last executing test programs: 1m25.601697577s ago: executing program 4 (id=2618): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x14, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x6a}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc) 1m25.372727131s ago: executing program 4 (id=2623): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0, 0x0, 0x2}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001500010300000000000000000a"], 0x14}}, 0x40) 1m25.049391784s ago: executing program 4 (id=2625): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 1m24.697673394s ago: executing program 4 (id=2633): move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000180)={0x1c, 0x2c, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@nested={0x8, 0xc}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 1m24.348725978s ago: executing program 4 (id=2639): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) creat(&(0x7f00000005c0)='./file0\x00', 0xc9028ba210c11f8b) unlink(&(0x7f0000000540)='./file0\x00') 1m24.215060158s ago: executing program 4 (id=2642): mknod$loop(0x0, 0x0, 0x1) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getpeername(r0, &(0x7f0000000040)=@alg, 0x0) 1m9.16320635s ago: executing program 32 (id=2642): mknod$loop(0x0, 0x0, 0x1) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getpeername(r0, &(0x7f0000000040)=@alg, 0x0) 3.858714912s ago: executing program 2 (id=3972): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}}) splice(r2, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0) 2.842486997s ago: executing program 2 (id=3985): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x7d, &(0x7f00000000c0)={0x0, @in6={{0x2, 0x0, 0x0, @dev}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x9c) 1.864972072s ago: executing program 2 (id=4001): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x7, 0x0, 0x1) 1.793163202s ago: executing program 5 (id=4003): r0 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f00000003c0)=0x21, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x6008800, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @mcast1}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.659683623s ago: executing program 0 (id=4004): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000280)=0x2, 0x4) sendmsg$tipc(r0, &(0x7f0000001680)={&(0x7f0000000000)=@id, 0x10, 0x0}, 0x0) connect$tipc(r0, &(0x7f0000000140)=@name, 0x10) 1.635179747s ago: executing program 5 (id=4005): r0 = syz_open_dev$usbfs(&(0x7f0000000340), 0x74, 0x101301) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0x8008551c, 0x0) 1.506365849s ago: executing program 5 (id=4008): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x7, 0x6, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0xcc03, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.316592166s ago: executing program 5 (id=4010): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000fe9700000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000300000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.307834044s ago: executing program 1 (id=4011): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000300)={0x0, 0x0, 0x80000, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) 1.23161443s ago: executing program 2 (id=4013): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0) mbind(&(0x7f00002ad000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) 1.147606417s ago: executing program 1 (id=4014): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000f20b00000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000007f1600850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r1}, 0x10) modify_ldt$read_default(0x2, 0x0, 0x0) 1.142189372s ago: executing program 5 (id=4015): openat$btrfs_control(0xffffff9c, &(0x7f0000000000), 0x600000, 0x0) socket$rxrpc(0x21, 0x2, 0xa) r0 = socket(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009b23fd406d04c1088dee200009010902240001000000000904000000ff0100000724", @ANYRES32=r0], 0x0) 1.041792657s ago: executing program 1 (id=4017): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 872.706352ms ago: executing program 3 (id=4019): r0 = syz_open_dev$dri(&(0x7f00000005c0), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180), 0x0, 0x1, 0x0, 0x0, r1, 0x1f000000}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f0000000300)={0x0, &(0x7f0000000500)=[{}], r2, 0x0, '\x00', 0x0, 0x1}) 785.000329ms ago: executing program 1 (id=4020): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "ec"}], 0x18, 0x7000000}, 0xf401}], 0x1, 0x0) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x18, 0x110, 0x1, '/'}], 0x18, 0x7000000}, 0xf401}], 0x1, 0x0) 783.287942ms ago: executing program 3 (id=4021): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={r1, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000001680)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x0, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 718.182615ms ago: executing program 0 (id=4022): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10) munlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) 620.609953ms ago: executing program 2 (id=4023): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_LIMIT={0x8, 0x2, 0xa2}, @TCA_CODEL_CE_THRESHOLD={0x7, 0x5, 0x8}]}}]}, 0x44}}, 0x0) 596.31021ms ago: executing program 1 (id=4024): add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000000)='big_key\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) setfsgid(0xee01) faccessat(0xffffffffffffff9c, 0x0, 0x0) 585.667552ms ago: executing program 3 (id=4025): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='htcp\x00', 0x5) listen(r0, 0x4000) close(r0) 535.441891ms ago: executing program 0 (id=4026): socket$inet6(0xa, 0x80003, 0xff) r0 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000fcb000), 0x4) close(0x3) 518.242012ms ago: executing program 1 (id=4027): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000000010ac0541820000000000010902240001000000000904000001030000000921000000012205000905810300000000007771c8"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) 437.583595ms ago: executing program 5 (id=4028): socket$nl_generic(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) syz_usb_connect$uac1(0x3, 0xa4, &(0x7f0000000040)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0], 0x0) 437.079138ms ago: executing program 3 (id=4029): r0 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r0, 0x89ef, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 408.558149ms ago: executing program 2 (id=4030): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sysfs$1(0x1, 0x0) 347.941875ms ago: executing program 0 (id=4031): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x65, 0x0, 0x0, 0x3a, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x8000, 0x4e21, 0x10, 0x0, @gue={{0x2, 0x0, 0x3, 0x0, 0x100}}}}}}}, 0x0) 278.060743ms ago: executing program 3 (id=4032): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) r2 = dup3(r0, r1, 0x80000) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, 0x0, 0x0) 177.787659ms ago: executing program 0 (id=4033): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x12, 0xf1}]}}]}, 0x38}}, 0x0) 158.544397ms ago: executing program 3 (id=4034): r0 = timerfd_create(0x0, 0x0) ppoll(&(0x7f0000000380)=[{r0, 0x2010}], 0x1, 0x0, 0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000580)={{0x77359400}, {0x0, 0x989680}}, 0x0) clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) 0s ago: executing program 0 (id=4035): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000140)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32=r2, @ANYBLOB="4400028040000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000f000400726f756e64726f8d36b8b4"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) kernel console output (not intermixed with test programs): 3:1E7D:30D4.001F: unknown main item tag 0x0 [ 212.465898][ T5871] arvo 0003:1E7D:30D4.001F: unknown main item tag 0x0 [ 212.488886][ T5871] arvo 0003:1E7D:30D4.001F: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.1-1/input0 [ 212.520193][ T29] audit: type=1400 audit(1740200057.898:810): avc: denied { read } for pid=10797 comm="syz.4.2167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 212.540655][ C0] vkms_vblank_simulate: vblank timer overrun [ 212.553398][ T5871] arvo 0003:1E7D:30D4.001F: couldn't init struct arvo_device [ 212.561153][ T5871] arvo 0003:1E7D:30D4.001F: couldn't install keyboard [ 212.600253][ T5871] arvo 0003:1E7D:30D4.001F: probe with driver arvo failed with error -71 [ 212.651895][ T5871] usb 2-1: USB disconnect, device number 21 [ 212.745708][T10809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2171'. [ 213.054948][T10816] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 213.227671][T10823] SELinux: ebitmap: empty map [ 213.240805][T10823] SELinux: failed to load policy [ 214.250920][ T9] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 214.461794][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 214.479929][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 214.496698][ T9] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 214.507103][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.529633][ T9] usb 1-1: config 0 descriptor?? [ 214.534953][ T5872] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 214.648963][T10907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2218'. [ 214.701449][ T5872] usb 2-1: Using ep0 maxpacket: 32 [ 214.712451][ T5872] usb 2-1: config 0 has no interfaces? [ 214.722850][ T5872] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 214.740869][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.780828][ T5872] usb 2-1: Product: syz [ 214.790805][ T5872] usb 2-1: Manufacturer: syz [ 214.800806][ T5872] usb 2-1: SerialNumber: syz [ 214.814369][ T5872] usb 2-1: config 0 descriptor?? [ 214.989410][T10921] bridge0: left promiscuous mode [ 215.058037][ T5872] usb 2-1: USB disconnect, device number 22 [ 215.163314][ T9] hid-led 0003:27B8:01ED.0020: probe with driver hid-led failed with error -71 [ 215.181194][ T9] usb 1-1: USB disconnect, device number 22 [ 216.256061][T10960] batman_adv: batadv0: Adding interface: geneve2 [ 216.290836][T10960] batman_adv: batadv0: Not using interface geneve2 (retrying later): interface not active [ 216.943721][ T29] audit: type=1400 audit(1740200318.318:811): avc: denied { create } for pid=10981 comm="syz.0.2251" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 217.030770][ T29] audit: type=1400 audit(1740200318.318:812): avc: denied { write } for pid=10981 comm="syz.0.2251" name="file0" dev="tmpfs" ino=694 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 217.091286][ T29] audit: type=1400 audit(1740200318.348:813): avc: denied { unlink } for pid=9461 comm="syz-executor" name="file0" dev="tmpfs" ino=694 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 217.312227][ T25] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 217.492293][ T25] usb 1-1: Using ep0 maxpacket: 16 [ 217.526672][ T25] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 217.539922][T11008] lo speed is unknown, defaulting to 1000 [ 217.540712][ T25] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 219, changing to 11 [ 217.553073][T11008] lo speed is unknown, defaulting to 1000 [ 217.580710][ T25] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 16652, setting to 1024 [ 217.598055][T11008] lo speed is unknown, defaulting to 1000 [ 217.604515][ T25] usb 1-1: config 0 interface 0 has no altsetting 0 [ 217.620874][T11008] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 217.638636][ T25] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 217.664312][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.686503][T11008] lo speed is unknown, defaulting to 1000 [ 217.694485][ T25] usb 1-1: Product: syz [ 217.698682][ T25] usb 1-1: Manufacturer: syz [ 217.701832][T11008] lo speed is unknown, defaulting to 1000 [ 217.725092][ T25] usb 1-1: SerialNumber: syz [ 217.735745][T11008] lo speed is unknown, defaulting to 1000 [ 217.741799][ T25] usb 1-1: config 0 descriptor?? [ 217.755723][T11008] lo speed is unknown, defaulting to 1000 [ 217.771130][T11016] overlayfs: conflicting options: userxattr,metacopy=on [ 217.781967][T11008] lo speed is unknown, defaulting to 1000 [ 217.953660][ T29] audit: type=1400 audit(1740200319.328:814): avc: denied { listen } for pid=11018 comm="syz.3.2270" lport=52173 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 217.955954][ T25] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input32 [ 217.974181][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.978852][ T54] Bluetooth: hci5: sending frame failed (-49) [ 218.001170][ T5133] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 218.016380][T10115] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 218.031318][ T29] audit: type=1400 audit(1740200319.338:815): avc: denied { accept } for pid=11018 comm="syz.3.2270" lport=52173 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 218.279171][ T25] usb 1-1: USB disconnect, device number 23 [ 218.292216][T11038] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2278'. [ 218.567124][ T29] audit: type=1400 audit(1740200319.948:816): avc: denied { setopt } for pid=11053 comm="syz.2.2282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 218.587727][ C0] vkms_vblank_simulate: vblank timer overrun [ 218.684401][T11060] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 218.693294][T11060] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 218.702850][T11060] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 218.712256][T11060] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 218.728063][T11060] vxlan0: entered promiscuous mode [ 218.733412][T11060] vxlan0: entered allmulticast mode [ 218.886321][ T29] audit: type=1400 audit(1740200320.258:817): avc: denied { write } for pid=11064 comm="syz.2.2287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 218.905620][ C0] vkms_vblank_simulate: vblank timer overrun [ 219.280886][ T51] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 219.383089][T11094] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2300'. [ 219.440921][ T51] usb 1-1: Using ep0 maxpacket: 16 [ 219.447601][ T51] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 219.465101][ T51] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 219.478638][ T51] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 219.495931][ T51] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 219.506172][ T25] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 219.520430][ T51] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 219.524294][ T29] audit: type=1400 audit(1740200320.908:818): avc: denied { bind } for pid=11097 comm="syz.1.2303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 219.535206][ T51] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 219.564194][ T51] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 219.579426][ T51] usb 1-1: Manufacturer: syz [ 219.588921][ T51] usb 1-1: config 0 descriptor?? [ 219.646740][ T29] audit: type=1400 audit(1740200321.028:819): avc: denied { read } for pid=11102 comm="syz.2.2305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 219.674975][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.696454][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 219.728373][T11105] 9pnet_fd: Insufficient options for proto=fd [ 219.736350][ T25] usb 4-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 219.747299][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.757664][ T25] usb 4-1: config 0 descriptor?? [ 219.860829][T11114] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2309'. [ 219.870891][ T51] rc_core: IR keymap rc-hauppauge not found [ 219.879127][ T51] Registered IR keymap rc-empty [ 219.894107][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 219.922443][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 219.962781][ T51] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 219.998896][ T51] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input33 [ 220.032564][T11120] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11120 comm=syz.4.2312 [ 220.048433][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 220.092533][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 220.110816][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 220.132313][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 220.172363][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 220.190894][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 220.206911][ T25] hid-led 0003:1D34:000A.0021: unknown main item tag 0x0 [ 220.243405][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 220.273177][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 220.312342][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 220.342325][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 220.380817][ T51] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 220.403777][ T25] hid-led 0003:1D34:000A.0021: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.3-1/input0 [ 220.416366][ T51] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 220.429229][ T25] hid-led 0003:1D34:000A.0021: Dream Cheeky Webmail Notifier initialized [ 220.439763][ T51] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 220.457492][ T51] usb 1-1: USB disconnect, device number 24 [ 220.607332][ T5872] usb 4-1: USB disconnect, device number 23 [ 221.081340][T11162] netlink: 'syz.0.2330': attribute type 1 has an invalid length. [ 221.089352][T11162] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2330'. [ 221.244236][ T29] audit: type=1400 audit(1740200322.628:820): avc: denied { read } for pid=11170 comm="syz.1.2334" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 221.857412][T11203] ipvlan2: entered promiscuous mode [ 221.863470][T11203] ipvlan2: entered allmulticast mode [ 221.870497][T11203] bridge0: entered allmulticast mode [ 221.897296][T11203] bridge0: port 3(ipvlan2) entered blocking state [ 221.933113][T11203] bridge0: port 3(ipvlan2) entered disabled state [ 222.237375][T11228] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2362'. [ 222.342204][ T51] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 222.513570][ T51] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.531177][ T51] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.555365][ T51] usb 3-1: New USB device found, idVendor=1b96, idProduct=0012, bcdDevice= 0.00 [ 222.565612][ T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.577264][ T51] usb 3-1: config 0 descriptor?? [ 222.679346][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 222.679361][ T29] audit: type=1326 audit(1740200324.058:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.4.2352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98c918d169 code=0x7fc00000 [ 222.708951][ C0] vkms_vblank_simulate: vblank timer overrun [ 222.835916][ T29] audit: type=1400 audit(1740200324.218:826): avc: denied { audit_read } for pid=11250 comm="syz.0.2372" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 222.857040][ C0] vkms_vblank_simulate: vblank timer overrun [ 222.988024][ T51] ntrig 0003:1B96:0012.0022: item fetching failed at offset 5/7 [ 222.989889][T11255] overlayfs: missing 'lowerdir' [ 223.001134][ T51] ntrig 0003:1B96:0012.0022: parse failed [ 223.018029][ T51] ntrig 0003:1B96:0012.0022: probe with driver ntrig failed with error -22 [ 223.066903][T11257] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.192445][ T51] usb 3-1: USB disconnect, device number 20 [ 223.504006][T11269] netlink: 136 bytes leftover after parsing attributes in process `syz.1.2380'. [ 223.513906][T11269] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 223.622120][T11275] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 223.737746][T11281] veth3: entered allmulticast mode [ 223.895397][T11292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2390'. [ 224.247906][T11305] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2395'. [ 224.374562][ T5872] kernel read not supported for file /dsp1 (pid: 5872 comm: kworker/0:4) [ 224.409620][ T5133] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 224.688953][T11329] SELinux: failed to load policy [ 224.943415][T11345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2413'. [ 226.040800][ T51] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 226.204844][ T51] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 226.230761][ T51] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 226.273806][ T51] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 226.284572][ T51] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 226.314116][ T51] usb 1-1: Manufacturer: syz [ 226.325038][ T51] usb 1-1: config 0 descriptor?? [ 226.450791][ T51] rc_core: IR keymap rc-hauppauge not found [ 226.456947][ T51] Registered IR keymap rc-empty [ 226.463296][ T51] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 226.476499][ T51] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input35 [ 226.527554][ T29] audit: type=1400 audit(1740200327.908:827): avc: denied { create } for pid=11427 comm="syz.2.2452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 226.592696][ T29] audit: type=1400 audit(1740200327.938:828): avc: denied { bind } for pid=11427 comm="syz.2.2452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 226.816192][T11438] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2457'. [ 226.847810][T11426] rc rc0: two consecutive events of type space [ 227.033411][T11445] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 227.049377][ T5920] usb 1-1: USB disconnect, device number 25 [ 227.069405][T11445] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 227.361083][T11457] mmap: syz.1.2465 (11457) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 227.504883][ T29] audit: type=1400 audit(1740200328.888:829): avc: denied { connect } for pid=11460 comm="syz.1.2468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 227.557069][T11465] netlink: 'syz.4.2469': attribute type 2 has an invalid length. [ 227.859658][ T29] audit: type=1400 audit(1740200329.238:830): avc: denied { read } for pid=11475 comm="syz.0.2475" laddr=fe80::b lport=52538 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 227.967682][T11486] MPI: mpi too large (187712 bits) [ 228.031766][ T5873] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 228.184228][ T5873] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 228.197915][ T5873] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 228.209761][ T5873] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 228.223927][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.237411][T11474] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 228.251950][ T5873] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 228.575312][ T5873] usb 5-1: USB disconnect, device number 24 [ 229.054671][ T29] audit: type=1400 audit(1740200330.438:831): avc: denied { connect } for pid=11518 comm="syz.1.2494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 229.184306][T11522] netlink: 1256 bytes leftover after parsing attributes in process `syz.2.2497'. [ 229.195500][T11522] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 229.572351][ T54] Bluetooth: hci0: command 0x0405 tx timeout [ 229.676853][T11544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2505'. [ 230.076505][T11562] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 230.108919][T11564] virt_wifi0 speed is unknown, defaulting to 1000 [ 230.157056][T11564] lo speed is unknown, defaulting to 1000 [ 230.251127][T11571] netlink: 280 bytes leftover after parsing attributes in process `syz.4.2516'. [ 230.562474][T11587] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0) [ 230.577538][T11587] SELinux: failed to load policy [ 230.613942][T11590] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2525'. [ 230.647835][T11590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2525'. [ 230.773457][ T29] audit: type=1326 audit(1740200332.148:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11599 comm="syz.3.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 230.862236][ T51] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 230.870389][ T29] audit: type=1326 audit(1740200332.148:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11599 comm="syz.3.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 230.920307][ T29] audit: type=1326 audit(1740200332.158:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11599 comm="syz.3.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 230.955163][ T29] audit: type=1326 audit(1740200332.158:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11599 comm="syz.3.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 231.007469][ T29] audit: type=1326 audit(1740200332.158:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11599 comm="syz.3.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 231.039659][ T29] audit: type=1326 audit(1740200332.158:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11599 comm="syz.3.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 231.065402][ T29] audit: type=1326 audit(1740200332.158:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11599 comm="syz.3.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 231.089046][ T51] usb 3-1: Using ep0 maxpacket: 8 [ 231.136440][ T51] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.154708][ T51] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 231.187862][ T51] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 231.211080][ T29] audit: type=1326 audit(1740200332.158:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11599 comm="syz.3.2530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 231.244339][ T51] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 231.248518][T11620] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2539'. [ 231.253745][ T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.253770][ T51] usb 3-1: Product: syz [ 231.253785][ T51] usb 3-1: Manufacturer: syz [ 231.253800][ T51] usb 3-1: SerialNumber: syz [ 231.479102][ T51] cdc_ncm 3-1:1.0: bind() failure [ 231.493555][ T51] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 231.524237][ T51] cdc_ncm 3-1:1.1: bind() failure [ 231.538258][ T51] usb 3-1: USB disconnect, device number 21 [ 231.726446][T11643] tun0: tun_chr_ioctl cmd 2147767507 [ 232.316669][T11670] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 232.618732][T11689] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2570'. [ 232.692341][T11693] misc userio: Begin command sent, but we're already running [ 232.804942][T11702] can0: slcan on ttyS3. [ 232.891729][T11702] can0 (unregistered): slcan off ttyS3. [ 233.153009][T11719] netlink: 'syz.0.2586': attribute type 1 has an invalid length. [ 233.166566][T11719] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 233.174503][T11719] IPv6: NLM_F_CREATE should be set when creating new route [ 233.181791][T11719] IPv6: NLM_F_CREATE should be set when creating new route [ 233.468742][T11738] overlay: ./file0 is not a directory [ 233.668610][ T51] kernel read not supported for file /dsp (pid: 51 comm: kworker/1:1) [ 233.869862][T11760] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2604'. [ 235.205836][T11810] netlink: 'syz.4.2625': attribute type 10 has an invalid length. [ 235.245326][T11810] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 235.456382][T11820] netlink: 71 bytes leftover after parsing attributes in process `syz.3.2631'. [ 235.483117][T11821] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2632'. [ 236.191247][ T5872] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 236.370761][ T5872] usb 3-1: Using ep0 maxpacket: 32 [ 236.380322][ T5872] usb 3-1: config index 0 descriptor too short (expected 164, got 36) [ 236.401088][ T5872] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 236.427467][ T5872] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 236.448439][ T5872] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 236.470742][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.493891][ T5872] usb 3-1: config 0 descriptor?? [ 236.584266][T11869] kvm: kvm [11868]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x40000074) = 0x0 [ 236.874584][T11880] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2656'. [ 236.925954][ T5872] logitech 0003:046D:C29C.0023: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.2-1/input0 [ 237.105857][T11889] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2658'. [ 237.323486][ T5872] logitech 0003:046D:C29C.0023: no inputs found [ 237.335848][ T5872] usb 3-1: USB disconnect, device number 22 [ 238.145538][T11905] IPv6: Can't replace route, no match found [ 238.292099][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 238.292114][ T29] audit: type=1326 audit(1740200339.668:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11914 comm="syz.2.2670" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7f0f8d169 code=0x0 [ 238.402769][ T5872] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 238.575786][ T5872] usb 2-1: Using ep0 maxpacket: 16 [ 238.595727][T11924] sp0: Synchronizing with TNC [ 238.602361][ T5872] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 238.620551][ T5872] usb 2-1: config 0 interface 0 has no altsetting 0 [ 238.628218][ T5872] usb 2-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 238.647527][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.663997][ T5872] usb 2-1: config 0 descriptor?? [ 238.693742][T11927] sp0: Synchronizing with TNC [ 238.958394][T11935] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2680'. [ 239.113548][ T5872] cougar 0003:060B:500A.0024: unexpected long global item [ 239.141134][ T5872] cougar 0003:060B:500A.0024: parse failed [ 239.147032][ T5872] cougar 0003:060B:500A.0024: probe with driver cougar failed with error -22 [ 239.319183][ T51] usb 2-1: USB disconnect, device number 23 [ 239.741480][T11957] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=11957 comm=syz.2.2690 [ 239.799584][T11957] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2563 sclass=netlink_route_socket pid=11957 comm=syz.2.2690 [ 239.813315][ T9] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 239.990901][ T9] usb 4-1: config 0 has an invalid interface number: 133 but max is 0 [ 239.999104][ T9] usb 4-1: config 0 has no interface number 0 [ 240.041918][ T9] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 240.055914][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.071008][ T9] usb 4-1: Product: syz [ 240.075198][ T9] usb 4-1: Manufacturer: syz [ 240.079798][ T9] usb 4-1: SerialNumber: syz [ 240.104672][ T9] usb 4-1: config 0 descriptor?? [ 240.719165][ T9] keyspan 4-1:0.133: Keyspan 1 port adapter converter detected [ 240.747902][ T9] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 81 [ 240.773987][ T9] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 1 [ 240.800823][ T9] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 2 [ 240.832896][ T9] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 240.860976][ T9] usb 4-1: USB disconnect, device number 24 [ 240.901336][ T9] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 240.924364][ T9] keyspan 4-1:0.133: device disconnected [ 241.424423][T11999] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 241.446506][T11999] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 242.042181][ T29] audit: type=1400 audit(1740200343.418:853): avc: denied { read } for pid=12028 comm="syz.1.2723" name="file0" dev="tmpfs" ino=2841 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 242.092704][ T29] audit: type=1400 audit(1740200343.418:854): avc: denied { open } for pid=12028 comm="syz.1.2723" path="/555/file0" dev="tmpfs" ino=2841 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 242.148617][ T29] audit: type=1400 audit(1740200343.418:855): avc: denied { ioctl } for pid=12028 comm="syz.1.2723" path="/555/file0" dev="tmpfs" ino=2841 ioctlcmd=0x127c scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 242.371172][ T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 242.534445][ T9] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 242.555812][ T9] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 242.604645][ T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 242.632236][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.742610][T12031] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 242.762739][ T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 243.152957][ T5872] usb 3-1: USB disconnect, device number 23 [ 243.715004][T12060] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2739'. [ 245.142086][ T29] audit: type=1400 audit(1740200346.528:856): avc: denied { remount } for pid=12106 comm="syz.3.2757" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 245.574469][ T35] Bluetooth: hci5: Frame reassembly failed (-84) [ 245.592324][T12125] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 245.718027][T12130] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2767'. [ 246.356586][T12148] pim6reg: entered allmulticast mode [ 246.374143][T12148] pim6reg: left allmulticast mode [ 246.520866][ T29] audit: type=1400 audit(1740200347.888:857): avc: denied { shutdown } for pid=12151 comm="syz.2.2779" lport=9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 246.580926][ T29] audit: type=1400 audit(1740200347.948:858): avc: denied { listen } for pid=12155 comm="syz.3.2780" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 246.640814][ T29] audit: type=1400 audit(1740200347.948:859): avc: denied { accept } for pid=12155 comm="syz.3.2780" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 246.890112][T12165] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22 [ 246.930865][ T29] audit: type=1400 audit(1740200348.308:860): avc: denied { mount } for pid=12164 comm="syz.1.2784" name="/" dev="rpc_pipefs" ino=36997 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 246.960455][ T25] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 247.127490][ T25] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 247.148367][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.166772][ T25] usb 4-1: Product: syz [ 247.188356][ T25] usb 4-1: Manufacturer: syz [ 247.207383][ T25] usb 4-1: SerialNumber: syz [ 247.228802][ T25] usb 4-1: config 0 descriptor?? [ 247.387947][T12175] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2789'. [ 247.497967][ T25] usb 4-1: USB disconnect, device number 25 [ 247.570944][ T5133] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 247.647260][T12180] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2791'. [ 247.700441][ T29] audit: type=1400 audit(1740200349.078:861): avc: denied { map } for pid=12158 comm="syz.3.2781" path=2F6465762F736E642F636F6E74726F6C4333202864656C6574656429 dev="devtmpfs" ino=3169 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 247.739515][ T29] audit: type=1400 audit(1740200349.118:862): avc: denied { write } for pid=12181 comm="syz.1.2792" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 247.766043][ T29] audit: type=1400 audit(1740200349.118:863): avc: denied { open } for pid=12181 comm="syz.1.2792" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 247.956499][ T29] audit: type=1400 audit(1740200349.338:864): avc: denied { mounton } for pid=12189 comm="syz.0.2796" path="/238/bus" dev="tmpfs" ino=1229 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 247.956557][T12190] Device name cannot be null; rc = [-22] [ 248.415253][T12209] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2804'. [ 248.624443][T12213] sp0: Synchronizing with TNC [ 248.950249][ T29] audit: type=1400 audit(1740200350.328:865): avc: denied { map } for pid=12218 comm="syz.2.2809" path="/dev/bus/usb/002/001" dev="devtmpfs" ino=724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 249.010499][T12221] input: syz1 as /devices/virtual/input/input38 [ 250.170745][ T5920] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 250.300811][ T54] Bluetooth: hci4: command 0x0c1a tx timeout [ 250.322260][ T5920] usb 2-1: Using ep0 maxpacket: 8 [ 250.347084][ T5920] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 250.375788][ T5920] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 250.409076][ T5920] usb 2-1: Product: syz [ 250.426356][ T5920] usb 2-1: Manufacturer: syz [ 250.439318][ T5920] usb 2-1: SerialNumber: syz [ 250.473265][ T5920] usb 2-1: config 0 descriptor?? [ 250.481621][ T5920] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 250.627222][T12268] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 250.658187][T12268] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.784842][T12268] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 250.811496][T12268] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.834701][ T29] audit: type=1400 audit(1740200352.218:866): avc: denied { name_bind } for pid=12269 comm="syz.3.2832" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 250.885039][ T5920] gspca_zc3xx: reg_r err -71 [ 250.895196][ T5920] gspca_zc3xx 2-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 250.910626][ T5920] usb 2-1: USB disconnect, device number 24 [ 250.967557][T12268] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 251.015896][T12268] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.077272][T12272] netlink: 'syz.3.2833': attribute type 4 has an invalid length. [ 251.224405][T12268] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 251.239726][T12268] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.397617][ T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 251.421431][ T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 251.429799][ T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 251.441492][ T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 251.460951][ T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 251.479524][ T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 251.556728][T10913] bond0: (slave syz_tun): Releasing backup interface [ 251.619492][T12282] virt_wifi0 speed is unknown, defaulting to 1000 [ 251.644686][T12268] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 251.675561][T12268] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.687817][T12282] lo speed is unknown, defaulting to 1000 [ 251.713624][T12268] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 251.725590][T12268] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.756120][T12268] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 251.768246][T12268] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.794217][T12268] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 251.805396][T12268] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.836363][T12295] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 252.047443][T12303] 8021q: adding VLAN 0 to HW filter on device bond2 [ 252.094916][T12303] bond0: (slave bond2): Enslaving as an active interface with an up link [ 252.118430][T12282] chnl_net:caif_netlink_parms(): no params data found [ 252.334828][T12282] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.367491][T12282] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.401705][T12282] bridge_slave_0: entered allmulticast mode [ 252.408565][T12282] bridge_slave_0: entered promiscuous mode [ 252.429837][T12282] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.437165][T12282] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.460795][ T29] audit: type=1400 audit(1740200353.838:867): avc: denied { getopt } for pid=12327 comm="syz.2.2857" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 252.460876][T12282] bridge_slave_1: entered allmulticast mode [ 252.508638][ T29] audit: type=1400 audit(1740200353.868:868): avc: denied { append } for pid=12326 comm="syz.1.2856" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 252.531125][T12282] bridge_slave_1: entered promiscuous mode [ 252.632065][T12282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 252.653540][T12282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 252.741885][T12343] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2863'. [ 252.751079][T12343] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2863'. [ 252.772534][ T51] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 252.783440][T12282] team0: Port device team_slave_0 added [ 252.805972][T12282] team0: Port device team_slave_1 added [ 252.942164][ T51] usb 1-1: config 0 has an invalid interface number: 217 but max is 0 [ 252.950599][ T51] usb 1-1: config 0 has no interface number 0 [ 252.959349][ T51] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 252.980329][ T51] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.007593][T12282] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 253.007598][ T51] usb 1-1: Product: syz [ 253.007617][ T51] usb 1-1: Manufacturer: syz [ 253.037564][T12282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.054070][ T51] usb 1-1: SerialNumber: syz [ 253.109572][ T51] usb 1-1: config 0 descriptor?? [ 253.122171][T12282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 253.125074][ T51] hub 1-1:0.217: bad descriptor, ignoring hub [ 253.138868][ T51] hub 1-1:0.217: probe with driver hub failed with error -5 [ 253.160773][T12282] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 253.184084][T12282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.209974][ C0] vkms_vblank_simulate: vblank timer overrun [ 253.227593][T12282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 253.323170][T12282] hsr_slave_0: entered promiscuous mode [ 253.329370][T12282] hsr_slave_1: entered promiscuous mode [ 253.335116][ T51] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 253.346120][T12282] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 253.356718][T12282] Cannot create hsr debugfs directory [ 253.356786][ T51] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 253.412318][ T51] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 253.440815][ T51] usb 1-1: media controller created [ 253.479384][ T51] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 253.573085][ T5133] Bluetooth: hci5: command tx timeout [ 253.582179][ T51] DVB: Unable to find symbol dib7000p_attach() [ 253.591699][ T51] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 253.720825][ T51] rc_core: IR keymap rc-dib0700-rc5 not found [ 253.726929][ T51] Registered IR keymap rc-empty [ 253.750837][ T51] dvb-usb: could not initialize remote control. [ 253.757114][ T51] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 253.765552][T12282] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 253.817637][ T51] usb 1-1: USB disconnect, device number 26 [ 253.817702][T12282] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 253.860897][T12282] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 253.868491][ T51] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 253.887103][T12282] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 254.022521][T12282] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.050109][T12282] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.067782][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.074917][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.123044][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.130199][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.215823][T12282] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 254.308707][T12384] netlink: 87 bytes leftover after parsing attributes in process `syz.1.2882'. [ 254.510006][T12282] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 254.535544][T12393] virt_wifi0 speed is unknown, defaulting to 1000 [ 254.586972][T12393] lo speed is unknown, defaulting to 1000 [ 254.851405][ T5871] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 254.942346][T12413] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2890'. [ 255.003665][ T5871] usb 2-1: Using ep0 maxpacket: 8 [ 255.021721][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.060796][ T5871] usb 2-1: New USB device found, idVendor=09da, idProduct=001a, bcdDevice= 0.00 [ 255.083810][T12282] veth0_vlan: entered promiscuous mode [ 255.090443][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.121171][ T5871] usb 2-1: config 0 descriptor?? [ 255.122250][T12282] veth1_vlan: entered promiscuous mode [ 255.190582][T12282] veth0_macvtap: entered promiscuous mode [ 255.219020][T12282] veth1_macvtap: entered promiscuous mode [ 255.263689][T12282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.288592][T12282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.310712][T12282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.331340][T12282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.347068][T12282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.357952][T12282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.368552][T12282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.379146][T12282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.402064][T12282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.414790][T12282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.433834][ T5871] usbhid 2-1:0.0: can't add hid device: -71 [ 255.439904][ T5871] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 255.451556][T12282] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 255.466780][ T5871] usb 2-1: USB disconnect, device number 25 [ 255.477900][T12282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.490126][T12282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.502980][T12282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.513524][T12282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.523483][T12282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.535486][T12282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.546692][T12282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.560164][T12282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.574333][T12282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.585081][T12282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.596551][T12282] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 255.627860][T12282] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.649433][T12282] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.658224][ T5133] Bluetooth: hci5: command tx timeout [ 255.680070][T12282] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.692785][T12282] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.817860][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.824471][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.854526][T10095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.869776][T10095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.899472][T12433] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2900'. [ 255.912740][T10099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.935258][T10099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.949327][T12433] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2900'. [ 255.978748][T12433] netlink: 'syz.3.2900': attribute type 20 has an invalid length. [ 256.070829][T12440] veth1: entered promiscuous mode [ 256.370970][ T25] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 256.437388][ T29] audit: type=1400 audit(1740200357.818:869): avc: denied { append } for pid=12459 comm="syz.0.2911" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 256.463408][T12460] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 256.553604][ T25] usb 2-1: config 0 has an invalid interface number: 32 but max is 0 [ 256.565153][ T25] usb 2-1: config 0 has no interface number 0 [ 256.576428][ T25] usb 2-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 256.619469][ T25] usb 2-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 256.627508][ T5873] hid-generic 0000:0003:0000.0025: unknown main item tag 0x0 [ 256.645456][ T25] usb 2-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 256.651868][ T5873] hid-generic 0000:0003:0000.0025: unknown main item tag 0x0 [ 256.664718][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.686038][ T25] usb 2-1: config 0 descriptor?? [ 256.708573][ T5873] hid-generic 0000:0003:0000.0025: hidraw0: HID v0.00 Device [syz0] on syz1 [ 256.822350][ T29] audit: type=1326 audit(1740200358.208:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12472 comm="syz.3.2917" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5829b8d169 code=0x0 [ 257.007528][T12482] netlink: 'syz.2.2921': attribute type 2 has an invalid length. [ 257.015529][T12482] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2921'. [ 257.118297][ T5871] lo speed is unknown, defaulting to 1000 [ 257.135022][ T25] logitech-djreceiver 0003:046D:C71B.0026: unknown main item tag 0x0 [ 257.152512][ T25] logitech-djreceiver 0003:046D:C71B.0026: unknown main item tag 0x0 [ 257.171051][ T25] logitech-djreceiver 0003:046D:C71B.0026: unknown main item tag 0x0 [ 257.188670][ T25] logitech-djreceiver 0003:046D:C71B.0026: unknown main item tag 0x0 [ 257.199038][T12490] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2925'. [ 257.208224][ T25] logitech-djreceiver 0003:046D:C71B.0026: unknown main item tag 0x0 [ 257.226607][ T25] logitech-djreceiver 0003:046D:C71B.0026: unknown main item tag 0x0 [ 257.237953][ T25] logitech-djreceiver 0003:046D:C71B.0026: unknown main item tag 0x0 [ 257.247874][ T25] logitech-djreceiver 0003:046D:C71B.0026: hidraw0: USB HID v0.00 Device [HID 046d:c71b] on usb-dummy_hcd.1-1/input32 [ 257.376343][ T5871] usb 2-1: USB disconnect, device number 26 [ 257.742670][ T5133] Bluetooth: hci5: command tx timeout [ 258.005421][ T29] audit: type=1400 audit(1740200359.388:871): avc: denied { read } for pid=12511 comm="syz.3.2933" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 258.208898][ T29] audit: type=1400 audit(1740200359.588:872): avc: denied { getopt } for pid=12522 comm="syz.5.2936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 258.249181][T12523] IPVS: sync thread started: state = BACKUP, mcast_ifn = dummy0, syncid = 3, id = 0 [ 258.249397][T12519] IPVS: stopping backup sync thread 12523 ... [ 258.430692][ T29] audit: type=1400 audit(1740200359.808:873): avc: denied { listen } for pid=12527 comm="syz.5.2939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 258.501030][ T29] audit: type=1400 audit(1740200359.808:874): avc: denied { accept } for pid=12527 comm="syz.5.2939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 258.726914][ T29] audit: type=1400 audit(1740200360.108:875): avc: denied { bind } for pid=12539 comm="syz.3.2945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 258.744049][T12546] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2948'. [ 258.774707][T12546] netlink: 'syz.2.2948': attribute type 10 has an invalid length. [ 258.790897][ T29] audit: type=1400 audit(1740200360.108:876): avc: denied { listen } for pid=12539 comm="syz.3.2945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 258.800316][T12546] team0: Cannot enslave team device to itself [ 258.852628][ T29] audit: type=1400 audit(1740200360.108:877): avc: denied { accept } for pid=12539 comm="syz.3.2945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 258.903438][T12550] overlayfs: workdir and upperdir must be separate subtrees [ 259.323131][ T9] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 259.491073][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 259.502884][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 259.516596][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 259.536636][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 259.548754][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.558503][ T9] usb 1-1: config 0 descriptor?? [ 259.566641][ T9] hub 1-1:0.0: USB hub found [ 259.784699][ T9] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 259.811413][ T5133] Bluetooth: hci5: command tx timeout [ 260.186654][ T9] hid-generic 0003:046D:C31C.0027: item fetching failed at offset 0/1 [ 260.209756][ T9] hid-generic 0003:046D:C31C.0027: probe with driver hid-generic failed with error -22 [ 260.485001][T12616] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2981'. [ 260.523714][T12616] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2981'. [ 260.542965][ T5871] usb 1-1: USB disconnect, device number 27 [ 260.865795][T12640] IPVS: Error joining to the multicast group [ 261.479228][T12666] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 261.493265][T12666] batadv_slave_1: entered promiscuous mode [ 261.539300][ T29] audit: type=1400 audit(1740200362.918:878): avc: denied { write } for pid=12669 comm="syz.5.3006" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 261.565857][T12668] netlink: 'syz.3.3005': attribute type 9 has an invalid length. [ 261.629697][ T29] audit: type=1400 audit(1740200362.948:879): avc: denied { ioctl } for pid=12669 comm="syz.5.3006" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0xae9f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 261.654656][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.013697][ T5873] kernel write not supported for file /video8 (pid: 5873 comm: kworker/0:5) [ 262.633329][ T54] Bluetooth: hci3: adv larger than maximum supported [ 262.633389][ T54] Bluetooth: hci3: Malformed LE Event: 0x0d [ 262.749031][ T5905] kernel write not supported for file /snd/seq (pid: 5905 comm: kworker/1:6) [ 262.771825][ T54] Bluetooth: hci5: command 0x0405 tx timeout [ 263.001041][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 263.153941][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 263.189827][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 263.205750][ T9] usb 6-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 263.216713][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.233736][ T9] usb 6-1: config 0 descriptor?? [ 263.332597][ T29] audit: type=1326 audit(1740200364.718:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12751 comm="syz.3.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 263.356812][ C0] vkms_vblank_simulate: vblank timer overrun [ 263.372090][ T29] audit: type=1326 audit(1740200364.718:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12751 comm="syz.3.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 263.397760][ T29] audit: type=1326 audit(1740200364.718:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12751 comm="syz.3.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 263.421153][ C0] vkms_vblank_simulate: vblank timer overrun [ 263.440577][ T29] audit: type=1326 audit(1740200364.718:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12751 comm="syz.3.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 263.465693][ T5873] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 263.473591][ T29] audit: type=1326 audit(1740200364.718:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12751 comm="syz.3.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5829b8d169 code=0x7ffc0000 [ 263.641066][ T5873] usb 3-1: Using ep0 maxpacket: 16 [ 263.672831][ T5873] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 263.689921][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 263.701379][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 263.711114][ T5873] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 263.739042][ T5873] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 263.757840][ T5873] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 263.767825][ T5873] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 263.775961][ T5873] usb 3-1: Manufacturer: syz [ 263.782721][ T5873] usb 3-1: config 0 descriptor?? [ 263.888326][T12774] vivid-007: disconnect [ 263.894271][T12774] vivid-007: reconnect [ 264.052057][ T5873] rc_core: IR keymap rc-hauppauge not found [ 264.064802][ T5873] Registered IR keymap rc-empty [ 264.069845][ T9] hid-led 0003:0FC5:B080.0028: probe with driver hid-led failed with error -71 [ 264.084360][ T9] usb 6-1: USB disconnect, device number 2 [ 264.090296][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.123193][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.164902][ T29] audit: type=1400 audit(1740200365.548:885): avc: denied { bind } for pid=12787 comm="syz.3.3059" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 264.184269][ C0] vkms_vblank_simulate: vblank timer overrun [ 264.191799][ T5871] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 264.192188][ T5873] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 264.217881][ T5873] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input40 [ 264.232861][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.251170][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.280744][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.300826][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.320837][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.340816][ T5871] usb 2-1: Using ep0 maxpacket: 32 [ 264.340816][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.362117][ T5871] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 264.370273][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.378092][ T5871] usb 2-1: config 0 has no interfaces? [ 264.386539][ T5871] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 264.400797][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.416899][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.431960][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.442407][ T5871] usb 2-1: config 0 descriptor?? [ 264.472681][ T5873] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.511557][ T5873] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 264.536421][ T5873] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 264.561596][ T5873] usb 3-1: USB disconnect, device number 24 [ 264.754729][ T5873] usb 2-1: USB disconnect, device number 27 [ 264.885315][T12816] netlink: 'syz.3.3072': attribute type 1 has an invalid length. [ 264.910725][T12816] netlink: 134744 bytes leftover after parsing attributes in process `syz.3.3072'. [ 265.240756][ T5873] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 265.424983][ T5873] usb 6-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac [ 265.442718][ T5873] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.450879][ T5873] usb 6-1: Product: syz [ 265.460783][ T5873] usb 6-1: Manufacturer: syz [ 265.465449][ T5873] usb 6-1: SerialNumber: syz [ 265.477212][ T5873] usb 6-1: config 0 descriptor?? [ 265.556468][T12847] netlink: 'syz.0.3087': attribute type 9 has an invalid length. [ 265.567247][ T5871] kernel write not supported for file /vcs (pid: 5871 comm: kworker/1:5) [ 265.687461][ T29] audit: type=1400 audit(1740200367.068:886): avc: denied { ioctl } for pid=12848 comm="syz.3.3088" path="socket:[40260]" dev="sockfs" ino=40260 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 265.742088][ T5873] peak_usb 6-1:0.0: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels) [ 265.777137][ T29] audit: type=1400 audit(1740200367.148:887): avc: denied { append } for pid=12852 comm="syz.0.3089" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 265.970855][ T5873] peak_usb 6-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 265.989334][ T5873] peak_usb 6-1:0.0: unable to tell PCAN-USB X6 driver is loaded (err -71) [ 266.061649][ T5873] peak_usb 6-1:0.0: probe with driver peak_usb failed with error -71 [ 266.090943][ T5873] usb 6-1: USB disconnect, device number 3 [ 266.408218][T12880] @: renamed from vlan0 [ 266.554498][T12886] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 266.679224][ T29] audit: type=1400 audit(1740200368.058:888): avc: denied { read write } for pid=5828 comm="syz-executor" name="loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 266.703328][ C0] vkms_vblank_simulate: vblank timer overrun [ 266.723875][T12894] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3111'. [ 266.739058][ T29] audit: type=1400 audit(1740200368.058:889): avc: denied { open } for pid=5828 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 266.776400][ T29] audit: type=1400 audit(1740200368.058:890): avc: denied { ioctl } for pid=5828 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 266.801905][ C0] vkms_vblank_simulate: vblank timer overrun [ 266.845932][ T29] audit: type=1400 audit(1740200368.058:891): avc: denied { unmount } for pid=12282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 266.877200][ T29] audit: type=1400 audit(1740200368.088:892): avc: denied { create } for pid=12893 comm="syz.2.3111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 266.903751][ T29] audit: type=1400 audit(1740200368.098:893): avc: denied { write } for pid=12893 comm="syz.2.3111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 266.950823][ T29] audit: type=1400 audit(1740200368.098:894): avc: denied { read } for pid=12893 comm="syz.2.3111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 266.987863][ T29] audit: type=1400 audit(1740200368.108:895): avc: denied { ioctl } for pid=12893 comm="syz.2.3111" path="socket:[41222]" dev="sockfs" ino=41222 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 267.050793][ T29] audit: type=1400 audit(1740200368.158:896): avc: denied { prog_load } for pid=12895 comm="syz.3.3110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 267.100798][ T29] audit: type=1400 audit(1740200368.158:897): avc: denied { bpf } for pid=12895 comm="syz.3.3110" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 267.148116][T12908] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 267.834712][T12932] overlay: filesystem on ./file0 is read-only [ 267.877344][T12936] netlink: 'syz.5.3129': attribute type 4 has an invalid length. [ 267.928663][T12938] netlink: 'syz.5.3129': attribute type 4 has an invalid length. [ 268.101146][T12945] kvm: apic: phys broadcast and lowest prio [ 268.351287][ T5872] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 268.500909][ T5872] usb 6-1: Using ep0 maxpacket: 32 [ 268.507955][ T5872] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 268.517224][ T5872] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.527641][ T5872] usb 6-1: config 0 descriptor?? [ 268.556719][ T5872] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 268.999027][T12982] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3149'. [ 269.008224][T12982] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3149'. [ 269.141809][ T51] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 269.304193][ T51] usb 1-1: unable to get BOS descriptor or descriptor too short [ 269.319218][ T51] usb 1-1: no configurations [ 269.325180][ T51] usb 1-1: can't read configurations, error -22 [ 269.373814][ T5872] gspca_nw80x: reg_r err -71 [ 269.380573][ T5872] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 269.400601][ T5872] usb 6-1: USB disconnect, device number 4 [ 269.564447][T13007] netlink: 'syz.2.3161': attribute type 1 has an invalid length. [ 269.574656][T13007] netlink: 134708 bytes leftover after parsing attributes in process `syz.2.3161'. [ 270.896042][T13061] netlink: 'syz.0.3183': attribute type 11 has an invalid length. [ 271.206852][T13076] siw: device registration error -23 [ 271.703203][ T29] kauditd_printk_skb: 99 callbacks suppressed [ 271.703219][ T29] audit: type=1400 audit(1740200373.088:997): avc: denied { bind } for pid=13107 comm="syz.2.3205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 271.852852][ T29] audit: type=1400 audit(1740200373.238:998): avc: denied { create } for pid=13109 comm="syz.0.3206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 271.882240][T13116] netlink: 71 bytes leftover after parsing attributes in process `syz.5.3209'. [ 271.916366][ T29] audit: type=1400 audit(1740200373.238:999): avc: denied { write } for pid=13109 comm="syz.0.3206" path="socket:[40718]" dev="sockfs" ino=40718 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 272.074090][T13125] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3212'. [ 272.103471][T13125] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3212'. [ 272.156990][ T29] audit: type=1400 audit(1740200373.538:1000): avc: denied { create } for pid=13126 comm="syz.2.3213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 272.224394][ T29] audit: type=1400 audit(1740200373.568:1001): avc: denied { setopt } for pid=13126 comm="syz.2.3213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 272.302577][ T29] audit: type=1400 audit(1740200373.588:1002): avc: denied { listen } for pid=13128 comm="syz.1.3214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 272.341982][ T29] audit: type=1400 audit(1740200373.728:1003): avc: denied { create } for pid=13133 comm="syz.2.3217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 272.370165][ T29] audit: type=1400 audit(1740200373.748:1004): avc: denied { write } for pid=13133 comm="syz.2.3217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 272.439995][ T29] audit: type=1400 audit(1740200373.818:1005): avc: denied { read write } for pid=13138 comm="syz.5.3219" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 272.486921][ T29] audit: type=1400 audit(1740200373.818:1006): avc: denied { open } for pid=13138 comm="syz.5.3219" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 272.767610][T13150] rtc_cmos 00:00: Alarms can be up to one day in the future [ 272.801836][T13148] rtc_cmos 00:00: Alarms can be up to one day in the future [ 273.015819][T13164] random: crng reseeded on system resumption [ 273.171298][ T5873] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 273.314640][T13164] Restarting kernel threads ... done. [ 273.330962][ T5873] usb 3-1: Using ep0 maxpacket: 8 [ 273.343937][ T5873] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03 [ 273.356946][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.365956][ T5873] usb 3-1: Product: syz [ 273.366116][T13179] xt_hashlimit: size too large, truncated to 1048576 [ 273.370442][ T5873] usb 3-1: Manufacturer: syz [ 273.393939][ T5873] usb 3-1: SerialNumber: syz [ 273.404866][ T5873] usb 3-1: config 0 descriptor?? [ 273.425691][ T5873] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state. [ 273.435045][ T5873] dvb-usb: bulk message failed: -22 (2/0) [ 273.445933][T13180] xt_HMARK: proto mask must be zero with L3 mode [ 273.447214][ T5873] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 273.487236][ T5873] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver) [ 273.510730][ T5873] usb 3-1: media controller created [ 273.523154][ T5873] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 273.557167][ T9] rtc_cmos 00:00: Alarms can be up to one day in the future [ 273.569912][ T9] rtc_cmos 00:00: Alarms can be up to one day in the future [ 273.582478][ T5873] dvb-usb: bulk message failed: -22 (1/0) [ 273.588304][ T5873] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' [ 273.616670][ T9] rtc_cmos 00:00: Alarms can be up to one day in the future [ 273.626260][ T5873] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input42 [ 273.637559][ T9] rtc_cmos 00:00: Alarms can be up to one day in the future [ 273.644915][ T9] rtc rtc0: __rtc_set_alarm: err=-22 [ 273.652470][ T5873] dvb-usb: schedule remote query interval to 50 msecs. [ 273.661716][ T5873] dvb-usb: bulk message failed: -22 (2/0) [ 273.667480][ T5873] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected. [ 273.680736][ T5873] usb 3-1: USB disconnect, device number 25 [ 273.717412][ T5873] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected. [ 273.831304][T13187] ax25_connect(): syz.0.3239 uses autobind, please contact jreuter@yaina.de [ 273.899529][T13193] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3241'. [ 274.305789][T13218] xt_hashlimit: max too large, truncated to 1048576 [ 274.668293][T13242] netlink: 'syz.5.3264': attribute type 1 has an invalid length. [ 274.760838][ T5873] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 274.920791][ T5873] usb 1-1: Using ep0 maxpacket: 32 [ 274.942011][ T5873] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 274.959923][ T5873] usb 1-1: config 0 has no interface number 0 [ 274.968138][T13254] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3272'. [ 274.968278][ T5873] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 274.993072][ T5873] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.004048][ T5873] usb 1-1: Product: syz [ 275.008218][ T5873] usb 1-1: Manufacturer: syz [ 275.024349][ T5873] usb 1-1: SerialNumber: syz [ 275.034686][ T5873] usb 1-1: config 0 descriptor?? [ 275.041761][ T5873] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 275.101120][ T51] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 275.254463][ T5873] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 275.259582][ T51] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 275.269212][ T5873] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 275.288009][ T51] usb 3-1: config 0 has no interface number 0 [ 275.327356][ T51] usb 3-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x65, changing to 0x5 [ 275.361671][ T51] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x5 has invalid maxpacket 8301, setting to 64 [ 275.382095][ T51] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 275.397874][ T51] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 275.429952][ T51] usb 3-1: Product: syz [ 275.438923][ T51] usb 3-1: SerialNumber: syz [ 275.445349][ T51] usb 3-1: config 0 descriptor?? [ 275.461342][T13248] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 275.471866][ T51] usbhid 3-1:0.8: couldn't find an input interrupt endpoint [ 275.631824][ T5905] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 275.723996][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 275.728965][ T51] usb 3-1: USB disconnect, device number 26 [ 275.731857][ T9] usb 1-1: USB disconnect, device number 30 [ 275.753939][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 275.767764][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 275.779202][ T9] quatech2 1-1:0.51: device disconnected [ 275.791800][ T5905] usb 4-1: Using ep0 maxpacket: 16 [ 275.802163][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 275.814980][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 275.825780][ T5905] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 275.838769][ T5905] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 275.847955][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.870969][ T5905] usb 4-1: config 0 descriptor?? [ 276.309969][ T5905] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0029/input/input43 [ 276.367963][ T5905] microsoft 0003:045E:07DA.0029: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 276.517580][ T9] usb 4-1: USB disconnect, device number 26 [ 276.609375][T13306] bridge_slave_0: invalid flags given to default FDB implementation [ 276.897160][T13321] sch_fq: defrate 511 ignored. [ 276.917755][ T29] kauditd_printk_skb: 211 callbacks suppressed [ 276.917769][ T29] audit: type=1400 audit(1740200378.298:1218): avc: denied { connect } for pid=13323 comm="syz.0.3302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 277.049722][T13329] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 277.107761][ T29] audit: type=1400 audit(1740200378.488:1219): avc: denied { rename } for pid=13330 comm="syz.1.3306" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 277.322137][ T29] audit: type=1326 audit(1740200378.708:1220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13340 comm="syz.1.3311" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f05a178d169 code=0x0 [ 277.507091][T13350] Failed to get privilege flags for destination (handle=0x2:0x7) [ 277.514971][ T5905] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 277.675005][ T5905] usb 4-1: Using ep0 maxpacket: 8 [ 277.706419][T13358] /dev/nbd5: Can't open blockdev [ 277.712869][ T29] audit: type=1400 audit(1740200379.088:1221): avc: denied { mounton } for pid=13357 comm="syz.5.3319" path="/syzcgroup/unified/syz5" dev="cgroup2" ino=317 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 277.740747][ T5905] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 277.749800][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.792399][ T5905] usb 4-1: config 0 descriptor?? [ 278.005201][ T5905] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 278.607102][ T5905] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 278.618330][ T5905] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 278.680829][ T5905] asix 4-1:0.0: probe with driver asix failed with error -71 [ 278.706025][ T5905] usb 4-1: USB disconnect, device number 27 [ 279.078952][ T29] audit: type=1400 audit(1740200380.458:1222): avc: denied { create } for pid=13407 comm="syz.0.3342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 279.190717][ T29] audit: type=1400 audit(1740200380.498:1223): avc: denied { ioctl } for pid=13407 comm="syz.0.3342" path="socket:[42609]" dev="sockfs" ino=42609 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 279.259077][ T29] audit: type=1400 audit(1740200380.638:1224): avc: denied { create } for pid=13413 comm="syz.3.3346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 279.287799][ T29] audit: type=1400 audit(1740200380.668:1225): avc: denied { write } for pid=13413 comm="syz.3.3346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 279.414468][T13420] netlink: 1036 bytes leftover after parsing attributes in process `syz.1.3350'. [ 279.442149][T13420] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 279.608692][ T29] audit: type=1400 audit(1740200380.988:1226): avc: denied { bind } for pid=13429 comm="syz.2.3352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 279.679189][ T29] audit: type=1400 audit(1740200380.988:1227): avc: denied { name_bind } for pid=13429 comm="syz.2.3352" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 279.701009][ C0] vkms_vblank_simulate: vblank timer overrun [ 280.190810][ T5873] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 280.371885][ T5873] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 280.387868][ T5873] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 280.398137][ T5873] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.413876][ T5873] usb 1-1: config 0 descriptor?? [ 280.425605][ T5872] kernel read not supported for file /dsp (pid: 5872 comm: kworker/0:4) [ 280.624891][ T5872] usb 1-1: USB disconnect, device number 31 [ 281.991982][ T5905] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 282.152296][ T5905] usb 4-1: config 0 has an invalid interface number: 69 but max is 0 [ 282.170593][ T5905] usb 4-1: config 0 has no interface number 0 [ 282.177873][ T5905] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 282.211962][ T5905] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 282.242373][ T5905] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 282.252640][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.272730][ T5905] usb 4-1: Product: syz [ 282.276910][ T5905] usb 4-1: Manufacturer: syz [ 282.300680][ T5905] usb 4-1: SerialNumber: syz [ 282.316182][ T5905] usb 4-1: config 0 descriptor?? [ 282.326087][T13497] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 282.334564][ T5905] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 282.361055][ T5905] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 282.461745][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 282.461761][ T29] audit: type=1326 audit(1740200383.838:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13513 comm="syz.0.3390" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe38718d169 code=0x0 [ 282.625396][T13517] virt_wifi0 speed is unknown, defaulting to 1000 [ 282.641714][T13517] lo speed is unknown, defaulting to 1000 [ 282.670607][T13522] netlink: 5 bytes leftover after parsing attributes in process `syz.5.3391'. [ 282.694263][T13522] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 282.836146][ T5871] usb 4-1: USB disconnect, device number 28 [ 282.849209][ T5871] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 282.870548][ T5871] cyberjack 4-1:0.69: device disconnected [ 283.736587][ T29] audit: type=1400 audit(1740200385.118:1237): avc: denied { setopt } for pid=13562 comm="syz.0.3411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 284.207694][ T29] audit: type=1400 audit(1740200385.588:1238): avc: denied { create } for pid=13573 comm="syz.2.3416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 284.243421][ T29] audit: type=1400 audit(1740200385.588:1239): avc: denied { setopt } for pid=13573 comm="syz.2.3416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 284.336950][ T29] audit: type=1400 audit(1740200385.718:1240): avc: denied { getopt } for pid=13580 comm="syz.2.3419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 284.780813][ T5873] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 284.882529][ T29] audit: type=1400 audit(1740200386.268:1241): avc: denied { mount } for pid=13609 comm="syz.2.3432" name="/" dev="ramfs" ino=43777 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 284.904852][ C0] vkms_vblank_simulate: vblank timer overrun [ 284.939161][ T29] audit: type=1400 audit(1740200386.298:1242): avc: denied { create } for pid=13609 comm="syz.2.3432" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1 [ 284.982589][ T5873] usb 4-1: config 0 has an invalid interface number: 191 but max is 0 [ 284.991928][ T5873] usb 4-1: config 0 has no interface number 0 [ 285.003852][ T5873] usb 4-1: config 0 interface 191 has no altsetting 0 [ 285.011487][ T29] audit: type=1400 audit(1740200386.318:1243): avc: denied { unmount } for pid=5828 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 285.033514][ T5873] usb 4-1: New USB device found, idVendor=046d, idProduct=0920, bcdDevice=7f.b1 [ 285.042749][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.050848][ T5873] usb 4-1: Product: syz [ 285.058357][ T5873] usb 4-1: Manufacturer: syz [ 285.068503][ T5873] usb 4-1: SerialNumber: syz [ 285.081568][ T5873] usb 4-1: config 0 descriptor?? [ 285.095875][ T5873] gspca_main: tv8532-2.14.0 probing 046d:0920 [ 285.331377][ T5873] usb 4-1: USB disconnect, device number 29 [ 285.413407][T13619] netlink: 'syz.2.3436': attribute type 4 has an invalid length. [ 285.638001][T13625] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 285.675802][T13627] netlink: 'syz.5.3440': attribute type 1 has an invalid length. [ 285.789752][ T29] audit: type=1400 audit(1740200387.168:1244): avc: denied { ioctl } for pid=13633 comm="syz.0.3443" path="socket:[44132]" dev="sockfs" ino=44132 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 285.887971][T13638] program syz.5.3445 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 286.017707][ T29] audit: type=1400 audit(1740200387.398:1245): avc: denied { sys_module } for pid=13639 comm="syz.0.3446" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 286.895917][T13636] syz.2.3444 (13636): drop_caches: 2 [ 287.222068][T13693] team0: Device gtp0 is of different type [ 287.290867][T13695] ======================================================= [ 287.290867][T13695] WARNING: The mand mount option has been deprecated and [ 287.290867][T13695] and is ignored by this kernel. Remove the mand [ 287.290867][T13695] option from the mount to silence this warning. [ 287.290867][T13695] ======================================================= [ 287.325749][ C0] vkms_vblank_simulate: vblank timer overrun [ 287.333823][ T5873] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 287.490849][ T5873] usb 1-1: Using ep0 maxpacket: 8 [ 287.500957][ T5873] usb 1-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 287.510135][ T5873] usb 1-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 287.518285][ T5873] usb 1-1: Product: syz [ 287.523600][ T5873] usb 1-1: Manufacturer: syz [ 287.528210][ T5873] usb 1-1: SerialNumber: syz [ 287.534586][ T5873] usb 1-1: config 0 descriptor?? [ 287.544223][ T5873] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 287.615127][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 287.615142][ T29] audit: type=1400 audit(1740200388.988:1251): avc: denied { mount } for pid=13700 comm="syz.2.3482" name="/" dev="pstore" ino=4221 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 287.655237][ T29] audit: type=1400 audit(1740200389.038:1252): avc: denied { mounton } for pid=13700 comm="syz.2.3482" path="/726/file0" dev="pstore" ino=4221 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=dir permissive=1 [ 287.684711][ T29] audit: type=1400 audit(1740200389.068:1253): avc: denied { mount } for pid=13700 comm="syz.2.3482" name="/" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 287.686163][T13701] Invalid source name [ 287.866643][ T29] audit: type=1400 audit(1740200389.238:1254): avc: denied { unmount } for pid=5828 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 287.910779][ T29] audit: type=1400 audit(1740200389.288:1255): avc: denied { unmount } for pid=5828 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 288.064158][T13711] GUP no longer grows the stack in syz.5.3476 (13711): 400000009000-40000000a000 (400000005000) [ 288.087084][T13711] CPU: 0 UID: 0 PID: 13711 Comm: syz.5.3476 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0 [ 288.087115][T13711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 288.087130][T13711] Call Trace: [ 288.087139][T13711] [ 288.087149][T13711] dump_stack_lvl+0x16c/0x1f0 [ 288.087182][T13711] gup_vma_lookup+0x1d2/0x220 [ 288.087212][T13711] __get_user_pages+0x236/0x36f0 [ 288.087231][T13711] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 288.087260][T13711] ? __gup_longterm_locked+0x124/0x1870 [ 288.087281][T13711] ? __gup_longterm_locked+0x124/0x1870 [ 288.087304][T13711] ? __pfx___get_user_pages+0x10/0x10 [ 288.087320][T13711] ? down_read_killable+0xcc/0x380 [ 288.087345][T13711] ? __pfx_down_read_killable+0x10/0x10 [ 288.087370][T13711] ? mark_lock+0xb5/0xc60 [ 288.087395][T13711] ? find_held_lock+0x2d/0x110 [ 288.087417][T13711] __gup_longterm_locked+0x212/0x1870 [ 288.087437][T13711] ? __pfx_lock_release+0x10/0x10 [ 288.087461][T13711] ? trace_lock_acquire+0x14e/0x1f0 [ 288.087487][T13711] ? __pfx___gup_longterm_locked+0x10/0x10 [ 288.087505][T13711] ? gup_fast_fallback+0x84c/0x2690 [ 288.087524][T13711] ? __pfx_lock_release+0x10/0x10 [ 288.087553][T13711] ? mark_held_locks+0x9f/0xe0 [ 288.087583][T13711] gup_fast_fallback+0x1802/0x2690 [ 288.087620][T13711] ? __pfx_gup_fast_fallback+0x10/0x10 [ 288.087645][T13711] ? hlock_class+0x4e/0x130 [ 288.087671][T13711] get_user_pages_fast+0xa8/0x100 [ 288.087690][T13711] ? __pfx_get_user_pages_fast+0x10/0x10 [ 288.087718][T13711] ? iov_iter_advance+0x1e3/0x6c0 [ 288.087744][T13711] __iov_iter_get_pages_alloc+0x8ed/0x2280 [ 288.087769][T13711] ? trace_contention_end+0xee/0x140 [ 288.087798][T13711] ? __mutex_lock+0x1cc/0xb10 [ 288.087820][T13711] ? __pfx___iov_iter_get_pages_alloc+0x10/0x10 [ 288.087841][T13711] ? pipe_lock+0x64/0x80 [ 288.087861][T13711] ? __pfx___mutex_lock+0x10/0x10 [ 288.087881][T13711] ? iovec_from_user.part.0+0x7e/0x130 [ 288.087917][T13711] iov_iter_get_pages2+0xa4/0x100 [ 288.087936][T13711] ? __pfx_iov_iter_get_pages2+0x10/0x10 [ 288.087955][T13711] ? wait_for_space+0x224/0x2d0 [ 288.087982][T13711] ? add_to_pipe+0x1c0/0x3c0 [ 288.088009][T13711] __do_sys_vmsplice+0xa13/0xef0 [ 288.088043][T13711] ? __pfx___do_sys_vmsplice+0x10/0x10 [ 288.088072][T13711] ? wake_up_q+0xb0/0x160 [ 288.088110][T13711] ? lock_acquire.part.0+0x11b/0x380 [ 288.088135][T13711] ? find_held_lock+0x2d/0x110 [ 288.088184][T13711] ? rcu_is_watching+0x12/0xc0 [ 288.088213][T13711] ? do_syscall_64+0xcd/0x250 [ 288.088233][T13711] do_syscall_64+0xcd/0x250 [ 288.088257][T13711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.088281][T13711] RIP: 0033:0x7f95bc38d169 [ 288.088304][T13711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.088323][T13711] RSP: 002b:00007f95bd2a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 288.088342][T13711] RAX: ffffffffffffffda RBX: 00007f95bc5a5fa0 RCX: 00007f95bc38d169 [ 288.088355][T13711] RDX: 0000000000000002 RSI: 0000400000000280 RDI: 0000000000000004 [ 288.088366][T13711] RBP: 00007f95bc40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 288.088378][T13711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 288.088389][T13711] R13: 0000000000000000 R14: 00007f95bc5a5fa0 R15: 00007ffdf7a1ce18 [ 288.088416][T13711] [ 288.128743][T13703] syz.3.3472 (13703): drop_caches: 2 [ 288.131953][ C0] vkms_vblank_simulate: vblank timer overrun [ 288.142871][ T5871] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 288.186136][ T5873] input: gspca_zc3xx as /devices/platform/dummy_hcd.0/usb1/1-1/input/input44 [ 288.410587][ T5871] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 288.460897][ T5873] usb 1-1: USB disconnect, device number 32 [ 288.516386][ T5871] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 288.531148][ T5871] usb 2-1: config 0 interface 0 has no altsetting 0 [ 288.538247][ T5871] usb 2-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 288.548451][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.583321][ T5871] usb 2-1: config 0 descriptor?? [ 288.636451][T13721] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3481'. [ 288.724616][T13725] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 288.778131][ T29] audit: type=1400 audit(1740200390.158:1256): avc: denied { append } for pid=13726 comm="syz.2.3485" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 288.801019][ C0] vkms_vblank_simulate: vblank timer overrun [ 288.874827][ T29] audit: type=1400 audit(1740200390.258:1257): avc: denied { watch } for pid=13732 comm="syz.5.3488" path="/112" dev="tmpfs" ino=583 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 288.899170][ T29] audit: type=1400 audit(1740200390.258:1258): avc: denied { watch_reads } for pid=13732 comm="syz.5.3488" path="/newroot/112" dev="tmpfs" ino=583 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 289.029391][ T5871] uclogic 0003:5543:0522.002A: unknown main item tag 0x7 [ 289.050909][ T5872] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 289.052243][ T5871] uclogic 0003:5543:0522.002A: No inputs registered, leaving [ 289.094879][T13739] bridge_slave_0: default FDB implementation only supports local addresses [ 289.130569][ T5871] uclogic 0003:5543:0522.002A: hidraw0: USB HID v0.04 Device [HID 5543:0522] on usb-dummy_hcd.1-1/input0 [ 289.205271][ T5872] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 289.220028][ T5872] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 289.230552][ T5872] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 289.245212][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 289.253365][ T5872] usb 4-1: SerialNumber: syz [ 289.354408][ T9] usb 2-1: USB disconnect, device number 28 [ 289.472033][ T5872] usb 4-1: 0:2 : does not exist [ 289.498410][ T5872] usb 4-1: USB disconnect, device number 30 [ 289.566474][ T29] audit: type=1400 audit(1740200390.948:1259): avc: denied { connect } for pid=13755 comm="syz.2.3499" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 290.069245][T13772] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 290.413257][ T29] audit: type=1400 audit(1740200391.798:1260): avc: denied { write } for pid=13789 comm="syz.1.3516" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 291.039730][T13821] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 291.066950][T13825] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-xor(2) [ 291.092217][ T9] IPVS: starting estimator thread 0... [ 291.181705][T13826] IPVS: using max 32 ests per chain, 76800 per kthread [ 291.276073][T13838] netlink: 'syz.2.3537': attribute type 1 has an invalid length. [ 291.638687][T13855] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 291.832548][T13865] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3548'. [ 291.862681][T13865] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3548'. [ 291.873226][T13865] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3548'. [ 291.922698][T13865] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3548'. [ 292.402734][T13897] bridge1: entered promiscuous mode [ 292.429576][T13897] xt_bpf: check failed: parse error [ 292.530882][ T5872] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 292.700695][ T5872] usb 4-1: Using ep0 maxpacket: 8 [ 292.709042][ T5872] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 292.723799][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.745515][ T5872] usb 4-1: Product: syz [ 292.749721][ T5872] usb 4-1: Manufacturer: syz [ 292.773586][ T5872] usb 4-1: SerialNumber: syz [ 292.788412][ T5872] usb 4-1: config 0 descriptor?? [ 292.812439][ T5872] gspca_main: se401-2.14.0 probing 047d:5003 [ 293.009743][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 293.009758][ T29] audit: type=1400 audit(1740200394.388:1264): avc: denied { setopt } for pid=13910 comm="syz.1.3570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 293.076197][ T29] audit: type=1400 audit(1740200394.428:1265): avc: denied { read } for pid=13910 comm="syz.1.3570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 293.266761][ T5872] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 293.286959][ T5872] se401 4-1:0.0: probe with driver se401 failed with error -71 [ 293.303256][ T5872] usb 4-1: USB disconnect, device number 31 [ 293.451220][ T29] audit: type=1400 audit(1740200394.838:1266): avc: denied { write } for pid=13925 comm="syz.0.3579" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 293.780717][ T5872] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 293.948322][ T5872] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 293.957651][ T5872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.990743][ T5872] usb 3-1: Product: syz [ 293.994934][ T5872] usb 3-1: Manufacturer: syz [ 294.019856][ T5872] usb 3-1: SerialNumber: syz [ 294.060454][ T5872] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 294.090437][ T9] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 294.197343][ T29] audit: type=1400 audit(1740200395.578:1267): avc: denied { mount } for pid=13956 comm="syz.3.3591" name="/" dev="ocfs2_dlmfs" ino=44787 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 294.201108][T13957] o2cb: This node has not been configured. [ 294.220534][ C0] vkms_vblank_simulate: vblank timer overrun [ 294.246974][T13957] o2cb: Cluster check failed. Fix errors before retrying. [ 294.257323][T13957] (syz.3.3591,13957,1):user_dlm_register:674 ERROR: status = -22 [ 294.261315][ T29] audit: type=1400 audit(1740200395.578:1268): avc: denied { write } for pid=13956 comm="syz.3.3591" name="/" dev="ocfs2_dlmfs" ino=44787 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 294.269282][T13957] (syz.3.3591,13957,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "bus" [ 294.287643][ C0] vkms_vblank_simulate: vblank timer overrun [ 294.350401][ T5873] usb 3-1: USB disconnect, device number 27 [ 294.374657][ T29] audit: type=1400 audit(1740200395.578:1269): avc: denied { add_name } for pid=13956 comm="syz.3.3591" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 294.402811][ T5871] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 294.438102][ T29] audit: type=1400 audit(1740200395.578:1270): avc: denied { create } for pid=13956 comm="syz.3.3591" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 294.476722][ T29] audit: type=1400 audit(1740200395.578:1271): avc: denied { associate } for pid=13956 comm="syz.3.3591" name="bus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 294.509869][ T29] audit: type=1400 audit(1740200395.758:1272): avc: denied { unmount } for pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 294.584541][ T5871] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 294.597898][ T5871] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 294.630736][ T5871] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 294.662941][ T5871] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 294.673091][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 294.683373][ T5871] usb 1-1: Product: syz [ 294.687551][ T5871] usb 1-1: Manufacturer: syz [ 294.704745][ T5871] cdc_wdm 1-1:1.0: skipping garbage [ 294.709965][ T5871] cdc_wdm 1-1:1.0: skipping garbage [ 294.727603][ T5871] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 294.924122][ T5872] usb 1-1: USB disconnect, device number 33 [ 294.993942][T13978] wg2: entered promiscuous mode [ 294.999735][T13978] wg2: entered allmulticast mode [ 295.173508][ T9] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 295.195798][ T9] ath9k_htc: Failed to initialize the device [ 295.217143][ T5873] usb 3-1: ath9k_htc: USB layer deinitialized [ 295.253443][T13991] netlink: 47 bytes leftover after parsing attributes in process `syz.1.3607'. [ 295.330842][ T5133] Bluetooth: hci2: command 0x0c1a tx timeout [ 295.415616][ T29] audit: type=1400 audit(1740200396.798:1273): avc: denied { bind } for pid=13993 comm="syz.1.3608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 295.932553][ T5871] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 296.062810][ T5905] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 296.101707][ T5871] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 296.112164][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.132307][ T5871] usb 1-1: Product: syz [ 296.138900][ T5871] usb 1-1: Manufacturer: syz [ 296.152588][ T5871] usb 1-1: SerialNumber: syz [ 296.167889][ T5871] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 296.184454][ T51] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 296.224587][ T5905] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 296.236048][ T5905] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 296.263372][ T5905] usb 2-1: New USB device found, idVendor=044f, idProduct=b65a, bcdDevice= 0.00 [ 296.280753][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.301715][ T5905] usb 2-1: config 0 descriptor?? [ 296.642823][ T5871] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 296.732709][ T5905] thrustmaster 0003:044F:B65A.002B: hidraw0: USB HID v0.09 Device [HID 044f:b65a] on usb-dummy_hcd.1-1/input0 [ 296.763107][ T5905] thrustmaster 0003:044F:B65A.002B: no inputs found [ 296.813394][ T5871] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 296.831937][ T5871] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 296.844519][ T5871] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 296.858556][ T5871] usb 4-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00 [ 296.868841][ T5871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.890229][ T5871] usb 4-1: config 0 descriptor?? [ 296.928504][ T5905] usb 2-1: USB disconnect, device number 29 [ 297.037897][ T5873] usb 1-1: USB disconnect, device number 34 [ 297.319947][ T5871] aureal 0003:0755:2626.002C: unknown main item tag 0x0 [ 297.341785][ T5871] aureal 0003:0755:2626.002C: unknown main item tag 0x0 [ 297.348776][ T5871] aureal 0003:0755:2626.002C: unknown main item tag 0x0 [ 297.371680][ T5871] aureal 0003:0755:2626.002C: unknown main item tag 0x0 [ 297.378667][ T5871] aureal 0003:0755:2626.002C: unknown main item tag 0x0 [ 297.420612][ T5871] aureal 0003:0755:2626.002C: hidraw0: USB HID v0.0b Device [HID 0755:2626] on usb-dummy_hcd.3-1/input0 [ 297.581579][ T25] usb 4-1: USB disconnect, device number 32 [ 297.651661][ T51] usb 1-1: Service connection timeout for: 257 [ 297.668571][ T51] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 297.713927][ T51] ath9k_htc: Failed to initialize the device [ 297.720185][ T5873] usb 1-1: ath9k_htc: USB layer deinitialized [ 298.094610][T14074] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3645'. [ 298.249820][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 298.249835][ T29] audit: type=1400 audit(1740200399.628:1278): avc: denied { read } for pid=14078 comm="syz.2.3649" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 298.249874][ T29] audit: type=1400 audit(1740200399.628:1279): avc: denied { open } for pid=14078 comm="syz.2.3649" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 298.316073][ T29] audit: type=1400 audit(1740200399.698:1280): avc: denied { ioctl } for pid=14078 comm="syz.2.3649" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 298.780891][ T5872] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 298.942841][ T5872] usb 4-1: config 0 has an invalid interface number: 176 but max is 2 [ 298.961147][ T5872] usb 4-1: config 0 has no interface number 1 [ 298.976430][ T5872] usb 4-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 298.986026][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.014929][ T5872] usb 4-1: config 0 descriptor?? [ 299.313181][ T5872] qcserial 4-1:0.2: Qualcomm USB modem converter detected [ 299.550080][T14112] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3663'. [ 299.551282][ T25] usb 4-1: USB disconnect, device number 33 [ 299.618501][ T25] qcserial 4-1:0.2: device disconnected [ 299.723298][ T29] audit: type=1400 audit(1740200401.108:1281): avc: denied { create } for pid=14117 comm="syz.2.3666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 299.753227][T14117] delete_channel: no stack [ 299.790527][ T29] audit: type=1400 audit(1740200401.138:1282): avc: denied { ioctl } for pid=14117 comm="syz.2.3666" path="socket:[46110]" dev="sockfs" ino=46110 ioctlcmd=0x4943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 299.815347][ C0] vkms_vblank_simulate: vblank timer overrun [ 299.885050][T14122] netlink: 'syz.1.3668': attribute type 14 has an invalid length. [ 300.077441][ T29] audit: type=1400 audit(1740200401.458:1283): avc: denied { mount } for pid=14131 comm="syz.1.3672" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 300.099634][ C0] vkms_vblank_simulate: vblank timer overrun [ 300.148233][ T29] audit: type=1400 audit(1740200401.498:1284): avc: denied { unmount } for pid=14131 comm="syz.1.3672" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 300.168132][ C0] vkms_vblank_simulate: vblank timer overrun [ 300.249554][ T29] audit: type=1400 audit(1740200401.628:1285): avc: denied { mount } for pid=14139 comm="syz.3.3678" name="/" dev="configfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 300.304198][ T29] audit: type=1400 audit(1740200401.658:1286): avc: denied { read } for pid=14139 comm="syz.3.3678" name="/" dev="configfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 300.334051][ T29] audit: type=1400 audit(1740200401.658:1287): avc: denied { open } for pid=14139 comm="syz.3.3678" path="/767/file0" dev="configfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 300.812687][ T5871] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 300.972487][ T5871] usb 2-1: Using ep0 maxpacket: 32 [ 300.989350][ T5871] usb 2-1: config 0 interface 0 has no altsetting 0 [ 301.011068][ T5871] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 301.045057][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.080530][ T5871] usb 2-1: Product: syz [ 301.091106][T14162] overlayfs: conflicting options: verity=require,redirect_dir=follow [ 301.093925][ T5871] usb 2-1: Manufacturer: syz [ 301.108852][ T5871] usb 2-1: SerialNumber: syz [ 301.138960][ T5871] usb 2-1: config 0 descriptor?? [ 301.568846][ T5871] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 301.615511][T14191] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3699'. [ 301.771964][ T5871] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 301.807155][ T5871] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22 [ 301.809571][T14200] syz.0.3704 (14200): drop_caches: 2 [ 302.001214][ T5873] usb 2-1: USB disconnect, device number 30 [ 302.150921][ T5872] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 302.301054][ T5872] usb 3-1: Using ep0 maxpacket: 8 [ 302.314834][ T5872] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 302.334646][ T5872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.347277][T14228] gtp0: entered promiscuous mode [ 302.350697][ T5872] usb 3-1: Product: syz [ 302.360207][T14228] gtp0: entered allmulticast mode [ 302.366569][ T5872] usb 3-1: Manufacturer: syz [ 302.376686][ T5872] usb 3-1: SerialNumber: syz [ 302.389545][ T5872] usb 3-1: config 0 descriptor?? [ 302.413376][T14230] bond_slave_1: entered promiscuous mode [ 302.421165][T14230] bond0: (slave bond_slave_1): Releasing backup interface [ 302.430223][T14230] netlink: 'syz.3.3717': attribute type 2 has an invalid length. [ 302.449503][T14230] A link change request failed with some changes committed already. Interface bond_slave_1 may have been left with an inconsistent configuration, please check. [ 302.624901][ T5872] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 303.019559][T14250] netlink: 165 bytes leftover after parsing attributes in process `syz.1.3727'. [ 303.239146][ T5872] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 303.264967][ T5872] usb 3-1: USB disconnect, device number 28 [ 303.270252][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 303.270266][ T29] audit: type=1326 audit(1740200404.648:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14254 comm="syz.1.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7f05a178d169 code=0x7ffc0000 [ 303.327874][ T29] audit: type=1326 audit(1740200404.668:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14254 comm="syz.1.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a178d169 code=0x7ffc0000 [ 303.445833][ T29] audit: type=1326 audit(1740200404.668:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14254 comm="syz.1.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05a178d169 code=0x7ffc0000 [ 303.486352][ T29] audit: type=1326 audit(1740200404.668:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14256 comm="syz.1.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f05a1729359 code=0x7ffc0000 [ 303.515085][ T29] audit: type=1326 audit(1740200404.668:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14256 comm="syz.1.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f05a178d169 code=0x7ffc0000 [ 303.695982][T14274] random: crng reseeded on system resumption [ 303.724221][T14276] netlink: 10 bytes leftover after parsing attributes in process `syz.5.3739'. [ 303.910925][ T5872] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 303.956304][T14283] syz_tun: entered allmulticast mode [ 304.001804][T14281] syz_tun: left allmulticast mode [ 304.082137][ T5872] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 304.108665][ T5872] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 304.114131][ T29] audit: type=1400 audit(1740200405.488:1309): avc: denied { write } for pid=14287 comm="syz.2.3744" name="file0" dev="tmpfs" ino=4023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 304.142033][ T5872] usb 2-1: config 0 interface 0 has no altsetting 0 [ 304.142070][ T5872] usb 2-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 304.142095][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.170586][ T5872] usb 2-1: config 0 descriptor?? [ 304.195903][ T29] audit: type=1400 audit(1740200405.488:1310): avc: denied { open } for pid=14287 comm="syz.2.3744" path="/788/file0" dev="tmpfs" ino=4023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 304.229967][T14272] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 304.450109][T14302] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3750'. [ 304.496448][T14302] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3750'. [ 304.686390][ T5872] hid-u2fzero 0003:10C4:8ACF.002D: unknown main item tag 0x0 [ 304.700682][ T5872] hid-u2fzero 0003:10C4:8ACF.002D: unknown main item tag 0x0 [ 304.740143][ T5872] hid-u2fzero 0003:10C4:8ACF.002D: item fetching failed at offset 2/5 [ 304.764556][ T5872] hid-u2fzero 0003:10C4:8ACF.002D: probe with driver hid-u2fzero failed with error -22 [ 304.916367][ T5872] usb 2-1: USB disconnect, device number 31 [ 306.046985][ T29] audit: type=1400 audit(1740200407.428:1311): avc: denied { name_bind } for pid=14377 comm="syz.5.3783" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 306.068194][ C0] vkms_vblank_simulate: vblank timer overrun [ 306.103388][ T29] audit: type=1400 audit(1740200407.428:1312): avc: denied { create } for pid=14373 comm="syz.1.3782" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 306.146193][ T29] audit: type=1400 audit(1740200407.468:1313): avc: denied { getopt } for pid=14373 comm="syz.1.3782" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 306.166282][ C0] vkms_vblank_simulate: vblank timer overrun [ 306.659829][T14403] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3792'. [ 306.733850][ T25] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 306.927986][ T25] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 306.945394][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.972843][ T25] usb 3-1: Product: syz [ 306.977038][ T25] usb 3-1: Manufacturer: syz [ 306.986762][ T25] usb 3-1: SerialNumber: syz [ 307.010607][ T25] usb 3-1: config 0 descriptor?? [ 307.034876][ T25] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 029 [ 307.377702][T14431] sit1: entered allmulticast mode [ 307.522318][ T5873] usb 2-1: new full-speed USB device number 32 using dummy_hcd [ 307.655703][ T25] i2c i2c-1: connected i2c-tiny-usb device [ 307.705105][ T5873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 7278, setting to 64 [ 307.738666][ T5873] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 307.754633][T14450] netlink: 'syz.0.3812': attribute type 13 has an invalid length. [ 307.761963][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.787041][ T5873] usb 2-1: config 0 descriptor?? [ 307.807504][T14450] gretap0: refused to change device tx_queue_len [ 307.813667][T14452] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3813'. [ 307.822939][T14428] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 307.827280][T14450] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 307.831802][ T5873] hub 2-1:0.0: USB hub found [ 307.851819][T14452] netlink: 'syz.5.3813': attribute type 30 has an invalid length. [ 307.866888][ T9] usb 3-1: USB disconnect, device number 29 [ 308.052715][ T5873] hub 2-1:0.0: 1 port detected [ 308.344312][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 308.344329][ T29] audit: type=1400 audit(1740200409.728:1325): avc: denied { ioctl } for pid=14471 comm="syz.5.3822" path="socket:[48048]" dev="sockfs" ino=48048 ioctlcmd=0x8b06 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 308.443248][ T29] audit: type=1400 audit(1740200409.798:1326): avc: denied { create } for pid=14475 comm="syz.3.3823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 308.479530][ T5873] usb 2-1: USB disconnect, device number 32 [ 308.541730][ T29] audit: type=1400 audit(1740200409.818:1327): avc: denied { write } for pid=14475 comm="syz.3.3823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 309.994098][T14550] netlink: 'syz.2.3855': attribute type 1 has an invalid length. [ 310.322656][T14564] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 310.441456][ T5872] kernel read not supported for file /adsp1 (pid: 5872 comm: kworker/0:4) [ 310.844569][T14587] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 310.901662][ T29] audit: type=1400 audit(1740200412.268:1328): avc: denied { unmount } for pid=5828 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 311.490034][ T29] audit: type=1400 audit(1740200412.868:1329): avc: denied { read } for pid=14608 comm="syz.1.3883" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 311.573834][ T29] audit: type=1400 audit(1740200412.898:1330): avc: denied { open } for pid=14608 comm="syz.1.3883" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 311.658922][ T29] audit: type=1400 audit(1740200412.908:1331): avc: denied { map } for pid=14608 comm="syz.1.3883" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 311.685261][ T5905] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 311.836062][ T29] audit: type=1400 audit(1740200413.218:1332): avc: denied { connect } for pid=14616 comm="syz.1.3887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 311.857914][ T5905] usb 4-1: Using ep0 maxpacket: 32 [ 311.882788][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 311.902857][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 311.915042][ T5905] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 311.925652][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.938681][ T5905] usb 4-1: config 0 descriptor?? [ 312.081318][ T5873] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 312.251130][ T5873] usb 1-1: Using ep0 maxpacket: 32 [ 312.270218][ T5873] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 312.279625][ T5873] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.316541][ T5873] usb 1-1: config 0 descriptor?? [ 312.334455][ T5873] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 312.364058][ T5905] ft260 0003:0403:6030.002E: item fetching failed at offset 0/2 [ 312.382910][ T5905] ft260 0003:0403:6030.002E: failed to parse HID [ 312.414657][ T5905] ft260 0003:0403:6030.002E: probe with driver ft260 failed with error -22 [ 312.426513][T14638] input: syz0 as /devices/virtual/input/input47 [ 312.617470][ T29] audit: type=1400 audit(1740200413.998:1333): avc: denied { ioctl } for pid=14643 comm="syz.5.3901" path="socket:[48377]" dev="sockfs" ino=48377 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 312.644615][ T25] usb 4-1: USB disconnect, device number 34 [ 312.740830][T14653] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3904'. [ 312.938015][T14663] tipc: Started in network mode [ 312.955199][ T5872] usb 1-1: USB disconnect, device number 35 [ 312.960692][T14663] tipc: Node identity ff, cluster identity 4711 [ 312.991735][T14663] tipc: Enabling of bearer rejected, failed to enable media [ 313.510840][ T5872] kernel read not supported for file /dsp1 (pid: 5872 comm: kworker/0:4) [ 313.721944][ T29] audit: type=1400 audit(1740200415.108:1334): avc: denied { read } for pid=14693 comm="syz.1.3922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 313.777477][ T29] audit: type=1400 audit(1740200415.158:1335): avc: denied { write } for pid=14693 comm="syz.1.3922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 314.335641][T14720] netlink: 92 bytes leftover after parsing attributes in process `syz.1.3931'. [ 314.932690][ T29] audit: type=1400 audit(1740200416.308:1336): avc: denied { setopt } for pid=14748 comm="syz.5.3945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 315.021754][ T29] audit: type=1400 audit(1740200416.378:1337): avc: denied { setopt } for pid=14753 comm="syz.1.3947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 315.152528][ T29] audit: type=1400 audit(1740200416.528:1338): avc: denied { setopt } for pid=14758 comm="syz.0.3950" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 315.301392][T14770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3955'. [ 315.583579][T14778] 9pnet_virtio: no channels available for device syz [ 316.268102][ T29] audit: type=1400 audit(1740200417.638:1339): avc: denied { getopt } for pid=14802 comm="syz.5.3970" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 317.226090][T14834] input: syz1 as /devices/virtual/input/input48 [ 317.252894][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.259208][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.159269][ T29] audit: type=1400 audit(1740200420.538:1340): avc: denied { read } for pid=14908 comm="syz.3.4018" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 319.225937][ T29] audit: type=1400 audit(1740200420.538:1341): avc: denied { open } for pid=14908 comm="syz.3.4018" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 319.283098][ T29] audit: type=1400 audit(1740200420.538:1342): avc: denied { ioctl } for pid=14908 comm="syz.3.4018" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 319.463783][ T29] audit: type=1400 audit(1740200420.848:1343): avc: denied { connect } for pid=14915 comm="syz.1.4020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 319.557201][T14921] netlink: 'syz.2.4023': attribute type 5 has an invalid length. [ 319.678508][ T29] audit: type=1400 audit(1740200421.038:1344): avc: denied { setopt } for pid=14924 comm="syz.3.4025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 319.720293][ T29] audit: type=1400 audit(1740200421.038:1345): avc: denied { listen } for pid=14924 comm="syz.3.4025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 319.779476][ T29] audit: type=1400 audit(1740200421.158:1346): avc: denied { ioctl } for pid=14934 comm="syz.3.4029" path="socket:[48886]" dev="sockfs" ino=48886 ioctlcmd=0x89ef scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 319.885424][ T29] audit: type=1400 audit(1740200421.268:1347): avc: denied { setopt } for pid=14938 comm="syz.3.4032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 319.910785][ T9] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 320.070772][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 320.077337][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.097926][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 320.108981][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 320.125244][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.136795][ T9] usb 2-1: config 0 descriptor?? [ 425.120575][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 425.127551][ C0] rcu: 1-...!: (1 GPs behind) idle=3fa4/1/0x4000000000000000 softirq=53838/53839 fqs=2 [ 425.138638][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P9461/1:b..l [ 425.146552][ C0] rcu: (detected by 0, t=10502 jiffies, g=54993, q=176 ncpus=2) [ 425.154270][ C0] Sending NMI from CPU 0 to CPUs 1: [ 425.154299][ C1] NMI backtrace for cpu 1 [ 425.154310][ C1] CPU: 1 UID: 0 PID: 14944 Comm: syz.2.4030 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0 [ 425.154331][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 425.154342][ C1] RIP: 0010:mark_lock+0x129/0xc60 [ 425.154370][ C1] Code: 00 00 48 c7 40 10 00 00 00 00 48 8b 84 24 08 01 00 00 65 48 2b 04 25 28 00 00 00 0f 85 56 09 00 00 48 8d 65 d8 89 d0 5b 41 5c <41> 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 8d 7e 22 48 89 f8 48 c1 e8 [ 425.154387][ C1] RSP: 0018:ffffc90000a18ac8 EFLAGS: 00000046 [ 425.154400][ C1] RAX: 0000000000000001 RBX: ffff888032468bb2 RCX: 1ffffffff2dd8628 [ 425.154412][ C1] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffffff96ec3140 [ 425.154423][ C1] RBP: ffffc90000a18ae0 R08: 0000000000000000 R09: fffffbfff2dd8598 [ 425.154435][ C1] R10: ffffffff96ec2cc7 R11: 0000000000000004 R12: ffffed100648d15d [ 425.154446][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 1ffff9200014313a [ 425.154457][ C1] FS: 00007fd7eedf66c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 425.154475][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 425.154487][ C1] CR2: 0000400000003c80 CR3: 00000000344ae000 CR4: 00000000003526f0 [ 425.154498][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 425.154508][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 425.154519][ C1] Call Trace: [ 425.154525][ C1] [ 425.154532][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 425.154562][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 425.154586][ C1] ? nmi_handle+0x1ac/0x5d0 [ 425.154611][ C1] ? mark_lock+0x129/0xc60 [ 425.154634][ C1] ? default_do_nmi+0x6a/0x160 [ 425.154660][ C1] ? exc_nmi+0x170/0x1e0 [ 425.154684][ C1] ? end_repeat_nmi+0xf/0x53 [ 425.154714][ C1] ? mark_lock+0x129/0xc60 [ 425.154741][ C1] ? mark_lock+0x129/0xc60 [ 425.154764][ C1] ? mark_lock+0x129/0xc60 [ 425.154786][ C1] [ 425.154792][ C1] [ 425.154798][ C1] __lock_acquire+0x1390/0x3c40 [ 425.154824][ C1] ? __lock_acquire+0x2/0x3c40 [ 425.154848][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 425.154873][ C1] ? lock_acquire.part.0+0x11b/0x380 [ 425.154899][ C1] lock_acquire.part.0+0x11b/0x380 [ 425.154923][ C1] ? debug_object_deactivate+0x13b/0x370 [ 425.154945][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 425.154970][ C1] ? rcu_is_watching+0x12/0xc0 [ 425.154988][ C1] ? trace_lock_acquire+0x14e/0x1f0 [ 425.155008][ C1] ? debug_object_activate+0x149/0x4a0 [ 425.155028][ C1] ? debug_object_deactivate+0x13b/0x370 [ 425.155048][ C1] ? lock_acquire+0x2f/0xb0 [ 425.155070][ C1] ? debug_object_deactivate+0x13b/0x370 [ 425.155091][ C1] _raw_spin_lock_irqsave+0x3a/0x60 [ 425.155109][ C1] ? debug_object_deactivate+0x13b/0x370 [ 425.155128][ C1] debug_object_deactivate+0x13b/0x370 [ 425.155149][ C1] ? __pfx_debug_object_deactivate+0x10/0x10 [ 425.155171][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 425.155190][ C1] ? __pfx_advance_sched+0x10/0x10 [ 425.155217][ C1] __hrtimer_run_queues+0x47c/0xae0 [ 425.155238][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 425.155255][ C1] ? read_tsc+0x9/0x20 [ 425.155276][ C1] hrtimer_interrupt+0x392/0x8e0 [ 425.155299][ C1] __sysvec_apic_timer_interrupt+0x10f/0x400 [ 425.155327][ C1] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 425.155346][ C1] [ 425.155351][ C1] [ 425.155358][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 425.155383][ C1] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 [ 425.155402][ C1] Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 0a da 3c f6 48 89 df e8 62 59 3d f6 e8 ad d1 67 f6 fb bf 01 00 00 00 f2 2f 2e f6 65 8b 05 13 14 aa 74 85 c0 74 06 5b c3 cc cc cc cc [ 425.155418][ C1] RSP: 0018:ffffc9000cadf4c0 EFLAGS: 00000202 [ 425.155431][ C1] RAX: 00000000000019c7 RBX: ffff88802a3544f8 RCX: 1ffffffff2dd93a2 [ 425.155442][ C1] RDX: 0000000000000000 RSI: ffffffff8b6ceca0 RDI: 0000000000000001 [ 425.155453][ C1] RBP: ffff88802a3544f0 R08: 0000000000000001 R09: fffffbfff2dd859a [ 425.155464][ C1] R10: ffffffff96ec2cd7 R11: 0000000000000004 R12: ffff88802a3544f8 [ 425.155476][ C1] R13: ffff88802a3544f0 R14: 0000000000000000 R15: ffffc9000cadf7c8 [ 425.155493][ C1] filemap_remove_folio+0x106/0x250 [ 425.155520][ C1] truncate_inode_folio+0x49/0x70 [ 425.155538][ C1] shmem_undo_range+0x36e/0x1170 [ 425.155566][ C1] ? __pfx_shmem_undo_range+0x10/0x10 [ 425.155589][ C1] ? free_frozen_pages+0x7f6/0xfb0 [ 425.155616][ C1] ? find_held_lock+0x2d/0x110 [ 425.155644][ C1] ? __pfx_unmap_mapping_range+0x10/0x10 [ 425.155669][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 425.155685][ C1] ? lock_acquire+0x2f/0xb0 [ 425.155707][ C1] ? shmem_fallocate+0x9b9/0xfb0 [ 425.155746][ C1] shmem_fallocate+0xa35/0xfb0 [ 425.155770][ C1] ? hlock_class+0x4e/0x130 [ 425.155787][ C1] ? __lock_acquire+0x15a9/0x3c40 [ 425.155814][ C1] ? __pfx_shmem_fallocate+0x10/0x10 [ 425.155837][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 425.155854][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 425.155887][ C1] ? madvise_vma_behavior+0x1ae3/0x1de0 [ 425.155911][ C1] ? __pfx_shmem_fallocate+0x10/0x10 [ 425.155935][ C1] vfs_fallocate+0x60d/0x10d0 [ 425.155953][ C1] ? __pfx_vfs_fallocate+0x10/0x10 [ 425.155969][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 425.155997][ C1] madvise_vma_behavior+0x1ae3/0x1de0 [ 425.156021][ C1] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 425.156049][ C1] ? find_vma_prev+0xdb/0x160 [ 425.156075][ C1] ? __pfx_find_vma_prev+0x10/0x10 [ 425.156103][ C1] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 425.156130][ C1] ? do_madvise+0x2b3/0x7c0 [ 425.156153][ C1] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 425.156174][ C1] madvise_walk_vmas+0x1cf/0x2c0 [ 425.156196][ C1] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 425.156215][ C1] ? reacquire_held_locks+0x20b/0x4c0 [ 425.156242][ C1] do_madvise+0x366/0x7c0 [ 425.156264][ C1] ? __pfx_do_madvise+0x10/0x10 [ 425.156285][ C1] ? __pfx_lock_release+0x10/0x10 [ 425.156314][ C1] ? do_user_addr_fault+0x83d/0x13f0 [ 425.156339][ C1] __x64_sys_madvise+0xa9/0x110 [ 425.156361][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 425.156379][ C1] do_syscall_64+0xcd/0x250 [ 425.156401][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.156425][ C1] RIP: 0033:0x7fd7f0f8d169 [ 425.156439][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.156456][ C1] RSP: 002b:00007fd7eedf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 425.156472][ C1] RAX: ffffffffffffffda RBX: 00007fd7f11a6080 RCX: 00007fd7f0f8d169 [ 425.156484][ C1] RDX: 0000000000000009 RSI: 0000000000600002 RDI: 0000400000000000 [ 425.156495][ C1] RBP: 00007fd7f100e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 425.156505][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 425.156516][ C1] R13: 0000000000000001 R14: 00007fd7f11a6080 R15: 00007ffe6c0f0258 [ 425.156533][ C1] [ 425.157294][ C0] task:syz-executor state:R running task stack:23376 pid:9461 tgid:9461 ppid:9448 task_flags:0x400140 flags:0x00000000 [ 425.856640][ C0] Call Trace: [ 425.859917][ C0] [ 425.862850][ C0] __schedule+0xf43/0x5890 [ 425.867277][ C0] ? hlock_class+0x4e/0x130 [ 425.871786][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 425.876993][ C0] ? __pfx_mark_lock+0x10/0x10 [ 425.881765][ C0] ? __pfx___schedule+0x10/0x10 [ 425.886612][ C0] ? find_held_lock+0x2d/0x110 [ 425.891385][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 425.896766][ C0] preempt_schedule_common+0x44/0xc0 [ 425.902058][ C0] preempt_schedule_thunk+0x1a/0x30 [ 425.907269][ C0] _raw_spin_unlock+0x3e/0x50 [ 425.911948][ C0] copy_page_range+0x1e7f/0x5690 [ 425.916926][ C0] ? __pfx_copy_page_range+0x10/0x10 [ 425.922222][ C0] ? find_held_lock+0x2d/0x110 [ 425.926993][ C0] ? __pfx_lock_release+0x10/0x10 [ 425.932022][ C0] ? lock_acquire+0x2f/0xb0 [ 425.936530][ C0] ? copy_process+0x7c12/0x8c50 [ 425.941381][ C0] ? down_write+0x14e/0x200 [ 425.945890][ C0] ? up_write+0x1b2/0x520 [ 425.950234][ C0] copy_process+0x7ccb/0x8c50 [ 425.954929][ C0] ? __pfx_copy_process+0x10/0x10 [ 425.959956][ C0] ? __pfx_mark_lock+0x10/0x10 [ 425.964751][ C0] kernel_clone+0xfd/0x960 [ 425.969167][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 425.974368][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 425.979395][ C0] ? reacquire_held_locks+0x20b/0x4c0 [ 425.984773][ C0] ? do_user_addr_fault+0xdc7/0x13f0 [ 425.990074][ C0] __do_sys_clone+0xcf/0x120 [ 425.994660][ C0] ? __pfx___do_sys_clone+0x10/0x10 [ 425.999876][ C0] ? do_user_addr_fault+0x83d/0x13f0 [ 426.005171][ C0] do_syscall_64+0xcd/0x250 [ 426.009701][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.015599][ C0] RIP: 0033:0x7fe3871839d3 [ 426.020009][ C0] RSP: 002b:00007fffe3e2b688 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 426.028424][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe3871839d3 [ 426.036392][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 426.044358][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 426.052324][ C0] R10: 000055558594a7d0 R11: 0000000000000246 R12: 0000000000000000 [ 426.060292][ C0] R13: 00000000000927c0 R14: 000000000004e212 R15: 00007fffe3e2b820 [ 426.068275][ C0] [ 426.071289][ C0] rcu: rcu_preempt kthread starved for 10498 jiffies! g54993 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 426.082476][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 426.092435][ C0] rcu: RCU grace-period kthread stack dump: [ 426.098313][ C0] task:rcu_preempt state:R running task stack:28208 pid:17 tgid:17 ppid:2 task_flags:0x208040 flags:0x00004000 [ 426.111824][ C0] Call Trace: [ 426.115097][ C0] [ 426.118026][ C0] __schedule+0xf43/0x5890 [ 426.122461][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 426.127704][ C0] ? __pfx___schedule+0x10/0x10 [ 426.132557][ C0] ? schedule+0x298/0x350 [ 426.136885][ C0] ? __pfx_lock_release+0x10/0x10 [ 426.141925][ C0] ? lock_acquire+0x2f/0xb0 [ 426.146433][ C0] ? schedule+0x1fd/0x350 [ 426.150765][ C0] schedule+0xe7/0x350 [ 426.154833][ C0] schedule_timeout+0x124/0x280 [ 426.159694][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 426.165075][ C0] ? __pfx_process_timeout+0x10/0x10 [ 426.170368][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 426.176176][ C0] ? prepare_to_swait_event+0xf3/0x470 [ 426.181648][ C0] rcu_gp_fqs_loop+0x1eb/0xb00 [ 426.186426][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 426.191719][ C0] ? rcu_gp_init+0xc82/0x1630 [ 426.196406][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 426.201611][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 426.207423][ C0] rcu_gp_kthread+0x271/0x380 [ 426.212110][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 426.217320][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 426.222521][ C0] ? __kthread_parkme+0x148/0x220 [ 426.227547][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 426.232757][ C0] kthread+0x3af/0x750 [ 426.236830][ C0] ? __pfx_kthread+0x10/0x10 [ 426.241427][ C0] ? __pfx_kthread+0x10/0x10 [ 426.246035][ C0] ret_from_fork+0x45/0x80 [ 426.250465][ C0] ? __pfx_kthread+0x10/0x10 [ 426.255062][ C0] ret_from_fork_asm+0x1a/0x30 [ 426.259842][ C0] [ 426.262854][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 426.269167][ C0] CPU: 0 UID: 0 PID: 14932 Comm: syz.2.4030 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0 [ 426.279926][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 426.289997][ C0] RIP: 0010:write_comp_data+0x0/0x90 [ 426.295295][ C0] Code: 48 8b 05 43 01 4a 7e 48 8b 80 20 16 00 00 c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <49> 89 d2 49 89 f8 49 89 f1 65 48 8b 15 0f 01 4a 7e 65 8b 05 10 01 [ 426.314904][ C0] RSP: 0000:ffffc9000ba079c0 EFLAGS: 00000202 [ 426.320984][ C0] RAX: 0000000000000001 RBX: ffff8880b8744a80 RCX: ffffffff81add08a [ 426.328950][ C0] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000005 [ 426.336919][ C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 426.344888][ C0] R10: 0000000000000001 R11: 0000000000000003 R12: ffffed10170e8951 [ 426.352859][ C0] R13: 0000000000000001 R14: ffff8880b863fe80 R15: ffff8880b8744a88 [ 426.360832][ C0] FS: 000055557fc5a500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 426.369760][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 426.376341][ C0] CR2: 00007fd7f11a19d0 CR3: 00000000344ae000 CR4: 00000000003526f0 [ 426.384311][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 426.392277][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 426.400243][ C0] Call Trace: [ 426.403513][ C0] [ 426.406357][ C0] ? rcu_check_gp_kthread_starvation+0x31b/0x450 [ 426.412690][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 426.417893][ C0] ? rcu_sched_clock_irq+0x247a/0x3310 [ 426.423362][ C0] ? __pfx_tmigr_requires_handle_remote_up+0x10/0x10 [ 426.430050][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 426.435685][ C0] ? tmigr_requires_handle_remote+0x140/0x310 [ 426.441754][ C0] ? __pfx_tmigr_requires_handle_remote+0x10/0x10 [ 426.448169][ C0] ? cgroup_rstat_updated+0x2a/0xb20 [ 426.453461][ C0] ? hrtimer_run_queues+0x97/0x500 [ 426.458574][ C0] ? update_process_times+0x178/0x2d0 [ 426.463954][ C0] ? __pfx_update_process_times+0x10/0x10 [ 426.469683][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 426.475144][ C0] ? update_wall_time+0x1c/0x40 [ 426.480005][ C0] ? tick_nohz_handler+0x376/0x530 [ 426.485120][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 426.490576][ C0] ? __hrtimer_run_queues+0x5fb/0xae0 [ 426.495955][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 426.501685][ C0] ? read_tsc+0x9/0x20 [ 426.505785][ C0] ? hrtimer_interrupt+0x392/0x8e0 [ 426.510912][ C0] ? __sysvec_apic_timer_interrupt+0x10f/0x400 [ 426.517082][ C0] ? sysvec_apic_timer_interrupt+0x9f/0xc0 [ 426.522889][ C0] [ 426.525813][ C0] [ 426.528739][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 426.534906][ C0] ? smp_call_function_many_cond+0x4ea/0x12c0 [ 426.540972][ C0] ? __pfx_write_comp_data+0x10/0x10 [ 426.546268][ C0] smp_call_function_many_cond+0x4ea/0x12c0 [ 426.552162][ C0] ? __pfx_should_flush_tlb+0x10/0x10 [ 426.557542][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 426.562740][ C0] ? __pfx_should_flush_tlb+0x10/0x10 [ 426.568110][ C0] on_each_cpu_cond_mask+0x40/0x90 [ 426.573223][ C0] flush_tlb_mm_range+0x271/0x4a0 [ 426.578251][ C0] ? __pfx___page_table_check_pte_clear+0x10/0x10 [ 426.584669][ C0] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 426.590220][ C0] ? __pfx_pte_mkwrite+0x10/0x10 [ 426.595157][ C0] ptep_clear_flush+0x136/0x180 [ 426.600019][ C0] do_wp_page+0x159a/0x4670 [ 426.604535][ C0] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 426.610174][ C0] ? __pfx_do_wp_page+0x10/0x10 [ 426.615031][ C0] ? rcu_is_watching+0x12/0xc0 [ 426.619797][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 426.625168][ C0] ? lock_acquire+0x2f/0xb0 [ 426.629678][ C0] ? __handle_mm_fault+0xf22/0x2c60 [ 426.634887][ C0] __handle_mm_fault+0x1c7c/0x2c60 [ 426.640003][ C0] ? lock_vma_under_rcu+0x6b9/0x980 [ 426.645212][ C0] ? __pfx___handle_mm_fault+0x10/0x10 [ 426.650693][ C0] handle_mm_fault+0x3fa/0xaa0 [ 426.655461][ C0] do_user_addr_fault+0x60d/0x13f0 [ 426.660588][ C0] exc_page_fault+0x5c/0xc0 [ 426.665100][ C0] asm_exc_page_fault+0x26/0x30 [ 426.669957][ C0] RIP: 0033:0x7fd7f0e4c9fc [ 426.674368][ C0] Code: 23 83 c0 01 44 39 d0 75 dc 48 89 f0 25 ff 1f 00 00 49 89 34 c1 41 88 3c 00 31 c0 c3 66 90 41 38 3c 10 74 0b 41 88 3c 10 31 c0 <49> 89 34 d1 c3 b8 01 00 00 00 c3 66 0f 1f 84 00 00 00 00 00 55 48 [ 426.693976][ C0] RSP: 002b:00007ffe6c0f0288 EFLAGS: 00010246 [ 426.700056][ C0] RAX: 0000000000000000 RBX: 00007fd7f1cd5720 RCX: 0000000000000000 [ 426.708027][ C0] RDX: 0000000000001f3a RSI: ffffffff847a7f3a RDI: 0000000000000001 [ 426.715992][ C0] RBP: ffffffff847a7f3a R08: 00007fd7f1190000 R09: 00007fd7f1192000 [ 426.723958][ C0] R10: 00000000847a7f3e R11: 0000000000000001 R12: 0000000000000001 [ 426.731933][ C0] R13: 0000000000000000 R14: ffffffff847a7c4f R15: 000000000000000c [ 426.739908][ C0] ? selinux_mmap_file+0x11f/0x1b0 [ 426.745025][ C0] ? selinux_binder_transfer_binder+0x11a/0x120 [ 426.751273][ C0] ? selinux_binder_transfer_binder+0x11a/0x120 [ 426.757522][ C0] [ 426.760904][ C0] vkms_vblank_simulate: vblank timer overrun