last executing test programs: 8.307347695s ago: executing program 0 (id=24): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002940)=ANY=[@ANYBLOB="38020000190001000000000010000000fe8000000000000000000000000000bbffffffff0000000000000000000000000000000bffff00000a00800000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000008000000000000000010000000000000000000000000000000000000184010500ac1414aa000000000000000000000000000000003c00000000000000ffffffff000000000000000000000000ff34000002020000000000000000000000000000ac1414aa000000000000000000000000000000003c00000000000000fe8000000000000000000000000000000000000000000000000800000008000000000000ff020000000000000000000000000001000000003200000000000000e00000010000000000000000000000000335000003000100000000000000000000000000ff0100000000000000000000000000010000000033000000000000000a01480ff0f0f9b57c9f87bd0101000000000000000000000000043500000000010000000000bf0a000000000000000000000000000000000000000000010000"], 0x238}}, 0x0) 8.273369546s ago: executing program 0 (id=25): syz_usb_connect(0x0, 0x24, &(0x7f0000001080)={{0x12, 0x1, 0x110, 0x2d, 0xce, 0xf6, 0x20, 0x16ca, 0x1502, 0x4b99, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x8, 0xd0, 0x50, 0x8, "", [{{0x9, 0x4, 0x6f, 0x0, 0x0, 0x57, 0x36, 0xf3, 0xfe}}]}}]}}, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) link(0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 7.077574714s ago: executing program 0 (id=33): r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000000000008700cb6f000000000000109022400010000000009040000010300020009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x21, 0x7, {0x7, 0x0, "3d7da32915"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hidraw(&(0x7f0000000000), 0x64, 0x100) ioctl$HIDIOCSFEATURE(r1, 0xc0404806, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x4002) 5.747578887s ago: executing program 3 (id=42): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x89b1, &(0x7f0000000040)={'macvtap0\x00', @random="00009e0c1100"}) 5.743549847s ago: executing program 3 (id=43): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e24, 0x6bb, @ipv4={'\x00', '\xff\xff', @empty}, 0x5}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000004c0)=@gcm_256={{0x303, 0x3a}, "56db7a2700f81000", "a8ef1a3a33071799b7bbebfa6dc371290d0e3808802000", "336819df", "4008000000008700"}, 0x38) writev(r0, &(0x7f0000001840)=[{&(0x7f0000000000)="944a7445b7be5b9f0228496174f1ff679b5c0eeafa7f6649a4f5fe032a7cbbbc2aa32b3f142a72022eba60564d001f082959", 0x32}], 0x1) 5.729627987s ago: executing program 3 (id=44): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000002200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x2c, r0, 0x1, 0x0, 0x0, {{0xa}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4, 0xa}, @NL80211_KEY_IDX={0x5, 0x2, 0x6}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)={0x38, r4, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'pim6reg0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options]}, 0x38}}, 0x0) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[], 0x8c}, 0x1, 0x0, 0x0, 0x4}, 0x2000c040) 5.675604249s ago: executing program 3 (id=45): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000011c0)=ANY=[@ANYBLOB="12010001090003206d0414c340000000000109022400010000a0000904000001030101000921000800012203000905", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000001180)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001300)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB='@0J'], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x0, 0xd2859f99480e5041}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x18, &(0x7f0000000000)=ANY=[@ANYBLOB="000004"], 0x0, 0x0, 0x0, 0x0}) 5.495465025s ago: executing program 2 (id=50): socket(0xb, 0x803, 0x6) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0xa) fchdir(r1) r2 = open(&(0x7f0000000080)='./bus\x00', 0x1031c2, 0x12) ftruncate(r2, 0x2007ffb) close(r2) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r3, 0x402, 0x8000003d) fcntl$setsig(r3, 0xa, 0x21) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x10a) ppoll(&(0x7f0000000300)=[{r2, 0x103}, {r4, 0x601a}], 0x2, &(0x7f0000000040)={0x77359400}, &(0x7f00000000c0)={[0x1451]}, 0x8) 5.495376575s ago: executing program 2 (id=51): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000540)={0x1c, &(0x7f0000000380)={0x40, 0xc}, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 5.438905616s ago: executing program 0 (id=52): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000680)={0x0, 0xe, 0x1, "02"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) 2.683367124s ago: executing program 3 (id=55): r0 = socket(0xf, 0x3, 0x2) write(r0, &(0x7f0000a97ff0)="020b", 0x2) 2.628784306s ago: executing program 3 (id=56): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000100)={0x34, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 2.423604262s ago: executing program 2 (id=57): socket(0xb, 0x803, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x1, 0xa) fchdir(r2) r3 = open(&(0x7f0000000080)='./bus\x00', 0x1031c2, 0x12) ftruncate(r3, 0x2007ffb) close(r3) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r4, 0x402, 0x8000003d) fcntl$setsig(r4, 0xa, 0x21) r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x10a) ppoll(&(0x7f0000000300)=[{r3, 0x103}, {r1, 0x4089}, {r5, 0x601a}], 0x3, &(0x7f0000000040)={0x77359400}, &(0x7f00000000c0)={[0x1451]}, 0x8) 2.423455472s ago: executing program 2 (id=58): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) 2.414452843s ago: executing program 0 (id=59): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f00000000c0)={0x0, 0x2}, 0x8) sendmmsg$sock(r0, &(0x7f00000020c0)=[{{&(0x7f0000000500)=@hci={0x1f, 0x0, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000140)=[@txtime={{0x14, 0x1, 0x3d, 0x2}}, @mark={{0x10, 0x1, 0x24, 0x200}}, @timestamping={{0x10, 0x1, 0x25, 0x1}}], 0x34}}], 0x1, 0x8845) 2.397257623s ago: executing program 0 (id=60): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120110010000004058040350"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000008c0)={0x44, &(0x7f0000000980)=ANY=[@ANYBLOB="4003cd00000049fefefc7ac8ad305c626f8e8420e0752d67dba79937abb515fd00000d3b28fb73a61b03f5b25524523cefe81a4a4d8a7d087e3b31b50bfbebb5d166c19710d6b3bf1079c34fe9d4b38837824852a07f8ae108a925f5ee39ba4035b63bd08af772777e0d5077b865f40671137bbeeb43720506af94fadf7660a66cad4d6dd0a5dcdcb0ca296dc05ba77162ab2e583df5030a0407"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_ep_write(r0, 0x81, 0xffffffffffffff6d, &(0x7f0000000100)="019a18370cfb661ba08c228ce6ca19b6a99a071ca34c72c891f8a260fa00000080977dae8d64a30e92cd51117c4a71e26518e804c00058e6c7c0c363027251668bb650d90000000000") 1.803251862s ago: executing program 1 (id=61): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffffffe}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x5c}}, 0x16) 1.803090492s ago: executing program 1 (id=62): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000000480)={0x283, 0x3}) 1.714703655s ago: executing program 1 (id=63): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x14, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGCOLLECTIONINDEX(r1, 0x40184810, &(0x7f00000002c0)={0x3, 0xffffffff, 0xfffffffe, 0xffff01c2, 0x2, 0xa}) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, 0x0, &(0x7f00000002c0)) 1.595424138s ago: executing program 2 (id=64): r0 = syz_usb_connect$uac3(0x0, 0xa0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12011003000000403512100040000102030109028e000301002040080b0201012130c60904000000010130000a2401042a00ff0f0000132403050001020602028000000700100002000f240902020000000001"], &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, &(0x7f00000005c0)={0x44, &(0x7f0000000240)={0x20, 0x6, 0x4, "e971ec7b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b40)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 283.726311ms ago: executing program 1 (id=65): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x22) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x29, 0x80, 0x0, 0xe0) 283.57324ms ago: executing program 1 (id=66): r0 = memfd_secret(0x0) ioctl$OCFS2_IOC_RESVSP(r0, 0x402c5828, &(0x7f0000000040)={0x2, 0x0, 0x1, 0x1c62, 0xffffff66, 0xffff7fff}) 283.48524ms ago: executing program 1 (id=67): r0 = syz_usb_connect$uac3(0x2, 0x80, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x13e5, 0x1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x3, 0x1, 0x1, 0x80, 0x25, {0x8, 0xb, 0x2, 0x0, 0x1, 0x24, 0x30, 0x9}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x2, 0xa, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x8, 0x9, 0xff, {0xa, 0x25, 0x25, 0x0, 0x2, 0xa34f}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x3, 0xe, 0x4, {0xa, 0x25, 0x25, 0x2, 0x43}}}}}}}}]}}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_usb_control_io$uac3(r0, 0x0, 0x0) 0s ago: executing program 2 (id=68): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000011c0)=ANY=[@ANYBLOB="12010001090003206d0414c340000000000109022400010000a0000904000001030101000921000800012203000905", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000001180)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001300)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB='@0J'], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x0, 0xd2859f99480e5041}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x18, &(0x7f0000000000)=ANY=[@ANYBLOB="000004"], 0x0, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.180' (ED25519) to the list of known hosts. [ 29.663949][ T36] audit: type=1400 audit(1781158938.670:64): avc: denied { mounton } for pid=286 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 29.667523][ T286] cgroup: Unknown subsys name 'net' [ 29.686651][ T36] audit: type=1400 audit(1781158938.670:65): avc: denied { mount } for pid=286 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 29.714012][ T36] audit: type=1400 audit(1781158938.700:66): avc: denied { unmount } for pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 29.714605][ T286] cgroup: Unknown subsys name 'devices' [ 29.838530][ T286] cgroup: Unknown subsys name 'hugetlb' [ 29.844210][ T286] cgroup: Unknown subsys name 'rlimit' [ 29.979767][ T36] audit: type=1400 audit(1781158938.990:67): avc: denied { setattr } for pid=286 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 30.003124][ T36] audit: type=1400 audit(1781158938.990:68): avc: denied { mounton } for pid=286 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 30.027924][ T36] audit: type=1400 audit(1781158938.990:69): avc: denied { mount } for pid=286 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 30.058571][ T288] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 30.067788][ T36] audit: type=1400 audit(1781158939.080:70): avc: denied { relabelto } for pid=288 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 30.093260][ T36] audit: type=1400 audit(1781158939.080:71): avc: denied { write } for pid=288 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 30.143296][ T36] audit: type=1400 audit(1781158939.150:72): avc: denied { read } for pid=286 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 30.144628][ T286] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 30.168819][ T36] audit: type=1400 audit(1781158939.150:73): avc: denied { open } for pid=286 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 31.584320][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.591605][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.598742][ T293] bridge_slave_0: entered allmulticast mode [ 31.605094][ T293] bridge_slave_0: entered promiscuous mode [ 31.619085][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.626226][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.633337][ T293] bridge_slave_1: entered allmulticast mode [ 31.639819][ T293] bridge_slave_1: entered promiscuous mode [ 31.685688][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.692797][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.700097][ T294] bridge_slave_0: entered allmulticast mode [ 31.706527][ T294] bridge_slave_0: entered promiscuous mode [ 31.713126][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.720396][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.727601][ T294] bridge_slave_1: entered allmulticast mode [ 31.733878][ T294] bridge_slave_1: entered promiscuous mode [ 31.766969][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.774046][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.781198][ T295] bridge_slave_0: entered allmulticast mode [ 31.787501][ T295] bridge_slave_0: entered promiscuous mode [ 31.804484][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.811677][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.818968][ T295] bridge_slave_1: entered allmulticast mode [ 31.825293][ T295] bridge_slave_1: entered promiscuous mode [ 31.844326][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.851571][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.858992][ T296] bridge_slave_0: entered allmulticast mode [ 31.865326][ T296] bridge_slave_0: entered promiscuous mode [ 31.875154][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.882248][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.889551][ T296] bridge_slave_1: entered allmulticast mode [ 31.895833][ T296] bridge_slave_1: entered promiscuous mode [ 32.036850][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.044028][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.051465][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.058562][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.084718][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.091965][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.099325][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.106430][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.121086][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.128176][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.135467][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.142561][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.171813][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.178911][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.186225][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.193274][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.227543][ T44] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.234891][ T44] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.242640][ T44] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.250564][ T44] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.257775][ T44] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.264920][ T44] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.272294][ T44] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.279507][ T44] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.295174][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.302256][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.315707][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.322782][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.330666][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.337739][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.345245][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.352325][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.380930][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.388104][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.395624][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.402699][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.415740][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.422934][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.430992][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.438071][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.485057][ T295] veth0_vlan: entered promiscuous mode [ 32.498156][ T294] veth0_vlan: entered promiscuous mode [ 32.515139][ T296] veth0_vlan: entered promiscuous mode [ 32.538361][ T293] veth0_vlan: entered promiscuous mode [ 32.545111][ T296] veth1_macvtap: entered promiscuous mode [ 32.554177][ T294] veth1_macvtap: entered promiscuous mode [ 32.563819][ T295] veth1_macvtap: entered promiscuous mode [ 32.599585][ T293] veth1_macvtap: entered promiscuous mode [ 32.622130][ T294] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 32.956059][ T65] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 32.963792][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 32.971365][ T322] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 33.126207][ T65] usb 4-1: Using ep0 maxpacket: 16 [ 33.131529][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 33.136820][ T322] usb 3-1: Using ep0 maxpacket: 32 [ 33.143457][ T10] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 33.151681][ T10] usb 2-1: config 0 has no interface number 0 [ 33.158027][ T10] usb 2-1: config 0 interface 12 has no altsetting 0 [ 33.165461][ T65] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 33.174729][ T65] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.182818][ T65] usb 4-1: Product: syz [ 33.187097][ T322] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 33.196249][ T65] usb 4-1: Manufacturer: syz [ 33.200945][ T65] usb 4-1: SerialNumber: syz [ 33.205633][ T10] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 33.214713][ T322] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.222794][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.231403][ T322] usb 3-1: Product: syz [ 33.235920][ T322] usb 3-1: Manufacturer: syz [ 33.240622][ T322] usb 3-1: SerialNumber: syz [ 33.245602][ T10] usb 2-1: Product: syz [ 33.250330][ T10] usb 2-1: Manufacturer: syz [ 33.255186][ T322] usb 3-1: config 0 descriptor?? [ 33.260241][ T10] usb 2-1: SerialNumber: syz [ 33.265714][ T10] usb 2-1: config 0 descriptor?? [ 33.451011][ T65] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 33.460863][ T65] usb 4-1: USB disconnect, device number 2 [ 33.815978][ T310] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 33.965970][ T310] usb 1-1: Using ep0 maxpacket: 32 [ 33.972336][ T310] usb 1-1: config 0 has an invalid interface number: 196 but max is 0 [ 33.980891][ T310] usb 1-1: config 0 has no interface number 0 [ 33.987242][ T310] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 33.997535][ T310] usb 1-1: config 0 interface 196 has no altsetting 0 [ 34.005953][ T310] usb 1-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a [ 34.020663][ T310] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 34.028804][ T310] usb 1-1: Product: syz [ 34.033073][ T310] usb 1-1: Manufacturer: syz [ 34.037792][ T310] usb 1-1: SerialNumber: syz [ 34.047059][ T310] usb 1-1: config 0 descriptor?? [ 34.052555][ T334] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 34.064663][ T343] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0) [ 34.073868][ T343] SELinux: failed to load policy [ 34.675465][ T310] ipheth 1-1:0.196: ipheth_enable_ncm: usb_control_msg: 0 [ 34.685203][ T310] ipheth 1-1:0.196: Apple iPhone USB Ethernet device attached [ 34.728775][ T36] kauditd_printk_skb: 49 callbacks suppressed [ 34.728797][ T36] audit: type=1400 audit(1781158943.740:123): avc: denied { read } for pid=149 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 34.877237][ C1] ipheth 1-1:0.196: ipheth_rcvbulk_callback: callback retval: -22 [ 35.067556][ T36] audit: type=1400 audit(1781158944.080:124): avc: denied { create } for pid=383 comm="syz.3.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 35.088823][ T310] usb 1-1: USB disconnect, device number 2 [ 35.095198][ T36] audit: type=1400 audit(1781158944.080:125): avc: denied { setopt } for pid=383 comm="syz.3.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 35.176647][ T310] ipheth 1-1:0.196: Apple iPhone USB Ethernet now disconnected [ 35.356024][ T31] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 35.505965][ T31] usb 4-1: Using ep0 maxpacket: 32 [ 35.512230][ T31] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.523233][ T31] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.534015][ T31] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 35.543116][ T31] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 35.551516][ T31] usb 4-1: Product: syz [ 35.555694][ T31] usb 4-1: Manufacturer: syz [ 35.562559][ T31] hub 4-1:4.0: USB hub found [ 35.603869][ T36] audit: type=1400 audit(1781158944.610:126): avc: denied { ioctl } for pid=404 comm="syz.0.21" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 35.604498][ T405] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 35.728767][ T335] usb 2-1: USB disconnect, device number 2 [ 35.763697][ T31] hub 4-1:4.0: 2 ports detected [ 35.839803][ T36] audit: type=1400 audit(1781158944.850:127): avc: denied { create } for pid=412 comm="syz.0.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 35.844874][ T413] netlink: 384 bytes leftover after parsing attributes in process `syz.0.24'. [ 35.861322][ T36] audit: type=1400 audit(1781158944.850:128): avc: denied { write } for pid=412 comm="syz.0.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 35.890543][ T36] audit: type=1400 audit(1781158944.850:129): avc: denied { nlmsg_write } for pid=412 comm="syz.0.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 35.924605][ T322] usb 3-1: USB disconnect, device number 2 [ 35.941791][ T36] audit: type=1400 audit(1781158944.950:130): avc: denied { name_bind } for pid=416 comm="syz.2.26" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 36.040355][ T36] audit: type=1400 audit(1781158945.050:131): avc: denied { create } for pid=416 comm="syz.2.26" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 36.103042][ T36] audit: type=1400 audit(1781158945.110:132): avc: denied { ioctl } for pid=419 comm="syz.2.27" path="socket:[3687]" dev="sockfs" ino=3687 ioctlcmd=0x89f1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 36.127789][ T335] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 36.166040][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 36.276926][ T335] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 36.288140][ T335] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 36.298574][ T335] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 36.311898][ T335] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 36.321532][ T335] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.330408][ T335] usb 2-1: config 0 descriptor?? [ 36.335953][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 36.342461][ T10] usb 1-1: config 8 has an invalid interface number: 111 but max is 0 [ 36.350845][ T10] usb 1-1: config 8 has no interface number 0 [ 36.360982][ T10] usb 1-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=4b.99 [ 36.371554][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.379634][ T10] usb 1-1: Product: syz [ 36.384010][ T10] usb 1-1: Manufacturer: syz [ 36.388676][ T10] usb 1-1: SerialNumber: syz [ 36.603174][ T10] usb 1-1: USB disconnect, device number 3 [ 36.745393][ T335] usbhid 2-1:0.0: can't add hid device: -71 [ 36.752201][ T335] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 36.761809][ T335] usb 2-1: USB disconnect, device number 3 [ 36.987002][ T31] hub 4-1:4.0: activate --> -90 [ 37.296062][ T65] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 37.355964][ T10] usb 1-1: new low-speed USB device number 4 using dummy_hcd [ 37.394559][ T31] usb 4-1-port2: config error [ 37.406254][ T31] usb 4-1-port2: cannot disable (err = -71) [ 37.414331][ T46] usb 4-1: USB disconnect, device number 3 [ 37.445955][ T65] usb 3-1: Using ep0 maxpacket: 8 [ 37.452395][ T65] usb 3-1: config 0 interface 0 has no altsetting 0 [ 37.459292][ T65] usb 3-1: New USB device found, idVendor=05ac, idProduct=8240, bcdDevice= 0.00 [ 37.469053][ T65] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.477746][ T65] usb 3-1: config 0 descriptor?? [ 37.496040][ T335] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 37.507113][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 37.518308][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 37.528147][ T10] usb 1-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 37.537276][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.546577][ T10] usb 1-1: config 0 descriptor?? [ 37.648545][ T335] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 37.657715][ T335] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.665810][ T335] usb 2-1: Product: syz [ 37.670041][ T335] usb 2-1: Manufacturer: syz [ 37.674667][ T335] usb 2-1: SerialNumber: syz [ 37.680198][ T335] usb 2-1: config 0 descriptor?? [ 37.890087][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 37.903591][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 37.911289][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 37.918969][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 37.926254][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 37.933445][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 37.942108][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 37.950814][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 37.961051][ T10] hid-generic 0003:0C70:F0B6.0002: hidraw0: USB HID v0.00 Device [HID 0c70:f0b6] on usb-dummy_hcd.0-1/input0 [ 37.975868][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 37.983536][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 37.991406][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.001394][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.009574][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.023562][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.034188][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.042602][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.050359][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.057716][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.064807][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.074201][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.081338][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.088440][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.095521][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.103093][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.110893][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.118243][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.130638][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.137762][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.144842][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.152043][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.160834][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.168343][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.175787][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.183289][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.190735][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.198066][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.205405][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.213285][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.220574][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.222272][ T335] usb 1-1: USB disconnect, device number 4 [ 38.227688][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.240630][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.248262][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.255353][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.262705][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.270240][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.284122][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.292865][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.300005][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.307142][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.314248][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.321426][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.328509][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.335583][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.342682][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.349983][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.357094][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.364172][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.371420][ T65] appleir 0003:05AC:8240.0001: unknown main item tag 0x0 [ 38.378781][ T65] appleir 0003:05AC:8240.0001: report_id 0 is invalid [ 38.385587][ T65] appleir 0003:05AC:8240.0001: item 0 0 1 8 parsing failed [ 38.393432][ T65] appleir 0003:05AC:8240.0001: parse failed [ 38.399616][ T65] appleir 0003:05AC:8240.0001: probe with driver appleir failed with error -22 [ 38.412547][ T65] usb 3-1: USB disconnect, device number 3 [ 38.725976][ T335] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 38.875969][ T335] usb 4-1: Using ep0 maxpacket: 32 [ 38.882187][ T335] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 38.893744][ T335] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 38.904955][ T335] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 38.916442][ T335] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 38.925523][ T335] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.933794][ T46] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 38.942193][ T335] usb 4-1: config 0 descriptor?? [ 38.947675][ T463] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 38.956266][ T335] hub 4-1:0.0: USB hub found [ 38.995978][ T31] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 39.105965][ T46] usb 3-1: Using ep0 maxpacket: 32 [ 39.112291][ T46] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 39.121427][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.130396][ T46] usb 3-1: config 0 descriptor?? [ 39.148578][ T31] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 39.158930][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.167166][ T335] hub 4-1:0.0: 2 ports detected [ 39.172155][ T31] usb 1-1: Product: syz [ 39.176519][ T31] usb 1-1: Manufacturer: syz [ 39.181185][ T31] usb 1-1: SerialNumber: syz [ 39.186885][ T31] usb 1-1: config 0 descriptor?? [ 40.270901][ T31] usb 2-1: USB disconnect, device number 4 [ 40.605976][ T31] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 40.757127][ T31] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 40.768173][ T31] usb 2-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x94, changing to 0x84 [ 40.779749][ T31] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 40.792321][ T31] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 40.801510][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.809599][ T31] usb 2-1: Product: syz [ 40.813817][ T31] usb 2-1: Manufacturer: syz [ 40.818504][ T31] usb 2-1: SerialNumber: syz [ 40.993348][ T46] usb 4-1: USB disconnect, device number 4 [ 40.999364][ T335] hub 4-1:0.0: set hub depth failed [ 41.507922][ T36] kauditd_printk_skb: 15 callbacks suppressed [ 41.507940][ T36] audit: type=1400 audit(1781158950.520:148): avc: denied { create } for pid=495 comm="syz.3.55" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 41.533255][ T36] audit: type=1400 audit(1781158950.520:149): avc: denied { write } for pid=495 comm="syz.3.55" path="socket:[3783]" dev="sockfs" ino=3783 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 41.710148][ T65] usb 3-1: USB disconnect, device number 4 [ 41.764345][ T10] usb 1-1: USB disconnect, device number 5 [ 41.805972][ T322] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 41.829508][ T31] cdc_ncm 2-1:1.0: bind() failure [ 41.836116][ T31] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 41.844391][ T31] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 41.856503][ T31] usb 2-1: USB disconnect, device number 5 [ 41.966831][ T322] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 41.976215][ T322] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.984239][ T322] usb 4-1: Product: syz [ 41.988524][ T322] usb 4-1: Manufacturer: syz [ 41.993157][ T322] usb 4-1: SerialNumber: syz [ 41.998548][ T322] usb 4-1: config 0 descriptor?? [ 42.105985][ T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 42.257147][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 42.268175][ T10] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 42.277261][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.286012][ T10] usb 1-1: config 0 descriptor?? [ 42.366139][ T36] audit: type=1400 audit(1781158951.370:150): avc: denied { read } for pid=511 comm="syz.1.62" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 42.388566][ T36] audit: type=1400 audit(1781158951.370:151): avc: denied { open } for pid=511 comm="syz.1.62" path="/dev/ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 42.411372][ T36] audit: type=1400 audit(1781158951.380:152): avc: denied { ioctl } for pid=511 comm="syz.1.62" path="/dev/ppp" dev="devtmpfs" ino=86 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 42.495277][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 42.501425][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 42.511563][ T10] usb 1-1: USB disconnect, device number 6 [ 42.716019][ T31] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 42.826106][ T322] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 42.867314][ T31] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 42.878925][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 42.889891][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 42.899664][ T31] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 42.912599][ T31] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 42.921677][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.930445][ T31] usb 2-1: config 0 descriptor?? [ 42.938072][ T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 42.988390][ T322] usb 3-1: unable to get BOS descriptor or descriptor too short [ 42.996965][ T322] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 43.007164][ T322] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 43.017724][ T322] usb 3-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 43.026819][ T322] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.034852][ T322] usb 3-1: Product: syz [ 43.039077][ T322] usb 3-1: Manufacturer: syz [ 43.043714][ T322] usb 3-1: SerialNumber: syz [ 43.051829][ T322] usb 3-1: selecting invalid altsetting 1 [ 43.057882][ T322] usb 3-1: unit 6 not found! [ 43.097119][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 43.108089][ T10] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40 [ 43.117185][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.126108][ T10] usb 1-1: config 0 descriptor?? [ 43.342624][ T31] usbhid 2-1:0.0: can't add hid device: -71 [ 43.348809][ T31] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 43.357872][ T31] usb 2-1: USB disconnect, device number 6 [ 43.652561][ T322] usb 3-1: 2:0: failed to get current value for ch 0 (-71) [ 43.662070][ T322] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 43.672930][ T322] usb 3-1: USB disconnect, device number 5 [ 43.694469][ T330] udevd[330]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 43.864100][ T36] audit: type=1400 audit(1781158952.870:153): avc: denied { create } for pid=521 comm="syz.1.65" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 43.936370][ T10] aiptek 1-1:0.0: Aiptek using 400 ms programming speed [ 43.944720][ T10] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [ 43.955320][ T36] audit: type=1400 audit(1781158952.970:154): avc: denied { read } for pid=95 comm="acpid" name="event3" dev="devtmpfs" ino=474 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 43.977625][ T36] audit: type=1400 audit(1781158952.970:155): avc: denied { open } for pid=95 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=474 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 44.000874][ T36] audit: type=1400 audit(1781158952.970:156): avc: denied { ioctl } for pid=95 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=474 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 44.155960][ T31] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 44.307399][ T31] usb 2-1: unable to get BOS descriptor or descriptor too short [ 44.315585][ T31] usb 2-1: not running at top speed; connect to a high speed hub [ 44.326446][ T31] usb 2-1: string descriptor 0 read error: -22 [ 44.333003][ T31] usb 2-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice= 0.40 [ 44.335852][ C0] ------------[ cut here ]------------ [ 44.342293][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 44.347525][ C0] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:741:31 [ 44.347549][ C0] index 38062 is out of range for type 'const int[34]' [ 44.370983][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 d17067fa43c370e744802cb602e9182a4a42e9ef [ 44.371021][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 44.371045][ C0] Call Trace: [ 44.371053][ C0] [ 44.371062][ C0] __dump_stack+0x21/0x30 [ 44.371114][ C0] dump_stack_lvl+0x140/0x1c0 [ 44.371149][ C0] ? __cfi_dump_stack_lvl+0x10/0x10 [ 44.371184][ C0] ? do_idle+0x503/0x570 [ 44.371203][ C0] ? x86_64_start_reservations+0x2e/0x30 [ 44.371223][ C0] ? common_startup_64+0x13b/0x157 [ 44.371247][ C0] dump_stack+0x19/0x20 [ 44.371271][ C0] ubsan_epilogue+0xe/0x40 [ 44.371286][ C0] __ubsan_handle_out_of_bounds+0xe8/0xf0 [ 44.371313][ C0] ? __kasan_check_write+0x18/0x20 [ 44.371330][ C0] aiptek_irq+0x20cb/0x2a00 [ 44.371356][ C0] ? kcov_remote_start+0x1d3/0x3c0 [ 44.371374][ C0] __usb_hcd_giveback_urb+0x375/0x540 [ 44.371393][ C0] usb_hcd_giveback_urb+0x11b/0x410 [ 44.371409][ C0] dummy_timer+0x816/0x4300 [ 44.371435][ C0] ? __cfi_dummy_timer+0x10/0x10 [ 44.371453][ C0] ? timerqueue_del+0xd7/0x130 [ 44.371473][ C0] ? __hrtimer_run_queues+0x2c4/0x8e0 [ 44.371499][ C0] ? __cfi_dummy_timer+0x10/0x10 [ 44.371516][ C0] __hrtimer_run_queues+0x3ab/0x8e0 [ 44.371543][ C0] ? hrtimer_interrupt+0xf00/0xf00 [ 44.371567][ C0] ? read_tsc+0xd/0x20 [ 44.371589][ C0] ? ktime_get_update_offsets_now+0x3c0/0x3e0 [ 44.371610][ C0] hrtimer_run_softirq+0x159/0x560 [ 44.371626][ C0] ? irqtime_account_irq+0x51/0x1c0 [ 44.371650][ C0] handle_softirqs+0x1aa/0x630 [ 44.371667][ C0] ? irqtime_account_irq+0x51/0x1c0 [ 44.371691][ C0] __irq_exit_rcu+0x47/0xb0 [ 44.371707][ C0] irq_exit_rcu+0xd/0x30 [ 44.371723][ C0] sysvec_apic_timer_interrupt+0x82/0x90 [ 44.371748][ C0] [ 44.371753][ C0] [ 44.371758][ C0] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 44.371775][ C0] RIP: 0010:finish_task_switch+0x141/0x760 [ 44.371799][ C0] Code: 80 3c 2b 00 74 08 4c 89 f7 e8 fb 89 83 00 4d 8b 2e 4d 85 ed 0f 85 d3 00 00 00 4c 89 e7 e8 97 b0 4d 04 fb 49 8d 9f c8 0b 00 00 <48> 89 d8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df 42 0f b6 04 28 [ 44.371813][ C0] RSP: 0018:ffffffff87407ba8 EFLAGS: 00000282 [ 44.371834][ C0] RAX: 0000000000000001 RBX: ffffffff87416288 RCX: dffffc0000000000 [ 44.371847][ C0] RDX: 0000000040000000 RSI: 0000000000000000 RDI: ffff8881f6e4fa00 [ 44.371858][ C0] RBP: ffffffff87407bf0 R08: ffffffff874156c7 R09: 1ffffffff0e82ad8 [ 44.371870][ C0] R10: dffffc0000000000 R11: fffffbfff0e82ad9 R12: ffff8881f6e4fa00 [ 44.371882][ C0] R13: 0000000000000000 R14: ffff8881f6e506d0 R15: ffffffff874156c0 [ 44.371896][ C0] ? finish_task_switch+0x139/0x760 [ 44.371918][ C0] ? __switch_to_asm+0x3d/0x70 [ 44.371934][ C0] __schedule+0x14d6/0x2100 [ 44.371961][ C0] ? __sched_text_start+0x10/0x10 [ 44.371988][ C0] ? asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 44.372004][ C0] ? flush_smp_call_function_queue+0xea/0x150 [ 44.372024][ C0] ? __cfi_flush_smp_call_function_queue+0x10/0x10 [ 44.372044][ C0] ? tick_nohz_idle_exit+0x11b/0x3b0 [ 44.372069][ C0] schedule_idle+0x55/0x90 [ 44.372083][ C0] do_idle+0x503/0x570 [ 44.372101][ C0] ? idle_inject_timer_fn+0x80/0x80 [ 44.372120][ C0] ? __cfi_set_cpus_allowed_ptr+0x10/0x10 [ 44.372139][ C0] ? radix_tree_lookup+0x250/0x2a0 [ 44.372164][ C0] cpu_startup_entry+0x47/0x60 [ 44.372183][ C0] rest_init+0x10b/0x130 [ 44.372204][ C0] ? __cfi_x86_late_time_init+0x10/0x10 [ 44.372224][ C0] start_kernel+0x462/0x4bb [ 44.372241][ C0] x86_64_start_reservations+0x2e/0x30 [ 44.372260][ C0] x86_64_start_kernel+0x6a/0x7b [ 44.372278][ C0] common_startup_64+0x13b/0x157 [ 44.372305][ C0] [ 44.372310][ C0] ---[ end trace ]--- [ 44.427509][ T335] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 44.428968][ C0] ================================================================== [ 44.575980][ T335] usb 3-1: Using ep0 maxpacket: 32 [ 44.585503][ C0] BUG: KASAN: global-out-of-bounds in aiptek_irq+0x20e9/0x2a00 [ 44.594001][ T335] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 44.599574][ C0] Read of size 4 at addr ffffffff86733b78 by task swapper/0/0 [ 44.599598][ C0] [ 44.599626][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 d17067fa43c370e744802cb602e9182a4a42e9ef [ 44.599657][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 44.599701][ C0] Call Trace: [ 44.599732][ C0] [ 44.599769][ C0] __dump_stack+0x21/0x30 [ 44.599894][ C0] dump_stack_lvl+0x140/0x1c0 [ 44.599982][ C0] ? __cfi_dump_stack_lvl+0x10/0x10 [ 44.600062][ C0] ? __cfi__printk+0x10/0x10 [ 44.600158][ C0] print_address_description+0x71/0x210 [ 44.600248][ C0] print_report+0x4a/0x70 [ 44.600334][ C0] kasan_report+0x162/0x1a0 [ 44.600422][ C0] ? aiptek_irq+0x20e9/0x2a00 [ 44.600519][ C0] ? aiptek_irq+0x20e9/0x2a00 [ 44.600608][ C0] __asan_report_load4_noabort+0x18/0x20 [ 44.600681][ C0] aiptek_irq+0x20e9/0x2a00 [ 44.600787][ C0] ? kcov_remote_start+0x1d3/0x3c0 [ 44.600862][ C0] __usb_hcd_giveback_urb+0x375/0x540 [ 44.600938][ C0] usb_hcd_giveback_urb+0x11b/0x410 [ 44.601011][ C0] dummy_timer+0x816/0x4300 [ 44.601115][ C0] ? __cfi_dummy_timer+0x10/0x10 [ 44.601223][ C0] ? timerqueue_del+0xd7/0x130 [ 44.601325][ C0] ? __hrtimer_run_queues+0x2c4/0x8e0 [ 44.601421][ C0] ? __cfi_dummy_timer+0x10/0x10 [ 44.601495][ C0] __hrtimer_run_queues+0x3ab/0x8e0 [ 44.601613][ C0] ? hrtimer_interrupt+0xf00/0xf00 [ 44.601702][ C0] ? read_tsc+0xd/0x20 [ 44.601795][ C0] ? ktime_get_update_offsets_now+0x3c0/0x3e0 [ 44.601873][ C0] hrtimer_run_softirq+0x159/0x560 [ 44.601936][ C0] ? irqtime_account_irq+0x51/0x1c0 [ 44.602031][ C0] handle_softirqs+0x1aa/0x630 [ 44.602090][ C0] ? irqtime_account_irq+0x51/0x1c0 [ 44.602192][ C0] __irq_exit_rcu+0x47/0xb0 [ 44.602255][ C0] irq_exit_rcu+0xd/0x30 [ 44.602311][ C0] sysvec_apic_timer_interrupt+0x82/0x90 [ 44.602395][ C0] [ 44.602418][ C0] [ 44.602440][ C0] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 44.602506][ C0] RIP: 0010:finish_task_switch+0x141/0x760 [ 44.602632][ C0] Code: 80 3c 2b 00 74 08 4c 89 f7 e8 fb 89 83 00 4d 8b 2e 4d 85 ed 0f 85 d3 00 00 00 4c 89 e7 e8 97 b0 4d 04 fb 49 8d 9f c8 0b 00 00 <48> 89 d8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df 42 0f b6 04 28 [ 44.602693][ C0] RSP: 0018:ffffffff87407ba8 EFLAGS: 00000282 [ 44.602748][ C0] RAX: 0000000000000001 RBX: ffffffff87416288 RCX: dffffc0000000000 [ 44.602801][ C0] RDX: 0000000040000000 RSI: 0000000000000000 RDI: ffff8881f6e4fa00 [ 44.602838][ C0] RBP: ffffffff87407bf0 R08: ffffffff874156c7 R09: 1ffffffff0e82ad8 [ 44.602890][ C0] R10: dffffc0000000000 R11: fffffbfff0e82ad9 R12: ffff8881f6e4fa00 [ 44.602936][ C0] R13: 0000000000000000 R14: ffff8881f6e506d0 R15: ffffffff874156c0 [ 44.602983][ C0] ? finish_task_switch+0x139/0x760 [ 44.603055][ C0] ? __switch_to_asm+0x3d/0x70 [ 44.603119][ C0] __schedule+0x14d6/0x2100 [ 44.603209][ C0] ? __sched_text_start+0x10/0x10 [ 44.603304][ C0] ? asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 44.603370][ C0] ? flush_smp_call_function_queue+0xea/0x150 [ 44.603454][ C0] ? __cfi_flush_smp_call_function_queue+0x10/0x10 [ 44.603529][ C0] ? tick_nohz_idle_exit+0x11b/0x3b0 [ 44.603638][ C0] schedule_idle+0x55/0x90 [ 44.603707][ C0] do_idle+0x503/0x570 [ 44.603781][ C0] ? idle_inject_timer_fn+0x80/0x80 [ 44.603855][ C0] ? __cfi_set_cpus_allowed_ptr+0x10/0x10 [ 44.603936][ C0] ? radix_tree_lookup+0x250/0x2a0 [ 44.604068][ C0] cpu_startup_entry+0x47/0x60 [ 44.604145][ C0] rest_init+0x10b/0x130 [ 44.604229][ C0] ? __cfi_x86_late_time_init+0x10/0x10 [ 44.604315][ C0] start_kernel+0x462/0x4bb [ 44.604374][ C0] x86_64_start_reservations+0x2e/0x30 [ 44.604449][ C0] x86_64_start_kernel+0x6a/0x7b [ 44.604520][ C0] common_startup_64+0x13b/0x157 [ 44.604636][ C0] [ 44.604650][ C0] [ 44.619613][ T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 44.623615][ C0] The buggy address belongs to the variable: [ 44.623628][ C0] .str.274+0x18/0x20 [ 44.632803][ T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 44.636821][ C0] [ 44.636830][ C0] The buggy address belongs to the physical page: [ 44.636853][ C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6733 [ 44.642290][ T335] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 44.646157][ C0] flags: 0x4000(reserved|zone=0) [ 44.646191][ C0] raw: 0000000000004000 ffffea000019ccc8 ffffea000019ccc8 0000000000000000 [ 44.646215][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 44.653088][ T335] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.657393][ C0] page dumped because: kasan: bad access detected [ 44.657421][ C0] page_owner info is not present (never set?) [ 44.657438][ C0] [ 44.657445][ C0] Memory state around the buggy address: [ 44.668274][ T36] audit: type=1400 audit(1781158953.670:157): avc: denied { read } for pid=92 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 44.670025][ C0] ffffffff86733a00: 07 f9 f9 f9 07 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 [ 44.678774][ T335] usb 3-1: config 0 descriptor?? [ 44.679764][ C0] ffffffff86733a80: 00 00 00 f9 f9 f9 f9 f9 00 06 f9 f9 00 03 f9 f9 [ 44.679787][ C0] >ffffffff86733b00: 00 01 f9 f9 00 03 f9 f9 04 f9 f9 f9 07 f9 f9 f9 [ 44.686212][ T529] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 44.689065][ C0] ^ [ 44.689086][ C0] ffffffff86733b80: 00 f9 f9 f9 05 f9 f9 f9 07 f9 f9 f9 05 f9 f9 f9 [ 44.710899][ T335] hub 3-1:0.0: USB hub found [ 44.714521][ C0] ffffffff86733c00: 00 01 f9 f9 00 04 f9 f9 00 00 00 01 f9 f9 f9 f9 [ 44.714538][ C0] ================================================================== [ 44.794684][ T31] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 44.802078][ C0] Disabling lock debugging due to kernel taint [ 44.802098][ C0] ------------[ cut here ]------------ [ 44.802105][ C0] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:763:30 [ 44.802128][ C0] index 38063 is out of range for type 'const int[34]' [ 44.918339][ T335] hub 3-1:0.0: 2 ports detected [ 44.921669][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B syzkaller #0 d17067fa43c370e744802cb602e9182a4a42e9ef [ 44.921772][ C0] Tainted: [B]=BAD_PAGE [ 44.921798][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 44.921838][ C0] Call Trace: [ 44.921873][ C0] [ 44.921906][ C0] __dump_stack+0x21/0x30 [ 44.922028][ C0] dump_stack_lvl+0x140/0x1c0 [ 44.922137][ C0] ? __cfi_dump_stack_lvl+0x10/0x10 [ 44.922242][ C0] ? input_event_dispose+0x2f5/0x6d0 [ 44.922332][ C0] dump_stack+0x19/0x20 [ 44.922432][ C0] ubsan_epilogue+0xe/0x40 [ 44.922496][ C0] __ubsan_handle_out_of_bounds+0xe8/0xf0 [ 44.922600][ C0] aiptek_irq+0x1f85/0x2a00 [ 44.922726][ C0] __usb_hcd_giveback_urb+0x375/0x540 [ 44.922811][ C0] usb_hcd_giveback_urb+0x11b/0x410 [ 44.922884][ C0] dummy_timer+0x816/0x4300 [ 44.922977][ C0] ? __cfi_dummy_timer+0x10/0x10 [ 44.923057][ C0] ? timerqueue_del+0xd7/0x130 [ 44.923144][ C0] ? __hrtimer_run_queues+0x2c4/0x8e0 [ 44.923277][ C0] ? __cfi_dummy_timer+0x10/0x10 [ 44.923365][ C0] __hrtimer_run_queues+0x3ab/0x8e0 [ 44.923477][ C0] ? hrtimer_interrupt+0xf00/0xf00 [ 44.923576][ C0] ? read_tsc+0xd/0x20 [ 44.923684][ C0] ? ktime_get_update_offsets_now+0x3c0/0x3e0 [ 44.923781][ C0] hrtimer_run_softirq+0x159/0x560 [ 44.923846][ C0] ? irqtime_account_irq+0x51/0x1c0 [ 44.923951][ C0] handle_softirqs+0x1aa/0x630 [ 44.924025][ C0] ? irqtime_account_irq+0x51/0x1c0 [ 44.924124][ C0] __irq_exit_rcu+0x47/0xb0 [ 44.924188][ C0] irq_exit_rcu+0xd/0x30 [ 44.924250][ C0] sysvec_apic_timer_interrupt+0x82/0x90 [ 44.924332][ C0] [ 44.924355][ C0] [ 44.924380][ C0] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 44.924453][ C0] RIP: 0010:finish_task_switch+0x141/0x760 [ 44.924559][ C0] Code: 80 3c 2b 00 74 08 4c 89 f7 e8 fb 89 83 00 4d 8b 2e 4d 85 ed 0f 85 d3 00 00 00 4c 89 e7 e8 97 b0 4d 04 fb 49 8d 9f c8 0b 00 00 <48> 89 d8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df 42 0f b6 04 28 [ 44.924636][ C0] RSP: 0018:ffffffff87407ba8 EFLAGS: 00000282 [ 44.924716][ C0] RAX: 0000000000000001 RBX: ffffffff87416288 RCX: dffffc0000000000 [ 44.924766][ C0] RDX: 0000000040000000 RSI: 0000000000000000 RDI: ffff8881f6e4fa00 [ 44.924822][ C0] RBP: ffffffff87407bf0 R08: ffffffff874156c7 R09: 1ffffffff0e82ad8 [ 44.924881][ C0] R10: dffffc0000000000 R11: fffffbfff0e82ad9 R12: ffff8881f6e4fa00 [ 44.924932][ C0] R13: 0000000000000000 R14: ffff8881f6e506d0 R15: ffffffff874156c0 [ 44.925003][ C0] ? finish_task_switch+0x139/0x760 [ 44.925091][ C0] ? __switch_to_asm+0x3d/0x70 [ 44.925166][ C0] __schedule+0x14d6/0x2100 [ 44.925279][ C0] ? __sched_text_start+0x10/0x10 [ 44.925389][ C0] ? asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 44.925464][ C0] ? flush_smp_call_function_queue+0xea/0x150 [ 44.925551][ C0] ? __cfi_flush_smp_call_function_queue+0x10/0x10 [ 44.925643][ C0] ? tick_nohz_idle_exit+0x11b/0x3b0 [ 44.925746][ C0] schedule_idle+0x55/0x90 [ 44.925788][ C0] do_idle+0x503/0x570 [ 44.925856][ C0] ? idle_inject_timer_fn+0x80/0x80 [ 44.925950][ C0] ? __cfi_set_cpus_allowed_ptr+0x10/0x10 [ 44.926051][ C0] ? radix_tree_lookup+0x250/0x2a0 [ 44.926160][ C0] cpu_startup_entry+0x47/0x60 [ 44.926227][ C0] rest_init+0x10b/0x130 [ 44.926315][ C0] ? __cfi_x86_late_time_init+0x10/0x10 [ 44.926399][ C0] start_kernel+0x462/0x4bb [ 44.926473][ C0] x86_64_start_reservations+0x2e/0x30 [ 44.926558][ C0] x86_64_start_kernel+0x6a/0x7b [ 44.926642][ C0] common_startup_64+0x13b/0x157 [ 44.926752][ C0] [ 44.926777][ C0] ---[ end trace ]--- [ 45.007114][ T31] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 45.054459][ T322] usb 1-1: USB disconnect, device number 7 [ 45.054599][ C0] aiptek 1-1:0.0: aiptek_irq - usb_submit_urb failed with result -19 [ 45.137693][ T46] usb 4-1: USB disconnect, device number 5 [ 45.175971][ T31] usb 2-1: USB disconnect, device number 7 [ 47.006268][ T31] usb 3-1: USB disconnect, device number 6 [ 47.012202][ T335] hub 3-1:0.0: set hub depth failed