last executing test programs: 1m37.679715374s ago: executing program 4 (id=3519): r0 = fsopen(&(0x7f00000007c0)='securityfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='async\x00', &(0x7f0000000040)='async\x00', 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 1m37.098994898s ago: executing program 4 (id=3520): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140), 0x4) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7) 1m36.734106005s ago: executing program 4 (id=3522): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f00000029c0)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r1}, 0x10) 1m35.543036451s ago: executing program 4 (id=3528): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x80, 0x2b}, {}, {0x0, 0x1}, 0x8000}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff010000000000000000000000000001e000000100000000000000000000000000000000000000000a00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e2ffffffffffffff000000000000000000000000000000000000000000000300000000000000000040"], 0xb8}}, 0x0) 1m35.103439679s ago: executing program 4 (id=3531): memfd_create(&(0x7f0000000000)='\xff\x00l\x1e\xa0,\xc1\x8d\\Rxt\'\xb6\xbf\xc8*\n\xaf\x1b\xec\xfd\xbbY\x99\xb3\x06c\xd6\xf6\xb0\xcd=\xf3\x03`\x93\xff\x05e\xaa$\x00\xeaw\xd9\x10\x0f\x1d\x888\x8cS\x12?R\x99\xda7\xce)\x8f\xcc\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd32J\xd7\x9f\xea:=\xcc\x17(|L\xda\xc3\x1ca\xe8s\xb6\xebw\xc7\xabS\xd7pJ\xd2\xa1\xcf\xae\x1f2\x9f\x98\xa80\r\x85\xb4\x86\xbc\xd0\xea\xbf\xb1Z\xb7e$\xcf<\ra\x9b\xa5\xdc\v\x1e\xfd\xc7\x91\xf22\xcf\x96\x99\xc1\xbb\xa1j\xe5\xa8\x7f\a\xa9\xa7G\xad\xa3\x8b\xf1\xdb\\]R\x8cf\xac1\xd7V\xaf\xb5\x8e\x10\x95\x9f=2\xd0-\xe1K:\xc3b\x89\x15OS\xa5\x98Ky\x12\xe7Qt#\xeb\x99\a\x10\x1c\xb3N\x85\xeb\x80\x05\x82_\x15\xdc\xbc\xf93\xdd\xf5g\x98\xd4\x8az\xe4`\xa5\x00\x00\x00\x00\xcd\x13\xfc+\xac\xe5\x8bI\f\xd6\x89\xc7HY\xcf\x00O\x88\xe6\x8b\x8bF/\x82u\xffCnG\x02\x82\xfc\xe9Od\x92\x06\xdeg@y\xa6=4\xb1}\xa8Yr\xad9\xb9b)\xec}\x87=\x91:IV\xab\xdf\xa2\xba+6D\x1fuf\xdeJYw$L\xa1\x83NH\xe3\xf2\x91\x8cW\xb7\b\x04\x12\x8b\x8bV\x19\xf1\r\xcb\x94\xa3\xf4\xe4\x97$\x99c\rG\xd7#\xe2\xfd\x80\xadR\x83\xdc\xb8d\x15|\xac\xb8g$\x0f@\xca3\x9f\xb1\xea\xc6vQ\x1b\xdb#\xa3\"\x9f\x9e\xd8\xba\x13d\x9bx\x9a\xbf\xee\xf2kQ\xe0\xc4/~7\xcd\xd1\x06\xe5\x17\x9b\bW|\xbc\x86D\x05\xaf<\xdfy,I2f\xa7G\xe3Qp<\'6 x\n\x94f\xf8\xa2\xea\xf4\xa5\x9eY\xf80C\x91\x7f\x16u\x8c(Xl\x90\xd2\x9f\xa9\xb9kJy[\x93\xfe{\xe5\x1a\xe9\xb7T\x19;\xb9\t\xe7\x0ei\xfaZ\xfbS:\x9b\xc1r\xcbM.\xf8\xb8wR\xb3p~b\xcb\v1-\a-\x8a#\xaa1\xa9\x9a\x88\a\xc5\xb9*\xd3?\xac\n\x9c\xcd\xe2\xc9\xbd\xeb\xb3\xf65\xbdaP\t\xd6\x06\x1c\xeeNg\x92>\x92>\xaf\b3\x05\xfdM\xd2F\v\xbd\xeb\x83 \x9d\x90S\x11w\xefg\\\xca\xe2\xfc~w\xbe\xefh#\x96\xa5h\xec\xbfr\xc8Bi\x90\"(\xf2\xc6\xcc\xfbX\x14{\x9e5\x87\x91\xe2\x9b\xd4\xc6\xc2whk+\x0f\x82\xca\xc1@\xcb~P\xe4\x18\xf9E\'\xab\xc7z\xd7\x05V{\xa1X\xa3\x10\x13.]tlz\x12\xde\xf2\xa43\xee#\x92J~\xda \x9b\xc4\xc0V\xb3\x9dCO\x1fu\x1c4\x1d\v}\x1b\xe5>w\xfbsm\xa3\fI|\x96-p\x86\xd3O\xfa\x9a\x8f\xb2\x8e\x88qGEG', 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000000)='(', 0x10, 0x0, &(0x7f0000000040)={0x11, 0xc, r2, 0x1, 0x0, 0x6, @dev}, 0x14) 1m34.699986007s ago: executing program 4 (id=3534): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4) recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x20000000, 0x4000000000003, 0x2, @thr={0x0, 0x0}}) 1m30.657608751s ago: executing program 0 (id=3555): openat$vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_clone(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) 1m29.703771621s ago: executing program 0 (id=3559): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_int(r0, 0x11a, 0x3, &(0x7f0000000100), 0x4) 1m28.553466563s ago: executing program 0 (id=3566): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80000) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000001480)=ANY=[], 0x14}}, 0x8000) sendmsg$NL80211_CMD_DISASSOCIATE(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[], 0x2c}}, 0x0) 1m27.910362527s ago: executing program 0 (id=3571): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x9c) 1m26.060203083s ago: executing program 0 (id=3580): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000) r1 = dup(r0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000380)={@my=0x0}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@host, 0xffffffff}, @any, 0xd, 0x6, 0x5}) 1m25.387838049s ago: executing program 0 (id=3583): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0xbf21, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) 56.341686526s ago: executing program 1 (id=3655): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)={0x30, r2, 0x11, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_AUTH_TYPE={0x8}]}, 0x30}}, 0x0) 55.571696954s ago: executing program 1 (id=3657): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r2}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000540)={r3, r1, 0x25, 0x0, @val=@kprobe_multi=@syms={0x0, 0x0, 0x0}}, 0x40) 55.047071997s ago: executing program 1 (id=3660): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000780)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x24, r1, 0x277f826df11ec41b, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x24}}, 0x0) 54.764410288s ago: executing program 1 (id=3663): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e25, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) write(r0, &(0x7f0000000200)="89", 0xffe3) 54.124221473s ago: executing program 1 (id=3665): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000400)=0x8, 0x4) bind$inet6(r0, &(0x7f0000f65000)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000002, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f0000000080)) 53.726711897s ago: executing program 1 (id=3668): unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @loopback}, {0x2, 0x0, @broadcast}}) 46.073919269s ago: executing program 3 (id=3681): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904", @ANYRES16], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000040)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000900)={0x44, &(0x7f0000000640)={0x0, 0x0, 0x2, "12d1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000100)={0x0, 0x0, 0xf, "24c8c8c5c8a9e40da8eb767e0a00cc"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 42.742895759s ago: executing program 3 (id=3687): r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) io_setup(0x7f, &(0x7f0000000100)=0x0) io_submit(r1, 0x1, &(0x7f0000000380)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 40.86161122s ago: executing program 3 (id=3691): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x7c, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x53, 0x33, @beacon={{{}, {}, @broadcast}, 0x0, @default, 0x0, @val, @val, @val={0x3, 0x1}, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x8000, 0x3, 0x1, 0x0, {0xffff, 0x10, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x1}, 0x8, 0x2, 0xd}}, @val={0x72, 0x6}, @void, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xa, 0xcd, [0x4, 0x340, 0x9]}]}, 0x7c}}, 0x88) 40.062741781s ago: executing program 3 (id=3693): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0xd8607c42, 0x0, 0x1}}, 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x20, 0x2}, {}, {}, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0) 39.264190442s ago: executing program 3 (id=3695): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz0\x00', 0x2}) ioctl$UI_DEV_CREATE(r0, 0x5501) syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 38.685486978s ago: executing program 3 (id=3698): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) r0 = socket(0xa, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x230, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200004c0], 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000050000000000000000000000000000feffffff01000000030000000000000081006e7230000000000000002000000000007465616d300000000000000000000020766c616e30000000000000004000000076657468305f746f5f7465616d000000aaaaaaf991bb000000000000aaaaaaaaaabb0000000000000000d0000000d000000000010000766c616e0069df4e5100000000000000000000079ba316000000000000000000080000000000000208000000892f0700636f6e6e6c6162656c000000000000000000e5ffffff00000000000020000000080000000000000000000000000000004e465154455545000000000000000000000000000000000000000000000000000800000000000000000800000000000400000000000000000000000080000000000000000000000001fcffffffffffff0000000001000000ffffffff000000000000000000000000000400000000efff000000000000000000000000000000000000000001000000feffffff010000000b00006b90088754ea234d6f6e6430000000000000000000000074489c4c2c0000000000000000000000626f6e64300000ff000000000000000076657468315f744d8abdc76964676500aaaaaaaaaabb0000000000e7feffffffffff00000008000000007000000070000000a0000000434f4e4e5345434d3c964de64039918d16289341524b0000000020827903000000000000000000000000000804000000"]}, 0x2a8) 3.315485358s ago: executing program 2 (id=3740): socket$kcm(0x10, 0x3, 0x10) socket$inet6(0xa, 0x3, 0xff) socket$inet(0x2, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0) 2.773022569s ago: executing program 2 (id=3741): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000006c0)={@val={0x1c, 0xf5}, @val, @mpls}, 0xe) 1.774109146s ago: executing program 2 (id=3742): connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) write$binfmt_aout(r0, &(0x7f0000000740)=ANY=[], 0xff2e) 389.849503ms ago: executing program 2 (id=3743): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) r1 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x6c}, 0x0, @in=@local, 0x0, 0x0, 0x0, 0x42}}, 0xe8) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) 209.794235ms ago: executing program 2 (id=3744): syz_open_procfs(0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f000000a200)='afs_cell\x00', r0}, 0x10) r1 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(,:', 0x0) 0s ago: executing program 2 (id=3745): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000080)=""/22, 0x16}}, 0x120) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) write$UHID_INPUT2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="0c000000a9"], 0xaf) io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): _r:sysadm_t tclass=ax25_socket permissive=1 [ 477.301200][ T1302] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 477.337573][ T1302] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 478.944173][ T29] audit: type=1400 audit(1724962861.108:617): avc: denied { ioctl } for pid=11691 comm="syz.2.2808" path="socket:[30703]" dev="sockfs" ino=30703 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 479.202160][T11699] netlink: 19 bytes leftover after parsing attributes in process `syz.4.2813'. [ 479.729774][T11714] netlink: 'syz.3.2818': attribute type 6 has an invalid length. [ 480.334755][ T29] audit: type=1326 audit(1724962862.498:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11703 comm="syz.1.2816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4901b79ef9 code=0x7fc00000 [ 480.581805][T11725] bridge: RTM_NEWNEIGH with unconfigured vlan 2 on bridge_slave_0 [ 480.863966][T11732] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2824'. [ 481.533287][T11746] IPVS: lblc: SCTP 172.20.20.187:0 - no destination available [ 482.094890][T11753] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 483.219041][ T5296] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 483.423421][ T5296] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 483.437888][ T5296] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.481252][ T5296] usb 2-1: config 0 descriptor?? [ 483.521462][ T5296] cp210x 2-1:0.0: cp210x converter detected [ 483.978244][ T5296] usb 2-1: cp210x converter now attached to ttyUSB0 [ 484.494873][ T5330] usb 2-1: USB disconnect, device number 34 [ 484.542285][ T5330] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 484.703863][T11796] sch_tbf: peakrate 6 is lower than or equals to rate 37092 ! [ 484.809353][ T5330] cp210x 2-1:0.0: device disconnected [ 485.069789][ T29] audit: type=1400 audit(1724962867.228:619): avc: denied { bind } for pid=11802 comm="syz.4.2854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 485.265064][ T5280] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 485.474814][ T5280] usb 1-1: config 0 has an invalid interface number: 20 but max is 0 [ 485.483251][ T5280] usb 1-1: config 0 has no interface number 0 [ 485.552323][ T5280] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 485.620640][ T5280] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 485.723589][T11814] netlink: 'syz.1.2860': attribute type 29 has an invalid length. [ 485.725046][ T5280] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.760610][ T5280] usb 1-1: Product: syz [ 485.764942][ T5280] usb 1-1: Manufacturer: syz [ 485.774253][ T5280] usb 1-1: SerialNumber: syz [ 485.803507][ T5280] usb 1-1: config 0 descriptor?? [ 485.815642][T11799] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 485.824921][ T5280] usb-storage 1-1:0.20: USB Mass Storage device detected [ 485.850572][T11814] netlink: 'syz.1.2860': attribute type 29 has an invalid length. [ 485.942510][ T5280] usb-storage 1-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 486.270135][ T5280] scsi host1: usb-storage 1-1:0.20 [ 486.370683][ T5280] usb 1-1: USB disconnect, device number 21 [ 486.974356][T11830] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2866'. [ 486.983422][T11830] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2866'. [ 487.103659][T11830] ipvlan2: entered allmulticast mode [ 487.133813][T11830] veth0_vlan: entered allmulticast mode [ 487.140466][ T29] audit: type=1400 audit(1724962869.308:620): avc: denied { setopt } for pid=11831 comm="syz.2.2865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 487.764105][T11844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2872'. [ 488.178951][ T5266] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 488.494682][ T5266] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 488.533683][ T5266] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.651214][ T5266] usb 4-1: config 0 descriptor?? [ 488.752336][ T5266] cp210x 4-1:0.0: cp210x converter detected [ 488.820618][T11865] team0: entered promiscuous mode [ 488.875157][T11865] team_slave_0: entered promiscuous mode [ 488.902909][T11865] team_slave_1: entered promiscuous mode [ 488.939385][T11864] team0: left promiscuous mode [ 488.944287][T11864] team_slave_0: left promiscuous mode [ 488.972051][T11867] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2883'. [ 488.972823][T11864] team_slave_1: left promiscuous mode [ 489.203518][ T5266] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 489.283809][ T5266] usb 4-1: cp210x converter now attached to ttyUSB0 [ 489.649141][ T5296] usb 4-1: USB disconnect, device number 28 [ 489.682246][ T5296] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 489.798750][ T5296] cp210x 4-1:0.0: device disconnected [ 489.927887][ T5229] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 490.383380][ T29] audit: type=1326 audit(1724962872.548:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.4.2894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e7cf79ef9 code=0x7ffc0000 [ 490.484918][ T29] audit: type=1326 audit(1724962872.548:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.4.2894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e7cf79ef9 code=0x7ffc0000 [ 490.560652][ T29] audit: type=1326 audit(1724962872.588:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.4.2894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f8e7cf79ef9 code=0x7ffc0000 [ 490.674797][ T29] audit: type=1326 audit(1724962872.588:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.4.2894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e7cf79ef9 code=0x7ffc0000 [ 490.707999][ T5330] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 490.720300][ T29] audit: type=1326 audit(1724962872.588:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.4.2894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8e7cf78890 code=0x7ffc0000 [ 490.754948][ T29] audit: type=1326 audit(1724962872.588:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.4.2894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8e7cf79afb code=0x7ffc0000 [ 490.804007][ T29] audit: type=1326 audit(1724962872.588:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.4.2894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8e7cf79afb code=0x7ffc0000 [ 490.804077][ T29] audit: type=1326 audit(1724962872.588:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.4.2894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8e7cf79afb code=0x7ffc0000 [ 490.804139][ T29] audit: type=1326 audit(1724962872.588:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.4.2894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8e7cf79afb code=0x7ffc0000 [ 490.804201][ T29] audit: type=1326 audit(1724962872.718:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.4.2894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8e7cf79afb code=0x7ffc0000 [ 490.919631][ T5330] usb 5-1: Using ep0 maxpacket: 32 [ 490.984001][ T5330] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 490.984048][ T5330] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 490.984100][ T5330] usb 5-1: New USB device found, idVendor=1e71, idProduct=200f, bcdDevice= 0.00 [ 490.984134][ T5330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.997060][ T5330] usb 5-1: config 0 descriptor?? [ 491.335187][ T5330] usbhid 5-1:0.0: can't add hid device: -71 [ 491.341292][ T5330] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 491.433292][ T5330] usb 5-1: USB disconnect, device number 26 [ 491.614123][T11908] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.719285][ T5330] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 492.925175][ T5330] usb 5-1: Using ep0 maxpacket: 8 [ 492.940858][ T5330] usb 5-1: New USB device found, idVendor=052b, idProduct=1803, bcdDevice=28.77 [ 492.997584][ T5330] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.052443][ T5330] usb 5-1: Product: syz [ 493.082899][ T5330] usb 5-1: Manufacturer: syz [ 493.093042][ T5330] usb 5-1: SerialNumber: syz [ 493.141314][ T5330] usb 5-1: config 0 descriptor?? [ 493.184862][ T5330] gspca_main: sunplus-2.14.0 probing 052b:1803 [ 493.482976][ T5330] gspca_sunplus: reg_r err -71 [ 493.520574][ T5330] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 493.639987][ T5330] usb 5-1: USB disconnect, device number 27 [ 495.760091][T11987] ebtables: ebtables: counters copy to user failed while replacing table [ 495.970628][T11995] syz.1.2938: attempt to access beyond end of device [ 495.970628][T11995] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 496.040261][T11997] netlink: 14601 bytes leftover after parsing attributes in process `syz.0.2941'. [ 496.048514][T11995] FAT-fs (loop3): unable to read boot sector [ 496.941177][ T5330] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 497.138610][ T5330] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 497.201712][ T5330] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 497.230909][ T5330] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.260674][ T5330] usb 1-1: Product: syz [ 497.324630][ T5330] usb 1-1: Manufacturer: syz [ 497.350398][ T5330] usb 1-1: SerialNumber: syz [ 497.400988][ T5330] usb 1-1: config 0 descriptor?? [ 497.571692][T12018] veth0_vlan: entered allmulticast mode [ 497.738115][ T5330] usb 1-1: USB disconnect, device number 22 [ 498.063254][T12019] veth0_vlan: left promiscuous mode [ 498.092086][T12019] veth0_vlan: entered promiscuous mode [ 499.398325][ T46] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 499.609717][ T46] usb 3-1: Using ep0 maxpacket: 16 [ 499.623047][ T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 499.650331][ T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 499.701539][ T46] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 499.748363][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 499.781385][ T46] usb 3-1: config 0 descriptor?? [ 500.341745][ T46] corsair 0003:1B1C:1B02.003C: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.2-1/input0 [ 500.404374][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 500.404393][ T29] audit: type=1400 audit(1724962882.568:655): avc: denied { watch } for pid=12076 comm="syz.0.2974" path="/585" dev="tmpfs" ino=2976 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 500.534685][ T46] corsair 0003:1B1C:1B02.003C: Failed to get K90 initial state (error -71). [ 500.622089][ T46] usb 3-1: USB disconnect, device number 30 [ 501.040508][T12093] bridge: RTM_NEWNEIGH with invalid ether address [ 501.753226][ T29] audit: type=1400 audit(1724962883.918:656): avc: denied { ioctl } for pid=12105 comm="syz.1.2988" path="socket:[33399]" dev="sockfs" ino=33399 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 501.954092][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.233679][T12120] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2993'. [ 503.312866][T12147] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3007'. [ 503.388092][T12147] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 503.446740][ T29] audit: type=1400 audit(1724962885.618:657): avc: denied { append } for pid=12148 comm="syz.3.3010" name="event3" dev="devtmpfs" ino=841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 504.847229][ T5330] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 505.037914][ T5330] usb 4-1: Using ep0 maxpacket: 8 [ 505.050703][ T5330] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 505.080272][ T5330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.100848][ T5282] usb 2-1: new full-speed USB device number 35 using dummy_hcd [ 505.123966][ T29] audit: type=1326 audit(1724962887.288:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12189 comm="syz.4.3028" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8e7cf79ef9 code=0x0 [ 505.131898][ T5330] usb 4-1: config 0 descriptor?? [ 505.324162][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 505.363194][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 505.430118][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 505.461426][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 505.501303][ T5282] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 505.542542][ T5282] usb 2-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 505.566566][ T5282] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.596457][ T5282] usb 2-1: config 0 descriptor?? [ 506.052568][ T5330] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 506.067501][ T5330] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 506.132679][ T5330] asix 4-1:0.0: probe with driver asix failed with error -71 [ 506.157109][ T5330] usb 4-1: USB disconnect, device number 29 [ 506.173679][ T5282] ntrig 0003:1B96:000A.003D: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.1-1/input0 [ 506.350801][ T5282] usb 2-1: USB disconnect, device number 35 [ 506.512901][ T29] audit: type=1400 audit(1724962888.678:659): avc: denied { watch_reads } for pid=12208 comm="syz.4.3035" path="/49/file0" dev="tmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 507.600200][ T5282] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 507.619202][ T5280] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 507.900725][ T5280] usb 4-1: Using ep0 maxpacket: 32 [ 507.934704][ T5280] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 507.977629][ T5282] usb 3-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08 [ 508.005302][ T5282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.014163][ T5282] usb 3-1: Product: syz [ 508.046219][ T5280] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 508.077682][ T5282] usb 3-1: Manufacturer: syz [ 508.082322][ T5282] usb 3-1: SerialNumber: syz [ 508.111767][ T5280] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.169309][ T5280] usb 4-1: Product: syz [ 508.174685][ T5282] usb 3-1: config 0 descriptor?? [ 508.195265][ T5280] usb 4-1: Manufacturer: syz [ 508.199899][ T5280] usb 4-1: SerialNumber: syz [ 508.228304][ T5280] usb 4-1: config 0 descriptor?? [ 508.242105][T12222] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 508.272095][ T5280] hub 4-1:0.0: bad descriptor, ignoring hub [ 508.299459][ T5282] gm12u320 3-1:0.0: [drm:gm12u320_misc_request.constprop.0] *ERROR* Misc. req. error -22 [ 508.324166][ T5280] hub 4-1:0.0: probe with driver hub failed with error -5 [ 508.341256][ T5280] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input30 [ 508.361127][ T5282] gm12u320 3-1:0.0: probe with driver gm12u320 failed with error -5 [ 508.390896][T12238] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3049'. [ 508.443035][ T5282] usb-storage 3-1:0.0: USB Mass Storage device detected [ 509.167507][ T5266] usb 4-1: USB disconnect, device number 30 [ 509.167595][ C0] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 509.262845][ T5282] usb-storage 3-1:0.0: device ignored [ 509.582415][ T5282] usb 3-1: USB disconnect, device number 31 [ 510.326691][ T5266] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 510.491573][T12275] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3065'. [ 510.546062][ T5266] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 510.564028][ T5266] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 510.635197][ T5266] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 510.654534][ T5266] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.760113][ T5266] usb 2-1: config 0 descriptor?? [ 511.114302][ T5266] usbhid 2-1:0.0: can't add hid device: -71 [ 511.163164][ T5266] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 511.224043][ T5266] usb 2-1: USB disconnect, device number 36 [ 511.549313][ T5330] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 511.770234][ T5330] usb 3-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 511.797136][ T5330] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.830317][ T5330] usb 3-1: config 0 descriptor?? [ 512.417478][T12310] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 512.418143][ T5296] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 512.440889][ T5330] hid-u2fzero 0003:10C4:8ACF.003E: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.2-1/input0 [ 512.502018][ T5330] hid-u2fzero 0003:10C4:8ACF.003E: U2F Zero LED initialised [ 512.559250][ T5330] hid-u2fzero 0003:10C4:8ACF.003E: U2F Zero RNG initialised [ 512.564474][T12286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 512.645066][T12286] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 512.708968][ T5296] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 512.724481][ T5296] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 512.815048][ T5296] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 512.854267][ T5296] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 512.965487][T12306] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 513.054129][ T5296] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 513.207365][ T5282] usb 3-1: USB disconnect, device number 32 [ 513.368463][ T29] audit: type=1400 audit(1724962895.538:660): avc: denied { listen } for pid=12321 comm="syz.4.3085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 513.476070][ T5296] usb 1-1: USB disconnect, device number 23 [ 513.952365][ T29] audit: type=1400 audit(1724962896.108:661): avc: denied { map } for pid=12328 comm="syz.4.3088" path="/dev/fb0" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 513.975878][ C0] vkms_vblank_simulate: vblank timer overrun [ 514.254636][ T5282] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 514.489184][ T5282] usb 4-1: Using ep0 maxpacket: 32 [ 514.544354][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 514.571419][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 514.585714][ T29] audit: type=1400 audit(1724962896.748:662): avc: denied { connect } for pid=12339 comm="syz.0.3092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 514.669880][ T5282] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 514.703571][ T5282] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.789611][ T5282] usb 4-1: config 0 descriptor?? [ 515.262607][ T5282] lua 0003:1E7D:2C2E.003F: global environment stack underflow [ 515.272064][ T5296] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 515.376512][ T5282] lua 0003:1E7D:2C2E.003F: item 0 0 1 11 parsing failed [ 515.384472][ T5282] lua 0003:1E7D:2C2E.003F: parse failed [ 515.441430][ T5282] lua 0003:1E7D:2C2E.003F: probe with driver lua failed with error -22 [ 515.451601][ T5296] usb 5-1: Using ep0 maxpacket: 32 [ 515.454116][ T5296] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 515.472985][ T5282] usb 4-1: USB disconnect, device number 31 [ 515.526893][ T5296] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 515.594748][ T5296] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 515.711937][ T5296] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.771005][ T5296] usb 5-1: config 0 descriptor?? [ 515.824735][ T5296] hub 5-1:0.0: USB hub found [ 516.112485][ T5296] hub 5-1:0.0: config failed, can't read hub descriptor (err -90) [ 516.414330][T12371] tap0: tun_chr_ioctl cmd 1074025678 [ 516.474752][T12371] tap0: group set to 0 [ 516.573445][ T5296] hid-generic 0003:046D:C31C.0040: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.4-1/input0 [ 517.260832][ T9] usb 5-1: USB disconnect, device number 28 [ 517.743102][T12401] ptrace attach of "./syz-executor exec"[5233] was attempted by "./syz-executor exec"[12401] [ 517.871114][ T5266] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 518.080757][ T5266] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 518.135212][ T5266] usb 1-1: config 0 has no interface number 0 [ 518.168941][ T5266] usb 1-1: New USB device found, idVendor=19d2, idProduct=0139, bcdDevice=c4.7f [ 518.194464][ T5266] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.253164][ T5266] usb 1-1: Product: syz [ 518.268594][ T5266] usb 1-1: Manufacturer: syz [ 518.273319][ T5266] usb 1-1: SerialNumber: syz [ 518.314133][ T5266] usb 1-1: config 0 descriptor?? [ 518.353426][ T5266] option 1-1:0.255: GSM modem (1-port) converter detected [ 519.054428][ T5266] usb 1-1: USB disconnect, device number 24 [ 519.079492][ T5266] option 1-1:0.255: device disconnected [ 519.874167][T12442] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3140'. [ 519.934214][T12444] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 0, id = 0 [ 519.973335][ T29] audit: type=1400 audit(1724962902.138:663): avc: denied { override_creds } for pid=12443 comm="syz.4.3143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 520.045124][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 520.060707][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 520.131318][T12449] netlink: 'syz.1.3141': attribute type 3 has an invalid length. [ 520.325999][T12451] loop7: detected capacity change from 0 to 1 [ 520.388759][T12451] Dev loop7: unable to read RDB block 1 [ 520.395418][T12451] loop7: unable to read partition table [ 520.401324][T12451] loop7: partition table beyond EOD, truncated [ 520.419119][T12451] loop_reread_partitions: partition scan of loop7 (SaEǷ>#|J_diV3Q~d!=U5hcs-3hгJHv>l,) failed (rc=-5) [ 520.436365][ T5266] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 520.646432][ T5266] usb 1-1: Using ep0 maxpacket: 16 [ 520.683151][ T5266] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 520.801161][ T5266] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 520.840977][ T5266] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.880848][ T5266] usb 1-1: Product: syz [ 520.888277][ T5266] usb 1-1: Manufacturer: syz [ 520.983071][ T5266] usb 1-1: SerialNumber: syz [ 521.037693][ T5266] usb 1-1: config 0 descriptor?? [ 521.091730][T12463] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3149'. [ 521.121300][ T5266] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input31 [ 521.399337][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 521.580729][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 521.762142][ T9] usb 1-1: USB disconnect, device number 25 [ 521.904829][T12471] mac80211_hwsim hwsim19 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 522.667513][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 522.873379][T12484] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3159'. [ 523.070776][T12487] 9p: Unknown access argument 18446744073709551615: -34 [ 523.534708][ T29] audit: type=1400 audit(1724962905.698:664): avc: denied { getopt } for pid=12494 comm="syz.3.3164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 523.703860][ T29] audit: type=1400 audit(1724962905.868:665): avc: denied { read } for pid=12498 comm="syz.0.3166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 524.383993][ T11] wlan1: Trigger new scan to find an IBSS to join [ 524.454054][ T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 524.691242][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 524.701729][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 524.758185][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 524.798215][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 524.822092][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 524.851172][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 524.863027][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.152810][ T9] usb 1-1: GET_CAPABILITIES returned 0 [ 525.165288][ T9] usbtmc 1-1:16.0: can't read capabilities [ 525.284394][ T5282] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 525.494819][ T5282] usb 4-1: Using ep0 maxpacket: 16 [ 525.501385][ T5266] usb 1-1: USB disconnect, device number 26 [ 525.631022][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 525.673149][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 525.774316][ T5282] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 525.824461][ T5282] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 525.874854][ T5282] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.966901][ T5282] usb 4-1: config 0 descriptor?? [ 526.062375][ T29] audit: type=1400 audit(1724962908.228:666): avc: denied { relabelfrom } for pid=12534 comm="syz.2.3179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 526.116272][ T29] audit: type=1400 audit(1724962908.228:667): avc: denied { relabelto } for pid=12534 comm="syz.2.3179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 526.339589][ T5280] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 526.472098][ T5282] microsoft 0003:045E:07DA.0041: item 0 4 0 8 parsing failed [ 526.563232][ T5282] microsoft 0003:045E:07DA.0041: parse failed [ 526.589695][ T5280] usb 5-1: Using ep0 maxpacket: 16 [ 526.603072][ T5282] microsoft 0003:045E:07DA.0041: probe with driver microsoft failed with error -22 [ 526.630949][ T5280] usb 5-1: config 0 has an invalid interface number: 214 but max is 0 [ 526.641472][ T5280] usb 5-1: config 0 has no interface number 0 [ 526.691912][ T5280] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 526.733131][ T5282] usb 4-1: USB disconnect, device number 32 [ 526.733334][ T5280] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 526.769830][ T5280] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.798358][ T5280] usb 5-1: Product: syz [ 526.803326][ T5280] usb 5-1: Manufacturer: syz [ 526.829539][ T5280] usb 5-1: SerialNumber: syz [ 526.854456][ T5280] usb 5-1: config 0 descriptor?? [ 527.165367][T12553] kernel read not supported for file /!selinuxselinux (pid: 12553 comm: syz.1.3189) [ 527.201484][ T29] audit: type=1800 audit(1724962909.348:668): pid=12553 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.3189" name="!selinuxselinux" dev="mqueue" ino=35185 res=0 errno=0 [ 527.368096][T12557] atomic_op ffff88807de9d998 conn xmit_atomic 0000000000000000 [ 527.397179][ T52] wlan1: Trigger new scan to find an IBSS to join [ 527.516350][ T29] audit: type=1326 audit(1724962909.688:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12558 comm="syz.0.3192" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5e40d79ef9 code=0x0 [ 527.652641][ T5280] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.214/input/input32 [ 527.920629][T12022] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 527.962731][ T5266] usb 5-1: USB disconnect, device number 29 [ 528.164922][T12022] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 528.204929][T12022] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.224551][T12022] usb 3-1: Product: syz [ 528.252073][T12022] usb 3-1: Manufacturer: syz [ 528.262678][T12022] usb 3-1: SerialNumber: syz [ 528.292416][T12022] usb 3-1: config 0 descriptor?? [ 528.308294][T12022] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 033 [ 528.595936][T12022] (null): failure setting delay to 10us [ 528.601683][T12022] i2c-tiny-usb 3-1:0.0: probe with driver i2c-tiny-usb failed with error -5 [ 528.744163][T12022] usb 3-1: USB disconnect, device number 33 [ 529.113088][ T29] audit: type=1400 audit(1724962911.278:670): avc: denied { bind } for pid=12576 comm="syz.0.3200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 530.274593][ T9] kernel write not supported for file /vcsa1 (pid: 9 comm: kworker/0:1) [ 530.354698][ T1302] wlan1: Creating new IBSS network, BSSID ba:fc:d6:80:82:e8 [ 531.496515][T12619] syz_tun: entered promiscuous mode [ 533.266520][ T29] audit: type=1400 audit(1724962915.428:671): avc: denied { bind } for pid=12639 comm="syz.1.3227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 533.426505][ T9] usb 3-1: new low-speed USB device number 34 using dummy_hcd [ 533.578006][T12626] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3222'. [ 533.647473][ T9] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 533.679505][ T9] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 533.693263][T12626] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 533.708213][ T9] usb 3-1: config 0 has no interface number 0 [ 533.714536][ T9] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 533.783017][ T29] audit: type=1400 audit(1724962915.948:672): avc: denied { read write } for pid=12645 comm="syz.1.3229" name="nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 533.881757][ T29] audit: type=1400 audit(1724962915.948:673): avc: denied { open } for pid=12645 comm="syz.1.3229" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 533.885020][ T9] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 533.974231][T12646] Trying to write to read-only block-device nullb0 [ 533.991757][ T29] audit: type=1400 audit(1724962915.958:674): avc: denied { map } for pid=12645 comm="syz.1.3229" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 533.991829][ T29] audit: type=1400 audit(1724962915.958:675): avc: denied { execute } for pid=12645 comm="syz.1.3229" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 533.991898][ T29] audit: type=1400 audit(1724962916.018:676): avc: denied { ioctl } for pid=12645 comm="syz.1.3229" path="/dev/nullb0" dev="devtmpfs" ino=682 ioctlcmd=0x125d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 534.095738][ C0] vkms_vblank_simulate: vblank timer overrun [ 534.155902][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.285666][ T9] usb 3-1: config 0 descriptor?? [ 534.313854][T12638] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 534.933518][T12649] netlink: 288 bytes leftover after parsing attributes in process `syz.0.3231'. [ 534.971294][T12651] netlink: 288 bytes leftover after parsing attributes in process `syz.0.3231'. [ 535.152842][ T9] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.21/input/input33 [ 539.780939][T12682] overlayfs: conflicting options: metacopy=off,verity=on [ 539.863140][T12684] debugfs: Bad value for 'uid' [ 539.874743][ T29] audit: type=1400 audit(1724962922.028:677): avc: denied { connect } for pid=12679 comm="syz.4.3244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 539.888096][ T9] usb 3-1: USB disconnect, device number 34 [ 539.894237][ C0] keyspan_remote 3-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19 [ 539.963926][T12684] debugfs: Bad value for 'uid' [ 540.401852][ T5234] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 540.427424][ T5234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 540.440445][ T29] audit: type=1400 audit(1724962922.608:678): avc: denied { module_request } for pid=12688 comm="syz.2.3245" kmod="netdev-pim6reg1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 540.440863][ T5234] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 540.482912][ T5234] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 540.502527][ T5234] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 540.512245][ T5234] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 540.870081][ T9] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 541.104340][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 541.125087][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 541.200111][ T9] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 541.290604][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.358516][ T9] usb 1-1: config 0 descriptor?? [ 541.736534][ T9] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 542.092586][ T29] audit: type=1400 audit(1724962924.248:679): avc: denied { listen } for pid=12709 comm="syz.1.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 542.146370][ T29] audit: type=1400 audit(1724962924.298:680): avc: denied { accept } for pid=12709 comm="syz.1.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 542.592739][ T5234] Bluetooth: hci0: command tx timeout [ 542.614903][ T5330] usb 1-1: USB disconnect, device number 27 [ 542.681354][ T5330] iowarrior 1-1:0.0: I/O-Warror #0 now disconnected [ 543.201437][T12687] chnl_net:caif_netlink_parms(): no params data found [ 544.196865][T12687] bridge0: port 1(bridge_slave_0) entered blocking state [ 544.204142][T12687] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.246361][ T5266] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 544.331549][T12687] bridge_slave_0: entered allmulticast mode [ 544.403800][T12687] bridge_slave_0: entered promiscuous mode [ 544.472067][ T5266] usb 1-1: Using ep0 maxpacket: 32 [ 544.476873][T12687] bridge0: port 2(bridge_slave_1) entered blocking state [ 544.484559][T12687] bridge0: port 2(bridge_slave_1) entered disabled state [ 544.490789][ T5266] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 544.541545][T12687] bridge_slave_1: entered allmulticast mode [ 544.558798][ T5266] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.566840][T12687] bridge_slave_1: entered promiscuous mode [ 544.648919][ T5266] usb 1-1: Product: syz [ 544.661811][ T5266] usb 1-1: Manufacturer: syz [ 544.671591][ T5234] Bluetooth: hci0: command tx timeout [ 544.699788][ T5266] usb 1-1: SerialNumber: syz [ 544.721161][ T5266] usb 1-1: config 0 descriptor?? [ 545.061819][T12687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 545.203561][T12687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 545.358689][ T29] audit: type=1400 audit(1724962927.528:681): avc: denied { mounton } for pid=12750 comm="syz.1.3265" path="/724/file0" dev="configfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 545.431581][T12747] pim6reg1: entered promiscuous mode [ 545.474058][T12747] pim6reg1: entered allmulticast mode [ 545.724258][ T5266] rtl8150 1-1:0.0: eth1: rtl8150 is detected [ 545.763409][ T5266] usb 1-1: USB disconnect, device number 28 [ 546.043115][T12687] team0: Port device team_slave_0 added [ 546.223290][T12687] team0: Port device team_slave_1 added [ 546.713293][T12763] netlink: 198180 bytes leftover after parsing attributes in process `syz.4.3270'. [ 546.721942][T12687] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 546.751885][ T5234] Bluetooth: hci0: command tx timeout [ 546.796922][T12687] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 546.822895][ C1] vkms_vblank_simulate: vblank timer overrun [ 546.868727][T12768] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 546.907197][T12687] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 546.937276][T12687] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 546.944276][T12687] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 546.993179][T12687] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 547.200451][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.208873][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.232889][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.242417][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.280118][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.343196][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.369536][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.413633][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.470604][T12687] hsr_slave_0: entered promiscuous mode [ 547.477816][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.506507][ T5266] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 547.549838][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.589182][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.590688][T12687] hsr_slave_1: entered promiscuous mode [ 547.623567][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.648940][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.658078][T12687] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 547.662955][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.691182][T12687] Cannot create hsr debugfs directory [ 547.744050][ T5266] usb 1-1: config 0 has no interfaces? [ 547.750998][ T5266] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 547.763451][T12777] netlink: 'syz.4.3276': attribute type 4 has an invalid length. [ 547.806406][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.814233][ T5266] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.871753][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.909013][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 547.969368][ T5266] usb 1-1: config 0 descriptor?? [ 547.992855][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 548.050265][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 548.077475][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 548.092747][ T5296] hid-generic 0000:1000000:0000.0042: unknown main item tag 0x0 [ 548.143661][ T5296] hid-generic 0000:1000000:0000.0042: hidraw0: HID v0.00 Device [syz0] on syz1 [ 548.672470][ T5266] usb 1-1: USB disconnect, device number 29 [ 548.828532][ T5234] Bluetooth: hci0: command tx timeout [ 548.834252][ T29] audit: type=1400 audit(1724962930.988:682): avc: denied { write } for pid=12789 comm="syz.2.3281" name="file0" dev="tmpfs" ino=980 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 548.856707][ C1] vkms_vblank_simulate: vblank timer overrun [ 549.468896][T12687] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.623765][T12797] mkiss: ax0: crc mode is auto. [ 549.753818][T12801] Bluetooth: MGMT ver 1.23 [ 549.794695][T12801] Bluetooth: hci3: too big key_count value 40847 [ 550.039877][T12804] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 550.078816][T12687] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.578264][T12687] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.028274][T12687] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.954224][T12830] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3296'. [ 552.271316][T12687] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 552.342819][T12687] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 552.392463][T12687] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 552.513225][T12687] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 552.764520][ T29] audit: type=1400 audit(1724962934.888:683): avc: denied { getopt } for pid=12833 comm="syz.4.3298" lport=40150 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 552.804031][T12837] pim6reg9: entered allmulticast mode [ 553.170584][T12687] 8021q: adding VLAN 0 to HW filter on device bond0 [ 553.317537][T12687] 8021q: adding VLAN 0 to HW filter on device team0 [ 553.373917][ T1302] bridge0: port 1(bridge_slave_0) entered blocking state [ 553.381265][ T1302] bridge0: port 1(bridge_slave_0) entered forwarding state [ 553.408993][ T5282] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 553.473277][T11484] bridge0: port 2(bridge_slave_1) entered blocking state [ 553.480515][T11484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 553.618592][ T5282] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 553.722481][ T5282] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.808837][ T5282] usb 3-1: config 0 descriptor?? [ 553.817273][ T5282] cp210x 3-1:0.0: cp210x converter detected [ 554.318531][ T5282] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 554.486674][ T5282] usb 3-1: cp210x converter now attached to ttyUSB0 [ 554.762534][ T29] audit: type=1400 audit(1724962936.928:684): avc: denied { create } for pid=12855 comm="syz.1.3308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 554.945266][ T5296] usb 3-1: USB disconnect, device number 35 [ 554.985549][ T5296] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 555.008888][ T29] audit: type=1400 audit(1724962936.928:685): avc: denied { sys_admin } for pid=12855 comm="syz.1.3308" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 555.135571][ T5296] cp210x 3-1:0.0: device disconnected [ 555.165217][ T29] audit: type=1400 audit(1724962937.168:686): avc: denied { append } for pid=12860 comm="syz.0.3310" name="sg0" dev="devtmpfs" ino=698 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 556.151981][T12687] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 556.852088][T12687] veth0_vlan: entered promiscuous mode [ 557.098499][T12687] veth1_vlan: entered promiscuous mode [ 557.251491][T12687] veth0_macvtap: entered promiscuous mode [ 557.357317][T12687] veth1_macvtap: entered promiscuous mode [ 557.513409][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.580551][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.621900][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.661159][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.722494][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.752355][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.769038][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.799888][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.825976][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.855422][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.886586][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 557.903926][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.939254][T12687] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 558.117527][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.147513][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.174069][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.186227][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.219046][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.250156][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.280680][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.308559][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.324122][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.358074][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.384071][T12687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.394717][T12687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.424533][T12687] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 558.462825][T11484] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 558.924144][T12687] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.999213][T12687] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.021620][ T5282] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 559.041266][T12687] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.131546][T12687] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.267037][ T5282] usb 5-1: Using ep0 maxpacket: 8 [ 559.294726][ T5282] usb 5-1: config 0 has no interfaces? [ 559.302162][ T5282] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 559.384510][ T5282] usb 5-1: New USB device strings: Mfr=8, Product=0, SerialNumber=0 [ 559.460329][ T5282] usb 5-1: Manufacturer: syz [ 559.547762][ T5282] usb 5-1: config 0 descriptor?? [ 559.965884][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 559.973841][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 560.174627][ T8] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 560.278504][ T5330] usb 5-1: USB disconnect, device number 30 [ 560.404023][ T8] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 560.442180][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 560.476621][ T8] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 560.509415][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 560.533833][ T8] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 560.558061][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.703758][T12915] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 560.763380][ T8] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 561.593695][ T8] usb 3-1: USB disconnect, device number 36 [ 562.206858][T12930] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3333'. [ 562.274328][T12930] netlink: 'syz.1.3333': attribute type 1 has an invalid length. [ 563.238107][T12944] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 563.391162][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.532727][T12984] netlink: 92484 bytes leftover after parsing attributes in process `syz.0.3355'. [ 565.545436][T12984] netlink: zone id is out of range [ 565.550578][T12984] netlink: zone id is out of range [ 565.749110][T12984] netlink: zone id is out of range [ 565.754274][T12984] netlink: zone id is out of range [ 565.854066][T12984] netlink: zone id is out of range [ 565.890003][T12984] netlink: zone id is out of range [ 566.016712][T12984] netlink: zone id is out of range [ 566.024254][T12984] netlink: zone id is out of range [ 566.063383][T12984] netlink: zone id is out of range [ 566.149517][T12984] netlink: zone id is out of range [ 566.630465][T13000] input: syz0 as /devices/virtual/input/input34 [ 569.579341][T13042] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 570.000280][ T29] audit: type=1400 audit(1724962952.168:687): avc: denied { getopt } for pid=13045 comm="syz.3.3378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 570.593315][ T5229] Bluetooth: hci6: command 0x0406 tx timeout [ 572.872091][T12022] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 573.069676][T12022] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 573.159751][T12022] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 573.214668][T12022] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 573.282178][T12022] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 573.322870][T12022] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 573.352658][T12022] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.383726][T12022] usb 2-1: config 0 descriptor?? [ 573.893825][T12022] plantronics 0003:047F:FFFF.0043: No inputs registered, leaving [ 573.958458][T12022] plantronics 0003:047F:FFFF.0043: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 574.040713][ T29] audit: type=1400 audit(1724962956.208:688): avc: denied { append } for pid=13109 comm="syz.0.3409" name="card0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 574.662533][T12022] usb 2-1: USB disconnect, device number 37 [ 574.794660][ T29] audit: type=1400 audit(1724962956.958:689): avc: denied { read write } for pid=13125 comm="syz.4.3414" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 574.882432][T13123] smc: net device lo applied user defined pnetid SYZ2 [ 574.904726][T13127] smc: net device lo erased user defined pnetid SYZ2 [ 574.909863][ T29] audit: type=1400 audit(1724962956.958:690): avc: denied { open } for pid=13125 comm="syz.4.3414" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 575.843317][ T46] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 576.064995][T13139] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.3420'. [ 576.074255][T13139] netlink: 183228 bytes leftover after parsing attributes in process `syz.1.3420'. [ 576.156760][ T29] audit: type=1400 audit(1724962958.288:691): avc: denied { ioctl } for pid=13140 comm="syz.2.3421" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 576.194164][ T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 576.211250][ T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 576.262800][ T46] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 576.387150][ T46] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 576.462131][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.513324][ T46] usb 1-1: config 0 descriptor?? [ 576.896662][T13149] program syz.1.3425 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 577.023576][ T46] acrux 0003:1A34:0802.0044: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0 [ 577.092094][ T46] acrux 0003:1A34:0802.0044: no inputs found [ 577.161456][ T46] acrux 0003:1A34:0802.0044: Failed to enable force feedback support, error: -19 [ 577.693717][ T46] usb 1-1: USB disconnect, device number 30 [ 578.015697][ T5296] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 578.092821][ T5330] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 578.251222][ T5296] usb 3-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 578.262174][ T5296] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.292798][ T5296] usb 3-1: Product: syz [ 578.318678][ T5296] usb 3-1: Manufacturer: syz [ 578.329515][ T5330] usb 2-1: Using ep0 maxpacket: 8 [ 578.351779][ T5330] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 578.417755][ T5296] usb 3-1: SerialNumber: syz [ 578.432959][ T5330] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 578.467714][ T5330] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 578.494584][ T5296] usb 3-1: config 0 descriptor?? [ 578.526594][ T5330] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 578.600616][ T5330] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 578.631946][ T5330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.851808][ T5296] kaweth 3-1:0.0: Firmware present in device. [ 578.932064][ T5330] usb 2-1: GET_CAPABILITIES returned 0 [ 578.961665][ T5330] usbtmc 2-1:16.0: can't read capabilities [ 579.043664][ T5296] kaweth 3-1:0.0: Statistics collection: 0 [ 579.087582][ T5296] kaweth 3-1:0.0: Multicast filter limit: 0 [ 579.093628][ T5296] kaweth 3-1:0.0: MTU: 0 [ 579.154709][ T5296] kaweth 3-1:0.0: Read MAC address 00:00:00:00:00:00 [ 579.201718][ T5330] usb 2-1: USB disconnect, device number 38 [ 579.691534][ T5296] kaweth 3-1:0.0: Error setting receive filter [ 579.712348][ T5296] kaweth 3-1:0.0: probe with driver kaweth failed with error -5 [ 579.733476][ T5296] usb 3-1: USB disconnect, device number 37 [ 579.996762][T13184] netlink: 'syz.3.3439': attribute type 12 has an invalid length. [ 580.074638][T13184] netlink: 'syz.3.3439': attribute type 11 has an invalid length. [ 580.146144][T13184] netlink: 'syz.3.3439': attribute type 11 has an invalid length. [ 580.171469][T13185] [U]  [ 580.180909][ T29] audit: type=1400 audit(1724962962.348:692): avc: denied { watch watch_reads } for pid=13187 comm="syz.0.3441" path="pipe:[4304]" dev="pipefs" ino=4304 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 580.244434][T13184] netlink: 'syz.3.3439': attribute type 11 has an invalid length. [ 580.291360][T13184] netlink: 'syz.3.3439': attribute type 11 has an invalid length. [ 580.299635][T13184] netlink: 'syz.3.3439': attribute type 11 has an invalid length. [ 580.364436][T13184] netlink: 'syz.3.3439': attribute type 11 has an invalid length. [ 580.409756][T13184] netlink: 'syz.3.3439': attribute type 4 has an invalid length. [ 580.454549][T13184] netlink: 'syz.3.3439': attribute type 5 has an invalid length. [ 580.521685][T13184] netlink: 195936 bytes leftover after parsing attributes in process `syz.3.3439'. [ 580.858768][ T46] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 581.070042][ T46] usb 1-1: config 0 has an invalid interface number: 117 but max is 0 [ 581.090292][ T46] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 581.124741][ T29] audit: type=1400 audit(1724962963.278:693): avc: denied { create } for pid=13197 comm="syz.1.3446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 581.133928][ T46] usb 1-1: config 0 has no interface number 0 [ 581.174332][T13200] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3447'. [ 581.205511][ T29] audit: type=1400 audit(1724962963.328:694): avc: denied { write } for pid=13197 comm="syz.1.3446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 581.268355][ T46] usb 1-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30 [ 581.294370][ T29] audit: type=1400 audit(1724962963.328:695): avc: denied { nlmsg_read } for pid=13197 comm="syz.1.3446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 581.361641][ T46] usb 1-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239 [ 581.521822][ T46] usb 1-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46 [ 581.582112][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.651250][ T46] usb 1-1: Product: syz [ 581.681628][ T46] usb 1-1: Manufacturer: syz [ 581.739028][ T46] usb 1-1: SerialNumber: syz [ 581.803372][ T46] usb 1-1: config 0 descriptor?? [ 581.820160][ T46] HFC-S_USB 1-1:0.117: probe with driver HFC-S_USB failed with error -5 [ 581.920124][ T29] audit: type=1400 audit(1724962964.078:696): avc: denied { watch } for pid=13209 comm="syz.4.3450" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=1090 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 583.034026][ T46] usb 1-1: USB disconnect, device number 31 [ 583.376453][T13238] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3462'. [ 583.975908][T13246] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3463'. [ 584.201378][T13251] netlink: 4272 bytes leftover after parsing attributes in process `syz.4.3467'. [ 584.320722][T13251] netlink: 'syz.4.3467': attribute type 1 has an invalid length. [ 584.422493][T13251] netlink: 121 bytes leftover after parsing attributes in process `syz.4.3467'. [ 584.654805][T13256] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3468'. [ 585.160255][ T5296] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 585.285773][ T46] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 585.346600][ T5296] usb 4-1: Using ep0 maxpacket: 8 [ 585.353993][ T5296] usb 4-1: config 0 has no interfaces? [ 585.370347][ T5296] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 585.400631][ T5296] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.483599][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 585.524857][ T5296] usb 4-1: config 0 descriptor?? [ 585.576370][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 585.673770][ T46] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 585.741256][T13263] block nbd4: shutting down sockets [ 585.858775][ T46] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 585.962331][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.007538][ T46] usb 2-1: config 0 descriptor?? [ 586.030617][ T29] audit: type=1400 audit(1724962968.198:697): avc: denied { map } for pid=13270 comm="syz.2.3474" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 586.486782][T13259] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 586.530572][T13275] syz.0.3477: attempt to access beyond end of device [ 586.530572][T13275] loop0: rw=0, sector=0, nr_sectors = 8 limit=0 [ 586.574365][T13259] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 586.593302][ T46] acrux 0003:1A34:0802.0045: unknown main item tag 0x0 [ 586.612938][ T46] acrux 0003:1A34:0802.0045: unknown main item tag 0x0 [ 586.622526][ T46] acrux 0003:1A34:0802.0045: unknown main item tag 0x0 [ 586.630296][T13275] F2FS-fs (loop0): Unable to read 1th superblock [ 586.677819][ T46] acrux 0003:1A34:0802.0045: unknown main item tag 0x0 [ 586.684806][ T46] acrux 0003:1A34:0802.0045: unknown main item tag 0x0 [ 586.692636][T13275] syz.0.3477: attempt to access beyond end of device [ 586.692636][T13275] loop0: rw=0, sector=8, nr_sectors = 8 limit=0 [ 586.721515][T13275] F2FS-fs (loop0): Unable to read 2th superblock [ 586.728842][ T46] acrux 0003:1A34:0802.0045: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.1-1/input0 [ 586.791775][ T46] acrux 0003:1A34:0802.0045: no inputs found [ 586.845006][ T46] acrux 0003:1A34:0802.0045: Failed to enable force feedback support, error: -19 [ 586.877772][ T5296] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 586.946236][ T9] usb 4-1: USB disconnect, device number 33 [ 587.083652][ T5296] usb 5-1: config 0 has no interfaces? [ 587.104644][ T5296] usb 5-1: New USB device found, idVendor=468c, idProduct=90ea, bcdDevice=99.6d [ 587.143202][ T5296] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.223323][ T5296] usb 5-1: Product: syz [ 587.233450][ T5296] usb 5-1: Manufacturer: syz [ 587.271488][ T5296] usb 5-1: SerialNumber: syz [ 587.353354][ T5296] usb 5-1: config 0 descriptor?? [ 588.063590][T13278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 588.152257][T13278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 588.200504][ T9] usb 5-1: USB disconnect, device number 31 [ 588.920842][ T5296] usb 2-1: USB disconnect, device number 39 [ 589.161091][T13310] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3495'. [ 589.470601][T13317] input: syz1 as /devices/virtual/input/input37 [ 589.532167][T13313] net_ratelimit: 394 callbacks suppressed [ 589.532189][T13313] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 589.684051][T11484] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 590.639250][ T5266] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 590.843862][ T5266] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 590.888410][ T5266] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.966765][ T5266] usb 1-1: config 0 descriptor?? [ 591.413950][ T5266] usb 1-1: Cannot set MAC address [ 591.422823][ T5266] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 591.485875][ T5266] usb 1-1: USB disconnect, device number 32 [ 591.546260][ T5330] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 591.757198][ T5330] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 591.788983][ T5330] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 591.820327][ T5330] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 591.861554][ T5330] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 591.901679][ T5330] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 591.933936][ T5330] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 591.962951][ T5330] usb 3-1: Manufacturer: syz [ 592.024107][ T5330] usb 3-1: config 0 descriptor?? [ 592.503818][T13365] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 592.508054][ T46] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 592.510363][T13365] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 592.563965][T13365] vhci_hcd vhci_hcd.0: Device attached [ 592.628309][ T5330] appleir 0003:05AC:8243.0046: unknown main item tag 0x0 [ 592.652267][ T5330] appleir 0003:05AC:8243.0046: No inputs registered, leaving [ 592.693608][T13366] vhci_hcd: connection closed [ 592.758613][ T46] usb 4-1: Using ep0 maxpacket: 32 [ 592.793546][ T5330] appleir 0003:05AC:8243.0046: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 592.813600][T11484] vhci_hcd: stop threads [ 592.813664][T11484] vhci_hcd: release socket [ 592.813717][T11484] vhci_hcd: disconnect device [ 592.904141][ T9] usb 11-1: new high-speed USB device number 2 using vhci_hcd [ 592.910205][ T46] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 592.920105][ T9] usb 11-1: enqueue for inactive port 0 [ 592.921233][ T46] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 592.974072][ T5330] usb 3-1: USB disconnect, device number 38 [ 593.022615][ T46] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 593.043914][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 593.108110][ T9] vhci_hcd: vhci_device speed not set [ 593.114307][ T46] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 593.214734][ T46] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 593.352232][ T46] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 593.413459][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.450623][ T46] usb 4-1: config 0 descriptor?? [ 594.012322][ T46] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 34 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 594.712824][ T46] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 594.731675][T13393] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3529'. [ 594.843729][ T9] usb 4-1: USB disconnect, device number 34 [ 594.911188][ T9] usblp0: removed [ 594.974607][ T46] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 595.041338][ T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 595.114422][ T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 595.204798][ T46] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 595.327735][ T46] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 595.421729][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.493588][ T46] usb 3-1: config 0 descriptor?? [ 595.991598][ T46] plantronics 0003:047F:FFFF.0047: No inputs registered, leaving [ 596.101216][ T46] plantronics 0003:047F:FFFF.0047: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 596.190973][ T5229] Bluetooth: hci3: command 0x0406 tx timeout [ 596.336734][ T9] usb 3-1: USB disconnect, device number 39 [ 596.689629][T13419] syzkaller1: entered promiscuous mode [ 596.722991][T13419] syzkaller1: entered allmulticast mode [ 597.349904][T13429] input: syz1 as /devices/virtual/input/input38 [ 598.187663][T13441] bond0: Removing last ns target with arp_interval on [ 598.190866][ T1302] bond0: (slave bond_slave_0): interface is now down [ 598.194494][T13441] bond0: option ad_select: unable to set because the bond device is up [ 598.298961][ T1302] bond0: (slave bond_slave_1): interface is now down [ 598.329034][ T1302] bond0: (slave netdevsim0): interface is now down [ 598.426043][T11484] bond0: (slave bond_slave_0): interface is now down [ 598.432779][T11484] bond0: (slave bond_slave_1): interface is now down [ 598.470619][T11484] bond0: (slave netdevsim0): interface is now down [ 598.524322][T11484] bond0: now running without any active interface! [ 601.543150][T13486] vxcan0: tx drop: invalid da for name 0x0000000000000001 [ 604.223921][ T29] audit: type=1400 audit(1724962986.338:698): avc: denied { read } for pid=13515 comm="syz.1.3581" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 606.371051][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 606.469921][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 606.683534][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 607.968534][T12022] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 608.214786][T12022] usb 2-1: Using ep0 maxpacket: 32 [ 608.294825][T12022] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 608.364785][T12022] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.525158][T12022] usb 2-1: config 0 descriptor?? [ 608.534388][T12022] gspca_main: sunplus-2.14.0 probing 041e:400b [ 608.854314][ T5229] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 608.891827][ T5229] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 608.903513][ T5229] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 609.018406][ T5229] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 609.033075][ T5229] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 609.052131][ T5229] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 609.618240][T12022] gspca_sunplus: reg_w_riv err -71 [ 609.623535][T12022] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 609.700463][T12022] usb 2-1: USB disconnect, device number 40 [ 609.913920][ T29] audit: type=1400 audit(1724962992.078:699): avc: denied { create } for pid=13569 comm="syz.3.3601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 610.044673][ T29] audit: type=1400 audit(1724962992.078:700): avc: denied { getopt } for pid=13569 comm="syz.3.3601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 610.800328][T13577] syz.1.3603: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 610.800888][T13577] CPU: 0 UID: 0 PID: 13577 Comm: syz.1.3603 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 610.800908][T13577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 610.800918][T13577] Call Trace: [ 610.800924][T13577] [ 610.800931][T13577] dump_stack_lvl+0x16c/0x1f0 [ 610.800960][T13577] warn_alloc+0x24d/0x3a0 [ 610.800978][T13577] ? __pfx_warn_alloc+0x10/0x10 [ 610.800993][T13577] ? stack_depot_save_flags+0x31b/0x8f0 [ 610.801015][T13577] ? kasan_save_stack+0x42/0x60 [ 610.801037][T13577] ? kasan_save_stack+0x33/0x60 [ 610.801057][T13577] ? kasan_save_track+0x14/0x30 [ 610.801077][T13577] ? __kasan_kmalloc+0xaa/0xb0 [ 610.801097][T13577] ? xskq_create+0x52/0x1d0 [ 610.801116][T13577] ? xsk_setsockopt+0x757/0xa10 [ 610.801136][T13577] ? __sys_setsockopt+0x1a4/0x270 [ 610.801155][T13577] ? __x64_sys_setsockopt+0xbd/0x160 [ 610.801173][T13577] ? do_syscall_64+0xcd/0x250 [ 610.801196][T13577] __vmalloc_node_range_noprof+0x10a3/0x14e0 [ 610.801220][T13577] ? xskq_create+0xfb/0x1d0 [ 610.801245][T13577] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 610.801268][T13577] ? xskq_create+0xfb/0x1d0 [ 610.801290][T13577] vmalloc_user_noprof+0x6b/0x90 [ 610.801306][T13577] ? xskq_create+0xfb/0x1d0 [ 610.801327][T13577] xskq_create+0xfb/0x1d0 [ 610.801349][T13577] xsk_setsockopt+0x757/0xa10 [ 610.801371][T13577] ? __pfx_xsk_setsockopt+0x10/0x10 [ 610.801392][T13577] ? find_held_lock+0x2d/0x110 [ 610.801413][T13577] ? selinux_socket_setsockopt+0x6a/0x80 [ 610.801435][T13577] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 610.801457][T13577] ? __pfx_xsk_setsockopt+0x10/0x10 [ 610.801478][T13577] do_sock_setsockopt+0x222/0x480 [ 610.801501][T13577] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 610.801531][T13577] ? __fget_light+0x173/0x210 [ 610.801558][T13577] __sys_setsockopt+0x1a4/0x270 [ 610.801578][T13577] ? __pfx___sys_setsockopt+0x10/0x10 [ 610.801597][T13577] ? handle_mm_fault+0x52d/0xa60 [ 610.801621][T13577] __x64_sys_setsockopt+0xbd/0x160 [ 610.801639][T13577] ? do_syscall_64+0x91/0x250 [ 610.801666][T13577] ? lockdep_hardirqs_on+0x7c/0x110 [ 610.801685][T13577] do_syscall_64+0xcd/0x250 [ 610.801706][T13577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.801728][T13577] RIP: 0033:0x7f4901b79ef9 [ 610.801742][T13577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 610.801756][T13577] RSP: 002b:00007f49029d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 610.801771][T13577] RAX: ffffffffffffffda RBX: 00007f4901d16058 RCX: 00007f4901b79ef9 [ 610.801782][T13577] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000003 [ 610.801791][T13577] RBP: 00007f4901be793e R08: 0000000000000020 R09: 0000000000000000 [ 610.801801][T13577] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 610.801810][T13577] R13: 0000000000000001 R14: 00007f4901d16058 R15: 00007ffd898bb5a8 [ 610.801831][T13577] [ 610.801843][T13577] Mem-Info: [ 610.801853][T13577] active_anon:14808 inactive_anon:0 isolated_anon:0 [ 610.801853][T13577] active_file:13670 inactive_file:2567 isolated_file:0 [ 610.801853][T13577] unevictable:768 dirty:420 writeback:0 [ 610.801853][T13577] slab_reclaimable:10079 slab_unreclaimable:106147 [ 610.801853][T13577] mapped:37618 shmem:12415 pagetables:840 [ 610.801853][T13577] sec_pagetables:0 bounce:0 [ 610.801853][T13577] kernel_misc_reclaimable:0 [ 610.801853][T13577] free:1363369 free_pcp:571 free_cma:0 [ 610.801893][T13577] Node 0 active_anon:59232kB inactive_anon:0kB active_file:54680kB inactive_file:10264kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:150472kB dirty:1680kB writeback:0kB shmem:48124kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10100kB pagetables:3360kB sec_pagetables:0kB all_unreclaimable? no [ 610.801932][T13577] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 610.801966][T13577] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 610.802005][T13577] lowmem_reserve[]: 0 2561 2562 0 0 [ 610.802034][T13577] Node 0 DMA32 free:1485632kB boost:0kB min:35020kB low:43772kB high:52524kB reserved_highatomic:0KB active_anon:59160kB inactive_anon:0kB active_file:54348kB inactive_file:9316kB unevictable:1536kB writepending:1680kB present:3129332kB managed:2650076kB mlocked:0kB bounce:0kB free_pcp:2252kB local_pcp:876kB free_cma:0kB [ 610.802074][T13577] lowmem_reserve[]: 0 0 1 0 0 [ 610.802102][T13577] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:72kB inactive_anon:0kB active_file:332kB inactive_file:948kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:20kB free_cma:0kB [ 610.802141][T13577] lowmem_reserve[]: 0 0 0 0 0 [ 610.802168][T13577] Node 1 Normal free:3952484kB boost:0kB min:54864kB low:68580kB high:82296kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 610.802207][T13577] lowmem_reserve[]: 0 0 0 0 0 [ 610.802234][T13577] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 610.802384][T13577] Node 0 DMA32: 812*4kB (UME) 581*8kB (UME) 183*16kB (UME) 135*32kB (UME) 49*64kB (UME) 13*128kB (UME) 7*256kB (UM) 9*512kB (UME) 11*1024kB (ME) 13*2048kB (ME) 347*4096kB (M) = 1485544kB [ 610.802517][T13577] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 610.802595][T13577] Node 1 Normal: 15*4kB (U) 13*8kB (U) 8*16kB (U) 8*32kB (U) 9*64kB (UM) 8*128kB (U) 3*256kB (UM) 2*512kB (UM) 0*1024kB 2*2048kB (U) 963*4096kB (M) = 3952484kB [ 610.802728][T13577] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 610.802741][T13577] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 610.802753][T13577] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 610.802766][T13577] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 610.802778][T13577] 28653 total pagecache pages [ 610.802784][T13577] 1 pages in swap cache [ 610.802789][T13577] Free swap = 124372kB [ 610.802795][T13577] Total swap = 124996kB [ 610.802801][T13577] 2097051 pages RAM [ 610.802806][T13577] 0 pages HighMem/MovableOnly [ 610.802812][T13577] 403066 pages reserved [ 610.802817][T13577] 0 pages cma reserved [ 610.904415][T12022] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 611.140406][T12022] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 611.140445][T12022] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.143675][T12022] usb 3-1: config 0 descriptor?? [ 611.148622][T12022] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 611.240986][ T5234] Bluetooth: hci7: command tx timeout [ 611.753591][T12022] cpia1 3-1:0.0: unexpected state after lo power cmd: 00 [ 612.190974][T13562] chnl_net:caif_netlink_parms(): no params data found [ 612.211955][T12022] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0) [ 613.250759][T12022] usb 3-1: USB disconnect, device number 40 [ 613.311834][ T5234] Bluetooth: hci7: command tx timeout [ 613.389375][ T29] audit: type=1400 audit(1724962995.558:701): avc: denied { append } for pid=13586 comm="syz.1.3606" name="nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 613.441935][ T52] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.892851][ T52] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.092281][T13597] Bluetooth: MGMT ver 1.23 [ 614.121079][T12022] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 614.280947][ T5280] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 614.341238][T12022] usb 3-1: Using ep0 maxpacket: 8 [ 614.358642][T12022] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 614.373421][T12022] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 614.401264][T12022] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 614.443866][T12022] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 614.510023][ T5280] usb 2-1: Using ep0 maxpacket: 8 [ 614.540858][ T5280] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 614.611013][ T5280] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x2C, changing to 0xC [ 614.649027][T12022] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 614.690187][ T5280] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 64 [ 614.719345][ T5280] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 614.762475][T12022] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 614.791121][ T5280] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 2.40 [ 614.808279][T12022] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 614.833017][ T5280] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.863329][T12022] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 614.910231][T13595] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 614.937031][T12022] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 614.966979][T12022] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 615.013968][T12022] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 615.028128][T12022] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 615.054793][T12022] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 615.059458][ T52] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.118955][T12022] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 615.158569][T12022] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 615.195664][T12022] usb 3-1: string descriptor 0 read error: -22 [ 615.202091][T12022] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 615.224322][T12022] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.242890][T12022] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 615.415988][ T5234] Bluetooth: hci7: command tx timeout [ 615.984473][ T5280] cdc_ncm 2-1:1.0: bind() failure [ 616.008469][ T52] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.042795][ T5280] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 616.075843][ T5280] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 616.113925][ T5280] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 616.153398][T12022] usb 3-1: USB disconnect, device number 41 [ 616.312879][ T5280] usb 2-1: USB disconnect, device number 41 [ 616.450910][ T29] audit: type=1400 audit(1724962998.588:702): avc: denied { bind } for pid=13606 comm="syz.3.3614" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 616.533313][T13562] bridge0: port 1(bridge_slave_0) entered blocking state [ 616.592711][T13562] bridge0: port 1(bridge_slave_0) entered disabled state [ 616.600739][T13562] bridge_slave_0: entered allmulticast mode [ 616.694283][T13562] bridge_slave_0: entered promiscuous mode [ 616.704116][T13562] bridge0: port 2(bridge_slave_1) entered blocking state [ 616.764849][T13562] bridge0: port 2(bridge_slave_1) entered disabled state [ 616.792294][T13562] bridge_slave_1: entered allmulticast mode [ 616.801096][T13562] bridge_slave_1: entered promiscuous mode [ 617.476753][ T5234] Bluetooth: hci7: command tx timeout [ 617.504310][T13562] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 617.628209][ T5229] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 617.684671][T13562] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 617.687657][ T5229] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 617.723817][ T5229] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 617.819226][ T5229] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 617.860415][ T5229] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 617.871369][ T5229] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 618.167762][T13562] team0: Port device team_slave_0 added [ 618.824338][T13562] team0: Port device team_slave_1 added [ 619.054829][ T52] bridge_slave_1: left allmulticast mode [ 619.092665][ T52] bridge_slave_1: left promiscuous mode [ 619.172651][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.313486][ T52] bridge_slave_0: left allmulticast mode [ 619.350726][ T52] bridge_slave_0: left promiscuous mode [ 619.374804][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 620.009531][ T5330] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 620.041878][ T5234] Bluetooth: hci3: command tx timeout [ 620.175277][ T29] audit: type=1400 audit(1724963002.338:703): avc: denied { shutdown } for pid=13643 comm="syz.3.3627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 620.206496][ T5330] usb 2-1: Using ep0 maxpacket: 16 [ 620.209401][ T5330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 620.209449][ T5330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 620.209503][ T5330] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 620.209535][ T5330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 620.219227][ T5330] usb 2-1: config 0 descriptor?? [ 620.806276][ T747] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 620.976970][T13637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 621.012237][T13637] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 621.078048][ T5330] hid (null): unknown global tag 0xd [ 621.119115][ T5330] hid (null): unknown global tag 0xd [ 621.124468][ T5330] hid (null): report_id 40203 is invalid [ 621.159373][ T5330] hid (null): invalid report_size -1862471209 [ 621.208523][ T5330] hid (null): invalid report_size -1217885453 [ 621.227302][ T5330] hid (null): unknown global tag 0x36 [ 621.331383][ T5330] usb 2-1: string descriptor 0 read error: -71 [ 621.384236][ T5330] usb 2-1: Max retries (5) exceeded reading string descriptor 200 [ 621.444033][ T5330] letsketch 0003:6161:4D15.0048: probe with driver letsketch failed with error -32 [ 621.512680][ T5330] usb 2-1: USB disconnect, device number 42 [ 622.081468][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 622.117700][ T5234] Bluetooth: hci3: command tx timeout [ 622.180468][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 622.292109][ T52] bond0 (unregistering): Released all slaves [ 622.354193][T13562] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 622.370956][T13562] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 622.424698][T13562] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 622.653687][T13562] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 622.661091][T13562] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 622.712617][T13562] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 622.737253][ T5296] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 622.954395][ T5296] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 623.001940][ T5296] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.046744][ T5296] usb 2-1: Product: syz [ 623.053457][ T5296] usb 2-1: Manufacturer: syz [ 623.101260][ T5296] usb 2-1: SerialNumber: syz [ 623.128249][ T5296] usb 2-1: config 0 descriptor?? [ 623.221577][T13653] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3630'. [ 623.247748][T13653] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3630'. [ 623.261347][T13653] bridge0: port 2(bridge_slave_1) entered disabled state [ 623.334053][T13653] bridge0: port 2(bridge_slave_1) entered blocking state [ 623.341375][T13653] bridge0: port 2(bridge_slave_1) entered forwarding state [ 623.579593][ T5296] usb 2-1: Firmware version (0.0) predates our first public release. [ 623.590371][ T5296] usb 2-1: Please update to version 0.2 or newer [ 623.619268][ T5296] usb 2-1: Firmware: build [ 623.856717][T13562] hsr_slave_0: entered promiscuous mode [ 623.903406][T13562] hsr_slave_1: entered promiscuous mode [ 623.923262][T13562] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 623.980304][T13562] Cannot create hsr debugfs directory [ 624.094353][ T5296] usb 2-1: USB disconnect, device number 43 [ 624.187084][ T5234] Bluetooth: hci3: command tx timeout [ 624.833896][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.959106][ T52] hsr_slave_0: left promiscuous mode [ 624.981106][ T52] hsr_slave_1: left promiscuous mode [ 625.020194][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 625.042544][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 625.083022][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 625.091615][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 625.244639][ T52] veth1_macvtap: left promiscuous mode [ 625.309186][ T52] veth0_macvtap: left promiscuous mode [ 625.320146][ T52] veth1_vlan: left promiscuous mode [ 625.339506][ T52] veth0_vlan: left promiscuous mode [ 626.282350][ T5234] Bluetooth: hci3: command tx timeout [ 628.223027][ T52] team0 (unregistering): Port device team_slave_1 removed [ 628.433289][ T52] team0 (unregistering): Port device team_slave_0 removed [ 632.174466][T13709] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 632.344269][T13613] chnl_net:caif_netlink_parms(): no params data found [ 633.039096][ T52] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.423357][ T52] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.447556][T13726] binder_alloc: binder_alloc_mmap_handler: 13721 20ffc000-20ffd000 already mapped failed -16 [ 633.943408][ T52] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.004569][T13613] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.012134][T13613] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.050453][T13613] bridge_slave_0: entered allmulticast mode [ 634.098907][T13613] bridge_slave_0: entered promiscuous mode [ 634.114158][ T5234] Bluetooth: hci0: command 0x0c20 tx timeout [ 634.171488][T13613] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.205164][T13613] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.212506][T13613] bridge_slave_1: entered allmulticast mode [ 634.353146][T13613] bridge_slave_1: entered promiscuous mode [ 634.566537][ T52] bond0: (slave netdevsim0): Releasing backup interface [ 634.583332][ T52] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.000261][T13613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 635.091397][T13613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 635.710304][T13613] team0: Port device team_slave_0 added [ 636.079953][T13613] team0: Port device team_slave_1 added [ 636.353680][T13562] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 636.386694][T13562] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 636.808741][T13613] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 636.845149][T13613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 636.923732][T13613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 637.006783][T13613] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 637.043356][T13613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 637.220500][T13613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 637.257210][T13562] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 637.314541][T13562] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 637.984437][ T29] audit: type=1400 audit(1724963020.148:704): avc: denied { write } for pid=13768 comm="syz.2.3673" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 638.007157][ C0] vkms_vblank_simulate: vblank timer overrun [ 638.024591][ T52] bridge_slave_1: left allmulticast mode [ 638.067093][ T52] bridge_slave_1: left promiscuous mode [ 638.073046][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 638.192618][ T52] bridge_slave_0: left allmulticast mode [ 638.220906][ T52] bridge_slave_0: left promiscuous mode [ 638.274050][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 640.181999][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 640.218209][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 640.231734][ T52] bond0 (unregistering): Released all slaves [ 640.343437][T13613] hsr_slave_0: entered promiscuous mode [ 640.392089][T13613] hsr_slave_1: entered promiscuous mode [ 640.421611][T13613] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 640.442139][T13613] Cannot create hsr debugfs directory [ 641.407726][ T46] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 641.718763][ T46] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 641.741462][ T52] hsr_slave_0: left promiscuous mode [ 641.752030][ T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.781759][ T46] usb 4-1: Product: syz [ 641.781809][ T52] hsr_slave_1: left promiscuous mode [ 641.792888][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 641.820405][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 641.827364][ T46] usb 4-1: Manufacturer: syz [ 641.832748][ T46] usb 4-1: SerialNumber: syz [ 641.839713][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 641.851377][ T46] usb 4-1: config 0 descriptor?? [ 641.902856][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 642.029853][ T52] veth1_macvtap: left promiscuous mode [ 642.061323][ T52] veth0_macvtap: left promiscuous mode [ 642.078718][ T52] veth1_vlan: left promiscuous mode [ 642.084134][ T52] veth0_vlan: left promiscuous mode [ 642.341376][ T9] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 642.555094][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 642.563085][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 642.597883][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 642.657643][ T9] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 642.703321][ T9] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 642.723208][ T9] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 642.753684][ T52] pim6reg9 (unregistering): left allmulticast mode [ 642.820347][ T9] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 642.868540][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 642.893429][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.902717][ T9] usb 3-1: Product: syz [ 642.907376][ T9] usb 3-1: Manufacturer: syz [ 642.912019][ T9] usb 3-1: SerialNumber: syz [ 643.213752][ T9] cdc_ncm 3-1:1.0: bind() failure [ 643.252710][ T9] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 643.261905][ T9] cdc_ncm 3-1:1.1: bind() failure [ 643.316918][ T9] usb 3-1: USB disconnect, device number 42 [ 644.739926][ T52] team0 (unregistering): Port device team_slave_1 removed [ 644.961951][ T52] team0 (unregistering): Port device team_slave_0 removed [ 646.600573][ T46] usb 4-1: f81604_read: reg: 100f failed: -EPROTO [ 646.657691][ T46] usb 4-1: f81604_read: reg: 200f failed: -EPROTO [ 646.685672][ T46] usb 4-1: USB disconnect, device number 35 [ 646.996895][ T46] usb 4-1: f81604_read: reg: 100f failed: -ENODEV [ 647.155875][T13802] input: syz0 as /devices/virtual/input/input40 [ 647.232431][ T46] usb 4-1: f81604_read: reg: 200f failed: -ENODEV [ 647.740193][ T5229] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 647.764228][ T5229] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 647.804107][ T5229] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 647.831786][ T5229] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 647.862574][ T5229] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 647.901660][ T5229] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 648.203784][T13562] 8021q: adding VLAN 0 to HW filter on device bond0 [ 648.841183][T13562] 8021q: adding VLAN 0 to HW filter on device team0 [ 649.712622][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.022859][ T1302] bridge0: port 1(bridge_slave_0) entered blocking state [ 650.030238][ T1302] bridge0: port 1(bridge_slave_0) entered forwarding state [ 650.057008][ T5229] Bluetooth: hci4: command tx timeout [ 650.090189][ T1302] bridge0: port 2(bridge_slave_1) entered blocking state [ 650.097495][ T1302] bridge0: port 2(bridge_slave_1) entered forwarding state [ 650.180685][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.489542][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.852300][T13827] input: syz0 as /devices/virtual/input/input41 [ 651.022741][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.380831][T13613] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 651.400239][ T5330] kernel write not supported for file /uinput (pid: 5330 comm: kworker/1:6) [ 651.517218][T13613] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 651.570415][T13562] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 651.813148][T13613] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 652.105698][ T5229] Bluetooth: hci4: command tx timeout [ 652.183573][T13613] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 652.301848][T13808] chnl_net:caif_netlink_parms(): no params data found [ 652.663245][ T12] bridge_slave_1: left allmulticast mode [ 652.699872][ T12] bridge_slave_1: left promiscuous mode [ 652.730081][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 652.792276][ T12] bridge_slave_0: left allmulticast mode [ 652.809116][ T5296] usb 3-1: new full-speed USB device number 43 using dummy_hcd [ 652.822262][ T12] bridge_slave_0: left promiscuous mode [ 652.869651][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 653.007289][ T5296] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 653.029804][ T5296] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 653.091462][ T5296] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 653.138821][ T5296] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 653.214499][ T5296] usb 3-1: SerialNumber: syz [ 653.253205][T13845] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 653.518215][ T5296] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 653.580508][ T5296] usb 3-1: USB disconnect, device number 43 [ 654.188340][ T5229] Bluetooth: hci4: command tx timeout [ 654.793321][ T12] bond0 (unregistering): left allmulticast mode [ 654.801363][ T12] bond_slave_0: left allmulticast mode [ 654.809722][ T12] bond_slave_1: left allmulticast mode [ 654.820469][ T12] bond0 (unregistering): left promiscuous mode [ 654.829469][ T12] bond_slave_0: left promiscuous mode [ 654.837454][ T12] bond_slave_1: left promiscuous mode [ 654.888805][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 654.903705][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 654.940144][ T12] bond0 (unregistering): Released all slaves [ 655.142902][T13856] team0: entered promiscuous mode [ 655.150413][T13856] team_slave_0: entered promiscuous mode [ 655.160965][T13856] team_slave_1: entered promiscuous mode [ 655.289171][ T12] tipc: Left network mode [ 655.300758][T13855] team0: left promiscuous mode [ 655.340548][T13855] team_slave_0: left promiscuous mode [ 655.348379][T13855] team_slave_1: left promiscuous mode [ 655.766921][T13808] bridge0: port 1(bridge_slave_0) entered blocking state [ 655.774189][T13808] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.789736][T13808] bridge_slave_0: entered allmulticast mode [ 655.807779][T13808] bridge_slave_0: entered promiscuous mode [ 655.838209][T13808] bridge0: port 2(bridge_slave_1) entered blocking state [ 655.879056][T13808] bridge0: port 2(bridge_slave_1) entered disabled state [ 655.888253][T13808] bridge_slave_1: entered allmulticast mode [ 655.901059][T13808] bridge_slave_1: entered promiscuous mode [ 656.271398][ T5229] Bluetooth: hci4: command tx timeout [ 656.434691][T13808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 656.663318][T13868] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3707'. [ 656.752170][T13808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 656.873540][T13562] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 657.042688][ T12] hsr_slave_0: left promiscuous mode [ 657.049593][ T12] hsr_slave_1: left promiscuous mode [ 657.074105][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 657.081862][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 657.138204][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 657.164109][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 657.234033][ T12] veth1_macvtap: left promiscuous mode [ 657.254615][ T12] veth0_macvtap: left promiscuous mode [ 657.266722][ T12] veth1_vlan: left promiscuous mode [ 657.272185][ T12] veth0_vlan: left promiscuous mode [ 658.348094][ T5229] Bluetooth: hci4: command tx timeout [ 659.744583][ T12] team0 (unregistering): Port device team_slave_1 removed [ 659.897733][ T12] team0 (unregistering): Port device team_slave_0 removed [ 661.610169][T13808] team0: Port device team_slave_0 added [ 661.827995][T13808] team0: Port device team_slave_1 added [ 662.254986][ T46] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 662.292633][T13808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 662.329977][T13808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 662.449647][ T46] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 662.454928][T13808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 662.498643][ T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 662.558506][ T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 662.596243][ T46] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 662.684108][ T46] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 662.686237][T13808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 662.730006][T13808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 662.730149][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 662.796686][ T5229] Bluetooth: hci0: command 0x0c20 tx timeout [ 662.823403][T13808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 662.871738][ T46] usb 3-1: config 0 descriptor?? [ 662.910541][ T5234] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 662.982105][ T5234] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 663.036506][ T5234] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 663.044434][T13613] 8021q: adding VLAN 0 to HW filter on device bond0 [ 663.109153][ T5234] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 663.144177][ T5234] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 663.173845][ T5234] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 663.202194][T13613] 8021q: adding VLAN 0 to HW filter on device team0 [ 663.333129][ T1297] bridge0: port 1(bridge_slave_0) entered blocking state [ 663.340386][ T1297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 663.438825][ T46] plantronics 0003:047F:FFFF.0049: unknown main item tag 0x0 [ 663.495062][ T12] IPVS: stop unused estimator thread 0... [ 663.560099][ T46] plantronics 0003:047F:FFFF.0049: No inputs registered, leaving [ 663.622615][ T46] plantronics 0003:047F:FFFF.0049: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 663.626827][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 663.642135][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 663.961585][ T46] usb 3-1: USB disconnect, device number 44 [ 664.028630][T13808] hsr_slave_0: entered promiscuous mode [ 664.074380][T13808] hsr_slave_1: entered promiscuous mode [ 664.886620][T13562] veth0_vlan: entered promiscuous mode [ 665.246433][ T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 665.306089][ T5229] Bluetooth: hci2: command tx timeout [ 665.669538][ T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 665.813169][T13562] veth1_vlan: entered promiscuous mode [ 666.416591][ T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 666.792855][ T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.387482][ T5229] Bluetooth: hci2: command tx timeout [ 667.852921][T13613] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 667.853489][ T5234] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 667.970044][ T5234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 668.001757][ T5234] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 668.024740][ T5234] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 668.058472][ T5234] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 668.070265][ T5234] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 668.390627][T13887] chnl_net:caif_netlink_parms(): no params data found [ 668.724153][T13613] veth0_vlan: entered promiscuous mode [ 669.472566][ T5229] Bluetooth: hci2: command tx timeout [ 669.663194][T13613] veth1_vlan: entered promiscuous mode [ 669.744655][ T52] bridge_slave_1: left allmulticast mode [ 669.781075][ T52] bridge_slave_1: left promiscuous mode [ 669.802332][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.847185][ T52] bridge_slave_0: left allmulticast mode [ 669.852951][ T52] bridge_slave_0: left promiscuous mode [ 669.859854][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 670.186773][ T5229] Bluetooth: hci0: command tx timeout [ 671.549818][ T5229] Bluetooth: hci2: command tx timeout [ 671.772802][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 671.842673][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 671.872996][ T52] bond0 (unregistering): Released all slaves [ 671.944517][T13887] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.981168][T13887] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.999463][T13887] bridge_slave_0: entered allmulticast mode [ 672.011752][T13887] bridge_slave_0: entered promiscuous mode [ 672.183209][ T29] audit: type=1400 audit(1724963054.348:705): avc: denied { mount } for pid=13933 comm="syz.2.3726" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 672.259323][T13887] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.267084][T13887] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.267120][ T5229] Bluetooth: hci0: command tx timeout [ 672.274321][T13887] bridge_slave_1: entered allmulticast mode [ 672.372274][T13887] bridge_slave_1: entered promiscuous mode [ 672.502312][T13808] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 672.815301][T13808] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 672.902246][T13887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 672.936707][T13808] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 673.238611][T13808] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 673.303673][ T29] audit: type=1400 audit(1724963055.468:706): avc: denied { unmount } for pid=10497 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 673.329489][T13887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 673.750361][ T52] hsr_slave_0: left promiscuous mode [ 673.778359][ T52] hsr_slave_1: left promiscuous mode [ 673.790316][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 673.819703][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 673.857052][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 673.874812][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 674.010474][ T52] veth1_macvtap: left promiscuous mode [ 674.018646][ T52] veth0_macvtap: left promiscuous mode [ 674.024395][ T52] veth1_vlan: left promiscuous mode [ 674.033155][ T52] veth0_vlan: left promiscuous mode [ 674.348050][ T5234] Bluetooth: hci0: command tx timeout [ 675.592322][ T5296] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 675.788097][ T5296] usb 3-1: Using ep0 maxpacket: 8 [ 675.816537][ T5296] usb 3-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=14.a8 [ 675.830864][ T5296] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 675.846259][ T5296] usb 3-1: Product: syz [ 675.850469][ T5296] usb 3-1: Manufacturer: syz [ 675.856037][ T5296] usb 3-1: SerialNumber: syz [ 675.864024][ T5296] usb 3-1: config 0 descriptor?? [ 675.908252][ T5296] redrat3 3-1:0.0: Couldn't find all endpoints [ 676.071371][ T29] audit: type=1400 audit(1724963058.228:707): avc: denied { mounton } for pid=13946 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 676.082272][ T5229] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 676.189234][ T5229] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 676.239806][ T5229] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 676.260125][ T5229] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 676.301248][ T5229] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 676.314668][ T5229] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 676.425227][ T5229] Bluetooth: hci0: command tx timeout [ 676.522069][ T8] usb 3-1: USB disconnect, device number 45 [ 676.871569][ T52] team0 (unregistering): Port device team_slave_1 removed [ 676.973694][ T52] team0 (unregistering): Port device team_slave_0 removed [ 678.432862][ T5229] Bluetooth: hci7: command tx timeout [ 679.270597][T13887] team0: Port device team_slave_0 added [ 679.302024][T13887] team0: Port device team_slave_1 added [ 679.568041][T13961] netlink: 'syz.2.3733': attribute type 1 has an invalid length. [ 679.627573][T13961] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.3733'. [ 679.641367][T13887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 679.662641][T13961] netlink: 1 bytes leftover after parsing attributes in process `syz.2.3733'. [ 679.672147][T13887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 679.722791][T13887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 679.823122][T13887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 679.858164][T13887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 679.965037][T13887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 680.065565][T13911] chnl_net:caif_netlink_parms(): no params data found [ 680.519581][ T5229] Bluetooth: hci7: command tx timeout [ 681.123368][T13887] hsr_slave_0: entered promiscuous mode [ 681.182556][T13887] hsr_slave_1: entered promiscuous mode [ 681.210250][T13887] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 681.259465][T13887] Cannot create hsr debugfs directory [ 681.423225][T13911] bridge0: port 1(bridge_slave_0) entered blocking state [ 681.447206][T13911] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.454516][T13911] bridge_slave_0: entered allmulticast mode [ 681.490453][T13911] bridge_slave_0: entered promiscuous mode [ 681.584703][T13911] bridge0: port 2(bridge_slave_1) entered blocking state [ 681.620160][T13911] bridge0: port 2(bridge_slave_1) entered disabled state [ 681.630116][T13911] bridge_slave_1: entered allmulticast mode [ 681.665928][T13911] bridge_slave_1: entered promiscuous mode [ 682.502055][T13911] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 682.597903][ T5229] Bluetooth: hci7: command tx timeout [ 682.901355][T13911] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 683.379506][T13911] team0: Port device team_slave_0 added [ 683.461156][T13808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 683.714253][T13911] team0: Port device team_slave_1 added [ 683.892240][T13946] chnl_net:caif_netlink_parms(): no params data found [ 683.994753][T13808] 8021q: adding VLAN 0 to HW filter on device team0 [ 684.119913][T13911] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 684.129070][T13911] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 684.167651][T13911] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 684.182004][T13911] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 684.197787][T13911] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 684.233239][T13911] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 684.254301][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 684.261548][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 684.509173][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 684.516467][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 684.665928][ T5229] Bluetooth: hci7: command tx timeout [ 685.271367][T13911] hsr_slave_0: entered promiscuous mode [ 685.422225][T13911] hsr_slave_1: entered promiscuous mode [ 685.494429][T13911] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 685.505866][T13911] Cannot create hsr debugfs directory [ 686.028787][T13984] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3738'. [ 686.132191][T13946] bridge0: port 1(bridge_slave_0) entered blocking state [ 686.141064][T13946] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.181402][T13946] bridge_slave_0: entered allmulticast mode [ 686.213419][T13946] bridge_slave_0: entered promiscuous mode [ 686.279544][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.495111][T13946] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.502328][T13946] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.526076][T13946] bridge_slave_1: entered allmulticast mode [ 686.533810][T13946] bridge_slave_1: entered promiscuous mode [ 686.983233][T13946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 687.304325][T13946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 687.740748][T13887] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 687.861287][T13946] team0: Port device team_slave_0 added [ 688.150448][T13887] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 688.208468][T13887] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 688.299101][T13946] team0: Port device team_slave_1 added [ 688.499335][T13887] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 688.641486][T13946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 688.731349][T13946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.782017][T13946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 688.847188][T13946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 688.876405][T13946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.928942][T13946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 689.109045][ T52] bridge_slave_1: left allmulticast mode [ 689.126402][ T52] bridge_slave_1: left promiscuous mode [ 689.144186][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.194661][ T52] bridge_slave_0: left allmulticast mode [ 689.234424][ T52] bridge_slave_0: left promiscuous mode [ 689.272411][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 689.352965][ T52] bridge_slave_1: left allmulticast mode [ 689.394631][ T52] bridge_slave_1: left promiscuous mode [ 689.433715][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.520359][ T52] bridge_slave_0: left allmulticast mode [ 689.559832][ T52] bridge_slave_0: left promiscuous mode [ 689.590747][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 690.031133][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.081373][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.097238][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.104693][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.171480][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.213175][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.222346][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.241904][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.303583][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.314342][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.330864][T13889] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 690.392549][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.408972][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.416968][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.424393][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.447129][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.484031][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.493420][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.504632][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.544107][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.589383][T13889] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 690.608311][T13889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 690.638814][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.650381][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.658621][T13889] usb 3-1: Product: syz [ 690.662811][T13889] usb 3-1: Manufacturer: syz [ 690.679394][ T5266] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 690.690884][T13889] usb 3-1: SerialNumber: syz [ 690.724016][ T5266] hid-generic 0000:0000:0000.004A: hidraw0: HID v0.00 Device [syz0] on syz0 [ 690.751590][T13889] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 690.904396][ T46] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 718.287439][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 2690 jiffies s: 20469 root: 0x2/. [ 718.341514][ T19] rcu: blocking rcu_node structures (internal RCU debug): [ 718.367730][ T19] Sending NMI from CPU 0 to CPUs 1: [ 718.372985][ C1] NMI backtrace for cpu 1 [ 718.372999][ C1] CPU: 1 UID: 0 PID: 5266 Comm: kworker/1:3 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 718.373027][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 718.373042][ C1] Workqueue: usb_hub_wq hub_event [ 718.373066][ C1] RIP: 0010:unwind_next_frame+0x11ff/0x23a0 [ 718.373093][ C1] Code: 4e 00 49 39 ef 0f 83 b5 0a 00 00 e8 0b cf 4e 00 bf 01 00 00 00 e8 31 af 1e 00 31 ff 65 8b 1d 10 ea c6 7e 89 de e8 31 d1 4e 00 <85> db 0f 84 7f 0a 00 00 bb 01 00 00 00 e9 3b ee ff ff e8 da ce 4e [ 718.373113][ C1] RSP: 0018:ffffc90000a18250 EFLAGS: 00000006 [ 718.373130][ C1] RAX: 0000000000010102 RBX: 0000000000010102 RCX: ffffffff813cf0ff [ 718.373145][ C1] RDX: ffff888063d39e00 RSI: 0000000000000000 RDI: 0000000000000005 [ 718.373159][ C1] RBP: ffffc900038ef928 R08: 0000000000000005 R09: 0000000000000000 [ 718.373173][ C1] R10: 0000000000010102 R11: 0000000000000000 R12: ffffc900038e8000 [ 718.373187][ C1] R13: ffffc900038f0000 R14: ffffc900038ef930 R15: ffffc900038ef8d0 [ 718.373202][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 718.373224][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 718.373240][ C1] CR2: 000000110c3a9617 CR3: 000000005821c000 CR4: 00000000003506f0 [ 718.373255][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 718.373268][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 718.373282][ C1] Call Trace: [ 718.373289][ C1] [ 718.373297][ C1] ? show_regs+0x8c/0xa0 [ 718.373329][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 718.373357][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 718.373386][ C1] ? nmi_handle+0x1a9/0x5c0 [ 718.373407][ C1] ? unwind_next_frame+0x11ff/0x23a0 [ 718.373429][ C1] ? default_do_nmi+0x6a/0x160 [ 718.373461][ C1] ? exc_nmi+0x170/0x1e0 [ 718.373491][ C1] ? end_repeat_nmi+0xf/0x53 [ 718.373515][ C1] ? unwind_next_frame+0x11ff/0x23a0 [ 718.373537][ C1] ? unwind_next_frame+0x11ff/0x23a0 [ 718.373559][ C1] ? unwind_next_frame+0x11ff/0x23a0 [ 718.373582][ C1] ? unwind_next_frame+0x11ff/0x23a0 [ 718.373604][ C1] [ 718.373611][ C1] [ 718.373619][ C1] ? __kmalloc_cache_noprof+0x11e/0x300 [ 718.373652][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 718.373681][ C1] arch_stack_walk+0x100/0x170 [ 718.373708][ C1] ? usb_control_msg+0xbd/0x4b0 [ 718.373737][ C1] ? dummy_timer+0x1750/0x38d0 [ 718.373762][ C1] stack_trace_save+0x95/0xd0 [ 718.373788][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 718.373815][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 718.373848][ C1] kasan_save_stack+0x33/0x60 [ 718.373878][ C1] ? kasan_save_stack+0x33/0x60 [ 718.373906][ C1] ? kasan_save_track+0x14/0x30 [ 718.373934][ C1] ? kasan_save_free_info+0x3b/0x60 [ 718.373959][ C1] ? poison_slab_object+0xf7/0x160 [ 718.373988][ C1] ? __kasan_slab_free+0x32/0x50 [ 718.374017][ C1] ? kfree+0x12a/0x3b0 [ 718.374042][ C1] ? dummy_timer+0x1750/0x38d0 [ 718.374064][ C1] ? __hrtimer_run_queues+0x20c/0xcc0 [ 718.374087][ C1] ? hrtimer_interrupt+0x31b/0x800 [ 718.374110][ C1] ? __sysvec_apic_timer_interrupt+0x10f/0x450 [ 718.374131][ C1] ? sysvec_apic_timer_interrupt+0x43/0xb0 [ 718.374155][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 718.374186][ C1] ? write_comp_data+0x11/0x90 [ 718.374215][ C1] ? pie_calculate_probability+0x2ad/0x850 [ 718.374246][ C1] ? fq_pie_timer+0x215/0x5a0 [ 718.374276][ C1] ? call_timer_fn+0x1a0/0x610 [ 718.374304][ C1] ? __run_timers+0x74b/0xaf0 [ 718.374331][ C1] ? run_timer_base+0x111/0x190 [ 718.374359][ C1] ? run_timer_softirq+0x1a/0x40 [ 718.374387][ C1] ? handle_softirqs+0x216/0x8f0 [ 718.374409][ C1] ? irq_exit_rcu+0xbb/0x120 [ 718.374430][ C1] ? sysvec_apic_timer_interrupt+0x95/0xb0 [ 718.374454][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 718.374485][ C1] ? ___cache_free+0x6e/0xf0 [ 718.374503][ C1] ? qlist_free_all+0x4e/0x140 [ 718.374530][ C1] ? kasan_quarantine_reduce+0x192/0x1e0 [ 718.374559][ C1] ? __kasan_slab_alloc+0x69/0x90 [ 718.374588][ C1] ? __kmalloc_cache_noprof+0x11e/0x300 [ 718.374634][ C1] kasan_save_track+0x14/0x30 [ 718.374663][ C1] kasan_save_free_info+0x3b/0x60 [ 718.374689][ C1] poison_slab_object+0xf7/0x160 [ 718.374719][ C1] __kasan_slab_free+0x32/0x50 [ 718.374750][ C1] kfree+0x12a/0x3b0 [ 718.374775][ C1] ? dummy_timer+0x1750/0x38d0 [ 718.374801][ C1] dummy_timer+0x1750/0x38d0 [ 718.374828][ C1] ? debug_object_deactivate+0x1f0/0x370 [ 718.374867][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 718.374907][ C1] ? __hrtimer_run_queues+0x5a7/0xcc0 [ 718.374933][ C1] ? __pfx_lock_release+0x10/0x10 [ 718.374968][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 718.374995][ C1] ? timerqueue_del+0x83/0x150 [ 718.375026][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 718.375052][ C1] __hrtimer_run_queues+0x20c/0xcc0 [ 718.375084][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 718.375111][ C1] ? ktime_get_update_offsets_now+0x201/0x310 [ 718.375150][ C1] hrtimer_interrupt+0x31b/0x800 [ 718.375186][ C1] __sysvec_apic_timer_interrupt+0x10f/0x450 [ 718.375213][ C1] sysvec_apic_timer_interrupt+0x43/0xb0 [ 718.375242][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 718.375279][ C1] RIP: 0010:write_comp_data+0x11/0x90 [ 718.375315][ C1] Code: cc cc cc cc 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 49 89 d2 49 89 f8 49 89 f1 65 48 8b 15 7f 1a 78 7e <65> 8b 05 80 1a 78 7e a9 00 01 ff 00 74 1d f6 c4 01 74 67 a9 00 00 [ 718.375338][ C1] RSP: 0018:ffffc90000a18b78 EFLAGS: 00000246 [ 718.375357][ C1] RAX: 0000000000000000 RBX: 00000000002af31d RCX: ffffffff892431ed [ 718.375374][ C1] RDX: ffff888063d39e00 RSI: 00000000000f4240 RDI: 0000000000000005 [ 718.375391][ C1] RBP: 00000001ad7f29ab R08: 0000000000000005 R09: 00000000000f4240 [ 718.375407][ C1] R10: 0000000000989680 R11: 0000000000000000 R12: 0000000000989680 [ 718.375423][ C1] R13: 0000000000000001 R14: 0000000000044b82 R15: 0000000000000000 [ 718.375444][ C1] ? pie_calculate_probability+0x2ad/0x850 [ 718.375485][ C1] pie_calculate_probability+0x2ad/0x850 [ 718.375526][ C1] fq_pie_timer+0x215/0x5a0 [ 718.375567][ C1] call_timer_fn+0x1a0/0x610 [ 718.375599][ C1] ? __pfx_fq_pie_timer+0x10/0x10 [ 718.375635][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 718.375667][ C1] ? __pfx_lock_release+0x10/0x10 [ 718.375704][ C1] ? mark_held_locks+0x9f/0xe0 [ 718.375735][ C1] ? __pfx_fq_pie_timer+0x10/0x10 [ 718.375772][ C1] ? __pfx_fq_pie_timer+0x10/0x10 [ 718.375808][ C1] __run_timers+0x74b/0xaf0 [ 718.375851][ C1] ? __pfx___run_timers+0x10/0x10 [ 718.375886][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 718.375924][ C1] ? irqentry_exit+0x3b/0x90 [ 718.375958][ C1] run_timer_base+0x111/0x190 [ 718.375992][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 718.376029][ C1] run_timer_softirq+0x1a/0x40 [ 718.376062][ C1] handle_softirqs+0x216/0x8f0 [ 718.376091][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 718.376121][ C1] irq_exit_rcu+0xbb/0x120 [ 718.376147][ C1] sysvec_apic_timer_interrupt+0x95/0xb0 [ 718.376174][ C1] [ 718.376180][ C1] [ 718.376188][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 718.376219][ C1] RIP: 0010:___cache_free+0x6e/0xf0 [ 718.376240][ C1] Code: 00 00 66 90 8b 47 30 25 00 00 00 82 3d 00 00 00 80 b8 00 00 00 00 48 0f 45 f8 65 48 8b 05 02 af 21 7e 49 03 45 00 48 8b 50 08 <48> 39 78 10 75 48 41 8b 4d 28 48 8b 00 48 89 04 0b 48 8d 4a 08 49 [ 718.376260][ C1] RSP: 0018:ffffc900038ef810 EFLAGS: 00000282 [ 718.376276][ C1] RAX: ffff8880b9342e80 RBX: ffff88807dc4d780 RCX: ffffc90014d06000 [ 718.376291][ C1] RDX: 0000000000121009 RSI: ffffffff813e7a46 RDI: ffffea0001f71340 [ 718.376306][ C1] RBP: ffffc900038ef830 R08: 0000000000000007 R09: 0000000000000000 [ 718.376320][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff81ea9359 [ 718.376335][ C1] R13: ffff8880158418c0 R14: ffffc900038ef878 R15: ffff88807dc4d780 [ 718.376351][ C1] ? qlist_free_all+0x49/0x140 [ 718.376382][ C1] ? __phys_addr+0xc6/0x150 [ 718.376411][ C1] qlist_free_all+0x4e/0x140 [ 718.376441][ C1] kasan_quarantine_reduce+0x192/0x1e0 [ 718.376473][ C1] __kasan_slab_alloc+0x69/0x90 [ 718.376504][ C1] __kmalloc_cache_noprof+0x11e/0x300 [ 718.376535][ C1] ? usb_control_msg+0xbd/0x4b0 [ 718.376565][ C1] usb_control_msg+0xbd/0x4b0 [ 718.376595][ C1] ? __pfx_usb_control_msg+0x10/0x10 [ 718.376623][ C1] ? hub_event+0x5bf/0x4e10 [ 718.376644][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 718.376673][ C1] hub_ext_port_status+0x14e/0x670 [ 718.376707][ C1] hub_event+0x6e0/0x4e10 [ 718.376756][ C1] ? find_held_lock+0x2d/0x110 [ 718.376783][ C1] ? __pfx_hub_event+0x10/0x10 [ 718.376805][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 718.376834][ C1] ? __pfx_lock_release+0x10/0x10 [ 718.376875][ C1] process_one_work+0x9c5/0x1b40 [ 718.376912][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 718.376941][ C1] ? __pfx_process_one_work+0x10/0x10 [ 718.376977][ C1] ? assign_work+0x1a0/0x250 [ 718.377007][ C1] worker_thread+0x6c8/0xed0 [ 718.377043][ C1] ? __kthread_parkme+0x148/0x220 [ 718.377069][ C1] ? __pfx_worker_thread+0x10/0x10 [ 718.377100][ C1] kthread+0x2c1/0x3a0 [ 718.377122][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 718.377145][ C1] ? __pfx_kthread+0x10/0x10 [ 718.377170][ C1] ret_from_fork+0x45/0x80 [ 718.377199][ C1] ? __pfx_kthread+0x10/0x10 [ 718.377223][ C1] ret_from_fork_asm+0x1a/0x30 [ 718.377260][ C1]