last executing test programs: 23.719972107s ago: executing program 0 (id=723): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='attr/current\x00') setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x0, 0x0}, 0x10) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) process_madvise(r1, 0x0, 0x0, 0x15, 0x0) openat(0xffffffffffffff9c, 0x0, 0x1817c1, 0x0) mount(0x0, 0x0, &(0x7f0000000800)='9p\x00', 0x0, &(0x7f0000000900)='trans=tcp,') r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r2, 0x6, 0x23, &(0x7f00000001c0)=""/36, &(0x7f0000000000)=0x24) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)={0x40, 0xd, 0x4, "fd000000"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000300)={0x20, 0x9, 0x11, "323a18787aaf58e4662992d64c9d9afd58"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$sierra_net(0xffffffffffffffff, &(0x7f0000000140)={0x14, &(0x7f00000000c0)={0x0, 0x6, 0x36, {0x36, 0x23, "cc79727b22cf40c5698a2270d7cb26b7ce554c498df6d1343cf417734aa202e76ae60f034ad7bf20c956dcdd61aec76af7dbbe1d"}}, &(0x7f00000001c0)={0x0, 0x3, 0x94, @string={0x94, 0x3, "aa1af346d306e70d219d4d2dc42a9a0feff3660e53df2b3bb6225f34298c1ed515c71de607965bb5f7746d66f72663ff5341d5550c75f9da54014f169cc06bf8e82d19e4a52d7cd0afa3b5eb777fec59851763f42b801371fe885709cc354b3e7c9cfd1e5c1a94383b53f79c7381ed980221932af90b063b90eb0875ce9acbabda759f54a2265404bf8072ad1312d0129112"}}}, &(0x7f0000000340)={0x1c, &(0x7f0000000280)={0x20, 0x17, 0x2a, "2b787ca4f14f474660ffe8a86fd6ee87330833bc3774d247448b89375d5651b64a0d0a0ea251f7274d82"}, &(0x7f0000000940)={0xa1, 0x1, 0x400, "07e09075e77c1b6be4dfc42fba62c9385f31a6d053ea22ee062046720360582a97443ad10ddf5b62f53185c61e8fafeb4ce888c7538b275ba0e9b1f4f214ba79cb222cebd845265f45ea79f93aec9ed28134a142ff9dcc337c7739205da6fe34a4a229e732a9e2d55f3ee7b157164d66eb63398d7a6093bc664b6d12e881aa226823b53c57762766bb67bf03e87acb2fd1eee546b6b452ed591f48b6e0ec97206f27ffee0b733e858534ec44ad5ed74b27f7dbeb47507fca560ac185542b8d9400794ccf7a7f3dcac1d4213b0c13d3e52a9bebcd692df44cee873a44ea70506b35c3dae739ed5b03bd112003595dde57e880c34970a15747ba1f413f1a41d193179688057f4071261ec7f48661e47fde6b5586793fbe29315e1816b29f3b624a59a51134446e9e4aa788f0ce7d176d09e333c8477b3409e1f51b5876fb6e08814a5b34416ffc2c929513f8c4b3b610e33308c160253212a0d1c10c483aff5628f4f20b6c68b76b2280c6042ff292e3f34b18edcbe91914c9e56288bf7077dfa443c9c4e855e5576e7a83d95a9bc17d543c5b6988433f8449040894842d828aba2238fd3825e2f0090fb8537242ffc2ade78c0d0684662936faf29ae36b115e2b8cfc4de861402ad3cba6215d45c02476c11a5df1fcf64fec6e76c098bbf86d59fd8e8f174d7c9ff3d54691067935aecc0733e23702cd269656b5ad948546f5e0797babbc5477dce833c39410d9e5edab08b6ea2a2bd44430a69075079932f710f1dcd2d80ab78022c80a3f8958e093900d851d8ed935bee6900787d977ecee5c91163bfb04b2a9db2939a7e2ad59c5593795693e50114d24b9e396cd9c759418c4c47ea9dc419ef67f96f0c7ab0337b65a9bc35f578ba67242c738088f4abd7a3786eafbaa457c09fb6a29a64e20632c8dcb9018737c41f8582b77cc6f553b4977694742ce6a9fca337d02cf70cb540beec37afcd6f2166d8148d8b1184133674f10743faf663c8874e2a4f1fab878498ec58ac748f4fc911e38b809deefe38c997657b568245d0a542d79a81286283e48e2d446cca06af8121efd71f311561df30621edaa4153abca42f95bf35d921dd85467f20dd34133f2f448e93b6779ed24548664aa699e0605c8cc811b6d1722acdda93c06fe036faa024e29f9a84bc854e86d567b34387bf7b10ae0365644d6dc545fac9c5bfa64fa6b79c1237fecdcf0c09be87ec2376cecad69f7b11b54ff6d4b3dbd670572fc0f95488f030e4e915c6ccf07cef6d64dfa3396b51ffc53a0adffcd662fb427712553e1241556a1ae87c10d0014a00fd60b51f02a827f386e5238c96d74e10a718b40c63dcec7f449fefa30e3b4411496338577ca43fb347f803ddc5e59c33022ebfda11469da5dbb1353aee0ada0637714f89353cb5c441fe803ff9af5ed6d6113e9b1a72b9d414a"}, &(0x7f00000002c0)={0x21, 0x0, 0x1, '('}}) 23.2321025s ago: executing program 0 (id=727): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x25}, 0x1, 0x6, 0x0, 0x0, 0x4, 0x540000, r1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private0, 0xfffffffc, 0x6, 0x0, 0x200, 0x6, 0x180107, r1}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/protocols\x00') ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000100)=@attr_set_pmu={0x0, 0x1, 0x1, &(0x7f00000000c0)}) preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x33, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x2c000, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$uinput_user_dev(r9, &(0x7f0000000240)={'syz0\x00', {0x508, 0x7, 0x7, 0x1}, 0x4a, [0x5f11bec3, 0x3, 0x5, 0x40, 0x0, 0x3, 0x0, 0x7d, 0x80013, 0x5, 0x0, 0x6, 0x0, 0x0, 0x4000000, 0x2, 0x1a4, 0xfffff605, 0x3, 0x0, 0x46e9, 0x7ff, 0xe2b, 0x7, 0x681c1eb5, 0x11e, 0x16c000, 0x2, 0x0, 0xe9, 0x0, 0xffff, 0x9, 0x4, 0x0, 0x216, 0x6, 0x0, 0x5de82a4e, 0x0, 0x0, 0x20000, 0x4, 0xfffffffe, 0x1, 0x0, 0x8000, 0x7, 0x0, 0xe0, 0x3fd, 0x5, 0xfffffff7, 0x0, 0xf685, 0x0, 0x1ab9, 0x0, 0x2, 0x0, 0xfffffffb, 0x1c15d73a, 0x2], [0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x8, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x0, 0x61c5fb46, 0x10000, 0x0, 0x4, 0x10001, 0x75, 0x0, 0x4, 0x0, 0xd, 0x80000000, 0x0, 0x61c2, 0x9, 0x0, 0x9, 0x2, 0xff, 0x2, 0x10001, 0x3, 0x0, 0x7, 0xfffffffb, 0xffffff00, 0x0, 0x10, 0x0, 0x0, 0x0, 0x1, 0xffff, 0x9, 0x441238ca, 0x0, 0x0, 0x0, 0xfffffff9, 0x2, 0x7fffffff, 0x6, 0x9], [0x0, 0xc50, 0x3, 0x9f5, 0x0, 0xa02, 0x1c75, 0xf51, 0x6, 0x40, 0x0, 0x21, 0x20000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x205, 0x5, 0xfffffffd, 0xc, 0x0, 0x200, 0xcc0, 0x401, 0x6, 0x6, 0x0, 0x0, 0xffffff7f, 0x80, 0x921, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x15960318, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffe, 0x4, 0x0, 0x6574, 0x7, 0x0, 0xcd55, 0xfb], [0x0, 0x6, 0x0, 0x2, 0x1, 0xffffffff, 0x5, 0x200, 0xffffffff, 0xd63, 0x6, 0x0, 0x0, 0x0, 0xfffffffa, 0xfa3, 0x3ff, 0x8, 0x4, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x194e, 0x0, 0xe793, 0x4ad, 0x0, 0x0, 0x80000001, 0x3, 0x0, 0x0, 0x101, 0x0, 0x1, 0x0, 0x40, 0x8000010, 0x0, 0x5, 0x0, 0x0, 0x7fff, 0x6, 0x800, 0x5, 0xd, 0x0, 0x40000000, 0x0, 0x4, 0x45d, 0x4, 0x0, 0xfff, 0xb2, 0xa, 0xb]}, 0x45c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r10, 0x0, r13, 0x0, 0x39000, 0x0) splice(r12, 0x0, r10, 0x0, 0x408c8, 0xe) write$binfmt_elf64(r11, &(0x7f0000000100)=ANY=[], 0xfffffe3e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r9, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, &(0x7f0000000040)=0x1000) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000240)={@local, @private1={0xfc, 0x1, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x4}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x86020086, r5}) r14 = syz_open_dev$tty1(0xc, 0x4, 0x2) fcntl$getown(r14, 0x9) mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0xb90cfad) 22.34366725s ago: executing program 0 (id=730): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000240)="26b2a8dd3bb50b8ceb62f430e5885746b5fd58b5a47a2bf28b373c8660a05cf8181b4b7a61b8ce127e9a2c0e92dea9379d5ca6b58c15037915bb4319621bdbead01cade5fc0535760d2286578af05881b83e2c2007508ed17ff1e44b5f91fd57e1077aaaf77b6741f58c4e426bb9b1ac269ddb81ba7c1d6ee457f1bb8ceb4e8a69db85ebb1df95fec7f3b5bd95dd726c920792e9a54f1641d5578f4347df0d583f76f962383980e8c6a1c123a70212d089e9b35900b052f0ee59eed7cf1e133398f5f5bd78d5c9820ee007f32894a57377a97af57c6d6dd108231b10a94c67f18552a65b870b7a9afcdfb72b57b81b1e424f739df21dfeebfaca906901b2626cfa482aabcc62b510255ee5010b4c1b260471011275c7f242659df63a8de398c2b0dfa67422e519853a439752898451f9f02defd4ae71ecc8aadd28d21a339d35cb425e109a5452d01d1ca2fc9cd2572a1252582d4b179876cc489b1b3fe4767d0356c29e6e0b891991f1dd5acc3c3e35f9d0048ed0e28b9771295729aeb5a1e262ec2fcbb545c3e24799bc424924294928312b42be902842083b4d7383ed289b307b66c8568277b3c17fea747ee49b750d83dd7ea1f18a5eae198451bd2968f823e03a4656cbbb154145465ddc7bcdd0c7b1d07366c0a4090e4023fd98d0f77d3949d7788bf0b31c52c7704bbfd681c4691d16ef610708ad2ae5af88301c5b0451ae9f292f16aa44230e53874a432be156fc74c9690983928aff88c8d817c86913fdc8425cf2cc43297e89321dfbbba3f4f1b8bcb602a17f1f5918c0657a9e0230f2722f2aca5f2f931c8c91dca589c02a711db5b7ca36f3a49282c4ec3b447ddcbb2f94e257a384d8c17980a3962b2c7b5c0b661899fd1451ce783dfb29355650454b65479ef40a319e37e90757ec3e3e08a2bbe0b9bed99d8bb31e5d240ffa66d5162748f30635658f92d864dc6ee1d95d9b6e19e554f6a4a5cb4a067b3c7d7d882ed4f908337febfd5cf00a6fd68e95fe62f5c374399f6d3201d3482a0637ac4d9d8253fbbf6bfdc3feb9db0a3d8a85cb337dc7a1328973e20bb82bcc2ec03a637f4f29e1efcf4fec09568a42ece4ee0508a0da8206989d12e522a65e76c4d64bbaec9f328b927391f2b15c7e8b3f138ef345afcac4d566448f327f84ed41f69b4d40c8309d9d5ed6846f788198e151a48f654d29b659f923858d443e118409541cea176cda5c518a938d10086148efdecda55cd4990922cffc06633c59db0c21d12e4b311e3858e82001c24c2225844019f9d633679ee75a70521da58cb8809c193c0f3389dcf540884ff0b44f224cbe03623ee16ad37e00abd1bdda5972379bfb097aa2ffe5e881ff988644b1364d8117feb6859fa4a942260aa6ac51387bc4c9173b8656813929744af772742e69d78f5b127b3ec8a64a3781a603a56e05eb948a003e54f3095e56899dc6413c4317e12141b3409ee8d33dc77ff33b10c5294c5e6b969848dee370c19e732f3e75a6bf21ad433c99d3978f8a8254fcc589eb067e3663e6179cd7904e080048565f0d8aae47d0dec7830d5eb48cd386ea8ff0cebf7bf86eda674cabd0d06f2068817d1d85f39bff655bda536ca5d9727545b8202a982818c388ab0219021fdf4dcdc5de8731edb03e9170a8867b614e5317f76f44c33563fabb73eb4cf8a766b6299e52d00646262e6e7704748a35322cdd7c52e6bae2654295f7804f68e807d5ce420213a278b751b360bffbc1bb9a027b98e65e9dab8fd143e02c2e6192eb8f411d80aad0fa5ff40ced48d26e076cda037ffed74f19b1a35839239b5d14e57fcba05aad705435f998d5a85c05d944bfc472ecda2974332b9b44c448365682d00e271f0fd2a436057adfb7b8eca4abdb8c1329121d6dae395dd1506a95c0de8191bd69cd1f68ec5af9a88fbb1a37c082b9df5cb390379f2db48c63e9f779b875ef9891a84181900bec4d6f512e4633f6b43b6abcb87e2e72f74d8cb0ea3019860339fdcff45dfe7e0817de819eef61d6e91b05a6b8ce8b0e1416e0210813429ff7a75cbd6e7a8f5c1e41012f8b092c6f0b45896a3de1a278b80104157dec7e210aab22aebb54ec881291fee48bc1c413f6a0704e45c1b00f39d4618147e4e11f429592bc92044a772bb33349d3ee4b6c2c5a5a8fdd5ad65434943c3987be2ab99807e23db8b9ec30a3030be076b7871c1bc7a9d4506f3a1e7b986d2ea1b60f9240db71a360c919dc6dc24f6af5878efd95d83f5a9529266f2fef29af2b60d214b21b6e3b8e5b3555849453f66e3b2fe46c2547690b745cf6b850312d825c73049a9a009d66d0d58801f254e2dc32897d9f3bf6fc3fd9ca6fef5d0f0dc55e85a99d735d1800f418010986d80f04e7f5a37109b73432db749b569966e781e646c0e373c94d7797960e1b73cb6cf58ffed290c567d7b5dc54f7a9c911d19fab72aded28cb7c063c46fd530b6ea9efef61c4da2bd5bad7d317743314ab01046b0f92d9d428a13bf5ff427fe25bdce29637f916b2da55f2f5ff05ea17002bf139a5740b7f2b60d6048844cc3909c76eb9ea0735ebed9c201efb8228245373c97d8c565e1ddb4c4d07c1ee7e3a942eea3cb88b2b263a0e4eef9b5cbc99f0b1fde017d01b15820f55f51d325c77c298b6973ad694b1f3bd5440fe8e8ea72fb10b53bbfb84c7d2b7be416df5cb60ad3607c71b387687752a119afb71cdc53b8a395e0398a5be4ac9a175df444ea715fbb2703911bcc6867a85ae2d76d25af06ed0e3688660dad6d69c1f356d43e655811e4169ff9f3f275a8417c44a9b7f5cc3e6ae05ed6a226da85946e84144191b4018d2a226e957e583fb34af3d4bdfbb59da087565fdd7faca17d652208c129549f16541f8addf7be170c6041459600364f025362ea0726f48cf82521d47eb478c341da8b0ba94e96942787d4046d04e86b3ecdbf4b3579aa8f00ca70e132609df358d9183f6cf6b200dfd16fac3e0bcdb13cc5bfb20bde3cc139967c70fefe3c39f484c442b75a5606a2b4952c799b04957e151d3dd76eeac764170a1929a88a668926fd6c22e9c2327f85fe88d388f4eed175a5c13e82bd6f42a7669341d2f3012c75c9871e419e0f3c7e50e347856415b8584eb2d2a0214d5bb03b10a26505ea9ffc7d5aca844e24af916eebe7513d8dd9145049aa0dd8e2a5a9fc53cef6239f56f2ba429601ead8223b5d89e5326e09f9d7c409a466fe5781435b9c324efc040cface76eb40b2da68b71a8baf2f916303726256c772cf27806d5208724cdf9f4eef7c7f3084a25242479fbe759bde637a7cb96d98510f0a68876d04cb47a3e7614b0b51f8812727b0881da22bf270d4a44206a581e71a7150c4096dc1fbd9e724ac572adfa13d6c2129e51df101bd5fd45bc57c356d67b65f270168bd0601e0241e887becb130fcb72c398c6e50d5123f5e8cef49d7ae92ae8e7de2221677a8aa6a285824ef679c68f87330224ce2c11299878adf4f46ed510fa4286f6110dd9965c189c21e85654d44992593ad75bb264fa4c9c7f600224b8eee14e6bac1aa0f9c9bc8c10caee2826cc6d8a787a9b98f908d062732ac0226268047fb44fd950d8ae380620c1f594a68a0813b492bfa3a8560dc1458ba84ddbf9b58f0f7317589a36c66493d1b1093c50719fe4e7b3a7f9dc61e961b0a36b0d65bd14029ad5b9dacdb4edbf090c2455c6c1af080e5447ec7aad8d1a532a48ce280decb70918738b3dcd49d3ffe16e1a2099f7e083aec3a97866e51d43e2581530e53d269c4ff2a6f576ecadc018f4e233b6e7da57130bdd369bdf5973031b7280d7bfcfc443dfb578de9d60be87e741e3aabedffd7b46e6a1c342661b0a122d579623e6e86e745e6ec3ee53545e9a1f63c1db363f68ee2a693a8f8bcd5f97c575db2ce1e03fee213bbd7a38a288fb83a07b1adeb99932fa55dda4b7e6be199f8f008abaa88c63f59179b47c541d8707709c7cd5f5aa5ed5c4dc63093596b09858952e64133cbe6b7d02b60528d6a263c9b72aa3e751a99e9fd1664121fc0ba9018d61011edd23d29d05c2080e33c721e503113be23973351a68fb5da582205a0e89e69fc84e24f3d4e8629847f9b6ba77e2ffe6ce394f99b1a94576c677e7433aa8bdc4d9779cbb706c6e2f426806d111173ffb0cd4f7be3ccffcfc9e66a16ab2806b6118ce28bc935624f1cbef0c9c4da396e6dc0e87ff20d0fd0e07d49327d8c0c97c7d70c50b584fbe563cde1cb17f36a73ebbe6b331b6321ac5ceba510a35ee913c5542a9d7b12805a29a99d25a5d3bc13a330435d6f0305bf522cc71e261c39d82584440d47fd82b9b31ad4ea0d2922558e6bab6fb6d3f6da9eb2a2e824af6928ee2ce41baee61fd4b5f896bf92bb1cf06c0c5a1b9b81a8216084c8e90451823d6be884a735a2be130304a22d8168c06db9cb6d62ba30079ecc831952f2564b760153311226d2188bc523928aa63223e785e6cf67a01962eed4195d5b06f06f272fe27d38660153c1727cfb438b5d98da5778070791c5ace1fd3ae756c8f261ad9d1c6aec5722a8e0609c3bb672c628879b65fbba3692070781c13bd34a93a5b9fff4f9ac4cd6aa3fdf076eeb4c0cfa14d2a41193e723d6d013995f34c97bd5d438eae8ca9a8a2dfdadec39c84c11cc9e9506020e072908178a6b60c53321c0b857d12b9adb58d90197c090e558d20a29bfd9f2ae297c23f47a544daa537f5780ec75b1824be5c92c20785499143252dd2f6d1f8aaf47deccbabf74ee0d55793b046aee7dc763353249f03cf2f0c60f6dd6ff082a051ffe2c8ef4ae9b1d8a046af67ffab68a4587ccd0a503906cca13aac0b7309d5fed12abd5303d2803f928651b51dd8747db79c56c3e3f89e6799a9dac3a7c57257c6575e133379b6c616dbab839b530e7ede62dc529acf5a6fa061fd1244fbc82d6e883388291ecaf1130151c8da538f8bccb9b871d2ce3417a9212ad94fe94c6e13e06975d8ba285d7e937ac4c6fd89aae06db06940670463d6b86a18856cc978a49f7e407f2e4f042d7ee1b7791cb33697824c68b2535af6c803e7940512da7db39c98ed1030e615569c200bc3ab833156187c25c1f659dcde3434f47a8cce56d821617c58907f80d5628214a0a8aad3fa2087647d52ac1c9692c6b57b85d70cd12875f110e631f3a9e34f21afc401797d9a13753deabb43fef92d691efb19a7120167f838d283fc5f2f1d7b4c2ef736fb1c8a47befcfd320f98461756d6908f00cea4a252733db78b6f67620e1a209e39f788a8360b8f42ccf1776259c6f70ef7ca2b0ee8caf4bf27017730236669eab62ada6db1d381ec2f8c60bebf555425bab9fa4d46823d3b0a1b1f51add64961aa2a073929116f02ea230bfb354019e47800415edeacf72a7daf8930c64adff306aba841fbe75bb18da73441721c86d3a70f9e6025e7fc95516703372fcae04421b08d0edbc5f1b6b6a3c66225011dc19f575111180e8d173922c2e28123347036b3ff2418dd529c49beb2e335801a3a5473c73d71d084c8271c10d86f283a659deaa57fff6673519645e0ee4c915cc3b8c440584fe222b1bc0cc0888142b9753ad409ed41ca16a92a3126ee73f7237523c6c781959fd255c5c0dff4ff324dc3e2246da77281809ead68df57e4ae6c1f8001e6d292e8e42f897b59770ec26b508ac5d57b47ee9696f9d40ceb39f9653a14737ede3f3213147381417d9633d30cc1107dde46e5ead6e4e4dec617202e10b9093e3bb2dfd785dd96a6a64f44bef7465552dc2e391c978c7ac1ce2b8f774d7b3934d15fc6d96eb3de6f0e9402a8538c6081712e5affa5b67b4153217b38f3248b2565c804226f4a31688d5fafacfe2e4fc191791c7164cfa33a474f4a9cd90fb5f37f5268e1801a2a762b00e8b7b2bda1db7a90ccc74ccc0fb015eb49a6ed0236d8b6b0e67bcaeeb750a499cfc3b2dc34e9024ea9bf00e5f0013a15509992979b50617dc14aeb0bac46c6961eca1e96ab2b45d342bc68e88b765a79d73f1eec58167e8ea4752981fd898f1ce528e9ba947723bd4d2ce228b6e5787227697d52f2bd0d4ecbebf5c6164f5819313060579ebb3ddb3c6423adb999975427c2d3da65b3cf52849c75464b46ede138be670742b175474222a47755f8006d4752b6c271643aa622f8439903abe53595792e7856a6e5a5e1b309fa139c2e64e927620c87aec8f36b9509c1d5cdee296bdde21d2cc54e7738070d93552d9ecd799325fe6fae9f3d7046ef1459d401922e3da284b7f6ef67ae196f274f6ce94887bb5ec25c0101618d6118b4cf47e0dfcb8dc89e8f44b47ba19c326db51a75a5b790620a2e460110dbc0f923a7d3825e4ac1d04597c0693fd05d93aabe907b47b1581f915de89c16580ae484f864e583b43ddc0991d716e401f60b6f62ebd52178a9e0adfbecc706dfffe8eee93f67ba2c9da4515bdfffd764741527ec04c3503da653271f2051ddad922ae38cae98c9a2eba5f8470d2551d2224add25a32b9c4d573f69ed15445d2b72ab20d1cd07c2d897dd7c97edab293db9f217a5eee5de9ad08da2f734e617b9f5268a3b91336237f5e9738a65f4adde4279eea09ce40e577b97eb5c67772e4ebee5a33afc7de28c70d97a514cdcd95908d26ad62800900a7cb9dcb88955b5401ccd4d965d00ebf0da48bf43cd2f5b61331894f523685b17beb253c3f50db89e11e664d6427a2551b5bfb2cbbfbf1e8240909d5eef23ccfa23d185391713d1205078be21e99063ff6316c06cd77969dda4d7f3350d4f2f29a23f12e14788fd60cbe4c3c00685a5e42b861597fd3b70c5e0e4d9f02355b754bf353fa2bd5dc0225080c26eb39be11a5b3cfe5264f39399167ab55ae7286f09c1d7fd0fc69bc9c7fca34867b5bf11c43612d3e010d2918a0d9b620549402f2c56e9cf3aa53b7614337f0867fe08170ffb272c5d340f237cdca3e023d2e65b250acf4f265ab8794a5388c5358d7e1cccbf82d99dd1aeba50f3363b9c3b6ac43542334bde8cf2ffd29da1d516bb5d950938f410829e2e37684916e1eac5c2ea1352e7cf6d0bc19bf16bf4ee61e44cd339fadcdf18126c46c0aba43c927510f3b876b32f606bfd2f657254e9715f8151099da8897c287ec1eb9077c72a0a31171f5e2672c16d3907caf659a73a15ec1bbdf240cf5796c22a99933999dd36ab3c354736b45b990e1631be048cad72829f782504ccff0cfc2e1eb5fb3e52e9fa4c3a39ec9ae7ef7b4b9e7e9a721a3f6addace5ca68d525ab9dc0d26b05333dd638bba4e40ec0a716b29172fc84a26c046dcdd0a744af3a7da0eb295a6b0d2a4e45bd6222464cae11bdb5a6c02f8ebb9c8846ca03175d4cab8b9c9531ae686029cc740c296feee12fda2cfb130808a3fd435c13bfca388ab530b8c4b546c4fc9af86596daec4569b5e82c8fd452731e27f9dffdc5713562b99fde6b59948a46f2a44ed0e539469040bb04a54fdf390f589c6491f1057b3d44573838dd2a1271ef8ccec3796012d2debeddb9dd0e252bf622f2671d6940f1c89b3ae38b4fcaa37103d96f4504c5654e603b80f710dc575bfdf2f4fa01741ab79057c15b627cd03e7dc24aab3ee312dd1d7e96731c28e24df9b051fa5972615858f07572d07f6a6f947fecf8acb05d220b68a4962b0bb9e2bb6341b97b0bfb18dc92764ceca8f723592c02104a020dfb9ff06bebc81ea80c68a1fa6175ab4042abd3305c1a17b72ba5491dc812def91672873fdd98632871ed0387e00a80c173b9e8c75e185149d32a9945e2f9707301c96337cd1c44cc13a9f38dc23720558c31c4cf6ff72559794c04af4deccbeddb04f267308e220963bf64d0aa830af54a91ae3ae0eb1aa3d48dde97ddd0916e3c16f4d90ef3e66f06f8c4c3d4fcfe41094708f49ac8d4e7150a74d9378a75018dba062fd1ec331776aafdb64e5e1732ab0f0ce0bd8985ec4b1374a6245b6d714a1c02ababcdc1fe22481a6ad3276662d4c9adf65e9d275afa6d57d6c3bcc6ab68234f4a1dade56c852c86c0bb4f427387bc9ea23e7361b7f518039af614141a12499b9602f95e2a969c7f31cf1056fe3b1954ecaa3db219f546a28e954964268be0296ea2765a8194d88b14869d388996d645f34511d63a602d92e795a0b29773052ce44b008556b6a0fb418a9233ed13edf3bda3db479211d00c16d40ee6321241d884fffeb3c1e2c01707c7aa387778779a241699ef4bd5d7cb8e40986539d0778cc242e98f17e630a09d62155b469ef5dba920d2ef80686c8f9eaf1965b42935d6dc470de7fbe0f5083a4b6ced2fa06b255fc35c3325bcc57ae3ef95ef58edb0b45bbff699de88afa565ab9f98b1c98255dfd6bd3eb18af00b94cbe5f94421b2828b0583c91e7cecd4754003ad8f46a206da99e75056705f9cccc481b591d4c33d96b21acbbdb4e70dfd9b6a2fccaa6a0af7f97fca9da759e62a6fb222341cbab0c808d320ff13a5989ce707aabd7f7c569b3e22e0c91613c483c136fb5b94ff7bdc1f51cbb9f5c46e4b62a19cca73057b78d1f3f8a9b0e2a20b8b8d9f2e8d0459df86c18353fbb3cb6e8b804e28dee571349e16b5df662cdedf1aa5a44eea00b778bc79c16138d85fab98c15ad9f2b83eebdb9432634280768397d2895c10012da8c6659e02295cfa52d6d06ef1e6ed0546d46c676048e5a455261659c83492d355eee56596e520962467fa8b3ae99cea9547d99a6d6b674682363c0dd5c8bd5c63d3bc2d45a94fb4e090ca27028b29a61c53d96ade29f1c60cffb5053b494dd2d7c7ccffc7006e16eb2bdcb360a1e0a3fa1f380616d0298e315808db7ae9ad16b6c4bb7dece5c2c4ba52d514f7fdc9b00e66302d1b6c6a7b5b58adb313e0cec67448238f66f69dd480d304a9831833a1b94f8109c0d2f85e646077bbaf140f9c7e72301d8e452f13711be18bdb48e2f0031c38da789a9e4161b7f0a6da09075414aaf9984ab7f141647c532e3b2530f3fd8a93b4218ecbbff44c4a58cdde1f9d89eb60ebe8033dc10116cbc09d4903bfd0830ef8b0d33572ce61bc028133be720544872e4a205fed6b005e8ed240ceb6e9efdd313b6eb0aed6bdcd335cb1765f2d7ed7f1819e0c04a8989183abcaa3677c35c33d95b139ed63f9f67e51386206ee2a3ad54bd4312b1178ece5a5a76eac9534faf2bb8c7b5105811a34a110553c63f1b9168ec5758e39d1f1baa4fd3e8dec73026c08ddf1568fa04b1a36a98055b6912f4faa0741e0bb5f063dfab6e6a8605b997affc69369980188967e4655c954d31b3ebea8dff5face904366191f0695fd3ccdc5e82c5982243e16a895f8aaf9d63d37ee1d323b296862ad265760a392378bc2ae5d7b75039b77aec33aa00c134f554ca9e5fd162296e915ccd359976e7ce4099bcaa5494c8eb6fa4da2a2e245920762f3639fa4fd4eb0e5e167a5f2111bfa669576ff3e0711a4ad78d2f8477363b03e6a13cd5b479817a62614ef613ac2b03a340114909c7b21ee93adf74c2ee2d4c666f1ab8bc43368e7643f3ea8da5a919b1e3078875228d2b519387ac49b7b9990d7dc229fb9ff0d551d3dfbeb843c8b2782f50cf8c575dec6836259a160a9a047165791d1e759c74ea65f4f9da990fc0e789bcd4ddf716442864788be6f2c5b607b6ddc7f9575b4e8375eea50e98cd9320fe736114e03aa0a2c1430d5cb507b29b388ace6ab58393513724607102a0458a458998e94d71b758df51ed4ecb6c6f2b94c31fb480745fbc6f6dc595c9558161fa14462779952982adb70d70a9f9a734fcbde17652e1a91422f93a6ff7d6c80fc92a5005bedf58aefe9bbba9d0ab3441e86b863bb5a3fdfd2a9c6f6d10717d2cd35d3c2a892f0e58545b1794d9aae993d72c215a6673bbe38976cc7d03cda84999c637aec8036ea1a23b143ed6288dcbc7d1ee487b1b6a4f6e8ef63b378acd4ff888bf95d86336907939c29695b2e0cc58efab49056f88a9027cad6d724e635f94f45f4cbddd8188608663ec7e46547e2aac7dec6cc5609e9f5f41ef26a1f16ecf6bfe200b0a955f98d9a4d41a2a268f8857670e33fbd4f076aa11c49cebd8306a4de3c86f7726fde93c7fc984079ae60e63854ee9a14162c749d7e308530c6b84cb5cafdd09ec3411cc0302c77d316beff973e3108ddb9b249e206d5476d605b7b24603ca344c2263bda8d7d3db55b9e2fcdce69be9b1ce24f8c4df129cd62a299fcbbff3309031973b5da452654c0b8ca4cf65891a8bdb8dedd20f631a34964e3bb0fa45c618861da79b259d79ecde8394061c99c661851c016c35ee8c91d52bbbc25f52b5e2f77ef2f63c764b717e8cce4d291742d5a7ef7f5d7ec1a96620eda1f962fb2448c388873f8b8abea4d27a5da092833c43c57c4b14099597f83785a31190798826f4264ba8f998cfbf7f20f9678e10e05c793f5781f8accca245d047d3be6c10541b2610c02c6e916d3db9776c6964e4519cf2e30708c954ef2492d3418c552dd9b5db4320dab8be6ac3394cb4b3fb1b9d5222c6ca9bd06aae2fef510e541db1209cde21fae56507020e80862d0b875d958346c42ebb781955ab337be61a68534281100247904b81b86aed49544c2452ecffaf6cc116f9d3c7362fc2cc390ab2ad29928b6e8bf90a4f21442fb213dbeeea4b8f481792fc6579b608e3a9c4fbe2755010d7ab3cd122de7a40a1f7780350a31d83ee5006ade36854cbc8e8c648259b29f2f7042719ab4d4d4d1f0c5fe6b717d23a5504335922f84ea8b20c78a5f1ddf6009089ea221353c01963fb8cabd3d795831c86d084660fa7f7d08f3ff15780c5b301ee27ab8d98fb358b90e92de4c96687c37e327ac1f0f23208c41a36e67cc22356df854f2dc309c110cfae51c5cc69051d22477caa1d2a2f276ccfbe907b263bd79ad4c5f6ea2687466f325ff2b1a736fff687c14d477c4c744e9c82be5b8ebfb69db2b312ff540ec8cadfcba9b609cae7e54ff347ed3d2649f9214600870ecba27f98943b4fb72f93b5ecb6d64dc1c7b2e8c2f2cf1006e39a237c5818014df9281feb6e522f6cb2d5ca35aeada09a58d5a6bdc9a75cf81a1c51faa8a3824a58d192a27be9fee5098b2e71d0d3f12917d50667415e418b790e0942260f4d2589c57aa1bd36017bd2bece963f0776f9f76cc66876c3f88f8bdbc35e329ecb56887948fd2c05d49c664509a682c6ff60350070bfd111be86ad2eee8c0d76b851fdb75f08e11fa47b5fd29b57568abbf91d3760652d475558bce2a1393688c9e2b4ae06cb072c294e1396b58db00b09ba8dbdc047a1684cca6e5b04cb52a40dd7b7f72c55292e7af0f3b8dda380d45b4e71c6cf57179247923750551ffd955f815cfbc29dfe5e0b2689eafdf44ce362b9c5864e4003326b2f183df7d39de7632bf3b2a85dca04cda08d10a5bad9ed9b481227e39804c3fd52d8a8f03288e13eb09c9075e23f82123a416e58864d95a321a719f88c8633201eb7d5c429348dfd83b476510f71808f95ab3b11d521004acc6d9168771736ec0a5f7c73ca78a46787c19299a79b453e49317353d6bee5b", 0x2000, 0x0) write$tun(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="083c86dd0001110004600000a60c6eec00be004411fffe8000000000000000000000000000aaff020000000000000000000000000001"], 0xfdef) 22.295348514s ago: executing program 0 (id=731): mkdir(&(0x7f0000000280)='./file0\x00', 0x324) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000200)='./file0\x00') clock_adjtime(0xa00000000000000, &(0x7f0000000380)={0x3ff, 0x1dcd64ff, 0x5, 0xb, 0x0, 0x7, 0x5, 0x0, 0x0, 0x104, 0x3, 0x0, 0x1, 0x81, 0x9f, 0x40000000002, 0x0, 0x6, 0x6, 0x9, 0x8001, 0x4, 0x0, 0x7, 0x0, 0xb}) 22.240328649s ago: executing program 0 (id=732): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x2, 0x4000, 0x2000, &(0x7f0000ff8000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x4b, &(0x7f00000001c0)=[@cr4={0x1, 0x3420e5}], 0x1) io_setup(0x8, &(0x7f0000004200)=0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000300)='comm\x00') io_submit(r3, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x8, 0xfffe, r4, 0x0}]) ioctl$KVM_RUN(r2, 0xae80, 0x0) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000feb000/0x2000)=nil) 22.068981794s ago: executing program 0 (id=733): mremap(&(0x7f000087f000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setresgid(0xee00, 0xee01, 0x0) r2 = syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r3) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r4 = syz_open_procfs(r2, &(0x7f00000000c0)='syscall\x00') pread64(r4, &(0x7f0000000140)=""/15, 0xf, 0x4) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000fd4000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, 0x0}], 0x1, 0x2b, 0x0, 0x0) 22.010063699s ago: executing program 32 (id=733): mremap(&(0x7f000087f000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setresgid(0xee00, 0xee01, 0x0) r2 = syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r3) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r4 = syz_open_procfs(r2, &(0x7f00000000c0)='syscall\x00') pread64(r4, &(0x7f0000000140)=""/15, 0xf, 0x4) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000fd4000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, 0x0}], 0x1, 0x2b, 0x0, 0x0) 4.808120122s ago: executing program 4 (id=836): mremap(&(0x7f000087f000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r0, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) (fail_nth: 28) sendfile(r1, r0, 0x0, 0x578410eb) 3.964220477s ago: executing program 4 (id=839): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='attr/current\x00') setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x0, 0x0}, 0x10) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) process_madvise(r1, 0x0, 0x0, 0x15, 0x0) r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)={0x40, 0xd, 0x4, "fd000000"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000300)={0x20, 0x9, 0x11, "323a18787aaf58e4662992d64c9d9afd58"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$sierra_net(r2, &(0x7f0000000140)={0x14, &(0x7f00000000c0)={0x0, 0x6, 0x36, {0x36, 0x23, "cc79727b22cf40c5698a2270d7cb26b7ce554c498df6d1343cf417734aa202e76ae60f034ad7bf20c956dcdd61aec76af7dbbe1d"}}, &(0x7f00000001c0)={0x0, 0x3, 0x94, @string={0x94, 0x3, "aa1af346d306e70d219d4d2dc42a9a0feff3660e53df2b3bb6225f34298c1ed515c71de607965bb5f7746d66f72663ff5341d5550c75f9da54014f169cc06bf8e82d19e4a52d7cd0afa3b5eb777fec59851763f42b801371fe885709cc354b3e7c9cfd1e5c1a94383b53f79c7381ed980221932af90b063b90eb0875ce9acbabda759f54a2265404bf8072ad1312d0129112"}}}, &(0x7f0000000340)={0x1c, &(0x7f0000000280)={0x20, 0x17, 0x2a, "2b787ca4f14f474660ffe8a86fd6ee87330833bc3774d247448b89375d5651b64a0d0a0ea251f7274d82"}, &(0x7f0000000940)={0xa1, 0x1, 0x400, "07e09075e77c1b6be4dfc42fba62c9385f31a6d053ea22ee062046720360582a97443ad10ddf5b62f53185c61e8fafeb4ce888c7538b275ba0e9b1f4f214ba79cb222cebd845265f45ea79f93aec9ed28134a142ff9dcc337c7739205da6fe34a4a229e732a9e2d55f3ee7b157164d66eb63398d7a6093bc664b6d12e881aa226823b53c57762766bb67bf03e87acb2fd1eee546b6b452ed591f48b6e0ec97206f27ffee0b733e858534ec44ad5ed74b27f7dbeb47507fca560ac185542b8d9400794ccf7a7f3dcac1d4213b0c13d3e52a9bebcd692df44cee873a44ea70506b35c3dae739ed5b03bd112003595dde57e880c34970a15747ba1f413f1a41d193179688057f4071261ec7f48661e47fde6b5586793fbe29315e1816b29f3b624a59a51134446e9e4aa788f0ce7d176d09e333c8477b3409e1f51b5876fb6e08814a5b34416ffc2c929513f8c4b3b610e33308c160253212a0d1c10c483aff5628f4f20b6c68b76b2280c6042ff292e3f34b18edcbe91914c9e56288bf7077dfa443c9c4e855e5576e7a83d95a9bc17d543c5b6988433f8449040894842d828aba2238fd3825e2f0090fb8537242ffc2ade78c0d0684662936faf29ae36b115e2b8cfc4de861402ad3cba6215d45c02476c11a5df1fcf64fec6e76c098bbf86d59fd8e8f174d7c9ff3d54691067935aecc0733e23702cd269656b5ad948546f5e0797babbc5477dce833c39410d9e5edab08b6ea2a2bd44430a69075079932f710f1dcd2d80ab78022c80a3f8958e093900d851d8ed935bee6900787d977ecee5c91163bfb04b2a9db2939a7e2ad59c5593795693e50114d24b9e396cd9c759418c4c47ea9dc419ef67f96f0c7ab0337b65a9bc35f578ba67242c738088f4abd7a3786eafbaa457c09fb6a29a64e20632c8dcb9018737c41f8582b77cc6f553b4977694742ce6a9fca337d02cf70cb540beec37afcd6f2166d8148d8b1184133674f10743faf663c8874e2a4f1fab878498ec58ac748f4fc911e38b809deefe38c997657b568245d0a542d79a81286283e48e2d446cca06af8121efd71f311561df30621edaa4153abca42f95bf35d921dd85467f20dd34133f2f448e93b6779ed24548664aa699e0605c8cc811b6d1722acdda93c06fe036faa024e29f9a84bc854e86d567b34387bf7b10ae0365644d6dc545fac9c5bfa64fa6b79c1237fecdcf0c09be87ec2376cecad69f7b11b54ff6d4b3dbd670572fc0f95488f030e4e915c6ccf07cef6d64dfa3396b51ffc53a0adffcd662fb427712553e1241556a1ae87c10d0014a00fd60b51f02a827f386e5238c96d74e10a718b40c63dcec7f449fefa30e3b4411496338577ca43fb347f803ddc5e59c33022ebfda11469da5dbb1353aee0ada0637714f89353cb5c441fe803ff9af5ed6d6113e9b1a72b9d414a"}, &(0x7f00000002c0)={0x21, 0x0, 0x1, '('}}) 2.428060204s ago: executing program 3 (id=859): r0 = socket(0x10, 0x3, 0x0) clock_adjtime(0x8fd7fd18bd254f93, &(0x7f0000000080)={0x6, 0x400, 0x9, 0x5, 0x3, 0x8, 0x7, 0x101, 0x3f4, 0x3, 0x7ff, 0xd, 0x1, 0x2, 0x1, 0xfffffffffffffff7, 0x3, 0x3, 0x7fffffffffffffff, 0x6, 0x3, 0xfffffffffffffffd, 0x8000, 0x1}) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000440)={0x7}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="940000001200110e0000000000000000cb00000097"], 0x94}, 0x1, 0x0, 0x0, 0x800}, 0x4000) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="780000001a0001002abd700000000000020820"], 0x78}], 0x1, 0x0, 0x0, 0x20400}, 0x0) 2.376216838s ago: executing program 3 (id=860): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) (async) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x6, @mcast2, 0x6}, 0x1c) (async, rerun: 64) sendto$inet6(r1, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0) (async, rerun: 64) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000001340)=""/4096, 0x1000}], 0x1) (async, rerun: 64) r2 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8983, &(0x7f0000000000)={0x6, 'wlan1\x00', {}, 0x108}) (async) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000240)={0x0, 'team_slave_1\x00', {0x2}}) (async) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ppoll(&(0x7f00000001c0)=[{r3, 0x200}, {r4, 0x1209}, {r4, 0x6000}, {r3, 0x1740}], 0x4, &(0x7f0000000280)={0x77359400}, &(0x7f00000002c0)={[0x77c]}, 0x8) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000140)={0x1, 0x9}, 0x8) shutdown(r5, 0x0) (async) splice(r5, 0x0, r4, 0x0, 0x406f413, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async, rerun: 32) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x9}) (async, rerun: 32) setrlimit(0x40000000000008, &(0x7f0000000000)) mlockall(0x2) (async) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9fa0000000f01d9660f78c4020a3ef32e650f09b805000000b90000c0fe0fae41d901000000b87f8b7f26ba000000000f30660fc775022e0fba600c980f320f3566b857000f20c035000000800f22c0", 0x55}], 0x1, 0x6, 0x0, 0x0) (async) syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fd6000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0xc, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async, rerun: 32) getsockopt$IP6T_SO_GET_INFO(r4, 0x29, 0x40, &(0x7f0000000300)={'nat\x00', 0x0, [0xffffffff, 0x6, 0x9, 0x8, 0x6]}, &(0x7f0000000380)=0x54) (rerun: 32) 2.375669208s ago: executing program 2 (id=861): mkdir(&(0x7f0000000280)='./file0\x00', 0x324) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0x4) newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@redirect_dir_on}, {@xino_on}], [{@audit}, {@fsuuid={'fsuuid', 0x3d, {[0x33, 0x66, 0x34, 0x66, 0x64, 0x63, 0x32, 0x37], 0x2d, [0x33, 0x62, 0x37, 0x64], 0x2d, [0x38, 0x34, 0x61, 0x36], 0x2d, [0x61, 0x37, 0x39, 0x39], 0x2d, [0x65, 0x66, 0x39, 0x66, 0x32, 0x34, 0x31, 0x37]}}}, {@euid_lt={'euid<', 0xffffffffffffffff}}, {@dont_appraise}, {@uid_eq={'uid', 0x3d, r0}}, {@fowner_eq={'fowner', 0x3d, r0}}, {@dont_appraise}, {@dont_hash}, {@subj_user={'subj_user', 0x3d, 'xino=on'}}]}) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) 2.375277388s ago: executing program 3 (id=862): mremap(&(0x7f000087f000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r0, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) (fail_nth: 29) sendfile(r1, r0, 0x0, 0x578410eb) 2.372908788s ago: executing program 2 (id=863): ioctl$sock_netdev_private(0xffffffffffffffff, 0x89fe, 0x0) r0 = syz_usb_connect$rtl8150(0x5, 0x0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, &(0x7f00000002c0)={0x14, &(0x7f0000000180)={0x20, 0xe, 0xc1, {0xc1, 0x29, "bb11a5d7bed2870002cfc9df5ad49f36878d6d41322d1b163e21fde4db479599df40cc158414a8f69b0caeb5534d32f8983ee1d0273aed46203c0dc589cae551fe2cf3055fda0771a0725a8667f94f251bc181217f51501e2b33c8aca218b9be012ca83464f46db27118b75e3955068f4cf82dfc02b5a47d838955952a973ec2c6545f9a385e40c8ba6bf9da667b5b30c3a2eef4dc021fc6d9095d6689102a0ae7c696a3d92d869705d96971256d6f862d1c9eb98fbd132f0753aca3fe784a"}}, &(0x7f0000000280)={0x0, 0x3, 0x24, @string={0x24, 0x3, "da4bf2e4d11d0d24df0f170a0081a8775d20cad5e8e1cddfcfc198c9e29c51735246"}}}, &(0x7f0000000480)={0x2c, &(0x7f0000000300)={0x0, 0xc, 0x52, "07dd5d2a2759f61a51f0f21df014e869a42d05f8c7dae7ad82f6ca7282a55f69e1345d00b1a82cc736007a805ad1d984eed2ac335f3be3b0c992c83e11bea0694159751b7bc9907f2ba9e514a90e956265e8"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x4}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0xde}, &(0x7f0000000400), &(0x7f0000000440)={0x40, 0x5, 0x4, "f4c8d450"}}) syz_usb_control_io$rtl8150(r0, &(0x7f0000000600)={0x14, &(0x7f0000000500)={0x20, 0x7, 0x90, {0x90, 0xd, "4a001a1a0f23b7ef1bed7b53c4ece8f5c18856d6bbf626cf3e3c9a9d2ad084f61769d7f14c23a783d3ab412a68586bc957c62b807798dc79f6d0c0a15f942b7eccaa9e005770d4fd24a54a37c84b738dca76e00e7263e11c06db37d0a697bd40cf6c3fb896c8ed58333098f93dcf6570e06dbbf0856dadbac4091a96472fe0c99dbff4d4991ff9af980df67fb750"}}, &(0x7f00000005c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x4c0a}}}, &(0x7f0000000840)={0x2c, &(0x7f0000000640)={0x40, 0x3, 0xf8, "8f87a085de81fc914c6347237529f89ac8a078d4ac5e55349db4e4b9ee1f0cbc2e813ba94875d9cd38994ecbc4cf0a99b1fed422a8ef28619f613a9ca9bbfbabcdeefe43fe72ab0e8f72bbf8a22f6e28fac82ca0f0ab4be9759ea781e89b91205727d5ac82d46deba746c94cc2fc3329c831425e1f1e63575b1e4b4fd54635950ab9f8c6c03c92ac6dd29dbd60360a374337d5d13180851db8ce5c97e0224a2d2855ec9a6c3ce66c9e966283d2cd92304c084cc95c77379ed9be9b74c06096464815fc51fe833e185f90e1a993f678729559f7931b294b36363400bf9eddcdc647813d1e72fad283d0e0922a9a19e9a51a7f78f1914a3244"}, &(0x7f0000000740)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000780)={0x0, 0x8, 0x1, 0xd}, &(0x7f00000007c0)={0xc0, 0x5, 0x4, "3b020548"}, &(0x7f0000000800)={0x40, 0x5, 0x6, "a520b3c427cf"}}) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000880)={0x77359400}, 0x10) syz_usb_control_io(r0, &(0x7f0000000ac0)={0x2c, &(0x7f00000008c0)={0x20, 0x21, 0x1c, {0x1c, 0x6, "fbd1d0b279557c7ac9ad4f710d6efbe59eac7560b73d54bc1214"}}, &(0x7f0000000900)={0x0, 0x3, 0xd6, @string={0xd6, 0x3, "6bc0ed54a4ad414afe41ae4e5e695a755f952ec1e7389f2494fc6162b43810565adf681e91059250fa305651c59beb3542f326af7270d5d8ef8b3851e1602534ed2523af90da4f2382b642f3127c0ae1e13d643c4b0ddbb659b73a308b7f58455b2369ec422f1b089811d4c8aa43918b2a3787936cbc7f25a9c46981b7fcaa005921f8ea2d357089ebeaec96cb5f7e8b487cce1db8563a421844094b1b541ff510faf8177d6194f76c8103eb87124acf75aff64f66856b8f10fab61feccfabe27303976a93285fe5bddfbe16c80a89100ac3f5ab"}}, &(0x7f0000000a00)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000a40)={0x20, 0x29, 0xf, {0xf, 0x29, 0x4, 0x60, 0x5, 0x0, "51569cb8", "055cd043"}}, &(0x7f0000000a80)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x8, 0x3, 0x1, 0x33, 0x1, 0x8, 0xdc}}}, &(0x7f0000000fc0)={0x84, &(0x7f0000000b00)={0x0, 0x14, 0xd9, "34fbb180fcdf60f49067f3b3ad82795ccfb78b6145a631eec015adb56f4783fe1baa0dd90355a31520ecdc30cbfa6f6b2ce09a9465a67202948c12f88fb023455f81fad842547984ec9a2ea14f3a6bf06df313fa18d8c0bf41418c337dbcb755313c1e745ce10b916530c0fe67f00f08a3bbf36240a1d675a4230953c2762985e3a0ae9f26ed874046006447bd0c2f0a5bc186fbd2aa66bcf80c4cb884eecd295946019563a25ae698f16126448930f415f21788a867ddd00b76e92a253d015586a50853b2faccfadff8874138c907b44bd5df515f0cf707c8"}, &(0x7f0000000c00)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000c40)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000c80)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f0000000cc0)={0x20, 0x0, 0x4, {0x800, 0x40}}, &(0x7f0000000d00)={0x40, 0x7, 0x2, 0xe}, &(0x7f0000000d40)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000d80)={0x40, 0xb, 0x2, '0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x25}, 0x1, 0x6, 0x0, 0x0, 0x4, 0x540000, r1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private0, 0xfffffffc, 0x6, 0x0, 0x200, 0x6, 0x180107, r1}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/protocols\x00') preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x33, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000240)={@local, @private1={0xfc, 0x1, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x4}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x86020086, r5}) 1.576111419s ago: executing program 4 (id=868): writev(0xffffffffffffffff, &(0x7f0000000240)=[{}], 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x2d, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x2, 0x5, 0x3fe, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x7f, 0x2, 0x2, 0x6, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0x6, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x204, 0x1c, 0x7, 0x1, 0x9, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x9000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x5, 0x2, 0x6, 0x8000, 0xf65, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0xfffc, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0xc, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x7, 0xfffffffa, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x3, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x4, 0xfffffffd, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)={0x14, 0x0, 0x1, 0x0, 0x3}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0xdc, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_MON={0x4}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8001}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xb}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffeff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x10}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5a16df6c}]}, @TIPC_NLA_MEDIA={0x78, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x21}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xf0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x10}, 0xc0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1.575720089s ago: executing program 2 (id=869): writev(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}, {}], 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x2d, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x2, 0x5, 0x3fe, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x7f, 0x2, 0x2, 0x6, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0x6, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x204, 0x1c, 0x7, 0x1, 0x9, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x9000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x5, 0x2, 0x6, 0x8000, 0xf65, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0xfffc, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0xc, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x7, 0xfffffffa, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x3, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x4, 0xfffffffd, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)={0x14, 0x0, 0x1, 0x0, 0x3}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0xe0, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8001}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xb}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffeff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x10}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5a16df6c}]}, @TIPC_NLA_MEDIA={0x78, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x21}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xf0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x10}, 0xc0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0xf000000) 1.537726943s ago: executing program 3 (id=870): writev(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}, {}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_selinux(r0, &(0x7f0000000080), 0x0, 0xfe, 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x2d, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x2, 0x5, 0x3fe, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x7f, 0x2, 0x2, 0x6, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0x6, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x204, 0x1c, 0x7, 0x1, 0x9, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x9000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x5, 0x2, 0x6, 0x8000, 0xf65, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0xfffc, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0xc, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x7, 0xfffffffa, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x3, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x4, 0xfffffffd, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)={0x14, 0x0, 0x1, 0x0, 0x3}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="e0000000", @ANYRES16=0x0, @ANYBLOB="01002abd7000ffdbdf25030000000c00038008000100018000003c00038008000100080000000800030007000000080002000b00000008000300fffeffff08000100100000000800010007000000080003006cdf165a780005801c0002800800030007000000080002000500000008000300210000001c00028008000400040000000800040005000000080001001c0000003c00d49a1fe6ad6a5559ca3e0280087a440ae64a6036000200090000000800020007000000080001000600000008000200f0000000080001000f000000080001001800000008000100030000000c000980080002000600000010486d97ba3ac7b4b29d7b5d2d4b59e2792125b5ef5615aac9ae39c6425045a863e361125224ac4e"], 0xe0}, 0x1, 0x0, 0x0, 0x10}, 0xc0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x6, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = dup(0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1.445287881s ago: executing program 2 (id=871): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20040000, &(0x7f0000000440)={0xa, 0x4e23, 0x4, @remote, 0x9}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4001}, 0x20000800) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000280)="c7cc6dc1f4ff74805e436e708c4907e0d298075d0043bf776a3e2292da8ab1c101b6f42baf83598718afb1bcf0fe08106cf68c9f3c51210acf97a558f6d5a8348e5e03a2ac07ee1e00f664bf5a2c45cc4ab156db5011947a4665bb4f1f13a3f478b2431f040c1d93", 0x68, 0x10010, &(0x7f0000000040)={0xa, 0x4e22, 0x80d, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}, 0x1c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000180)={0x5, 0x0, [{0x486, 0x0, 0xf3}, {0xacc, 0x0, 0x6}, {0x8b4, 0x0, 0x100000000}, {0xb7b, 0x0, 0xde}, {0x985}]}) ioctl$EVIOCGREP(r1, 0x80084503, &(0x7f0000000000)=""/3) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x2004000, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_on}]}) dup(r1) 1.365888538s ago: executing program 3 (id=872): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000240)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000001280), 0x6) 1.365717768s ago: executing program 3 (id=873): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000380)={0x1c, &(0x7f00000002c0)={0x40, 0x8, 0x4, "bf718993"}, 0x0, 0x0}) 1.071757604s ago: executing program 1 (id=878): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000001c0)="d8df7e23b3b9ce000000b807000000ba000000000f301b8154fea900b9b60a000080320000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000000b9a6080000b800000100ba000000000f300f300fc79d53bf0000c4b9e16dc301012202", 0x62}], 0x1, 0x10, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000900)=[@text16={0x10, 0x0}], 0x1, 0x13, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000040)={[0x8000000000000ffe, 0x7, 0xe, 0x0, 0x7, 0x2, 0x3c, 0x8f08, 0x3, 0xc821, 0x400005b, 0x8, 0x10, 0x400000101, 0x280000000007, 0x1], 0x8080000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 956.835415ms ago: executing program 1 (id=879): r0 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x800) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) signalfd4(r0, &(0x7f0000000080), 0x8, 0x0) 621.967994ms ago: executing program 4 (id=880): syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) eventfd2(0x4, 0x0) socket(0x10, 0x80002, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f6, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020100030e000000fcffffff0400000005000600000000000a00000000000000fc01ff80000000000000000000000000000000000000000005000500000000000a0000002efcb098950a0ec00000000000000000000000aa0000000000000000020013"], 0x70}}, 0x0) sendmmsg(r2, &(0x7f0000000180), 0x400008a, 0x0) sendmsg$key(r2, 0x0, 0x4000000) ioctl$HIDIOCGUSAGE(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000100)={0x2, 0xffffffff, 0x0, 0x2, 0x0, 0x42}) 504.201295ms ago: executing program 2 (id=881): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0022fb000000a3dd09e2ed0762034e9a17603e33afcdebc667bc9a88c24f20cac9e89805d8a95b1002566e5610981ad0a0e1fe"], 0x0}, 0x0) 100.216011ms ago: executing program 1 (id=882): openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r0, 0xc0105500, &(0x7f0000000000)=ANY=[@ANYBLOB="a1"]) 75.620403ms ago: executing program 1 (id=883): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48, 0x83, 0x0, 0x80000001}, {0x6, 0x5, 0x0, 0xfffffc}]}, 0x10) r2 = dup(r0) sendmsg$inet(r2, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000000)="be39", 0x2}], 0x1}, 0x0) 149.369µs ago: executing program 1 (id=884): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x8927, &(0x7f0000000180)={'ip6_vti0\x00', 0x0}) 0s ago: executing program 1 (id=885): mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0xa5) mount$incfs(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000100), 0x200004, &(0x7f0000000000)={[{@rlog_pages={'rlog_pages', 0x3d, 0xfffffffffffffff9}}]}) kernel console output (not intermixed with test programs): -71 [ 113.927588][ T31] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 113.957386][ T331] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 113.978790][ T331] usb 2-1: device descriptor read/8, error -71 [ 114.067369][ T31] usb 3-1: device descriptor read/64, error -71 [ 114.108473][ T331] usb 2-1: device descriptor read/8, error -71 [ 114.307507][ T31] usb 3-1: device descriptor read/64, error -71 [ 114.323095][ T406] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor [ 114.332521][ T406] usb 1-1: 2:1 : format type 9 is not supported yet [ 114.350172][ T406] usb 1-1: USB disconnect, device number 28 [ 114.357328][ T331] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 114.378600][ T331] usb 2-1: device descriptor read/8, error -71 [ 114.417611][ T31] usb usb3-port1: attempt power cycle [ 114.508937][ T331] usb 2-1: device descriptor read/8, error -71 [ 114.637367][ T331] usb usb2-port1: unable to enumerate USB device [ 114.676528][ T604] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 114.690257][ T604] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 114.700016][ T604] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 114.714134][ T604] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 114.724508][ T604] usb 4-1: USB disconnect, device number 36 [ 114.767348][ T31] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 114.788392][ T31] usb 3-1: device descriptor read/8, error -71 [ 114.928464][ T31] usb 3-1: device descriptor read/8, error -71 [ 115.167474][ T31] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 115.188547][ T31] usb 3-1: device descriptor read/8, error -71 [ 115.215963][ T36] audit: type=1400 audit(1771346883.430:280): avc: denied { create } for pid=2434 comm="syz.3.598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 115.237375][ T2437] FAULT_INJECTION: forcing a failure. [ 115.237375][ T2437] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 115.253031][ T2437] CPU: 1 UID: 0 PID: 2437 Comm: syz.3.599 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 115.253063][ T2437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 115.253074][ T2437] Call Trace: [ 115.253080][ T2437] [ 115.253086][ T2437] __dump_stack+0x21/0x30 [ 115.253112][ T2437] dump_stack_lvl+0x140/0x1c0 [ 115.253129][ T2437] ? __cfi_dump_stack_lvl+0x10/0x10 [ 115.253148][ T2437] ? do_vfs_ioctl+0x182d/0x2010 [ 115.253171][ T2437] ? check_stack_object+0x106/0x150 [ 115.253190][ T2437] dump_stack+0x19/0x20 [ 115.253209][ T2437] should_fail_ex+0x3d7/0x530 [ 115.253228][ T2437] should_fail+0xf/0x20 [ 115.253245][ T2437] should_fail_usercopy+0x1e/0x30 [ 115.253262][ T2437] _copy_from_user+0x20/0xa0 [ 115.253281][ T2437] kvm_vm_ioctl+0x65e/0xc60 [ 115.253300][ T2437] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 115.253330][ T2437] ? ioctl_has_perm+0x1bc/0x500 [ 115.253347][ T2437] ? __asan_memcpy+0x5a/0x80 [ 115.253365][ T2437] ? ioctl_has_perm+0x408/0x500 [ 115.253386][ T2437] ? selinux_file_ioctl+0x732/0x1480 [ 115.253401][ T2437] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 115.253418][ T2437] ? __cfi_handle_mm_fault+0x10/0x10 [ 115.253441][ T2437] ? lock_vma_under_rcu+0x4d1/0x590 [ 115.253466][ T2437] ? __fget_files+0x2c5/0x340 [ 115.253488][ T2437] ? bpf_lsm_file_ioctl+0xd/0x20 [ 115.253505][ T2437] ? security_file_ioctl+0x3e/0x110 [ 115.253522][ T2437] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 115.253541][ T2437] __se_sys_ioctl+0x135/0x1b0 [ 115.253562][ T2437] __x64_sys_ioctl+0x7f/0xa0 [ 115.253580][ T2437] x64_sys_call+0x1878/0x2ee0 [ 115.253599][ T2437] do_syscall_64+0x57/0xf0 [ 115.253615][ T2437] ? clear_bhb_loop+0x50/0xa0 [ 115.253632][ T2437] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 115.253655][ T2437] RIP: 0033:0x7f42ebd9c2bb [ 115.253671][ T2437] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 115.253686][ T2437] RSP: 002b:00007f42ecb7d450 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.253708][ T2437] RAX: ffffffffffffffda RBX: 0000200000fd4000 RCX: 00007f42ebd9c2bb [ 115.253723][ T2437] RDX: 00007f42ecb7dbd0 RSI: 000000004020ae46 RDI: 0000000000000004 [ 115.253737][ T2437] RBP: 0000000000000004 R08: 0000000000000001 R09: 000000000000002b [ 115.253749][ T2437] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000fec00000 [ 115.253762][ T2437] R13: 00007f42ecb7dbd0 R14: 0000200000fd5000 R15: 0000000000000001 [ 115.253778][ T2437] [ 115.256510][ T36] audit: type=1400 audit(1771346883.430:281): avc: denied { create } for pid=2434 comm="syz.3.598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 115.550598][ T31] usb 3-1: device descriptor read/8, error -71 [ 115.654206][ T2448] FAULT_INJECTION: forcing a failure. [ 115.654206][ T2448] name failslab, interval 1, probability 0, space 0, times 0 [ 115.667415][ T2448] CPU: 0 UID: 0 PID: 2448 Comm: syz.0.603 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 115.667447][ T2448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 115.667459][ T2448] Call Trace: [ 115.667465][ T2448] [ 115.667474][ T2448] __dump_stack+0x21/0x30 [ 115.667499][ T2448] dump_stack_lvl+0x140/0x1c0 [ 115.667518][ T2448] ? __cfi_dump_stack_lvl+0x10/0x10 [ 115.667536][ T2448] ? __kasan_check_write+0x18/0x20 [ 115.667555][ T2448] ? copy_mm+0x2d2/0x1cf0 [ 115.667572][ T2448] dump_stack+0x19/0x20 [ 115.667589][ T2448] should_fail_ex+0x3d7/0x530 [ 115.667606][ T2448] should_failslab+0xac/0x100 [ 115.667625][ T2448] kmem_cache_alloc_noprof+0x42/0x410 [ 115.667644][ T2448] ? alloc_pid+0xa5/0xba0 [ 115.667659][ T2448] ? __asan_memcpy+0x5a/0x80 [ 115.667678][ T2448] alloc_pid+0xa5/0xba0 [ 115.667693][ T2448] copy_process+0x1409/0x3220 [ 115.667695][ T31] usb usb3-port1: unable to enumerate USB device [ 115.667715][ T2448] ? __cfi_copy_process+0x10/0x10 [ 115.667732][ T2448] ? __kmalloc_cache_noprof+0x23c/0x470 [ 115.667751][ T2448] ? __kasan_check_write+0x18/0x20 [ 115.667771][ T2448] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 115.667799][ T2448] vhost_task_create+0x1f7/0x400 [ 115.667830][ T2448] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 115.667856][ T2448] ? __cfi_vhost_task_create+0x10/0x10 [ 115.667880][ T2448] ? __cfi_vhost_task_fn+0x10/0x10 [ 115.667904][ T2448] ? __kasan_check_write+0x18/0x20 [ 115.667927][ T2448] ? mutex_lock+0x97/0x1d0 [ 115.667947][ T2448] ? __cfi_mutex_lock+0x10/0x10 [ 115.667966][ T2448] ? kernel_text_address+0xa9/0xe0 [ 115.667987][ T2448] kvm_mmu_post_init_vm+0x161/0x300 [ 115.668009][ T2448] kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0 [ 115.668030][ T2448] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 115.668049][ T2448] ? kstrtoull+0x13b/0x1e0 [ 115.668066][ T2448] ? kstrtouint+0x78/0xf0 [ 115.668081][ T2448] ? ioctl_has_perm+0x1bc/0x500 [ 115.668099][ T2448] ? __asan_memcpy+0x5a/0x80 [ 115.668118][ T2448] ? ioctl_has_perm+0x408/0x500 [ 115.668135][ T2448] ? has_cap_mac_admin+0xd0/0xd0 [ 115.668152][ T2448] ? __kasan_check_write+0x18/0x20 [ 115.668171][ T2448] ? mutex_lock_killable+0x97/0x1d0 [ 115.668191][ T2448] ? __cfi_mutex_lock_killable+0x10/0x10 [ 115.668211][ T2448] ? proc_fail_nth_write+0x184/0x220 [ 115.668230][ T2448] kvm_vcpu_ioctl+0xa48/0x1000 [ 115.668252][ T2448] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 115.668283][ T2448] ? __cfi_vfs_write+0x10/0x10 [ 115.668303][ T2448] ? __kasan_check_write+0x18/0x20 [ 115.668323][ T2448] ? mutex_unlock+0x90/0x240 [ 115.668341][ T2448] ? __cfi_mutex_unlock+0x10/0x10 [ 115.668360][ T2448] ? __fget_files+0x2c5/0x340 [ 115.668383][ T2448] ? __fget_files+0x2c5/0x340 [ 115.668406][ T2448] ? bpf_lsm_file_ioctl+0xd/0x20 [ 115.668422][ T2448] ? security_file_ioctl+0x3e/0x110 [ 115.668439][ T2448] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 115.668461][ T2448] __se_sys_ioctl+0x135/0x1b0 [ 115.668484][ T2448] __x64_sys_ioctl+0x7f/0xa0 [ 115.668506][ T2448] x64_sys_call+0x1878/0x2ee0 [ 115.668529][ T2448] do_syscall_64+0x57/0xf0 [ 115.668544][ T2448] ? clear_bhb_loop+0x50/0xa0 [ 115.668562][ T2448] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 115.668587][ T2448] RIP: 0033:0x7f6ba199c629 [ 115.668603][ T2448] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.668619][ T2448] RSP: 002b:00007f6ba03f7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.668639][ T2448] RAX: ffffffffffffffda RBX: 00007f6ba1c15fa0 RCX: 00007f6ba199c629 [ 115.668653][ T2448] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 115.668665][ T2448] RBP: 00007f6ba03f7090 R08: 0000000000000000 R09: 0000000000000000 [ 115.668677][ T2448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 115.668688][ T2448] R13: 00007f6ba1c16038 R14: 00007f6ba1c15fa0 R15: 00007ffd7c3e69f8 [ 115.668704][ T2448] [ 116.094147][ T2452] kvm: kvm [2451]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010004) = 0x5 [ 116.197394][ T406] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 116.306021][ T2459] FAULT_INJECTION: forcing a failure. [ 116.306021][ T2459] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 116.320188][ T2459] CPU: 0 UID: 0 PID: 2459 Comm: syz.0.608 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 116.320222][ T2459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 116.320234][ T2459] Call Trace: [ 116.320395][ T2459] [ 116.320411][ T2459] __dump_stack+0x21/0x30 [ 116.320435][ T2459] dump_stack_lvl+0x140/0x1c0 [ 116.320447][ T2459] ? __cfi_dump_stack_lvl+0x10/0x10 [ 116.320461][ T2459] ? exc_page_fault+0x65/0xc0 [ 116.320477][ T2459] dump_stack+0x19/0x20 [ 116.320489][ T2459] should_fail_ex+0x3d7/0x530 [ 116.320501][ T2459] should_fail+0xf/0x20 [ 116.320511][ T2459] should_fail_usercopy+0x1e/0x30 [ 116.320522][ T2459] _copy_to_iter+0x3b8/0x1510 [ 116.320537][ T2459] ? __cfi__copy_to_iter+0x10/0x10 [ 116.320548][ T2459] ? __check_object_size+0x527/0x830 [ 116.320562][ T2459] ? __cfi___check_object_size+0x10/0x10 [ 116.320575][ T2459] __skb_datagram_iter+0x3d0/0x930 [ 116.320596][ T2459] ? __cfi_simple_copy_to_iter+0x10/0x10 [ 116.320610][ T2459] skb_copy_datagram_iter+0x44/0x160 [ 116.320625][ T2459] unix_stream_read_actor+0x73/0xd0 [ 116.320639][ T2459] unix_stream_read_generic+0xb51/0x22d0 [ 116.320658][ T2459] ? unix_stream_read_actor+0xd0/0xd0 [ 116.320670][ T2459] ? __cfi_autoremove_wake_function+0x10/0x10 [ 116.320688][ T2459] ? selinux_socket_recvmsg+0x281/0x380 [ 116.320704][ T2459] ? __cfi_selinux_socket_recvmsg+0x10/0x10 [ 116.320717][ T2459] ? selinux_file_open+0x46c/0x630 [ 116.320728][ T2459] unix_stream_recvmsg+0x17d/0x1e0 [ 116.320741][ T2459] ? __cfi_unix_stream_recvmsg+0x10/0x10 [ 116.320754][ T2459] ? __cfi_unix_stream_read_actor+0x10/0x10 [ 116.320766][ T2459] ? bpf_lsm_socket_recvmsg+0xd/0x20 [ 116.320781][ T2459] ? security_socket_recvmsg+0x44/0x130 [ 116.320796][ T2459] ? __cfi_unix_stream_recvmsg+0x10/0x10 [ 116.320809][ T2459] sock_recvmsg+0x219/0x270 [ 116.320822][ T2459] ____sys_recvmsg+0x1e7/0x4a0 [ 116.320833][ T2459] ? __sys_recvmsg_sock+0x60/0x60 [ 116.320843][ T2459] ? import_iovec+0x80/0xb0 [ 116.320857][ T2459] ___sys_recvmsg+0x216/0x590 [ 116.320867][ T2459] ? __sys_recvmsg+0x290/0x290 [ 116.320877][ T2459] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 116.320888][ T2459] ? selinux_file_permission+0x318/0xb60 [ 116.320899][ T2459] ? __fget_files+0x2c5/0x340 [ 116.320914][ T2459] do_recvmmsg+0x380/0x830 [ 116.320925][ T2459] ? __sys_recvmmsg+0x2a0/0x2a0 [ 116.320934][ T2459] ? __cfi_vfs_write+0x10/0x10 [ 116.320948][ T2459] ? fput+0x1a4/0x240 [ 116.320966][ T2459] __x64_sys_recvmmsg+0x199/0x250 [ 116.320977][ T2459] ? __cfi___x64_sys_recvmmsg+0x10/0x10 [ 116.320987][ T2459] ? __kasan_check_read+0x15/0x20 [ 116.321000][ T2459] x64_sys_call+0x292c/0x2ee0 [ 116.321014][ T2459] do_syscall_64+0x57/0xf0 [ 116.321024][ T2459] ? clear_bhb_loop+0x50/0xa0 [ 116.321036][ T2459] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 116.321053][ T2459] RIP: 0033:0x7f6ba199c629 [ 116.321069][ T2459] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 116.321079][ T2459] RSP: 002b:00007f6ba03f7028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 116.321093][ T2459] RAX: ffffffffffffffda RBX: 00007f6ba1c15fa0 RCX: 00007f6ba199c629 [ 116.321102][ T2459] RDX: 040000000000013c RSI: 00002000000034c0 RDI: 0000000000000005 [ 116.321110][ T2459] RBP: 00007f6ba03f7090 R08: 0000000000000000 R09: 0000000000000000 [ 116.321186][ T2459] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000002 [ 116.321195][ T2459] R13: 00007f6ba1c16038 R14: 00007f6ba1c15fa0 R15: 00007ffd7c3e69f8 [ 116.321206][ T2459] [ 116.357618][ T31] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 116.698646][ T406] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 116.708776][ T406] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 116.718871][ T406] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 116.733800][ T406] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 116.742972][ T406] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.750989][ T406] usb 4-1: Product: syz [ 116.755571][ T406] usb 4-1: Manufacturer: syz [ 116.760341][ T66] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 116.768030][ T406] usb 4-1: SerialNumber: syz [ 116.774418][ T406] hub 4-1:1.0: bad descriptor, ignoring hub [ 116.780411][ T406] hub 4-1:1.0: probe with driver hub failed with error -5 [ 116.869925][ T31] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 116.879173][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.887379][ T31] usb 3-1: Product: syz [ 116.894703][ T31] usb 3-1: Manufacturer: syz [ 116.899584][ T31] usb 3-1: SerialNumber: syz [ 116.917311][ T66] usb 2-1: Using ep0 maxpacket: 32 [ 116.923954][ T66] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 116.932253][ T66] usb 2-1: config 0 has no interface number 0 [ 116.940083][ T66] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 116.950278][ T66] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.959530][ T66] usb 2-1: Product: syz [ 116.963903][ T66] usb 2-1: Manufacturer: syz [ 116.968559][ T66] usb 2-1: SerialNumber: syz [ 116.974064][ T66] usb 2-1: config 0 descriptor?? [ 116.980261][ T66] smsc95xx v2.0.0 [ 116.985401][ T406] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 37 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 117.250799][ T2466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.260550][ T2466] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.308594][ T604] usb 4-1: USB disconnect, device number 37 [ 117.337914][ T604] usblp0: removed [ 117.555033][ T31] rtl8150 3-1:1.0: couldn't reset the device [ 117.561506][ T31] rtl8150 3-1:1.0: probe with driver rtl8150 failed with error -5 [ 117.573080][ T31] usb 3-1: USB disconnect, device number 33 [ 117.899204][ T2481] pim6reg1: entered promiscuous mode [ 117.904717][ T2481] pim6reg1: entered allmulticast mode [ 118.351576][ T66] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 118.363087][ T66] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 118.372825][ T66] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 118.384429][ T66] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 118.394418][ T66] usb 2-1: USB disconnect, device number 31 [ 118.560367][ T2507] syzkaller1: entered promiscuous mode [ 118.566028][ T2507] syzkaller1: entered allmulticast mode [ 118.674757][ T2507] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 118.683667][ T2507] overlayfs: missing 'lowerdir' [ 118.758948][ T2512] FAULT_INJECTION: forcing a failure. [ 118.758948][ T2512] name failslab, interval 1, probability 0, space 0, times 0 [ 118.771889][ T2512] CPU: 1 UID: 0 PID: 2512 Comm: syz.3.626 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 118.771924][ T2512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 118.771937][ T2512] Call Trace: [ 118.771958][ T2512] [ 118.771964][ T2512] __dump_stack+0x21/0x30 [ 118.771984][ T2512] dump_stack_lvl+0x140/0x1c0 [ 118.771996][ T2512] ? __cfi_dump_stack_lvl+0x10/0x10 [ 118.772008][ T2512] ? __kasan_check_read+0x15/0x20 [ 118.772020][ T2512] ? __folio_batch_add_and_move+0x25b/0x320 [ 118.772036][ T2512] dump_stack+0x19/0x20 [ 118.772047][ T2512] should_fail_ex+0x3d7/0x530 [ 118.772059][ T2512] should_failslab+0xac/0x100 [ 118.772073][ T2512] __kmalloc_cache_noprof+0x41/0x470 [ 118.772085][ T2512] ? kvm_check_memslot_overlap+0x343/0x3c0 [ 118.772100][ T2512] ? __kvm_set_memory_region+0x6ca/0xb80 [ 118.772112][ T2512] ? do_vfs_ioctl+0x182d/0x2010 [ 118.772127][ T2512] __kvm_set_memory_region+0x6ca/0xb80 [ 118.772146][ T2512] kvm_set_memory_region+0x2f/0x50 [ 118.772159][ T2512] kvm_vm_ioctl+0xb1b/0xc60 [ 118.772171][ T2512] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 118.772184][ T2512] ? ioctl_has_perm+0x1bc/0x500 [ 118.772195][ T2512] ? __asan_memcpy+0x5a/0x80 [ 118.772207][ T2512] ? ioctl_has_perm+0x408/0x500 [ 118.772218][ T2512] ? selinux_file_ioctl+0x732/0x1480 [ 118.772230][ T2512] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 118.772240][ T2512] ? __cfi_handle_mm_fault+0x10/0x10 [ 118.772254][ T2512] ? lock_vma_under_rcu+0x4d1/0x590 [ 118.772269][ T2512] ? __fget_files+0x2c5/0x340 [ 118.772284][ T2512] ? bpf_lsm_file_ioctl+0xd/0x20 [ 118.772294][ T2512] ? security_file_ioctl+0x3e/0x110 [ 118.772305][ T2512] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 118.772317][ T2512] __se_sys_ioctl+0x135/0x1b0 [ 118.772330][ T2512] __x64_sys_ioctl+0x7f/0xa0 [ 118.772343][ T2512] x64_sys_call+0x1878/0x2ee0 [ 118.772357][ T2512] do_syscall_64+0x57/0xf0 [ 118.772368][ T2512] ? clear_bhb_loop+0x50/0xa0 [ 118.772380][ T2512] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 118.772397][ T2512] RIP: 0033:0x7f42ebd9c2bb [ 118.772408][ T2512] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 118.772418][ T2512] RSP: 002b:00007f42ecb7d450 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 118.772431][ T2512] RAX: ffffffffffffffda RBX: 0000200000fd4000 RCX: 00007f42ebd9c2bb [ 118.772439][ T2512] RDX: 00007f42ecb7dbd0 RSI: 000000004020ae46 RDI: 0000000000000004 [ 118.772446][ T2512] RBP: 0000000000000004 R08: 0000000000000001 R09: 000000000000002b [ 118.772453][ T2512] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000fec00000 [ 118.772460][ T2512] R13: 00007f42ecb7dbd0 R14: 0000200000fd5000 R15: 0000000000000001 [ 118.772469][ T2512] [ 119.077392][ T36] audit: type=1400 audit(1771346887.300:282): avc: denied { read } for pid=2521 comm="syz.1.629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 119.089985][ T2524] netlink: 104 bytes leftover after parsing attributes in process `syz.0.630'. [ 119.124360][ T36] audit: type=1400 audit(1771346887.340:283): avc: denied { remount } for pid=2526 comm="syz.0.632" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 119.147828][ T36] audit: type=1400 audit(1771346887.370:284): avc: denied { ioctl } for pid=2521 comm="syz.1.629" path="socket:[24309]" dev="sockfs" ino=24309 ioctlcmd=0x660c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 119.357359][ T31] usb 1-1: new full-speed USB device number 29 using dummy_hcd [ 119.381085][ T36] audit: type=1400 audit(1771346887.600:285): avc: denied { mount } for pid=2535 comm="syz.2.634" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 119.508759][ T31] usb 1-1: config 0 has an invalid interface number: 48 but max is 0 [ 119.519039][ T31] usb 1-1: config 0 has no interface number 0 [ 119.527105][ T31] usb 1-1: config 0 interface 48 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 119.538785][ T31] usb 1-1: config 0 interface 48 has no altsetting 0 [ 119.558378][ T31] usb 1-1: New USB device found, idVendor=11f5, idProduct=0005, bcdDevice=59.25 [ 119.567889][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.576750][ T31] usb 1-1: Product: syz [ 119.581191][ T31] usb 1-1: Manufacturer: syz [ 119.586305][ T31] usb 1-1: SerialNumber: syz [ 119.596524][ T31] usb 1-1: config 0 descriptor?? [ 119.602365][ T2528] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 119.613322][ T31] pl2303 1-1:0.48: required interrupt-in endpoint missing [ 119.657336][ T10] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 119.807320][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 119.812727][ T2528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.823047][ T2528] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.831792][ T10] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 119.842257][ T2528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.853333][ T10] usb 3-1: config 1 has no interface number 1 [ 119.859755][ T2528] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.867887][ T10] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 119.882224][ T2528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.892434][ T10] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 129, changing to 7 [ 119.904305][ T2528] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.913950][ T2528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.923554][ T10] usb 3-1: string descriptor 0 read error: -22 [ 119.929907][ T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 119.940539][ T2528] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.951643][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.977915][ T10] usb 3-1: 2:1 : unknown format tag 0x94a5 is detected. processed as MPEG. [ 119.987070][ T2528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.997537][ T10] usb 3-1: found format II with max.bitrate = 6, frame size=9 [ 120.005149][ T10] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 120.011775][ T2528] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.023761][ T66] usb 1-1: USB disconnect, device number 29 [ 120.177325][ T31] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 120.177701][ T2538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.195506][ T2538] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.221601][ T10] usb 3-1: USB disconnect, device number 34 [ 120.347383][ T31] usb 2-1: Using ep0 maxpacket: 32 [ 120.354896][ T31] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 120.363076][ T31] usb 2-1: config 0 has no interface number 0 [ 120.371219][ T31] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 120.380541][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.389116][ T31] usb 2-1: Product: syz [ 120.393287][ T31] usb 2-1: Manufacturer: syz [ 120.397931][ T31] usb 2-1: SerialNumber: syz [ 120.402999][ T31] usb 2-1: config 0 descriptor?? [ 120.409165][ T31] smsc95xx v2.0.0 [ 120.657395][ T406] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 120.777372][ T10] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 120.795567][ T36] audit: type=1400 audit(1771347145.013:286): avc: denied { create } for pid=2556 comm="syz.2.642" name="#2b" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 120.816729][ T406] usb 4-1: Using ep0 maxpacket: 16 [ 120.822649][ T36] audit: type=1400 audit(1771347145.013:287): avc: denied { link } for pid=2556 comm="syz.2.642" name="#2b" dev="tmpfs" ino=915 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 120.846886][ T36] audit: type=1400 audit(1771347145.013:288): avc: denied { rename } for pid=2556 comm="syz.2.642" name="#2c" dev="tmpfs" ino=915 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 120.858102][ T406] usb 4-1: config 1 interface 0 has no altsetting 0 [ 120.879403][ T406] usb 4-1: New USB device found, idVendor=05ac, idProduct=0238, bcdDevice= 0.40 [ 120.888597][ T406] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.889677][ T2557] kvm: MWAIT instruction emulated as NOP! [ 120.896810][ T406] usb 4-1: Product: syz [ 120.896837][ T406] usb 4-1: Manufacturer: syz [ 120.896851][ T406] usb 4-1: SerialNumber: syz [ 120.947373][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 120.955836][ T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 120.965067][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.973113][ T10] usb 1-1: Product: syz [ 120.977402][ T10] usb 1-1: Manufacturer: syz [ 120.982097][ T10] usb 1-1: SerialNumber: syz [ 120.990259][ T10] r8152-cfgselector 1-1: Unknown version 0x0000 [ 120.996555][ T10] r8152-cfgselector 1-1: config 0 descriptor?? [ 121.103378][ T406] usbhid 4-1:1.0: can't add hid device: -71 [ 121.109596][ T406] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 121.121796][ T406] usb 4-1: USB disconnect, device number 38 [ 121.206976][ T10] r8152-cfgselector 1-1: Unknown version 0x1430 [ 121.213387][ T10] r8152-cfgselector 1-1: bad CDC descriptors [ 121.408935][ T2555] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.417734][ T2555] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.537394][ T10] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 121.626492][ T31] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 121.637845][ T31] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 121.647196][ T31] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 121.658250][ T31] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 121.668201][ T31] usb 2-1: USB disconnect, device number 32 [ 121.689646][ T36] audit: type=1400 audit(1771347145.913:289): avc: denied { unmount } for pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 121.709623][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 121.716124][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 121.724536][ T10] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 121.734143][ T10] usb 4-1: can't read configurations, error -71 [ 122.567333][ T10] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 122.718569][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 122.729086][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 122.738885][ T10] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 122.748231][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 122.756626][ T10] usb 4-1: SerialNumber: syz [ 122.964960][ T10] usb 4-1: 0:2 : does not exist [ 122.978473][ T10] usb 4-1: USB disconnect, device number 40 [ 122.992909][ T422] udevd[422]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 123.327332][ T331] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 123.478789][ T331] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.484509][ T2587] incfs: Options parsing error. -22 [ 123.488876][ T331] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 123.494022][ T2587] incfs: mount failed -22 [ 123.506960][ T331] usb 2-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 123.520837][ T331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.530043][ T331] usb 2-1: config 0 descriptor?? [ 123.550571][ T31] r8152-cfgselector 1-1: USB disconnect, device number 30 [ 123.583591][ T2590] syzkaller0: entered promiscuous mode [ 123.589164][ T2590] syzkaller0: entered allmulticast mode [ 123.847501][ T330] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 123.887394][ T31] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 123.938239][ T2585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 123.946848][ T2585] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 123.960805][ T331] uclogic 0003:28BD:0042.000B: interface is invalid, ignoring [ 123.997365][ T330] usb 4-1: Using ep0 maxpacket: 32 [ 124.004011][ T330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.015005][ T330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.024810][ T330] usb 4-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 124.034089][ T330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.042844][ T330] usb 4-1: config 0 descriptor?? [ 124.057373][ T31] usb 1-1: Using ep0 maxpacket: 32 [ 124.063944][ T31] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 124.072188][ T31] usb 1-1: config 0 has no interface number 0 [ 124.080083][ T31] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 124.089461][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.097517][ T31] usb 1-1: Product: syz [ 124.101766][ T31] usb 1-1: Manufacturer: syz [ 124.106460][ T31] usb 1-1: SerialNumber: syz [ 124.111869][ T31] usb 1-1: config 0 descriptor?? [ 124.117982][ T31] smsc95xx v2.0.0 [ 124.450320][ T330] zydacron 0003:13EC:0006.000C: unknown main item tag 0x0 [ 124.457835][ T330] zydacron 0003:13EC:0006.000C: unknown main item tag 0x0 [ 124.466054][ T330] zydacron 0003:13EC:0006.000C: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.3-1/input0 [ 125.321018][ T31] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 125.331900][ T31] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 125.341332][ T31] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 125.352209][ T31] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 125.361372][ T31] usb 1-1: USB disconnect, device number 31 [ 126.107315][ T330] usb 1-1: new full-speed USB device number 32 using dummy_hcd [ 126.278385][ T330] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 126.289432][ T330] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 126.300830][ T330] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 126.311271][ T330] usb 1-1: New USB device found, idVendor=7de0, idProduct=676e, bcdDevice=77.db [ 126.329469][ T330] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.348888][ T330] usb 1-1: config 0 descriptor?? [ 126.501297][ T10] usb 4-1: USB disconnect, device number 41 [ 126.558990][ T330] usb 1-1: string descriptor 0 read error: -71 [ 126.576704][ T330] usb 1-1: USB disconnect, device number 32 [ 126.714955][ T36] audit: type=1400 audit(1771347150.933:290): avc: denied { bind } for pid=2616 comm="syz.3.664" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 126.767343][ T331] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 126.918534][ T331] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 126.928984][ T331] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 126.938924][ T331] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 126.953428][ T331] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 126.963019][ T331] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.972286][ T331] usb 3-1: Product: syz [ 126.976466][ T331] usb 3-1: Manufacturer: syz [ 126.981112][ T331] usb 3-1: SerialNumber: syz [ 126.987748][ T331] hub 3-1:1.0: bad descriptor, ignoring hub [ 126.993789][ T331] hub 3-1:1.0: probe with driver hub failed with error -5 [ 127.067385][ T10] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 127.188289][ T2613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.196868][ T2613] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.206046][ T2613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.214630][ T2613] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.229808][ T10] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 127.239012][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.247028][ T10] usb 4-1: Product: syz [ 127.251299][ T10] usb 4-1: Manufacturer: syz [ 127.255920][ T10] usb 4-1: SerialNumber: syz [ 127.866479][ T10] rtl8150 4-1:1.0: eth1: rtl8150 is detected [ 127.963224][ T2650] FAULT_INJECTION: forcing a failure. [ 127.963224][ T2650] name failslab, interval 1, probability 0, space 0, times 0 [ 128.006308][ T2650] CPU: 0 UID: 0 PID: 2650 Comm: syz.0.674 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 128.006341][ T2650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 128.006354][ T2650] Call Trace: [ 128.006361][ T2650] [ 128.006369][ T2650] __dump_stack+0x21/0x30 [ 128.006402][ T2650] dump_stack_lvl+0x140/0x1c0 [ 128.006422][ T2650] ? __cfi_dump_stack_lvl+0x10/0x10 [ 128.006445][ T2650] dump_stack+0x19/0x20 [ 128.006466][ T2650] should_fail_ex+0x3d7/0x530 [ 128.006486][ T2650] should_failslab+0xac/0x100 [ 128.006510][ T2650] __kmalloc_node_noprof+0x6c/0x4f0 [ 128.006531][ T2650] ? __get_vm_area_node+0x28c/0x3d0 [ 128.006549][ T2650] ? __vmalloc_node_range_noprof+0x549/0x1480 [ 128.006569][ T2650] ? __kernel_text_address+0x11/0x40 [ 128.006590][ T2650] __vmalloc_node_range_noprof+0x549/0x1480 [ 128.006614][ T2650] ? __cfi___vmalloc_node_range_noprof+0x10/0x10 [ 128.006631][ T2650] ? kasan_save_alloc_info+0x40/0x50 [ 128.006650][ T2650] ? __kasan_kmalloc+0x96/0xb0 [ 128.006671][ T2650] ? __kmalloc_cache_noprof+0x23c/0x470 [ 128.006692][ T2650] ? __kvm_set_memory_region+0x6ca/0xb80 [ 128.006716][ T2650] ? kvm_set_memory_region+0x2f/0x50 [ 128.006738][ T2650] ? kvm_vm_ioctl+0xb1b/0xc60 [ 128.006757][ T2650] ? __se_sys_ioctl+0x135/0x1b0 [ 128.006779][ T2650] ? __x64_sys_ioctl+0x7f/0xa0 [ 128.006801][ T2650] ? x64_sys_call+0x1878/0x2ee0 [ 128.006824][ T2650] ? do_syscall_64+0x57/0xf0 [ 128.006842][ T2650] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 128.006868][ T2650] ? __vcalloc_noprof+0x3a/0x50 [ 128.006888][ T2650] __vmalloc_noprof+0x104/0x1d0 [ 128.006906][ T2650] ? __vcalloc_noprof+0x3a/0x50 [ 128.006925][ T2650] ? __cfi___vmalloc_noprof+0x10/0x10 [ 128.006960][ T2650] __vcalloc_noprof+0x3a/0x50 [ 128.006978][ T2650] kvm_arch_prepare_memory_region+0x2b0/0xf30 [ 128.007002][ T2650] ? __cfi_mutex_lock+0x10/0x10 [ 128.007023][ T2650] kvm_set_memslot+0x594/0x13f0 [ 128.007042][ T2650] ? __kmalloc_cache_noprof+0x23c/0x470 [ 128.007061][ T2650] ? __kvm_set_memory_region+0x6ca/0xb80 [ 128.007084][ T2650] __kvm_set_memory_region+0x825/0xb80 [ 128.007105][ T2650] kvm_set_memory_region+0x2f/0x50 [ 128.007125][ T2650] kvm_vm_ioctl+0xb1b/0xc60 [ 128.007145][ T2650] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 128.007165][ T2650] ? ioctl_has_perm+0x1bc/0x500 [ 128.007182][ T2650] ? __asan_memcpy+0x5a/0x80 [ 128.007202][ T2650] ? ioctl_has_perm+0x408/0x500 [ 128.007223][ T2650] ? selinux_file_ioctl+0x732/0x1480 [ 128.007242][ T2650] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 128.007259][ T2650] ? __cfi_handle_mm_fault+0x10/0x10 [ 128.007280][ T2650] ? lock_vma_under_rcu+0x4d1/0x590 [ 128.007307][ T2650] ? __fget_files+0x2c5/0x340 [ 128.007328][ T2650] ? bpf_lsm_file_ioctl+0xd/0x20 [ 128.007344][ T2650] ? security_file_ioctl+0x3e/0x110 [ 128.007362][ T2650] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 128.007381][ T2650] __se_sys_ioctl+0x135/0x1b0 [ 128.007405][ T2650] __x64_sys_ioctl+0x7f/0xa0 [ 128.007427][ T2650] x64_sys_call+0x1878/0x2ee0 [ 128.007450][ T2650] do_syscall_64+0x57/0xf0 [ 128.007466][ T2650] ? clear_bhb_loop+0x50/0xa0 [ 128.007484][ T2650] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 128.007510][ T2650] RIP: 0033:0x7f6ba199c2bb [ 128.007528][ T2650] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 128.007544][ T2650] RSP: 002b:00007f6ba03f5450 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 128.007565][ T2650] RAX: ffffffffffffffda RBX: 0000200000fd4000 RCX: 00007f6ba199c2bb [ 128.007579][ T2650] RDX: 00007f6ba03f5bd0 RSI: 000000004020ae46 RDI: 0000000000000004 [ 128.007592][ T2650] RBP: 0000000000000004 R08: 0000000000000001 R09: 000000000000002b [ 128.007604][ T2650] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000fec00000 [ 128.007615][ T2650] R13: 00007f6ba03f5bd0 R14: 0000200000fd5000 R15: 0000000000000001 [ 128.007631][ T2650] [ 128.389560][ T2650] syz.0.674: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0 [ 128.408257][ T2650] CPU: 1 UID: 0 PID: 2650 Comm: syz.0.674 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 128.408286][ T2650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 128.408298][ T2650] Call Trace: [ 128.408305][ T2650] [ 128.408315][ T2650] __dump_stack+0x21/0x30 [ 128.408348][ T2650] dump_stack_lvl+0x140/0x1c0 [ 128.408372][ T2650] ? __cfi_dump_stack_lvl+0x10/0x10 [ 128.408395][ T2650] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 128.408417][ T2650] dump_stack+0x19/0x20 [ 128.408438][ T2650] warn_alloc+0x1e7/0x2c0 [ 128.408462][ T2650] ? __kasan_check_write+0x18/0x20 [ 128.408485][ T2650] ? __cfi_warn_alloc+0x10/0x10 [ 128.408505][ T2650] ? __kasan_kmalloc+0x28/0xb0 [ 128.408530][ T2650] ? __kmalloc_node_noprof+0x255/0x4f0 [ 128.408554][ T2650] ? __get_vm_area_node+0x28c/0x3d0 [ 128.408573][ T2650] ? __vmalloc_node_range_noprof+0x549/0x1480 [ 128.408595][ T2650] __vmalloc_node_range_noprof+0x6aa/0x1480 [ 128.408621][ T2650] ? __cfi___vmalloc_node_range_noprof+0x10/0x10 [ 128.408641][ T2650] ? kasan_save_alloc_info+0x40/0x50 [ 128.408663][ T2650] ? __kasan_kmalloc+0x96/0xb0 [ 128.408684][ T2650] ? __kmalloc_cache_noprof+0x23c/0x470 [ 128.408703][ T2650] ? __kvm_set_memory_region+0x6ca/0xb80 [ 128.408726][ T2650] ? kvm_set_memory_region+0x2f/0x50 [ 128.408751][ T2650] ? kvm_vm_ioctl+0xb1b/0xc60 [ 128.408772][ T2650] ? __se_sys_ioctl+0x135/0x1b0 [ 128.408797][ T2650] ? __x64_sys_ioctl+0x7f/0xa0 [ 128.408831][ T2650] ? x64_sys_call+0x1878/0x2ee0 [ 128.408854][ T2650] ? do_syscall_64+0x57/0xf0 [ 128.408872][ T2650] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 128.408902][ T2650] ? __vcalloc_noprof+0x3a/0x50 [ 128.408925][ T2650] __vmalloc_noprof+0x104/0x1d0 [ 128.408945][ T2650] ? __vcalloc_noprof+0x3a/0x50 [ 128.408968][ T2650] ? __cfi___vmalloc_noprof+0x10/0x10 [ 128.408989][ T2650] __vcalloc_noprof+0x3a/0x50 [ 128.409011][ T2650] kvm_arch_prepare_memory_region+0x2b0/0xf30 [ 128.409042][ T2650] ? __cfi_mutex_lock+0x10/0x10 [ 128.409064][ T2650] kvm_set_memslot+0x594/0x13f0 [ 128.409089][ T2650] ? __kmalloc_cache_noprof+0x23c/0x470 [ 128.409111][ T2650] ? __kvm_set_memory_region+0x6ca/0xb80 [ 128.409135][ T2650] __kvm_set_memory_region+0x825/0xb80 [ 128.409162][ T2650] kvm_set_memory_region+0x2f/0x50 [ 128.409187][ T2650] kvm_vm_ioctl+0xb1b/0xc60 [ 128.409209][ T2650] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 128.409232][ T2650] ? ioctl_has_perm+0x1bc/0x500 [ 128.409251][ T2650] ? __asan_memcpy+0x5a/0x80 [ 128.409273][ T2650] ? ioctl_has_perm+0x408/0x500 [ 128.409297][ T2650] ? selinux_file_ioctl+0x732/0x1480 [ 128.409317][ T2650] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 128.409339][ T2650] ? __cfi_handle_mm_fault+0x10/0x10 [ 128.409363][ T2650] ? lock_vma_under_rcu+0x4d1/0x590 [ 128.409391][ T2650] ? __fget_files+0x2c5/0x340 [ 128.409416][ T2650] ? bpf_lsm_file_ioctl+0xd/0x20 [ 128.409435][ T2650] ? security_file_ioctl+0x3e/0x110 [ 128.409454][ T2650] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 128.409477][ T2650] __se_sys_ioctl+0x135/0x1b0 [ 128.409501][ T2650] __x64_sys_ioctl+0x7f/0xa0 [ 128.409526][ T2650] x64_sys_call+0x1878/0x2ee0 [ 128.409550][ T2650] do_syscall_64+0x57/0xf0 [ 128.409568][ T2650] ? clear_bhb_loop+0x50/0xa0 [ 128.409588][ T2650] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 128.409615][ T2650] RIP: 0033:0x7f6ba199c2bb [ 128.409633][ T2650] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 128.409649][ T2650] RSP: 002b:00007f6ba03f5450 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 128.409672][ T2650] RAX: ffffffffffffffda RBX: 0000200000fd4000 RCX: 00007f6ba199c2bb [ 128.409687][ T2650] RDX: 00007f6ba03f5bd0 RSI: 000000004020ae46 RDI: 0000000000000004 [ 128.409701][ T2650] RBP: 0000000000000004 R08: 0000000000000001 R09: 000000000000002b [ 128.409714][ T2650] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000fec00000 [ 128.409727][ T2650] R13: 00007f6ba03f5bd0 R14: 0000200000fd5000 R15: 0000000000000001 [ 128.409743][ T2650] [ 128.411785][ T406] usb 4-1: USB disconnect, device number 42 [ 128.807598][ T150] net eth1: rx_urb submit failed: -19 [ 128.813960][ T2650] Mem-Info: [ 128.817108][ T2650] active_anon:40914 inactive_anon:0 isolated_anon:0 [ 128.817108][ T2650] active_file:20515 inactive_file:2330 isolated_file:0 [ 128.817108][ T2650] unevictable:0 dirty:59 writeback:0 [ 128.817108][ T2650] slab_reclaimable:6037 slab_unreclaimable:71122 [ 128.817108][ T2650] mapped:25205 shmem:33070 pagetables:971 [ 128.817108][ T2650] sec_pagetables:3 bounce:0 [ 128.817108][ T2650] kernel_misc_reclaimable:0 [ 128.817108][ T2650] free:1488946 free_pcp:2695 free_cma:0 [ 128.862081][ T2650] Node 0 active_anon:163608kB inactive_anon:0kB active_file:82060kB inactive_file:9320kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:100764kB dirty:236kB writeback:0kB shmem:132280kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5356kB pagetables:3888kB sec_pagetables:12kB all_unreclaimable? no [ 128.894667][ T2650] DMA32 free:2958164kB boost:0kB min:19080kB low:23848kB high:28616kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2963372kB mlocked:0kB bounce:0kB free_pcp:5208kB local_pcp:5140kB free_cma:0kB [ 128.924949][ T2650] lowmem_reserve[]: 0 3921 3921 [ 128.929942][ T2650] Normal free:3002424kB boost:0kB min:25972kB low:32464kB high:38956kB reserved_highatomic:0KB free_highatomic:0KB active_anon:163512kB inactive_anon:0kB active_file:82060kB inactive_file:9320kB unevictable:0kB writepending:264kB present:5242880kB managed:4015864kB mlocked:0kB bounce:0kB free_pcp:2236kB local_pcp:1884kB free_cma:0kB [ 128.961600][ T2650] lowmem_reserve[]: 0 0 0 [ 128.965976][ T2650] DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 5*128kB (M) 5*256kB (M) 5*512kB (M) 4*1024kB (UM) 4*2048kB (M) 718*4096kB (M) = 2958164kB [ 128.981556][ T2650] Normal: 612*4kB (UME) 513*8kB (UME) 160*16kB (UME) 189*32kB (UME) 131*64kB (UME) 90*128kB (UME) 33*256kB (UME) 21*512kB (UM) 9*1024kB (ME) 7*2048kB (ME) 714*4096kB (UM) = 3002360kB [ 128.999748][ T2650] 55906 total pagecache pages [ 129.004438][ T2650] 0 pages in swap cache [ 129.008630][ T2650] Free swap = 124728kB [ 129.012830][ T2650] Total swap = 124996kB [ 129.016993][ T2650] 2097051 pages RAM [ 129.020911][ T2650] 0 pages HighMem/MovableOnly [ 129.025795][ T2650] 352242 pages reserved [ 129.029990][ T2650] 0 pages cma reserved [ 129.035408][ T2650] Memory allocations: [ 129.039445][ T2650] 0 B 0 init/main.c:1477 func:do_initcalls [ 129.046645][ T2650] 0 B 0 init/do_mounts.c:186 func:mount_root_generic [ 129.054776][ T2650] 0 B 0 init/do_mounts.c:158 func:do_mount_root [ 129.062472][ T2650] 0 B 0 init/do_mounts.c:352 func:mount_nodev_root [ 129.070722][ T2650] 0 B 0 init/do_mounts_rd.c:241 func:rd_load_image [ 129.080273][ T2650] 0 B 0 init/do_mounts_rd.c:72 func:identify_ramdisk_image [ 129.089788][ T2650] 0 B 0 init/initramfs.c:507 func:unpack_to_rootfs [ 129.093393][ T2661] loop5: detected capacity change from 0 to 7 [ 129.098434][ T2650] 0 B 0 init/initramfs.c:508 func:unpack_to_rootfs [ 129.129500][ T2650] 0 B 0 init/initramfs.c:509 func:unpack_to_rootfs [ 129.139942][ T2650] 0 B 0 init/initramfs.c:101 func:find_link [ 129.538319][ T331] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 35 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 129.567733][ T331] usb 3-1: USB disconnect, device number 35 [ 129.574527][ T331] usblp0: removed [ 129.737335][ T531] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 129.887315][ T531] usb 4-1: Using ep0 maxpacket: 32 [ 129.893916][ T531] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 129.902442][ T531] usb 4-1: config 0 has no interface number 0 [ 129.910373][ T531] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 129.920063][ T531] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.928391][ T531] usb 4-1: Product: syz [ 129.932954][ T531] usb 4-1: Manufacturer: syz [ 129.938827][ T531] usb 4-1: SerialNumber: syz [ 129.948374][ T531] usb 4-1: config 0 descriptor?? [ 129.957504][ T531] smsc95xx v2.0.0 [ 130.471875][ T531] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 130.482761][ T531] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 130.582707][ T2715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.597382][ T2715] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.019653][ T531] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 131.031443][ T531] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 131.041159][ T531] usb 4-1: USB disconnect, device number 43 [ 131.482789][ T2735] netlink: 'syz.2.697': attribute type 4 has an invalid length. [ 131.492224][ T2735] netlink: 'syz.2.697': attribute type 4 has an invalid length. [ 131.627414][ T406] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 131.767336][ T66] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 131.777355][ T406] usb 1-1: Using ep0 maxpacket: 8 [ 131.784528][ T406] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 131.794175][ T406] usb 1-1: config 1 has no interface number 1 [ 131.800317][ T406] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 131.813128][ T406] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 129, changing to 7 [ 131.826441][ T406] usb 1-1: string descriptor 0 read error: -22 [ 131.832870][ T406] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 131.842035][ T406] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.852183][ T406] usb 1-1: 2:1 : unknown format tag 0x94a5 is detected. processed as MPEG. [ 131.861017][ T406] usb 1-1: found format II with max.bitrate = 14, frame size=9 [ 131.868777][ T406] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 131.928576][ T66] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 131.936808][ T66] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 131.947625][ T66] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 131.960633][ T66] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 131.969766][ T66] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.978877][ T66] usb 4-1: config 0 descriptor?? [ 131.984648][ T66] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 132.055578][ T406] usb 1-1: USB disconnect, device number 33 [ 132.653405][ T2760] overlayfs: failed to resolve './file0': -2 [ 132.664311][ T2760] cgroup2: Unknown parameter 'nsdeleeate' [ 132.907320][ T531] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 132.937326][ T66] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 133.069969][ T531] usb 1-1: config 0 interface 0 has no altsetting 0 [ 133.076625][ T531] usb 1-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00 [ 133.085743][ T531] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.093853][ T66] usb 3-1: Using ep0 maxpacket: 32 [ 133.099714][ T531] usb 1-1: config 0 descriptor?? [ 133.100337][ T66] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 133.113167][ T66] usb 3-1: config 0 has no interface number 0 [ 133.120738][ T66] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 133.129864][ T66] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.137942][ T66] usb 3-1: Product: syz [ 133.142115][ T66] usb 3-1: Manufacturer: syz [ 133.146719][ T66] usb 3-1: SerialNumber: syz [ 133.153971][ T66] usb 3-1: config 0 descriptor?? [ 133.158819][ T36] audit: type=1400 audit(1771347157.373:291): avc: denied { getopt } for pid=2764 comm="syz.1.709" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 133.161347][ T2765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.187600][ T2765] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.195927][ T66] smsc95xx v2.0.0 [ 133.201249][ T36] audit: type=1400 audit(1771347157.423:292): avc: denied { setattr } for pid=2764 comm="syz.1.709" name="RFCOMM" dev="sockfs" ino=26759 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 133.508434][ T531] microsoft 0003:045E:009D.000D: unknown main item tag 0x0 [ 133.515851][ T531] microsoft 0003:045E:009D.000D: unknown main item tag 0x0 [ 133.523340][ T531] microsoft 0003:045E:009D.000D: unknown main item tag 0x0 [ 133.530624][ T531] microsoft 0003:045E:009D.000D: unknown main item tag 0x0 [ 133.538051][ T531] microsoft 0003:045E:009D.000D: unknown main item tag 0x0 [ 133.546031][ T531] microsoft 0003:045E:009D.000D: hidraw0: USB HID v0.00 Device [HID 045e:009d] on usb-dummy_hcd.0-1/input0 [ 133.557487][ T531] microsoft 0003:045E:009D.000D: no inputs found [ 133.563966][ T531] microsoft 0003:045E:009D.000D: could not initialize ff, continuing anyway [ 133.588281][ T66] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 133.599222][ T66] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 133.708453][ T531] usb 1-1: USB disconnect, device number 34 [ 134.009905][ T66] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 134.020973][ T66] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 134.031541][ T66] usb 3-1: USB disconnect, device number 36 [ 134.221854][ T2773] loop5: detected capacity change from 0 to 7 [ 134.538254][ T531] usb 4-1: USB disconnect, device number 44 [ 134.567307][ T36] audit: type=1400 audit(1771347158.783:293): avc: denied { write } for pid=2780 comm="syz.3.715" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 134.593191][ T2787] incfs: Options parsing error. -22 [ 134.598667][ T2787] incfs: mount failed -22 [ 134.612757][ T2789] netlink: 104 bytes leftover after parsing attributes in process `syz.2.716'. [ 134.670367][ T2800] syzkaller0: entered promiscuous mode [ 134.676132][ T2800] syzkaller0: entered allmulticast mode [ 134.686220][ T2800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.695946][ T2800] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.117705][ T604] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 135.268377][ T604] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 135.276609][ T604] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 135.287428][ T604] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 135.300712][ T604] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 135.309788][ T604] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.318620][ T604] usb 3-1: config 0 descriptor?? [ 135.326727][ T604] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 135.333203][ T36] audit: type=1400 audit(1771347159.543:294): avc: denied { mounton } for pid=2821 comm="syz.0.727" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 135.667292][ T36] audit: type=1326 audit(1771347159.883:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2825 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f42ebd593fb code=0x50000 [ 135.690530][ T36] audit: type=1326 audit(1771347159.883:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2825 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ebd9c629 code=0x50000 [ 135.713510][ T36] audit: type=1326 audit(1771347159.883:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2825 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ebd9c629 code=0x50000 [ 135.736485][ T36] audit: type=1326 audit(1771347159.883:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2825 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ebd9c629 code=0x50000 [ 135.759506][ T36] audit: type=1326 audit(1771347159.883:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2825 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ebd9c629 code=0x50000 [ 135.782670][ T36] audit: type=1326 audit(1771347159.883:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2825 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ebd9c629 code=0x50000 [ 136.297353][ T604] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 136.369172][ T12] bridge_slave_1: left allmulticast mode [ 136.374918][ T12] bridge_slave_1: left promiscuous mode [ 136.380614][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.388397][ T12] bridge_slave_0: left allmulticast mode [ 136.394105][ T12] bridge_slave_0: left promiscuous mode [ 136.399878][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.447303][ T604] usb 4-1: Using ep0 maxpacket: 8 [ 136.454404][ T604] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 136.467090][ T604] usb 4-1: config 1 has no interface number 1 [ 136.475061][ T604] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 136.488540][ T604] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 129, changing to 7 [ 136.502537][ T604] usb 4-1: string descriptor 0 read error: -22 [ 136.508922][ T604] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 136.518411][ T604] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.532986][ T604] usb 4-1: 2:1: invalid format type 0x94a5 is detected, processed as PCM [ 136.545390][ T12] veth1_macvtap: left promiscuous mode [ 136.551551][ T604] usb 4-1: 2:1 : sample bitwidth 248 in over sample bytes 1 [ 136.567434][ T604] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 136.663919][ T2837] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.671036][ T2837] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.678351][ T2837] bridge_slave_0: entered allmulticast mode [ 136.684795][ T2837] bridge_slave_0: entered promiscuous mode [ 136.692594][ T2837] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.699849][ T2837] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.706979][ T2837] bridge_slave_1: entered allmulticast mode [ 136.713601][ T2837] bridge_slave_1: entered promiscuous mode [ 136.733654][ T604] usb 4-1: USB disconnect, device number 45 [ 136.779173][ T2837] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.786224][ T2837] bridge0: port 2(bridge_slave_1) entered forwarding state [ 136.793558][ T2837] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.800621][ T2837] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.821095][ T708] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.828571][ T708] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.838315][ T128] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.845376][ T128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.854561][ T128] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.861653][ T128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 136.886539][ T2837] veth0_vlan: entered promiscuous mode [ 136.897128][ T2837] veth1_macvtap: entered promiscuous mode [ 137.417179][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 137.567134][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 137.573450][ T10] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 137.581683][ T10] usb 5-1: config 0 has no interface number 0 [ 137.587823][ T10] usb 5-1: config 0 interface 184 has no altsetting 0 [ 137.596039][ T10] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 137.605251][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.613443][ T10] usb 5-1: Product: syz [ 137.617701][ T10] usb 5-1: Manufacturer: syz [ 137.622750][ T10] usb 5-1: SerialNumber: syz [ 137.628139][ T10] usb 5-1: config 0 descriptor?? [ 137.633795][ T10] smsc75xx v1.0.0 [ 137.806203][ T604] usb 3-1: USB disconnect, device number 37 [ 138.007078][ T66] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 138.157028][ T66] usb 4-1: Using ep0 maxpacket: 8 [ 138.163330][ T66] usb 4-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 138.172495][ T66] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.181666][ T66] usb 4-1: config 0 descriptor?? [ 138.388309][ T2858] netlink: 'syz.3.738': attribute type 4 has an invalid length. [ 138.396081][ T2858] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.738'. [ 138.412691][ T66] usbhid 4-1:0.0: can't add hid device: -71 [ 138.418981][ T66] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 138.429357][ T66] usb 4-1: USB disconnect, device number 46 [ 138.691096][ T2876] incfs: Options parsing error. -22 [ 138.696653][ T2876] incfs: mount failed -22 [ 138.765590][ T2880] syzkaller0: entered promiscuous mode [ 138.771237][ T2880] syzkaller0: entered allmulticast mode [ 139.016876][ T66] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 139.166725][ T66] usb 3-1: Using ep0 maxpacket: 32 [ 139.173205][ T66] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.184269][ T66] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.194056][ T66] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 139.203379][ T66] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.212428][ T66] usb 3-1: config 0 descriptor?? [ 139.550199][ T2891] FAULT_INJECTION: forcing a failure. [ 139.550199][ T2891] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 139.563553][ T2891] CPU: 1 UID: 0 PID: 2891 Comm: syz.1.749 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 139.563587][ T2891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 139.563598][ T2891] Call Trace: [ 139.563604][ T2891] [ 139.563611][ T2891] __dump_stack+0x21/0x30 [ 139.563644][ T2891] dump_stack_lvl+0x140/0x1c0 [ 139.563667][ T2891] ? __cfi_dump_stack_lvl+0x10/0x10 [ 139.563692][ T2891] dump_stack+0x19/0x20 [ 139.563713][ T2891] should_fail_ex+0x3d7/0x530 [ 139.563730][ T2891] should_fail+0xf/0x20 [ 139.563740][ T2891] should_fail_usercopy+0x1e/0x30 [ 139.563751][ T2891] _copy_from_iter+0x1a9/0x1510 [ 139.563765][ T2891] ? __kasan_check_write+0x18/0x20 [ 139.563778][ T2891] ? _copy_from_iter+0x218/0x1510 [ 139.563795][ T2891] ? __cfi__copy_from_iter+0x10/0x10 [ 139.563816][ T2891] ? __virt_addr_valid+0x2a6/0x380 [ 139.563835][ T2891] ? __cfi__copy_from_iter+0x10/0x10 [ 139.563856][ T2891] ? __check_object_size+0x527/0x830 [ 139.563874][ T2891] ? __cfi___check_object_size+0x10/0x10 [ 139.563886][ T2891] copy_page_from_iter+0x1e5/0x2b0 [ 139.563899][ T2891] skb_copy_datagram_from_iter+0x30c/0x700 [ 139.563975][ T2891] tun_get_user+0x16ef/0x36c0 [ 139.564001][ T2891] ? arch_stack_walk+0x10a/0x170 [ 139.564022][ T2891] ? _parse_integer_limit+0x195/0x1e0 [ 139.564032][ T2891] ? ptr_ring_consume+0x430/0x430 [ 139.564045][ T2891] ? _parse_integer+0x2e/0x40 [ 139.564054][ T2891] ? kstrtoull+0x13b/0x1e0 [ 139.564063][ T2891] ? __kasan_check_write+0x18/0x20 [ 139.564077][ T2891] ? ref_tracker_alloc+0x30d/0x590 [ 139.564098][ T2891] ? __cfi_ref_tracker_alloc+0x10/0x10 [ 139.564118][ T2891] ? selinux_file_permission+0x318/0xb60 [ 139.564139][ T2891] ? __kasan_check_write+0x18/0x20 [ 139.564160][ T2891] tun_chr_write_iter+0x1fc/0x310 [ 139.564174][ T2891] vfs_write+0x764/0xf90 [ 139.564187][ T2891] ? __cfi_vfs_write+0x10/0x10 [ 139.564200][ T2891] ksys_write+0x145/0x260 [ 139.564211][ T2891] ? __cfi_ksys_write+0x10/0x10 [ 139.564225][ T2891] ? __kasan_check_read+0x15/0x20 [ 139.564245][ T2891] __x64_sys_write+0x7f/0x90 [ 139.564267][ T2891] x64_sys_call+0x271c/0x2ee0 [ 139.564291][ T2891] do_syscall_64+0x57/0xf0 [ 139.564305][ T2891] ? clear_bhb_loop+0x50/0xa0 [ 139.564316][ T2891] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 139.564331][ T2891] RIP: 0033:0x7efe1219c629 [ 139.564344][ T2891] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 139.564353][ T2891] RSP: 002b:00007efe130bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 139.564367][ T2891] RAX: ffffffffffffffda RBX: 00007efe12415fa0 RCX: 00007efe1219c629 [ 139.564382][ T2891] RDX: 000000000000fdef RSI: 0000200000000300 RDI: 0000000000000005 [ 139.564395][ T2891] RBP: 00007efe130bc090 R08: 0000000000000000 R09: 0000000000000000 [ 139.564409][ T2891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.564422][ T2891] R13: 00007efe12416038 R14: 00007efe12415fa0 R15: 00007ffcb45bbc88 [ 139.564439][ T2891] [ 139.867927][ T66] zydacron 0003:13EC:0006.000E: unknown main item tag 0x0 [ 139.875112][ T66] zydacron 0003:13EC:0006.000E: unknown main item tag 0x0 [ 139.883309][ T66] zydacron 0003:13EC:0006.000E: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.2-1/input0 [ 139.937463][ T2895] netlink: 25 bytes leftover after parsing attributes in process `syz.1.750'. [ 139.946987][ T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 139.961146][ T2895] netlink: 'syz.1.750': attribute type 4 has an invalid length. [ 139.969041][ T36] kauditd_printk_skb: 93 callbacks suppressed [ 139.969059][ T36] audit: type=1400 audit(1771347424.182:394): avc: denied { create } for pid=2894 comm="syz.1.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 139.996079][ T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 140.006173][ T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 140.006542][ T406] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 140.017584][ T10] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71 [ 140.033287][ T36] audit: type=1400 audit(1771347424.182:395): avc: denied { write } for pid=2894 comm="syz.1.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 140.044866][ T2903] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 140.079407][ T10] usb 5-1: USB disconnect, device number 2 [ 140.167884][ T406] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 140.175980][ T406] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 140.186623][ T406] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 140.199795][ T406] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 140.209458][ T406] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.220154][ T406] usb 4-1: config 0 descriptor?? [ 140.226333][ T406] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 140.456458][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 140.607651][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 140.617466][ T10] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 140.627270][ T10] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 140.641776][ T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 140.650919][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.658970][ T10] usb 5-1: Product: syz [ 140.663192][ T10] usb 5-1: Manufacturer: syz [ 140.667831][ T10] usb 5-1: SerialNumber: syz [ 140.674059][ T10] hub 5-1:1.0: bad descriptor, ignoring hub [ 140.680091][ T10] hub 5-1:1.0: probe with driver hub failed with error -5 [ 140.876120][ T10] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 141.128875][ T2910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.137580][ T2910] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.176550][ T406] usb 5-1: USB disconnect, device number 3 [ 141.183371][ T406] usblp0: removed [ 141.213732][ T2913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.222470][ T2913] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.692578][ T31] usb 3-1: USB disconnect, device number 38 [ 141.790585][ T2917] FAULT_INJECTION: forcing a failure. [ 141.790585][ T2917] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 141.804173][ T2917] CPU: 0 UID: 0 PID: 2917 Comm: syz.1.759 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 141.804207][ T2917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 141.804220][ T2917] Call Trace: [ 141.804228][ T2917] [ 141.804237][ T2917] __dump_stack+0x21/0x30 [ 141.804256][ T2917] dump_stack_lvl+0x140/0x1c0 [ 141.804268][ T2917] ? __cfi_dump_stack_lvl+0x10/0x10 [ 141.804281][ T2917] ? __alloc_pages_noprof+0x7e0/0x7e0 [ 141.804293][ T2917] dump_stack+0x19/0x20 [ 141.804304][ T2917] should_fail_ex+0x3d7/0x530 [ 141.804316][ T2917] should_fail_alloc_page+0xec/0x110 [ 141.804330][ T2917] __alloc_pages_noprof+0x1c0/0x7e0 [ 141.804345][ T2917] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 141.804356][ T2917] ? folio_add_lru+0x116/0x400 [ 141.804372][ T2917] ? __cfi_folio_add_lru+0x10/0x10 [ 141.804385][ T2917] ? __kasan_check_read+0x15/0x20 [ 141.804397][ T2917] __folio_alloc_noprof+0x14/0x80 [ 141.804407][ T2917] folio_prealloc+0x46/0x220 [ 141.804422][ T2917] do_pte_missing+0x1e80/0x44f0 [ 141.804436][ T2917] ? kasan_save_stack+0x4d/0x60 [ 141.804451][ T2917] ? pte_marker_clear+0x1b0/0x1b0 [ 141.804465][ T2917] ? __cfi_cgroup_rstat_updated+0x10/0x10 [ 141.804481][ T2917] ? __pte_offset_map+0x1b0/0x230 [ 141.804492][ T2917] ? pte_offset_map_rw_nolock+0xba/0x110 [ 141.804504][ T2917] handle_mm_fault+0x11b8/0x1bf0 [ 141.804519][ T2917] ? __cfi_handle_mm_fault+0x10/0x10 [ 141.804532][ T2917] ? find_vma+0xd3/0x120 [ 141.804545][ T2917] ? lock_mm_and_find_vma+0xb8/0x390 [ 141.804558][ T2917] do_user_addr_fault+0x4c9/0x11e0 [ 141.804573][ T2917] exc_page_fault+0x58/0xc0 [ 141.804587][ T2917] asm_exc_page_fault+0x2b/0x30 [ 141.804603][ T2917] RIP: 0010:rep_movs_alternative+0x4a/0xa0 [ 141.804631][ T2917] Code: 75 f1 e9 59 68 03 00 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 141.804640][ T2917] RSP: 0018:ffffc9000119f2b8 EFLAGS: 00050206 [ 141.804660][ T2917] RAX: ffffffff82accf01 RBX: ffff888008b6d000 RCX: 0000000000000b80 [ 141.804668][ T2917] RDX: 0000000000000000 RSI: ffff888008b6d480 RDI: 000020000000d000 [ 141.804676][ T2917] RBP: ffffc9000119f418 R08: ffff888008b6dfff R09: 1ffff1100116dbff [ 141.804684][ T2917] R10: dffffc0000000000 R11: ffffed100116dc00 R12: 000020000000cb80 [ 141.804692][ T2917] R13: 000000000000c000 R14: 0000000000001000 R15: ffffc9000119fd48 [ 141.804700][ T2917] ? _copy_to_iter+0x341/0x1510 [ 141.804714][ T2917] ? _copy_to_iter+0x441/0x1510 [ 141.804726][ T2917] ? __cfi__copy_to_iter+0x10/0x10 [ 141.804738][ T2917] ? __check_object_size+0x527/0x830 [ 141.804750][ T2917] ? __cfi___check_object_size+0x10/0x10 [ 141.804763][ T2917] __skb_datagram_iter+0x3d0/0x930 [ 141.804778][ T2917] ? __cfi_simple_copy_to_iter+0x10/0x10 [ 141.804792][ T2917] skb_copy_datagram_iter+0x44/0x160 [ 141.804806][ T2917] unix_stream_read_actor+0x73/0xd0 [ 141.804820][ T2917] unix_stream_read_generic+0xb51/0x22d0 [ 141.804835][ T2917] ? unix_stream_read_actor+0xd0/0xd0 [ 141.804846][ T2917] ? __cfi_autoremove_wake_function+0x10/0x10 [ 141.804864][ T2917] ? selinux_socket_recvmsg+0x281/0x380 [ 141.804878][ T2917] ? __cfi_selinux_socket_recvmsg+0x10/0x10 [ 141.804891][ T2917] ? selinux_file_open+0x46c/0x630 [ 141.804905][ T2917] unix_stream_recvmsg+0x17d/0x1e0 [ 141.804920][ T2917] ? __cfi_unix_stream_recvmsg+0x10/0x10 [ 141.804932][ T2917] ? __cfi_unix_stream_read_actor+0x10/0x10 [ 141.804944][ T2917] ? bpf_lsm_socket_recvmsg+0xd/0x20 [ 141.804959][ T2917] ? security_socket_recvmsg+0x44/0x130 [ 141.804974][ T2917] ? __cfi_unix_stream_recvmsg+0x10/0x10 [ 141.804986][ T2917] sock_recvmsg+0x219/0x270 [ 141.805000][ T2917] ____sys_recvmsg+0x1e7/0x4a0 [ 141.805011][ T2917] ? __sys_recvmsg_sock+0x60/0x60 [ 141.805022][ T2917] ? import_iovec+0x80/0xb0 [ 141.805036][ T2917] ___sys_recvmsg+0x216/0x590 [ 141.805046][ T2917] ? __sys_recvmsg+0x290/0x290 [ 141.805055][ T2917] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 141.805066][ T2917] ? selinux_file_permission+0x318/0xb60 [ 141.805077][ T2917] ? __fget_files+0x2c5/0x340 [ 141.805092][ T2917] do_recvmmsg+0x380/0x830 [ 141.805102][ T2917] ? __sys_recvmmsg+0x2a0/0x2a0 [ 141.805111][ T2917] ? __cfi_vfs_write+0x10/0x10 [ 141.805125][ T2917] ? fput+0x1a4/0x240 [ 141.805134][ T2917] __x64_sys_recvmmsg+0x199/0x250 [ 141.805145][ T2917] ? __cfi___x64_sys_recvmmsg+0x10/0x10 [ 141.805155][ T2917] ? __kasan_check_read+0x15/0x20 [ 141.805167][ T2917] x64_sys_call+0x292c/0x2ee0 [ 141.805180][ T2917] do_syscall_64+0x57/0xf0 [ 141.805190][ T2917] ? clear_bhb_loop+0x50/0xa0 [ 141.805200][ T2917] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 141.805218][ T2917] RIP: 0033:0x7efe1219c629 [ 141.805231][ T2917] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 141.805246][ T2917] RSP: 002b:00007efe130bc028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 141.805264][ T2917] RAX: ffffffffffffffda RBX: 00007efe12415fa0 RCX: 00007efe1219c629 [ 141.805277][ T2917] RDX: 040000000000013c RSI: 00002000000034c0 RDI: 0000000000000005 [ 141.805289][ T2917] RBP: 00007efe130bc090 R08: 0000000000000000 R09: 0000000000000000 [ 141.805296][ T2917] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000002 [ 141.805302][ T2917] R13: 00007efe12416038 R14: 00007efe12415fa0 R15: 00007ffcb45bbc88 [ 141.805311][ T2917] [ 141.966115][ T406] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 142.507175][ T406] usb 5-1: Using ep0 maxpacket: 32 [ 142.514510][ T406] usb 5-1: unable to get BOS descriptor or descriptor too short [ 142.524872][ T406] usb 5-1: config 0 has an invalid interface number: 98 but max is 1 [ 142.533547][ T406] usb 5-1: config 0 has no interface number 1 [ 142.539942][ T406] usb 5-1: config 0 interface 0 has no altsetting 0 [ 142.546841][ T406] usb 5-1: config 0 interface 98 has no altsetting 0 [ 142.547883][ T531] usb 4-1: USB disconnect, device number 47 [ 142.555175][ T406] usb 5-1: New USB device found, idVendor=07ca, idProduct=0825, bcdDevice=40.12 [ 142.569218][ T406] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.583746][ T406] usb 5-1: Product: syz [ 142.594156][ T406] usb 5-1: Manufacturer: syz [ 142.598880][ T406] usb 5-1: SerialNumber: syz [ 142.609114][ T406] usb 5-1: config 0 descriptor?? [ 142.955860][ T10] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 143.006202][ T531] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 143.021651][ T2946] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.030567][ T2946] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.085837][ T10] usb 3-1: device descriptor read/64, error -71 [ 143.155824][ T531] usb 4-1: Using ep0 maxpacket: 32 [ 143.162361][ T531] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 143.170527][ T531] usb 4-1: config 0 has no interface number 0 [ 143.178544][ T531] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 143.187715][ T531] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.196058][ T531] usb 4-1: Product: syz [ 143.200458][ T531] usb 4-1: Manufacturer: syz [ 143.205276][ T531] usb 4-1: SerialNumber: syz [ 143.211031][ T531] usb 4-1: config 0 descriptor?? [ 143.216910][ T531] smsc95xx v2.0.0 [ 143.335757][ T10] usb 3-1: device descriptor read/64, error -71 [ 143.378666][ T406] usb 5-1: bad CDC descriptors [ 143.388068][ T406] usb 5-1: USB disconnect, device number 4 [ 143.552128][ T2953] FAULT_INJECTION: forcing a failure. [ 143.552128][ T2953] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.565294][ T2953] CPU: 0 UID: 0 PID: 2953 Comm: syz.1.772 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 143.565327][ T2953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 143.565337][ T2953] Call Trace: [ 143.565343][ T2953] [ 143.565350][ T2953] __dump_stack+0x21/0x30 [ 143.565380][ T2953] dump_stack_lvl+0x140/0x1c0 [ 143.565399][ T2953] ? __cfi_dump_stack_lvl+0x10/0x10 [ 143.565421][ T2953] dump_stack+0x19/0x20 [ 143.565440][ T2953] should_fail_ex+0x3d7/0x530 [ 143.565467][ T2953] should_fail+0xf/0x20 [ 143.565490][ T2953] should_fail_usercopy+0x1e/0x30 [ 143.565506][ T2953] _copy_from_iter+0x1a9/0x1510 [ 143.565528][ T2953] ? __kasan_check_write+0x18/0x20 [ 143.565550][ T2953] ? _copy_from_iter+0x218/0x1510 [ 143.565570][ T2953] ? __cfi__copy_from_iter+0x10/0x10 [ 143.565584][ T2953] ? __virt_addr_valid+0x2a6/0x380 [ 143.565596][ T2953] ? __cfi__copy_from_iter+0x10/0x10 [ 143.565607][ T2953] ? __check_object_size+0x527/0x830 [ 143.565620][ T2953] ? __cfi___check_object_size+0x10/0x10 [ 143.565632][ T2953] copy_page_from_iter+0x1e5/0x2b0 [ 143.565649][ T2953] skb_copy_datagram_from_iter+0x30c/0x700 [ 143.565666][ T2953] tun_get_user+0x16ef/0x36c0 [ 143.565680][ T2953] ? arch_stack_walk+0x10a/0x170 [ 143.565695][ T2953] ? _parse_integer_limit+0x195/0x1e0 [ 143.565705][ T2953] ? ptr_ring_consume+0x430/0x430 [ 143.565723][ T2953] ? _parse_integer+0x2e/0x40 [ 143.565732][ T2953] ? kstrtoull+0x13b/0x1e0 [ 143.565741][ T2953] ? __kasan_check_write+0x18/0x20 [ 143.565753][ T2953] ? ref_tracker_alloc+0x30d/0x590 [ 143.565765][ T2953] ? __cfi_ref_tracker_alloc+0x10/0x10 [ 143.565776][ T2953] ? selinux_file_permission+0x318/0xb60 [ 143.565792][ T2953] ? __kasan_check_write+0x18/0x20 [ 143.565808][ T2953] tun_chr_write_iter+0x1fc/0x310 [ 143.565824][ T2953] vfs_write+0x764/0xf90 [ 143.565841][ T2953] ? __cfi_vfs_write+0x10/0x10 [ 143.565855][ T2953] ksys_write+0x145/0x260 [ 143.565867][ T2953] ? __cfi_ksys_write+0x10/0x10 [ 143.565879][ T2953] ? __kasan_check_read+0x15/0x20 [ 143.565890][ T2953] __x64_sys_write+0x7f/0x90 [ 143.565902][ T2953] x64_sys_call+0x271c/0x2ee0 [ 143.565918][ T2953] do_syscall_64+0x57/0xf0 [ 143.565928][ T2953] ? clear_bhb_loop+0x50/0xa0 [ 143.565943][ T2953] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 143.565958][ T2953] RIP: 0033:0x7efe1219c629 [ 143.565970][ T2953] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 143.565980][ T2953] RSP: 002b:00007efe130bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 143.566001][ T2953] RAX: ffffffffffffffda RBX: 00007efe12415fa0 RCX: 00007efe1219c629 [ 143.566009][ T2953] RDX: 000000000000fdef RSI: 0000200000000300 RDI: 0000000000000005 [ 143.566017][ T2953] RBP: 00007efe130bc090 R08: 0000000000000000 R09: 0000000000000000 [ 143.566024][ T2953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 143.566031][ T2953] R13: 00007efe12416038 R14: 00007efe12415fa0 R15: 00007ffcb45bbc88 [ 143.566044][ T2953] [ 143.862803][ T10] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 143.926361][ T2955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.934976][ T2955] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.995792][ T10] usb 3-1: device descriptor read/64, error -71 [ 144.235587][ T10] usb 3-1: device descriptor read/64, error -71 [ 144.267346][ T2958] ptm ptm18: ldisc open failed (-12), clearing slot 18 [ 144.345690][ T10] usb usb3-port1: attempt power cycle [ 144.569160][ T531] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 144.580766][ T531] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 144.590306][ T531] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 144.601750][ T531] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 144.610937][ T531] usb 4-1: USB disconnect, device number 48 [ 144.615399][ T406] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 144.653062][ T2967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.661693][ T2967] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.685483][ T10] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 144.706627][ T10] usb 3-1: device descriptor read/8, error -71 [ 144.766528][ T406] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 144.775019][ T406] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 144.785375][ T406] usb 5-1: config 0 interface 0 has no altsetting 0 [ 144.793819][ T406] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 144.802982][ T406] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 144.811185][ T406] usb 5-1: Product: syz [ 144.815381][ T406] usb 5-1: Manufacturer: syz [ 144.819975][ T406] usb 5-1: SerialNumber: syz [ 144.825344][ T406] usb 5-1: config 0 descriptor?? [ 144.831215][ T406] hub 5-1:0.0: bad descriptor, ignoring hub [ 144.837187][ T406] hub 5-1:0.0: probe with driver hub failed with error -5 [ 144.846216][ T406] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 144.846514][ T10] usb 3-1: device descriptor read/8, error -71 [ 144.861521][ T422] udevd[422]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 145.033277][ T2965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 145.041940][ T2965] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.051788][ T2965] syzkaller1: entered promiscuous mode [ 145.057315][ T2965] syzkaller1: entered allmulticast mode [ 145.095300][ T10] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 145.126502][ T10] usb 3-1: device descriptor read/8, error -71 [ 145.182621][ T2972] netlink: 'syz.1.779': attribute type 28 has an invalid length. [ 145.199580][ T2975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 145.208163][ T2975] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.216166][ T406] usb 5-1: USB disconnect, device number 5 [ 145.256446][ T10] usb 3-1: device descriptor read/8, error -71 [ 145.365302][ T10] usb usb3-port1: unable to enumerate USB device [ 145.445280][ T531] usb 4-1: new low-speed USB device number 49 using dummy_hcd [ 145.595274][ T531] usb 4-1: Invalid ep0 maxpacket: 64 [ 145.729080][ T531] usb 4-1: new low-speed USB device number 50 using dummy_hcd [ 145.782831][ T2982] FAULT_INJECTION: forcing a failure. [ 145.782831][ T2982] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 145.796186][ T2982] CPU: 0 UID: 0 PID: 2982 Comm: syz.1.783 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 145.796220][ T2982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 145.796233][ T2982] Call Trace: [ 145.796239][ T2982] [ 145.796247][ T2982] __dump_stack+0x21/0x30 [ 145.796275][ T2982] dump_stack_lvl+0x140/0x1c0 [ 145.796296][ T2982] ? __cfi_dump_stack_lvl+0x10/0x10 [ 145.796329][ T2982] ? exc_page_fault+0x65/0xc0 [ 145.796353][ T2982] dump_stack+0x19/0x20 [ 145.796373][ T2982] should_fail_ex+0x3d7/0x530 [ 145.796393][ T2982] should_fail+0xf/0x20 [ 145.796410][ T2982] should_fail_usercopy+0x1e/0x30 [ 145.796430][ T2982] _copy_to_iter+0x3b8/0x1510 [ 145.796453][ T2982] ? __cfi__copy_to_iter+0x10/0x10 [ 145.796472][ T2982] ? __check_object_size+0x527/0x830 [ 145.796493][ T2982] ? __cfi___check_object_size+0x10/0x10 [ 145.796515][ T2982] __skb_datagram_iter+0x3d0/0x930 [ 145.796539][ T2982] ? __cfi_simple_copy_to_iter+0x10/0x10 [ 145.796563][ T2982] skb_copy_datagram_iter+0x44/0x160 [ 145.796587][ T2982] unix_stream_read_actor+0x73/0xd0 [ 145.796608][ T2982] unix_stream_read_generic+0xb51/0x22d0 [ 145.796633][ T2982] ? unix_stream_read_actor+0xd0/0xd0 [ 145.796652][ T2982] ? __cfi_autoremove_wake_function+0x10/0x10 [ 145.796679][ T2982] ? selinux_socket_recvmsg+0x281/0x380 [ 145.796700][ T2982] ? __cfi_selinux_socket_recvmsg+0x10/0x10 [ 145.796719][ T2982] ? selinux_file_open+0x46c/0x630 [ 145.796735][ T2982] unix_stream_recvmsg+0x17d/0x1e0 [ 145.796752][ T2982] ? __cfi_unix_stream_recvmsg+0x10/0x10 [ 145.796771][ T2982] ? __cfi_unix_stream_read_actor+0x10/0x10 [ 145.796788][ T2982] ? bpf_lsm_socket_recvmsg+0xd/0x20 [ 145.796809][ T2982] ? security_socket_recvmsg+0x44/0x130 [ 145.796829][ T2982] ? __cfi_unix_stream_recvmsg+0x10/0x10 [ 145.796848][ T2982] sock_recvmsg+0x219/0x270 [ 145.796867][ T2982] ____sys_recvmsg+0x1e7/0x4a0 [ 145.796884][ T2982] ? __sys_recvmsg_sock+0x60/0x60 [ 145.796901][ T2982] ? import_iovec+0x80/0xb0 [ 145.796923][ T2982] ___sys_recvmsg+0x216/0x590 [ 145.796938][ T2982] ? __sys_recvmsg+0x290/0x290 [ 145.796953][ T2982] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 145.796969][ T2982] ? selinux_file_permission+0x318/0xb60 [ 145.796987][ T2982] ? __fget_files+0x2c5/0x340 [ 145.797010][ T2982] do_recvmmsg+0x380/0x830 [ 145.797026][ T2982] ? __sys_recvmmsg+0x2a0/0x2a0 [ 145.797053][ T2982] ? __cfi_vfs_write+0x10/0x10 [ 145.797072][ T2982] ? fput+0x1a4/0x240 [ 145.797087][ T2982] __x64_sys_recvmmsg+0x199/0x250 [ 145.797103][ T2982] ? __cfi___x64_sys_recvmmsg+0x10/0x10 [ 145.797120][ T2982] ? __kasan_check_read+0x15/0x20 [ 145.797141][ T2982] x64_sys_call+0x292c/0x2ee0 [ 145.797163][ T2982] do_syscall_64+0x57/0xf0 [ 145.797179][ T2982] ? clear_bhb_loop+0x50/0xa0 [ 145.797194][ T2982] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 145.797218][ T2982] RIP: 0033:0x7efe1219c629 [ 145.797235][ T2982] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 145.797250][ T2982] RSP: 002b:00007efe130bc028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 145.797271][ T2982] RAX: ffffffffffffffda RBX: 00007efe12415fa0 RCX: 00007efe1219c629 [ 145.797284][ T2982] RDX: 040000000000013c RSI: 00002000000034c0 RDI: 0000000000000005 [ 145.797297][ T2982] RBP: 00007efe130bc090 R08: 0000000000000000 R09: 0000000000000000 [ 145.797310][ T2982] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000002 [ 145.797332][ T2982] R13: 00007efe12416038 R14: 00007efe12415fa0 R15: 00007ffcb45bbc88 [ 145.797348][ T2982] [ 146.253154][ T331] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 146.424936][ T531] usb 4-1: Invalid ep0 maxpacket: 64 [ 146.430364][ T531] usb usb4-port1: attempt power cycle [ 146.554955][ T331] usb 5-1: Using ep0 maxpacket: 32 [ 146.561485][ T331] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 146.570034][ T331] usb 5-1: config 0 has no interface number 0 [ 146.578060][ T331] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 146.587306][ T331] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.595478][ T331] usb 5-1: Product: syz [ 146.599811][ T331] usb 5-1: Manufacturer: syz [ 146.604492][ T331] usb 5-1: SerialNumber: syz [ 146.610080][ T331] usb 5-1: config 0 descriptor?? [ 146.616393][ T331] smsc95xx v2.0.0 [ 146.687721][ T2996] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.696460][ T2996] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.774900][ T531] usb 4-1: new low-speed USB device number 51 using dummy_hcd [ 146.795252][ T531] usb 4-1: Invalid ep0 maxpacket: 64 [ 146.917616][ T3003] FAULT_INJECTION: forcing a failure. [ 146.917616][ T3003] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.931733][ T3003] CPU: 1 UID: 0 PID: 3003 Comm: syz.2.790 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 146.931766][ T3003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 146.931778][ T3003] Call Trace: [ 146.931787][ T3003] [ 146.931796][ T3003] __dump_stack+0x21/0x30 [ 146.931824][ T3003] dump_stack_lvl+0x140/0x1c0 [ 146.931846][ T3003] ? __cfi_dump_stack_lvl+0x10/0x10 [ 146.931868][ T3003] ? exc_page_fault+0x65/0xc0 [ 146.931891][ T3003] dump_stack+0x19/0x20 [ 146.931902][ T3003] should_fail_ex+0x3d7/0x530 [ 146.931914][ T3003] should_fail+0xf/0x20 [ 146.931924][ T3003] should_fail_usercopy+0x1e/0x30 [ 146.931935][ T3003] _copy_from_iter+0x1a9/0x1510 [ 146.931949][ T3003] ? __kasan_check_write+0x18/0x20 [ 146.931969][ T3003] ? _copy_from_iter+0x218/0x1510 [ 146.931990][ T3003] ? __cfi__copy_from_iter+0x10/0x10 [ 146.932074][ T3003] ? __virt_addr_valid+0x2a6/0x380 [ 146.932089][ T3003] ? __cfi__copy_from_iter+0x10/0x10 [ 146.932112][ T3003] ? __check_object_size+0x527/0x830 [ 146.932133][ T3003] ? __cfi___check_object_size+0x10/0x10 [ 146.932153][ T3003] copy_page_from_iter+0x1e5/0x2b0 [ 146.932176][ T3003] skb_copy_datagram_from_iter+0x30c/0x700 [ 146.932204][ T3003] tun_get_user+0x16ef/0x36c0 [ 146.932223][ T3003] ? arch_stack_walk+0x10a/0x170 [ 146.932237][ T3003] ? _parse_integer_limit+0x195/0x1e0 [ 146.932265][ T3003] ? ptr_ring_consume+0x430/0x430 [ 146.932284][ T3003] ? _parse_integer+0x2e/0x40 [ 146.932301][ T3003] ? kstrtoull+0x13b/0x1e0 [ 146.932319][ T3003] ? __kasan_check_write+0x18/0x20 [ 146.932340][ T3003] ? ref_tracker_alloc+0x30d/0x590 [ 146.932358][ T3003] ? __cfi_ref_tracker_alloc+0x10/0x10 [ 146.932369][ T3003] ? selinux_file_permission+0x318/0xb60 [ 146.932387][ T3003] ? __kasan_check_write+0x18/0x20 [ 146.932399][ T3003] tun_chr_write_iter+0x1fc/0x310 [ 146.932412][ T3003] vfs_write+0x764/0xf90 [ 146.932432][ T3003] ? __cfi_vfs_write+0x10/0x10 [ 146.932457][ T3003] ksys_write+0x145/0x260 [ 146.932480][ T3003] ? __cfi_ksys_write+0x10/0x10 [ 146.932500][ T3003] ? __kasan_check_read+0x15/0x20 [ 146.932518][ T3003] __x64_sys_write+0x7f/0x90 [ 146.932530][ T3003] x64_sys_call+0x271c/0x2ee0 [ 146.932543][ T3003] do_syscall_64+0x57/0xf0 [ 146.932554][ T3003] ? clear_bhb_loop+0x50/0xa0 [ 146.932568][ T3003] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 146.932596][ T3003] RIP: 0033:0x7f02b619c629 [ 146.932613][ T3003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.932629][ T3003] RSP: 002b:00007f02b7047028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 146.932646][ T3003] RAX: ffffffffffffffda RBX: 00007f02b6415fa0 RCX: 00007f02b619c629 [ 146.932654][ T3003] RDX: 000000000000fdef RSI: 0000200000000300 RDI: 0000000000000005 [ 146.932662][ T3003] RBP: 00007f02b7047090 R08: 0000000000000000 R09: 0000000000000000 [ 146.932669][ T3003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 146.932676][ T3003] R13: 00007f02b6416038 R14: 00007f02b6415fa0 R15: 00007fff53cd3828 [ 146.932685][ T3003] [ 146.934829][ T531] usb 4-1: new low-speed USB device number 52 using dummy_hcd [ 147.218034][ T3005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 147.245106][ T531] usb 4-1: Invalid ep0 maxpacket: 64 [ 147.254042][ T3005] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 147.258184][ T531] usb usb4-port1: unable to enumerate USB device [ 147.494112][ T331] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 147.504907][ T331] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 147.524708][ T531] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 147.654654][ T531] usb 3-1: device descriptor read/64, error -71 [ 147.780924][ T3010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 147.789511][ T3010] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 147.894608][ T531] usb 3-1: device descriptor read/64, error -71 [ 148.134555][ T531] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 148.264535][ T531] usb 3-1: device descriptor read/64, error -71 [ 148.323280][ T3021] veth0_virt_wifi: entered allmulticast mode [ 148.330289][ T3021] veth0_virt_wifi: left allmulticast mode [ 148.420814][ T3034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.423694][ T3033] loop5: detected capacity change from 0 to 7 [ 148.430199][ T3034] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.514510][ T531] usb 3-1: device descriptor read/64, error -71 [ 148.625058][ T531] usb usb3-port1: attempt power cycle [ 148.632767][ T331] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 148.645655][ T331] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 148.656175][ T331] usb 5-1: USB disconnect, device number 6 [ 148.744465][ T10] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 148.895755][ T10] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 148.904047][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.915015][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.925012][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 148.938281][ T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 148.947460][ T331] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 148.954956][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.963951][ T10] usb 4-1: config 0 descriptor?? [ 148.974437][ T36] audit: type=1400 audit(1771347433.194:396): avc: denied { accept } for pid=3043 comm="syz.1.804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 148.984393][ T531] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 149.025848][ T531] usb 3-1: device descriptor read/8, error -71 [ 149.104402][ T331] usb 5-1: Using ep0 maxpacket: 32 [ 149.111128][ T331] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 25, changing to 8 [ 149.122126][ T3050] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 149.122817][ T331] usb 5-1: New USB device found, idVendor=046d, idProduct=c283, bcdDevice= 0.00 [ 149.130799][ T3050] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 149.140214][ T331] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.151592][ T3050] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 149.161365][ T331] usb 5-1: config 0 descriptor?? [ 149.174120][ T531] usb 3-1: device descriptor read/8, error -71 [ 149.182197][ T36] audit: type=1400 audit(1771347433.414:397): avc: denied { setattr } for pid=3049 comm="syz.1.806" name="file0" dev="tmpfs" ino=1200 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 149.205278][ T36] audit: type=1400 audit(1771347433.414:398): avc: denied { write } for pid=3049 comm="syz.1.806" name="file0" dev="tmpfs" ino=1200 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 149.227748][ T36] audit: type=1400 audit(1771347433.414:399): avc: denied { open } for pid=3049 comm="syz.1.806" path="/212/bus/file0" dev="tmpfs" ino=1200 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 149.382241][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 149.388679][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 149.397547][ T10] usb 4-1: USB disconnect, device number 53 [ 149.414253][ T531] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 149.435327][ T531] usb 3-1: device descriptor read/8, error -71 [ 149.565366][ T531] usb 3-1: device descriptor read/8, error -71 [ 149.588903][ T36] audit: type=1400 audit(1771347433.814:400): avc: denied { bind } for pid=3041 comm="syz.4.803" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 149.609336][ T36] audit: type=1400 audit(1771347433.814:401): avc: denied { name_bind } for pid=3041 comm="syz.4.803" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 149.610181][ T331] logitech 0003:046D:C283.000F: unknown main item tag 0x0 [ 149.631209][ T36] audit: type=1400 audit(1771347433.814:402): avc: denied { node_bind } for pid=3041 comm="syz.4.803" saddr=fe80::aa src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 149.638790][ T331] logitech 0003:046D:C283.000F: unknown main item tag 0x0 [ 149.666544][ T331] logitech 0003:046D:C283.000F: unknown main item tag 0x0 [ 149.673686][ T331] logitech 0003:046D:C283.000F: unknown main item tag 0x0 [ 149.681414][ T331] logitech 0003:046D:C283.000F: unknown main item tag 0x0 [ 149.688947][ T531] usb usb3-port1: unable to enumerate USB device [ 149.696653][ T331] logitech 0003:046D:C283.000F: unknown main item tag 0x0 [ 149.703855][ T331] logitech 0003:046D:C283.000F: unknown main item tag 0x0 [ 149.711754][ T331] logitech 0003:046D:C283.000F: hidraw0: USB HID v0.00 Device [HID 046d:c283] on usb-dummy_hcd.4-1/input0 [ 149.723232][ T331] logitech 0003:046D:C283.000F: no inputs found [ 149.816053][ T331] usb 5-1: USB disconnect, device number 7 [ 150.061892][ T3068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.070442][ T3068] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.144184][ T531] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 150.296912][ T531] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 150.306155][ T531] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.314759][ T531] usb 4-1: Product: syz [ 150.319425][ T531] usb 4-1: Manufacturer: syz [ 150.324135][ T531] usb 4-1: SerialNumber: syz [ 150.345201][ T3072] FAULT_INJECTION: forcing a failure. [ 150.345201][ T3072] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 150.358325][ T3072] CPU: 0 UID: 0 PID: 3072 Comm: syz.4.816 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 150.358355][ T3072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 150.358367][ T3072] Call Trace: [ 150.358373][ T3072] [ 150.358381][ T3072] __dump_stack+0x21/0x30 [ 150.358407][ T3072] dump_stack_lvl+0x140/0x1c0 [ 150.358425][ T3072] ? __cfi_dump_stack_lvl+0x10/0x10 [ 150.358448][ T3072] ? exc_page_fault+0x65/0xc0 [ 150.358469][ T3072] dump_stack+0x19/0x20 [ 150.358486][ T3072] should_fail_ex+0x3d7/0x530 [ 150.358503][ T3072] should_fail+0xf/0x20 [ 150.358519][ T3072] should_fail_usercopy+0x1e/0x30 [ 150.358536][ T3072] _copy_from_iter+0x1a9/0x1510 [ 150.358555][ T3072] ? __kasan_check_write+0x18/0x20 [ 150.358575][ T3072] ? _copy_from_iter+0x218/0x1510 [ 150.358594][ T3072] ? __cfi__copy_from_iter+0x10/0x10 [ 150.358612][ T3072] ? __virt_addr_valid+0x2a6/0x380 [ 150.358629][ T3072] ? __cfi__copy_from_iter+0x10/0x10 [ 150.358647][ T3072] ? __check_object_size+0x527/0x830 [ 150.358667][ T3072] ? __cfi___check_object_size+0x10/0x10 [ 150.358687][ T3072] copy_page_from_iter+0x1e5/0x2b0 [ 150.358706][ T3072] skb_copy_datagram_from_iter+0x30c/0x700 [ 150.358731][ T3072] tun_get_user+0x16ef/0x36c0 [ 150.358752][ T3072] ? arch_stack_walk+0x10a/0x170 [ 150.358774][ T3072] ? _parse_integer_limit+0x195/0x1e0 [ 150.358790][ T3072] ? ptr_ring_consume+0x430/0x430 [ 150.358811][ T3072] ? _parse_integer+0x2e/0x40 [ 150.358826][ T3072] ? kstrtoull+0x13b/0x1e0 [ 150.358841][ T3072] ? __kasan_check_write+0x18/0x20 [ 150.358859][ T3072] ? ref_tracker_alloc+0x30d/0x590 [ 150.358878][ T3072] ? __cfi_ref_tracker_alloc+0x10/0x10 [ 150.358896][ T3072] ? selinux_file_permission+0x318/0xb60 [ 150.358915][ T3072] ? __kasan_check_write+0x18/0x20 [ 150.358933][ T3072] tun_chr_write_iter+0x1fc/0x310 [ 150.358954][ T3072] vfs_write+0x764/0xf90 [ 150.358974][ T3072] ? __cfi_vfs_write+0x10/0x10 [ 150.358994][ T3072] ksys_write+0x145/0x260 [ 150.359012][ T3072] ? __cfi_ksys_write+0x10/0x10 [ 150.359032][ T3072] ? __kasan_check_read+0x15/0x20 [ 150.359050][ T3072] __x64_sys_write+0x7f/0x90 [ 150.359068][ T3072] x64_sys_call+0x271c/0x2ee0 [ 150.359089][ T3072] do_syscall_64+0x57/0xf0 [ 150.359104][ T3072] ? clear_bhb_loop+0x50/0xa0 [ 150.359121][ T3072] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 150.359145][ T3072] RIP: 0033:0x7f17d059c629 [ 150.359160][ T3072] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 150.359175][ T3072] RSP: 002b:00007f17d1382028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 150.359202][ T3072] RAX: ffffffffffffffda RBX: 00007f17d0815fa0 RCX: 00007f17d059c629 [ 150.359215][ T3072] RDX: 000000000000fdef RSI: 0000200000000300 RDI: 0000000000000005 [ 150.359227][ T3072] RBP: 00007f17d1382090 R08: 0000000000000000 R09: 0000000000000000 [ 150.359239][ T3072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 150.359251][ T3072] R13: 00007f17d0816038 R14: 00007f17d0815fa0 R15: 00007fff478ec468 [ 150.359266][ T3072] [ 150.878246][ T3080] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.887203][ T3080] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.953892][ T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 151.003924][ T331] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 151.072367][ T531] rtl8150 4-1:1.0: eth1: rtl8150 is detected [ 151.104994][ T10] usb 5-1: config 2 has an invalid interface number: 255 but max is 0 [ 151.113287][ T10] usb 5-1: config 2 has no interface number 0 [ 151.119701][ T10] usb 5-1: config 2 interface 255 has no altsetting 0 [ 151.129538][ T10] usb 5-1: New USB device found, idVendor=07c4, idProduct=a103, bcdDevice=4f.0b [ 151.139098][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.147324][ T10] usb 5-1: Product: syz [ 151.151640][ T10] usb 5-1: Manufacturer: syz [ 151.156763][ T10] usb 5-1: SerialNumber: syz [ 151.162446][ T331] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 151.173079][ T331] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 151.183072][ T331] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 151.198771][ T331] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 151.208244][ T331] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.216302][ T331] usb 3-1: Product: syz [ 151.220551][ T331] usb 3-1: Manufacturer: syz [ 151.225238][ T331] usb 3-1: SerialNumber: syz [ 151.231819][ T331] hub 3-1:1.0: bad descriptor, ignoring hub [ 151.237830][ T331] hub 3-1:1.0: probe with driver hub failed with error -5 [ 151.274977][ T531] usb 4-1: USB disconnect, device number 54 [ 151.276183][ T150] net eth1: rx_urb submit failed: -19 [ 151.398349][ T10] ums-sddr55 5-1:2.255: USB Mass Storage device detected [ 151.410603][ T10] ums-sddr55 5-1:2.255: Quirks match for vid 07c4 pid a103: 8 [ 151.432896][ T3078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 151.442175][ T3078] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 151.454851][ T331] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 47 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 151.485410][ T10] usb 5-1: USB disconnect, device number 8 [ 151.705605][ T3117] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 151.714402][ T3117] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 151.981695][ T36] audit: type=1400 audit(1771347436.205:403): avc: denied { execute } for pid=3123 comm="syz.4.825" path="/memory.events.local" dev="ramfs" ino=30812 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 152.033611][ T331] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 152.163607][ T331] usb 4-1: device descriptor read/64, error -71 [ 152.403514][ T331] usb 4-1: device descriptor read/64, error -71 [ 152.430124][ T3136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 152.438885][ T3136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 152.453533][ T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 152.604584][ T10] usb 5-1: config index 0 descriptor too short (expected 45, got 36) [ 152.612716][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.623662][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 152.633438][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 152.646345][ T331] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 152.654048][ T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 152.663093][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.672854][ T10] usb 5-1: config 0 descriptor?? [ 152.793464][ T331] usb 4-1: device descriptor read/64, error -71 [ 152.965689][ T3138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 152.974684][ T3138] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 153.033382][ T331] usb 4-1: device descriptor read/64, error -71 [ 153.081739][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 153.087914][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 153.096967][ T10] usb 5-1: USB disconnect, device number 9 [ 153.143530][ T331] usb usb4-port1: attempt power cycle [ 153.483293][ T331] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 153.504411][ T331] usb 4-1: device descriptor read/8, error -71 [ 153.634777][ T331] usb 4-1: device descriptor read/8, error -71 [ 153.762840][ T3150] FAULT_INJECTION: forcing a failure. [ 153.762840][ T3150] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 153.782020][ T3150] CPU: 1 UID: 0 PID: 3150 Comm: syz.4.836 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 153.782060][ T3150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 153.782074][ T3150] Call Trace: [ 153.782082][ T3150] [ 153.782092][ T3150] __dump_stack+0x21/0x30 [ 153.782121][ T3150] dump_stack_lvl+0x140/0x1c0 [ 153.782146][ T3150] ? __cfi_dump_stack_lvl+0x10/0x10 [ 153.782166][ T3150] ? exc_page_fault+0x65/0xc0 [ 153.782188][ T3150] dump_stack+0x19/0x20 [ 153.782209][ T3150] should_fail_ex+0x3d7/0x530 [ 153.782231][ T3150] should_fail+0xf/0x20 [ 153.782250][ T3150] should_fail_usercopy+0x1e/0x30 [ 153.782272][ T3150] _copy_to_iter+0x3b8/0x1510 [ 153.782296][ T3150] ? __cfi__copy_to_iter+0x10/0x10 [ 153.782319][ T3150] ? __check_object_size+0x527/0x830 [ 153.782342][ T3150] ? __cfi___check_object_size+0x10/0x10 [ 153.782367][ T3150] __skb_datagram_iter+0x3d0/0x930 [ 153.782394][ T3150] ? __cfi_simple_copy_to_iter+0x10/0x10 [ 153.782419][ T3150] skb_copy_datagram_iter+0x44/0x160 [ 153.782446][ T3150] unix_stream_read_actor+0x73/0xd0 [ 153.782468][ T3150] unix_stream_read_generic+0xb51/0x22d0 [ 153.782497][ T3150] ? unix_stream_read_actor+0xd0/0xd0 [ 153.782519][ T3150] ? __cfi_autoremove_wake_function+0x10/0x10 [ 153.782547][ T3150] ? selinux_socket_recvmsg+0x281/0x380 [ 153.782574][ T3150] ? __cfi_selinux_socket_recvmsg+0x10/0x10 [ 153.782596][ T3150] ? selinux_file_open+0x46c/0x630 [ 153.782616][ T3150] unix_stream_recvmsg+0x17d/0x1e0 [ 153.782640][ T3150] ? __cfi_unix_stream_recvmsg+0x10/0x10 [ 153.782663][ T3150] ? __cfi_unix_stream_read_actor+0x10/0x10 [ 153.782686][ T3150] ? bpf_lsm_socket_recvmsg+0xd/0x20 [ 153.782712][ T3150] ? security_socket_recvmsg+0x44/0x130 [ 153.782736][ T3150] ? __cfi_unix_stream_recvmsg+0x10/0x10 [ 153.782761][ T3150] sock_recvmsg+0x219/0x270 [ 153.782789][ T3150] ____sys_recvmsg+0x1e7/0x4a0 [ 153.782809][ T3150] ? __sys_recvmsg_sock+0x60/0x60 [ 153.782830][ T3150] ? import_iovec+0x80/0xb0 [ 153.782862][ T3150] ___sys_recvmsg+0x216/0x590 [ 153.782882][ T3150] ? __sys_recvmsg+0x290/0x290 [ 153.782901][ T3150] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 153.782921][ T3150] ? selinux_file_permission+0x318/0xb60 [ 153.782942][ T3150] ? __fget_files+0x2c5/0x340 [ 153.782969][ T3150] do_recvmmsg+0x380/0x830 [ 153.782988][ T3150] ? __sys_recvmmsg+0x2a0/0x2a0 [ 153.783006][ T3150] ? __cfi_vfs_write+0x10/0x10 [ 153.783030][ T3150] ? fput+0x1a4/0x240 [ 153.783049][ T3150] __x64_sys_recvmmsg+0x199/0x250 [ 153.783068][ T3150] ? __cfi___x64_sys_recvmmsg+0x10/0x10 [ 153.783088][ T3150] ? __kasan_check_read+0x15/0x20 [ 153.783109][ T3150] x64_sys_call+0x292c/0x2ee0 [ 153.783128][ T3150] do_syscall_64+0x57/0xf0 [ 153.783145][ T3150] ? clear_bhb_loop+0x50/0xa0 [ 153.783165][ T3150] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 153.783192][ T3150] RIP: 0033:0x7f17d059c629 [ 153.783212][ T3150] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 153.783229][ T3150] RSP: 002b:00007f17d1382028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 153.783250][ T3150] RAX: ffffffffffffffda RBX: 00007f17d0815fa0 RCX: 00007f17d059c629 [ 153.783264][ T3150] RDX: 040000000000013c RSI: 00002000000034c0 RDI: 0000000000000005 [ 153.783279][ T3150] RBP: 00007f17d1382090 R08: 0000000000000000 R09: 0000000000000000 [ 153.783293][ T3150] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000002 [ 153.783306][ T3150] R13: 00007f17d0816038 R14: 00007f17d0815fa0 R15: 00007fff478ec468 [ 153.783323][ T3150] [ 153.886582][ T331] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 154.140553][ T9] usb 3-1: USB disconnect, device number 47 [ 154.147882][ T9] usblp0: removed [ 154.174181][ T331] usb 4-1: device descriptor read/8, error -71 [ 154.454097][ T331] usb 4-1: device descriptor read/8, error -71 [ 154.563394][ T331] usb usb4-port1: unable to enumerate USB device [ 154.580717][ T36] audit: type=1400 audit(1771347438.805:404): avc: denied { create } for pid=3162 comm="syz.1.840" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 154.602503][ T36] audit: type=1400 audit(1771347438.825:405): avc: denied { unlink } for pid=291 comm="syz-executor" name="file0" dev="tmpfs" ino=1277 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 154.609177][ T3166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.633672][ T3166] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 154.793328][ T604] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 154.822811][ T3171] loop5: detected capacity change from 0 to 7 [ 154.942917][ T604] usb 5-1: Using ep0 maxpacket: 32 [ 154.949408][ T604] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 154.958965][ T604] usb 5-1: config 0 has no interface number 0 [ 154.966851][ T604] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 154.977921][ T604] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.986380][ T604] usb 5-1: Product: syz [ 154.990571][ T604] usb 5-1: Manufacturer: syz [ 154.995594][ T604] usb 5-1: SerialNumber: syz [ 155.001366][ T604] usb 5-1: config 0 descriptor?? [ 155.007795][ T604] smsc95xx v2.0.0 [ 155.598722][ T36] audit: type=1400 audit(1771347439.826:406): avc: denied { write } for pid=3203 comm="syz.1.855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 155.625672][ T36] audit: type=1400 audit(1771347439.846:407): avc: denied { set_context_mgr } for pid=3203 comm="syz.1.855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 155.653059][ T3209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 155.661706][ T3209] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 155.691297][ T3211] FAULT_INJECTION: forcing a failure. [ 155.691297][ T3211] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 155.704476][ T3211] CPU: 0 UID: 0 PID: 3211 Comm: syz.2.857 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 155.704513][ T3211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 155.704526][ T3211] Call Trace: [ 155.704535][ T3211] [ 155.704545][ T3211] __dump_stack+0x21/0x30 [ 155.704576][ T3211] dump_stack_lvl+0x140/0x1c0 [ 155.704598][ T3211] ? __cfi_dump_stack_lvl+0x10/0x10 [ 155.704622][ T3211] ? exc_page_fault+0x65/0xc0 [ 155.704648][ T3211] dump_stack+0x19/0x20 [ 155.704669][ T3211] should_fail_ex+0x3d7/0x530 [ 155.704693][ T3211] should_fail+0xf/0x20 [ 155.704710][ T3211] should_fail_usercopy+0x1e/0x30 [ 155.704731][ T3211] _copy_from_iter+0x1a9/0x1510 [ 155.704753][ T3211] ? __kasan_check_write+0x18/0x20 [ 155.704777][ T3211] ? _copy_from_iter+0x218/0x1510 [ 155.704799][ T3211] ? __cfi__copy_from_iter+0x10/0x10 [ 155.704821][ T3211] ? __virt_addr_valid+0x2a6/0x380 [ 155.704840][ T3211] ? __cfi__copy_from_iter+0x10/0x10 [ 155.704858][ T3211] ? __check_object_size+0x527/0x830 [ 155.704881][ T3211] ? __cfi___check_object_size+0x10/0x10 [ 155.704909][ T3211] copy_page_from_iter+0x1e5/0x2b0 [ 155.704935][ T3211] skb_copy_datagram_from_iter+0x30c/0x700 [ 155.704965][ T3211] tun_get_user+0x16ef/0x36c0 [ 155.704989][ T3211] ? arch_stack_walk+0x10a/0x170 [ 155.705017][ T3211] ? _parse_integer_limit+0x195/0x1e0 [ 155.705035][ T3211] ? ptr_ring_consume+0x430/0x430 [ 155.705060][ T3211] ? _parse_integer+0x2e/0x40 [ 155.705076][ T3211] ? kstrtoull+0x13b/0x1e0 [ 155.705095][ T3211] ? __kasan_check_write+0x18/0x20 [ 155.705116][ T3211] ? ref_tracker_alloc+0x30d/0x590 [ 155.705137][ T3211] ? __cfi_ref_tracker_alloc+0x10/0x10 [ 155.705159][ T3211] ? selinux_file_permission+0x318/0xb60 [ 155.705180][ T3211] ? __kasan_check_write+0x18/0x20 [ 155.705203][ T3211] tun_chr_write_iter+0x1fc/0x310 [ 155.705226][ T3211] vfs_write+0x764/0xf90 [ 155.705250][ T3211] ? __cfi_vfs_write+0x10/0x10 [ 155.705274][ T3211] ksys_write+0x145/0x260 [ 155.705297][ T3211] ? __cfi_ksys_write+0x10/0x10 [ 155.705319][ T3211] ? __kasan_check_read+0x15/0x20 [ 155.705341][ T3211] __x64_sys_write+0x7f/0x90 [ 155.705362][ T3211] x64_sys_call+0x271c/0x2ee0 [ 155.705387][ T3211] do_syscall_64+0x57/0xf0 [ 155.705405][ T3211] ? clear_bhb_loop+0x50/0xa0 [ 155.705423][ T3211] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 155.705459][ T3211] RIP: 0033:0x7f02b619c629 [ 155.705476][ T3211] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 155.705494][ T3211] RSP: 002b:00007f02b7047028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 155.705516][ T3211] RAX: ffffffffffffffda RBX: 00007f02b6415fa0 RCX: 00007f02b619c629 [ 155.705533][ T3211] RDX: 000000000000fdef RSI: 0000200000000300 RDI: 0000000000000005 [ 155.705547][ T3211] RBP: 00007f02b7047090 R08: 0000000000000000 R09: 0000000000000000 [ 155.705560][ T3211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 155.705572][ T3211] R13: 00007f02b6416038 R14: 00007f02b6415fa0 R15: 00007fff53cd3828 [ 155.705591][ T3211] [ 156.150231][ T36] audit: type=1400 audit(1771347440.376:408): avc: denied { connect } for pid=3217 comm="syz.3.860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 156.171390][ T3223] overlay: Unknown parameter 'audit' [ 156.223798][ T604] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 156.230181][ T3225] FAULT_INJECTION: forcing a failure. [ 156.230181][ T3225] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 156.235009][ T604] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 156.247973][ T3225] CPU: 0 UID: 0 PID: 3225 Comm: syz.3.862 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 156.248008][ T3225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 156.248018][ T3225] Call Trace: [ 156.248027][ T3225] [ 156.248036][ T3225] __dump_stack+0x21/0x30 [ 156.248065][ T3225] dump_stack_lvl+0x140/0x1c0 [ 156.248086][ T3225] ? __cfi_dump_stack_lvl+0x10/0x10 [ 156.248109][ T3225] ? __alloc_pages_noprof+0x7e0/0x7e0 [ 156.248128][ T3225] dump_stack+0x19/0x20 [ 156.248147][ T3225] should_fail_ex+0x3d7/0x530 [ 156.248167][ T3225] should_fail_alloc_page+0xec/0x110 [ 156.248191][ T3225] __alloc_pages_noprof+0x1c0/0x7e0 [ 156.248209][ T3225] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 156.248229][ T3225] ? folio_add_lru+0x116/0x400 [ 156.248253][ T3225] ? __cfi_folio_add_lru+0x10/0x10 [ 156.248277][ T3225] ? __kasan_check_read+0x15/0x20 [ 156.248297][ T3225] __folio_alloc_noprof+0x14/0x80 [ 156.248315][ T3225] folio_prealloc+0x46/0x220 [ 156.248393][ T3225] do_pte_missing+0x1e80/0x44f0 [ 156.248425][ T3225] ? pte_marker_clear+0x1b0/0x1b0 [ 156.248449][ T3225] ? __cfi_cgroup_rstat_updated+0x10/0x10 [ 156.248475][ T3225] ? sched_clock+0x44/0x60 [ 156.248495][ T3225] ? __pte_offset_map+0x1b0/0x230 [ 156.248516][ T3225] ? pte_offset_map_rw_nolock+0xba/0x110 [ 156.248536][ T3225] handle_mm_fault+0x11b8/0x1bf0 [ 156.248569][ T3225] ? __cfi_handle_mm_fault+0x10/0x10 [ 156.248592][ T3225] ? find_vma+0xd3/0x120 [ 156.248613][ T3225] ? lock_mm_and_find_vma+0xb8/0x390 [ 156.248637][ T3225] do_user_addr_fault+0x4c9/0x11e0 [ 156.248678][ T3225] exc_page_fault+0x58/0xc0 [ 156.248699][ T3225] asm_exc_page_fault+0x2b/0x30 [ 156.248723][ T3225] RIP: 0010:rep_movs_alternative+0x4a/0xa0 [ 156.248749][ T3225] Code: 75 f1 e9 59 68 03 00 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 156.248765][ T3225] RSP: 0018:ffffc9000dc972b8 EFLAGS: 00050206 [ 156.248784][ T3225] RAX: ffffffff82accf01 RBX: ffff888008b6d000 RCX: 0000000000000b80 [ 156.248799][ T3225] RDX: 0000000000000000 RSI: ffff888008b6d480 RDI: 000020000000f000 [ 156.248812][ T3225] RBP: ffffc9000dc97418 R08: ffff888008b6dfff R09: 1ffff1100116dbff [ 156.248826][ T3225] R10: dffffc0000000000 R11: ffffed100116dc00 R12: 000020000000eb80 [ 156.248840][ T3225] R13: 000000000000e000 R14: 0000000000001000 R15: ffffc9000dc97d48 [ 156.248854][ T3225] ? _copy_to_iter+0x341/0x1510 [ 156.248880][ T3225] ? _copy_to_iter+0x441/0x1510 [ 156.248902][ T3225] ? __cfi__copy_to_iter+0x10/0x10 [ 156.248922][ T3225] ? __check_object_size+0x527/0x830 [ 156.248945][ T3225] ? __cfi___check_object_size+0x10/0x10 [ 156.248968][ T3225] __skb_datagram_iter+0x3d0/0x930 [ 156.248994][ T3225] ? __cfi_simple_copy_to_iter+0x10/0x10 [ 156.249019][ T3225] skb_copy_datagram_iter+0x44/0x160 [ 156.249044][ T3225] unix_stream_read_actor+0x73/0xd0 [ 156.249066][ T3225] unix_stream_read_generic+0xb51/0x22d0 [ 156.249097][ T3225] ? unix_stream_read_actor+0xd0/0xd0 [ 156.249117][ T3225] ? __cfi_autoremove_wake_function+0x10/0x10 [ 156.249145][ T3225] ? selinux_socket_recvmsg+0x281/0x380 [ 156.249170][ T3225] ? __cfi_selinux_socket_recvmsg+0x10/0x10 [ 156.249191][ T3225] ? selinux_file_open+0x46c/0x630 [ 156.249210][ T3225] unix_stream_recvmsg+0x17d/0x1e0 [ 156.249232][ T3225] ? __cfi_unix_stream_recvmsg+0x10/0x10 [ 156.249265][ T3225] ? __cfi_unix_stream_read_actor+0x10/0x10 [ 156.249286][ T3225] ? bpf_lsm_socket_recvmsg+0xd/0x20 [ 156.249311][ T3225] ? security_socket_recvmsg+0x44/0x130 [ 156.249335][ T3225] ? __cfi_unix_stream_recvmsg+0x10/0x10 [ 156.249358][ T3225] sock_recvmsg+0x219/0x270 [ 156.249381][ T3225] ____sys_recvmsg+0x1e7/0x4a0 [ 156.249399][ T3225] ? __sys_recvmsg_sock+0x60/0x60 [ 156.249415][ T3225] ? import_iovec+0x80/0xb0 [ 156.249438][ T3225] ___sys_recvmsg+0x216/0x590 [ 156.249456][ T3225] ? __sys_recvmsg+0x290/0x290 [ 156.249475][ T3225] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 156.249495][ T3225] ? selinux_file_permission+0x318/0xb60 [ 156.249519][ T3225] ? __fget_files+0x2c5/0x340 [ 156.249550][ T3225] do_recvmmsg+0x380/0x830 [ 156.249569][ T3225] ? __sys_recvmmsg+0x2a0/0x2a0 [ 156.249586][ T3225] ? __cfi_vfs_write+0x10/0x10 [ 156.249610][ T3225] ? fput+0x1a4/0x240 [ 156.249626][ T3225] __x64_sys_recvmmsg+0x199/0x250 [ 156.249652][ T3225] ? __cfi___x64_sys_recvmmsg+0x10/0x10 [ 156.249671][ T3225] ? __kasan_check_read+0x15/0x20 [ 156.249694][ T3225] x64_sys_call+0x292c/0x2ee0 [ 156.249718][ T3225] do_syscall_64+0x57/0xf0 [ 156.249734][ T3225] ? clear_bhb_loop+0x50/0xa0 [ 156.249751][ T3225] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 156.249774][ T3225] RIP: 0033:0x7f42ebd9c629 [ 156.249791][ T3225] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 156.249806][ T3225] RSP: 002b:00007f42ecb7f028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 156.249826][ T3225] RAX: ffffffffffffffda RBX: 00007f42ec015fa0 RCX: 00007f42ebd9c629 [ 156.249839][ T3225] RDX: 040000000000013c RSI: 00002000000034c0 RDI: 0000000000000005 [ 156.249853][ T3225] RBP: 00007f42ecb7f090 R08: 0000000000000000 R09: 0000000000000000 [ 156.249866][ T3225] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000002 [ 156.249878][ T3225] R13: 00007f42ec016038 R14: 00007f42ec015fa0 R15: 00007ffc7ae6e518 [ 156.249895][ T3225] [ 156.427438][ T3230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.446161][ T604] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 156.452323][ T3230] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 156.460118][ T604] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 156.674576][ T3230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.683018][ T604] usb 5-1: USB disconnect, device number 10 [ 156.698975][ T3230] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 156.721100][ T3232] loop5: detected capacity change from 0 to 7 [ 156.743415][ T3230] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3230 comm=syz.1.864 [ 157.135943][ T36] audit: type=1400 audit(1771347441.366:409): avc: denied { bind } for pid=3253 comm="syz.3.872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 157.165655][ T36] audit: type=1400 audit(1771347441.386:410): avc: denied { write } for pid=3253 comm="syz.3.872" path="socket:[31650]" dev="sockfs" ino=31650 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 157.421263][ T66] kernel write not supported for file /ppp (pid: 66 comm: kworker/1:2) [ 157.429723][ T604] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 157.536737][ T3268] kvm: kvm [3267]: vcpu1, guest rIP: 0x9114 Unhandled WRMSR(0x187) = 0x11aa [ 157.582258][ T604] usb 4-1: Using ep0 maxpacket: 32 [ 157.588924][ T604] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 157.598803][ T604] usb 4-1: config 0 has no interface number 0 [ 157.611425][ T604] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 157.621820][ T604] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.632709][ T604] usb 4-1: Product: syz [ 157.637099][ T604] usb 4-1: Manufacturer: syz [ 157.642832][ T604] usb 4-1: SerialNumber: syz [ 157.649252][ T604] usb 4-1: config 0 descriptor?? [ 157.658472][ T604] smsc95xx v2.0.0 [ 158.061330][ T604] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 158.073234][ T604] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 158.252137][ T31] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 158.403340][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.414412][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.424373][ T31] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 158.437400][ T31] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 158.446895][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.456872][ T31] usb 3-1: config 0 descriptor?? [ 158.459247][ T3280] usb usb9: usbfs: process 3280 (syz.1.882) did not claim interface 47 before use [ 158.486755][ T604] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 158.498720][ T604] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 158.510950][ T604] usb 4-1: USB disconnect, device number 59 [ 158.528791][ T3286] ------------[ cut here ]------------ [ 158.535517][ T3286] WARNING: CPU: 0 PID: 3286 at mm/page_alloc.c:5235 __alloc_pages_noprof+0x109/0x7e0 [ 158.547196][ T3286] Modules linked in: [ 158.551305][ T3286] CPU: 0 UID: 0 PID: 3286 Comm: syz.1.885 Not tainted syzkaller #0 c4f3ed2acd38b8d794b4bc7267d0c0cbf9bd6dea [ 158.564019][ T3286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 158.574574][ T3286] RIP: 0010:__alloc_pages_noprof+0x109/0x7e0 [ 158.580791][ T3286] Code: 00 0f 1f 44 00 00 83 fb 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d 4a ab 0b 06 00 0f 85 c2 00 00 00 c6 05 3d ab 0b 06 01 <0f> 0b 31 c0 e9 b4 00 00 00 83 fb 0a 0f 87 a9 00 00 00 44 8b 64 24 [ 158.602659][ T3286] RSP: 0018:ffffc9000dc2f860 EFLAGS: 00010246 [ 158.609027][ T3286] RAX: 0000000000000000 RBX: 0000000000000020 RCX: 0000000000000000 [ 158.617636][ T3286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000dc2f918 [ 158.626381][ T3286] RBP: ffffc9000dc2f988 R08: ffffc9000dc2f917 R09: 0000000000000000 [ 158.635200][ T3286] R10: ffffc9000dc2f900 R11: fffff52001b85f23 R12: ffffc9000dc2f8a0 [ 158.643571][ T3286] R13: dffffc0000000000 R14: 1ffff92001b85f10 R15: 0000000000000000 [ 158.652753][ T3286] FS: 00007efe130bc6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 158.661738][ T3286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.669033][ T3286] CR2: 0000001b2ef23ffc CR3: 0000000130bd8000 CR4: 00000000003526b0 [ 158.677517][ T3286] Call Trace: [ 158.681069][ T3286] [ 158.684143][ T3286] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 158.691539][ T3286] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 158.697368][ T3286] ? incfs_realloc_mount_info+0xa7/0x4d0 [ 158.703062][ T3286] ___kmalloc_large_node+0x81/0x210 [ 158.709007][ T3286] ? incfs_realloc_mount_info+0xa7/0x4d0 [ 158.715296][ T3286] __kmalloc_large_node_noprof+0x1e/0xd0 [ 158.721068][ T3286] ? incfs_realloc_mount_info+0xa7/0x4d0 [ 158.726956][ T3286] __kmalloc_noprof+0x326/0x500 [ 158.732649][ T3286] ? __cfi_lockref_get+0x10/0x10 [ 158.738017][ T3286] incfs_realloc_mount_info+0xa7/0x4d0 [ 158.743569][ T3286] ? incfs_add_sysfs_node+0x118/0x230 [ 158.749274][ T3286] incfs_alloc_mount_info+0x478/0x5f0 [ 158.755664][ T3286] incfs_mount_fs+0x3ca/0x970 [ 158.760897][ T3286] ? __cfi_incfs_mount_fs+0x10/0x10 [ 158.767252][ T3286] ? vfs_parse_fs_string+0x10f/0x180 [ 158.772722][ T3286] ? selinux_capable+0x38/0x50 [ 158.777664][ T3286] legacy_get_tree+0x103/0x1b0 [ 158.783424][ T3286] ? __cfi_incfs_mount_fs+0x10/0x10 [ 158.788914][ T3286] vfs_get_tree+0x9e/0x290 [ 158.793925][ T3286] do_new_mount+0x251/0xb30 [ 158.798477][ T3286] ? security_capable+0x44/0x130 [ 158.803581][ T3286] path_mount+0x682/0x1010 [ 158.808528][ T3286] __se_sys_mount+0x2bf/0x480 [ 158.813619][ T3286] ? __x64_sys_mount+0xf0/0xf0 [ 158.819525][ T3286] ? __kasan_check_write+0x18/0x20 [ 158.826753][ T3286] ? fpregs_restore_userregs+0x11c/0x260 [ 158.833420][ T3286] __x64_sys_mount+0xc3/0xf0 [ 158.838603][ T3286] x64_sys_call+0x2021/0x2ee0 [ 158.844041][ T3286] do_syscall_64+0x57/0xf0 [ 158.848634][ T3286] ? clear_bhb_loop+0x50/0xa0 [ 158.853671][ T3286] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 158.859739][ T3286] RIP: 0033:0x7efe1219c629 [ 158.864278][ T3286] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 158.874995][ T31] plantronics 0003:047F:FFFF.0010: unbalanced collection at end of report description [ 158.885020][ T3286] RSP: 002b:00007efe130bc028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 158.896858][ T31] plantronics 0003:047F:FFFF.0010: parse failed [ 158.906130][ T3286] RAX: ffffffffffffffda RBX: 00007efe12415fa0 RCX: 00007efe1219c629 [ 158.914159][ T31] plantronics 0003:047F:FFFF.0010: probe with driver plantronics failed with error -22 [ 158.922241][ T3286] RDX: 0000200000000100 RSI: 0000200000000200 RDI: 0000200000000180 [ 158.922267][ T3286] RBP: 00007efe12232b39 R08: 0000200000000000 R09: 0000000000000000 [ 158.952136][ T3286] R10: 0000000000200004 R11: 0000000000000246 R12: 0000000000000000 [ 158.961637][ T3286] R13: 00007efe12416038 R14: 00007efe12415fa0 R15: 00007ffcb45bbc88 [ 158.969771][ T3286] [ 158.972830][ T3286] ---[ end trace 0000000000000000 ]--- [ 158.978400][ T3286] incfs: Error allocating mount info. -12 [ 158.985016][ T3286] incfs: mount failed -12 [ 159.080400][ T331] usb 3-1: USB disconnect, device number 48