] ? __pfx_do_sys_openat2+0x10/0x10 [ 94.692912][ T6307] ? __fget_files+0x20e/0x3c0 [ 94.692941][ T6307] __x64_sys_open+0x153/0x1e0 [ 94.692957][ T6307] ? __pfx___x64_sys_open+0x10/0x10 [ 94.692980][ T6307] ? rcu_is_watching+0x12/0xc0 [ 94.693004][ T6307] do_syscall_64+0xcd/0x4c0 [ 94.693031][ T6307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.693047][ T6307] RIP: 0033:0x7f0d5b98e929 [ 94.693061][ T6307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.693076][ T6307] RSP: 002b:00007f0d5c8bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 94.693091][ T6307] RAX: ffffffffffffffda RBX: 00007f0d5bbb5fa0 RCX: 00007f0d5b98e929 [ 94.693102][ T6307] RDX: 0000000000000000 RSI: 0000000000000037 RDI: 00002000000000c0 [ 94.693111][ T6307] RBP: 00007f0d5c8bb090 R08: 0000000000000000 R09: 0000000000000000 [ 94.693121][ T6307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.693130][ T6307] R13: 0000000000000000 R14: 00007f0d5bbb5fa0 R15: 00007ffddfeae9e8 [ 94.693155][ T6307] [ 94.693162][ T6307] ERROR: Out of memory at tomoyo_realpath_from_path. [ 95.155611][ T5927] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 95.161352][ T30] audit: type=1400 audit(1750622278.630:270): avc: denied { read append } for pid=6311 comm="syz.3.117" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 95.187103][ T30] audit: type=1400 audit(1750622278.630:271): avc: denied { open } for pid=6311 comm="syz.3.117" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 95.311066][ T5927] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.322570][ T5927] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.332707][ T5927] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 95.345853][ T5927] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 95.355796][ T5927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.427812][ T5927] usb 3-1: config 0 descriptor?? [ 96.028635][ T6326] netlink: 8 bytes leftover after parsing attributes in process `syz.0.119'. [ 96.038508][ T9] gspca_spca1528: reg_w err -110 [ 96.043888][ T9] spca1528 2-1:0.1: probe with driver spca1528 failed with error -110 [ 96.196619][ T30] audit: type=1400 audit(1750622279.660:272): avc: denied { create } for pid=6330 comm="syz.3.120" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 96.227068][ T6335] netlink: 'syz.1.107': attribute type 1 has an invalid length. [ 96.317815][ T30] audit: type=1400 audit(1750622279.670:273): avc: denied { write } for pid=6330 comm="syz.3.120" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 96.338193][ T30] audit: type=1400 audit(1750622279.710:274): avc: denied { open } for pid=6334 comm="syz.4.122" path="/dev/ttyqd" dev="devtmpfs" ino=388 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 96.421093][ T6341] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 96.427617][ T6341] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 96.447641][ T6341] vhci_hcd vhci_hcd.0: Device attached [ 96.631522][ T6342] vhci_hcd: connection closed [ 96.631710][ T12] vhci_hcd: stop threads [ 96.643506][ T12] vhci_hcd: release socket [ 96.648106][ T12] vhci_hcd: disconnect device [ 96.679810][ T9] usb 39-1: new low-speed USB device number 4 using vhci_hcd [ 96.689004][ T9] usb 39-1: enqueue for inactive port 0 [ 96.732781][ T6347] netlink: 12 bytes leftover after parsing attributes in process `syz.0.124'. [ 96.819939][ T9] vhci_hcd: vhci_device speed not set [ 96.835815][ T6348] netlink: 8 bytes leftover after parsing attributes in process `syz.0.124'. [ 96.844713][ T6348] netlink: 20 bytes leftover after parsing attributes in process `syz.0.124'. [ 96.863119][ T6348] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 96.872240][ T6348] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 96.880962][ T6348] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 96.889672][ T6348] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.098329][ T6347] vlan2: entered allmulticast mode [ 97.105956][ T6347] veth1: entered allmulticast mode [ 98.342968][ T5927] usbhid 3-1:0.0: can't add hid device: -71 [ 98.361858][ T5927] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 98.414100][ T5927] usb 3-1: USB disconnect, device number 3 [ 98.509969][ T9] usb 2-1: USB disconnect, device number 5 [ 98.749079][ T6364] netlink: 'syz.0.129': attribute type 33 has an invalid length. [ 98.756991][ T6364] netlink: 152 bytes leftover after parsing attributes in process `syz.0.129'. [ 99.050284][ T6370] netlink: 8 bytes leftover after parsing attributes in process `syz.2.131'. [ 99.322718][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 99.322729][ T30] audit: type=1400 audit(1750622282.790:286): avc: denied { create } for pid=6377 comm="syz.2.132" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 99.361416][ T30] audit: type=1400 audit(1750622282.820:287): avc: denied { write } for pid=6377 comm="syz.2.132" name="file0" dev="tmpfs" ino=180 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 99.383606][ C0] vkms_vblank_simulate: vblank timer overrun [ 99.492715][ T30] audit: type=1400 audit(1750622282.820:288): avc: denied { open } for pid=6377 comm="syz.2.132" path="/30/file0" dev="tmpfs" ino=180 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 99.573884][ T30] audit: type=1400 audit(1750622282.820:289): avc: denied { ioctl } for pid=6377 comm="syz.2.132" path="/30/file0" dev="tmpfs" ino=180 ioctlcmd=0x4c05 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 99.604756][ T30] audit: type=1400 audit(1750622282.980:290): avc: denied { mounton } for pid=6377 comm="syz.2.132" path="/proc/100/task" dev="proc" ino=9192 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 100.619761][ T30] audit: type=1400 audit(1750622284.050:291): avc: denied { unlink } for pid=5818 comm="syz-executor" name="file0" dev="tmpfs" ino=180 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 100.684740][ T6392] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 100.691247][ T6392] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 100.726004][ T6392] vhci_hcd vhci_hcd.0: Device attached [ 100.887020][ T30] audit: type=1400 audit(1750622284.350:292): avc: denied { read write } for pid=6382 comm="syz.1.135" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 100.955313][ T30] audit: type=1400 audit(1750622284.360:293): avc: denied { open } for pid=6382 comm="syz.1.135" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 100.981406][ T5865] usb 39-1: new low-speed USB device number 5 using vhci_hcd [ 101.083668][ T30] audit: type=1400 audit(1750622284.420:294): avc: denied { read write } for pid=6405 comm="syz.0.139" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 101.109555][ T30] audit: type=1400 audit(1750622284.420:295): avc: denied { open } for pid=6405 comm="syz.0.139" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 101.646321][ T6398] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 101.674617][ T6393] vhci_hcd: connection reset by peer [ 101.674716][ T6398] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 101.686594][ T12] vhci_hcd: stop threads [ 101.687498][ T6398] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 101.697526][ T12] vhci_hcd: release socket [ 101.697793][ T6398] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 101.705427][ T12] vhci_hcd: disconnect device [ 101.719354][ T6398] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 101.969726][ T5927] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 102.149571][ T5927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.189231][ T6422] FAULT_INJECTION: forcing a failure. [ 102.189231][ T6422] name failslab, interval 1, probability 0, space 0, times 0 [ 102.201944][ T6422] CPU: 1 UID: 0 PID: 6422 Comm: syz.4.144 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 102.201966][ T6422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 102.201975][ T6422] Call Trace: [ 102.201981][ T6422] [ 102.201988][ T6422] dump_stack_lvl+0x16c/0x1f0 [ 102.202016][ T6422] should_fail_ex+0x512/0x640 [ 102.202037][ T6422] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 102.202063][ T6422] should_failslab+0xc2/0x120 [ 102.202087][ T6422] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 102.202108][ T6422] ? __alloc_skb+0x2b2/0x380 [ 102.202134][ T6422] __alloc_skb+0x2b2/0x380 [ 102.202155][ T6422] ? __pfx___alloc_skb+0x10/0x10 [ 102.202180][ T6422] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 102.202202][ T6422] netlink_alloc_large_skb+0x69/0x130 [ 102.202220][ T6422] netlink_sendmsg+0x6a1/0xdd0 [ 102.202241][ T6422] ? __pfx_netlink_sendmsg+0x10/0x10 [ 102.202268][ T6422] ____sys_sendmsg+0xa98/0xc70 [ 102.202286][ T6422] ? copy_msghdr_from_user+0x10a/0x160 [ 102.202309][ T6422] ? __pfx_____sys_sendmsg+0x10/0x10 [ 102.202329][ T6422] ? __lock_acquire+0xb8a/0x1c90 [ 102.202362][ T6422] ___sys_sendmsg+0x134/0x1d0 [ 102.202386][ T6422] ? __pfx____sys_sendmsg+0x10/0x10 [ 102.202407][ T6422] ? __lock_acquire+0x622/0x1c90 [ 102.202461][ T6422] __sys_sendmsg+0x16d/0x220 [ 102.202485][ T6422] ? __pfx___sys_sendmsg+0x10/0x10 [ 102.202524][ T6422] do_syscall_64+0xcd/0x4c0 [ 102.202550][ T6422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.202567][ T6422] RIP: 0033:0x7fa85bd8e929 [ 102.202581][ T6422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.202595][ T6422] RSP: 002b:00007fa859bb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 102.202611][ T6422] RAX: ffffffffffffffda RBX: 00007fa85bfb6160 RCX: 00007fa85bd8e929 [ 102.202622][ T6422] RDX: 0000000000004000 RSI: 0000200000000180 RDI: 0000000000000005 [ 102.202632][ T6422] RBP: 00007fa859bb4090 R08: 0000000000000000 R09: 0000000000000000 [ 102.202641][ T6422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.202651][ T6422] R13: 0000000000000000 R14: 00007fa85bfb6160 R15: 00007ffd3a970838 [ 102.202673][ T6422] [ 102.431027][ T5927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.442346][ T5927] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 102.458945][ T5927] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 102.468467][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.478126][ T5927] usb 1-1: config 0 descriptor?? [ 102.880061][ T5814] Bluetooth: hci1: command 0x0c1a tx timeout [ 103.760072][ T5825] Bluetooth: hci2: command 0x0c1a tx timeout [ 103.760072][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 103.766104][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout [ 103.766142][ T5814] Bluetooth: hci3: command 0x0c1a tx timeout [ 103.894026][ T6434] FAULT_INJECTION: forcing a failure. [ 103.894026][ T6434] name failslab, interval 1, probability 0, space 0, times 0 [ 103.915423][ T6441] netlink: 8 bytes leftover after parsing attributes in process `syz.1.150'. [ 103.942622][ T6434] CPU: 0 UID: 0 PID: 6434 Comm: syz.3.148 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 103.942645][ T6434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.942654][ T6434] Call Trace: [ 103.942660][ T6434] [ 103.942666][ T6434] dump_stack_lvl+0x16c/0x1f0 [ 103.942695][ T6434] should_fail_ex+0x512/0x640 [ 103.942712][ T6434] ? fs_reclaim_acquire+0xae/0x150 [ 103.942727][ T6434] ? tomoyo_encode2+0x100/0x3e0 [ 103.942744][ T6434] should_failslab+0xc2/0x120 [ 103.942766][ T6434] __kmalloc_noprof+0xd2/0x510 [ 103.942787][ T6434] tomoyo_encode2+0x100/0x3e0 [ 103.942807][ T6434] tomoyo_encode+0x29/0x50 [ 103.942823][ T6434] tomoyo_realpath_from_path+0x18f/0x6e0 [ 103.942854][ T6434] tomoyo_check_open_permission+0x2ab/0x3c0 [ 103.942871][ T6434] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 103.942886][ T6434] ? look_up_lock_class+0x6b/0x150 [ 103.942931][ T6434] ? do_raw_spin_lock+0x12c/0x2b0 [ 103.942952][ T6434] tomoyo_file_open+0x6b/0x90 [ 103.942974][ T6434] security_file_open+0x84/0x1e0 [ 103.942994][ T6434] do_dentry_open+0x596/0x1c10 [ 103.943019][ T6434] vfs_open+0x82/0x3f0 [ 103.943045][ T6434] path_openat+0x1de4/0x2cb0 [ 103.943071][ T6434] ? __pfx_path_openat+0x10/0x10 [ 103.943096][ T6434] do_filp_open+0x20b/0x470 [ 103.943114][ T6434] ? __pfx_do_filp_open+0x10/0x10 [ 103.943152][ T6434] ? _raw_spin_unlock+0x28/0x50 [ 103.943170][ T6434] ? alloc_fd+0x471/0x7d0 [ 103.943196][ T6434] do_sys_openat2+0x11b/0x1d0 [ 103.943208][ T6434] ? __pfx_do_sys_openat2+0x10/0x10 [ 103.943222][ T6434] ? __fget_files+0x20e/0x3c0 [ 103.943245][ T6434] __x64_sys_open+0x153/0x1e0 [ 103.943257][ T6434] ? __pfx___x64_sys_open+0x10/0x10 [ 103.943274][ T6434] ? rcu_is_watching+0x12/0xc0 [ 103.943293][ T6434] do_syscall_64+0xcd/0x4c0 [ 103.943316][ T6434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.943329][ T6434] RIP: 0033:0x7fefcf18e929 [ 103.943340][ T6434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.943352][ T6434] RSP: 002b:00007fefd0094038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 103.943364][ T6434] RAX: ffffffffffffffda RBX: 00007fefcf3b5fa0 RCX: 00007fefcf18e929 [ 103.943373][ T6434] RDX: 0000000000000000 RSI: 0000000000000037 RDI: 00002000000000c0 [ 103.943380][ T6434] RBP: 00007fefd0094090 R08: 0000000000000000 R09: 0000000000000000 [ 103.943387][ T6434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.943394][ T6434] R13: 0000000000000000 R14: 00007fefcf3b5fa0 R15: 00007ffe67f0fbb8 [ 103.943414][ T6434] [ 103.943433][ T6434] ERROR: Out of memory at tomoyo_realpath_from_path. [ 104.291584][ T5927] usbhid 1-1:0.0: can't add hid device: -71 [ 104.297589][ T5927] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 104.319610][ T5927] usb 1-1: USB disconnect, device number 6 [ 104.430413][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 104.430428][ T30] audit: type=1400 audit(1750622287.880:300): avc: denied { getopt } for pid=6444 comm="syz.4.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 104.456144][ C0] vkms_vblank_simulate: vblank timer overrun [ 104.682014][ T30] audit: type=1400 audit(1750622288.150:301): avc: denied { create } for pid=6458 comm="syz.1.156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 104.728152][ T30] audit: type=1400 audit(1750622288.150:302): avc: denied { create } for pid=6458 comm="syz.1.156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 104.905039][ T6468] random: crng reseeded on system resumption [ 106.102846][ T5865] vhci_hcd: vhci_device speed not set [ 106.155985][ T30] audit: type=1400 audit(1750622289.620:303): avc: denied { setopt } for pid=6477 comm="syz.4.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 106.194420][ T6487] FAULT_INJECTION: forcing a failure. [ 106.194420][ T6487] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 106.208518][ T6487] CPU: 1 UID: 0 PID: 6487 Comm: syz.2.161 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 106.208540][ T6487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.208549][ T6487] Call Trace: [ 106.208555][ T6487] [ 106.208561][ T6487] dump_stack_lvl+0x16c/0x1f0 [ 106.208588][ T6487] should_fail_ex+0x512/0x640 [ 106.208611][ T6487] should_fail_alloc_page+0xe7/0x130 [ 106.208634][ T6487] prepare_alloc_pages+0x3c2/0x610 [ 106.208654][ T6487] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 106.208674][ T6487] ? stack_trace_save+0x8e/0xc0 [ 106.208694][ T6487] ? __pfx_stack_trace_save+0x10/0x10 [ 106.208712][ T6487] ? stack_depot_save_flags+0x28/0xa40 [ 106.208738][ T6487] ? kasan_save_stack+0x42/0x60 [ 106.208757][ T6487] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 106.208775][ T6487] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 106.208794][ T6487] ? inode_init_always_gfp+0xce4/0x1030 [ 106.208814][ T6487] ? new_inode+0x22/0x1c0 [ 106.208828][ T6487] ? proc_sys_make_inode+0x47/0x5c0 [ 106.208848][ T6487] ? proc_sys_fill_cache.isra.0+0x393/0x4c0 [ 106.208874][ T6487] ? proc_sys_readdir+0x8a4/0xaa0 [ 106.208887][ T6487] ? iterate_dir+0x293/0xb40 [ 106.208902][ T6487] ? look_up_lock_class+0x6b/0x150 [ 106.208921][ T6487] ? do_syscall_64+0xcd/0x4c0 [ 106.208945][ T6487] ? register_lock_class+0x41/0x4c0 [ 106.208975][ T6487] ? __lock_acquire+0xb8a/0x1c90 [ 106.208995][ T6487] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 106.209014][ T6487] ? policy_nodemask+0xea/0x4e0 [ 106.209037][ T6487] alloc_pages_mpol+0x1fb/0x550 [ 106.209060][ T6487] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 106.209082][ T6487] ? find_held_lock+0x2b/0x80 [ 106.209104][ T6487] alloc_pages_noprof+0x131/0x390 [ 106.209126][ T6487] get_free_pages_noprof+0x10/0xb0 [ 106.209148][ T6487] inode_doinit_with_dentry+0x8d6/0x12e0 [ 106.209173][ T6487] ? update_parent_effective_cpumask+0x17f0/0x1f80 [ 106.209197][ T6487] ? __pfx_inode_doinit_with_dentry+0x10/0x10 [ 106.209226][ T6487] selinux_d_instantiate+0x26/0x30 [ 106.209245][ T6487] security_d_instantiate+0x142/0x1a0 [ 106.209267][ T6487] d_splice_alias+0x93/0xf80 [ 106.209282][ T6487] ? __pfx_net_ctl_set_ownership+0x10/0x10 [ 106.209305][ T6487] ? proc_sys_make_inode+0x384/0x5c0 [ 106.209330][ T6487] proc_sys_fill_cache.isra.0+0x39e/0x4c0 [ 106.209352][ T6487] ? find_entry.isra.0+0x1a0/0x280 [ 106.209373][ T6487] ? __pfx_proc_sys_fill_cache.isra.0+0x10/0x10 [ 106.209407][ T6487] ? do_raw_spin_unlock+0x172/0x230 [ 106.209433][ T6487] ? do_raw_spin_unlock+0x172/0x230 [ 106.209453][ T6487] proc_sys_readdir+0x8a4/0xaa0 [ 106.209477][ T6487] ? __pfx_proc_sys_readdir+0x10/0x10 [ 106.209492][ T6487] ? __pfx_down_read_killable+0x10/0x10 [ 106.209507][ T6487] ? selinux_file_permission+0x126/0x660 [ 106.209534][ T6487] iterate_dir+0x293/0xb40 [ 106.209556][ T6487] __x64_sys_getdents64+0x13c/0x2c0 [ 106.209576][ T6487] ? __pfx___x64_sys_getdents64+0x10/0x10 [ 106.209592][ T6487] ? fput+0x70/0xf0 [ 106.209613][ T6487] ? __pfx_filldir64+0x10/0x10 [ 106.209641][ T6487] do_syscall_64+0xcd/0x4c0 [ 106.209665][ T6487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.209681][ T6487] RIP: 0033:0x7f720a38e929 [ 106.209694][ T6487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.209708][ T6487] RSP: 002b:00007f720b24f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 106.209722][ T6487] RAX: ffffffffffffffda RBX: 00007f720a5b6080 RCX: 00007f720a38e929 [ 106.209731][ T6487] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000006 [ 106.209740][ T6487] RBP: 00007f720b24f090 R08: 0000000000000000 R09: 0000000000000000 [ 106.209748][ T6487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 106.209756][ T6487] R13: 0000000000000000 R14: 00007f720a5b6080 R15: 00007fff05d61658 [ 106.209780][ T6487] [ 106.899567][ T30] audit: type=1400 audit(1750622289.620:304): avc: denied { listen } for pid=6477 comm="syz.4.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 106.920164][ T30] audit: type=1400 audit(1750622289.620:305): avc: denied { write } for pid=6477 comm="syz.4.162" path="socket:[9693]" dev="sockfs" ino=9693 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 107.316000][ T5883] IPVS: starting estimator thread 0... [ 107.321118][ T30] audit: type=1400 audit(1750622290.790:306): avc: denied { bind } for pid=6499 comm="syz.0.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 107.409843][ T6500] IPVS: using max 37 ests per chain, 88800 per kthread [ 107.417651][ T92] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 107.445375][ T30] audit: type=1400 audit(1750622290.910:307): avc: denied { unlink } for pid=6502 comm="syz.1.170" name="#1" dev="tmpfs" ino=167 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 107.478499][ T30] audit: type=1400 audit(1750622290.940:308): avc: denied { mount } for pid=6502 comm="syz.1.170" name="/" dev="overlay" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 107.492261][ T6504] netlink: 12 bytes leftover after parsing attributes in process `syz.1.170'. [ 108.041149][ T92] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.052223][ T92] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 108.069835][ T92] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 108.083398][ T92] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 108.106407][ T92] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.119935][ T92] usb 4-1: config 0 descriptor?? [ 108.278563][ T6516] binder: BINDER_SET_CONTEXT_MGR already set [ 108.287307][ T6516] binder: 6515:6516 ioctl 4018620d 200000000040 returned -16 [ 108.297897][ T30] audit: type=1400 audit(1750622291.760:309): avc: denied { getopt } for pid=6517 comm="syz.4.174" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 108.349512][ T6516] syz.0.173 (6516): drop_caches: 2 [ 108.363113][ T6516] syz.0.173 (6516): drop_caches: 2 [ 108.444715][ T5865] kernel write not supported for file bpf-prog (pid: 5865 comm: kworker/1:3) [ 109.707949][ T92] usbhid 4-1:0.0: can't add hid device: -71 [ 109.717621][ T92] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 109.770953][ T92] usb 4-1: USB disconnect, device number 5 [ 109.888315][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 110.169704][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 110.351434][ T30] audit: type=1400 audit(1750622293.750:310): avc: denied { read } for pid=6541 comm="syz.3.182" path="socket:[10664]" dev="sockfs" ino=10664 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 110.745809][ T9] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 110.755858][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.804703][ T9] usb 5-1: config 0 descriptor?? [ 110.851056][ T30] audit: type=1400 audit(1750622294.310:311): avc: denied { ioctl } for pid=6549 comm="syz.0.185" path="/dev/uinput" dev="devtmpfs" ino=920 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 110.965483][ T6558] FAULT_INJECTION: forcing a failure. [ 110.965483][ T6558] name failslab, interval 1, probability 0, space 0, times 0 [ 111.003747][ T6558] CPU: 0 UID: 0 PID: 6558 Comm: syz.3.188 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 111.003772][ T6558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.003781][ T6558] Call Trace: [ 111.003786][ T6558] [ 111.003793][ T6558] dump_stack_lvl+0x16c/0x1f0 [ 111.003824][ T6558] should_fail_ex+0x512/0x640 [ 111.003844][ T6558] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 111.003867][ T6558] should_failslab+0xc2/0x120 [ 111.003890][ T6558] __kmalloc_cache_noprof+0x6a/0x3e0 [ 111.003910][ T6558] ? fuse_file_alloc+0x51/0x2d0 [ 111.003953][ T6558] fuse_file_alloc+0x51/0x2d0 [ 111.003974][ T6558] fuse_file_open+0x197/0x780 [ 111.003999][ T6558] fuse_open+0x1d6/0x8e0 [ 111.004023][ T6558] do_dentry_open+0x741/0x1c10 [ 111.004045][ T6558] ? __pfx_fuse_open+0x10/0x10 [ 111.004069][ T6558] vfs_open+0x82/0x3f0 [ 111.004099][ T6558] path_openat+0x1de4/0x2cb0 [ 111.004132][ T6558] ? __pfx_path_openat+0x10/0x10 [ 111.004162][ T6558] do_filp_open+0x20b/0x470 [ 111.004184][ T6558] ? __pfx_do_filp_open+0x10/0x10 [ 111.004228][ T6558] ? _raw_spin_unlock+0x28/0x50 [ 111.004248][ T6558] ? alloc_fd+0x471/0x7d0 [ 111.004279][ T6558] do_sys_openat2+0x11b/0x1d0 [ 111.004295][ T6558] ? __pfx_do_sys_openat2+0x10/0x10 [ 111.004313][ T6558] ? __fget_files+0x20e/0x3c0 [ 111.004342][ T6558] __x64_sys_open+0x153/0x1e0 [ 111.004357][ T6558] ? __pfx___x64_sys_open+0x10/0x10 [ 111.004378][ T6558] ? rcu_is_watching+0x12/0xc0 [ 111.004402][ T6558] do_syscall_64+0xcd/0x4c0 [ 111.004428][ T6558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.004455][ T6558] RIP: 0033:0x7fefcf18e929 [ 111.004469][ T6558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.004485][ T6558] RSP: 002b:00007fefd0094038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 111.004501][ T6558] RAX: ffffffffffffffda RBX: 00007fefcf3b5fa0 RCX: 00007fefcf18e929 [ 111.004511][ T6558] RDX: 0000000000000000 RSI: 0000000000000037 RDI: 00002000000000c0 [ 111.004521][ T6558] RBP: 00007fefd0094090 R08: 0000000000000000 R09: 0000000000000000 [ 111.004530][ T6558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.004539][ T6558] R13: 0000000000000000 R14: 00007fefcf3b5fa0 R15: 00007ffe67f0fbb8 [ 111.004564][ T6558] [ 111.246895][ T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 111.258679][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 111.270570][ T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 111.277738][ T9] usb 5-1: media controller created [ 111.290603][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 111.504039][ T30] audit: type=1400 audit(1750622294.970:312): avc: denied { search } for pid=6565 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 111.528061][ T30] audit: type=1400 audit(1750622294.970:313): avc: denied { search } for pid=6565 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1832 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 111.553158][ T30] audit: type=1400 audit(1750622294.970:314): avc: denied { search } for pid=6565 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 111.578658][ T30] audit: type=1400 audit(1750622294.970:315): avc: denied { search } for pid=6565 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1837 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 111.602985][ T30] audit: type=1400 audit(1750622294.970:316): avc: denied { read open } for pid=6567 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1837 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 111.604323][ T43] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 111.629157][ T30] audit: type=1400 audit(1750622294.970:317): avc: denied { getattr } for pid=6567 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1837 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 111.681079][ T30] audit: type=1400 audit(1750622294.980:318): avc: denied { getattr } for pid=6567 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=1878 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 111.752701][ T9] az6027: usb out operation failed. (-71) [ 111.769004][ T9] az6027: usb out operation failed. (-71) [ 111.793269][ T30] audit: type=1400 audit(1750622295.140:319): avc: denied { read } for pid=6569 comm="sed" name="eth0.dhcp" dev="tmpfs" ino=1878 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 111.817795][ T9] stb0899_attach: Driver disabled by Kconfig [ 111.825298][ T9] az6027: no front-end attached [ 111.825298][ T9] [ 111.832884][ T9] az6027: usb out operation failed. (-71) [ 111.861682][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 111.869917][ T43] usb 1-1: unable to get BOS descriptor or descriptor too short [ 111.882211][ T43] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32 [ 111.889670][ T9] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 111.934679][ T43] usb 1-1: language id specifier not provided by device, defaulting to English [ 111.942839][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input9 [ 111.958469][ T43] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 112.014883][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.022838][ T9] dvb-usb: schedule remote query interval to 400 msecs. [ 112.187078][ T6579] binder: 6574:6579 ioctl c020aa00 200000000180 returned -22 [ 112.206743][ T6582] netlink: 8 bytes leftover after parsing attributes in process `syz.2.190'. [ 112.216452][ T43] usb 1-1: Product: syz [ 112.248548][ T43] usb 1-1: Manufacturer: syz [ 112.260540][ T5883] usb 4-1: new low-speed USB device number 6 using dummy_hcd [ 112.263128][ T43] usb 1-1: SerialNumber: syz [ 112.342105][ T9] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 112.371358][ T9] usb 5-1: USB disconnect, device number 4 [ 112.485191][ T5883] usb 4-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 112.498401][ T9] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 112.517468][ T5883] usb 4-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 112.551579][ T5883] usb 4-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 112.561892][ T5883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.591294][ T6564] input: syz0 as /devices/virtual/input/input8 [ 112.629995][ T92] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 112.792027][ T92] usb 2-1: Using ep0 maxpacket: 32 [ 112.801638][ T5883] usb 4-1: string descriptor 0 read error: -71 [ 112.816157][ T5883] hub 4-1:32.0: USB hub found [ 112.822087][ T92] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 112.843270][ T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.860120][ T5883] hub 4-1:32.0: config failed, can't read hub descriptor (err -22) [ 112.888789][ T92] usb 2-1: config 0 descriptor?? [ 113.000084][ T5883] usb 4-1: USB disconnect, device number 6 [ 113.236739][ T92] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 113.261091][ T92] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 113.275215][ T92] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 113.283550][ T92] usb 2-1: media controller created [ 113.673634][ T92] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 114.182291][ T43] cdc_ncm 1-1:1.0: bind() failure [ 114.209085][ T43] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 114.283578][ T6622] 9pnet_virtio: no channels available for device syz [ 114.674002][ T43] cdc_ncm 1-1:1.1: bind() failure [ 114.686333][ T92] az6027: usb out operation failed. (-71) [ 114.692142][ T92] stb0899_attach: Driver disabled by Kconfig [ 114.708780][ T92] az6027: no front-end attached [ 114.708780][ T92] [ 114.724218][ T92] az6027: usb out operation failed. (-71) [ 114.739150][ T92] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 114.767006][ T43] usb 1-1: USB disconnect, device number 7 [ 114.783167][ T92] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input10 [ 114.903346][ T92] dvb-usb: schedule remote query interval to 400 msecs. [ 114.925424][ T92] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 114.975180][ T92] usb 2-1: USB disconnect, device number 6 [ 115.076546][ T92] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 115.333308][ T6642] binder: 6639:6642 ioctl c020aa00 200000000180 returned -22 [ 115.346584][ T6642] netlink: 8 bytes leftover after parsing attributes in process `syz.2.204'. [ 115.869070][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 115.869085][ T30] audit: type=1400 audit(1750622299.330:336): avc: denied { connect } for pid=6653 comm="syz.0.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 115.935200][ T6654] netlink: 4 bytes leftover after parsing attributes in process `syz.0.209'. [ 115.983537][ T92] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 116.050143][ T6658] 9pnet_fd: Insufficient options for proto=fd [ 116.926675][ T92] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 116.937787][ T92] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.947883][ T92] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 116.957179][ T92] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.967894][ T92] usb 5-1: config 0 descriptor?? [ 116.998971][ T92] hub 5-1:0.0: USB hub found [ 117.139608][ T6680] NILFS (nullb0): couldn't find nilfs on the device [ 117.360082][ T92] hub 5-1:0.0: 2 ports detected [ 117.710522][ T6693] netlink: 20 bytes leftover after parsing attributes in process `syz.2.216'. [ 117.845403][ T30] audit: type=1804 audit(1750622301.310:337): pid=6699 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.215" name="/newroot/43/file0" dev="tmpfs" ino=236 res=1 errno=0 [ 118.457082][ T6689] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.518294][ T30] audit: type=1400 audit(1750622301.980:338): avc: denied { sys_module } for pid=6688 comm="syz.2.216" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 119.089266][ T92] hub 5-1:0.0: hub_ext_port_status failed (err = -32) [ 119.129752][ T5927] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 119.227644][ T6715] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.411155][ T5927] usb 3-1: config 2 has an invalid interface number: 49 but max is 0 [ 119.461911][ T30] audit: type=1400 audit(1750622302.640:339): avc: denied { getopt } for pid=6712 comm="syz.1.219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 119.496292][ T5927] usb 3-1: config 2 contains an unexpected descriptor of type 0x2, skipping [ 119.529818][ T5927] usb 3-1: config 2 contains an unexpected descriptor of type 0x1, skipping [ 119.559745][ T30] audit: type=1400 audit(1750622302.640:340): avc: denied { setopt } for pid=6712 comm="syz.1.219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 119.579492][ T5927] usb 3-1: config 2 has no interface number 0 [ 119.589776][ T5927] usb 3-1: config 2 interface 49 altsetting 6 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 119.611877][ T5927] usb 3-1: config 2 interface 49 altsetting 6 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 119.637302][ T5927] usb 3-1: config 2 interface 49 altsetting 6 bulk endpoint 0x4 has invalid maxpacket 8 [ 119.656595][ T5927] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 119.694395][ T5927] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 119.726319][ T5927] usb 3-1: config 2 interface 49 altsetting 6 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 119.759897][ T5927] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x5, skipping [ 119.803107][ T5927] usb 3-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 119.832985][ T5927] usb 3-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 119.857455][ T5927] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x8, skipping [ 119.883451][ T5927] usb 3-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 119.908715][ T5927] usb 3-1: config 2 interface 49 has no altsetting 0 [ 119.925126][ T5927] usb 3-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=e1.31 [ 119.934513][ T5927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.949362][ T5927] usb 3-1: Product: syz [ 119.954458][ T5927] usb 3-1: Manufacturer: syz [ 119.959371][ T5927] usb 3-1: SerialNumber: syz [ 119.971171][ T6703] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 120.999326][ T5927] ems_usb 3-1:2.49 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 121.056575][ T5927] ems_usb 3-1:2.49: probe with driver ems_usb failed with error -22 [ 121.106398][ T5927] usb 3-1: USB disconnect, device number 4 [ 121.134016][ T6743] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 121.143597][ T5883] usb 5-1: USB disconnect, device number 5 [ 121.206735][ T6743] overlayfs: missing 'lowerdir' [ 121.803119][ T5927] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 121.859721][ T5865] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 122.459716][ T5927] usb 1-1: Using ep0 maxpacket: 8 [ 122.474128][ T5927] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 122.484860][ T5927] usb 1-1: config 0 has no interface number 0 [ 122.498602][ T5927] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 122.510912][ T5927] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32800, setting to 1024 [ 122.535225][ T5865] usb 3-1: device descriptor read/64, error -71 [ 122.559153][ T5927] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 122.585076][ T6790] netlink: 20 bytes leftover after parsing attributes in process `syz.4.237'. [ 122.595155][ T5927] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 122.619728][ T5927] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 122.652527][ T6787] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.707125][ T5927] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 122.737611][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.792033][ T5927] usb 1-1: config 0 descriptor?? [ 122.806688][ T5927] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 122.820437][ T5865] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 122.970106][ T3164] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 122.981824][ T5865] usb 3-1: device descriptor read/64, error -71 [ 123.105821][ T5865] usb usb3-port1: attempt power cycle [ 123.335475][ T3164] usb 5-1: config 2 has an invalid interface number: 49 but max is 0 [ 123.344563][ T3164] usb 5-1: config 2 contains an unexpected descriptor of type 0x2, skipping [ 123.369099][ T3164] usb 5-1: config 2 contains an unexpected descriptor of type 0x1, skipping [ 123.379309][ T3164] usb 5-1: config 2 has no interface number 0 [ 123.397787][ T5927] usb 1-1: USB disconnect, device number 8 [ 123.403748][ C1] ldusb 1-1:0.55: usb_submit_urb failed (-19) [ 123.418017][ T3164] usb 5-1: config 2 interface 49 altsetting 6 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 123.445421][ T5927] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 123.457371][ T3164] usb 5-1: config 2 interface 49 altsetting 6 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 123.473536][ T3164] usb 5-1: config 2 interface 49 altsetting 6 bulk endpoint 0x4 has invalid maxpacket 8 [ 123.488019][ T3164] usb 5-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 123.500670][ T3164] usb 5-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 123.511592][ T3164] usb 5-1: config 2 interface 49 altsetting 6 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 123.523494][ T3164] usb 5-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x5, skipping [ 123.534493][ T3164] usb 5-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 123.545820][ T3164] usb 5-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 123.559090][ T3164] usb 5-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x8, skipping [ 123.579912][ T3164] usb 5-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 123.592208][ T3164] usb 5-1: config 2 interface 49 has no altsetting 0 [ 123.601081][ T3164] usb 5-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=e1.31 [ 123.610530][ T5865] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 123.619353][ T3164] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.627773][ T3164] usb 5-1: Product: syz [ 123.636190][ T3164] usb 5-1: Manufacturer: syz [ 123.640947][ T5865] usb 3-1: device descriptor read/8, error -71 [ 123.647634][ T3164] usb 5-1: SerialNumber: syz [ 123.668182][ T6765] ldusb: No device or device unplugged -19 [ 123.691650][ T6787] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 124.004355][ T3164] ems_usb 5-1:2.49 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 124.022379][ T5185] udevd[5185]: worker [6299] terminated by signal 33 (Unknown signal 33) [ 124.031307][ T3164] ems_usb 5-1:2.49: probe with driver ems_usb failed with error -22 [ 124.039773][ T5185] udevd[5185]: worker [6299] failed while handling '/devices/virtual/block/loop3' [ 124.520541][ T3164] usb 5-1: USB disconnect, device number 6 [ 124.550154][ T5865] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 124.660925][ T5865] usb 3-1: device descriptor read/8, error -71 [ 125.551543][ T6813] FAULT_INJECTION: forcing a failure. [ 125.551543][ T6813] name failslab, interval 1, probability 0, space 0, times 0 [ 125.564258][ T6813] CPU: 1 UID: 0 PID: 6813 Comm: syz.2.243 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 125.564279][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.564289][ T6813] Call Trace: [ 125.564295][ T6813] [ 125.564301][ T6813] dump_stack_lvl+0x16c/0x1f0 [ 125.564329][ T6813] should_fail_ex+0x512/0x640 [ 125.564350][ T6813] ? __kmalloc_noprof+0xbf/0x510 [ 125.564374][ T6813] ? alloc_pipe_info+0x1ec/0x590 [ 125.564397][ T6813] should_failslab+0xc2/0x120 [ 125.564430][ T6813] __kmalloc_noprof+0xd2/0x510 [ 125.564458][ T6813] alloc_pipe_info+0x1ec/0x590 [ 125.564485][ T6813] splice_direct_to_actor+0x77d/0xa30 [ 125.564509][ T6813] ? __pfx_direct_splice_actor+0x10/0x10 [ 125.564534][ T6813] ? find_held_lock+0x2b/0x80 [ 125.564554][ T6813] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 125.564573][ T6813] ? get_pid_task+0xfc/0x250 [ 125.564611][ T6813] do_splice_direct+0x174/0x240 [ 125.564633][ T6813] ? __pfx_do_splice_direct+0x10/0x10 [ 125.564655][ T6813] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 125.564682][ T6813] ? rw_verify_area+0xcf/0x680 [ 125.564704][ T6813] do_sendfile+0xb06/0xe50 [ 125.564732][ T6813] ? __pfx_do_sendfile+0x10/0x10 [ 125.564761][ T6813] __x64_sys_sendfile64+0x154/0x220 [ 125.564785][ T6813] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 125.564816][ T6813] do_syscall_64+0xcd/0x4c0 [ 125.564841][ T6813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.564858][ T6813] RIP: 0033:0x7f720a38e929 [ 125.564872][ T6813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.564887][ T6813] RSP: 002b:00007f720b270038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 125.564905][ T6813] RAX: ffffffffffffffda RBX: 00007f720a5b5fa0 RCX: 00007f720a38e929 [ 125.564915][ T6813] RDX: 0000200000000040 RSI: 0000000000000003 RDI: 0000000000000007 [ 125.564925][ T6813] RBP: 00007f720b270090 R08: 0000000000000000 R09: 0000000000000000 [ 125.564934][ T6813] R10: 000000000000023b R11: 0000000000000246 R12: 0000000000000001 [ 125.564944][ T6813] R13: 0000000000000000 R14: 00007f720a5b5fa0 R15: 00007fff05d61658 [ 125.564966][ T6813] [ 125.842025][ T5865] usb usb3-port1: unable to enumerate USB device [ 125.929692][ T30] audit: type=1400 audit(1750622309.370:341): avc: denied { read append } for pid=6817 comm="syz.1.244" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 125.953939][ C0] vkms_vblank_simulate: vblank timer overrun [ 126.055055][ T30] audit: type=1400 audit(1750622309.370:342): avc: denied { open } for pid=6817 comm="syz.1.244" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 126.085554][ T30] audit: type=1400 audit(1750622309.370:343): avc: denied { ioctl } for pid=6817 comm="syz.1.244" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x3b87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 126.345530][ T6828] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 126.443234][ T30] audit: type=1400 audit(1750622309.880:344): avc: denied { setopt } for pid=6824 comm="syz.0.250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 126.478171][ T6821] binder: 6820:6821 ioctl c0306201 200000000240 returned -11 [ 126.819432][ T6836] syz.3.251 (6836): drop_caches: 2 [ 126.957742][ T6836] syz.3.251 (6836): drop_caches: 2 [ 127.421260][ T92] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 127.771957][ T5883] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 127.959696][ T92] usb 1-1: Using ep0 maxpacket: 32 [ 127.991988][ T92] usb 1-1: config 0 has an invalid interface number: 145 but max is 1 [ 128.017457][ T92] usb 1-1: config 0 has an invalid interface number: 43 but max is 1 [ 128.045051][ T92] usb 1-1: config 0 has no interface number 0 [ 128.059717][ T92] usb 1-1: config 0 has no interface number 1 [ 128.075373][ T92] usb 1-1: config 0 interface 43 altsetting 250 bulk endpoint 0xF has invalid maxpacket 1023 [ 128.089797][ T92] usb 1-1: config 0 interface 43 altsetting 250 has a duplicate endpoint with address 0x2, skipping [ 128.107832][ T92] usb 1-1: config 0 interface 43 altsetting 250 has an endpoint descriptor with address 0xCE, changing to 0x8E [ 128.127978][ T5883] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 128.152536][ T92] usb 1-1: config 0 interface 43 altsetting 250 endpoint 0x8E has an invalid bInterval 180, changing to 11 [ 128.483336][ T6828] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 128.574508][ T5814] Bluetooth: hci0: command 0x0c1a tx timeout [ 128.586334][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 128.669092][ T92] usb 1-1: config 0 interface 43 altsetting 250 endpoint 0x8E has invalid maxpacket 16902, setting to 1024 [ 128.724792][ T30] audit: type=1400 audit(1750622312.160:345): avc: denied { bind } for pid=6853 comm="syz.3.256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 128.758790][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 128.824109][ T92] usb 1-1: config 0 interface 43 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 128.870064][ T5883] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 128.944255][ T92] usb 1-1: config 0 interface 145 has no altsetting 0 [ 128.964510][ T5883] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 128.986425][ T92] usb 1-1: config 0 interface 43 has no altsetting 0 [ 129.002557][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.080506][ T92] usb 1-1: New USB device found, idVendor=06cd, idProduct=0104, bcdDevice=c8.6a [ 129.149797][ T6863] binder: BINDER_SET_CONTEXT_MGR already set [ 129.157118][ T6863] binder: 6862:6863 ioctl 4018620d 200000000280 returned -16 [ 129.158881][ T6865] binder: 6860:6865 ioctl c020aa00 200000000180 returned -22 [ 129.326499][ T92] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.470094][ T5883] usb 2-1: config 0 descriptor?? [ 129.477803][ T92] usb 1-1: Product: syz [ 129.584276][ T6843] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 129.614963][ T6867] binder: 6862:6867 ioctl c020aa00 200000000180 returned -22 [ 129.634077][ T6867] netlink: 8 bytes leftover after parsing attributes in process `syz.4.257'. [ 129.859712][ T92] usb 1-1: Manufacturer: syz [ 129.874567][ T92] usb 1-1: SerialNumber: syz [ 129.938244][ T92] usb 1-1: config 0 descriptor?? [ 129.944829][ T92] usb 1-1: can't set config #0, error -71 [ 129.952171][ T92] usb 1-1: USB disconnect, device number 9 [ 129.976189][ T5883] usbhid 2-1:0.0: can't add hid device: -71 [ 129.983632][ T5883] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 129.989542][ T6861] netlink: 8 bytes leftover after parsing attributes in process `syz.2.258'. [ 130.118597][ T5883] usb 2-1: USB disconnect, device number 7 [ 130.175895][ T6879] binder: 6875:6879 ioctl c0306201 200000000240 returned -11 [ 130.364221][ T6896] FAULT_INJECTION: forcing a failure. [ 130.364221][ T6896] name failslab, interval 1, probability 0, space 0, times 0 [ 130.385308][ T6896] CPU: 0 UID: 0 PID: 6896 Comm: syz.4.266 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 130.385332][ T6896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 130.385342][ T6896] Call Trace: [ 130.385348][ T6896] [ 130.385354][ T6896] dump_stack_lvl+0x16c/0x1f0 [ 130.385384][ T6896] should_fail_ex+0x512/0x640 [ 130.385408][ T6896] should_failslab+0xc2/0x120 [ 130.385433][ T6896] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 130.385456][ T6896] ? skb_clone+0x190/0x3f0 [ 130.385481][ T6896] skb_clone+0x190/0x3f0 [ 130.385504][ T6896] netlink_deliver_tap+0xabd/0xd30 [ 130.385533][ T6896] netlink_unicast+0x5df/0x7f0 [ 130.385553][ T6896] ? __pfx_netlink_unicast+0x10/0x10 [ 130.385576][ T6896] netlink_sendmsg+0x8d1/0xdd0 [ 130.385598][ T6896] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.385625][ T6896] ____sys_sendmsg+0xa98/0xc70 [ 130.385643][ T6896] ? copy_msghdr_from_user+0x10a/0x160 [ 130.385664][ T6896] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.385683][ T6896] ? kfree+0x24f/0x4d0 [ 130.385697][ T6896] ? __pfx__kstrtoull+0x10/0x10 [ 130.385717][ T6896] ___sys_sendmsg+0x134/0x1d0 [ 130.385739][ T6896] ? __pfx____sys_sendmsg+0x10/0x10 [ 130.385796][ T6896] ? __pfx___might_resched+0x10/0x10 [ 130.385823][ T6896] __sys_sendmmsg+0x200/0x420 [ 130.385849][ T6896] ? __pfx___sys_sendmmsg+0x10/0x10 [ 130.385881][ T6896] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 130.385919][ T6896] ? fput+0x70/0xf0 [ 130.385943][ T6896] ? ksys_write+0x1ac/0x250 [ 130.385962][ T6896] ? __pfx_ksys_write+0x10/0x10 [ 130.385987][ T6896] __x64_sys_sendmmsg+0x9c/0x100 [ 130.386008][ T6896] ? lockdep_hardirqs_on+0x7c/0x110 [ 130.386031][ T6896] do_syscall_64+0xcd/0x4c0 [ 130.386058][ T6896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.386075][ T6896] RIP: 0033:0x7fa85bd8e929 [ 130.386089][ T6896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.386106][ T6896] RSP: 002b:00007fa859bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 130.386122][ T6896] RAX: ffffffffffffffda RBX: 00007fa85bfb5fa0 RCX: 00007fa85bd8e929 [ 130.386133][ T6896] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004 [ 130.386143][ T6896] RBP: 00007fa859bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 130.386153][ T6896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 130.386162][ T6896] R13: 0000000000000000 R14: 00007fa85bfb5fa0 R15: 00007ffd3a970838 [ 130.386186][ T6896] [ 130.694553][ T30] audit: type=1400 audit(1750622314.160:346): avc: denied { ioctl } for pid=6901 comm="syz.4.269" path="socket:[11263]" dev="sockfs" ino=11263 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 130.709698][ T5883] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 130.722121][ T6902] netlink: 8 bytes leftover after parsing attributes in process `syz.4.269'. [ 130.789699][ T24] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 130.888699][ T30] audit: type=1400 audit(1750622314.210:347): avc: denied { connect } for pid=6894 comm="syz.3.267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 130.944791][ T30] audit: type=1400 audit(1750622314.210:348): avc: denied { read append } for pid=6894 comm="syz.3.267" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 130.949703][ T5883] usb 2-1: Using ep0 maxpacket: 32 [ 130.999535][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.040012][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 131.047212][ T24] usb 1-1: unable to get BOS descriptor or descriptor too short [ 131.961104][ T24] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 132.129831][ T9] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 132.700418][ T24] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 132.759740][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.768937][ T24] usb 1-1: Product: syz [ 132.773177][ T24] usb 1-1: Manufacturer: syz [ 132.777801][ T24] usb 1-1: SerialNumber: syz [ 132.786439][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.793029][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.801294][ T5883] usb 2-1: New USB device found, idVendor=0525, idProduct=2888, bcdDevice=d0.43 [ 132.807777][ T30] audit: type=1400 audit(1750622314.210:349): avc: denied { open } for pid=6894 comm="syz.3.267" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 132.838521][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.843602][ T30] audit: type=1400 audit(1750622314.210:350): avc: denied { ioctl } for pid=6894 comm="syz.3.267" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9379 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 132.904802][ T30] audit: type=1400 audit(1750622314.450:351): avc: denied { setopt } for pid=6904 comm="syz.4.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 132.929445][ T5883] usb 2-1: config 0 descriptor?? [ 132.981941][ T6908] syz.2.271 (6908): drop_caches: 2 [ 132.996934][ T6899] netlink: 72 bytes leftover after parsing attributes in process `syz.0.268'. [ 133.012343][ T6899] netlink: 4 bytes leftover after parsing attributes in process `syz.0.268'. [ 133.021335][ T30] audit: type=1400 audit(1750622316.460:352): avc: denied { nlmsg_write } for pid=6898 comm="syz.0.268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 133.043368][ T6899] netlink: 12 bytes leftover after parsing attributes in process `syz.0.268'. [ 133.058049][ T6908] syz.2.271 (6908): drop_caches: 2 [ 133.207966][ T24] usb 1-1: Cannot retrieve CPort count: 0 [ 133.213919][ T24] usb 1-1: Cannot retrieve CPort count: -5 [ 133.219843][ T24] es2_ap_driver 1-1:7.0: probe with driver es2_ap_driver failed with error -5 [ 133.225977][ T5883] cdc_subset 2-1:0.0: probe with driver cdc_subset failed with error -71 [ 133.298408][ T5883] usb 2-1: USB disconnect, device number 8 [ 133.332207][ T6914] random: crng reseeded on system resumption [ 133.359991][ T30] audit: type=1400 audit(1750622316.820:353): avc: denied { read } for pid=6913 comm="syz.1.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 133.434505][ T92] usb 1-1: USB disconnect, device number 10 [ 133.504218][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 133.528437][ T9] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 133.558384][ T9] usb 5-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 133.579830][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.605959][ T9] usb 5-1: config 0 descriptor?? [ 133.643826][ T30] audit: type=1400 audit(1750622317.110:354): avc: denied { map } for pid=6919 comm="syz.3.276" path="socket:[12335]" dev="sockfs" ino=12335 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 133.662361][ T6918] netlink: 20 bytes leftover after parsing attributes in process `syz.2.275'. [ 133.682849][ T30] audit: type=1400 audit(1750622317.110:355): avc: denied { read } for pid=6919 comm="syz.3.276" path="socket:[12335]" dev="sockfs" ino=12335 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 133.815712][ T6931] binder: 6930:6931 ioctl c0306201 2000000004c0 returned -14 [ 134.029890][ T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 134.093819][ T6934] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 135.143782][ T92] usb 5-1: USB disconnect, device number 7 [ 135.263171][ T24] usb 3-1: config 2 has an invalid interface number: 49 but max is 0 [ 135.271599][ T24] usb 3-1: config 2 contains an unexpected descriptor of type 0x2, skipping [ 135.345153][ T24] usb 3-1: config 2 contains an unexpected descriptor of type 0x1, skipping [ 135.355651][ T24] usb 3-1: config 2 has no interface number 0 [ 135.364491][ T24] usb 3-1: config 2 interface 49 altsetting 6 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 135.907150][ T24] usb 3-1: config 2 interface 49 altsetting 6 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 135.920459][ T24] usb 3-1: config 2 interface 49 altsetting 6 bulk endpoint 0x4 has invalid maxpacket 8 [ 135.945534][ T24] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 135.952937][ T6944] team_slave_0: entered promiscuous mode [ 135.956328][ T24] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 135.962085][ T6944] team_slave_1: entered promiscuous mode [ 136.040750][ T24] usb 3-1: config 2 interface 49 altsetting 6 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 136.112398][ T24] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x5, skipping [ 136.125097][ T9] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 136.165934][ T9] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 136.179926][ T24] usb 3-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 136.193455][ T24] usb 3-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 136.206095][ T24] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x8, skipping [ 136.317760][ T24] usb 3-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 136.385125][ T24] usb 3-1: config 2 interface 49 has no altsetting 0 [ 136.392030][ T5927] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 136.412920][ T24] usb 3-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=e1.31 [ 136.422724][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.432482][ T24] usb 3-1: Product: syz [ 136.439965][ T24] usb 3-1: Manufacturer: syz [ 136.471121][ T24] usb 3-1: SerialNumber: syz [ 136.503910][ T6929] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 136.559747][ T5927] usb 4-1: Using ep0 maxpacket: 16 [ 136.584203][ T5927] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 136.599778][ T5927] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.640614][ T24] ems_usb 3-1:2.49 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 136.659870][ T5927] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.670464][ T24] ems_usb 3-1:2.49: probe with driver ems_usb failed with error -22 [ 136.696748][ T6959] syzkaller0: entered promiscuous mode [ 136.714134][ T5927] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 136.727586][ T6959] syzkaller0: entered allmulticast mode [ 136.737964][ T24] usb 3-1: USB disconnect, device number 9 [ 136.770258][ T5927] usb 4-1: config 0 interface 0 has no altsetting 0 [ 136.776879][ T5927] usb 4-1: New USB device found, idVendor=04b4, idProduct=ed81, bcdDevice= 0.00 [ 136.841578][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.884125][ T5927] usb 4-1: config 0 descriptor?? [ 136.929938][ T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 136.953191][ T6965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.976031][ T6965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.991155][ T5883] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 137.006070][ T5883] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 137.020061][ T6965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.079766][ T9] usb 1-1: device descriptor read/64, error -71 [ 137.308558][ T5927] cypress 0003:04B4:ED81.0006: item fetching failed at offset 0/4 [ 137.319751][ T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 137.320340][ T5927] cypress 0003:04B4:ED81.0006: parse failed [ 137.335197][ T5927] cypress 0003:04B4:ED81.0006: probe with driver cypress failed with error -22 [ 137.484914][ T9] usb 1-1: device descriptor read/64, error -71 [ 137.599945][ T9] usb usb1-port1: attempt power cycle [ 137.843041][ T6973] pim6reg1: entered promiscuous mode [ 137.860907][ T6973] pim6reg1: entered allmulticast mode [ 137.879810][ T30] audit: type=1400 audit(1750622321.340:356): avc: denied { ioctl } for pid=6972 comm="syz.2.292" path="socket:[11674]" dev="sockfs" ino=11674 ioctlcmd=0xb100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 137.969739][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 137.990861][ T9] usb 1-1: device descriptor read/8, error -71 [ 138.159096][ T30] audit: type=1400 audit(1750622321.620:357): avc: denied { bind } for pid=6983 comm="syz.1.296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 138.180918][ T30] audit: type=1400 audit(1750622321.620:358): avc: denied { name_bind } for pid=6983 comm="syz.1.296" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 138.204119][ T30] audit: type=1400 audit(1750622321.620:359): avc: denied { node_bind } for pid=6983 comm="syz.1.296" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 138.249747][ T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 138.270229][ T9] usb 1-1: device descriptor read/8, error -71 [ 138.379991][ T9] usb usb1-port1: unable to enumerate USB device [ 138.399018][ T12] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 138.399954][ T5883] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 138.520463][ T2128] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 138.542176][ T5927] usb 4-1: USB disconnect, device number 7 [ 138.565478][ T5883] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 138.586841][ T5883] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 138.597970][ T5883] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 138.611854][ T5883] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 138.620979][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.630897][ T2128] wlan1: authentication with 08:02:11:00:00:00 timed out [ 138.648191][ T6984] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 139.600712][ T5883] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 139.639384][ T5883] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input12 [ 139.727761][ T6998] netlink: 20 bytes leftover after parsing attributes in process `syz.4.298'. [ 139.737429][ T6996] FAULT_INJECTION: forcing a failure. [ 139.737429][ T6996] name failslab, interval 1, probability 0, space 0, times 0 [ 139.750056][ T6996] CPU: 0 UID: 0 PID: 6996 Comm: syz.2.300 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 139.750069][ T6996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 139.750075][ T6996] Call Trace: [ 139.750079][ T6996] [ 139.750083][ T6996] dump_stack_lvl+0x16c/0x1f0 [ 139.750101][ T6996] should_fail_ex+0x512/0x640 [ 139.750114][ T6996] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 139.750130][ T6996] should_failslab+0xc2/0x120 [ 139.750145][ T6996] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 139.750159][ T6996] ? proc_alloc_inode+0x25/0x200 [ 139.750176][ T6996] ? __pfx_proc_alloc_inode+0x10/0x10 [ 139.750189][ T6996] proc_alloc_inode+0x25/0x200 [ 139.750203][ T6996] alloc_inode+0x64/0x240 [ 139.750214][ T6996] new_inode+0x22/0x1c0 [ 139.750225][ T6996] proc_sys_make_inode+0x47/0x5c0 [ 139.750242][ T6996] proc_sys_fill_cache.isra.0+0x393/0x4c0 [ 139.750257][ T6996] ? find_entry.isra.0+0x1a0/0x280 [ 139.750272][ T6996] ? __pfx_proc_sys_fill_cache.isra.0+0x10/0x10 [ 139.750292][ T6996] ? do_raw_spin_unlock+0x172/0x230 [ 139.750309][ T6996] ? do_raw_spin_unlock+0x172/0x230 [ 139.750321][ T6996] proc_sys_readdir+0x8a4/0xaa0 [ 139.750333][ T6996] ? __pfx_proc_sys_readdir+0x10/0x10 [ 139.750343][ T6996] ? __pfx_down_read_killable+0x10/0x10 [ 139.750354][ T6996] ? selinux_file_permission+0x126/0x660 [ 139.750371][ T6996] iterate_dir+0x293/0xb40 [ 139.750385][ T6996] __x64_sys_getdents64+0x13c/0x2c0 [ 139.750398][ T6996] ? __pfx___x64_sys_getdents64+0x10/0x10 [ 139.750409][ T6996] ? fput+0x70/0xf0 [ 139.750424][ T6996] ? __pfx_filldir64+0x10/0x10 [ 139.750440][ T6996] do_syscall_64+0xcd/0x4c0 [ 139.750456][ T6996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.750466][ T6996] RIP: 0033:0x7f720a38e929 [ 139.750475][ T6996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.750485][ T6996] RSP: 002b:00007f720b270038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 139.750499][ T6996] RAX: ffffffffffffffda RBX: 00007f720a5b5fa0 RCX: 00007f720a38e929 [ 139.750505][ T6996] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000006 [ 139.750511][ T6996] RBP: 00007f720b270090 R08: 0000000000000000 R09: 0000000000000000 [ 139.750517][ T6996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 139.750522][ T6996] R13: 0000000000000000 R14: 00007f720a5b5fa0 R15: 00007fff05d61658 [ 139.750535][ T6996] [ 140.087864][ T5927] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 140.254500][ T5927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.267052][ T5927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.278078][ T5927] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 140.291972][ T5927] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 140.301074][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.311755][ T5927] usb 4-1: config 0 descriptor?? [ 140.350903][ T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 140.618705][ T24] usb 5-1: config 2 has an invalid interface number: 49 but max is 0 [ 140.638438][ T24] usb 5-1: config 2 contains an unexpected descriptor of type 0x2, skipping [ 140.650382][ T24] usb 5-1: config 2 contains an unexpected descriptor of type 0x1, skipping [ 140.682454][ T24] usb 5-1: config 2 has no interface number 0 [ 140.688613][ T24] usb 5-1: config 2 interface 49 altsetting 6 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 140.756896][ T30] audit: type=1400 audit(1750622324.190:360): avc: denied { connect } for pid=7008 comm="syz.2.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 140.779249][ T24] usb 5-1: config 2 interface 49 altsetting 6 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 140.805762][ T3164] usb 2-1: USB disconnect, device number 9 [ 140.805792][ C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 140.832736][ T24] usb 5-1: config 2 interface 49 altsetting 6 bulk endpoint 0x4 has invalid maxpacket 8 [ 140.900016][ T5927] usbhid 4-1:0.0: can't add hid device: -71 [ 140.912515][ T24] usb 5-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 140.938281][ T5927] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 141.002892][ T24] usb 5-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 141.032442][ T5927] usb 4-1: USB disconnect, device number 8 [ 141.048690][ T24] usb 5-1: config 2 interface 49 altsetting 6 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 141.082719][ T24] usb 5-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x5, skipping [ 141.094756][ T24] usb 5-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 141.264209][ T24] usb 5-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 141.275818][ T24] usb 5-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x8, skipping [ 141.294213][ T24] usb 5-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 141.305506][ T24] usb 5-1: config 2 interface 49 has no altsetting 0 [ 142.271644][ T24] usb 5-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=e1.31 [ 142.297555][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.308505][ T24] usb 5-1: Product: syz [ 142.317782][ T24] usb 5-1: Manufacturer: syz [ 142.333900][ T24] usb 5-1: SerialNumber: syz [ 142.369320][ T7003] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 142.387458][ T7030] netlink: 8 bytes leftover after parsing attributes in process `syz.3.305'. [ 142.569839][ T5883] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 142.719789][ T5883] usb 2-1: Using ep0 maxpacket: 32 [ 142.728602][ T5883] usb 2-1: config 0 has an invalid interface number: 145 but max is 1 [ 142.738138][ T5883] usb 2-1: config 0 has an invalid interface number: 43 but max is 1 [ 142.746338][ T5883] usb 2-1: config 0 has no interface number 0 [ 142.750675][ T5927] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 142.752631][ T5883] usb 2-1: config 0 has no interface number 1 [ 142.768777][ T5883] usb 2-1: config 0 interface 43 altsetting 250 bulk endpoint 0xF has invalid maxpacket 1023 [ 142.779278][ T5883] usb 2-1: config 0 interface 43 altsetting 250 has a duplicate endpoint with address 0x2, skipping [ 142.792929][ T5883] usb 2-1: config 0 interface 43 altsetting 250 has an endpoint descriptor with address 0xCE, changing to 0x8E [ 142.805475][ T5883] usb 2-1: config 0 interface 43 altsetting 250 endpoint 0x8E has an invalid bInterval 180, changing to 11 [ 142.817224][ T5883] usb 2-1: config 0 interface 43 altsetting 250 endpoint 0x8E has invalid maxpacket 16902, setting to 1024 [ 142.828969][ T5883] usb 2-1: config 0 interface 43 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 142.842282][ T5883] usb 2-1: config 0 interface 145 has no altsetting 0 [ 142.849069][ T5883] usb 2-1: config 0 interface 43 has no altsetting 0 [ 142.857859][ T5883] usb 2-1: New USB device found, idVendor=06cd, idProduct=0104, bcdDevice=c8.6a [ 142.866968][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.875217][ T5883] usb 2-1: Product: syz [ 142.879396][ T5883] usb 2-1: Manufacturer: syz [ 142.884051][ T5883] usb 2-1: SerialNumber: syz [ 142.894660][ T5883] usb 2-1: config 0 descriptor?? [ 142.949696][ T5927] usb 4-1: Using ep0 maxpacket: 16 [ 142.956751][ T5927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.968117][ T5927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.977947][ T5927] usb 4-1: New USB device found, idVendor=06a3, idProduct=0ccb, bcdDevice= 0.00 [ 142.987044][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.998090][ T5927] usb 4-1: config 0 descriptor?? [ 143.111499][ T7029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.126207][ T7029] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.140841][ T5883] keyspan_pda 2-1:0.145: required endpoints missing [ 143.151990][ T5883] keyspan_pda 2-1:0.43: Keyspan PDA converter detected [ 143.163744][ T5883] usb 2-1: Keyspan PDA converter now attached to ttyUSB0 [ 143.175017][ T5883] usb 2-1: USB disconnect, device number 10 [ 143.202346][ T5883] keyspan_pda ttyUSB0: Keyspan PDA converter now disconnected from ttyUSB0 [ 143.213648][ T5883] keyspan_pda 2-1:0.43: device disconnected [ 143.377761][ T24] ems_usb 5-1:2.49 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 143.399975][ T24] ems_usb 5-1:2.49: probe with driver ems_usb failed with error -22 [ 143.608118][ T24] usb 5-1: USB disconnect, device number 8 [ 144.015785][ T30] audit: type=1400 audit(1750622327.480:361): avc: denied { accept } for pid=7053 comm="syz.1.311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 144.087545][ T7058] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 144.094088][ T7058] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 144.173526][ T7058] vhci_hcd vhci_hcd.0: Device attached [ 144.219121][ T7066] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 144.225653][ T7066] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 144.238564][ T7066] vhci_hcd vhci_hcd.0: Device attached [ 144.431999][ T24] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 144.450269][ T3164] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 144.479892][ T9] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 144.622230][ T3164] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.640716][ T3164] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.654571][ T3164] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 144.664844][ T3164] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.727602][ T3164] usb 2-1: config 0 descriptor?? [ 145.209805][ T7067] vhci_hcd: connection reset by peer [ 145.220067][ T12] vhci_hcd: stop threads [ 145.238884][ T12] vhci_hcd: release socket [ 145.254928][ T12] vhci_hcd: disconnect device [ 145.269783][ T43] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 145.306065][ T7059] vhci_hcd: connection reset by peer [ 145.315770][ T1160] vhci_hcd: stop threads [ 145.322011][ T1160] vhci_hcd: release socket [ 145.326569][ T1160] vhci_hcd: disconnect device [ 145.371254][ T3164] usb 2-1: language id specifier not provided by device, defaulting to English [ 145.442924][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.454248][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.465412][ T43] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 145.479270][ T43] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 145.488816][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.610261][ T43] usb 1-1: config 0 descriptor?? [ 145.692816][ T5927] usbhid 4-1:0.0: can't add hid device: -71 [ 145.719098][ T5927] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 145.814095][ T5927] usb 4-1: USB disconnect, device number 9 [ 145.837342][ T7064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.313'. [ 145.956967][ T30] audit: type=1400 audit(1750622329.410:362): avc: denied { getopt } for pid=7097 comm="syz.4.318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 145.989728][ T3164] uclogic 0003:256C:006D.0007: failed retrieving string descriptor #100: -71 [ 146.020984][ T3164] uclogic 0003:256C:006D.0007: failed retrieving pen parameters: -71 [ 146.041149][ T3164] uclogic 0003:256C:006D.0007: failed probing pen v1 parameters: -71 [ 146.049294][ T3164] uclogic 0003:256C:006D.0007: failed probing parameters: -71 [ 146.057237][ T30] audit: type=1400 audit(1750622329.520:363): avc: denied { watch watch_reads } for pid=7102 comm="syz.2.319" path="/71" dev="tmpfs" ino=388 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 146.090963][ T3164] uclogic 0003:256C:006D.0007: probe with driver uclogic failed with error -71 [ 146.117360][ T43] usbhid 1-1:0.0: can't add hid device: -71 [ 146.129427][ T43] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 146.143480][ T3164] usb 2-1: USB disconnect, device number 11 [ 146.170959][ T43] usb 1-1: USB disconnect, device number 15 [ 146.195173][ T7112] binder: 7110:7112 ioctl 4018620d 0 returned -22 [ 146.254979][ T7112] binder: 7110:7112 ioctl c0306201 200000000240 returned -11 [ 146.293075][ T30] audit: type=1326 audit(1750622329.760:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7107 comm="syz.3.320" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fefcf18e929 code=0x0 [ 146.348461][ T7118] input: syz0 as /devices/virtual/input/input13 [ 146.360048][ T5883] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 146.864739][ T5883] usb 3-1: config 0 has an invalid interface number: 219 but max is 0 [ 146.876292][ T5883] usb 3-1: config 0 has no interface number 0 [ 146.884510][ T5883] usb 3-1: New USB device found, idVendor=0ab4, idProduct=0011, bcdDevice=fe.66 [ 146.896617][ T5883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.905904][ T5883] usb 3-1: Product: syz [ 146.910488][ T5883] usb 3-1: Manufacturer: syz [ 146.915329][ T5883] usb 3-1: SerialNumber: syz [ 147.070518][ T5883] usb 3-1: config 0 descriptor?? [ 147.360575][ T5883] esd_usb 3-1:0.219: sending version message failed [ 147.394216][ T5883] esd_usb 3-1:0.219: probe with driver esd_usb failed with error -22 [ 147.457166][ T7145] netlink: 12 bytes leftover after parsing attributes in process `syz.3.326'. [ 147.477291][ T7147] process 'syz.4.327' launched './file0' with NULL argv: empty string added [ 147.729620][ T30] audit: type=1400 audit(1750622330.950:365): avc: denied { execute_no_trans } for pid=7146 comm="syz.4.327" path="/63/file0" dev="tmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 148.108497][ T7167] sp0: Synchronizing with TNC [ 148.577714][ T7178] binder: 7176:7178 ioctl 4018620d 0 returned -22 [ 148.595275][ T7178] binder: 7176:7178 ioctl c0306201 200000000240 returned -11 [ 148.747767][ T7181] netlink: 16 bytes leftover after parsing attributes in process `syz.3.333'. [ 149.060120][ T3164] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 149.069726][ T30] audit: type=1400 audit(1750622331.570:366): avc: denied { create } for pid=7160 comm="syz.0.330" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 149.089779][ T30] audit: type=1400 audit(1750622331.580:367): avc: denied { sys_admin } for pid=7160 comm="syz.0.330" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 149.651814][ T43] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 149.696753][ T5927] usb 3-1: USB disconnect, device number 10 [ 149.739795][ T24] vhci_hcd: vhci_device speed not set [ 149.742958][ T9] vhci_hcd: vhci_device speed not set [ 149.830588][ T3164] usb 5-1: Using ep0 maxpacket: 8 [ 149.847495][ T3164] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 149.858390][ T43] usb 2-1: Using ep0 maxpacket: 32 [ 149.896152][ T3164] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 149.906356][ T43] usb 2-1: unable to get BOS descriptor or descriptor too short [ 149.940346][ T43] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 149.958239][ T3164] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 149.979707][ T5865] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 149.985379][ T7199] netlink: 20 bytes leftover after parsing attributes in process `syz.2.338'. [ 149.988137][ T3164] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 150.023528][ T43] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 150.033225][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.043109][ T3164] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 150.054301][ T43] usb 2-1: Product: syz [ 150.058467][ T43] usb 2-1: Manufacturer: syz [ 150.074568][ T3164] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.087105][ T43] usb 2-1: SerialNumber: syz [ 150.109525][ T30] audit: type=1400 audit(1750622333.570:368): avc: denied { read } for pid=7203 comm="syz.2.339" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 150.309325][ T7155] netlink: 72 bytes leftover after parsing attributes in process `syz.1.328'. [ 150.324584][ T3164] usb 5-1: GET_CAPABILITIES returned 0 [ 150.330116][ T3164] usbtmc 5-1:16.0: can't read capabilities [ 150.356601][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 150.368886][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 150.381007][ T5865] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 150.844307][ T43] usb 2-1: Cannot retrieve CPort count: -110 [ 150.851700][ T43] usb 2-1: Cannot retrieve CPort count: -110 [ 150.858829][ T5865] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 150.867953][ T43] es2_ap_driver 2-1:7.0: probe with driver es2_ap_driver failed with error -110 [ 150.877328][ T5865] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.889331][ T5865] usb 4-1: config 0 descriptor?? [ 151.024203][ T7155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.328'. [ 151.116721][ T7155] netlink: 12 bytes leftover after parsing attributes in process `syz.1.328'. [ 151.360405][ T5865] usbhid 4-1:0.0: can't add hid device: -71 [ 151.366403][ T5865] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 151.456145][ T7218] FAULT_INJECTION: forcing a failure. [ 151.456145][ T7218] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 151.489892][ T5865] usb 4-1: USB disconnect, device number 10 [ 151.538003][ T7218] CPU: 1 UID: 0 PID: 7218 Comm: syz.2.341 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 151.538029][ T7218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.538039][ T7218] Call Trace: [ 151.538044][ T7218] [ 151.538051][ T7218] dump_stack_lvl+0x16c/0x1f0 [ 151.538080][ T7218] should_fail_ex+0x512/0x640 [ 151.538106][ T7218] _copy_from_user+0x2e/0xd0 [ 151.538130][ T7218] copy_msghdr_from_user+0x98/0x160 [ 151.538154][ T7218] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 151.538176][ T7218] ? irqentry_exit+0x3b/0x90 [ 151.538214][ T7218] ___sys_sendmsg+0xfe/0x1d0 [ 151.538240][ T7218] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.538261][ T7218] ? __lock_acquire+0x622/0x1c90 [ 151.538325][ T7218] __sys_sendmsg+0x16d/0x220 [ 151.538349][ T7218] ? __pfx___sys_sendmsg+0x10/0x10 [ 151.538372][ T7218] ? __pfx_bpf_trace_run2+0x10/0x10 [ 151.538397][ T7218] ? syscall_trace_enter+0x1cb/0x260 [ 151.538419][ T7218] ? rcu_is_watching+0x12/0xc0 [ 151.538444][ T7218] do_syscall_64+0xcd/0x4c0 [ 151.538470][ T7218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.538487][ T7218] RIP: 0033:0x7f720a38e929 [ 151.538501][ T7218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.538516][ T7218] RSP: 002b:00007f720b24f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.538533][ T7218] RAX: ffffffffffffffda RBX: 00007f720a5b6080 RCX: 00007f720a38e929 [ 151.538544][ T7218] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000004 [ 151.538554][ T7218] RBP: 00007f720b24f090 R08: 0000000000000000 R09: 0000000000000000 [ 151.538563][ T7218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.538573][ T7218] R13: 0000000000000001 R14: 00007f720a5b6080 R15: 00007fff05d61658 [ 151.538599][ T7218] [ 152.527539][ T24] usb 5-1: USB disconnect, device number 9 [ 152.541916][ T10] usb 2-1: USB disconnect, device number 12 [ 152.899812][ T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 154.047513][ T7233] binder: 7230:7233 ioctl c0306201 200000000240 returned -11 [ 154.126166][ T7239] binder: 7238:7239 ioctl c0306201 0 returned -14 [ 154.217325][ T7239] syz.1.348 (7239): drop_caches: 2 [ 154.231470][ T7239] syz.1.348 (7239): drop_caches: 2 [ 154.235377][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.247918][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.285828][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 154.697829][ T7243] netlink: 28 bytes leftover after parsing attributes in process `syz.2.349'. [ 154.748352][ T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 154.774448][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.801071][ T9] usb 1-1: config 0 descriptor?? [ 154.975670][ T7249] binder: 7248:7249 ioctl 4018620d 0 returned -22 [ 154.982633][ T7249] binder: 7248:7249 ioctl c0306201 200000000140 returned -11 [ 155.259872][ T5934] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 156.039264][ T5934] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 156.124451][ T5934] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 156.508158][ T5934] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 157.603023][ T7269] netlink: 8 bytes leftover after parsing attributes in process `syz.1.355'. [ 157.900943][ T9] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 158.053281][ T9] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 158.167659][ T5934] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 158.177541][ T5934] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 158.195916][ T5934] usb 3-1: string descriptor 0 read error: -71 [ 158.205851][ T5934] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 158.220820][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 158.268840][ T5934] usb 3-1: config 0 descriptor?? [ 158.279871][ T5934] usb 3-1: can't set config #0, error -71 [ 158.328218][ T5934] usb 3-1: USB disconnect, device number 11 [ 159.570767][ T7283] syz.4.362 (7283): drop_caches: 2 [ 159.577805][ T7283] syz.4.362 (7283): drop_caches: 2 [ 159.639729][ T5934] usb 1-1: USB disconnect, device number 16 [ 159.655819][ T7285] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 159.662349][ T7285] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 159.686177][ T7285] vhci_hcd vhci_hcd.0: Device attached [ 159.926118][ T5883] usb 33-1: new low-speed USB device number 4 using vhci_hcd [ 160.096038][ T30] audit: type=1400 audit(1750622343.520:369): avc: denied { ioctl } for pid=7290 comm="syz.4.365" path="/dev/ptyqd" dev="devtmpfs" ino=132 ioctlcmd=0x5420 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 160.165873][ T7293] netlink: 72 bytes leftover after parsing attributes in process `syz.4.365'. [ 160.326352][ T7296] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 160.990515][ T30] audit: type=1400 audit(1750622343.780:370): avc: denied { write } for pid=7294 comm="syz.1.366" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 161.124272][ T7301] FAULT_INJECTION: forcing a failure. [ 161.124272][ T7301] name failslab, interval 1, probability 0, space 0, times 0 [ 161.138760][ T7301] CPU: 1 UID: 0 PID: 7301 Comm: syz.2.367 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 161.138783][ T7301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.138793][ T7301] Call Trace: [ 161.138799][ T7301] [ 161.138805][ T7301] dump_stack_lvl+0x16c/0x1f0 [ 161.138833][ T7301] should_fail_ex+0x512/0x640 [ 161.138853][ T7301] ? __kmalloc_noprof+0xbf/0x510 [ 161.138877][ T7301] ? __seq_open_private+0x22/0xd0 [ 161.138895][ T7301] should_failslab+0xc2/0x120 [ 161.138919][ T7301] __kmalloc_noprof+0xd2/0x510 [ 161.138945][ T7301] __seq_open_private+0x22/0xd0 [ 161.138964][ T7301] pid_numa_maps_open+0x29/0x110 [ 161.138987][ T7301] do_dentry_open+0x741/0x1c10 [ 161.139007][ T7301] ? __pfx_pid_numa_maps_open+0x10/0x10 [ 161.139032][ T7301] vfs_open+0x82/0x3f0 [ 161.139059][ T7301] path_openat+0x1de4/0x2cb0 [ 161.139089][ T7301] ? __pfx_path_openat+0x10/0x10 [ 161.139111][ T7301] ? __lock_acquire+0xb8a/0x1c90 [ 161.139138][ T7301] do_filp_open+0x20b/0x470 [ 161.139159][ T7301] ? __pfx_do_filp_open+0x10/0x10 [ 161.139188][ T7301] ? __pfx_kfree_link+0x10/0x10 [ 161.139212][ T7301] ? alloc_fd+0x471/0x7d0 [ 161.139240][ T7301] do_sys_openat2+0x11b/0x1d0 [ 161.139256][ T7301] ? __pfx_do_sys_openat2+0x10/0x10 [ 161.139273][ T7301] ? __fget_files+0x20e/0x3c0 [ 161.139298][ T7301] __x64_sys_openat+0x174/0x210 [ 161.139314][ T7301] ? __pfx___x64_sys_openat+0x10/0x10 [ 161.139328][ T7301] ? ksys_write+0x1ac/0x250 [ 161.139351][ T7301] do_syscall_64+0xcd/0x4c0 [ 161.139370][ T7301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.139380][ T7301] RIP: 0033:0x7f720a38d290 [ 161.139389][ T7301] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 161.139399][ T7301] RSP: 002b:00007f720b26ff10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 161.139409][ T7301] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f720a38d290 [ 161.139415][ T7301] RDX: 0000000000000002 RSI: 00007f720b26ffa0 RDI: 00000000ffffff9c [ 161.139421][ T7301] RBP: 00007f720b26ffa0 R08: 0000000000000000 R09: 0000000000000000 [ 161.139426][ T7301] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 161.139432][ T7301] R13: 0000000000000000 R14: 00007f720a5b5fa0 R15: 00007fff05d61658 [ 161.139447][ T7301] [ 161.420220][ T7286] vhci_hcd: connection reset by peer [ 161.441053][ T2199] vhci_hcd: stop threads [ 161.474937][ T2199] vhci_hcd: release socket [ 161.512054][ T2199] vhci_hcd: disconnect device [ 161.564576][ T7311] netlink: 'syz.2.371': attribute type 5 has an invalid length. [ 161.574680][ T7311] netlink: 4 bytes leftover after parsing attributes in process `syz.2.371'. [ 161.584871][ T7311] netlink: 20 bytes leftover after parsing attributes in process `syz.2.371'. [ 162.074785][ T5934] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 162.409739][ T5934] usb 2-1: Using ep0 maxpacket: 32 [ 162.428589][ T5934] usb 2-1: config 0 has an invalid interface number: 145 but max is 1 [ 162.443175][ T5934] usb 2-1: config 0 has an invalid interface number: 43 but max is 1 [ 162.455120][ T7327] binder: BINDER_SET_CONTEXT_MGR already set [ 162.460914][ T5934] usb 2-1: config 0 has no interface number 0 [ 162.466959][ T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 162.471907][ T5934] usb 2-1: config 0 has no interface number 1 [ 162.480788][ T7327] binder: 7326:7327 ioctl 4018620d 200000000040 returned -16 [ 162.486181][ T7327] syz.0.376 (7327): drop_caches: 2 [ 162.488597][ T5934] usb 2-1: config 0 interface 43 altsetting 250 bulk endpoint 0xF has invalid maxpacket 1023 [ 162.504602][ T5934] usb 2-1: config 0 interface 43 altsetting 250 has a duplicate endpoint with address 0x2, skipping [ 162.517187][ T5934] usb 2-1: config 0 interface 43 altsetting 250 has an endpoint descriptor with address 0xCE, changing to 0x8E [ 162.541150][ T7327] syz.0.376 (7327): drop_caches: 2 [ 162.546626][ T5934] usb 2-1: config 0 interface 43 altsetting 250 endpoint 0x8E has an invalid bInterval 180, changing to 11 [ 162.560555][ T5934] usb 2-1: config 0 interface 43 altsetting 250 endpoint 0x8E has invalid maxpacket 16902, setting to 1024 [ 162.626929][ T5934] usb 2-1: config 0 interface 43 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 162.651528][ T5934] usb 2-1: config 0 interface 145 has no altsetting 0 [ 162.660810][ T5934] usb 2-1: config 0 interface 43 has no altsetting 0 [ 162.670559][ T5934] usb 2-1: New USB device found, idVendor=06cd, idProduct=0104, bcdDevice=c8.6a [ 162.687747][ T5934] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.698368][ T5934] usb 2-1: Product: syz [ 162.705264][ T5934] usb 2-1: Manufacturer: syz [ 162.712453][ T5934] usb 2-1: SerialNumber: syz [ 162.768191][ T5934] usb 2-1: config 0 descriptor?? [ 162.799014][ T7336] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.820517][ T7336] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 162.853261][ T9] usb 3-1: config 2 has an invalid interface number: 49 but max is 0 [ 162.861583][ T9] usb 3-1: config 2 contains an unexpected descriptor of type 0x2, skipping [ 162.870341][ T9] usb 3-1: config 2 contains an unexpected descriptor of type 0x1, skipping [ 162.880524][ T9] usb 3-1: config 2 has no interface number 0 [ 162.881828][ T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 162.886618][ T9] usb 3-1: config 2 interface 49 altsetting 6 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 162.886645][ T9] usb 3-1: config 2 interface 49 altsetting 6 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 163.188148][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 163.285134][ T9] usb 3-1: config 2 interface 49 altsetting 6 bulk endpoint 0x4 has invalid maxpacket 8 [ 163.294965][ T9] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 163.299243][ T24] usb 1-1: unable to get BOS descriptor or descriptor too short [ 163.305571][ T9] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 163.305599][ T9] usb 3-1: config 2 interface 49 altsetting 6 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 163.305627][ T9] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x5, skipping [ 163.346907][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 163.348157][ T9] usb 3-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 163.373975][ T30] audit: type=1400 audit(1750622346.830:371): avc: denied { lock } for pid=7322 comm="syz.1.375" path="socket:[13037]" dev="sockfs" ino=13037 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 163.374079][ T30] audit: type=1400 audit(1750622346.840:372): avc: granted { setsecparam } for pid=7322 comm="syz.1.375" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 163.374124][ T24] usb 1-1: config 0 has no interfaces? [ 163.374470][ T7323] serio: Serial port ptm0 [ 163.390734][ T24] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 163.407592][ T9] usb 3-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 163.460876][ T7323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.483718][ T7323] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.485236][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.508321][ T9] usb 3-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x8, skipping [ 163.522284][ T9] usb 3-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 163.537112][ T5934] keyspan_pda 2-1:0.145: required endpoints missing [ 163.569705][ T24] usb 1-1: Product: syz [ 163.573993][ T24] usb 1-1: Manufacturer: syz [ 163.578580][ T24] usb 1-1: SerialNumber: syz [ 163.596852][ T5934] keyspan_pda 2-1:0.43: Keyspan PDA converter detected [ 163.606196][ T9] usb 3-1: config 2 interface 49 has no altsetting 0 [ 163.624076][ T9] usb 3-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=e1.31 [ 163.633398][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.634376][ T24] usb 1-1: config 0 descriptor?? [ 163.649104][ T9] usb 3-1: Product: syz [ 163.653448][ T9] usb 3-1: Manufacturer: syz [ 163.658052][ T9] usb 3-1: SerialNumber: syz [ 163.660069][ T5934] usb 2-1: Keyspan PDA converter now attached to ttyUSB0 [ 163.677844][ T7316] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 163.844915][ T5934] usb 2-1: USB disconnect, device number 13 [ 163.864672][ T5934] keyspan_pda ttyUSB0: Keyspan PDA converter now disconnected from ttyUSB0 [ 164.099466][ T9] ems_usb 3-1:2.49 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 164.284949][ T5934] keyspan_pda 2-1:0.43: device disconnected [ 164.298888][ T9] ems_usb 3-1:2.49: probe with driver ems_usb failed with error -22 [ 164.370980][ T7361] netlink: 4 bytes leftover after parsing attributes in process `syz.0.378'. [ 165.279731][ T5883] vhci_hcd: vhci_device speed not set [ 166.266775][ T9] usb 3-1: USB disconnect, device number 12 [ 166.837150][ T5876] usb 1-1: USB disconnect, device number 17 [ 166.998341][ T7369] syz.3.389 (7369): drop_caches: 2 [ 167.006459][ T7369] syz.3.389 (7369): drop_caches: 2 [ 167.279239][ T7377] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 167.285781][ T7377] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 167.304503][ T7377] vhci_hcd vhci_hcd.0: Device attached [ 167.322134][ T7378] vhci_hcd: connection closed [ 167.322339][ T36] vhci_hcd: stop threads [ 167.349848][ T36] vhci_hcd: release socket [ 167.354339][ T36] vhci_hcd: disconnect device [ 167.388160][ T7375] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.872753][ T7389] binder: 7383:7389 ioctl c020aa00 200000000180 returned -22 [ 167.913606][ T7375] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.932226][ T7375] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 168.136843][ T30] audit: type=1400 audit(1750622351.600:373): avc: denied { mount } for pid=7394 comm="syz.3.397" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 168.180894][ T7395] overlayfs: conflicting options: nfs_export=on,index=off [ 168.205309][ T7398] netlink: 8 bytes leftover after parsing attributes in process `syz.4.398'. [ 168.266209][ T7401] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=7401 comm=syz.0.399 [ 168.277394][ T7403] evm: overlay not supported [ 168.286182][ T7375] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.301098][ T7401] netlink: 20 bytes leftover after parsing attributes in process `syz.0.399'. [ 168.304261][ T7404] overlayfs: failed to resolve './file1': -2 [ 168.326956][ T7375] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.339102][ T7375] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.351277][ T7405] overlayfs: failed to resolve './file1': -2 [ 168.360575][ T7375] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.373032][ T30] audit: type=1400 audit(1750622351.840:374): avc: denied { unmount } for pid=5808 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 168.589945][ T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 168.660044][ T5934] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 168.713892][ T7417] binder: 7415:7417 ioctl c020aa00 200000000180 returned -22 [ 168.714156][ T7418] netlink: 8 bytes leftover after parsing attributes in process `syz.1.403'. [ 168.892919][ T5934] usb 1-1: config 2 has an invalid interface number: 49 but max is 0 [ 168.903747][ T24] usb 5-1: config 160 has an invalid interface number: 200 but max is 0 [ 168.968244][ T5934] usb 1-1: config 2 contains an unexpected descriptor of type 0x2, skipping [ 168.977880][ T24] usb 5-1: config 160 has no interface number 0 [ 168.992393][ T24] usb 5-1: config 160 interface 200 has no altsetting 0 [ 169.001276][ T5934] usb 1-1: config 2 contains an unexpected descriptor of type 0x1, skipping [ 169.022449][ T5934] usb 1-1: config 2 has no interface number 0 [ 169.028761][ T5934] usb 1-1: config 2 interface 49 altsetting 6 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 169.040206][ T5934] usb 1-1: config 2 interface 49 altsetting 6 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 169.052269][ T24] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b [ 169.068443][ T5934] usb 1-1: config 2 interface 49 altsetting 6 bulk endpoint 0x4 has invalid maxpacket 8 [ 169.080461][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.088983][ T5934] usb 1-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 169.102601][ T24] usb 5-1: Product: syz [ 169.106765][ T24] usb 5-1: Manufacturer: syz [ 169.114305][ T5934] usb 1-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 169.125938][ T24] usb 5-1: SerialNumber: syz [ 169.147626][ T5934] usb 1-1: config 2 interface 49 altsetting 6 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 169.181364][ T5934] usb 1-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x5, skipping [ 169.202294][ T5934] usb 1-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 169.217737][ T5934] usb 1-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 169.229672][ T5934] usb 1-1: config 2 interface 49 altsetting 6 has a duplicate endpoint with address 0x8, skipping [ 169.240700][ T7426] FAULT_INJECTION: forcing a failure. [ 169.240700][ T7426] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.240730][ T5934] usb 1-1: config 2 interface 49 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 169.241573][ T7426] [ 169.241578][ T7426] ====================================================== [ 169.241584][ T7426] WARNING: possible circular locking dependency detected [ 169.241589][ T7426] 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 Not tainted [ 169.241597][ T7426] ------------------------------------------------------ [ 169.241602][ T7426] syz.2.407/7426 is trying to acquire lock: [ 169.241609][ T7426] ffffffff8e4d1e00 (console_owner){-.-.}-{0:0}, at: vprintk_emit+0x4d4/0x6d0 [ 169.241646][ T7426] [ 169.241646][ T7426] but task is already holding lock: [ 169.241651][ T7426] ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 169.241689][ T7426] [ 169.241689][ T7426] which lock already depends on the new lock. [ 169.241689][ T7426] [ 169.241693][ T7426] [ 169.241693][ T7426] the existing dependency chain (in reverse order) is: [ 169.241698][ T7426] [ 169.241698][ T7426] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 169.241715][ T7426] _raw_spin_lock_nested+0x31/0x40 [ 169.241732][ T7426] raw_spin_rq_lock_nested+0x29/0x130 [ 169.241747][ T7426] task_rq_lock+0xcf/0x490 [ 169.241762][ T7426] cgroup_move_task+0x81/0x2a0 [ 169.241779][ T7426] css_set_move_task+0x288/0x5f0 [ 169.241791][ T7426] cgroup_post_fork+0x201/0x9e0 [ 169.241806][ T7426] copy_process+0x5cfc/0x76a0 [ 169.241823][ T7426] kernel_clone+0xfc/0x960 [ 169.241838][ T7426] user_mode_thread+0xc7/0x110 [ 169.241855][ T7426] rest_init+0x23/0x2b0 [ 169.241866][ T7426] start_kernel+0x3ee/0x4d0 [ 169.241883][ T7426] x86_64_start_reservations+0x18/0x30 [ 169.241899][ T7426] x86_64_start_kernel+0x130/0x190 [ 169.241915][ T7426] common_startup_64+0x13e/0x148 [ 169.241927][ T7426] [ 169.241927][ T7426] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 169.241944][ T7426] _raw_spin_lock_irqsave+0x3a/0x60 [ 169.241960][ T7426] try_to_wake_up+0xb2/0x1680 [ 169.241974][ T7426] __wake_up_common+0x135/0x1f0 [ 169.241992][ T7426] __wake_up+0x31/0x60 [ 169.242008][ T7426] tty_port_default_wakeup+0x2a/0x40 [ 169.242028][ T7426] serial8250_tx_chars+0x68e/0x860 [ 169.242048][ T7426] serial8250_handle_irq+0x761/0xcb0 [ 169.242067][ T7426] serial8250_default_handle_irq+0x9a/0x210 [ 169.242088][ T7426] serial8250_interrupt+0x103/0x210 [ 169.242100][ T7426] __handle_irq_event_percpu+0x229/0x7d0 [ 169.242116][ T7426] handle_irq_event+0xab/0x1e0 [ 169.242130][ T7426] handle_edge_irq+0x28e/0xab0 [ 169.242144][ T7426] __common_interrupt+0xdf/0x250 [ 169.242159][ T7426] common_interrupt+0xba/0xe0 [ 169.242173][ T7426] asm_common_interrupt+0x26/0x40 [ 169.242186][ T7426] pv_native_safe_halt+0xf/0x20 [ 169.242202][ T7426] default_idle+0x13/0x20 [ 169.242213][ T7426] default_idle_call+0x6d/0xb0 [ 169.242225][ T7426] do_idle+0x391/0x510 [ 169.242240][ T7426] cpu_startup_entry+0x4f/0x60 [ 169.242254][ T7426] start_secondary+0x21d/0x2b0 [ 169.242271][ T7426] common_startup_64+0x13e/0x148 [ 169.242282][ T7426] [ 169.242282][ T7426] -> #2 (&tty->write_wait){-.-.}-{3:3}: [ 169.242299][ T7426] _raw_spin_lock_irqsave+0x3a/0x60 [ 169.242315][ T7426] __wake_up+0x1c/0x60 [ 169.242330][ T7426] tty_port_default_wakeup+0x2a/0x40 [ 169.242349][ T7426] serial8250_tx_chars+0x68e/0x860 [ 169.242368][ T7426] serial8250_handle_irq+0x761/0xcb0 [ 169.242388][ T7426] serial8250_default_handle_irq+0x9a/0x210 [ 169.242408][ T7426] serial8250_interrupt+0x103/0x210 [ 169.242420][ T7426] __handle_irq_event_percpu+0x229/0x7d0 [ 169.242435][ T7426] handle_irq_event+0xab/0x1e0 [ 169.242450][ T7426] handle_edge_irq+0x28e/0xab0 [ 169.242463][ T7426] __common_interrupt+0xdf/0x250 [ 169.242478][ T7426] common_interrupt+0xba/0xe0 [ 169.242490][ T7426] asm_common_interrupt+0x26/0x40 [ 169.242502][ T7426] pv_native_safe_halt+0xf/0x20 [ 169.242518][ T7426] default_idle+0x13/0x20 [ 169.242529][ T7426] default_idle_call+0x6d/0xb0 [ 169.242541][ T7426] do_idle+0x391/0x510 [ 169.242555][ T7426] cpu_startup_entry+0x4f/0x60 [ 169.242570][ T7426] start_secondary+0x21d/0x2b0 [ 169.242585][ T7426] common_startup_64+0x13e/0x148 [ 169.242596][ T7426] [ 169.242596][ T7426] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 169.242613][ T7426] _raw_spin_lock_irqsave+0x3a/0x60 [ 169.242628][ T7426] serial8250_console_write+0x181/0x1890 [ 169.242641][ T7426] console_flush_all+0x801/0xc60 [ 169.242655][ T7426] console_unlock+0xd8/0x210 [ 169.242673][ T7426] vprintk_emit+0x418/0x6d0 [ 169.242688][ T7426] _printk+0xc7/0x100 [ 169.242698][ T7426] register_console+0xc2d/0x11b0 [ 169.242713][ T7426] univ8250_console_init+0x5f/0x90 [ 169.242729][ T7426] console_init+0x14f/0x680 [ 169.242745][ T7426] start_kernel+0x29f/0x4d0 [ 169.242760][ T7426] x86_64_start_reservations+0x18/0x30 [ 169.242776][ T7426] x86_64_start_kernel+0x130/0x190 [ 169.242792][ T7426] common_startup_64+0x13e/0x148 [ 169.242803][ T7426] [ 169.242803][ T7426] -> #0 (console_owner){-.-.}-{0:0}: [ 169.242819][ T7426] __lock_acquire+0x126f/0x1c90 [ 169.242837][ T7426] lock_acquire+0x179/0x350 [ 169.242856][ T7426] vprintk_emit+0x4e5/0x6d0 [ 169.242870][ T7426] _printk+0xc7/0x100 [ 169.242880][ T7426] should_fail_ex+0x4e7/0x640 [ 169.242897][ T7426] strncpy_from_user+0x3b/0x2e0 [ 169.242911][ T7426] strncpy_from_user_nofault+0x7f/0x180 [ 169.242930][ T7426] bpf_probe_read_compat_str+0xe8/0x180 [ 169.242942][ T7426] bpf_prog_c1796171ffc7efef+0x3e/0x44 [ 169.242952][ T7426] bpf_trace_run4+0x24c/0x5a0 [ 169.242964][ T7426] __bpf_trace_sched_switch+0x145/0x190 [ 169.242979][ T7426] __traceiter_sched_switch+0x6f/0xc0 [ 169.242992][ T7426] __schedule+0x1bee/0x5de0 [ 169.243008][ T7426] schedule+0xe7/0x3a0 [ 169.243022][ T7426] request_wait_answer+0x461/0x7d0 [ 169.243038][ T7426] __fuse_simple_request+0x330/0xcb0 [ 169.243053][ T7426] fuse_send_open+0x21e/0x2d0 [ 169.243072][ T7426] fuse_file_open+0x424/0x780 [ 169.243085][ T7426] fuse_open+0x1d6/0x8e0 [ 169.243098][ T7426] do_dentry_open+0x741/0x1c10 [ 169.243115][ T7426] vfs_open+0x82/0x3f0 [ 169.243133][ T7426] path_openat+0x1de4/0x2cb0 [ 169.243150][ T7426] do_filp_open+0x20b/0x470 [ 169.243166][ T7426] do_sys_openat2+0x11b/0x1d0 [ 169.243177][ T7426] __x64_sys_open+0x153/0x1e0 [ 169.243188][ T7426] do_syscall_64+0xcd/0x4c0 [ 169.243205][ T7426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.243218][ T7426] [ 169.243218][ T7426] other info that might help us debug this: [ 169.243218][ T7426] [ 169.243222][ T7426] Chain exists of: [ 169.243222][ T7426] console_owner --> &p->pi_lock --> &rq->__lock [ 169.243222][ T7426] [ 169.243241][ T7426] Possible unsafe locking scenario: [ 169.243241][ T7426] [ 169.243244][ T7426] CPU0 CPU1 [ 169.243248][ T7426] ---- ---- [ 169.243251][ T7426] lock(&rq->__lock); [ 169.243259][ T7426] lock(&p->pi_lock); [ 169.243268][ T7426] lock(&rq->__lock); [ 169.243277][ T7426] lock(console_owner); [ 169.243285][ T7426] [ 169.243285][ T7426] *** DEADLOCK *** [ 169.243285][ T7426] [ 169.243288][ T7426] 2 locks held by syz.2.407/7426: [ 169.243296][ T7426] #0: ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 169.243329][ T7426] #1: ffffffff8e5c4880 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1cf/0x5a0 [ 169.243360][ T7426] [ 169.243360][ T7426] stack backtrace: [ 169.243366][ T7426] CPU: 0 UID: 0 PID: 7426 Comm: syz.2.407 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 169.243383][ T7426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 169.243391][ T7426] Call Trace: [ 169.243395][ T7426] [ 169.243400][ T7426] dump_stack_lvl+0x116/0x1f0 [ 169.243420][ T7426] print_circular_bug+0x275/0x350 [ 169.243440][ T7426] check_noncircular+0x14c/0x170 [ 169.243462][ T7426] __lock_acquire+0x126f/0x1c90 [ 169.243486][ T7426] lock_acquire+0x179/0x350 [ 169.243505][ T7426] ? vprintk_emit+0x4d4/0x6d0 [ 169.243522][ T7426] ? vprintk_emit+0x4c2/0x6d0 [ 169.243540][ T7426] vprintk_emit+0x4e5/0x6d0 [ 169.243555][ T7426] ? vprintk_emit+0x4d4/0x6d0 [ 169.243571][ T7426] ? __pfx_vprintk_emit+0x10/0x10 [ 169.243589][ T7426] _printk+0xc7/0x100 [ 169.243600][ T7426] ? __pfx__printk+0x10/0x10 [ 169.243614][ T7426] ? __pfx____ratelimit+0x10/0x10 [ 169.243634][ T7426] should_fail_ex+0x4e7/0x640 [ 169.243650][ T7426] ? is_bpf_text_address+0x8a/0x1a0 [ 169.243672][ T7426] strncpy_from_user+0x3b/0x2e0 [ 169.243688][ T7426] strncpy_from_user_nofault+0x7f/0x180 [ 169.243708][ T7426] bpf_probe_read_compat_str+0xe8/0x180 [ 169.243722][ T7426] bpf_prog_c1796171ffc7efef+0x3e/0x44 [ 169.243733][ T7426] bpf_trace_run4+0x24c/0x5a0 [ 169.243747][ T7426] ? __pfx_bpf_trace_run4+0x10/0x10 [ 169.243762][ T7426] ? sched_clock_cpu+0x6c/0x530 [ 169.243781][ T7426] ? lock_acquire+0x179/0x350 [ 169.243802][ T7426] __bpf_trace_sched_switch+0x145/0x190 [ 169.243817][ T7426] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 169.243836][ T7426] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 169.243854][ T7426] __traceiter_sched_switch+0x6f/0xc0 [ 169.243869][ T7426] __schedule+0x1bee/0x5de0 [ 169.243888][ T7426] ? __lock_acquire+0x622/0x1c90 [ 169.243910][ T7426] ? __pfx___schedule+0x10/0x10 [ 169.243929][ T7426] ? find_held_lock+0x2b/0x80 [ 169.243944][ T7426] ? schedule+0x2d7/0x3a0 [ 169.243962][ T7426] schedule+0xe7/0x3a0 [ 169.243979][ T7426] request_wait_answer+0x461/0x7d0 [ 169.243996][ T7426] ? __pfx_request_wait_answer+0x10/0x10 [ 169.244012][ T7426] ? __pfx_autoremove_wake_function+0x10/0x10 [ 169.244031][ T7426] ? do_raw_spin_unlock+0x172/0x230 [ 169.244046][ T7426] ? _raw_spin_unlock+0x28/0x50 [ 169.244062][ T7426] ? fuse_dev_queue_req+0x226/0x310 [ 169.244078][ T7426] __fuse_simple_request+0x330/0xcb0 [ 169.244096][ T7426] fuse_send_open+0x21e/0x2d0 [ 169.244117][ T7426] ? __pfx_fuse_send_open+0x10/0x10 [ 169.244142][ T7426] ? lockdep_init_map_type+0x5c/0x280 [ 169.244163][ T7426] ? __init_waitqueue_head+0xca/0x150 [ 169.244178][ T7426] ? __kasan_kmalloc+0xaa/0xb0 [ 169.244197][ T7426] fuse_file_open+0x424/0x780 [ 169.244213][ T7426] fuse_open+0x1d6/0x8e0 [ 169.244229][ T7426] do_dentry_open+0x741/0x1c10 [ 169.244246][ T7426] ? __pfx_fuse_open+0x10/0x10 [ 169.244262][ T7426] vfs_open+0x82/0x3f0 [ 169.244296][ T7426] path_openat+0x1de4/0x2cb0 [ 169.244316][ T7426] ? __pfx_path_openat+0x10/0x10 [ 169.244336][ T7426] do_filp_open+0x20b/0x470 [ 169.244354][ T7426] ? __pfx_do_filp_open+0x10/0x10 [ 169.244378][ T7426] ? _raw_spin_unlock+0x28/0x50 [ 169.244393][ T7426] ? alloc_fd+0x471/0x7d0 [ 169.244413][ T7426] do_sys_openat2+0x11b/0x1d0 [ 169.244425][ T7426] ? __pfx_do_sys_openat2+0x10/0x10 [ 169.244439][ T7426] ? __fget_files+0x20e/0x3c0 [ 169.244458][ T7426] __x64_sys_open+0x153/0x1e0 [ 169.244470][ T7426] ? __pfx___x64_sys_open+0x10/0x10 [ 169.244485][ T7426] ? rcu_is_watching+0x12/0xc0 [ 169.244502][ T7426] do_syscall_64+0xcd/0x4c0 [ 169.244522][ T7426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.244535][ T7426] RIP: 0033:0x7f720a38e929 [ 169.244546][ T7426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.244560][ T7426] RSP: 002b:00007f720b270038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 169.244573][ T7426] RAX: ffffffffffffffda RBX: 00007f720a5b5fa0 RCX: 00007f720a38e929 [ 169.244582][ T7426] RDX: 0000000000000000 RSI: 0000000000000037 RDI: 00002000000000c0 [ 169.244591][ T7426] RBP: 00007f720b270090 R08: 0000000000000000 R09: 0000000000000000 [ 169.244600][ T7426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 169.244608][ T7426] R13: 0000000000000000 R14: 00007f720a5b5fa0 R15: 00007fff05d61658 [ 169.244622][ T7426] [ 170.412055][ T7426] CPU: 0 UID: 0 PID: 7426 Comm: syz.2.407 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 170.412071][ T7426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.412078][ T7426] Call Trace: [ 170.412083][ T7426] [ 170.412088][ T7426] dump_stack_lvl+0x116/0x1f0 [ 170.412107][ T7426] should_fail_ex+0x512/0x640 [ 170.412120][ T7426] ? is_bpf_text_address+0x8a/0x1a0 [ 170.412133][ T7426] strncpy_from_user+0x3b/0x2e0 [ 170.412145][ T7426] strncpy_from_user_nofault+0x7f/0x180 [ 170.412160][ T7426] bpf_probe_read_compat_str+0xe8/0x180 [ 170.412171][ T7426] bpf_prog_c1796171ffc7efef+0x3e/0x44 [ 170.412180][ T7426] bpf_trace_run4+0x24c/0x5a0 [ 170.412190][ T7426] ? __pfx_bpf_trace_run4+0x10/0x10 [ 170.412201][ T7426] ? sched_clock_cpu+0x6c/0x530 [ 170.412215][ T7426] ? lock_acquire+0x179/0x350 [ 170.412231][ T7426] __bpf_trace_sched_switch+0x145/0x190 [ 170.412243][ T7426] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 170.412256][ T7426] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 170.412270][ T7426] __traceiter_sched_switch+0x6f/0xc0 [ 170.412281][ T7426] __schedule+0x1bee/0x5de0 [ 170.412295][ T7426] ? __lock_acquire+0x622/0x1c90 [ 170.412311][ T7426] ? __pfx___schedule+0x10/0x10 [ 170.412324][ T7426] ? find_held_lock+0x2b/0x80 [ 170.412335][ T7426] ? schedule+0x2d7/0x3a0 [ 170.412348][ T7426] schedule+0xe7/0x3a0 [ 170.412360][ T7426] request_wait_answer+0x461/0x7d0 [ 170.412373][ T7426] ? __pfx_request_wait_answer+0x10/0x10 [ 170.412385][ T7426] ? __pfx_autoremove_wake_function+0x10/0x10 [ 170.412398][ T7426] ? do_raw_spin_unlock+0x172/0x230 [ 170.412409][ T7426] ? _raw_spin_unlock+0x28/0x50 [ 170.412420][ T7426] ? fuse_dev_queue_req+0x226/0x310 [ 170.412432][ T7426] __fuse_simple_request+0x330/0xcb0 [ 170.412445][ T7426] fuse_send_open+0x21e/0x2d0 [ 170.412460][ T7426] ? __pfx_fuse_send_open+0x10/0x10 [ 170.412478][ T7426] ? lockdep_init_map_type+0x5c/0x280 [ 170.412493][ T7426] ? __init_waitqueue_head+0xca/0x150 [ 170.412503][ T7426] ? __kasan_kmalloc+0xaa/0xb0 [ 170.412521][ T7426] fuse_file_open+0x424/0x780 [ 170.412533][ T7426] fuse_open+0x1d6/0x8e0 [ 170.412544][ T7426] do_dentry_open+0x741/0x1c10 [ 170.412557][ T7426] ? __pfx_fuse_open+0x10/0x10 [ 170.412568][ T7426] vfs_open+0x82/0x3f0 [ 170.412583][ T7426] path_openat+0x1de4/0x2cb0 [ 170.412598][ T7426] ? __pfx_path_openat+0x10/0x10 [ 170.412612][ T7426] do_filp_open+0x20b/0x470 [ 170.412625][ T7426] ? __pfx_do_filp_open+0x10/0x10 [ 170.412642][ T7426] ? _raw_spin_unlock+0x28/0x50 [ 170.412653][ T7426] ? alloc_fd+0x471/0x7d0 [ 170.412668][ T7426] do_sys_openat2+0x11b/0x1d0 [ 170.412676][ T7426] ? __pfx_do_sys_openat2+0x10/0x10 [ 170.412686][ T7426] ? __fget_files+0x20e/0x3c0 [ 170.412699][ T7426] __x64_sys_open+0x153/0x1e0 [ 170.412708][ T7426] ? __pfx___x64_sys_open+0x10/0x10 [ 170.412718][ T7426] ? rcu_is_watching+0x12/0xc0 [ 170.412731][ T7426] do_syscall_64+0xcd/0x4c0 [ 170.412745][ T7426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.412756][ T7426] RIP: 0033:0x7f720a38e929 [ 170.412765][ T7426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.412774][ T7426] RSP: 002b:00007f720b270038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 170.412784][ T7426] RAX: ffffffffffffffda RBX: 00007f720a5b5fa0 RCX: 00007f720a38e929 [ 170.412790][ T7426] RDX: 0000000000000000 RSI: 0000000000000037 RDI: 00002000000000c0 [ 170.412796][ T7426] RBP: 00007f720b270090 R08: 0000000000000000 R09: 0000000000000000 [ 170.412801][ T7426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 170.412807][ T7426] R13: 0000000000000000 R14: 00007f720a5b5fa0 R15: 00007fff05d61658 [ 170.412816][ T7426] [ 170.419303][ T30] audit: type=1400 audit(1750622353.880:375): avc: denied { ioctl } for pid=7406 comm="syz.4.402" path="socket:[13301]" dev="sockfs" ino=13301 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 170.801425][ T5934] usb 1-1: config 2 interface 49 has no altsetting 0 [ 170.809870][ T5934] usb 1-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=e1.31 [ 170.818903][ T5934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.828058][ T5934] usb 1-1: Product: syz [ 170.832375][ T5934] usb 1-1: Manufacturer: syz [ 170.837026][ T5934] usb 1-1: SerialNumber: syz [ 170.842724][ T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 170.851006][ T24] usb 5-1: MIDIStreaming interface descriptor not found [ 170.858477][ T7411] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 170.877986][ T24] usb 5-1: USB disconnect, device number 10 [ 170.926551][ T5813] udevd[5813]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 171.071203][ T5934] ems_usb 1-1:2.49 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 171.082779][ T5934] ems_usb 1-1:2.49: probe with driver ems_usb failed with error -22 [ 171.095639][ T5934] usb 1-1: USB disconnect, device number 18