last executing test programs: 1m11.673154862s ago: executing program 2 (id=3375): pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_io_uring_setup(0x9ee, &(0x7f00000003c0)={0x0, 0xc95c, 0x100, 0x3, 0xfffffffe}, &(0x7f00000000c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0xc, 0x4, r0, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r1, 0x7ffa, 0xba1c, 0x40, 0x0, 0x39) 1m11.459849291s ago: executing program 2 (id=3378): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0, 0x0, 0x4}, 0x18) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r1, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) 1m11.392825417s ago: executing program 2 (id=3379): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x5, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x83, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e24, 0x9, @loopback, 0x5}}, 0xffffffff, 0x8, 0x0, 0x2, 0xc8, 0xd4d4, 0x2}, &(0x7f0000000280)=0x9c) 1m11.311224798s ago: executing program 2 (id=3382): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000001300)='./file0/file0\x00', 0x1ea) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x80000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x12d7498, 0x0) umount2(&(0x7f00000010c0)='./file0/file0\x00', 0x1) 1m11.194436402s ago: executing program 2 (id=3383): sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x0, 0x1, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20004000}, 0x4) syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_setup(0x2, &(0x7f0000000000)=0x0) r1 = eventfd(0x0) io_submit(r0, 0x2, &(0x7f0000000280)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x100, r1, &(0x7f0000000100)="0000fd6000000000", 0x8, 0x3}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x0, r1, 0x0, 0x0, 0x1000a, 0x0, 0x1, r1}]) sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4000010) 1m10.689494946s ago: executing program 2 (id=3389): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0) 1m10.482913856s ago: executing program 32 (id=3389): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0) 52.820850124s ago: executing program 5 (id=3576): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="05000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) close(r2) 52.586342004s ago: executing program 5 (id=3579): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r1, r2, 0x26, 0x0, @void}, 0x10) bpf$LINK_DETACH(0x22, &(0x7f0000000480)=r3, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 52.41784854s ago: executing program 5 (id=3583): r0 = syz_open_procfs(0x0, &(0x7f0000000780)='net/tcp6\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4) setsockopt(r1, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x507b420f2d51f971) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e1e, 0x0, @loopback, 0x2}, 0x1c) preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000001140)=""/4096, 0x1000}], 0x1, 0x2, 0x0) 52.201700364s ago: executing program 5 (id=3586): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x12c5c18, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x2a05004, 0x0) umount2(&(0x7f0000000180)='./file0/file0\x00', 0x0) 52.031482218s ago: executing program 5 (id=3589): r0 = openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) read(r0, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) set_tid_address(0x0) 51.413187744s ago: executing program 5 (id=3595): r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1ffec0e90101c7bb0000b00000000000", 0x26) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) r1 = io_uring_setup(0x4a86, &(0x7f0000000300)={0x0, 0x4178, 0x40, 0x8001002, 0x3d7}) close_range(r1, 0xffffffffffffffff, 0x0) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2}) 50.932571824s ago: executing program 33 (id=3595): r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1ffec0e90101c7bb0000b00000000000", 0x26) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) r1 = io_uring_setup(0x4a86, &(0x7f0000000300)={0x0, 0x4178, 0x40, 0x8001002, 0x3d7}) close_range(r1, 0xffffffffffffffff, 0x0) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2}) 3.660795457s ago: executing program 3 (id=4116): r0 = openat$nci(0xffffff9c, &(0x7f0000000240), 0x2, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) read$nci(r0, 0x0, 0x0) 3.497150772s ago: executing program 6 (id=4117): r0 = syz_usb_connect$cdc_ncm(0x3, 0x7a, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000020000402505a1a44000018203010902680002010040000904000001020e0000052406000105240000000d240f0100000000000000000006241a0000000c241b4800f3ff00050080050945811302020000000904010000020d00000904010102020d00000905820200f6f10000090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000a00)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 3.350166624s ago: executing program 3 (id=4118): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000b00)=[{{&(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0x30}}], 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000180)={'bridge0\x00', &(0x7f0000000280)=@ethtool_sset_info={0x37, 0x3, 0x1, [0xfff]}}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x973, 0x1c080, 0x0, 0x44a}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 3.037967908s ago: executing program 3 (id=4119): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x0, 0x3}, 0xff}, 0x18) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xffffffffffffffff, 0x0, 0x800, 0x2, 0x80000000000004, 0x6}, 0x0, &(0x7f0000000400)={0x1f, 0x0, 0x800000000000, 0xfffffffffffffffe, 0x1000000000, 0xfffffffffffffffc, 0xfffffffffffffffe}, 0x0, 0x0) 2.114433595s ago: executing program 4 (id=4124): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0xffffffff9673e35d]}}) 1.953721607s ago: executing program 3 (id=4125): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, &(0x7f0000000300)={[{@quota}, {@grpquota_inode_hardlimit={'grpquota_inode_hardlimit', 0x3d, [0x37]}}]}) chdir(&(0x7f0000000240)='./file0\x00') mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 1.93570707s ago: executing program 4 (id=4126): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xc2300, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd25, 0x4, {0x0, 0x0, 0x0, r2, {0x4, 0x2}, {}, {0x1, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_DST={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, @TCA_FLOWER_KEY_ETH_DST_MASK={0xa, 0x5, [0x0, 0xff, 0x0, 0x0, 0x0, 0xff]}]}}]}, 0x4c}}, 0x20040054) 1.792774578s ago: executing program 3 (id=4128): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 1.733372228s ago: executing program 4 (id=4129): mount_setattr(0xffffffffffffffff, 0x0, 0x800, &(0x7f0000000200)={0x20, 0x76, 0x80000}, 0x20) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 1.491531476s ago: executing program 3 (id=4130): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4dd086d0492082a6d0000000109021b0001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x18, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000cc0)={0x44, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000040)={0x34, &(0x7f0000000140)={0x20, 0xe, 0x2, "897f"}, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.441667143s ago: executing program 4 (id=4131): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) r1 = syz_pidfd_open(r0, 0x0) wait4(r0, 0x0, 0x40000000, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc040ff0b, &(0x7f0000000200)) 1.305649052s ago: executing program 0 (id=4133): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x18) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f00000001c0)=0x2001) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x4, {}, {}, @result={0x1, 0x2}}, {0x0, 0x0, 0xff, 0x3, @tick=0xf27, {0x1, 0x31}, {}, @addr={0x2a, 0x5}}], 0x38) readv(r1, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x88}], 0x1) 1.170838161s ago: executing program 1 (id=4134): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) r1 = syz_io_uring_setup(0x38, &(0x7f0000000580)={0x0, 0xbbda, 0x13500}, &(0x7f0000000240), &(0x7f0000000480)) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x21, &(0x7f0000000440), 0x1) 1.167261049s ago: executing program 0 (id=4135): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}, 0x2, 0x3}}, 0x2e) getsockopt(r2, 0x111, 0x2, 0x0, &(0x7f0000000080)) 1.006513707s ago: executing program 0 (id=4136): unshare(0x20000400) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r0, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x8, 0x10, 0x8, 0x0, 0x0}}, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd7000fccbdf250900000005000700020000000800010001000000050008"], 0x2c}, 0x1, 0x0, 0x0, 0x24084001}, 0x0) 893.601885ms ago: executing program 1 (id=4137): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801004800000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) 799.660255ms ago: executing program 0 (id=4138): r0 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x2, 0x2}, 0x18, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000000)={0xe020, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x8, 0x0) 761.262985ms ago: executing program 6 (id=4139): syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000080)={'wg1\x00', 0x400}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ff9}]}) close_range(r1, 0xffffffffffffffff, 0x0) 692.137656ms ago: executing program 0 (id=4140): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='io_uring_link\x00', r0, 0x0, 0x4}, 0x18) r1 = syz_io_uring_setup(0x110, &(0x7f0000000380)={0x0, 0xfffffff8, 0x100}, &(0x7f00000007c0)=0x0, &(0x7f0000000800)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x44, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40000022}) io_uring_enter(r1, 0x47f6, 0x1, 0x8, 0x0, 0x0) 543.514109ms ago: executing program 1 (id=4141): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000040000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f00000001c0)=0x7f, 0x4) close(r2) 485.594488ms ago: executing program 0 (id=4142): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net\x00') exit(0xffff) fchdir(r0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) 466.016972ms ago: executing program 1 (id=4143): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00') r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x8000) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000210000000000000000000000000a6c000000160a3f360000000000000000020000000900010073797a30000000004000038008000240000000002c0003801400010076657468305f746f5f626f6e64000000140001007665746830000000000000000000000008000140000000000900020073797a300000000014000000110001"], 0x94}}, 0x8000) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b80)=ANY=[@ANYBLOB="20000000170a0103"], 0x20}, 0x1, 0x0, 0x0, 0x20000005}, 0x4000000) close_range(r0, 0xffffffffffffffff, 0x0) 444.778193ms ago: executing program 6 (id=4144): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) close_range(r0, 0xffffffffffffffff, 0x0) 347.935755ms ago: executing program 4 (id=4145): ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x51, 0x802, 0xff, 0x14, 0x402, 0x4}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 322.038809ms ago: executing program 6 (id=4146): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x4, 0x9, 0x7, 0x0, 0x1, 0x0, 0x2, 0x1, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x7, 0x20006, 0x1, 0x5], 0x8000000, 0x49340}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 310.47932ms ago: executing program 1 (id=4147): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000200)={0x0, 0x707b, 0x400, 0x2, 0x40288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x40000120, 0x4aa52520f215cfe4, {0x2}}) io_uring_enter(r2, 0x154e, 0x0, 0x41, 0x0, 0x0) 265.174835ms ago: executing program 4 (id=4148): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @random="53f1e2854e3b"}, 0x10) recvmmsg(r0, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0x4}], 0x2, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) recvfrom$llc(r0, 0x0, 0x0, 0x40002000, 0x0, 0x0) 142.238409ms ago: executing program 6 (id=4149): r0 = socket$inet_udp(0x2, 0x2, 0x0) close(0x3) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth0_macvtap\x00', 0x0}) sendmmsg$inet(r0, &(0x7f0000002240)=[{{&(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @local, @loopback}}}], 0x20}}], 0x1, 0x0) 27.599157ms ago: executing program 6 (id=4150): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x5, "17321748"}]}}, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3445}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000380)={0x2c, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41d}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 0s ago: executing program 1 (id=4151): syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000200)={0x0, 0x0, 0x1, "e9"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) kernel console output (not intermixed with test programs): 1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.868798][ T5936] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 251.880263][ T5906] usb 5-1: config 0 descriptor?? [ 251.898159][ T5936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.920505][ T5936] usb 2-1: config 0 descriptor?? [ 251.926454][T12499] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 252.289430][T12526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2866'. [ 252.306809][ T5906] plantronics 0003:047F:FFFF.002F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 252.367552][T12526] bond0: (slave bond_slave_1): Releasing backup interface [ 252.409596][ T5977] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 252.561708][ T5977] usb 4-1: Using ep0 maxpacket: 32 [ 252.568648][ T5977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 252.580803][ T5977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 252.587342][ T5906] usb 5-1: USB disconnect, device number 43 [ 252.590623][ T5977] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 252.590651][ T5977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.592616][ T5977] usb 4-1: config 0 descriptor?? [ 252.621834][ T5977] hub 4-1:0.0: USB hub found [ 252.630787][ T5851] usb 2-1: USB disconnect, device number 36 [ 252.633468][ T5858] Bluetooth: hci5: Opcode 0x0c03 failed: -19 [ 252.825225][ T5977] hub 4-1:0.0: 1 port detected [ 253.025061][T12539] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2872'. [ 253.032675][ T5977] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 253.034510][T12539] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2872'. [ 253.041212][ T5977] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 253.064127][ T5977] usbhid 4-1:0.0: can't add hid device: -71 [ 253.070680][ T5977] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 253.113081][ T5977] usb 4-1: USB disconnect, device number 38 [ 253.128365][T12541] trusted_key: syz.4.2873 sent an empty control message without MSG_MORE. [ 253.426450][ T30] audit: type=1400 audit(1758287065.510:897): avc: denied { append } for pid=12549 comm="syz.1.2877" name="sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 253.908926][ T5851] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 253.985498][T12575] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2888'. [ 253.998856][ T5977] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 254.058729][ T5851] usb 4-1: Using ep0 maxpacket: 32 [ 254.065217][ T5851] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 254.074081][ T5851] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 254.082952][ T5851] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 254.092467][ T5851] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 254.102212][ T5851] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 254.111971][ T5851] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 254.124972][ T5851] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 254.134155][ T5851] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.143608][ T5851] usb 4-1: config 0 descriptor?? [ 254.168872][ T5977] usb 5-1: Using ep0 maxpacket: 16 [ 254.176031][ T5977] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 254.188248][ T5977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 254.201786][ T5977] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 254.210937][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.219011][ T5977] usb 5-1: Product: syz [ 254.223214][ T5977] usb 5-1: Manufacturer: syz [ 254.227823][ T5977] usb 5-1: SerialNumber: syz [ 254.234568][ T5977] usb 5-1: config 0 descriptor?? [ 254.242261][ T5977] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 254.251653][ T5977] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 254.356117][ T5851] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 39 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 254.605164][ T5851] usb 4-1: USB disconnect, device number 39 [ 254.623418][ T5851] usblp0: removed [ 254.696830][T12589] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 254.741022][T12589] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.849096][ T5977] em28xx 5-1:0.0: unknown em28xx chip ID (232) [ 255.050122][ T5977] em28xx 5-1:0.0: Config register raw data: 0xe8 [ 255.056518][ T5977] em28xx 5-1:0.0: I2S Audio (3 sample rate(s)) [ 255.062966][ T5977] em28xx 5-1:0.0: No AC97 audio processor [ 255.128301][ T5851] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 255.211436][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.217887][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.256620][ T5977] usb 5-1: USB disconnect, device number 44 [ 255.291872][T12607] netlink: 'syz.3.2904': attribute type 29 has an invalid length. [ 255.303994][T12607] netlink: 'syz.3.2904': attribute type 29 has an invalid length. [ 255.313434][T12607] netlink: 500 bytes leftover after parsing attributes in process `syz.3.2904'. [ 255.321027][ T5851] usb 2-1: Using ep0 maxpacket: 32 [ 255.323155][T12607] unsupported nla_type 58 [ 255.329905][ T5851] usb 2-1: config 0 has an invalid interface number: 126 but max is 0 [ 255.343283][ T5851] usb 2-1: config 0 has no interface number 0 [ 255.350207][ T5851] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 255.364047][ T5851] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8 [ 255.374783][ T5851] usb 2-1: config 0 interface 126 has no altsetting 0 [ 255.386878][ T5851] usb 2-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 255.416923][ T5851] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.440495][ T5851] usb 2-1: Product: syz [ 255.444700][ T5851] usb 2-1: Manufacturer: syz [ 255.460756][ T5851] usb 2-1: SerialNumber: syz [ 255.468871][ T5851] usb 2-1: config 0 descriptor?? [ 255.475898][T12597] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 255.487512][T12597] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 255.648862][ T30] audit: type=1400 audit(1758287067.741:898): avc: denied { map } for pid=12622 comm="syz.3.2912" path="socket:[40775]" dev="sockfs" ino=40775 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 255.671952][ C0] vkms_vblank_simulate: vblank timer overrun [ 255.728124][ T30] audit: type=1400 audit(1758287067.761:899): avc: denied { read accept } for pid=12622 comm="syz.3.2912" path="socket:[40775]" dev="sockfs" ino=40775 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 255.920548][ T5851] ir_usb 2-1:0.126: IR Dongle converter detected [ 256.121505][T12597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 256.130543][T12597] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 256.145455][ T5851] usb 2-1: IR Dongle converter now attached to ttyUSB0 [ 256.238219][ T30] audit: type=1400 audit(1758287068.332:900): avc: denied { mount } for pid=12652 comm="syz.0.2926" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 256.262836][ T5927] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 256.376916][ T5936] usb 2-1: USB disconnect, device number 37 [ 256.398119][ T5936] ir-usb ttyUSB0: IR Dongle converter now disconnected from ttyUSB0 [ 256.411484][ T5936] ir_usb 2-1:0.126: device disconnected [ 256.437770][ T5927] usb 5-1: Using ep0 maxpacket: 32 [ 256.454808][ T5927] usb 5-1: unable to get BOS descriptor or descriptor too short [ 256.464236][ T5927] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 256.477116][ T5927] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 256.486449][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.495726][ T5927] usb 5-1: Product: syz [ 256.509945][ T5927] usb 5-1: Manufacturer: syz [ 256.514590][ T5927] usb 5-1: SerialNumber: syz [ 256.549231][T12659] 9pnet_fd: Insufficient options for proto=fd [ 256.749002][ T5927] usb 5-1: Limiting number of CPorts to U8_MAX [ 256.774760][ T5927] usb 5-1: Not enough endpoints found in device, aborting! [ 256.973005][T12643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 256.986514][T12643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 256.998904][ T5927] usb 5-1: USB disconnect, device number 45 [ 257.064899][T12691] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2942'. [ 257.074103][T12691] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 257.625798][T12718] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2955'. [ 257.747089][ T5927] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 257.767890][T12723] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2956'. [ 257.801854][T12725] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2958'. [ 257.907134][ T5927] usb 2-1: Using ep0 maxpacket: 32 [ 257.914127][ T5927] usb 2-1: config 0 interface 0 has no altsetting 0 [ 257.929321][ T5927] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 257.938730][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.946924][ T5927] usb 2-1: Product: syz [ 257.951240][ T5927] usb 2-1: Manufacturer: syz [ 257.955846][ T5927] usb 2-1: SerialNumber: syz [ 257.971315][ T5927] usb 2-1: config 0 descriptor?? [ 258.148785][ T30] audit: type=1400 audit(1758287070.232:901): avc: denied { create } for pid=12737 comm="syz.0.2964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 258.168596][ C0] vkms_vblank_simulate: vblank timer overrun [ 258.201453][ T30] audit: type=1400 audit(1758287070.242:902): avc: denied { sys_admin } for pid=12737 comm="syz.0.2964" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 258.302477][ T30] audit: type=1400 audit(1758287070.393:903): avc: denied { associate } for pid=12741 comm="syz.0.2964" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 258.426327][ T5927] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 258.797961][ T30] audit: type=1400 audit(1758287070.893:904): avc: denied { getopt } for pid=12755 comm="syz.0.2971" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 258.826397][ T5906] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 258.836556][ T5927] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 258.907338][ T5927] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22 [ 258.989710][ T5906] usb 3-1: Using ep0 maxpacket: 32 [ 258.999389][ T5906] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 259.010654][ T5906] usb 3-1: config 0 has no interface number 0 [ 259.020804][ T5906] usb 3-1: config 0 interface 184 has no altsetting 0 [ 259.038365][ T5906] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 259.050399][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.054640][T12762] loop7: detected capacity change from 0 to 7 [ 259.067241][ T5927] usb 2-1: USB disconnect, device number 38 [ 259.068528][ T5906] usb 3-1: Product: syz [ 259.084638][ T5906] usb 3-1: Manufacturer: syz [ 259.102391][ T5906] usb 3-1: SerialNumber: syz [ 259.153909][ T5906] usb 3-1: config 0 descriptor?? [ 259.178851][ T5906] smsc75xx v1.0.0 [ 259.185168][T12762] Dev loop7: unable to read RDB block 7 [ 259.196308][T12762] loop7: unable to read partition table [ 259.202372][T12762] loop7: partition table beyond EOD, truncated [ 259.209207][T12762] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 259.579632][T12770] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2977'. [ 259.691003][ T30] audit: type=1400 audit(1758287071.783:905): avc: denied { connect } for pid=12775 comm="syz.0.2980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 259.802140][ T5906] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 259.813326][ T5906] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 260.046895][ T5906] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 260.066834][ T5906] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 260.079176][ T5906] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 260.096198][ T5906] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 260.120966][ T5906] usb 3-1: USB disconnect, device number 44 [ 260.162621][ C0] vxcan1: j1939_tp_rxtimer: 0xffff88803565e400: rx timeout, send abort [ 260.174905][ C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff88803565e400: 0x1f000: (3) A timeout occurred and this is the connection abort to close the session. [ 260.461769][T12809] syzkaller1: entered promiscuous mode [ 260.475708][T12809] syzkaller1: entered allmulticast mode [ 261.056654][T12831] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3006'. [ 261.090512][T12830] 9pnet_fd: Insufficient options for proto=fd [ 261.153398][T12831] bond_slave_0: entered promiscuous mode [ 261.159928][T12831] bond_slave_1: entered promiscuous mode [ 261.224352][T12831] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 261.447561][T12846] netlink: 5 bytes leftover after parsing attributes in process `syz.1.3011'. [ 261.478915][T12849] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3013'. [ 261.488486][T12849] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3013'. [ 261.558396][ T30] audit: type=1400 audit(1758287073.654:906): avc: denied { read } for pid=12855 comm="syz.2.3017" path="socket:[42329]" dev="sockfs" ino=42329 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 261.650907][T12858] netlink: 'syz.2.3019': attribute type 1 has an invalid length. [ 261.713921][ T30] audit: type=1400 audit(1758287073.804:907): avc: denied { lock } for pid=12863 comm="syz.3.3021" path="socket:[42355]" dev="sockfs" ino=42355 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 261.737908][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.779499][T12867] sctp: [Deprecated]: syz.4.3020 (pid 12867) Use of struct sctp_assoc_value in delayed_ack socket option. [ 261.779499][T12867] Use struct sctp_sack_info instead [ 262.379563][T12893] fuse: Bad value for 'fd' [ 262.561444][ T30] audit: type=1400 audit(1758287074.645:908): avc: denied { connect } for pid=12901 comm="syz.4.3038" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 262.611866][ T30] audit: type=1400 audit(1758287074.685:909): avc: denied { write } for pid=12903 comm="syz.3.3039" path="socket:[42485]" dev="sockfs" ino=42485 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 262.635532][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.747112][T12911] bridge0: port 3(vlan0) entered blocking state [ 262.762889][T12911] bridge0: port 3(vlan0) entered disabled state [ 262.771213][T12911] vlan0: entered allmulticast mode [ 262.779728][T12911] dummy0: entered allmulticast mode [ 262.792643][T12911] vlan0: entered promiscuous mode [ 262.836297][T12911] dummy0: entered promiscuous mode [ 263.617337][T12953] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3061'. [ 264.036359][ T30] audit: type=1400 audit(1758287076.125:910): avc: denied { mounton } for pid=12979 comm="syz.1.3074" path="/589/file0" dev="hugetlbfs" ino=42610 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=dir permissive=1 [ 264.059805][ T5906] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 264.084485][ T5927] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 264.219299][ T5906] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 264.236434][ T5927] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 264.249145][ T5906] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 264.255884][ T5927] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 264.265591][ T5906] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 264.278251][ T5927] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 264.279780][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.294992][ T5927] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 264.299846][T12966] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 264.318665][ T5906] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 264.347270][ T5927] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 264.366645][ T5927] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 264.385972][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 264.398380][ T5927] usb 5-1: Product: syz [ 264.398757][T12996] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3080'. [ 264.402584][ T5927] usb 5-1: Manufacturer: syz [ 264.419632][ T5927] cdc_wdm 5-1:1.0: skipping garbage [ 264.433635][ T5927] cdc_wdm 5-1:1.0: skipping garbage [ 264.448939][ T5927] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 264.455231][ T5927] cdc_wdm 5-1:1.0: Unknown control protocol [ 264.549843][ T30] audit: type=1400 audit(1758287076.626:911): avc: denied { mount } for pid=13001 comm="syz.0.3083" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 264.566646][ T5906] usb 4-1: USB disconnect, device number 40 [ 264.965353][ T5927] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 265.133569][ T5927] usb 3-1: Using ep0 maxpacket: 32 [ 265.167821][ T5927] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 265.185433][ T5927] usb 3-1: config 0 has no interface number 0 [ 265.197114][ T5927] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 265.207166][ T5927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.223599][ T5927] usb 3-1: Product: syz [ 265.232856][ T5927] usb 3-1: Manufacturer: syz [ 265.239299][ T5906] IPVS: starting estimator thread 0... [ 265.248414][ T5927] usb 3-1: SerialNumber: syz [ 265.268442][ T5927] usb 3-1: config 0 descriptor?? [ 265.289028][ T5927] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 265.335854][T13024] IPVS: using max 44 ests per chain, 105600 per kthread [ 265.514874][ T5927] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 265.532271][ T5927] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 265.715467][ T30] audit: type=1326 audit(1758287077.806:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13038 comm="syz.3.3097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 265.802940][ T30] audit: type=1326 audit(1758287077.836:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13038 comm="syz.3.3097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 265.870958][ T30] audit: type=1326 audit(1758287077.836:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13038 comm="syz.3.3097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 265.899450][ T30] audit: type=1326 audit(1758287077.836:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13038 comm="syz.3.3097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 265.928163][ T30] audit: type=1326 audit(1758287077.836:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13038 comm="syz.3.3097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 265.960574][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 265.970544][ T5927] usb 3-1: USB disconnect, device number 45 [ 265.981189][ T5927] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 265.993527][ T30] audit: type=1326 audit(1758287077.836:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13038 comm="syz.3.3097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 266.024807][ T5927] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 266.037093][ T5927] quatech2 3-1:0.51: device disconnected [ 266.047777][ T30] audit: type=1326 audit(1758287077.836:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13038 comm="syz.3.3097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 266.135002][ T30] audit: type=1326 audit(1758287077.846:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13038 comm="syz.3.3097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 266.478373][T13065] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3109'. [ 266.668162][ T5927] kernel read not supported for file /input/event1 (pid: 5927 comm: kworker/1:5) [ 266.860288][ T5906] usb 5-1: USB disconnect, device number 46 [ 267.190442][T13104] loop6: detected capacity change from 0 to 2560 [ 267.213373][T13104] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.221720][T13104] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.232362][T13104] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.241599][T13104] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.249713][T13104] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.257949][T13104] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.294824][T13104] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.314642][T13104] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.327729][T13104] ldm_validate_partition_table(): Disk read failed. [ 267.339683][T13104] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.351376][T13104] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.363326][T13104] Dev loop6: unable to read RDB block 0 [ 267.373334][T13104] loop6: unable to read partition table [ 267.381772][T13104] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 267.388214][T13107] 9pnet_fd: Insufficient options for proto=fd [ 267.925121][ T5851] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 268.093992][ T5851] usb 3-1: Using ep0 maxpacket: 8 [ 268.106762][ T5851] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 268.124780][ T5851] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.133210][ T5927] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 268.146561][ T5851] usb 3-1: Product: syz [ 268.150791][ T5851] usb 3-1: Manufacturer: syz [ 268.158035][ T5851] usb 3-1: SerialNumber: syz [ 268.167915][ T5851] usb 3-1: config 0 descriptor?? [ 268.177183][ T5851] gspca_main: sq930x-2.14.0 probing 2770:930c [ 268.302517][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 268.324025][ T5927] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 268.338618][T13149] bridge: RTM_NEWNEIGH with unconfigured vlan 116 on bridge_slave_0 [ 268.338665][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.359171][ T5927] usb 2-1: config 0 descriptor?? [ 268.371391][T13144] syz.0.3143 (13144) used greatest stack depth: 17976 bytes left [ 268.779697][ T5927] pyra 0003:1E7D:2CF6.0030: item fetching failed at offset 0/3 [ 268.789311][ T5927] pyra 0003:1E7D:2CF6.0030: parse failed [ 268.798209][ T5927] pyra 0003:1E7D:2CF6.0030: probe with driver pyra failed with error -22 [ 269.018799][ T5927] usb 2-1: USB disconnect, device number 39 [ 269.241414][ T5851] gspca_sq930x: reg_w 0105 0f00 failed -71 [ 269.251531][ T5851] sq930x 3-1:0.0: probe with driver sq930x failed with error -71 [ 269.277518][ T5851] usb 3-1: USB disconnect, device number 46 [ 269.469008][T13201] syz_tun: entered promiscuous mode [ 269.480330][T13201] syz_tun: left promiscuous mode [ 269.503253][T13203] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 269.659492][T13209] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 269.798569][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 269.798592][ T30] audit: type=1400 audit(1758287081.888:926): avc: denied { mounton } for pid=13218 comm="syz.2.3178" path="/676/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 269.999189][T13228] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 270.005845][T13228] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 270.018420][T13228] vhci_hcd vhci_hcd.0: Device attached [ 270.192849][T13229] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 0 [ 270.250764][ T5851] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 270.261166][ T6211] vhci_hcd: stop threads [ 270.265542][ T6211] vhci_hcd: release socket [ 270.295340][ T6211] vhci_hcd: disconnect device [ 270.408608][ T30] audit: type=1400 audit(1758287082.499:927): avc: denied { mount } for pid=13239 comm="syz.3.3184" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 270.462498][ T30] audit: type=1400 audit(1758287082.559:928): avc: denied { unmount } for pid=5847 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 271.000458][ T5927] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 271.140330][ T5905] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 271.152202][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 271.162406][ T5927] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 271.175669][ T5927] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 271.184912][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.194877][ T5927] usb 2-1: config 0 descriptor?? [ 271.293701][ T5905] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 271.305696][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.320949][ T5905] usb 3-1: config 0 descriptor?? [ 271.329180][ T5905] cp210x 3-1:0.0: cp210x converter detected [ 271.632896][ T5927] kovaplus 0003:1E7D:2D50.0031: unknown main item tag 0x0 [ 271.650000][ T5927] kovaplus 0003:1E7D:2D50.0031: unknown main item tag 0x0 [ 271.657264][ T5927] kovaplus 0003:1E7D:2D50.0031: unknown main item tag 0x0 [ 271.693223][ T5927] kovaplus 0003:1E7D:2D50.0031: unknown main item tag 0x0 [ 271.710336][ T5927] kovaplus 0003:1E7D:2D50.0031: unknown main item tag 0x0 [ 271.732322][ T5927] kovaplus 0003:1E7D:2D50.0031: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0 [ 271.732625][ T5905] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 271.893561][ T30] audit: type=1400 audit(1758287083.989:929): avc: denied { bind } for pid=13277 comm="syz.3.3202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 271.923754][ T30] audit: type=1400 audit(1758287084.019:930): avc: denied { listen } for pid=13277 comm="syz.3.3202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 271.990297][ T5905] usb 3-1: cp210x converter now attached to ttyUSB0 [ 272.063040][ T5927] kovaplus 0003:1E7D:2D50.0031: couldn't init struct kovaplus_device [ 272.072907][ T5927] kovaplus 0003:1E7D:2D50.0031: couldn't install mouse [ 272.082027][ T5927] kovaplus 0003:1E7D:2D50.0031: probe with driver kovaplus failed with error -71 [ 272.110298][ T5927] usb 2-1: USB disconnect, device number 40 [ 272.182301][ T5905] usb 3-1: USB disconnect, device number 47 [ 272.203012][ T5905] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 272.220559][ T5905] cp210x 3-1:0.0: device disconnected [ 272.532474][T13298] hsr0: entered promiscuous mode [ 272.559816][T13298] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3210'. [ 272.596263][T13298] hsr_slave_0: left promiscuous mode [ 272.624468][T13298] hsr_slave_1: left promiscuous mode [ 272.674913][T13298] hsr0 (unregistering): left promiscuous mode [ 272.886267][T13311] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3216'. [ 272.953987][T13313] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3217'. [ 273.609450][ T5927] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 273.779160][ T5927] usb 5-1: Using ep0 maxpacket: 8 [ 273.796722][ T5927] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 273.825541][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.877910][ T5927] pvrusb2: Hardware description: Terratec Grabster AV400 [ 273.957124][ T5927] pvrusb2: ********** [ 273.971402][ T5927] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 274.002174][ T5927] pvrusb2: Important functionality might not be entirely working. [ 274.029099][ T5927] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 274.054101][ T5927] pvrusb2: ********** [ 274.060682][T13358] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3234'. [ 274.097634][ T2335] pvrusb2: Invalid write control endpoint [ 274.226778][ T2335] pvrusb2: Invalid write control endpoint [ 274.249525][ T2335] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 274.274385][ T2335] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 274.288750][ T2335] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 274.334341][ T2335] pvrusb2: Device being rendered inoperable [ 274.335453][ T5905] usb 5-1: USB disconnect, device number 47 [ 274.340607][ T2335] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 274.403712][ T2335] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 274.433688][ T2335] pvrusb2: Attached sub-driver cx25840 [ 274.442468][ T2335] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 274.455563][ T2335] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 274.558953][ T5906] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 274.721024][ T5906] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.749989][ T5906] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 274.760569][ T5906] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 12288, setting to 1024 [ 274.771888][ T5906] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 274.852240][ T5906] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 274.872657][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.886956][ T5906] usb 4-1: Product: syz [ 274.891918][ T5906] usb 4-1: Manufacturer: syz [ 274.896575][ T5906] usb 4-1: SerialNumber: syz [ 274.930182][ T5906] cdc_mbim 4-1:1.0: skipping garbage [ 275.084546][ T30] audit: type=1400 audit(1758287087.181:931): avc: denied { setopt } for pid=13415 comm="syz.0.3262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 275.105049][ C1] vkms_vblank_simulate: vblank timer overrun [ 275.142969][T13372] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 275.145625][T13419] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 275.145625][T13419] The task syz.1.3261 (13419) triggered the difference, watch for misbehavior. [ 275.348183][ T5851] vhci_hcd: vhci_device speed not set [ 275.780751][T13372] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 275.809311][ T5906] cdc_mbim 4-1:1.0: setting tx_max = 48 [ 275.823170][ T5906] cdc_mbim 4-1:1.0: cdc-wdm0: USB WDM device [ 275.950030][ T5906] wwan wwan0: port wwan0mbim0 attached [ 275.984637][ T5906] cdc_mbim 4-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 0e:93:09:1a:f8:15 [ 276.086952][ T5906] usb 4-1: USB disconnect, device number 41 [ 276.105717][ T5906] cdc_mbim 4-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM [ 276.216849][T13443] netlink: 360 bytes leftover after parsing attributes in process `syz.2.3275'. [ 276.250250][ T5906] wwan wwan0: port wwan0mbim0 disconnected [ 276.334106][T13444] : entered promiscuous mode [ 276.567567][T13455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3280'. [ 276.637918][ T5905] usb 3-1: new full-speed USB device number 48 using dummy_hcd [ 276.839856][ T5905] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 276.864653][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.889829][ T5905] usb 3-1: Product: syz [ 276.894132][ T5905] usb 3-1: Manufacturer: syz [ 276.907461][ T5905] usb 3-1: SerialNumber: syz [ 276.918244][ T5905] usb 3-1: config 0 descriptor?? [ 277.960043][ T5905] dm9601 3-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 277.990041][ T5905] dm9601 3-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.2-1, Davicom DM96xx USB 10/100 Ethernet, 7e:a1:8a:d2:7b:3e [ 278.011328][ T5905] usb 3-1: USB disconnect, device number 48 [ 278.019499][ T5905] dm9601 3-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.2-1, Davicom DM96xx USB 10/100 Ethernet [ 278.099880][ T5851] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 278.256697][ T5851] usb 4-1: Using ep0 maxpacket: 16 [ 278.269198][ T5851] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 278.285992][ T5851] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 278.299613][ T5851] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.315228][ T5851] usb 4-1: config 0 descriptor?? [ 278.316147][T13533] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 278.662583][T13549] netlink: 'syz.0.3323': attribute type 1 has an invalid length. [ 278.673868][T13549] netlink: 'syz.0.3323': attribute type 6 has an invalid length. [ 278.726554][T13549] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3323'. [ 278.769063][ T5851] mcp2221 0003:04D8:00DD.0032: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 279.214532][ T5851] usb 4-1: USB disconnect, device number 42 [ 279.378517][T13575] block nbd1: NBD_DISCONNECT [ 279.402925][T13575] block nbd1: Send disconnect failed -107 [ 279.420955][T13573] block nbd1: Disconnected due to user request. [ 279.427661][T13573] block nbd1: shutting down sockets [ 279.656270][ T5906] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 279.836266][ T5906] usb 3-1: Using ep0 maxpacket: 32 [ 279.858279][ T5906] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40 [ 279.875957][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.895149][ T5906] usb 3-1: config 0 descriptor?? [ 280.113988][ T5906] dvb-usb: found a 'Elgato EyeTV DTT' in warm state. [ 280.134042][ T5906] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 280.149515][ T5906] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT) [ 280.175791][ T5906] usb 3-1: media controller created [ 280.196676][ T5906] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 280.261879][ T5906] DVB: Unable to find symbol dib7000p_attach() [ 280.273835][ T5906] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT' [ 280.275109][ T30] audit: type=1326 audit(1758287092.374:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13615 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4bd512ae09 code=0x7ffc0000 [ 280.304790][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.400118][ T30] audit: type=1326 audit(1758287092.374:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13615 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4bd512ae09 code=0x7ffc0000 [ 280.424357][ T5906] rc_core: IR keymap rc-dib0700-rc5 not found [ 280.435320][ T5906] Registered IR keymap rc-empty [ 280.445078][ T30] audit: type=1326 audit(1758287092.374:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13615 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bd518ec29 code=0x7ffc0000 [ 280.474618][ T5906] dvb-usb: could not initialize remote control. [ 280.476941][ T30] audit: type=1326 audit(1758287092.374:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13615 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4bd512ae09 code=0x7ffc0000 [ 280.481215][ T5906] dvb-usb: Elgato EyeTV DTT successfully initialized and connected. [ 280.504412][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.507645][ T30] audit: type=1326 audit(1758287092.374:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13615 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bd518ec29 code=0x7ffc0000 [ 280.542213][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.608286][ T5906] usb 3-1: USB disconnect, device number 49 [ 280.623177][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.650865][ T30] audit: type=1326 audit(1758287092.374:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13615 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bd518ec29 code=0x7ffc0000 [ 280.674387][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.683648][ T30] audit: type=1326 audit(1758287092.374:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13615 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4bd512ae09 code=0x7ffc0000 [ 280.707079][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.798487][ T30] audit: type=1326 audit(1758287092.374:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13615 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bd518ec29 code=0x7ffc0000 [ 280.823271][ T5906] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected. [ 280.837136][ T30] audit: type=1326 audit(1758287092.374:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13615 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4bd512ae09 code=0x7ffc0000 [ 280.865455][ T30] audit: type=1326 audit(1758287092.374:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13615 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bd518ec29 code=0x7ffc0000 [ 281.190938][T13627] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993 [ 283.104414][ T5905] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 283.262422][ T5905] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 283.311099][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 283.325656][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 283.340619][ T5905] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 283.366030][ T5905] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 283.376937][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.410374][ T5905] usb 5-1: config 0 descriptor?? [ 283.417634][T13695] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 283.600756][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 283.617710][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 283.633617][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 283.642286][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 283.650324][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 283.689883][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 283.701048][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 283.721173][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 283.738741][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 283.750661][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 283.796392][ T5906] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 283.857173][ T5905] plantronics 0003:047F:FFFF.0033: reserved main item tag 0xd [ 283.924946][ T5905] plantronics 0003:047F:FFFF.0033: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 283.965753][ T5906] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 283.986728][ T5906] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 283.999689][ T5906] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 284.012192][ T5906] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 284.022138][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.030927][ T5906] usb 2-1: Product: syz [ 284.037099][ T5906] usb 2-1: Manufacturer: syz [ 284.041870][ T5906] usb 2-1: SerialNumber: syz [ 284.055202][ T5906] usb 2-1: config 0 descriptor?? [ 284.067327][T13713] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 284.085213][T13713] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 284.094630][ T5906] usb 2-1: ucan: probing device on interface #0 [ 284.146547][ T5905] usb 5-1: USB disconnect, device number 48 [ 284.387236][T13714] chnl_net:caif_netlink_parms(): no params data found [ 284.774292][ T5906] ucan 2-1:0.0 can0: registered device [ 284.787622][T13714] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.832357][T13714] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.860831][T13714] bridge_slave_0: entered allmulticast mode [ 284.892013][T13714] bridge_slave_0: entered promiscuous mode [ 284.928100][T13714] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.938698][T13714] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.943699][ T5906] ucan 2-1:0.0 can0: firmware string: [ 284.953967][T13714] bridge_slave_1: entered allmulticast mode [ 284.961929][T13714] bridge_slave_1: entered promiscuous mode [ 285.115691][ T5851] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 285.182474][ T5927] usb 2-1: USB disconnect, device number 41 [ 285.197414][T13714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.241869][T13714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 285.287182][ T5851] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 285.300305][ T5851] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.315717][ T30] kauditd_printk_skb: 259 callbacks suppressed [ 285.315740][ T30] audit: type=1400 audit(1758287097.416:1201): avc: denied { create } for pid=13754 comm="syz.4.3412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 285.316007][ T5851] usb 4-1: config 0 descriptor?? [ 285.358578][ T5851] cp210x 4-1:0.0: cp210x converter detected [ 285.368291][T13714] team0: Port device team_slave_0 added [ 285.382053][T13714] team0: Port device team_slave_1 added [ 285.429399][T13714] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.437881][T13714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.465133][T13714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.483855][T13714] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.490940][T13714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.517430][T13714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.571494][T13714] hsr_slave_0: entered promiscuous mode [ 285.582214][T13714] hsr_slave_1: entered promiscuous mode [ 285.589723][T13714] debugfs: 'hsr0' already exists in 'hsr' [ 285.596812][T13714] Cannot create hsr debugfs directory [ 285.777339][ T5851] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 285.795728][ T5851] usb 4-1: cp210x converter now attached to ttyUSB0 [ 285.836487][ T5848] Bluetooth: hci3: command tx timeout [ 286.029383][T13714] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 286.058068][ T5906] usb 4-1: USB disconnect, device number 43 [ 286.066586][T13714] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 286.076368][ T5906] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 286.088699][ T5906] cp210x 4-1:0.0: device disconnected [ 286.161201][T13714] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 286.202408][T13714] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 286.301504][T13784] could not open pipe file descriptor [ 286.565603][T13714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 286.676554][T13714] 8021q: adding VLAN 0 to HW filter on device team0 [ 286.767266][ T6203] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.774666][ T6203] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.790655][ T30] audit: type=1326 audit(1758287098.887:1202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13788 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 286.844552][ T6228] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.856470][ T6228] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.904798][ T30] audit: type=1326 audit(1758287098.927:1203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13788 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 286.962056][T13770] warn_alloc: 3 callbacks suppressed [ 286.962086][T13770] syz.4.3418: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset= [ 286.999586][ T30] audit: type=1326 audit(1758287098.937:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13788 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 287.069498][T13770] /,mems_allowed=0-1 [ 287.074000][T13770] CPU: 0 UID: 0 PID: 13770 Comm: syz.4.3418 Not tainted syzkaller #0 PREEMPT(full) [ 287.074044][T13770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 287.074056][T13770] Call Trace: [ 287.074063][T13770] [ 287.074071][T13770] dump_stack_lvl+0x16c/0x1f0 [ 287.074112][T13770] warn_alloc+0x248/0x3a0 [ 287.074136][T13770] ? __pfx_warn_alloc+0x10/0x10 [ 287.074163][T13770] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 287.074194][T13770] ? __vmalloc_node_noprof+0xad/0xf0 [ 287.074225][T13770] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 287.074257][T13770] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 287.074287][T13770] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 287.074324][T13770] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 287.074353][T13770] vmalloc_user_noprof+0x9e/0xe0 [ 287.074381][T13770] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 287.074408][T13770] vb2_vmalloc_alloc+0x135/0x3f0 [ 287.074434][T13770] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 287.074460][T13770] __vb2_queue_alloc+0x8c9/0x1280 [ 287.074509][T13770] vb2_core_reqbufs+0xa90/0xfe0 [ 287.074518][ T30] audit: type=1326 audit(1758287098.937:1205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13788 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 287.074553][T13770] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 287.074589][T13770] ? __pfx___might_resched+0x10/0x10 [ 287.074630][T13770] ? __mutex_lock+0x1c5/0x1060 [ 287.074664][T13770] ? avc_has_extended_perms+0x47c/0x1090 [ 287.074698][T13770] vb2_reqbufs+0x1a3/0x1f0 [ 287.074739][T13770] ? __pfx_vb2_reqbufs+0x10/0x10 [ 287.074765][T13770] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 287.074792][T13770] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 287.074826][T13770] v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0 [ 287.074874][T13770] v4l_reqbufs+0x152/0x1e0 [ 287.074901][T13770] __video_do_ioctl+0xb40/0xfc0 [ 287.074935][T13770] ? __might_fault+0xe3/0x190 [ 287.074958][T13770] ? __pfx___video_do_ioctl+0x10/0x10 [ 287.074997][T13770] video_usercopy+0x4d0/0x1720 [ 287.075027][T13770] ? __pfx___video_do_ioctl+0x10/0x10 [ 287.075052][T13770] ? selinux_kernel_read_file+0x60/0x130 [ 287.075087][T13770] ? __pfx_video_usercopy+0x10/0x10 [ 287.075136][T13770] v4l2_ioctl+0x1bd/0x250 [ 287.075163][T13770] ? __pfx_v4l2_ioctl+0x10/0x10 [ 287.075190][T13770] __x64_sys_ioctl+0x18e/0x210 [ 287.075229][T13770] do_syscall_64+0xcd/0x4e0 [ 287.075263][T13770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.075289][T13770] RIP: 0033:0x7fb53af8ec29 [ 287.075313][T13770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.075335][T13770] RSP: 002b:00007fb53be14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 287.075360][T13770] RAX: ffffffffffffffda RBX: 00007fb53b1d5fa0 RCX: 00007fb53af8ec29 [ 287.075375][T13770] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000003 [ 287.075388][T13770] RBP: 00007fb53b011e41 R08: 0000000000000000 R09: 0000000000000000 [ 287.075401][T13770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 287.075415][T13770] R13: 00007fb53b1d6038 R14: 00007fb53b1d5fa0 R15: 00007ffd39ac6cf8 [ 287.075472][T13770] [ 287.075954][T13770] Mem-Info: [ 287.113912][ T30] audit: type=1326 audit(1758287098.937:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13788 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 287.134544][T13770] active_anon:5278 inactive_anon:2 isolated_anon:0 [ 287.134544][T13770] active_file:6790 inactive_file:53498 isolated_file:0 [ 287.134544][T13770] unevictable:11035 dirty:443 writeback:0 [ 287.134544][T13770] slab_reclaimable:10813 slab_unreclaimable:102896 [ 287.134544][T13770] mapped:29507 shmem:1358 pagetables:1408 [ 287.134544][T13770] sec_pagetables:0 bounce:0 [ 287.134544][T13770] kernel_misc_reclaimable:0 [ 287.134544][T13770] free:1237699 free_pcp:21578 free_cma:0 [ 287.151335][ T30] audit: type=1326 audit(1758287098.947:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13788 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 287.213427][T13770] Node 0 active_anon:21212kB inactive_anon:8kB active_file:27108kB inactive_file:213788kB unevictable:42604kB isolated(anon):0kB isolated(file):0kB mapped:117972kB dirty:1764kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13696kB pagetables:5396kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 287.225545][ T30] audit: type=1326 audit(1758287098.947:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13788 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 287.439511][T13770] Node 1 active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:56kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 287.577885][ T30] audit: type=1326 audit(1758287098.947:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13788 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 287.649629][ T30] audit: type=1326 audit(1758287098.947:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13788 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f577c58ec29 code=0x7ffc0000 [ 287.678900][T13770] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 287.729043][T13770] lowmem_reserve[]: 0 2479 2481 2481 2481 [ 287.739948][T13770] Node 0 DMA32 free:1052676kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:21400kB inactive_anon:8kB active_file:27108kB inactive_file:212464kB unevictable:42516kB writepending:1768kB present:3129332kB managed:2539316kB mlocked:8kB bounce:0kB free_pcp:61216kB local_pcp:44092kB free_cma:0kB [ 287.925856][ T5848] Bluetooth: hci3: command tx timeout [ 288.042133][T13770] lowmem_reserve[]: 0 0 1 1 1 [ 288.050263][T13770] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:4kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB [ 288.180917][T13770] lowmem_reserve[]: 0 0 0 0 0 [ 288.228355][T13770] Node 1 Normal free:3887884kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:204kB unevictable:1536kB writepending:8kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19840kB local_pcp:9408kB free_cma:0kB [ 288.263598][T13714] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.309838][T13770] lowmem_reserve[]: 0 0 0 0 0 [ 288.339928][T13770] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 288.364240][T13814] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3430'. [ 288.427457][T13770] Node 0 DMA32: 1312*4kB (UME) 763*8kB (UME) 529*16kB (UME) 351*32kB (UME) 224*64kB (UME) 128*128kB (UME) 99*256kB (UME) 37*512kB (M) 20*1024kB (M) 7*2048kB (UME) 224*4096kB (M) = 1058376kB [ 288.513531][T13770] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 288.564549][T13770] Node 1 Normal: 223*4kB (UME) 54*8kB (UE) 40*16kB (UE) 147*32kB (UE) 46*64kB (UME) 11*128kB (UME) 4*256kB (UM) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 945*4096kB (M) = 3887884kB [ 288.671136][T13770] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 288.709845][T13770] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 288.788528][T13770] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 288.857496][T13770] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 288.897870][T13770] 71887 total pagecache pages [ 288.911940][T13770] 2 pages in swap cache [ 288.929149][T13770] Free swap = 124988kB [ 288.943214][T13770] Total swap = 124996kB [ 288.953246][T13770] 2097051 pages RAM [ 288.965442][T13770] 0 pages HighMem/MovableOnly [ 288.985903][T13770] 430260 pages reserved [ 289.012088][T13770] 0 pages cma reserved [ 289.353964][T13714] veth0_vlan: entered promiscuous mode [ 289.419029][T13714] veth1_vlan: entered promiscuous mode [ 289.558074][T13714] veth0_macvtap: entered promiscuous mode [ 289.595797][T13714] veth1_macvtap: entered promiscuous mode [ 289.666916][T13714] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 289.715518][T13714] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 289.791881][ T6203] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.833092][ T6203] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.868553][ T6203] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.915731][ T6203] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.991394][ T5848] Bluetooth: hci3: command tx timeout [ 290.404320][ T6203] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 290.416890][ T6203] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 290.417590][ T6211] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 290.460889][ T6211] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 290.500951][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 290.500990][ T30] audit: type=1400 audit(1758287102.599:1217): avc: denied { mounton } for pid=13714 comm="syz-executor" path="/root/syzkaller.cllivh/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 290.631109][ T30] audit: type=1400 audit(1758287102.639:1218): avc: denied { mounton } for pid=13714 comm="syz-executor" path="/root/syzkaller.cllivh/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 290.722537][ T30] audit: type=1400 audit(1758287102.639:1219): avc: denied { mounton } for pid=13714 comm="syz-executor" path="/root/syzkaller.cllivh/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=45820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 290.810535][ T30] audit: type=1400 audit(1758287102.679:1220): avc: denied { mounton } for pid=13714 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 290.903582][ T30] audit: type=1400 audit(1758287102.679:1221): avc: denied { mounton } for pid=13714 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 291.130494][ T9] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 291.299381][ T9] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 291.314632][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.328515][ T9] usb 2-1: Product: syz [ 291.336851][ T9] usb 2-1: Manufacturer: syz [ 291.343306][ T9] usb 2-1: SerialNumber: syz [ 291.476599][ T30] audit: type=1400 audit(1758287103.569:1222): avc: denied { mounton } for pid=13867 comm="syz.5.3449" path="/proc/13/task" dev="proc" ino=46422 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 291.504936][ T30] audit: type=1400 audit(1758287103.579:1223): avc: denied { associate } for pid=13871 comm="syz.5.3449" name="core" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 292.072013][ T5848] Bluetooth: hci3: command tx timeout [ 292.099232][T13896] hsr0: entered allmulticast mode [ 292.118255][T13896] hsr_slave_0: entered allmulticast mode [ 292.137580][T13896] hsr_slave_1: entered allmulticast mode [ 292.175180][T13896] hsr_slave_0: left promiscuous mode [ 292.224140][T13896] hsr_slave_1: left promiscuous mode [ 292.305437][T13896] hsr0 (unregistering): left allmulticast mode [ 292.450802][ T9] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -EPROTO [ 292.466439][ T9] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 292.514443][ T9] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 292.553997][ T9] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 292.633549][ T9] usb 2-1: USB disconnect, device number 42 [ 292.793357][T13917] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3469'. [ 292.829434][T13917] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3469'. [ 292.843331][T13917] netlink: 'syz.0.3469': attribute type 20 has an invalid length. [ 292.871982][ T6239] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 292.882001][T13917] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3469'. [ 292.900122][ T6239] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 292.909329][T13917] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3469'. [ 292.918518][ T6239] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 292.927596][T13917] netlink: 'syz.0.3469': attribute type 20 has an invalid length. [ 292.937962][ T6228] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 292.949428][ T5984] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 293.119297][ T5984] usb 5-1: Using ep0 maxpacket: 8 [ 293.133676][ T5984] usb 5-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d [ 293.149243][ T5984] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.167810][ T5984] usb 5-1: Product: syz [ 293.177985][ T5984] usb 5-1: Manufacturer: syz [ 293.182800][ T5984] usb 5-1: SerialNumber: syz [ 293.201152][ T5984] usb 5-1: config 0 descriptor?? [ 293.218856][ T5984] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 293.519450][ T5927] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 293.689102][ T5927] usb 2-1: Using ep0 maxpacket: 8 [ 293.704055][ T5927] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 293.734723][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.754044][ T5927] usb 2-1: Product: syz [ 293.758362][ T5927] usb 2-1: Manufacturer: syz [ 293.788966][ T5927] usb 2-1: SerialNumber: syz [ 293.806789][ T5927] usb 2-1: config 0 descriptor?? [ 293.823234][ T5927] gspca_main: se401-2.14.0 probing 047d:5003 [ 294.230272][ T5927] gspca_se401: Frame size: 0x2 bayer [ 294.246258][ T5927] gspca_se401: Frame size: 0x127 bayer [ 294.258608][ T5927] gspca_se401: Frame size: 256x0 bayer [ 294.274559][ T5927] gspca_se401: Frame size: 0x0 1/16th janggu [ 294.372367][ T30] audit: type=1400 audit(1758287106.481:1224): avc: denied { bind } for pid=13950 comm="syz.3.3485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 294.421515][ T30] audit: type=1400 audit(1758287106.511:1225): avc: denied { listen } for pid=13950 comm="syz.3.3485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 294.436274][ T5927] input: se401 as /devices/platform/dummy_hcd.1/usb2/2-1/input/input51 [ 294.451912][ T5984] gspca_sonixj: reg_w1 err -71 [ 294.456846][ T5984] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 294.472350][ T30] audit: type=1400 audit(1758287106.521:1226): avc: denied { accept } for pid=13950 comm="syz.3.3485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 294.485945][ T5984] usb 5-1: USB disconnect, device number 49 [ 294.512379][ T5927] usb 2-1: USB disconnect, device number 43 [ 294.797999][T13958] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3487'. [ 295.217125][T13972] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3494'. [ 296.116751][ T30] audit: type=1400 audit(1758287108.221:1227): avc: denied { name_bind } for pid=13999 comm="syz.0.3506" path="socket:[46729]" dev="sockfs" ino=46729 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 296.797928][ T92] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 296.959532][ T92] usb 5-1: Using ep0 maxpacket: 16 [ 296.970383][ T92] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 296.997330][ T92] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 297.016498][ T92] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 297.034003][ T92] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 297.044397][ T92] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.061201][ T92] usb 5-1: config 0 descriptor?? [ 297.122694][T14026] syzkaller1: entered promiscuous mode [ 297.155868][T14026] syzkaller1: entered allmulticast mode [ 297.191837][T14026] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 324 [ 297.411189][T14031] SELinux: failed to load policy [ 297.491440][ T92] HID 045e:07da: Invalid code 65791 type 1 [ 297.517515][ T92] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0034/input/input52 [ 297.547961][ T92] microsoft 0003:045E:07DA.0034: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 297.747428][ T5984] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 297.763018][ T92] usb 5-1: USB disconnect, device number 50 [ 297.892238][T13892] Set syz1 is full, maxelem 65536 reached [ 297.907407][ T5984] usb 2-1: Using ep0 maxpacket: 16 [ 297.915754][ T5984] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 297.935227][ T5984] usb 2-1: config 0 has no interface number 0 [ 297.948312][ T5984] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 297.969349][ T5984] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.977600][ T5984] usb 2-1: Product: syz [ 297.987072][ T5984] usb 2-1: Manufacturer: syz [ 297.996760][ T5984] usb 2-1: SerialNumber: syz [ 298.006148][ T5984] usb 2-1: config 0 descriptor?? [ 298.020126][ T5984] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 298.054873][ T30] audit: type=1400 audit(1758287110.162:1228): avc: denied { audit_write } for pid=14043 comm="syz.3.3526" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 298.117181][T14046] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3527'. [ 298.126968][T14046] bridge: RTM_NEWNEIGH with invalid ether address [ 298.138562][T14046] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3527'. [ 298.143202][ T30] audit: type=1400 audit(1758287110.242:1229): avc: denied { watch watch_reads } for pid=14043 comm="syz.3.3526" path="/proc/1460/net/netfilter" dev="proc" ino=4026532899 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=dir permissive=1 [ 298.156609][T14046] bridge: RTM_NEWNEIGH with invalid ether address [ 298.662999][T14063] vxcan2: entered allmulticast mode [ 299.241566][ T5984] gspca_spca1528: reg_w err -71 [ 299.246906][ T5984] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71 [ 299.280961][ T5984] usb 2-1: USB disconnect, device number 44 [ 299.521670][T14098] use of bytesused == 0 is deprecated and will be removed in the future, [ 299.550759][T14098] use the actual size instead. [ 300.241480][T14133] 9pnet_fd: Insufficient options for proto=fd [ 300.392812][T14141] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3566'. [ 300.875863][ T9] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 301.056013][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.091211][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 301.144058][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 301.201837][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 301.240688][T14171] dvmrp0: entered allmulticast mode [ 301.247300][T14173] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3581'. [ 301.256878][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.286189][T14173] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3581'. [ 301.304232][ T9] usb 4-1: config 0 descriptor?? [ 301.315795][T14173] netlink: 'syz.4.3581': attribute type 12 has an invalid length. [ 301.334778][T14173] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3581'. [ 301.398092][T14173] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3581'. [ 301.424174][T14173] netlink: 'syz.4.3581': attribute type 12 has an invalid length. [ 301.753054][ T9] plantronics 0003:047F:FFFF.0035: reserved main item tag 0xd [ 301.843463][ T9] plantronics 0003:047F:FFFF.0035: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 301.995579][ T30] audit: type=1400 audit(1758287114.094:1230): avc: denied { write } for pid=14191 comm="syz.4.3591" path="socket:[47571]" dev="sockfs" ino=47571 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 302.030151][ T5927] usb 4-1: USB disconnect, device number 44 [ 302.101838][ T30] audit: type=1400 audit(1758287114.214:1231): avc: denied { read } for pid=14191 comm="syz.4.3591" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 302.258738][T14200] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 302.535005][ T6228] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.002024][ T6228] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.378982][ T6228] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.699776][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 303.726676][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 303.747192][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 303.763900][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 303.777398][ T6228] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.788336][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 304.271527][ T6228] bridge_slave_1: left allmulticast mode [ 304.307961][ T6228] bridge_slave_1: left promiscuous mode [ 304.362945][ T6228] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.443049][ T6228] bridge_slave_0: left allmulticast mode [ 304.449839][ T6228] bridge_slave_0: left promiscuous mode [ 304.503305][ T6228] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.989985][T14271] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 305.250856][T14280] netlink: 212 bytes leftover after parsing attributes in process `syz.4.3625'. [ 305.273538][T14280] openvswitch: netlink: Missing key (keys=40, expected=80) [ 305.641004][T14295] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3629'. [ 305.664577][T14295] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3629'. [ 305.925649][ T5858] Bluetooth: hci3: command tx timeout [ 306.021681][ T6228] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 306.037234][ T6228] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 306.052267][ T6228] bond0 (unregistering): Released all slaves [ 306.077335][T14225] chnl_net:caif_netlink_parms(): no params data found [ 306.112843][ T9] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 306.294103][T14302] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3632'. [ 306.303166][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 306.310467][ T9] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 306.332059][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 306.366490][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 306.404493][ T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 306.420750][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.464814][ T9] usb 4-1: Product: syz [ 306.469114][ T9] usb 4-1: Manufacturer: syz [ 306.486029][ T9] usb 4-1: SerialNumber: syz [ 306.523830][ T5936] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 306.694756][ T5936] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 306.713280][ T5936] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 306.725224][ T5936] usb 2-1: config 220 has an invalid descriptor of length 13, skipping remainder of the config [ 306.736228][ T5936] usb 2-1: config 220 has no interface number 2 [ 306.742785][ T5936] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 306.756188][ T5936] usb 2-1: config 220 interface 0 has no altsetting 0 [ 306.763460][ T5936] usb 2-1: config 220 interface 76 has no altsetting 0 [ 306.770484][ T5936] usb 2-1: config 220 interface 1 has no altsetting 0 [ 306.780698][ T5936] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 306.790642][ T5936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.798941][ T5936] usb 2-1: Product: syz [ 306.812394][ T5936] usb 2-1: Manufacturer: syz [ 306.817111][ T5936] usb 2-1: SerialNumber: syz [ 306.857397][T14225] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.867023][T14225] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.874560][T14225] bridge_slave_0: entered allmulticast mode [ 306.884551][T14225] bridge_slave_0: entered promiscuous mode [ 306.899021][ T6228] hsr_slave_0: left promiscuous mode [ 306.912928][ T6228] hsr_slave_1: left promiscuous mode [ 306.920023][ T6228] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 306.929015][ T9] usb 4-1: 0:2 : does not exist [ 306.931735][ T6228] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 306.947975][ T6228] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 306.956493][ T6228] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 307.046377][ T6228] veth1_macvtap: left promiscuous mode [ 307.048106][ T5936] usb 2-1: selecting invalid altsetting 0 [ 307.056752][ T6228] veth0_macvtap: left promiscuous mode [ 307.069177][ T6228] veth1_vlan: left promiscuous mode [ 307.070018][ T5936] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 307.075480][ T6228] veth0_vlan: left promiscuous mode [ 307.112498][ T5936] usb 2-1: No valid video chain found. [ 307.144950][ T5936] usb 2-1: selecting invalid altsetting 0 [ 307.150849][ T5936] usbtest 2-1:220.1: probe with driver usbtest failed with error -22 [ 307.196041][ T5936] usb 2-1: USB disconnect, device number 45 [ 307.300610][T14325] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 307.811458][ T5977] usb 4-1: USB disconnect, device number 45 [ 307.996026][ T5858] Bluetooth: hci3: command tx timeout [ 308.616860][ T6228] team0 (unregistering): Port device team_slave_1 removed [ 308.760917][ T6228] team0 (unregistering): Port device team_slave_0 removed [ 308.910840][T14352] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.3649'. [ 310.063365][ T5858] Bluetooth: hci3: command tx timeout [ 310.139768][T14225] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.149795][T14225] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.157412][T14225] bridge_slave_1: entered allmulticast mode [ 310.168256][T14225] bridge_slave_1: entered promiscuous mode [ 310.377749][T14225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 310.440918][T14225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 310.758866][T14225] team0: Port device team_slave_0 added [ 310.774009][T14225] team0: Port device team_slave_1 added [ 310.930050][ T30] audit: type=1400 audit(1758287123.039:1232): avc: denied { ioctl } for pid=14385 comm="syz.3.3663" path="socket:[48093]" dev="sockfs" ino=48093 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 310.960640][T14225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.969253][T14225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.063126][T14225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 311.085462][T14225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 311.112096][T14225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.169625][T14225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 311.519079][T14225] hsr_slave_0: entered promiscuous mode [ 311.527040][T14225] hsr_slave_1: entered promiscuous mode [ 311.540425][T14225] debugfs: 'hsr0' already exists in 'hsr' [ 311.546308][T14225] Cannot create hsr debugfs directory [ 312.140265][ T5858] Bluetooth: hci3: command tx timeout [ 312.209402][T14225] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 312.237754][T14225] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 312.283437][T14225] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 312.397969][T14225] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 312.760051][T14225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 312.835647][T14225] 8021q: adding VLAN 0 to HW filter on device team0 [ 312.853872][ T6211] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.861646][ T6211] bridge0: port 1(bridge_slave_0) entered forwarding state [ 312.896864][ T6238] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.904209][ T6238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 313.472377][T14225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.269419][T14225] veth0_vlan: entered promiscuous mode [ 314.305249][T14225] veth1_vlan: entered promiscuous mode [ 314.430932][ T30] audit: type=1326 audit(1758287126.541:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14497 comm="syz.1.3702" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f978e58ec29 code=0x0 [ 314.447816][T14225] veth0_macvtap: entered promiscuous mode [ 314.517690][T14225] veth1_macvtap: entered promiscuous mode [ 314.563790][T14225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 314.593383][T14225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 314.623445][ T6238] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.644215][ T6238] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.670858][ T6238] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.703892][ T6238] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.832892][ T5984] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 314.964536][ T6238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.986520][ T6238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.019484][ T5984] usb 4-1: Using ep0 maxpacket: 32 [ 315.058655][ T5984] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 315.067169][ T5984] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 315.093077][ T6211] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.105800][ T6211] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.114253][ T5984] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 315.131554][ T5984] usb 4-1: config 1 has no interface number 0 [ 315.147014][ T5984] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 315.166313][ T5984] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 315.200790][ T5984] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 315.215081][ T5984] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.289312][ T5984] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 315.512141][ T5984] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 315.560722][ T5851] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 315.822975][ T5851] usb 7-1: Using ep0 maxpacket: 32 [ 315.841353][ T5851] usb 7-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 315.872771][ T5851] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.894731][ T5851] usb 7-1: config 0 descriptor?? [ 315.895705][T14533] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.3717'. [ 315.931433][ T5851] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 315.984969][ T5906] usb 4-1: USB disconnect, device number 46 [ 315.996026][ T5906] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 316.637423][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.644168][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.196394][ T5851] gspca_vc032x: reg_w err -71 [ 317.202779][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.212033][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.218899][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.225386][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.235032][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.241693][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.247342][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.253052][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.263373][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.269421][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.285827][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.291541][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.299735][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.309331][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.319136][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.325041][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.332908][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.338763][ T5851] gspca_vc032x: I2c Bus Busy Wait 00 [ 317.344464][ T5851] gspca_vc032x: Unknown sensor... [ 317.349904][ T5851] vc032x 7-1:0.0: probe with driver vc032x failed with error -22 [ 317.362285][ T5851] usb 7-1: USB disconnect, device number 2 [ 317.995463][T14586] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3738'. [ 318.184108][ T30] audit: type=1400 audit(1758287130.292:1234): avc: denied { create } for pid=14593 comm="syz.0.3742" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1 [ 319.096503][T14547] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 319.100544][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout [ 319.180160][T14622] overlayfs: failed to clone upperpath [ 319.777660][T14547] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 319.794499][T14547] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 319.950063][T14632] netlink: 'syz.4.3760': attribute type 9 has an invalid length. [ 319.974346][T14632] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3760'. [ 320.046429][ T5851] usb 2-1: new full-speed USB device number 46 using dummy_hcd [ 320.193850][T14645] erofs (device nbd6): cannot find valid erofs superblock [ 320.324556][T14651] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3769'. [ 320.360042][T14651] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3769'. [ 320.385583][T14651] netlink: 'syz.6.3769': attribute type 11 has an invalid length. [ 320.403158][T14651] netlink: 'syz.6.3769': attribute type 13 has an invalid length. [ 320.435752][ T5851] usb 2-1: device not accepting address 46, error -71 [ 320.647535][T14667] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3774'. [ 320.894923][ T10] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 320.943746][T14676] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 320.959993][T14676] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.964204][T14688] binder: 14687:14688 unknown command 384 [ 320.995652][T14688] binder: 14687:14688 ioctl c0306201 200000002540 returned -22 [ 321.055292][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 321.062796][ T10] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 321.086356][ T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 321.098041][ T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 321.124590][ T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 321.156111][ T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 321.170291][ T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 321.179763][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.190635][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout [ 321.193204][T14676] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 321.213814][T14676] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.315156][ T5927] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 321.394855][T14676] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 321.410256][T14676] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.439774][ T10] usb 7-1: usb_control_msg returned -32 [ 321.453232][ T10] usbtmc 7-1:16.0: can't read capabilities [ 321.502958][ T5927] usb 4-1: config 255 has an invalid interface number: 215 but max is 0 [ 321.512520][ T5927] usb 4-1: config 255 has no interface number 0 [ 321.523739][ T5927] usb 4-1: config 255 interface 215 has no altsetting 0 [ 321.543067][ T5927] usb 4-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=7d.01 [ 321.555582][ T5927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.571295][ T5927] usb 4-1: Product: syz [ 321.585183][ T5927] usb 4-1: Manufacturer: syz [ 321.603668][ T5927] usb 4-1: SerialNumber: syz [ 321.660363][T14676] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 321.692195][T14676] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.789548][ T30] audit: type=1400 audit(1758287133.904:1235): avc: denied { ioctl } for pid=14710 comm="syz.0.3794" path="socket:[51223]" dev="sockfs" ino=51223 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 321.879735][ T5927] usb 4-1: NFC: intf ffff888053e27000 id ffffffff8f56a600 [ 321.890099][ T5927] usb 4-1: USB disconnect, device number 47 [ 322.003107][ T6203] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 322.036006][ T6203] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.081874][ T6203] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 322.105288][ T6203] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.198845][ T6203] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 322.207916][ T6203] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.233151][ T6203] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 322.242213][ T6203] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.655366][ T5927] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 322.718766][ T30] audit: type=1326 audit(1758287134.835:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14723 comm="syz.3.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x7fc00000 [ 322.834854][ T5927] usb 5-1: Using ep0 maxpacket: 32 [ 322.850915][ T5927] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 322.867041][ T5927] usb 5-1: config 0 has no interface number 0 [ 322.873555][ T5927] usb 5-1: config 0 interface 184 has no altsetting 0 [ 322.883176][ T5927] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 322.902727][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.923314][ T5927] usb 5-1: Product: syz [ 322.927865][ T5927] usb 5-1: Manufacturer: syz [ 322.932569][ T5927] usb 5-1: SerialNumber: syz [ 322.952271][ T5927] usb 5-1: config 0 descriptor?? [ 322.963054][ T5927] smsc75xx v1.0.0 [ 323.254397][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout [ 323.369984][ T30] audit: type=1326 audit(1758287135.485:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14723 comm="syz.3.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f577c52ae09 code=0x7fc00000 [ 323.412130][ T30] audit: type=1326 audit(1758287135.485:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14723 comm="syz.3.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f577c52aecf code=0x7fc00000 [ 323.467292][ T30] audit: type=1326 audit(1758287135.485:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14723 comm="syz.3.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f577c58ec29 code=0x7fc00000 [ 323.594793][T14734] bridge0: left promiscuous mode [ 323.672701][ T5927] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 323.687967][ T5984] usb 7-1: USB disconnect, device number 3 [ 323.710828][ T5927] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 323.863446][T14734] veth0_to_team: left promiscuous mode [ 323.946510][T14734] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 324.015945][T14734] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 324.142916][ T5927] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71 [ 324.155431][ T5927] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71 [ 324.171427][T14734] macvlan0: left promiscuous mode [ 324.179060][ T5927] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 324.209020][ T5927] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71 [ 324.255007][ T5927] usb 5-1: USB disconnect, device number 51 [ 324.283783][ T5984] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 324.444545][ T5984] usb 2-1: Using ep0 maxpacket: 16 [ 324.451967][ T5984] usb 2-1: config 0 has an invalid interface number: 214 but max is 0 [ 324.463506][ T5984] usb 2-1: config 0 has no interface number 0 [ 324.474727][ T5984] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 324.505689][ T5984] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 324.515578][ T5984] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.527363][ T5984] usb 2-1: Product: syz [ 324.531678][ T5984] usb 2-1: Manufacturer: syz [ 324.550094][ T5984] usb 2-1: SerialNumber: syz [ 324.571889][ T5984] usb 2-1: config 0 descriptor?? [ 324.577759][T14734] batman_adv: batadv0: Interface deactivated: gretap1 [ 324.600593][T14734] batman_adv: batadv0: Interface deactivated: macsec2 [ 324.622147][T14734] gretap2: left promiscuous mode [ 324.649619][ T6203] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 324.667544][ T6203] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.697673][ T6239] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 324.723654][ T6239] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.746704][ T6239] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 324.762406][ T6239] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.784674][ T6239] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 324.800115][ T5984] usbtouchscreen 2-1:0.214: Failed to read FW rev: 0 [ 324.803844][ T6239] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.828817][ T5984] usbtouchscreen 2-1:0.214: probe with driver usbtouchscreen failed with error -5 [ 325.168943][T14765] vlan2: entered allmulticast mode [ 325.198839][T14765] hsr0: entered allmulticast mode [ 325.208484][T14765] hsr_slave_0: entered allmulticast mode [ 325.246220][T14765] hsr_slave_1: entered allmulticast mode [ 326.403347][ T5851] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 326.445728][T14805] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3831'. [ 326.460995][T14805] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3831'. [ 326.554372][ T5851] usb 7-1: Using ep0 maxpacket: 16 [ 326.565032][ T5851] usb 7-1: config 0 has an invalid interface number: 105 but max is 0 [ 326.583266][ T5851] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 326.612614][ T5851] usb 7-1: config 0 has no interface number 0 [ 326.621074][ T5851] usb 7-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 326.647573][ T5851] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.668475][ T5851] usb 7-1: Product: syz [ 326.672886][ T5851] usb 7-1: Manufacturer: syz [ 326.682425][ T5851] usb 7-1: SerialNumber: syz [ 326.691881][ T5851] usb 7-1: config 0 descriptor?? [ 326.698250][T14814] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3834'. [ 326.909753][ T5851] usb 7-1: Found UVC 0.00 device syz (046d:08f3) [ 326.918177][ T5851] usb 7-1: No valid video chain found. [ 327.083323][ T5851] usb 2-1: USB disconnect, device number 48 [ 327.161307][ T5984] usb 7-1: USB disconnect, device number 4 [ 327.307267][ T30] audit: type=1400 audit(1758287139.427:1240): avc: denied { read } for pid=14829 comm="syz.0.3842" path="socket:[50954]" dev="sockfs" ino=50954 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 327.833521][T14850] kvm: kvm [14849]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000006f) = 0x0 [ 327.963808][ T5927] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 327.987553][ T30] audit: type=1400 audit(1758287140.107:1241): avc: denied { name_bind 0x1000000 } for pid=14859 comm="syz.6.3855" path="socket:[51039]" dev="sockfs" ino=51039 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 328.019401][T14861] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 328.145788][ T5927] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 328.162926][ T5927] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 328.177467][ T5927] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 328.187607][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 328.196173][ T5927] usb 5-1: SerialNumber: syz [ 328.370730][ T30] audit: type=1400 audit(1758287140.488:1242): avc: denied { read } for pid=14870 comm="syz.1.3859" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 328.399391][ T30] audit: type=1400 audit(1758287140.488:1243): avc: denied { open } for pid=14870 comm="syz.1.3859" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 328.425012][ T5906] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 328.464875][ T5927] usb 5-1: 0:2 : does not exist [ 328.470497][ T30] audit: type=1400 audit(1758287140.518:1244): avc: denied { watch } for pid=14870 comm="syz.1.3859" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 328.499004][ T5927] usb 5-1: unit 255 not found! [ 328.504513][ T30] audit: type=1400 audit(1758287140.518:1245): avc: denied { watch_sb } for pid=14870 comm="syz.1.3859" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 328.538478][ T5927] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 328.558077][ T5927] usb 5-1: USB disconnect, device number 52 [ 328.560151][T14873] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3860'. [ 328.578354][T14873] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3860'. [ 328.591699][ T5906] usb 7-1: Using ep0 maxpacket: 16 [ 328.599377][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 328.611120][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 328.621803][ T5906] usb 7-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00 [ 328.641229][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.699875][ T5906] usb 7-1: config 0 descriptor?? [ 329.017227][ T30] audit: type=1400 audit(1758287141.138:1246): avc: denied { watch } for pid=14881 comm="syz.1.3864" path="/736/file0/file0" dev="afs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1 [ 329.126924][ T30] audit: type=1326 audit(1758287141.248:1247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14885 comm="syz.3.3866" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f577c58ec29 code=0x0 [ 329.150121][ C1] vkms_vblank_simulate: vblank timer overrun [ 329.156404][ T5906] input: HID 0458:5012 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0458:5012.0036/input/input55 [ 329.256282][ T5906] input: HID 0458:5012 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0458:5012.0036/input/input56 [ 329.361361][ T5906] kye 0003:0458:5012.0036: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5012] on usb-dummy_hcd.6-1/input0 [ 329.428712][ T5906] usb 7-1: USB disconnect, device number 5 [ 329.452412][T14898] : renamed from wg2 [ 329.494275][T14901] Bluetooth: hci0: load_link_keys: too big key_count value 65280 [ 329.904927][ T30] audit: type=1400 audit(1758287142.028:1248): avc: denied { module_load } for pid=14915 comm="syz.1.3880" path="/sys/power/wakeup_count" dev="sysfs" ino=1413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 330.833448][T14942] tipc: Started in network mode [ 330.863836][T14942] tipc: Node identity 766ca2055256, cluster identity 4711 [ 330.914678][T14942] tipc: Enabled bearer , priority 0 [ 330.972260][T14945] tipc: Disabling bearer [ 331.197356][T14949] kvm: user requested TSC rate below hardware speed [ 331.441005][T14955] syzkaller0: entered allmulticast mode [ 331.530705][T14955] syzkaller0 (unregistering): left allmulticast mode [ 331.723752][ T30] audit: type=1400 audit(1758287143.839:1249): avc: denied { name_bind } for pid=14968 comm="syz.3.3901" path="socket:[52238]" dev="sockfs" ino=52238 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 331.798646][T14975] netlink: 'syz.4.3904': attribute type 10 has an invalid length. [ 331.818040][T14975] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 331.828227][T14975] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 331.861946][T14974] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 332.119754][ T5927] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 332.300245][T14990] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3910'. [ 332.429541][ T5927] usb 7-1: Using ep0 maxpacket: 8 [ 332.441655][ T5927] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 332.459531][ T5927] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 332.470247][ T5927] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 332.491114][ T30] audit: type=1400 audit(1758287144.620:1250): avc: denied { read open } for pid=14993 comm="syz.3.3912" path="/" dev="configfs" ino=192 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 332.524168][ T5927] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 332.559530][ T5927] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 332.592239][ T5927] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.757379][T14999] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.765365][T14999] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.797239][T14999] bond_slave_0: left promiscuous mode [ 332.804933][T14999] bond_slave_1: left promiscuous mode [ 332.812088][T14999] mac80211_hwsim hwsim11 wlan1: left promiscuous mode [ 332.833222][ T5927] usb 7-1: usb_control_msg returned -32 [ 332.838989][ T5927] usbtmc 7-1:16.0: can't read capabilities [ 332.880263][ T5927] usb 7-1: USB disconnect, device number 6 [ 333.066588][T14999] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 333.096367][T14999] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 333.280095][T14999] vlan2: left promiscuous mode [ 333.285996][T14999] !: left promiscuous mode [ 333.360172][T15026] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3923'. [ 333.375045][ T6203] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 333.399097][ T6203] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.436080][ T6203] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 333.473430][ T6203] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.566396][ T6203] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 333.579993][ T6203] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.687477][ T6203] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 333.699397][ T6203] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.453910][T15063] netlink: 'syz.0.3936': attribute type 4 has an invalid length. [ 334.482905][T15063] netlink: 'syz.0.3936': attribute type 4 has an invalid length. [ 334.563057][T15067] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3938'. [ 334.684314][ T30] audit: type=1400 audit(1758287146.811:1251): avc: denied { getopt } for pid=15072 comm="syz.1.3941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 334.708644][ T5987] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 334.896138][ T5987] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 334.908077][ T5987] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 334.919094][ T5987] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 334.929003][ T5987] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 334.937106][ T5987] usb 5-1: SerialNumber: syz [ 335.094477][ T5905] libceph: connect (1)[c::]:6789 error -101 [ 335.109577][ T5905] libceph: mon0 (1)[c::]:6789 connect error [ 335.160769][ T5987] usb 5-1: 0:2 : does not exist [ 335.171613][ T5905] libceph: connect (1)[c::]:6789 error -101 [ 335.193602][ T5987] usb 5-1: USB disconnect, device number 53 [ 335.208559][ T5905] libceph: mon0 (1)[c::]:6789 connect error [ 335.492070][ T5905] libceph: connect (1)[c::]:6789 error -101 [ 335.508530][ T5905] libceph: mon0 (1)[c::]:6789 connect error [ 335.858699][T15085] ceph: No mds server is up or the cluster is laggy [ 336.033927][ T5905] libceph: connect (1)[c::]:6789 error -101 [ 336.041004][ T5905] libceph: mon0 (1)[c::]:6789 connect error [ 336.181463][ C1] vkms_vblank_simulate: vblank timer overrun [ 336.498032][T15131] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3965'. [ 336.757630][ T5851] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 336.922238][ T5851] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 336.939519][T15149] 9pnet: p9_errstr2errno: server reported unknown error n$[ [ 336.939519][T15149] Q&|xXX initial count (241705619456 ns). Using initial count to start timer. [ 341.320612][T15252] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.336787][ T5906] uclogic 0003:256C:006D.0038: failed retrieving string descriptor #100: -71 [ 341.373882][ T5906] uclogic 0003:256C:006D.0038: failed retrieving pen parameters: -71 [ 341.388507][ T5906] uclogic 0003:256C:006D.0038: failed probing pen v1 parameters: -71 [ 341.397140][ T5906] uclogic 0003:256C:006D.0038: failed probing parameters: -71 [ 341.404862][ T5906] uclogic 0003:256C:006D.0038: probe with driver uclogic failed with error -71 [ 341.463395][ T5906] usb 4-1: USB disconnect, device number 49 [ 341.585221][ T30] audit: type=1400 audit(1758287153.714:1255): avc: denied { bind } for pid=15266 comm="syz.6.4019" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 341.633936][T15252] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.748981][ T30] audit: type=1400 audit(1758287153.884:1256): avc: denied { map } for pid=15273 comm="syz.6.4022" path="/dev/sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 341.774750][T15252] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.785729][ T30] audit: type=1400 audit(1758287153.884:1257): avc: denied { execute } for pid=15273 comm="syz.6.4022" path="/dev/sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 342.020287][T15252] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.327088][ T6238] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.362140][ T6238] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.403340][ T6239] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.432604][ T6239] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.567220][ T30] audit: type=1400 audit(1758287154.675:1258): avc: denied { read } for pid=15299 comm="syz.4.4035" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 342.628306][ T30] audit: type=1400 audit(1758287154.675:1259): avc: denied { open } for pid=15299 comm="syz.4.4035" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 342.702479][ T30] audit: type=1400 audit(1758287154.755:1260): avc: denied { ioctl } for pid=15299 comm="syz.4.4035" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 343.036950][ T30] audit: type=1326 audit(1758287155.165:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15317 comm="syz.4.4042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53af8ec29 code=0x7ffc0000 [ 343.212777][T15327] veth0: entered promiscuous mode [ 343.222387][T15327] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4046'. [ 343.310030][T15325] veth0: left promiscuous mode [ 344.739077][T15350] evm: overlay not supported [ 345.003376][ T5905] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 345.195197][ T5905] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 345.197936][T15371] netlink: 140 bytes leftover after parsing attributes in process `syz.1.4065'. [ 345.253270][ T5905] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.271538][ T5905] usb 7-1: config 0 descriptor?? [ 345.290193][ T5905] cp210x 7-1:0.0: cp210x converter detected [ 345.461679][T15381] cgroup: fork rejected by pids controller in /syz1 [ 345.694293][ T5905] cp210x 7-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 345.707198][ T5905] usb 7-1: cp210x converter now attached to ttyUSB0 [ 345.935789][ T5905] usb 7-1: USB disconnect, device number 8 [ 345.958558][ T5905] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 346.018325][ T5906] libceph: connect (1)[c::]:6789 error -101 [ 346.024960][ T5906] libceph: mon0 (1)[c::]:6789 connect error [ 346.044410][ T5905] cp210x 7-1:0.0: device disconnected [ 346.210246][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 346.237802][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 346.238360][T15400] tipc: Started in network mode [ 346.260646][T15400] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 346.270030][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 346.277517][T15400] tipc: Enabling of bearer rejected, failed to enable media [ 346.297752][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 346.306640][ T5905] libceph: connect (1)[c::]:6789 error -101 [ 346.313548][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 346.315605][ T5905] libceph: mon0 (1)[c::]:6789 connect error [ 346.568986][T15411] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 346.785142][T15397] chnl_net:caif_netlink_parms(): no params data found [ 346.795609][T15388] ceph: No mds server is up or the cluster is laggy [ 346.892596][ T5927] usb 5-1: new full-speed USB device number 55 using dummy_hcd [ 347.076918][ T5927] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 347.100192][ T5927] usb 5-1: config 0 has no interface number 0 [ 347.120776][T15397] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.143673][ T5927] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 347.160459][T15397] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.176664][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.187731][T15397] bridge_slave_0: entered allmulticast mode [ 347.197427][ T5927] usb 5-1: Product: syz [ 347.206844][ T5927] usb 5-1: Manufacturer: syz [ 347.213452][T15397] bridge_slave_0: entered promiscuous mode [ 347.223810][ T5927] usb 5-1: SerialNumber: syz [ 347.238008][T15397] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.251060][ T5927] usb 5-1: config 0 descriptor?? [ 347.257367][T15397] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.266798][T15397] bridge_slave_1: entered allmulticast mode [ 347.276138][T15397] bridge_slave_1: entered promiscuous mode [ 347.356791][T15397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 347.381120][T15397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 347.481005][T15397] team0: Port device team_slave_0 added [ 347.504025][T15397] team0: Port device team_slave_1 added [ 347.575476][T15397] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 347.585324][T15397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.611353][ C1] vkms_vblank_simulate: vblank timer overrun [ 347.638432][T15397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 347.667421][T15397] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 347.683504][ T5927] usb 5-1: Firmware: major: 84, minor: 103, hardware type: UNKNOWN (73) [ 347.694891][T15397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.761875][T15397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 347.890308][ T5927] usb 5-1: Read permanent extended address 52:39:35:8d:79:3e:bf:c5 from device [ 347.900376][ T5927] usb 5-1: atusb_probe: initialization failed, error = -524 [ 347.925863][ T5927] atusb 5-1:0.128: probe with driver atusb failed with error -524 [ 347.954080][T15397] hsr_slave_0: entered promiscuous mode [ 347.966368][T15397] hsr_slave_1: entered promiscuous mode [ 347.974574][T15397] debugfs: 'hsr0' already exists in 'hsr' [ 347.980472][T15397] Cannot create hsr debugfs directory [ 348.109702][ T5851] usb 5-1: USB disconnect, device number 55 [ 348.442878][ T5858] Bluetooth: hci4: command tx timeout [ 348.459270][T15397] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.586927][T15397] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.678730][T15397] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.727116][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 348.727142][ T30] audit: type=1400 audit(1758287160.858:1274): avc: denied { bind } for pid=15457 comm="syz.4.4099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 348.790188][T15397] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.298965][T15397] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 349.344413][T15397] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 349.392306][T15397] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 349.438148][T15397] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 349.805762][T15397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 349.921023][T15397] 8021q: adding VLAN 0 to HW filter on device team0 [ 349.947197][ T6211] bridge0: port 1(bridge_slave_0) entered blocking state [ 349.954559][ T6211] bridge0: port 1(bridge_slave_0) entered forwarding state [ 349.979671][ T6211] bridge0: port 2(bridge_slave_1) entered blocking state [ 349.987027][ T6211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 350.510890][ T5906] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 350.542640][ T5858] Bluetooth: hci4: command tx timeout [ 350.565602][T15397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 350.674154][ T5906] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 350.717607][ T5906] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 62976, setting to 1024 [ 350.772366][T15397] veth0_vlan: entered promiscuous mode [ 350.779186][ T5906] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 350.807121][ T5906] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 350.825138][T15397] veth1_vlan: entered promiscuous mode [ 350.844685][ T5906] usb 7-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3 [ 350.869454][ T5906] usb 7-1: Product: syz [ 350.890536][ T5906] usb 7-1: Manufacturer: syz [ 350.904122][ T5906] usb 7-1: SerialNumber: syz [ 350.937293][ T5906] cdc_mbim 7-1:1.0: skipping garbage [ 350.958996][T15397] veth0_macvtap: entered promiscuous mode [ 350.984705][T15397] veth1_macvtap: entered promiscuous mode [ 351.045248][T15397] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 351.145585][T15397] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 351.153164][T15512] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 351.208977][ T6211] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.235780][ T6211] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.288394][ T6211] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.350235][ T6211] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.506415][ T6228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.519462][ T6228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.578776][T15532] loop2: detected capacity change from 0 to 7 [ 351.581629][ T6239] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.593488][ T6239] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.597181][T15532] Dev loop2: unable to read RDB block 7 [ 351.608718][T15532] loop2: unable to read partition table [ 351.615882][T15532] loop2: partition table beyond EOD, truncated [ 351.634907][T15532] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 351.769062][T15512] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 351.980394][T15544] netlink: 'syz.3.4128': attribute type 4 has an invalid length. [ 351.990845][ T5906] cdc_mbim 7-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 351.997539][ T5906] cdc_mbim 7-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 352.012442][ T5906] cdc_mbim 7-1:1.0: setting rx_max = 2048 [ 352.018691][T15544] netlink: 'syz.3.4128': attribute type 4 has an invalid length. [ 352.207867][ T5906] cdc_mbim 7-1:1.0: setting tx_max = 184 [ 352.240219][ T5906] cdc_ncm 7-1:1.1: probe with driver cdc_ncm failed with error -71 [ 352.267429][ T5906] cdc_mbim 7-1:1.1: probe with driver cdc_mbim failed with error -71 [ 352.301691][ T5906] usbtest 7-1:1.1: probe with driver usbtest failed with error -71 [ 352.340907][ T5906] usb 7-1: USB disconnect, device number 9 [ 352.490417][ T5927] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 352.595042][ T30] audit: type=1400 audit(1758287164.710:1275): avc: denied { getopt } for pid=15556 comm="syz.0.4135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 352.616546][ T5858] Bluetooth: hci4: command tx timeout [ 352.669457][ T5927] usb 4-1: Using ep0 maxpacket: 8 [ 352.676929][ T5927] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.689500][ T5927] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 352.702989][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.713763][ T5927] usb 4-1: config 0 descriptor?? [ 352.735534][ T5927] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 353.273059][T15576] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4143'. [ 353.692208][T15594] [ 353.694642][T15594] ===================================================== [ 353.701608][T15594] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 353.709116][T15594] syzkaller #0 Not tainted [ 353.713591][T15594] ----------------------------------------------------- [ 353.720674][T15594] syz.1.4151/15594 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 353.728450][T15594] ffff888056cc7168 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 353.737251][T15594] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 353.737251][T15594] and this task is already holding: [ 353.744659][T15594] ffff88807b033028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 353.749549][ T30] audit: type=1400 audit(1758287165.830:1276): avc: denied { write } for pid=5833 comm="syz-executor" path="pipe:[5347]" dev="pipefs" ino=5347 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 353.754596][T15594] which would create a new lock dependency: [ 353.754615][T15594] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 353.754675][T15594] [ 353.754675][T15594] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 353.754683][T15594] (&dev->event_lock#2){..-.}-{3:3} [ 353.754700][T15594] [ 353.754700][T15594] ... which became SOFTIRQ-irq-safe at: [ 353.754707][T15594] lock_acquire+0x179/0x350 [ 353.754735][T15594] _raw_spin_lock_irqsave+0x3a/0x60 [ 353.754771][T15594] input_inject_event+0x9f/0x3b0 [ 353.754797][T15594] led_set_brightness+0x217/0x290 [ 353.754822][T15594] led_trigger_event+0xda/0x270 [ 353.754849][T15594] kbd_bh+0x21b/0x300 [ 353.754878][T15594] tasklet_action_common+0x281/0x400 [ 353.848925][T15594] handle_softirqs+0x219/0x8e0 [ 353.853872][T15594] run_ksoftirqd+0x3a/0x60 [ 353.858387][T15594] smpboot_thread_fn+0x3f7/0xae0 [ 353.863486][T15594] kthread+0x3c2/0x780 [ 353.867681][T15594] ret_from_fork+0x56a/0x730 [ 353.872393][T15594] ret_from_fork_asm+0x1a/0x30 [ 353.877272][T15594] [ 353.877272][T15594] to a SOFTIRQ-irq-unsafe lock: [ 353.884299][T15594] (tasklist_lock){.+.+}-{3:3} [ 353.884326][T15594] [ 353.884326][T15594] ... which became SOFTIRQ-irq-unsafe at: [ 353.896931][T15594] ... [ 353.896941][T15594] lock_acquire+0x179/0x350 [ 353.904141][T15594] _raw_read_lock+0x5f/0x70 [ 353.908775][T15594] __do_wait+0x105/0x890 [ 353.913121][T15594] do_wait+0x21e/0x5a0 [ 353.917289][T15594] kernel_wait+0x9f/0x160 [ 353.921756][T15594] call_usermodehelper_exec_work+0xf1/0x170 [ 353.927753][T15594] process_one_work+0x9cc/0x1b70 [ 353.932788][T15594] worker_thread+0x6c8/0xf10 [ 353.937467][T15594] kthread+0x3c2/0x780 [ 353.941615][T15594] ret_from_fork+0x56a/0x730 [ 353.946294][T15594] ret_from_fork_asm+0x1a/0x30 [ 353.951157][T15594] [ 353.951157][T15594] other info that might help us debug this: [ 353.951157][T15594] [ 353.961458][T15594] Chain exists of: [ 353.961458][T15594] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 353.961458][T15594] [ 353.975051][T15594] Possible interrupt unsafe locking scenario: [ 353.975051][T15594] [ 353.983380][T15594] CPU0 CPU1 [ 353.988749][T15594] ---- ---- [ 353.994119][T15594] lock(tasklist_lock); [ 353.998403][T15594] local_irq_disable(); [ 354.005185][T15594] lock(&dev->event_lock#2); [ 354.012409][T15594] lock(&client->buffer_lock); [ 354.019822][T15594] [ 354.023291][T15594] lock(&dev->event_lock#2); [ 354.028172][T15594] [ 354.028172][T15594] *** DEADLOCK *** [ 354.028172][T15594] [ 354.036323][T15594] 7 locks held by syz.1.4151/15594: [ 354.041536][T15594] #0: ffff88814771b118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x206/0x750 [ 354.050673][T15594] #1: ffff88801f7f3230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 354.061132][T15594] #2: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 354.070840][T15594] #3: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 354.080446][T15594] #4: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 354.089717][T15594] #5: ffff88807b033028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 354.100240][T15594] #6: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 354.109418][T15594] [ 354.109418][T15594] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 354.119861][T15594] -> (&dev->event_lock#2){..-.}-{3:3} { [ 354.125536][T15594] IN-SOFTIRQ-W at: [ 354.130051][T15594] lock_acquire+0x179/0x350 [ 354.136409][T15594] _raw_spin_lock_irqsave+0x3a/0x60 [ 354.143543][T15594] input_inject_event+0x9f/0x3b0 [ 354.150335][T15594] led_set_brightness+0x217/0x290 [ 354.157285][T15594] led_trigger_event+0xda/0x270 [ 354.163980][T15594] kbd_bh+0x21b/0x300 [ 354.169878][T15594] tasklet_action_common+0x281/0x400 [ 354.177050][T15594] handle_softirqs+0x219/0x8e0 [ 354.183654][T15594] run_ksoftirqd+0x3a/0x60 [ 354.189922][T15594] smpboot_thread_fn+0x3f7/0xae0 [ 354.196808][T15594] kthread+0x3c2/0x780 [ 354.202729][T15594] ret_from_fork+0x56a/0x730 [ 354.209152][T15594] ret_from_fork_asm+0x1a/0x30 [ 354.215750][T15594] INITIAL USE at: [ 354.219736][T15594] lock_acquire+0x179/0x350 [ 354.225995][T15594] _raw_spin_lock_irqsave+0x3a/0x60 [ 354.233013][T15594] input_inject_event+0x9f/0x3b0 [ 354.239704][T15594] led_set_brightness+0x217/0x290 [ 354.246501][T15594] kbd_led_trigger_activate+0xcb/0x110 [ 354.253731][T15594] led_trigger_set+0x59a/0xc50 [ 354.260248][T15594] led_trigger_set_default+0x1e0/0x2e0 [ 354.267466][T15594] led_classdev_register_ext+0x7b8/0xa10 [ 354.274881][T15594] input_leds_connect+0x552/0x8e0 [ 354.281711][T15594] input_attach_handler.isra.0+0x173/0x250 [ 354.289377][T15594] input_register_device+0xab9/0x1180 [ 354.296519][T15594] atkbd_connect+0x5f8/0xa40 [ 354.302912][T15594] serio_driver_probe+0x7f/0xd0 [ 354.309539][T15594] really_probe+0x23e/0xa90 [ 354.315800][T15594] __driver_probe_device+0x1de/0x440 [ 354.322848][T15594] driver_probe_device+0x4c/0x1b0 [ 354.329632][T15594] __driver_attach+0x283/0x580 [ 354.336190][T15594] bus_for_each_dev+0x13b/0x1d0 [ 354.342816][T15594] serio_handle_event+0x335/0xc30 [ 354.349619][T15594] process_one_work+0x9cc/0x1b70 [ 354.356369][T15594] worker_thread+0x6c8/0xf10 [ 354.362744][T15594] kthread+0x3c2/0x780 [ 354.368569][T15594] ret_from_fork+0x56a/0x730 [ 354.374912][T15594] ret_from_fork_asm+0x1a/0x30 [ 354.381521][T15594] } [ 354.384112][T15594] ... key at: [] __key.7+0x0/0x40 [ 354.391395][T15594] -> (&client->buffer_lock){....}-{3:3} { [ 354.397175][T15594] INITIAL USE at: [ 354.401068][T15594] lock_acquire+0x179/0x350 [ 354.407168][T15594] _raw_spin_lock_irqsave+0x3a/0x60 [ 354.413961][T15594] evdev_do_ioctl+0x347/0x1b30 [ 354.420326][T15594] evdev_ioctl+0x16f/0x1a0 [ 354.426315][T15594] __x64_sys_ioctl+0x18e/0x210 [ 354.432699][T15594] do_syscall_64+0xcd/0x4e0 [ 354.438877][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.446341][T15594] } [ 354.448827][T15594] ... key at: [] __key.1+0x0/0x40 [ 354.455937][T15594] ... acquired at: [ 354.459860][T15594] _raw_spin_lock+0x2e/0x40 [ 354.464533][T15594] evdev_pass_values+0x10e/0x9b0 [ 354.469657][T15594] evdev_events+0x1bb/0x390 [ 354.474349][T15594] input_pass_values+0x74b/0x880 [ 354.479502][T15594] input_handle_event+0xf00/0x14d0 [ 354.484817][T15594] input_inject_event+0x1e8/0x3b0 [ 354.490015][T15594] evdev_write+0x457/0x750 [ 354.494604][T15594] vfs_write+0x2a0/0x11d0 [ 354.499154][T15594] ksys_write+0x1f8/0x250 [ 354.503659][T15594] do_syscall_64+0xcd/0x4e0 [ 354.508331][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.514403][T15594] [ 354.516747][T15594] [ 354.516747][T15594] the dependencies between the lock to be acquired [ 354.516755][T15594] and SOFTIRQ-irq-unsafe lock: [ 354.530306][T15594] -> (tasklist_lock){.+.+}-{3:3} { [ 354.535634][T15594] HARDIRQ-ON-R at: [ 354.539798][T15594] lock_acquire+0x179/0x350 [ 354.546325][T15594] _raw_read_lock+0x5f/0x70 [ 354.552863][T15594] __do_wait+0x105/0x890 [ 354.559108][T15594] do_wait+0x21e/0x5a0 [ 354.565186][T15594] kernel_wait+0x9f/0x160 [ 354.571568][T15594] call_usermodehelper_exec_work+0xf1/0x170 [ 354.579553][T15594] process_one_work+0x9cc/0x1b70 [ 354.586536][T15594] worker_thread+0x6c8/0xf10 [ 354.593175][T15594] kthread+0x3c2/0x780 [ 354.599290][T15594] ret_from_fork+0x56a/0x730 [ 354.605899][T15594] ret_from_fork_asm+0x1a/0x30 [ 354.612658][T15594] SOFTIRQ-ON-R at: [ 354.616818][T15594] lock_acquire+0x179/0x350 [ 354.623336][T15594] _raw_read_lock+0x5f/0x70 [ 354.629936][T15594] __do_wait+0x105/0x890 [ 354.636204][T15594] do_wait+0x21e/0x5a0 [ 354.642357][T15594] kernel_wait+0x9f/0x160 [ 354.648725][T15594] call_usermodehelper_exec_work+0xf1/0x170 [ 354.656623][T15594] process_one_work+0x9cc/0x1b70 [ 354.663558][T15594] worker_thread+0x6c8/0xf10 [ 354.670289][T15594] kthread+0x3c2/0x780 [ 354.676407][T15594] ret_from_fork+0x56a/0x730 [ 354.683040][T15594] ret_from_fork_asm+0x1a/0x30 [ 354.689862][T15594] INITIAL USE at: [ 354.693936][T15594] lock_acquire+0x179/0x350 [ 354.700382][T15594] _raw_write_lock_irq+0x36/0x50 [ 354.707238][T15594] copy_process+0x4caf/0x7690 [ 354.713832][T15594] kernel_clone+0xfc/0x930 [ 354.720161][T15594] user_mode_thread+0xc7/0x110 [ 354.726848][T15594] rest_init+0x23/0x2b0 [ 354.732972][T15594] start_kernel+0x3ee/0x4d0 [ 354.739450][T15594] x86_64_start_reservations+0x18/0x30 [ 354.746870][T15594] x86_64_start_kernel+0x130/0x190 [ 354.753898][T15594] common_startup_64+0x13e/0x148 [ 354.760755][T15594] INITIAL READ USE at: [ 354.765368][T15594] lock_acquire+0x179/0x350 [ 354.772228][T15594] _raw_read_lock+0x5f/0x70 [ 354.779134][T15594] __do_wait+0x105/0x890 [ 354.785738][T15594] do_wait+0x21e/0x5a0 [ 354.792218][T15594] kernel_wait+0x9f/0x160 [ 354.798911][T15594] call_usermodehelper_exec_work+0xf1/0x170 [ 354.807161][T15594] process_one_work+0x9cc/0x1b70 [ 354.814465][T15594] worker_thread+0x6c8/0xf10 [ 354.821423][T15594] kthread+0x3c2/0x780 [ 354.827834][T15594] ret_from_fork+0x56a/0x730 [ 354.834786][T15594] ret_from_fork_asm+0x1a/0x30 [ 354.841941][T15594] } [ 354.844652][T15594] ... key at: [] tasklist_lock+0x18/0x40 [ 354.852575][T15594] ... acquired at: [ 354.856556][T15594] _raw_read_lock+0x5f/0x70 [ 354.861267][T15594] send_sigio+0xb8/0x3e0 [ 354.865739][T15594] dnotify_handle_event+0x15e/0x2b0 [ 354.871183][T15594] fsnotify_handle_inode_event.isra.0+0x1df/0x3f0 [ 354.877810][T15594] fsnotify+0x13d6/0x1dc0 [ 354.882311][T15594] iterate_dir+0x8c2/0xaf0 [ 354.886915][T15594] __x64_sys_getdents+0x13c/0x2b0 [ 354.892124][T15594] do_syscall_64+0xcd/0x4e0 [ 354.896819][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.902896][T15594] [ 354.905231][T15594] -> (&f_owner->lock){....}-{3:3} { [ 354.910535][T15594] INITIAL USE at: [ 354.914521][T15594] lock_acquire+0x179/0x350 [ 354.920873][T15594] _raw_write_lock_irq+0x36/0x50 [ 354.927544][T15594] __f_setown+0x61/0x3c0 [ 354.933542][T15594] generic_setlease+0xef2/0x1300 [ 354.940235][T15594] kernel_setlease+0x106/0x140 [ 354.946747][T15594] vfs_setlease+0x258/0x2d0 [ 354.953023][T15594] fcntl_setlease+0x3ed/0x5a0 [ 354.959541][T15594] do_fcntl+0x751/0x15a0 [ 354.965546][T15594] __x64_sys_fcntl+0x163/0x200 [ 354.972068][T15594] do_syscall_64+0xcd/0x4e0 [ 354.978336][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.985978][T15594] INITIAL READ USE at: [ 354.990401][T15594] lock_acquire+0x179/0x350 [ 354.997092][T15594] _raw_read_lock_irqsave+0x74/0x90 [ 355.004490][T15594] send_sigio+0x31/0x3e0 [ 355.010940][T15594] kill_fasync+0x214/0x510 [ 355.017552][T15594] lease_break_callback+0x23/0x30 [ 355.024775][T15594] __break_lease+0x671/0x1810 [ 355.031652][T15594] do_dentry_open+0x91f/0x1530 [ 355.038625][T15594] vfs_open+0x82/0x3f0 [ 355.044878][T15594] path_openat+0x1de4/0x2cb0 [ 355.051648][T15594] do_filp_open+0x20b/0x470 [ 355.058345][T15594] do_sys_openat2+0x11b/0x1d0 [ 355.065280][T15594] __x64_sys_openat+0x174/0x210 [ 355.072362][T15594] do_syscall_64+0xcd/0x4e0 [ 355.079136][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.087221][T15594] } [ 355.089817][T15594] ... key at: [] __key.1+0x0/0x40 [ 355.097039][T15594] ... acquired at: [ 355.100926][T15594] _raw_read_lock_irqsave+0x74/0x90 [ 355.106345][T15594] send_sigio+0x31/0x3e0 [ 355.110799][T15594] kill_fasync+0x214/0x510 [ 355.115490][T15594] lease_break_callback+0x23/0x30 [ 355.120712][T15594] __break_lease+0x671/0x1810 [ 355.125610][T15594] do_dentry_open+0x91f/0x1530 [ 355.130563][T15594] vfs_open+0x82/0x3f0 [ 355.134814][T15594] path_openat+0x1de4/0x2cb0 [ 355.139562][T15594] do_filp_open+0x20b/0x470 [ 355.144249][T15594] do_sys_openat2+0x11b/0x1d0 [ 355.149091][T15594] __x64_sys_openat+0x174/0x210 [ 355.154109][T15594] do_syscall_64+0xcd/0x4e0 [ 355.158780][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.164889][T15594] [ 355.167212][T15594] -> (&new->fa_lock){....}-{3:3} { [ 355.172471][T15594] INITIAL USE at: [ 355.176461][T15594] lock_acquire+0x179/0x350 [ 355.182628][T15594] _raw_write_lock_irq+0x36/0x50 [ 355.189147][T15594] fasync_remove_entry+0xb2/0x1e0 [ 355.195761][T15594] fasync_helper+0xaf/0xd0 [ 355.201744][T15594] lease_modify+0x232/0x500 [ 355.207835][T15594] locks_remove_file+0x29e/0x5c0 [ 355.214343][T15594] __fput+0x351/0xb70 [ 355.219996][T15594] task_work_run+0x150/0x240 [ 355.226179][T15594] exit_to_user_mode_loop+0xeb/0x110 [ 355.233041][T15594] do_syscall_64+0x41c/0x4e0 [ 355.239219][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.246703][T15594] INITIAL READ USE at: [ 355.251047][T15594] lock_acquire+0x179/0x350 [ 355.257577][T15594] _raw_read_lock_irqsave+0x74/0x90 [ 355.264917][T15594] kill_fasync+0x138/0x510 [ 355.271422][T15594] lease_break_callback+0x23/0x30 [ 355.278534][T15594] __break_lease+0x671/0x1810 [ 355.285305][T15594] do_dentry_open+0x91f/0x1530 [ 355.292098][T15594] vfs_open+0x82/0x3f0 [ 355.298187][T15594] path_openat+0x1de4/0x2cb0 [ 355.304776][T15594] do_filp_open+0x20b/0x470 [ 355.311274][T15594] do_sys_openat2+0x11b/0x1d0 [ 355.317965][T15594] __x64_sys_openat+0x174/0x210 [ 355.324826][T15594] do_syscall_64+0xcd/0x4e0 [ 355.331371][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.339317][T15594] } [ 355.341848][T15594] ... key at: [] __key.0+0x0/0x40 [ 355.349025][T15594] ... acquired at: [ 355.352824][T15594] lock_acquire+0x179/0x350 [ 355.357518][T15594] _raw_read_lock_irqsave+0x74/0x90 [ 355.362936][T15594] kill_fasync+0x138/0x510 [ 355.367566][T15594] evdev_pass_values+0x619/0x9b0 [ 355.372684][T15594] evdev_events+0x1bb/0x390 [ 355.377455][T15594] input_pass_values+0x74b/0x880 [ 355.382606][T15594] input_handle_event+0xf00/0x14d0 [ 355.387925][T15594] input_inject_event+0x1e8/0x3b0 [ 355.393134][T15594] evdev_write+0x457/0x750 [ 355.397772][T15594] vfs_write+0x2a0/0x11d0 [ 355.402282][T15594] ksys_write+0x1f8/0x250 [ 355.406788][T15594] do_syscall_64+0xcd/0x4e0 [ 355.411498][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.417621][T15594] [ 355.419952][T15594] [ 355.419952][T15594] stack backtrace: [ 355.425833][T15594] CPU: 0 UID: 0 PID: 15594 Comm: syz.1.4151 Not tainted syzkaller #0 PREEMPT(full) [ 355.425854][T15594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 355.425864][T15594] Call Trace: [ 355.425875][T15594] [ 355.425885][T15594] dump_stack_lvl+0x116/0x1f0 [ 355.425918][T15594] check_irq_usage+0x7dc/0x920 [ 355.425946][T15594] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 355.425967][T15594] ? check_path.constprop.0+0x24/0x50 [ 355.425990][T15594] ? __lock_acquire+0x12bc/0x1ce0 [ 355.426011][T15594] __lock_acquire+0x12bc/0x1ce0 [ 355.426036][T15594] lock_acquire+0x179/0x350 [ 355.426048][T15594] ? kill_fasync+0x138/0x510 [ 355.426074][T15594] _raw_read_lock_irqsave+0x74/0x90 [ 355.426094][T15594] ? kill_fasync+0x138/0x510 [ 355.426113][T15594] kill_fasync+0x138/0x510 [ 355.426132][T15594] evdev_pass_values+0x619/0x9b0 [ 355.426162][T15594] evdev_events+0x1bb/0x390 [ 355.426185][T15594] input_pass_values+0x74b/0x880 [ 355.426212][T15594] input_handle_event+0xf00/0x14d0 [ 355.426234][T15594] ? _copy_from_user+0x59/0xd0 [ 355.426258][T15594] input_inject_event+0x1e8/0x3b0 [ 355.426272][T15594] evdev_write+0x457/0x750 [ 355.426286][T15594] ? __pfx_evdev_write+0x10/0x10 [ 355.426299][T15594] ? bpf_lsm_file_permission+0x9/0x10 [ 355.426322][T15594] ? security_file_permission+0x71/0x210 [ 355.426348][T15594] ? rw_verify_area+0xcf/0x6c0 [ 355.426374][T15594] ? __pfx_evdev_write+0x10/0x10 [ 355.426386][T15594] vfs_write+0x2a0/0x11d0 [ 355.426403][T15594] ? __pfx_vfs_write+0x10/0x10 [ 355.426415][T15594] ? find_held_lock+0x2b/0x80 [ 355.426432][T15594] ? __fget_files+0x204/0x3c0 [ 355.426452][T15594] ? __fget_files+0x20e/0x3c0 [ 355.426470][T15594] ksys_write+0x1f8/0x250 [ 355.426484][T15594] ? __pfx_ksys_write+0x10/0x10 [ 355.426500][T15594] do_syscall_64+0xcd/0x4e0 [ 355.426527][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.426541][T15594] RIP: 0033:0x7f2bb2b8ec29 [ 355.426555][T15594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.426569][T15594] RSP: 002b:00007f2bb399a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 355.426585][T15594] RAX: ffffffffffffffda RBX: 00007f2bb2dd5fa0 RCX: 00007f2bb2b8ec29 [ 355.426596][T15594] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004 [ 355.426605][T15594] RBP: 00007f2bb2c11e41 R08: 0000000000000000 R09: 0000000000000000 [ 355.426614][T15594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 355.426622][T15594] R13: 00007f2bb2dd6038 R14: 00007f2bb2dd5fa0 R15: 00007ffda0497398 [ 355.426636][T15594] [ 355.684921][ C0] vkms_vblank_simulate: vblank timer overrun [ 355.692535][ T5927] gspca_vc032x: reg_r err -110 [ 355.697673][ T5927] vc032x 4-1:0.0: probe with driver vc032x failed with error -110 [ 355.900625][ T10] usb 4-1: USB disconnect, device number 50 [ 355.973137][ T5858] Bluetooth: hci4: command tx timeout [ 356.147707][ T5851] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 356.613443][ T6228] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.680407][ T6228] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.791670][ T6228] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.851514][ T6228] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.931551][ T6228] bridge_slave_1: left allmulticast mode [ 356.939619][ T6228] bridge_slave_1: left promiscuous mode [ 356.945405][ T6228] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.956716][ T6228] bridge_slave_0: left allmulticast mode [ 356.964073][ T6228] bridge_slave_0: left promiscuous mode [ 356.970123][ T6228] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.982079][ T6228] batman_adv: batadv0: Interface deactivated: gretap1 [ 357.053789][ T6228] batman_adv: batadv0: Removing interface: gretap1 [ 357.113380][ T6228] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 357.124462][ T6228] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 357.134466][ T6228] bond0 (unregistering): Released all slaves [ 357.194497][ T6228] tipc: Left network mode [ 357.366882][ T6228] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 357.374463][ T6228] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 357.382569][ T6228] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 357.390268][ T6228] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 357.399286][ T6228] batman_adv: batadv0: Interface deactivated: ipvlan2 [ 357.406157][ T6228] batman_adv: batadv0: Removing interface: ipvlan2 [ 357.416044][ T6228] veth1_macvtap: left promiscuous mode [ 357.421879][ T6228] veth0_macvtap: left promiscuous mode [ 357.588589][ T6228] team0 (unregistering): Port device team_slave_1 removed [ 357.600182][ T6228] team0 (unregistering): Port device team_slave_0 removed [ 357.980940][ T6228] IPVS: stop unused estimator thread 0... [ 358.102710][ T6228] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.162617][ T6228] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.201594][ T6228] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.244127][ T6228] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.537137][ T6228] bridge_slave_1: left allmulticast mode [ 358.542866][ T6228] bridge_slave_1: left promiscuous mode [ 358.548960][ T6228] bridge0: port 2(bridge_slave_1) entered disabled state [ 358.558284][ T6228] bridge_slave_0: left allmulticast mode [ 358.563986][ T6228] bridge_slave_0: left promiscuous mode [ 358.570031][ T6228] bridge0: port 1(bridge_slave_0) entered disabled state [ 358.579794][ T6228] vlan0: left allmulticast mode [ 358.584738][ T6228] dummy0: left allmulticast mode [ 358.590087][ T6228] vlan0: left promiscuous mode [ 358.594865][ T6228] dummy0: left promiscuous mode [ 358.601562][ T6228] bridge0: port 3(vlan0) entered disabled state [ 358.608993][ T6228] bridge_slave_1: left promiscuous mode [ 358.614806][ T6228] bridge0: port 2(bridge_slave_1) entered disabled state [ 358.623806][ T6228] bridge_slave_0: left allmulticast mode [ 358.629631][ T6228] bridge_slave_0: left promiscuous mode [ 358.635459][ T6228] bridge0: port 1(bridge_slave_0) entered disabled state [ 358.741957][ T6228] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 358.752533][ T6228] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 358.762689][ T6228] bond0 (unregistering): Released all slaves [ 358.967752][ T6228] batman_adv: batadv0: Removing interface: gretap1 [ 359.122483][ T6228] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 359.131912][ T6228] bond0 (unregistering): Released all slaves [ 359.140275][ T6228] bond1 (unregistering): Released all slaves [ 359.149670][ T6228] bond2 (unregistering): Released all slaves [ 359.455019][ T6228] hsr_slave_0: left promiscuous mode [ 359.461204][ T6228] hsr_slave_1: left promiscuous mode [ 359.467658][ T6228] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 359.475102][ T6228] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 359.483249][ T6228] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 359.490794][ T6228] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 359.501396][ T6228] hsr_slave_0: left promiscuous mode [ 359.507622][ T6228] hsr_slave_1: left promiscuous mode [ 359.513334][ T6228] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 359.520902][ T6228] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 359.528631][ T6228] batman_adv: batadv0: Removing interface: macsec2 [ 359.539348][ T6228] veth1_macvtap: left promiscuous mode [ 359.544920][ T6228] veth0_macvtap: left promiscuous mode [ 359.550821][ T6228] veth1_vlan: left promiscuous mode [ 359.558263][ T6228] veth0_vlan: left promiscuous mode [ 359.747986][ T6228] team0 (unregistering): Port device team_slave_1 removed [ 359.786992][ T6228] team0 (unregistering): Port device team_slave_0 removed [ 361.271694][ T6228] IPVS: stop unused estimator thread 0... [ 361.338213][ T6228] ------------[ cut here ]------------ [ 361.343748][ T6228] WARNING: CPU: 1 PID: 6228 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x289/0x310 [ 361.353553][ T6228] Modules linked in: [ 361.357531][ T6228] CPU: 1 UID: 0 PID: 6228 Comm: kworker/u8:33 Not tainted syzkaller #0 PREEMPT(full) [ 361.367099][ T6228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 361.377191][ T6228] Workqueue: netns cleanup_net [ 361.382054][ T6228] RIP: 0010:xfrm_state_fini+0x289/0x310 [ 361.387847][ T6228] Code: 87 f7 90 0f 0b 90 e9 e7 fe ff ff e8 11 f9 87 f7 90 0f 0b 90 e9 39 ff ff ff e8 03 f9 87 f7 90 0f 0b 90 eb 8a e8 f8 f8 87 f7 90 <0f> 0b 90 e9 d5 fd ff ff e8 ca 60 ee f7 e9 f8 fd ff ff e8 f0 60 ee [ 361.407673][ T6228] RSP: 0018:ffffc90004affaa0 EFLAGS: 00010293 [ 361.413789][ T6228] RAX: 0000000000000000 RBX: ffff88807b3e0000 RCX: fffff5200095ff25 [ 361.421838][ T6228] RDX: ffff88807c702440 RSI: ffffffff8a33a488 RDI: ffff88807c702884 [ 361.429862][ T6228] RBP: ffff88807b3e1480 R08: 0000000000000005 R09: 0000000000000000 [ 361.437932][ T6228] R10: 0000000000000000 R11: 0000000000002c10 R12: ffffc90004affbe8 [ 361.446033][ T6228] R13: dffffc0000000000 R14: fffffbfff20a86d8 R15: ffffffff905436a0 [ 361.454040][ T6228] FS: 0000000000000000(0000) GS:ffff8881247b2000(0000) knlGS:0000000000000000 [ 361.463120][ T6228] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 361.469881][ T6228] CR2: 000055cb1925d168 CR3: 000000000e380000 CR4: 00000000003526f0 [ 361.478096][ T6228] Call Trace: [ 361.481407][ T6228] [ 361.484456][ T6228] ? __pfx_xfrm_net_exit+0x10/0x10 [ 361.489771][ T6228] xfrm_net_exit+0x2d/0x70 [ 361.494244][ T6228] ops_undo_list+0x2ee/0xab0 [ 361.498896][ T6228] ? __pfx_ops_undo_list+0x10/0x10 [ 361.504057][ T6228] ? cleanup_net+0x334/0x890 [ 361.508806][ T6228] ? lock_release+0x201/0x2f0 [ 361.513575][ T6228] ? idr_destroy+0x62/0x2e0 [ 361.518247][ T6228] cleanup_net+0x408/0x890 [ 361.522678][ T6228] ? __pfx_cleanup_net+0x10/0x10 [ 361.527677][ T6228] ? lock_acquire+0x2cd/0x350 [ 361.532353][ T6228] ? rcu_is_watching+0x12/0xc0 [ 361.537213][ T6228] process_one_work+0x9cc/0x1b70 [ 361.542188][ T6228] ? __pfx_cleanup_net+0x10/0x10 [ 361.547232][ T6228] ? __pfx_process_one_work+0x10/0x10 [ 361.552614][ T6228] ? assign_work+0x1a0/0x250 [ 361.557310][ T6228] worker_thread+0x6c8/0xf10 [ 361.561973][ T6228] ? __pfx_worker_thread+0x10/0x10 [ 361.567172][ T6228] kthread+0x3c2/0x780 [ 361.571313][ T6228] ? __pfx_kthread+0x10/0x10 [ 361.575964][ T6228] ? rcu_is_watching+0x12/0xc0 [ 361.580733][ T6228] ? __pfx_kthread+0x10/0x10 [ 361.585530][ T6228] ret_from_fork+0x56a/0x730 [ 361.590160][ T6228] ? __pfx_kthread+0x10/0x10 [ 361.594771][ T6228] ret_from_fork_asm+0x1a/0x30 [ 361.599791][ T6228] [ 361.602844][ T6228] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 361.610125][ T6228] CPU: 1 UID: 0 PID: 6228 Comm: kworker/u8:33 Not tainted syzkaller #0 PREEMPT(full) [ 361.619672][ T6228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 361.629737][ T6228] Workqueue: netns cleanup_net [ 361.634555][ T6228] Call Trace: [ 361.637852][ T6228] [ 361.640789][ T6228] dump_stack_lvl+0x3d/0x1f0 [ 361.645423][ T6228] vpanic+0x6e8/0x7a0 [ 361.649513][ T6228] ? __pfx_vpanic+0x10/0x10 [ 361.654036][ T6228] ? xfrm_state_fini+0x289/0x310 [ 361.659002][ T6228] panic+0xca/0xd0 [ 361.662750][ T6228] ? __pfx_panic+0x10/0x10 [ 361.667167][ T6228] ? check_panic_on_warn+0x1f/0xb0 [ 361.672277][ T6228] check_panic_on_warn+0xab/0xb0 [ 361.677266][ T6228] __warn+0xf6/0x3c0 [ 361.681209][ T6228] ? xfrm_state_fini+0x289/0x310 [ 361.686167][ T6228] report_bug+0x3c3/0x580 [ 361.690504][ T6228] ? xfrm_state_fini+0x289/0x310 [ 361.695483][ T6228] handle_bug+0x184/0x210 [ 361.699829][ T6228] exc_invalid_op+0x17/0x50 [ 361.704449][ T6228] asm_exc_invalid_op+0x1a/0x20 [ 361.709335][ T6228] RIP: 0010:xfrm_state_fini+0x289/0x310 [ 361.714910][ T6228] Code: 87 f7 90 0f 0b 90 e9 e7 fe ff ff e8 11 f9 87 f7 90 0f 0b 90 e9 39 ff ff ff e8 03 f9 87 f7 90 0f 0b 90 eb 8a e8 f8 f8 87 f7 90 <0f> 0b 90 e9 d5 fd ff ff e8 ca 60 ee f7 e9 f8 fd ff ff e8 f0 60 ee [ 361.734566][ T6228] RSP: 0018:ffffc90004affaa0 EFLAGS: 00010293 [ 361.740693][ T6228] RAX: 0000000000000000 RBX: ffff88807b3e0000 RCX: fffff5200095ff25 [ 361.748674][ T6228] RDX: ffff88807c702440 RSI: ffffffff8a33a488 RDI: ffff88807c702884 [ 361.756718][ T6228] RBP: ffff88807b3e1480 R08: 0000000000000005 R09: 0000000000000000 [ 361.764716][ T6228] R10: 0000000000000000 R11: 0000000000002c10 R12: ffffc90004affbe8 [ 361.772697][ T6228] R13: dffffc0000000000 R14: fffffbfff20a86d8 R15: ffffffff905436a0 [ 361.780709][ T6228] ? xfrm_state_fini+0x288/0x310 [ 361.785689][ T6228] ? __pfx_xfrm_net_exit+0x10/0x10 [ 361.790820][ T6228] xfrm_net_exit+0x2d/0x70 [ 361.795266][ T6228] ops_undo_list+0x2ee/0xab0 [ 361.799890][ T6228] ? __pfx_ops_undo_list+0x10/0x10 [ 361.805029][ T6228] ? cleanup_net+0x334/0x890 [ 361.809641][ T6228] ? lock_release+0x201/0x2f0 [ 361.814352][ T6228] ? idr_destroy+0x62/0x2e0 [ 361.818915][ T6228] cleanup_net+0x408/0x890 [ 361.823365][ T6228] ? __pfx_cleanup_net+0x10/0x10 [ 361.828317][ T6228] ? lock_acquire+0x2cd/0x350 [ 361.833051][ T6228] ? rcu_is_watching+0x12/0xc0 [ 361.837855][ T6228] process_one_work+0x9cc/0x1b70 [ 361.842848][ T6228] ? __pfx_cleanup_net+0x10/0x10 [ 361.847834][ T6228] ? __pfx_process_one_work+0x10/0x10 [ 361.853212][ T6228] ? assign_work+0x1a0/0x250 [ 361.857811][ T6228] worker_thread+0x6c8/0xf10 [ 361.862467][ T6228] ? __pfx_worker_thread+0x10/0x10 [ 361.867587][ T6228] kthread+0x3c2/0x780 [ 361.871689][ T6228] ? __pfx_kthread+0x10/0x10 [ 361.876291][ T6228] ? rcu_is_watching+0x12/0xc0 [ 361.881102][ T6228] ? __pfx_kthread+0x10/0x10 [ 361.885694][ T6228] ret_from_fork+0x56a/0x730 [ 361.890280][ T6228] ? __pfx_kthread+0x10/0x10 [ 361.894883][ T6228] ret_from_fork_asm+0x1a/0x30 [ 361.899661][ T6228] [ 361.903221][ T6228] Kernel Offset: disabled [ 361.907613][ T6228] Rebooting in 86400 seconds..