last executing test programs: 3m14.71015588s ago: executing program 3 (id=813): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000480)='devices.deny\x00', 0x2, 0x0) setreuid(0x0, 0xee00) write$cgroup_devices(r1, &(0x7f0000000080)=ANY=[], 0xa) 3m14.658538252s ago: executing program 3 (id=814): syz_usb_connect(0x4, 0x207, &(0x7f0000009a00)=ANY=[], 0x0) socket(0x10, 0x3, 0x0) socket$key(0xf, 0x3, 0x2) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000160001f47efde4be701161000a000000040000800400", @ANYRES32=r0], 0x1c}}, 0x804) 3m14.096239669s ago: executing program 3 (id=817): getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) ioctl$sock_bt_hci(r0, 0x400448cc, 0x0) 3m14.060431325s ago: executing program 3 (id=818): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x14) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) 3m13.945714805s ago: executing program 3 (id=820): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x7e, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1, 0x0, 0x0, @void, @value=0xf6}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3m13.538319115s ago: executing program 3 (id=831): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x1, 0x0, 0x6}, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)={0x14, 0x52, 0x101, 0x100000, 0x0, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x40) syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000440), r0) 3m13.338404887s ago: executing program 32 (id=831): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x1, 0x0, 0x6}, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)={0x14, 0x52, 0x101, 0x100000, 0x0, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x40) syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000440), r0) 56.667478541s ago: executing program 5 (id=2889): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) getsockopt(r2, 0x111, 0x7f, 0x0, &(0x7f0000000080)) 56.667062157s ago: executing program 5 (id=2890): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100)=r2, 0x4) sendmsg$unix(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000440)="041000", 0x3}], 0x1, 0x0, 0x0, 0x20040004}, 0x20004011) recvmsg$unix(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002) sendmsg$inet(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)='l', 0x1}], 0x1}, 0x2404c140) 56.583243204s ago: executing program 5 (id=2891): r0 = socket$inet_udplite(0x2, 0x2, 0x88) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10) recvmmsg(r0, &(0x7f0000005a40)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/161, 0xa1}], 0x1}, 0x9}], 0x1, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r1, 0x11, 0xa, &(0x7f0000000040)=0x4, 0x4) sendmsg(r1, &(0x7f0000005c80)={&(0x7f0000005c00)=@in={0x2, 0x4e24, @empty}, 0x80, &(0x7f0000001780)=[{&(0x7f0000000080)="8d", 0x1}], 0x1}, 0x0) 55.712487237s ago: executing program 5 (id=2903): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x60) pivot_root(&(0x7f0000000240)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000280)='./file0\x00') 55.665973269s ago: executing program 5 (id=2904): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc000, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x6000}}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='system.posix_acl_access\x00', 0x0, 0x0, 0x1) close_range(r1, 0xffffffffffffffff, 0x0) 55.375934084s ago: executing program 5 (id=2906): r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x3c, r0, 0x1, 0x70bd26, 0x6, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x820) 55.091672839s ago: executing program 33 (id=2906): r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x3c, r0, 0x1, 0x70bd26, 0x6, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x820) 48.054268416s ago: executing program 6 (id=2976): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0x0, 0x0, 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'}) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000400)={0x1bad2a0, &(0x7f00000000c0)=[{}]}) fcntl$setlease(r1, 0x400, 0x2) 47.942422747s ago: executing program 6 (id=2977): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd51, &(0x7f0000000000)='cgroup\x00', 0x0}, 0x30) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='cpu.max\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r1], 0x8) 47.885525585s ago: executing program 6 (id=2978): r0 = gettid() timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) fanotify_init(0xf00, 0x1000) 47.845397073s ago: executing program 6 (id=2979): mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a) mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1a8584c, 0x0) 47.79361718s ago: executing program 6 (id=2980): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000180)={0xa, 0x0, 0x404000, @loopback, 0x7cfd1f0f}, 0x20) r1 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r2, 0xffffffffffffffff, 0x0) 47.625679345s ago: executing program 6 (id=2982): r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}}, 0xb8}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000740)=ANY=[@ANYBLOB="18010000210001000000000000000000fc020000000000000000000000000000ff0200000000000000000000000000014e210000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ac"], 0x118}}, 0x44) sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="021600000a0000000000000000000000080012000007a18208"], 0x50}}, 0x0) 47.42524629s ago: executing program 34 (id=2982): r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}}, 0xb8}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000740)=ANY=[@ANYBLOB="18010000210001000000000000000000fc020000000000000000000000000000ff0200000000000000000000000000014e210000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ac"], 0x118}}, 0x44) sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="021600000a0000000000000000000000080012000007a18208"], 0x50}}, 0x0) 14.653807974s ago: executing program 1 (id=3396): setuid(0xee01) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpgid(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2}) sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f000001f600)='S', 0x1}], 0x1, 0x0, 0x0, 0x20008000}}], 0x1, 0x20000015) 14.455549617s ago: executing program 1 (id=3397): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000ac0)) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2}) 14.345656307s ago: executing program 1 (id=3400): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x40000, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) write(r0, &(0x7f0000001340)="89d87df03855", 0x6) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000007c0)=[0x5], 0x0, 0x0, 0x1}}, 0x40) 14.19702105s ago: executing program 1 (id=3403): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x12c5c18, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x2a05004, 0x0) umount2(&(0x7f0000000180)='./file0/file0\x00', 0x0) 14.083831735s ago: executing program 1 (id=3404): sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000057c0)=[{{&(0x7f00000002c0)={0xa, 0x4e23, 0x509, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}, 0x1c, 0x0}}], 0x1, 0x20004808) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010029bd7000ffdbdf25010000000806"], 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x404) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0) 13.977439656s ago: executing program 1 (id=3406): sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r0 = syz_usb_connect$cdc_ncm(0x0, 0x7b, &(0x7f0000000140)=ANY=[@ANYBLOB="12010002020000402505a1a44000010203010902690002010000000904000001020d0000052406000105240000000d240f01000000000000feff0006241a00000008241c0300027f0005240101020905810d40000000000904010000020d00000904010102020d0000090582020002000000090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x0, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 13.820914928s ago: executing program 35 (id=3406): sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r0 = syz_usb_connect$cdc_ncm(0x0, 0x7b, &(0x7f0000000140)=ANY=[@ANYBLOB="12010002020000402505a1a44000010203010902690002010000000904000001020d0000052406000105240000000d240f01000000000000feff0006241a00000008241c0300027f0005240101020905810d40000000000904010000020d00000904010102020d0000090582020002000000090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x0, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 11.077931572s ago: executing program 2 (id=3449): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0}, 0x94) 10.964717268s ago: executing program 2 (id=3451): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) munlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) 10.922282358s ago: executing program 2 (id=3452): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0x80049370, 0x0) 10.735727385s ago: executing program 2 (id=3453): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000300)=0x80000005, 0x4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_int(r1, 0x0, 0x33, &(0x7f0000000300)=0x80000005, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0xda6, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80000000}], 0x1c) listen(r0, 0x86e) 9.832750586s ago: executing program 2 (id=3458): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380)={0x10000008}) mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 9.741541632s ago: executing program 2 (id=3460): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000003c000400"/22], 0x18}}, 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000000)={0x22}, 0x8) 4.21070641s ago: executing program 8 (id=3507): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="44000000100009"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="9400000013004f0a000200"/20, @ANYRES32=r2, @ANYBLOB="00000000000000000800cfffecc507006c001a8054000a801400"], 0x94}}, 0x20008841) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x8001, 0xd) 4.161150988s ago: executing program 4 (id=3508): openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/cgroups\x00', 0x0, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r2 = dup3(r0, r1, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$MON_IOCG_STATS(r2, 0xc0109207, &(0x7f00000001c0)) 3.65591568s ago: executing program 0 (id=3512): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r2, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc) sendmsg$inet(r2, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="f9", 0x1}], 0x1}, 0x4000080) 3.274661562s ago: executing program 8 (id=3513): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000000000000004"]) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000300)={0x100, 0x7}) 3.195176869s ago: executing program 4 (id=3514): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000b80)=[{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000600)="d387c80c62b0bd39aa0dc37b5db9bbc4305605ef2840e6ee4ec6596b4856b63943c877c09aa1f45b0172040464b86a103a0ea373631cd1da1c766ab8f49e609c1c80d76d3d0dd80e9349cc8e70485fa21ea7d3d96be61ae33b0194066a77218e604252100f794a276d4b71cf0ee9c732ec16656380bfefd44ab6c9d9560dc7a5b7081a23922260e0c74719027a5dc6e0093648e02ecaec216bee19b057af6ab3201bbf285dbfe1", 0xa7}], 0x1, &(0x7f0000000b40)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x80}], 0x1, 0x851) recvmsg(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/5, 0x5}, {&(0x7f0000000300)=""/54, 0x36}], 0x2}, 0x40) 3.068987758s ago: executing program 4 (id=3516): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x40400, 0x8) fcntl$notify(r0, 0x402, 0x10) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 3.006598534s ago: executing program 4 (id=3517): socket$inet6(0xa, 0x5, 0x0) socket$rxrpc(0x21, 0x2, 0x2) r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 2.973039447s ago: executing program 8 (id=3519): rseq(&(0x7f0000000300), 0x20, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f00000001c0), 0x3000000) 2.800790539s ago: executing program 8 (id=3520): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) syz_usb_connect(0x0, 0x4a, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.716609608s ago: executing program 0 (id=3521): r0 = socket$inet_sctp(0x2, 0x5, 0x84) listen(r0, 0xd) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000004000000000000000300000784"], 0x0, 0x9, 0x0, 0x0, 0x41100, 0x9}, 0x94) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4014001}, 0x9590f6cc3ea35512) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="540000001200b7a325bd7000fddbdf25200f07074e214e22030000002f00000001ffffffc300000006000000000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="de00fbffa611195cc93f034708000000080003"], 0x54}, 0x1, 0x0, 0x0, 0x4008000}, 0x40000) 2.655783485s ago: executing program 4 (id=3522): r0 = memfd_create(&(0x7f00000008c0)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x0) ftruncate(r0, 0x80079a0) lseek(r0, 0x1, 0x1) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) sendfile(r0, r0, 0x0, 0x200007) 2.559652668s ago: executing program 0 (id=3524): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3", 0xa3}], 0x3}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 2.389637392s ago: executing program 0 (id=3525): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x5f) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 2.278574655s ago: executing program 0 (id=3526): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000040)={{@any, 0xf}, 0x0, 0x1, 0x9}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@any, 0x8000}, 0x0, 0x1}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000000140)={&(0x7f0000000780)=[0x447, 0x89b1, 0x9, 0x5, 0x7, 0x7, 0x5, 0x4, 0x990, 0x1000, 0x3, 0x8000, 0x7, 0x1, 0x0, 0x1, 0x46f4, 0x5, 0x5, 0x4, 0x5, 0x4b, 0x1, 0x1, 0xa6ff, 0xffffffff, 0x1ff, 0xcdf9, 0x9, 0x7, 0x2, 0x3, 0x1, 0x1, 0x3, 0x1000, 0xfffffffc, 0x7, 0xc96, 0xb92, 0x3, 0x9, 0x9, 0x5, 0x9, 0x2, 0x9, 0x9, 0x2, 0xcab, 0x7, 0xfffff111, 0x7, 0x9, 0x3ff, 0x2, 0x8001, 0x7, 0x8, 0x7, 0xb32, 0x3, 0x5, 0x0, 0x58b7, 0x2, 0x5, 0xe4, 0x5, 0x10000, 0x8, 0xfffffffc, 0x6, 0xbc4, 0x9, 0x2, 0x8000, 0x101, 0x8, 0xb714, 0x6, 0x8, 0x101, 0x92a, 0x4, 0x0, 0xfff, 0x32b, 0xfc1a, 0x9, 0x8, 0x0, 0x0, 0x0, 0x7fffffff, 0x8, 0x5, 0x4, 0x3, 0x7, 0x401, 0x4, 0x6, 0x8, 0x4, 0x38, 0x0, 0x4, 0xac0, 0xd3, 0xff, 0x0, 0xfff, 0x0, 0x2, 0x4f, 0x3, 0x3, 0x1, 0xffffffff, 0x6, 0x4, 0x755, 0x3, 0x40, 0x65f5, 0xfffff801, 0x4, 0x0, 0x3, 0xa, 0xd86, 0xffffffff, 0x7fffffff, 0xff, 0x0, 0x8, 0x3, 0x3, 0x8, 0x8, 0x8, 0x3d, 0x8, 0xf, 0x6, 0x7, 0xa1, 0x5, 0x5ef5, 0x5f0, 0x7, 0x6, 0x0, 0xe, 0x63, 0x0, 0x1, 0xa7, 0x3, 0x40, 0x2, 0x3, 0x1, 0xffff0001, 0x40800000, 0x95, 0x8000, 0x0, 0x4c0, 0x5, 0xdfd, 0x4, 0x5, 0x9, 0x51eb, 0x9, 0x7, 0x1e38, 0x8, 0xffff047c, 0xd, 0x0, 0x2, 0x7b, 0x6, 0xffff, 0x5, 0xfffffffe, 0x2, 0x9, 0x3d, 0x4, 0x8, 0xd, 0x7fffffff, 0x4, 0xffff, 0x22, 0x6, 0x8001, 0x6, 0x5, 0x0, 0x7, 0x400, 0x6, 0x5, 0x401, 0x8, 0x9, 0x7, 0x7, 0x9, 0x1, 0x9350, 0x66, 0x9, 0x4c3, 0x1, 0x2, 0x6, 0x5, 0x5, 0x0, 0x5, 0xffffffff, 0x174, 0x8e, 0x9, 0x9, 0x9fe3, 0xbc99, 0xcd3, 0xd700, 0x401, 0x7, 0x4, 0x9, 0xa, 0x101, 0x800, 0xfffffffc, 0x4f49, 0x2, 0x1, 0x6, 0x1, 0xb, 0x4, 0x5, 0x1000, 0x7, 0x400, 0x6, 0x100, 0x3ff, 0x0, 0x6, 0xffffffe6, 0x7, 0x7, 0x383, 0x40, 0x9, 0x6, 0x101, 0x9, 0x7, 0xf, 0x340000, 0x8c6, 0x62, 0x0, 0x3, 0x5, 0x2, 0x9, 0x9, 0xfffffffc, 0x7fff, 0x0, 0x7, 0x5, 0xff, 0x4, 0x5, 0x2b, 0xb32d, 0xfffffdab, 0x8, 0x9, 0x80000000, 0xf, 0x0, 0x8, 0x8, 0x1, 0xe3, 0xbcf6, 0x7, 0x8b9, 0x6b6, 0x7, 0x5, 0x3, 0x6, 0x1, 0x4, 0x401, 0xa40, 0xb, 0xfffffc01, 0x9, 0x2, 0x80, 0x9, 0x5, 0x404, 0x3ff, 0x7fffffff, 0x4, 0x6, 0x80000000, 0xc58, 0xc, 0x3, 0x10000, 0x4, 0x2, 0x7, 0x2, 0x6, 0xffff, 0x7, 0x5, 0xd, 0x5, 0x379, 0x6e9f, 0xe0fa, 0x1000, 0x7, 0x5, 0x0, 0x4, 0x0, 0x7, 0xffffffff, 0x4, 0x5, 0x3, 0xfffff100, 0x7, 0x80000000, 0x491, 0x3, 0xd, 0x4, 0x101, 0x1, 0x613d, 0x101, 0xd, 0x1, 0x3ff, 0x0, 0xc, 0xfffffffc, 0x4, 0x198, 0x61, 0x1, 0x5, 0x0, 0x9, 0xf911, 0xb, 0xffffffff, 0x6, 0x5, 0x8, 0x3, 0x4, 0xffffffb5, 0x91c9, 0x4, 0x1, 0x200, 0xff, 0x1, 0x7, 0x3ff, 0xcb2a, 0x8001, 0x3, 0x700000, 0x3, 0x8, 0x9, 0x7fffffff, 0x7d17, 0x400, 0x9, 0xfffffffa, 0x8, 0x9, 0x8, 0x2, 0x2, 0x5, 0x4, 0x595, 0x20000, 0x9, 0x6, 0xfffffffd, 0x6, 0x5, 0x8, 0xc1d, 0x3, 0x3000, 0x7, 0xffffffff, 0x1, 0x30000000, 0xfffffff3, 0x7, 0x800, 0x10000, 0xfffffffd, 0xfffff816, 0x401, 0x7, 0x3, 0x388, 0x2, 0x7, 0xca1b, 0xf, 0x0, 0x7, 0x4, 0x8, 0x7, 0x80000000, 0x1, 0x3, 0x9, 0x9, 0x9, 0x747, 0xffffff61, 0x0, 0x8, 0x3, 0x2, 0x8, 0x1, 0xffffff11, 0x2, 0x1, 0x6, 0x9, 0x7ff, 0x2, 0x9, 0x4, 0x2, 0x8, 0x4, 0x2a8c, 0x3, 0x525d, 0x8, 0x4, 0x9, 0x2, 0xa, 0x2, 0x2, 0x15c, 0x1, 0xe34b, 0x7, 0x3, 0x150, 0x6, 0x101, 0x4, 0x0, 0x2c, 0xb, 0x4, 0x8, 0xfff, 0x56a, 0x4, 0xffffffff, 0xa4, 0x80000001, 0x8, 0x4, 0x1, 0x81, 0x7, 0x4, 0x1, 0x3, 0x1, 0xed90, 0x0, 0x7, 0x100, 0x1, 0x4, 0xb, 0xf2, 0x0, 0x7, 0x80, 0xfffffff1, 0xfffff65b, 0x40, 0x400, 0x81, 0x5, 0x8000000, 0x3ff, 0x3ff, 0xe1, 0x7009, 0xfff, 0x0, 0xf0cf, 0xf8ab, 0x8, 0xb, 0x9, 0xfffffb54, 0x8, 0x8, 0x80000001, 0xfff, 0x7, 0x2, 0x7fffffff, 0xffffffff, 0x8, 0xfffffada, 0x40, 0x7d0, 0x5, 0x7, 0x7ff, 0x7ff, 0x5b5, 0x8, 0x1, 0x10000, 0x9, 0x3, 0x5, 0xfffffff8, 0x5, 0x3, 0x2, 0x3, 0x7, 0x5f3, 0x400, 0x1c00, 0x1, 0xfffffffb, 0x80200000, 0x9, 0x80, 0x3, 0x910, 0x8e8, 0x8, 0xf7b, 0x5, 0x79, 0x1, 0x7ff, 0x9, 0x8, 0x9, 0x10000401, 0x2, 0x7f, 0x2, 0x80000001, 0x1, 0x6, 0xd47, 0xca, 0x2, 0x100, 0x9, 0x0, 0x9, 0x5c1fc33e, 0x4, 0x0, 0xe, 0x8, 0x80000001, 0x2a1, 0x0, 0x106, 0xfffffff9, 0x4, 0x6, 0x3, 0x0, 0x20003200, 0x5, 0x892, 0x80000001, 0x14, 0x4, 0x40, 0xffffffff, 0x9, 0x887, 0xffffffff, 0x3, 0x1, 0x8, 0x18b348da, 0x1, 0x8, 0x6, 0x1, 0x2, 0x9, 0x5f05d22c, 0x9, 0x0, 0x2, 0x6, 0x8fe, 0x7ff, 0x7, 0x843f, 0x2, 0x7, 0xd575, 0x6, 0x8, 0x4, 0x6, 0x81, 0x7, 0x50000000, 0x6, 0x15, 0x8, 0xffd, 0x6, 0x10000, 0x3, 0x6, 0x749f4463, 0x4, 0x7c20c2c4, 0x2, 0x5, 0x4, 0xfffffffc, 0x5, 0x8, 0x2, 0x8, 0x7, 0x9, 0x8, 0x1, 0x8, 0x9, 0xfff, 0x1000, 0x8, 0x401, 0x1ecd, 0x4, 0x2, 0x3, 0x7b, 0x1, 0x4, 0x200, 0xff, 0x0, 0x3, 0x5, 0xa314, 0x3, 0x10001, 0x9, 0x3, 0x6, 0x7, 0x4, 0xbfb, 0x10000, 0x6, 0x6, 0x1ff, 0x3, 0x7, 0x0, 0x4, 0xff, 0x3, 0x80000000, 0x7, 0xff, 0xbe, 0x4, 0xfffffffe, 0xfffffffc, 0x9, 0x34, 0x3ff, 0x8, 0x5, 0x8, 0x7, 0x10000, 0x0, 0x4, 0x3, 0x9, 0x7, 0x46, 0x9, 0xffff, 0x81, 0x7, 0x2, 0x0, 0x73d, 0xd485, 0xff, 0x9, 0x97, 0x9, 0x6, 0x2, 0xdc9, 0x5e9a, 0xffff, 0x2, 0x9, 0xfffffffd, 0x7, 0xf, 0xfff, 0x4, 0x8, 0x4, 0x3cb, 0x4, 0x418, 0x10000, 0x7, 0x3, 0xa, 0x3b, 0x6, 0x47a, 0x1, 0x7fffffff, 0x7, 0x40, 0x6, 0x81, 0x7, 0x1ff, 0x8, 0x10, 0x9, 0x1, 0x9c, 0xf, 0x6, 0x101, 0x3, 0x9, 0x6, 0x8, 0x7fff, 0x4, 0x8, 0x1, 0xffff7fff, 0x1, 0x3, 0x8, 0xb2, 0x8, 0x2, 0x7, 0x2, 0x5, 0x166, 0x3, 0xe14a, 0x7, 0x4, 0x8, 0x7, 0x9, 0xffffffff, 0x6, 0x8, 0x2, 0xb6, 0x53c, 0x5, 0x5, 0xfffffff9, 0x3, 0x5, 0x8, 0x5, 0x1, 0x9, 0xffffff7f, 0x80000001, 0x5, 0x9, 0x2, 0x0, 0x9, 0x5, 0x4, 0xe4, 0x1, 0x0, 0x5, 0x0, 0xe7d7, 0x7f, 0x101, 0x10000, 0x5, 0xffffffff, 0x9, 0x8, 0xe44e, 0x2, 0x80000000, 0x4, 0x2, 0x1c0460d3, 0xfffffffe, 0x800, 0x8001, 0x1, 0x2, 0x9, 0xfffffff9, 0xa190, 0x81, 0x2, 0x8, 0x0, 0x86, 0x7, 0xb90, 0xcf, 0xf8e4, 0x0, 0xd, 0x7, 0x100, 0x8000, 0x478, 0x6, 0x1, 0xb57, 0x5, 0x7, 0x9655, 0x2, 0x0, 0xfffff5d7, 0x3, 0x9, 0x7, 0x6, 0x9, 0xe, 0x4, 0x7, 0x8000, 0x3, 0x2, 0x6, 0x6, 0xae86, 0x4, 0x7, 0x401, 0x8, 0xffffffff, 0x60b, 0x3, 0x2, 0xb, 0x1, 0x2aa, 0xffffbeff, 0x18, 0x2, 0x100, 0x7, 0xfffffffa, 0x6, 0x1, 0x4, 0x0, 0x3, 0x9, 0x401, 0x8, 0xffffffe0, 0x7fffffff, 0x0, 0x100, 0x8, 0x101, 0x10001, 0xfffffffc, 0x8, 0x7, 0x10001, 0x5a1, 0x4, 0x1, 0x7, 0x8, 0x7f, 0x3, 0x7, 0x7, 0xc8, 0xfff, 0x149, 0x0, 0x0, 0x717e17b5, 0x2, 0x5da47ea8, 0x1, 0x400, 0x6, 0x7, 0x25, 0xd, 0x788f, 0x6, 0x7f, 0x71, 0x1, 0x0, 0x6ccb, 0x6, 0x5, 0x9, 0xfffffa99, 0x1000, 0xffffffff, 0xb4, 0x9900000, 0xd, 0xfffffffb, 0x7, 0xc, 0xf55, 0x6d14e279, 0x6, 0x200005, 0x1, 0x3, 0x152358f9, 0x6, 0xf43, 0x81, 0x9da1, 0x0, 0x6, 0x7f, 0x8, 0x6, 0xa1f, 0x80000001, 0xfffffff7, 0x4, 0xf77f, 0x5, 0x3, 0xc2a, 0xffffffff, 0x6, 0x80c, 0x2, 0x13c, 0xae, 0x2, 0x3, 0xfffffff8, 0x7, 0x3, 0xffffffff, 0x7, 0x8, 0x6, 0x1b04e], 0x6, 0x400, 0x8}) 2.162379816s ago: executing program 0 (id=3527): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3e616dc4010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000440)=ANY=[@ANYBLOB="00000100000012"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 2.034226196s ago: executing program 4 (id=3528): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1, 0x2}) syz_usb_control_io$sierra_net(r0, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000640)={0x0, 0x3, 0x4a, @string={0x4a, 0x3, "4b892f3bd21a5442309cec9d6dc391b4f771b97af610c870cb5f8f7d18dfd2dea5a144e9705762d1e28a8ace9442e4db95fd4539d3fd9a8d62fcdb0ba3c7506485d4fcedc4daaade"}}}, 0x0) 1.311411661s ago: executing program 7 (id=3532): signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x8]}, 0x8, 0x80800) r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x7ff, 0xbfdffffc}, &(0x7f0000001600)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r0, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) syz_io_uring_complete(0x0) 991.484111ms ago: executing program 7 (id=3533): mkdirat(0xffffffffffffff9c, &(0x7f0000000740)='./file0\x00', 0x271) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r0, &(0x7f00000021c0), 0x2000, &(0x7f00000041c0)={&(0x7f0000000000)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x100000, 0x40, 0x0, 0x0, 0x57, 0x0, 0x0, 0x2, 0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f0000004300)="d5c2280baf4e05cfa1d1112770cf43a123827586f0f2675b130041ff58ba6533ea7947f2f65b1d458fe88a96133ea3927f41fa6976fad8c967c88679769ee674b80debcd1ec6ce1eb490888bd66a52141fa82f51882b22a8e36ff462b51560307cd0048156800ad137f359719a9c5d6ad6a8c999984f22461c4ca6614ca4cbbd5e9103a3459228e3bd35e3c1cd5f2a83fbefafe7c5a39617ba1d856f37977da077ffcf4d52f5bb3feffa9e100b0279cb635a61ae9f5f4491bb1c9f04c041818a1ae9a25cbca38c4b4754a8be4f52db20ca464b3b4faf0ea8ff193b414e7b7a4ec8aec2e77adc43d09c62d37fc0aa6296a56a9445f264a245d41e77de43c2694cc5885ebd454a3b78b60172e3e6a2fd79efa8b5fbbe827512aa0656920858da51616244ad32e53ed039a270c042662bc966a8fa05e23a51c76585a6f753e57c63b5a1dd11c4ce8773702c5c759471b79ee9bed600d99853afda9b675f071bdf6ff4eb99cb1ae0128ac1f8132f9b7bef82221276395e59f1323c9f9f6bb937a9db0bc2088670ffc3e6233ba73d4e324df7bc866e84e82ab707ab8aadd593913dd3533cddb396e804a63155ad6911962bc49bad21faba90b5570b62d98eb5328214a7198b36ea6df9a72dc248311040e01539112e1d6bcb4ed9d7fb70d22768ec6603e4727b6ed2616eb9108524985ccd70f1361f68b1fb7088829acdd59ec5af9e84409737f0d852a3c55993cb7398b5640c458bc036115b86de7b8e68f1cff882ee5707040571c3e5c9602c773459cfecad4917d8ba2902bd64a676e2c6e507d06dbc806c13c0fd18175087440ce7d7300dfe745b8e98ac63b400e449a3f2518c6112c9864fde68f580ebc2d72e4bbd03f16a7289be813c258b02f76ce901afdafc69046c947c9e801ac635b2a95cca291c052c7f8149c92aaeaab41edb34a70604a7538c4bb6486b983416843fe6a65d7b828d66deb991e71526b7627e71c6a795a02e787bc561ec4b65d4742a129c59bc71b323850cb416f3d32494d6dbfe3ea73cb473b093ae0b0ebbbd3e3251ece756b3cc381f05ea1b8c3f7fbcbb16fc446fc084725e6c3a608221aad8d8179112f9e5ee3697346a0dc0645e530df523cf4daea14764c25da2da863adebaccefc2c83a9257b3131ac2fe04a27bf3aea8979b6f3091b4fef99e203725368d297bad3b020273d0b606d2368e2ecb0776349cb86bbcbaa5c910636527e3cbeca06b4135170d8808c5f113fcd77ecb2f099d1e663617a46ffc5275c8fcc339d315ca1583f66fe7a7e6430405c0be889826c07fcafa17f04e08bc39570a1f499092d390c5dba82d259f652307ff941e9f1f569a48144da846f14452df295553de6ef4e9ba0cd98dd16cf89d8bead08eacd4eea71cc5f8232349f2d8519b1172c724d3bbc415c19c9e679b5a96bc9051cf6f243f243366622023ab1b7039a89152e7db97f291bb3f0213c445c25caf5f0a5a2b382c841cd8a490dc97d008966e94ed0b5ce07bcc0c13b39c349e4b596147a633f3a73ab6012a1582d3d283293bd7c01f99cdbad8e18d24867c39ed0dc3fc3cc800edd23af24b225acb2cca5aa264bcda40e1432cf2cc0050efdff48fd49ae4225a983d1b12facbaaba73294eb225fff64a677d0ed2cd71bab61b3fde8a1fdae638d2036283a8a4ff5a548d05cb706f56ce7e3f55a688fa6c70393c53c33be11f34a38f61f80c8e94e50fc9d7c3695d234705bb9e0b2a8316cf54d7963f548d49f153bf796d0970ed1264c19d79eb77fd0aad4844796cec73a08206b9eca76f2ad76318a20d52e7d3338eac40d03775cca0c2b29a451cb10bc141289c2703198e7137200a360463000fab97d0da72a7b4e8aadfa8a2e559a7d06bf49d6d4a932cb29994ef7ca0c1beabf05b898bb2338e89a67373d50614300f13523fe451d4058e5a522d364ec884099ee3c6e6db8d4ec1e5dc08d127b6301a308a1d6798878c28ef828b91b529a22b7519d249a189a7eb942b94ce26148ea8bf16a44261cd9691ba980ec2d0c710dbee41756cb39b88213ad5763239ae7636e983580c41a40b0f3a3af9fa6f995ed1981d073f63a623554bb01869bdfda190bc8d9507cc067b897e1c5f0d087cf8dfcb171169541fa3cce7c3a620544c74f2d3234935a0acf6c804c43992812925cbaaa24f497e7a00efb20c45c7acb80adb3322cbe0f08d1015b40f5ae1366003ebea977b7b95f803487d10aedca3fd018cfa7b267dae604ed0ada202cbebd731f86b7c6764911d4ff0c75a318ee43b1b556781ac58fbd773b2bd0dd693f9b12fa149bbe392cb2d6bf72015912f4a120e47654d42d14107c67b4502b5ad62044d0022c7f8b255a3e46da4bb8f9e44515e4076ce7b1aefd57c4e264b2cbee4a9e8612ce8517b028067644c927a9ce7564449c8fb0471a87b9b76f374c7c2559379a3004326bdc91be5ec52672dc5fac0883ec527f2a1248601bb9267c3123568b815b90b40ba06c250e3068dee2d7fc232141eaaa130443a5775d049464ec454a7c980d9eebaa4f67a75075a6bc28ded9a5f07fe658a2b9eafa37f14055155409d1aa50be6343d13d515d0531b84644d2f58c280d6d008dee95607f67eb74c900f664d97f411f4ac6afc18f11b6fb75e78b3ff25680ed3bbf5b20969678475b86faa02a751e4cec87735645753f245047371c9e6e2e7ab5a9ea3182b4c96934a21b9df3628b478f5ef705aeda49a0609d4b8f5bf34424581557d029438306002fd4e9cff5a2d4e7d5e23c2992032d314b8fbb46ccda250070fc1b679c9c8646c5fe22d8fe2e0fff73d8153fc46ef7885aeaa2d1eabbe455544d46fdef8e3ef9debfe589870942bcc7196e62736e927c311782b5e4da2889d530a7c1550bff4909d2055941655cbcc5c924a477c80fc3b8a904cd9e62f5fb005b5b00154db5becbe327c0f3ec8314ef3fb53977ec24ff7d15aa83a13b23ab99c5332306023005d2dfb70d3ea2aefababd019ae16d304c083e38997cc94bdeb746fc151849c98dc2a23554e6fe789d3aba8bf4e31133c7f93a3cdcd884271dfdd2c45be398a5349ef5d08456178dfafa31cb4c607f09394d71b3405b3d615c7c59c125db88f72380140345d24c56094711dd833221d6b7c5864d049585605c1301c31982d19e403b601b797fe99d0bbfe30d647a913da72b4c5306f6123e7c572828308a9a8f4c686d07125d0006229c2e890ff7d3c354dde61ccd3b26069a81a98e112e61a930f253d607cda5023f002a09df6b1371638d9661c5a06bed166434f07120ad21476de8ad47296af4b449d581cddc74f9be42a84596fb0634f330a856216a9b32b080c8b66e9f51a758b9ca2e1215ddfe633714ca512032f6547217b1a60fcdb27ac8a04bc7851718b38607bc92c13118a323c3221bad99a8639762abcc4a08654da9938aeb301c55546f5ae7f61439dd883a1b2dede156a57c805ab12337d5381a2fb25b32916a8827fc4de8e2ecc70eeebeb01659d6bf88055477b863fb897d5db275a0c222d261e7df79474858b721e57747fe8997faaf36f5f175b23dd3c5efb2b93fb5824da18d635cd7027a3b0b1c87e7c90a5681682b8a7c47dc82fdd3f329c7b60270100dec8ccdd310245b92f4b0bd9a92e1f2a5733b1b91966be15a4761b06f6fe3b05b60ee7964b4d028257c2210ca88031db0590190d3714c1b6ec86e2821dca03db2fc0c9f0ad9800d1773c8037e9b38c7eb7c99618b731e0526f8453c7e1bb67cffcc2d96cc297e1f917b13dd7dda2a8b12191ed107c1e076ffd4965b9415f830be97935cac23a87f07e26354273c2663c7ef19a27dfe08543fa057e1285c909051602981f5929078214058684bc80bed493f6ef853012cb654d180e414fd484f5cb2cfd06c9b753f417697ff42794649e05fcaa3d53ad0fdfbb0db57dc549115e59978b14dd621370d136176098af2f39a2de72482a29b616e8b308b3d9b46ac9abf3d57ff89fe59b5a97966cc4b97d06c20ee4fd765e1c2abce54dc271a7c7efe656648800c27a9988583b4b76572222cb28916b9ff5f6f649de93923179809405c879a90cb450f604cbe8af55cf2a6d844a59ab0393b394e09c79e1b3c403af6eba69330f6969f78a49eb7022e77a39363f11e07fcc69f670f63c11497352f3f5bfea0aee446da35428cebe28f1c2d23ef3ff97e16ceeb2f88ab19b2b69dcdcc81b947b483cc06c776c52232489f86f4c377eb38056042e2e9e0943fc0ef1490df472b9b244235598894a2ffc296f0a2e4257baca6a3ea8cfb1a22ea8295ab9e5faaa2a9e964ae7625dbf945cdbb369265f429d475ab69413cc5bcb89af57b1b966bd0076f799a401d4b46e5045aceb1ef36e5bbfb037bb7681f2a38ef1df9b84baa3598201d13a813165355bf052bb5e456dc0abdefed995b4eb37a39b313af800f6029243a6a7bec75a23389a90034cac8df6713b919028a14649d756d0093550278aad494de2dfeb76220fd3ee5be31f73839ace7f0d6da650e26f5ded30471ed55d2e814fc1b89102e5917b4e58840ecc211eaffa5a2937abeb882ccdf29308e3ac30e23d66ee79c29b4fb7e793a55e344cac298e30f1ca3333df8b58f43126a3404a61501ce06b75e6e6a4bf13dbfb05efd7b9b4219efd428c8f7f345884640d19f5515abcce05f315f00e65d9aa8022890a23da45ede06f455d66e0c96bbf7e9cc74eddca999a51174b4784eba8a9ebed13415de6bd0f160443d43b78181cfa381313a54e25f6751a38f290e5972ff7f70692e18c4737af2a7f6d4eac52ea594a22be4fd00fac1484e6d2d4d3196b49212b49598f5bc77b34d8a3633cf7212c869557d6eb27bf0d0a02555d9318194e9de9c9730ac72daee7cad6c2d4b248a8744515670766a8f1c739917fb859d98974532477989f4c24345f120f5320fdb8d8d56fa6ff2511e701bab399513cecb3e740e3761d02685a765f5267554d0f9243b51620197adc3b561b59c58f334307220db357c1121d7dbf593898b5d2c505f333445c084a6cbc6a7e5252724c83fcee85e304534780a01e7ecceb2ef53ffb6bc6cb9051b1400493ce55d62c01e972fff3cc7d0b68a2dd4d263c9191df1b629e323797f570083f122db3df6abb6fd6c4a351bb7500c7241e4392ac76e04259968e517a43e907cb0b0533d6750b9587a1a5d852639c6b789d333e848e3ad66cbf19c5ee5a641036cb7a858f822f657dec36cc134d6c1a629cfce1f1e24dbb73d09fba04f53b2c6309d71d92211a1f08535244eefcbb52e095626bcc78b950db1cb8facc3660fa705dceef155b00aef3291367ffcea06b5abe588bbdcea2637761308dc65509798b6a494dae4a75c1922c1234248dbfcabfaab3088a0dad09a135a45d75105314020f3ba8901dc39ee624a32e9f863ff55844974b44e57b30302cd0c349f3cc091befd5665f918c298ba89454fb811ce573e41f27490853a52abd6144e85d77de88c3f2e5506c8de40a3957e65936f3b294ce92610b63cec888cb16fe0e8a7af3dd142da96b57f602cc64ba69966724584c2872e5fc42348a324ff082a3ecfded82c3e5b7292d3726c4800176acab6a7a1479a0b5fea79f299e90ffdb1b3843e2349b8f8dc7881145b3796380474c2ceb57e27726c9e50b746a2b12a214fea9cfd6c668363fe6e402710665118928fedb2f4900322b0c7d2c348881ea52278dae765c14b51fd5e8f000602aa3978d83b76056410c2260931e35d841793c8a36b191f93c33c0e4e6367ef45a1cf5145d774861224afbb11a7b77bb94492ec49827f713f8309d80d22e17701046e04c5b277f7b423cbbada01e6d40beb56e755e583b8f3de4b67c4b5ac83771b805fa7af49de2fc8b9a223293d83e7eb4eea3a3af1d1221e5d458e7cab60eaf1b51550a1b125ce018d76096f16d922f4aba48a728ec1b7d4812fe2ca789261b6d8e0c8edb3ba9007649084899c4f6b7986c1cb4a98d412c801fb91675ee42e2bb511bff6700772d3c03a7cb6adb41cbddc33053f8f65c164e9bd47b931510046506b169216d0a04edc479bc51c28acc536ced3834a7a9ce8fb55b72fa186a559437bf41f04b733e05986c915bc19f1b2f99d3bae6c13873d32e3c809b71881c3075f8dd1746f36409ac7934c25236ee2752560fcdd5175037a6fc5f0da58a229418ce30f3e64f9eb6ff3fe4498f47fdd69ceac5e792c8c9f087316f334b7f75e3432d3f1d03ee97c8f16485ec906c94e6c9580f7d03d98a8da85ec118b77c6c1d3b2e99fbf4b45e66cb4f8817f786d1f90e1e5e250be8c240a9648a219a02e62acbd72d1b0c0b42c75065a35664ea6a03cb05ea179f2e8e50e3d7ed53d31cdc10cf5fce48781fa338e3ee819f410540f045cb0edd7b2d219993faaa97cf95aa6144e889a02069421291d05eade30693a751039fece452c22d1afba081d1c40178fed7684cae475fcc365484118a184670cd7aa2758bdb01058ea9b244d5241f627bc5be11c9395e3cb839b0eac7842a312e1fc8b4ddae2aa4ef907ca5c9b847785051323e16d5497c4424289496277475bba67da750fa05bd8be730e4aabaeb94641fa2263dd3d4eb511b4fa40b8cf8b16d7aded1163f2258add79b04e1eb888afa27d057de2523863fc2da38d44cc69ae2d455900eede5fce69d7e9f8707cdb2456a45dda14d257eee4982f86259b855a0293068aa4aeff9439bc06c8ed5a370fe46fa88fa9bb92872166ac69152d1cbb4720eec5b9a057890cbb838aef12091454fe721395b46f9fa29ec1829fedf65aaec1176bb9eb15511bd77e7d4fe7321b3e0dfda95e5c90c3663956477885d6d94b280f58edbc77e864dca73536cd4988bcde2a3edb91704ad59148d85a001e393cebdb56ee088fa1033cdc6fbcbea30e2974035bfe29cee1eace13e30950bb4658886dae7e565ffd7b71e41feecbcac35fd97c81a8fff9d2a1d43f183c6e984671e06645eb0a60228d1b6c12c28bc6eaa4b9125c57b48ced2e199ed3acf12dbe10af4a56f2f5dca829fd07fc3f7e0de6913c73be0ada3e43bcbe70de784de699d0b51d7a56a3eacaf5d7dcd77d73cfb82e04633574213e05dc98850d822bc6dc90dc3fd6184296287342e2243fe6f0cf94e6d02a1b900d0c718e2afbe7fea2fafa375f209fb9cef5d844b861a1029aa3dd7081e81fe6501bbb413dcd23e013f279ef87e082335ade324b7688054992ccc63fbf9153213ab6d07ed0b79945d19639aaa5dd10e53aafe57f1e323300246cb1d6ede1eb1f319ca6fe1b0cc8e733b34818425888110b6eabe2db302310d0a8bcdd5342146b29c535cc9a95a455c8926d77323a31b948d47dc611815a329654a252fd09dbcec5f3cd8bc7e465759eb8e72ff6fd4ef1f375e4e8762a58148622d14480b7bb9aca2eeab3367a7376c9c85e6ba1735e56a2fcc6baf92c8d21942883f318eab7a568fc7ff01885a7089aa7661b15d73799bc0b8f8ce6a3b61adb6949965a223850b6825616c036e099952e04fde7cf086b5e76d45b86ab78b322f9af580173f2e798a39df7cade0d365c9d46d3fb36970f8a99d7b20a1b275afff852126f21ac24ca8c34deb49ba511f4d9edb4f56941aaaa477253f9bfc9a25a2694bbbe3b917074dd4eb6f1be20395ac33dd932a7ccf0604d64257b5af3faf271c145c190a528e471a7f23a53b5f9ea1bd0cc36410e9c538e91dd01d162edde856087b60dcba2042e65b6ae7b81787bd3308db9eb025b6fd930a9eb74a30883b83cfa8be5270dd3ee3408db7f7b136adebb3ee30f0e0b8835a0ded325363e4a2991cafd4a73483954c0f5d3358b25780608fa48f3f527c7e617ec12eb017df33f5088676d8bc476da251e608394e3d8fc0883fd4d1804f8e07f5e12ffa4ee80365a88abf29936bf1b255539fef95f5cf3bebcd26817edb28e7b6adf4851dcfe8aa1aa097f67c51557326ccf9c46ee2780d491e87774324d4dc5e199b0cdef01094ea72bd5ad5fe1be6c9d545df3dc5de550665d220718a2c0baed2833cfb1428e2d1c2b9ea1e29f4b07fd6c51492643d4000716cd1e8a4f9d58b6b04b805d8962495323fd62949b17348418201664c6f2f651f99d73f8d17bb5e52dba2e6f94fa33f816d74bb6a45bd6cbdbd07f530406227c8fd11f390e805bbc17bc0e81076a27c0be023b64777afec0a7a0c3f53f03bc2ca72ae2873d68217a1a6905f414c2cb1b9561dfd07850a026da5f5775a66f8f3a6bc29b48c8a81b06ba30994ba8e7e233e3a3a5d886767ea6de91fbfc0a594c2375d62e71c7209d87d0f6c7a79a0d80da328e93f08650ec745495c771410913d094e4190075b7225761172eb420c82ab493548f6de38e17d3e687a89ce77c67c58b875c48c8a4d1664cbc6f67df357e040444fcd515d92d5823fc3ef6485208b6f3eda8cd09ea3b004f7eb06ac268ae8c3bf571aa3f619222a47540f9af340c80c587f7226e3d715b18c3ee41f64777d3a0a09f32190ad67922f6ecc63c956a715c3c42a6aaaf5e588d119210083ceaa414820b62fef87a678cd3f24f8fa3cdb6629b041cd7555974313f56d1b0e117ea925dc95e18b5d3f4ba9812f1067022945c3f5d547370d45853c4db3c9ca4436d7e649e1ac3ec02f9c1e9139849b46027d4b276cb0eb4b09848999f466f528290e47ba9540ceca89390db3fcbacb1d566e22e917f01f4442bd4dd0d350d057ffdf5b3549ca559901e6ff5147bdc25c11b23f1678f02c20e4e2e6f339b262e2b82eae0b15b4227f1d514f99ec78fbcf80c8f6f243536f2d7a809de05ae5e1d676fe950ad3513f801bbe4d16737def4b5ec4b62f8562cd5432bd372645202edeb286662d7e8d0dadac5b91c903c2756bdc4f5a7c931f2c3f7feace2b83f5459a196000e2ed1e1b2accaa9d637d5e408340161331c4b0047bf2ab31d317bb1c8f6e1b3d52f9f240bd971a447942dd4b73301781656aad9ce9b01aed907b7eb3a78397b97e601b04a4cb028d327ef32cf20c34e8dad9c9b1f981ab5c06a2b0271852e2a1016ee460d8568391c9ece5a2b8f29cbc6f2d6cc2e66c30c96df548e67dd6ad8c1ff09dfa22b2e8b2c52a3948c4febb0910c2d34c0604a5ef930cd53be69a4bed9c9ee057178ece02a6b4df4624191590952888bdfafd2dbeca128d500872a8b236fba9623672c4dc15f56a761ee0c54026112fc464f72d3039587f009b94930dac0dbe444a939b38c0f5bce7aa366bfc2bb909db231178228846f71a56ab219e28cef1b102c1bfadbe8f0916d10a573b8cb38cc2cc2ec496a410a4e82847006d2ed4bac927a63a00416d0bfce59cc69aaf78ddc9566f23582999a655c8ad3b217486fb5a037ce089baf344d55bbd475be4e90b10e92c9c1bae3202c2d63355549f0ac95058724fea81ff9cec027e7b93e2cee43af81c6978fee5faf6216118785251b8ca023115b2f87d5d4b10c29aa3616628ab40a8ef36668ef57d7f9be505eabc01947ca222362818a71b3d63e5725a4d8a2c619b1867f70daa07703360d026d6f65247330be1ba84ddaaa7779591ca261beda4f4c094af65c5c276fe3bfb89f067c8c54af67e78f61bdc114ed4aa869c3adf282d7a8e7272579e9fd9e47611e0dc89f97561110e0141c69b1fa114e27b3d1e2c825ea008a370e08cd0a0610edef20cdd8a7cda0922fff046edfd2ff391a10ffce5dd6045619ce9af6b03f4193d858a76b201ed5beb0f11321707b7b593b23adaee4a0c0caf39dfeebcbd2948030435dc94ca00990c728502ec4686194f0f454304a422023c1b2c5b1ebbcd8cd50fa2d11361e3bbdc306e2739e27de300eda27b1c1ea62d773104cea77c18037c6bcc76423621b45abbe789b384bfdfb46efa1627ff29d9d840bf6e1f05e7e13fae6383e42ce153dcb062fa0cefd0fe9298ddbe77fd78d7036b5a815504b48267203da08ca685bfe8ae89c031074bbe5d3d6dcc6a3a8a8a4d3102765c3b714867f4516df62f214351b97bb8b5697a9f9a9dd78627342b239c524a3943d1d70f8cdd7391f05e7395731a8fc05210c6733ea256040bbbb53389229b84dafaaa3db1d5eca2971d9e550149461f1a672eae2319a99beed48934520666bc54b63085a744b5fc9a9b089b16c50ae945f74adcd4c5d064a12a6e103ef59bcc035a755ad31836eb7d04e5900d3800c822b96b466a9f6611f46b8a7d6131f91c625a5604de5bf01e5ca5d99a714c8dc1160260010f8d55f9125ee453b61c911bdf0824caa804c76d6512802875c5433de9b2e8b6c579a67fec5d2bc64ed3d1c313854221b75c9a0ed42af6f5354e7b1d1bf8661baa1261e68fc20d14b5652d25a536f208bff2b90fefa163a232696e655bcf95bed39355ec865e272fed582aae18858f5096ece40b9108efb00147f9c2ced59bfe2a79826851850ed95b35908dfb4d9ab7da0668a1fa8933ac4f6534e9598481477791fd1a1c269011ac9fe81f0491790e8aac121ffc00e38a7619a1855e6899abc2c670375a3ba4ac0cf652da89a70628cee1a35ae17b3490102e3c88ca324d06fce2151bc9de49472cf6e76ccb16d2a9cbf4161812e2c7758d73631024190fe9b71935de6968b289d3503b497f3f4b6306446ae9c312f8f1c63c1f7e62652173d9ed48cb128815bd44a12061f9b73fbdc6674ab9e0d01807f7bcfa0aa59168420e5ad8b72d7b576e273a1d229934fce2867689a41cb17767cf9defe1a96515a677ba08e10e187a3ce2f1d78e6b43b0d46c36163a1967b203df4f53379ee98422e973ab5c090adff21b5cc84fc78358021f681a0f0fd744f687e4f6c295470bf8f548d2d3dc841481dd51db9124cacde83bc9fef44a3e69e1cb28579d897f3013ac6133395328247fdcc152e5563678258936576196ced017c79bb6a4ea501a44cb25e5af1697afbdb3abb316837470ffdbe985ac3967334a90731602d3fac4f5c2758f04ec9c161a7cf330b7c7549fb62e6c15d07a7203c94edd3a8141c91b2029d6a90b14322337e6610822d9d7bff58c10d9c6cff71822f6456a421a65fdaa5d2c793f256a4e7a39f0d85d65fb95479eff79345c0615c9bbb4fb3324f9360b70dc709b0200042e8461b8cee9ce30beab3e276df48f41f001262fc14153f9764e13b50397442e00d7b11266bde10a3b7f83818086ff0015409679e4472d9e0215804fa9d21cebfa5cb5099cf88750cbeaaf58c2743f2746ea4cb73760ba88a07b91b68553716d563af5d7702219d0c600916dc54242d825c6d68320baf234a39f0b9ea9e6a4a72c4d5829b2f28508f54b33c7e0394a43fe23e7940d9b04bbe790d903a2d2c979e0ea79931b934d094fa2d5948c05cf278c341d788f2061ff617c9fa4700b1e1f0fbfa1b8c42848f2ea01cd318a8748c3336622ead25527ddbcd8a12ba3a5183f4419deb13558ed0ec99e73448c21ede0dbee9c01fc7675e54c60d4dee29c0f8fe81af6fe7b726f5d3c50dac634aefbf1ca6aa4df1b340a4109acf30939f6094c8591218729788111bfde98cd96d4b04b25bcd1bcb7f826241995573bae00", 0x2000, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x78, 0x0, 0xf, {0x0, 0xcbff, 0x0, {0x4, 0x7, 0x28ffffffffe, 0x1af3, 0xa, 0x80000006, 0x5, 0x6, 0xfff, 0x4000, 0x11, 0xffffffffffffffff, 0x0, 0x3ff, 0x1c00}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xee01, 0x0, 0x1000) 836.755298ms ago: executing program 7 (id=3534): pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) vmsplice(r1, &(0x7f00000013c0)=[{&(0x7f0000000140)="162b04", 0x3}], 0x1, 0x4) r3 = accept4(r2, 0x0, 0x0, 0x800) splice(r0, 0x0, r3, 0x0, 0x8001, 0x2) 758.28567ms ago: executing program 7 (id=3535): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f0000000080)={0x2020}, 0x2020) 264.093845ms ago: executing program 7 (id=3536): sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2721, 0x0, &(0x7f0000000040)) 192.250146ms ago: executing program 7 (id=3537): syz_open_procfs$namespace(0x0, 0x0) r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r0, &(0x7f0000000040)={0x1f, @none, 0x2}, 0xa) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r1, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa) shutdown(r0, 0x1) 108.656999ms ago: executing program 8 (id=3538): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x401, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x112}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) close(0x3) 0s ago: executing program 8 (id=3539): syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000440)={0x0, 0x0, 0x1, 'I'}, 0x0, 0x0, 0x0, 0x0}) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) kernel console output (not intermixed with test programs): 34.833876][ T5914] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 234.849087][T11520] veth0_vlan: entered promiscuous mode [ 234.888343][T11520] veth1_vlan: entered promiscuous mode [ 234.890757][ T30] audit: type=1400 audit(1758747621.483:841): avc: denied { create } for pid=11823 comm="syz.5.2498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 234.911275][T11520] veth0_macvtap: entered promiscuous mode [ 234.923458][T11520] veth1_macvtap: entered promiscuous mode [ 234.938127][ T30] audit: type=1400 audit(1758747621.493:842): avc: denied { bind } for pid=11823 comm="syz.5.2498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 234.965018][T11520] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 234.977618][T11520] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 234.985136][ T30] audit: type=1400 audit(1758747621.493:843): avc: denied { listen } for pid=11823 comm="syz.5.2498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 235.025169][ T5914] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 235.034488][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.051498][ T5914] usb 1-1: config 0 descriptor?? [ 235.125008][ T5914] cp210x 1-1:0.0: cp210x converter detected [ 235.199537][T11832] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 235.307569][ T3624] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.353613][ T3624] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.451804][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.484705][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.523789][ T5914] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 235.568874][ T5914] usb 1-1: cp210x converter now attached to ttyUSB0 [ 235.782425][ T43] usb 1-1: USB disconnect, device number 30 [ 235.793816][ T9] usb 6-1: new full-speed USB device number 19 using dummy_hcd [ 235.799930][ T43] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 235.814221][ T43] cp210x 1-1:0.0: device disconnected [ 235.956047][ T9] usb 6-1: config 0 has an invalid interface number: 128 but max is 0 [ 235.966529][ T9] usb 6-1: config 0 has no interface number 0 [ 235.977943][ T9] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 235.990643][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.009412][ T5914] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 236.010267][ T9] usb 6-1: Product: syz [ 236.040996][ T9] usb 6-1: Manufacturer: syz [ 236.046039][ T9] usb 6-1: SerialNumber: syz [ 236.059354][ T9] usb 6-1: config 0 descriptor?? [ 236.173167][ T5914] usb 5-1: Using ep0 maxpacket: 8 [ 236.181905][ T5914] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 236.198763][ T5914] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 236.218736][ T5914] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 236.236468][ T5914] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 236.263120][ T5914] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 236.272231][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.493114][ T5914] usb 5-1: GET_CAPABILITIES returned 0 [ 236.498650][ T5914] usbtmc 5-1:16.0: can't read capabilities [ 236.716572][ T5914] usb 5-1: USB disconnect, device number 26 [ 237.148043][ T9] usb 6-1: non-Atmel transceiver xxxx0b05 [ 237.346509][ T9] usb 6-1: Firmware version (0.0) predates our first public release. [ 237.357433][ T9] usb 6-1: Please update to version 0.2 or newer [ 237.368505][ T9] usb 6-1: atusb_probe: initialization failed, error = -19 [ 237.388782][T11888] input: syz0 as /devices/virtual/input/input40 [ 237.391293][ T9] usb 6-1: USB disconnect, device number 19 [ 237.497740][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 237.497754][ T30] audit: type=1400 audit(1758747624.104:853): avc: denied { write } for pid=11895 comm="syz.0.2522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 237.658559][ T30] audit: type=1400 audit(1758747624.264:854): avc: denied { mounton } for pid=11904 comm="syz.2.2527" path="/proc/1227/task" dev="proc" ino=41923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 237.882392][ T5921] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 237.924704][ T30] audit: type=1326 audit(1758747624.534:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11916 comm="syz.4.2532" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa7bc98eec9 code=0x0 [ 237.951750][ T30] audit: type=1400 audit(1758747624.554:856): avc: denied { unmount } for pid=5855 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 238.056485][ T5921] usb 2-1: config 1 has an invalid interface number: 105 but max is 0 [ 238.065009][ T5921] usb 2-1: config 1 has no interface number 0 [ 238.071193][ T5921] usb 2-1: config 1 interface 105 has no altsetting 0 [ 238.084714][ T5921] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0109, bcdDevice=90.f6 [ 238.096702][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.105161][ T5921] usb 2-1: Product: syz [ 238.112270][ T5921] usb 2-1: Manufacturer: syz [ 238.116969][ T5921] usb 2-1: SerialNumber: syz [ 238.288228][ T30] audit: type=1400 audit(1758747624.894:857): avc: denied { watch } for pid=11936 comm="syz.2.2539" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 238.336114][ T5921] kvaser_usb 2-1:1.105: error -ENODEV: Cannot get usb endpoint(s) [ 238.350485][ T5921] usb 2-1: USB disconnect, device number 24 [ 239.004394][ T5921] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 239.192855][ T5921] usb 1-1: Using ep0 maxpacket: 32 [ 239.206000][ T5921] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 239.219415][ T5921] usb 1-1: config 0 has no interface number 0 [ 239.253940][ T5921] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 239.447986][ T5921] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 239.463881][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.474112][ T5921] usb 1-1: Product: syz [ 239.480519][ T5921] usb 1-1: Manufacturer: syz [ 239.489652][ T5921] usb 1-1: SerialNumber: syz [ 239.500647][ T5921] usb 1-1: config 0 descriptor?? [ 239.515500][ T5921] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 239.537324][ T5921] em28xx 1-1:0.132: Video interface 132 found: [ 239.560110][T11997] veth0: entered promiscuous mode [ 239.587109][T11997] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2565'. [ 239.660420][T11996] veth0: left promiscuous mode [ 239.727230][T12003] netlink: 'syz.4.2567': attribute type 10 has an invalid length. [ 239.738036][T12003] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.745633][T12003] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.758111][T12003] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.765340][T12003] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.773979][T12003] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.781100][T12003] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.794756][T12004] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2567'. [ 239.796436][T12003] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 239.839746][T12004] bridge_slave_1: left allmulticast mode [ 239.862880][T12008] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 239.866632][T12004] bridge_slave_1: left promiscuous mode [ 239.897441][T12004] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.919104][T12004] bridge_slave_0: left allmulticast mode [ 239.922221][ T5921] em28xx 1-1:0.132: unknown em28xx chip ID (0) [ 239.926019][T12004] bridge_slave_0: left promiscuous mode [ 239.940430][T12004] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.963298][T12004] bond0: (slave bridge0): Releasing backup interface [ 240.101201][ T30] audit: type=1326 audit(1758747626.705:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12013 comm="syz.1.2573" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe9e838eec9 code=0x0 [ 240.151643][ T5914] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 240.313041][ T5914] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 240.321990][ T5914] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 240.332327][ T5914] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 240.341481][ T5914] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 240.355066][ T5914] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 240.365589][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 240.375853][ T5914] usb 3-1: Product: syz [ 240.380024][ T5914] usb 3-1: Manufacturer: syz [ 240.390095][ T5914] cdc_wdm 3-1:1.0: skipping garbage [ 240.395823][ T5914] cdc_wdm 3-1:1.0: skipping garbage [ 240.402351][ T5914] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 240.408369][ T5914] cdc_wdm 3-1:1.0: Unknown control protocol [ 240.426480][T12032] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2581'. [ 240.468262][T12034] input: syz1 as /devices/virtual/input/input41 [ 240.537835][ T5921] em28xx 1-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5) [ 240.549057][ T5921] em28xx 1-1:0.132: failed to read eeprom (err=-5) [ 240.556591][ T5921] em28xx 1-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 240.596314][ T5914] usb 3-1: USB disconnect, device number 27 [ 240.621437][ T5921] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 240.640822][T12038] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2584'. [ 240.653248][ T5921] em28xx 1-1:0.132: analog set to bulk mode. [ 240.672436][ T9] em28xx 1-1:0.132: Registering V4L2 extension [ 240.687695][ T5921] usb 1-1: USB disconnect, device number 31 [ 240.697510][ T5921] em28xx 1-1:0.132: Disconnecting em28xx [ 240.904334][ T9] em28xx 1-1:0.132: Config register raw data: 0xffffffed [ 240.913034][ T9] em28xx 1-1:0.132: AC97 chip type couldn't be determined [ 240.923675][ T9] em28xx 1-1:0.132: No AC97 audio processor [ 240.943066][ T9] usb 1-1: Decoder not found [ 240.957935][ T9] em28xx 1-1:0.132: failed to create media graph [ 240.981400][ T9] em28xx 1-1:0.132: V4L2 device video103 deregistered [ 240.992777][ T9] em28xx 1-1:0.132: Remote control support is not available for this card. [ 241.012012][T12049] netlink: 'syz.5.2586': attribute type 10 has an invalid length. [ 241.022390][T12049] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.029977][T12049] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.030763][ T5921] em28xx 1-1:0.132: Closing input extension [ 241.057105][ T5921] em28xx 1-1:0.132: Freeing device [ 241.058013][T12052] binder: 12051:12052 ioctl c0306201 2000000003c0 returned -14 [ 241.062466][ T5955] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 241.087007][T12053] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2586'. [ 241.098541][T12049] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.105738][T12049] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.113252][T12049] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.120334][T12049] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.135030][T12049] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.142281][T12049] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.158476][ T30] audit: type=1400 audit(1758747627.756:859): avc: denied { bind } for pid=12055 comm="syz.1.2590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 241.190109][T12054] syz_tun: entered allmulticast mode [ 241.232201][ T5955] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 241.250929][T12053] vlan2: left allmulticast mode [ 241.252025][ T5955] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 241.255832][T12053] dummy0: left allmulticast mode [ 241.273755][ T5955] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 241.290731][ T5955] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.293555][T12053] vlan2: left promiscuous mode [ 241.312029][ T5955] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 241.321793][ T5955] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 241.326200][T12053] dummy0: left promiscuous mode [ 241.329799][ T5955] usb 3-1: Product: syz [ 241.329818][ T5955] usb 3-1: Manufacturer: syz [ 241.342928][ T5955] cdc_wdm 3-1:1.0: skipping garbage [ 241.348918][ T5955] cdc_wdm 3-1:1.0: skipping garbage [ 241.355887][ T5955] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 241.356642][T12053] bridge0: port 3(vlan2) entered disabled state [ 241.362228][ T5955] cdc_wdm 3-1:1.0: Unknown control protocol [ 241.462257][T12053] bridge_slave_1: left allmulticast mode [ 241.468066][T12053] bridge_slave_1: left promiscuous mode [ 241.476407][T12053] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.488927][T12053] bridge_slave_0: left allmulticast mode [ 241.502685][T12053] bridge_slave_0: left promiscuous mode [ 241.508543][T12053] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.560225][ T3090] usb 3-1: USB disconnect, device number 28 [ 241.584562][T12060] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2591'. [ 241.585229][T12047] syz_tun: left allmulticast mode [ 241.623375][T12060] xfrm1: entered promiscuous mode [ 241.649294][T12060] xfrm1: entered allmulticast mode [ 241.659732][T12060] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2591'. [ 241.868679][ T30] audit: type=1400 audit(1758747628.476:860): avc: denied { connect } for pid=12069 comm="syz.0.2595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 242.126909][ T30] audit: type=1400 audit(1758747628.736:861): avc: denied { watch_sb } for pid=12078 comm="syz.5.2599" path="/293" dev="tmpfs" ino=1535 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 242.326298][ T30] audit: type=1400 audit(1758747628.936:862): avc: denied { write } for pid=12084 comm="syz.1.2598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 242.346389][ C1] vkms_vblank_simulate: vblank timer overrun [ 242.833821][T12124] netlink: 'syz.5.2619': attribute type 5 has an invalid length. [ 242.969802][ T5914] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 242.974821][T12129] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 242.987020][T12129] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 243.001831][T12113] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input42 [ 243.131894][ T5914] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 243.146261][ T5914] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 243.173067][ T5914] usb 3-1: config 220 has an invalid descriptor of length 97, skipping remainder of the config [ 243.206023][ T5914] usb 3-1: config 220 has no interface number 2 [ 243.212499][ T5914] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 243.229464][ T5914] usb 3-1: config 220 interface 0 has no altsetting 0 [ 243.237908][ T5914] usb 3-1: config 220 interface 76 has no altsetting 0 [ 243.245388][ T5914] usb 3-1: config 220 interface 1 has no altsetting 0 [ 243.265436][ T5914] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 243.274882][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.285482][ T5914] usb 3-1: Product: syz [ 243.293343][ T5914] usb 3-1: Manufacturer: syz [ 243.300239][ T5914] usb 3-1: SerialNumber: syz [ 243.475889][T12152] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2632'. [ 243.519267][ T5914] usb 3-1: selecting invalid altsetting 0 [ 243.547882][ T5914] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 243.556549][ T5914] usb 3-1: No valid video chain found. [ 243.605339][ T5914] usb 3-1: selecting invalid altsetting 0 [ 243.621685][ T5914] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 243.655971][ T5914] usb 3-1: USB disconnect, device number 29 [ 244.040953][T12166] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 244.159438][ T9] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 244.329631][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 244.336610][ T9] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 244.349353][ T9] usb 6-1: config 0 has no interface number 0 [ 244.381178][ T9] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 244.392296][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.404344][ T9] usb 6-1: Product: syz [ 244.408595][ T9] usb 6-1: Manufacturer: syz [ 244.435666][ T9] usb 6-1: SerialNumber: syz [ 244.456605][ T9] usb 6-1: config 0 descriptor?? [ 244.478341][ T9] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 244.589672][T12187] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2645'. [ 244.764579][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 244.764597][ T30] audit: type=1400 audit(1758747631.378:865): avc: denied { create } for pid=12194 comm="syz.2.2649" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 244.801107][T12195] delete_channel: no stack [ 244.838883][ T30] audit: type=1400 audit(1758747631.428:866): avc: denied { setopt } for pid=12194 comm="syz.2.2649" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 244.887338][ T9] gspca_spca1528: reg_w err -71 [ 244.929166][ T9] spca1528 6-1:0.1: probe with driver spca1528 failed with error -71 [ 244.952518][ T9] usb 6-1: USB disconnect, device number 20 [ 246.046092][T12228] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2663'. [ 246.088237][ T9] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 246.133622][T12235] input: syz1 as /devices/virtual/input/input43 [ 246.249928][ T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 246.269781][ T9] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 246.299459][ T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 246.316282][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.346380][T12217] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 246.356356][ T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 246.522250][T12258] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 246.522316][ T30] audit: type=1400 audit(1758747633.139:867): avc: denied { getopt } for pid=12257 comm="syz.4.2678" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 246.673144][ T5848] usb 2-1: USB disconnect, device number 25 [ 246.790115][T12272] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2682'. [ 246.887818][ T10] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 247.047996][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 247.055350][ T10] usb 3-1: config 0 has an invalid interface number: 134 but max is 0 [ 247.063609][ T10] usb 3-1: config 0 has no interface number 0 [ 247.072393][ T10] usb 3-1: New USB device found, idVendor=1e2d, idProduct=004a, bcdDevice=be.0a [ 247.081574][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.089806][ T10] usb 3-1: Product: syz [ 247.093994][ T10] usb 3-1: Manufacturer: syz [ 247.099016][ T10] usb 3-1: SerialNumber: syz [ 247.104817][ T10] usb 3-1: config 0 descriptor?? [ 247.307192][T12276] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 247.340966][ T10] usb 3-1: USB disconnect, device number 30 [ 248.447336][ T5848] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 248.636922][ T5848] usb 1-1: Using ep0 maxpacket: 16 [ 248.669427][ T5848] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 248.681142][ T5848] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 248.695365][ T5848] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 248.719293][ T5848] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 248.736856][ T5848] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.756871][ T5848] usb 1-1: config 0 descriptor?? [ 248.906976][ T30] audit: type=1400 audit(1758747635.510:868): avc: denied { read } for pid=12330 comm="syz.5.2707" path="socket:[45009]" dev="sockfs" ino=45009 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 249.201701][ T5848] shield 0003:0955:7214.0024: unknown main item tag 0x0 [ 249.208869][ T5848] shield 0003:0955:7214.0024: unknown main item tag 0x0 [ 249.236633][ T5848] shield 0003:0955:7214.0024: unknown main item tag 0x0 [ 249.243628][ T5848] shield 0003:0955:7214.0024: unknown main item tag 0x0 [ 249.345777][ T5848] shield 0003:0955:7214.0024: unknown main item tag 0x0 [ 249.402023][T12303] netlink: 'syz.0.2694': attribute type 2 has an invalid length. [ 249.424602][ T5848] input: HID 0955:7214 Haptics as /devices/virtual/input/input44 [ 249.426607][T12303] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2694'. [ 249.486276][ T5848] shield 0003:0955:7214.0024: Registered Thunderstrike controller [ 249.528451][ T5848] shield 0003:0955:7214.0024: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 249.615218][ T5848] usb 1-1: USB disconnect, device number 32 [ 249.656506][ T5914] shield 0003:0955:7214.0024: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 249.708668][ T5914] shield 0003:0955:7214.0024: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 249.739960][ T5914] shield 0003:0955:7214.0024: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 249.774211][ T5914] shield 0003:0955:7214.0024: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 249.946528][ T10] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 250.115098][ T10] usb 3-1: config 0 has an invalid interface number: 204 but max is 0 [ 250.126185][ T10] usb 3-1: config 0 has no interface number 0 [ 250.145629][ T10] usb 3-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=29.3d [ 250.172231][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.189139][ T10] usb 3-1: Product: syz [ 250.198698][ T10] usb 3-1: Manufacturer: syz [ 250.205465][ T10] usb 3-1: SerialNumber: syz [ 250.228873][ T10] usb 3-1: config 0 descriptor?? [ 250.260546][ T10] ems_usb 3-1:0.204 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 250.293296][ T10] ems_usb 3-1:0.204: probe with driver ems_usb failed with error -22 [ 250.425658][ T30] audit: type=1400 audit(1758747637.030:869): avc: denied { read } for pid=12369 comm="syz.0.2722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 250.485594][ T10] usb 3-1: USB disconnect, device number 31 [ 250.906533][ T5848] IPVS: starting estimator thread 0... [ 250.997865][T12383] IPVS: using max 40 ests per chain, 96000 per kthread [ 251.212630][T12391] netlink: 'syz.5.2730': attribute type 2 has an invalid length. [ 251.248628][T12391] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2730'. [ 251.816753][ T30] audit: type=1400 audit(1758747638.421:870): avc: denied { getopt } for pid=12409 comm="syz.2.2737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 253.474652][ T3090] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 253.495487][T12451] sctp: [Deprecated]: syz.2.2754 (pid 12451) Use of struct sctp_assoc_value in delayed_ack socket option. [ 253.495487][T12451] Use struct sctp_sack_info instead [ 253.626924][ T30] audit: type=1400 audit(1758747640.242:871): avc: denied { watch } for pid=12454 comm="syz.1.2755" path="/536/file0/file0" dev="afs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1 [ 253.681771][ T3090] usb 1-1: Using ep0 maxpacket: 32 [ 253.693392][ T3090] usb 1-1: config 0 has an invalid interface number: 247 but max is 0 [ 253.705649][ T3090] usb 1-1: config 0 has no interface number 0 [ 253.711772][ T3090] usb 1-1: config 0 interface 247 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 253.744508][ T3090] usb 1-1: config 0 interface 247 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 253.768857][ T3090] usb 1-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 253.804987][ T3090] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 253.813010][ T3090] usb 1-1: Product: syz [ 253.834315][ T3090] usb 1-1: Manufacturer: syz [ 253.848921][ T3090] usb 1-1: config 0 descriptor?? [ 253.878940][T12467] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2761'. [ 253.951381][ T30] audit: type=1400 audit(1758747640.562:872): avc: denied { read write } for pid=12468 comm="syz.5.2762" name="sg0" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 253.954380][T12467] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2761'. [ 253.978091][ T30] audit: type=1400 audit(1758747640.562:873): avc: denied { open } for pid=12468 comm="syz.5.2762" path="/dev/sg0" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 254.021086][ T30] audit: type=1400 audit(1758747640.622:874): avc: denied { ioctl } for pid=12468 comm="syz.5.2762" path="/dev/sg0" dev="devtmpfs" ino=750 ioctlcmd=0x227b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 254.041765][T12467] netlink: 'syz.1.2761': attribute type 6 has an invalid length. [ 254.067138][ T3624] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 254.076671][ T3624] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 254.085914][T12467] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2761'. [ 254.095624][ T3624] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 254.104452][T12467] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2761'. [ 254.113487][ T3624] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 254.125008][ T5848] usb 1-1: USB disconnect, device number 33 [ 254.133076][T12467] netlink: 'syz.1.2761': attribute type 6 has an invalid length. [ 254.520227][T12392] syz.4.2727 (12392): drop_caches: 1 [ 254.721392][T12479] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 254.768148][ T30] audit: type=1400 audit(1758747641.383:875): avc: denied { read } for pid=12482 comm="syz.2.2769" path="socket:[46510]" dev="sockfs" ino=46510 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 255.012558][ T30] audit: type=1400 audit(1758747641.623:876): avc: denied { associate } for pid=12492 comm="syz.0.2772" name="core" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 255.200646][ T30] audit: type=1400 audit(1758747641.803:877): avc: denied { connect } for pid=12493 comm="syz.4.2773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 255.241770][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.372929][T12511] netlink: 'syz.4.2780': attribute type 10 has an invalid length. [ 255.690309][ T30] audit: type=1326 audit(1758747642.303:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12525 comm="syz.2.2786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 255.713714][ C1] vkms_vblank_simulate: vblank timer overrun [ 255.722566][ T30] audit: type=1326 audit(1758747642.303:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12525 comm="syz.2.2786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 255.745959][ C1] vkms_vblank_simulate: vblank timer overrun [ 255.753104][ T30] audit: type=1326 audit(1758747642.313:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12525 comm="syz.2.2786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 255.776488][ C1] vkms_vblank_simulate: vblank timer overrun [ 255.783243][ T30] audit: type=1326 audit(1758747642.313:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12525 comm="syz.2.2786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 255.813074][T12524] SELinux: failed to load policy [ 255.824465][ T30] audit: type=1326 audit(1758747642.313:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12525 comm="syz.2.2786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 255.847850][ C1] vkms_vblank_simulate: vblank timer overrun [ 255.858081][ T30] audit: type=1326 audit(1758747642.313:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12525 comm="syz.2.2786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 255.881461][ C1] vkms_vblank_simulate: vblank timer overrun [ 255.893581][ T30] audit: type=1326 audit(1758747642.313:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12525 comm="syz.2.2786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 255.917968][ T30] audit: type=1326 audit(1758747642.313:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12525 comm="syz.2.2786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 255.941860][ T30] audit: type=1326 audit(1758747642.313:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12525 comm="syz.2.2786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 255.965221][ C1] vkms_vblank_simulate: vblank timer overrun [ 255.991819][ T30] audit: type=1326 audit(1758747642.323:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12525 comm="syz.2.2786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 256.015212][ C1] vkms_vblank_simulate: vblank timer overrun [ 256.482100][T12555] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2798'. [ 256.491787][T12555] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 256.502552][T12555] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (7) [ 257.002851][ T5955] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 257.157683][ T5955] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 257.166515][ T5955] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 257.181035][ T5955] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 257.190656][ T5955] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 257.202218][ T5955] usb 3-1: Manufacturer: syz [ 257.209249][ T5955] usb 3-1: config 0 descriptor?? [ 257.282818][ T5955] rc_core: IR keymap rc-hauppauge not found [ 257.292237][ T5955] Registered IR keymap rc-empty [ 257.301126][ T5955] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 257.316453][ T5955] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input45 [ 257.646711][ C0] igorplugusb 3-1:0.0: receive overflow, at least 21 lost [ 258.022380][ T10] usb 5-1: new full-speed USB device number 27 using dummy_hcd [ 258.057745][ C0] igorplugusb 3-1:0.0: receive overflow invalid: 173 [ 258.173650][ T10] usb 5-1: config 5 has too many interfaces: 246, using maximum allowed: 32 [ 258.182732][ T10] usb 5-1: config 5 has 1 interface, different from the descriptor's value: 246 [ 258.191808][ T10] usb 5-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 258.205089][ T10] usb 5-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.216285][ T10] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 258.225563][ T10] usb 5-1: New USB device strings: Mfr=0, Product=248, SerialNumber=0 [ 258.234180][ T10] usb 5-1: Product: syz [ 258.261923][ T5955] usb 3-1: USB disconnect, device number 32 [ 258.450986][ T10] usbhid 5-1:5.0: can't add hid device: -71 [ 258.457196][ T10] usbhid 5-1:5.0: probe with driver usbhid failed with error -71 [ 258.468886][ T10] usb 5-1: USB disconnect, device number 27 [ 259.024381][T12657] binder: 12655:12657 ioctl c0306201 200000000080 returned -14 [ 259.033800][T12657] binder: 12655:12657 ioctl c0306201 2000000001c0 returned -14 [ 259.237721][T12670] netlink: 'syz.2.2846': attribute type 1 has an invalid length. [ 259.798915][T12700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2859'. [ 259.798930][T12698] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2858'. [ 259.871475][ T5914] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 259.878361][T12704] netlink: 'syz.2.2861': attribute type 1 has an invalid length. [ 259.908207][T12704] 8021q: adding VLAN 0 to HW filter on device bond1 [ 259.935398][T12704] bond1: (slave ip6erspan0): making interface the new active one [ 259.944988][T12704] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 259.989626][T12710] input: syz1 as /devices/virtual/input/input46 [ 260.021357][ T5914] usb 1-1: Using ep0 maxpacket: 32 [ 260.039535][ T5914] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 260.056432][ T5914] usb 1-1: config 0 has no interface number 0 [ 260.074953][ T5914] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 260.089396][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.098071][ T5914] usb 1-1: Product: syz [ 260.102726][ T5914] usb 1-1: Manufacturer: syz [ 260.107391][ T5914] usb 1-1: SerialNumber: syz [ 260.114432][ T5914] usb 1-1: config 0 descriptor?? [ 260.123533][ T5914] smsc95xx v2.0.0 [ 260.155359][T12719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2866'. [ 260.182152][T12719] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2866'. [ 260.192614][T12719] netlink: 'syz.2.2866': attribute type 11 has an invalid length. [ 260.200468][T12719] netlink: 'syz.2.2866': attribute type 13 has an invalid length. [ 260.263984][T12729] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 260.674995][T12743] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2875'. [ 260.686750][T12743] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2875'. [ 260.740911][ T5857] Bluetooth: hci5: command 0x1003 tx timeout [ 260.748212][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 261.192946][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 261.192962][ T30] audit: type=1400 audit(1758747653.817:901): avc: denied { create } for pid=12756 comm="syz.2.2882" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 261.340215][ T5914] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 261.364062][ T5914] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 261.377711][ T5914] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 261.391682][ T5914] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 261.405833][ T5914] usb 1-1: USB disconnect, device number 34 [ 261.936750][ T30] audit: type=1400 audit(1758747654.558:902): avc: denied { execute } for pid=12784 comm="syz.0.2893" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 261.960044][ C1] vkms_vblank_simulate: vblank timer overrun [ 261.966619][ T5914] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 261.982005][T12785] netlink: 'syz.0.2893': attribute type 5 has an invalid length. [ 261.990315][T12785] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2893'. [ 262.119392][ T5914] usb 3-1: Using ep0 maxpacket: 8 [ 262.126864][ T5914] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 262.136417][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.150335][ T5914] pvrusb2: Hardware description: Terratec Grabster AV400 [ 262.157510][ T5914] pvrusb2: ********** [ 262.161761][ T5914] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 262.172183][ T5914] pvrusb2: Important functionality might not be entirely working. [ 262.180068][ T5914] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 262.191432][ T5914] pvrusb2: ********** [ 262.356014][ T2335] pvrusb2: Invalid write control endpoint [ 262.365171][ T30] audit: type=1400 audit(1758747654.978:903): avc: denied { map } for pid=12792 comm="syz.4.2896" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 262.365832][T12793] binder_alloc: binder_alloc_mmap_handler: 12792 200000ffc000-200001000000 already mapped failed -16 [ 262.389016][ C1] vkms_vblank_simulate: vblank timer overrun [ 262.430269][ T2335] pvrusb2: Invalid write control endpoint [ 262.436363][ T2335] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 262.451319][ T2335] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 262.462114][ T2335] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 262.474929][ T2335] pvrusb2: Device being rendered inoperable [ 262.484219][ T2335] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 262.494540][ T2335] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 262.511194][ T2335] pvrusb2: Attached sub-driver cx25840 [ 262.517016][ T2335] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 262.527769][ T2335] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 262.553118][T12799] loop3: detected capacity change from 0 to 7 [ 262.569422][T12799] Dev loop3: unable to read RDB block 7 [ 262.570538][ T5914] usb 3-1: USB disconnect, device number 33 [ 262.575079][T12799] loop3: unable to read partition table [ 262.587060][T12799] loop3: partition table beyond EOD, truncated [ 262.593680][T12799] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 262.672136][ T30] audit: type=1400 audit(1758747655.298:904): avc: denied { name_bind } for pid=12802 comm="syz.4.2900" path="socket:[47687]" dev="sockfs" ino=47687 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 262.818663][ T51] Bluetooth: hci6: command 0x1003 tx timeout [ 262.818710][ T5850] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 263.087574][ T3624] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.212977][ T3624] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.281238][T12812] SELinux: ebitmap: truncated map [ 263.321642][T12812] SELinux: failed to load policy [ 263.329711][ T3624] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.420435][ T30] audit: type=1400 audit(1758747656.049:905): avc: denied { connect } for pid=12816 comm="syz.4.2909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 263.465799][ T3624] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.582806][T12826] netlink: 'syz.2.2912': attribute type 5 has an invalid length. [ 264.060028][T12844] netlink: 'syz.2.2918': attribute type 1 has an invalid length. [ 264.081490][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 264.089609][T12844] netlink: 136 bytes leftover after parsing attributes in process `syz.2.2918'. [ 264.114776][T12844] netlink: 'syz.2.2918': attribute type 2 has an invalid length. [ 264.114885][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 264.127071][T12844] netlink: 'syz.2.2918': attribute type 1 has an invalid length. [ 264.142890][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 264.174956][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 264.184346][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 264.272465][ T3532] nci: nci_rsp_packet: unsupported rsp opcode 0xf03 [ 264.614469][ T3624] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 264.625919][ T3624] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 264.637768][ T3624] bond0 (unregistering): Released all slaves [ 264.656294][T12864] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 264.774812][ T3624] IPVS: stopping master sync thread 8632 ... [ 265.176257][ T5955] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 265.327189][ T3624] hsr_slave_0: left promiscuous mode [ 265.334619][ T3624] hsr_slave_1: left promiscuous mode [ 265.341898][ T3624] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 265.349619][ T5955] usb 5-1: Using ep0 maxpacket: 8 [ 265.354811][ T3624] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 265.364287][ T5955] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 265.375696][ T3624] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 265.385837][ T5955] usb 5-1: config 0 has no interface number 0 [ 265.392724][ T5955] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 265.396679][ T3624] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 265.403772][ T5955] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 265.403799][ T5955] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 265.436447][ T5955] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 265.449807][ T5955] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 265.460610][ T5955] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.472627][ T5955] usb 5-1: config 0 descriptor?? [ 265.491043][ T5955] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 265.504633][ T3624] veth1_macvtap: left promiscuous mode [ 265.513256][ T3624] veth0_macvtap: left promiscuous mode [ 265.519565][ T3624] veth1_vlan: left promiscuous mode [ 265.524977][ T3624] veth0_vlan: left promiscuous mode [ 265.565994][ T3090] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 265.746232][ T3090] usb 3-1: Using ep0 maxpacket: 16 [ 265.756478][ T3090] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 265.775464][ T3090] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 265.804996][ T3090] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 265.827509][ T3090] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 265.862818][ T3090] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.896292][ T5955] usb 5-1: USB disconnect, device number 28 [ 265.897683][ T3090] usb 3-1: Product: syz [ 265.907658][ T5955] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 265.928291][ T3090] usb 3-1: Manufacturer: syz [ 265.937124][ T3090] usb 3-1: SerialNumber: syz [ 266.255280][ T5850] Bluetooth: hci2: command tx timeout [ 266.330679][ T3624] team0 (unregistering): Port device team_slave_1 removed [ 266.387783][ T3090] usb 3-1: 0:2 : does not exist [ 266.448683][ T3624] team0 (unregistering): Port device team_slave_0 removed [ 266.708284][T12918] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2945'. [ 266.743854][ T30] audit: type=1400 audit(1758747659.362:906): avc: denied { create } for pid=12916 comm="syz.4.2947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 266.804402][ T30] audit: type=1400 audit(1758747659.362:907): avc: denied { listen } for pid=12916 comm="syz.4.2947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 266.848772][ T30] audit: type=1400 audit(1758747659.362:908): avc: denied { accept } for pid=12916 comm="syz.4.2947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 267.217174][ T3090] usb 3-1: 1:0: failed to get current value for ch 0 (-22) [ 267.264812][ T3090] usb 3-1: USB disconnect, device number 34 [ 267.388029][T12845] chnl_net:caif_netlink_parms(): no params data found [ 267.611344][T12845] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.620575][T12845] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.630141][T12845] bridge_slave_0: entered allmulticast mode [ 267.638352][T12845] bridge_slave_0: entered promiscuous mode [ 267.649187][T12845] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.657643][T12845] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.665393][T12845] bridge_slave_1: entered allmulticast mode [ 267.672104][T12845] bridge_slave_1: entered promiscuous mode [ 267.698407][T12845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 267.711239][T12845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 267.739020][T12845] team0: Port device team_slave_0 added [ 267.747217][T12845] team0: Port device team_slave_1 added [ 267.775186][T12845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 267.782247][T12845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.812671][T12845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 267.823813][ T3090] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 267.825620][T12845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 267.841039][T12845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.867592][ T5955] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 267.871993][T12845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 267.894466][T12941] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 267.926517][T12845] hsr_slave_0: entered promiscuous mode [ 267.932678][T12845] hsr_slave_1: entered promiscuous mode [ 267.993236][ T30] audit: type=1400 audit(1758747660.614:909): avc: denied { watch } for pid=12943 comm="syz.2.2954" path="pipe:[5297]" dev="pipefs" ino=5297 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 268.025467][ T3090] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 268.046323][ T3090] usb 1-1: config 1 has no interface number 0 [ 268.053423][ T5955] usb 2-1: Using ep0 maxpacket: 8 [ 268.058817][ T3090] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 268.066143][ T5955] usb 2-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d [ 268.078857][ T3090] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 268.086748][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.091046][ T3090] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 35782, setting to 1024 [ 268.100183][ T5955] usb 2-1: Product: syz [ 268.110781][ T3090] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 268.114356][ T5955] usb 2-1: Manufacturer: syz [ 268.126318][ T3090] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 268.126346][ T3090] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.138018][ T5955] usb 2-1: SerialNumber: syz [ 268.145169][ T3090] usb 1-1: Product: syz [ 268.152503][ T3090] usb 1-1: Manufacturer: syz [ 268.162501][ T3090] usb 1-1: SerialNumber: syz [ 268.164681][ T5955] usb 2-1: config 0 descriptor?? [ 268.180370][ T5955] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 268.245245][T12845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 268.274921][T12845] 8021q: adding VLAN 0 to HW filter on device team0 [ 268.288288][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.295464][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 268.312629][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.319839][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 268.333361][ T5850] Bluetooth: hci2: command tx timeout [ 268.347637][ T10] libceph: connect (1)[c::]:6789 error -101 [ 268.354100][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 268.361826][ T10] libceph: connect (1)[c::]:6789 error -101 [ 268.368524][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 268.374516][T12933] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 268.402342][ T9] libceph: connect (1)[b::]:6789 error -101 [ 268.409888][ T9] libceph: mon0 (1)[b::]:6789 connect error [ 268.417027][ T9] libceph: connect (1)[b::]:6789 error -101 [ 268.423532][ T9] libceph: mon0 (1)[b::]:6789 connect error [ 268.556839][T12845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 268.675451][ T9] libceph: connect (1)[c::]:6789 error -101 [ 268.681661][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 268.688303][ T5921] libceph: connect (1)[b::]:6789 error -101 [ 268.697411][ T5921] libceph: mon0 (1)[b::]:6789 connect error [ 268.809001][T12845] veth0_vlan: entered promiscuous mode [ 268.825883][T12845] veth1_vlan: entered promiscuous mode [ 268.868870][T12845] veth0_macvtap: entered promiscuous mode [ 268.879662][T12845] veth1_macvtap: entered promiscuous mode [ 268.901578][T12845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 268.918458][T12845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 268.981278][T12933] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 269.004601][ T3090] cdc_ncm 1-1:1.1: bind() failure [ 269.022164][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.034591][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.066831][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.076100][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.162135][T12956] ceph: No mds server is up or the cluster is laggy [ 269.179293][T12959] ceph: No mds server is up or the cluster is laggy [ 269.217061][ T30] audit: type=1400 audit(1758747661.825:910): avc: denied { ioctl } for pid=12983 comm="syz.6.2907" path="socket:[49037]" dev="sockfs" ino=49037 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 269.217862][ T10] libceph: connect (1)[b::]:6789 error -101 [ 269.272497][ T9] libceph: connect (1)[c::]:6789 error -101 [ 269.300386][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 269.350379][ T10] libceph: mon0 (1)[b::]:6789 connect error [ 269.377739][ T10] usb 1-1: USB disconnect, device number 35 [ 269.460630][ T5955] gspca_sonixj: reg_w1 err -71 [ 269.466125][ T5955] sonixj 2-1:0.0: probe with driver sonixj failed with error -71 [ 269.477400][ T5955] usb 2-1: USB disconnect, device number 26 [ 269.641898][ T5921] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 269.770170][ T30] audit: type=1400 audit(1758747662.395:911): avc: denied { mounton } for pid=12996 comm="syz.2.2968" path="/655/file0" dev="tmpfs" ino=3394 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 269.840394][ T5921] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 269.848801][T12999] kernel read not supported for file /!sel (pid: 12999 comm: syz.2.2969) [ 269.868932][ T30] audit: type=1800 audit(1758747662.496:912): pid=12999 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.2969" name="!sel" dev="mqueue" ino=49378 res=0 errno=0 [ 269.877397][ T5921] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 269.908693][ T5921] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 269.921871][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 269.929899][ T5921] usb 5-1: SerialNumber: syz [ 270.158600][ T5921] usb 5-1: 0:2 : does not exist [ 270.164937][ T5921] usb 5-1: unit 5: unexpected type 0x09 [ 270.194254][ T5921] usb 5-1: USB disconnect, device number 29 [ 270.201620][ T3090] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 270.209400][ T5914] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 270.381245][ T5914] usb 1-1: Using ep0 maxpacket: 32 [ 270.389723][ T3090] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 270.411505][ T5850] Bluetooth: hci2: command tx timeout [ 270.430426][ T5914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 270.445633][ T3090] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.459115][ T5914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.466379][T13013] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input47 [ 270.475571][ T3090] usb 3-1: Product: syz [ 270.487451][ T5914] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 270.496715][ T3090] usb 3-1: Manufacturer: syz [ 270.501790][ T3090] usb 3-1: SerialNumber: syz [ 270.507693][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.516846][ T3090] usb 3-1: config 0 descriptor?? [ 270.527418][ T5914] usb 1-1: config 0 descriptor?? [ 270.640802][ T30] audit: type=1400 audit(1758747663.266:913): avc: denied { mounton } for pid=13023 comm="syz.6.2979" path="/6/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 270.669336][ T30] audit: type=1400 audit(1758747663.296:914): avc: denied { unmount } for pid=12845 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 270.743978][ T10] usb 3-1: USB disconnect, device number 35 [ 270.797143][ T70] bridge_slave_1: left allmulticast mode [ 270.809744][ T70] bridge_slave_1: left promiscuous mode [ 270.818097][ T70] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.833156][ T70] bridge_slave_0: left allmulticast mode [ 270.838945][ T70] bridge_slave_0: left promiscuous mode [ 270.845201][ T70] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.975478][ T5914] savu 0003:1E7D:2D5A.0025: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 271.186499][ T5914] usb 1-1: USB disconnect, device number 36 [ 271.285285][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 271.297563][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 271.313131][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 271.348017][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 271.364384][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 271.425546][ T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 271.439325][ T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 271.451701][ T70] bond0 (unregistering): Released all slaves [ 271.535192][ T30] audit: type=1400 audit(1758747664.167:915): avc: denied { mounton } for pid=13039 comm="syz.2.2988" path="/660/file0" dev="proc" ino=4026533287 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=dir permissive=1 [ 271.819765][ T5981] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 271.889691][ T10] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 271.967018][ T70] hsr_slave_0: left promiscuous mode [ 271.973387][ T70] hsr_slave_1: left promiscuous mode [ 271.979251][ T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 271.987587][ T70] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 271.989561][ T5981] usb 2-1: Using ep0 maxpacket: 32 [ 272.002988][ T5981] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 272.006072][ T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 272.011815][ T5981] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 272.027815][ T70] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 272.030756][ T5981] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 272.043864][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 272.045303][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 272.049669][ T5981] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 272.062721][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 272.070828][ T5981] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 272.092302][ T10] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 272.092459][ T5981] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 272.102531][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.114699][ T5981] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 272.127891][ T70] veth1_macvtap: left promiscuous mode [ 272.133932][ T5981] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 272.136729][ T70] veth0_macvtap: left promiscuous mode [ 272.151805][ T5981] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 272.155026][ T10] usb 3-1: Product: syz [ 272.168154][ T10] usb 3-1: Manufacturer: syz [ 272.172826][ T5981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.173997][ T70] veth1_vlan: left promiscuous mode [ 272.184959][ T5981] usb 2-1: config 0 descriptor?? [ 272.186181][ T10] usb 3-1: SerialNumber: syz [ 272.191540][ T70] veth0_vlan: left promiscuous mode [ 272.197463][ T10] usb 3-1: config 0 descriptor?? [ 272.201287][T13042] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 272.208365][ T10] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 272.222817][ T10] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 272.230051][ T5921] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 272.380214][ T5921] usb 5-1: Using ep0 maxpacket: 16 [ 272.396552][ T5921] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 272.408181][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 272.424704][ T5921] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 272.434317][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.450917][ T5921] usb 5-1: Product: syz [ 272.455608][ T5921] usb 5-1: Manufacturer: syz [ 272.461182][ T5921] usb 5-1: SerialNumber: syz [ 272.462652][ T5981] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 27 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 272.467772][ T5921] usb 5-1: config 0 descriptor?? [ 272.486149][ T5921] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 272.495810][ T5921] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 272.696860][ T5981] usb 2-1: USB disconnect, device number 27 [ 272.711655][ T5981] usblp0: removed [ 272.725918][ T70] team0 (unregistering): Port device team_slave_1 removed [ 272.760696][ T70] team0 (unregistering): Port device team_slave_0 removed [ 272.862536][ T10] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 272.869744][ T10] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 273.079611][ T10] em28xx 3-1:0.0: AC97 chip type couldn't be determined [ 273.086689][ T10] em28xx 3-1:0.0: No AC97 audio processor [ 273.103928][ T10] usb 3-1: USB disconnect, device number 36 [ 273.110193][ T5921] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 273.117618][ T10] em28xx 3-1:0.0: Disconnecting em28xx [ 273.124364][ T5921] em28xx 5-1:0.0: Config register raw data: 0x41 [ 273.133912][ T10] em28xx 3-1:0.0: Freeing device [ 273.180650][T13031] chnl_net:caif_netlink_parms(): no params data found [ 273.356986][T13031] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.364363][T13031] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.372542][T13031] bridge_slave_0: entered allmulticast mode [ 273.379961][T13031] bridge_slave_0: entered promiscuous mode [ 273.388470][T13031] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.395741][T13031] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.397539][ T10] usb 5-1: USB disconnect, device number 30 [ 273.403232][T13031] bridge_slave_1: entered allmulticast mode [ 273.432044][ T10] em28xx 5-1:0.0: Disconnecting em28xx [ 273.439005][T13031] bridge_slave_1: entered promiscuous mode [ 273.450895][ T5850] Bluetooth: hci2: command tx timeout [ 273.470891][ T10] em28xx 5-1:0.0: Freeing device [ 273.506651][T13031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 273.533278][T13031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 273.661733][T13031] team0: Port device team_slave_0 added [ 273.679920][T13031] team0: Port device team_slave_1 added [ 273.796996][T13031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 273.797193][T13078] netlink: 'syz.0.3002': attribute type 4 has an invalid length. [ 273.812255][T13031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 273.855967][T13031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 273.880360][T13031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 273.890313][T13031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 273.909594][T13078] netlink: 'syz.0.3002': attribute type 4 has an invalid length. [ 273.936235][T13031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 274.092061][T13031] hsr_slave_0: entered promiscuous mode [ 274.110855][T13031] hsr_slave_1: entered promiscuous mode [ 274.590571][ T5914] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 274.752170][ T5914] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 274.763379][ T5914] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 274.870104][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.957516][ T5914] usb 5-1: config 0 descriptor?? [ 274.975991][ T5914] pwc: Askey VC010 type 2 USB webcam detected. [ 275.031235][T13031] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.048613][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 275.048623][ T30] audit: type=1400 audit(1758747667.671:917): avc: denied { create } for pid=13100 comm="syz.2.3008" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 275.080763][T13031] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.091974][ T3624] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.099175][ T3624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.143583][ T3624] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.150773][ T3624] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.169560][ T30] audit: type=1400 audit(1758747667.801:918): avc: denied { read } for pid=13100 comm="syz.2.3008" path="socket:[49701]" dev="sockfs" ino=49701 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 275.258815][T13031] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 275.400697][ T5914] pwc: recv_control_msg error -32 req 02 val 2b00 [ 275.451178][ T5914] pwc: recv_control_msg error -32 req 02 val 2700 [ 275.482089][ T5914] pwc: recv_control_msg error -32 req 02 val 2c00 [ 275.530768][ T5850] Bluetooth: hci2: command tx timeout [ 275.552526][T13113] input: syz1 as /devices/virtual/input/input48 [ 275.578807][T13117] input: syz0 as /devices/virtual/input/input49 [ 275.703425][ T5914] pwc: recv_control_msg error -71 req 04 val 1300 [ 275.716062][ T5914] pwc: recv_control_msg error -71 req 04 val 1400 [ 275.746256][ T5914] pwc: recv_control_msg error -71 req 02 val 2000 [ 275.768634][ T5914] pwc: recv_control_msg error -71 req 02 val 2100 [ 275.788236][ T5914] pwc: recv_control_msg error -71 req 04 val 1500 [ 275.821894][ T30] audit: type=1400 audit(1758747668.452:919): avc: denied { setopt } for pid=13124 comm="syz.2.3019" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 275.864399][ T5914] pwc: recv_control_msg error -71 req 02 val 2500 [ 275.890285][ T30] audit: type=1400 audit(1758747668.482:920): avc: denied { ioctl } for pid=13124 comm="syz.2.3019" path="socket:[50385]" dev="sockfs" ino=50385 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 275.937317][T13126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3018'. [ 275.961739][ T5914] pwc: recv_control_msg error -71 req 02 val 2400 [ 275.973003][ T30] audit: type=1400 audit(1758747668.602:921): avc: denied { setopt } for pid=13127 comm="syz.2.3020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 275.993055][ T5914] pwc: recv_control_msg error -71 req 02 val 2600 [ 276.008403][ T5914] pwc: recv_control_msg error -71 req 02 val 2900 [ 276.023423][T13126] geneve3: entered promiscuous mode [ 276.028910][T13126] geneve3: entered allmulticast mode [ 276.034656][ T5914] pwc: recv_control_msg error -71 req 02 val 2800 [ 276.052843][ T5914] pwc: recv_control_msg error -71 req 04 val 1100 [ 276.063713][ T13] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 276.073158][ T13] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 276.086391][ T5914] pwc: recv_control_msg error -71 req 04 val 1200 [ 276.103113][ T13] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 276.113970][ T5914] pwc: Registered as video103. [ 276.123212][ T5914] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input50 [ 276.140654][ T5914] usb 5-1: USB disconnect, device number 31 [ 276.143705][T13031] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.169718][ T13] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 276.408390][ T30] audit: type=1400 audit(1758747669.042:922): avc: denied { read } for pid=13140 comm="syz.4.3024" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 276.445526][T13148] sock: sock_set_timeout: `syz.1.3026' (pid 13148) tries to set negative timeout [ 276.455225][ T10] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 276.472315][ T30] audit: type=1400 audit(1758747669.042:923): avc: denied { open } for pid=13140 comm="syz.4.3024" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 276.519001][ T30] audit: type=1400 audit(1758747669.072:924): avc: denied { firmware_load } for pid=1031 comm="kworker/u8:5" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 276.557979][T13141] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 276.559596][T13031] veth0_vlan: entered promiscuous mode [ 276.564215][T13141] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 276.583068][T13141] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 276.589471][T13141] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 276.591697][T13031] veth1_vlan: entered promiscuous mode [ 276.603059][T13141] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 276.620844][T13141] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 276.631012][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 276.642103][ T10] usb 1-1: config 0 has no interfaces? [ 276.651939][T13141] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 276.657929][T13031] veth0_macvtap: entered promiscuous mode [ 276.664082][T13031] veth1_macvtap: entered promiscuous mode [ 276.675728][ T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 276.684925][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.698781][ T10] usb 1-1: Product: syz [ 276.701475][T13141] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 276.709069][ T10] usb 1-1: Manufacturer: syz [ 276.709088][ T10] usb 1-1: SerialNumber: syz [ 276.712352][T13031] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 276.726999][ T10] usb 1-1: config 0 descriptor?? [ 276.757994][T13031] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 276.890825][ T3624] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 276.913056][ T3624] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.970178][ T5981] usb 1-1: USB disconnect, device number 37 [ 276.983596][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.000202][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.016114][ T30] audit: type=1326 audit(1758747669.653:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13167 comm="syz.2.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 277.049658][ T30] audit: type=1326 audit(1758747669.653:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13167 comm="syz.2.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69db78eec9 code=0x7ffc0000 [ 278.563464][ T5850] Bluetooth: hci3: command 0x0419 tx timeout [ 278.628484][T13201] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3043'. [ 278.643027][ T5850] Bluetooth: hci2: command 0x0419 tx timeout [ 278.649178][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 278.655616][ T51] Bluetooth: hci4: command 0x0419 tx timeout [ 278.824222][T13208] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 279.102457][ T5981] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 279.272287][ T5981] usb 2-1: Using ep0 maxpacket: 8 [ 279.301458][ T5981] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 279.324476][ T5981] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 279.346359][ T5981] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 279.381699][ T5981] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 279.408145][ T5981] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 279.421249][ T5981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.507153][T13230] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 279.656786][ T5981] usb 2-1: usb_control_msg returned -32 [ 279.676955][ T5981] usbtmc 2-1:16.0: can't read capabilities [ 279.683187][ T5914] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 279.705642][ T5981] usb 2-1: USB disconnect, device number 28 [ 279.844022][ T5914] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 279.861556][ T5914] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 279.879971][ T5914] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 279.913497][ T5914] usb 5-1: config 220 has no interface number 2 [ 279.926988][ T5914] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 279.944212][ T5914] usb 5-1: config 220 interface 0 has no altsetting 0 [ 279.951029][ T5914] usb 5-1: config 220 interface 76 has no altsetting 0 [ 279.967701][ T5914] usb 5-1: config 220 interface 1 has no altsetting 0 [ 279.979168][ T5914] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 279.988728][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.006858][ T5914] usb 5-1: Product: syz [ 280.013830][ T5914] usb 5-1: Manufacturer: syz [ 280.019674][ T5914] usb 5-1: SerialNumber: syz [ 280.161648][ T5955] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 280.198163][ T10] libceph: connect (1)[c::]:6789 error -101 [ 280.204993][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 280.238840][ T5914] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 280.246590][ T5914] usb 5-1: No valid video chain found. [ 280.252180][ T5981] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 280.259848][ T5914] usb 5-1: selecting invalid altsetting 0 [ 280.276420][ T10] libceph: connect (1)[c::]:6789 error -101 [ 280.282661][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 280.286788][ T5914] usb 5-1: selecting invalid altsetting 0 [ 280.290316][ T10] libceph: connect (1)[c::]:6789 error -101 [ 280.304060][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 280.310255][ T5914] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 280.321667][ T5914] usb 5-1: USB disconnect, device number 32 [ 280.324639][ T5955] usb 1-1: config 0 has no interfaces? [ 280.340590][ T5955] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 280.351637][ T5955] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.366033][ T5955] usb 1-1: config 0 descriptor?? [ 280.412630][ T5981] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 280.423772][ T5981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 280.434961][ T5981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 280.445566][ T5981] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 280.460186][ T5981] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 280.470161][ T5981] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 280.478504][ T5981] usb 3-1: Manufacturer: syz [ 280.481263][ T5955] libceph: connect (1)[c::]:6789 error -101 [ 280.485210][ T5981] usb 3-1: config 0 descriptor?? [ 280.497977][ T5955] libceph: mon0 (1)[c::]:6789 connect error [ 280.561700][ T5955] libceph: connect (1)[c::]:6789 error -101 [ 280.567863][ T5955] libceph: mon0 (1)[c::]:6789 connect error [ 280.590590][ T5955] usb 1-1: USB disconnect, device number 38 [ 280.658528][T13278] smc: net device bond0 applied user defined pnetid SYZ2 [ 280.722367][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 280.724388][ T5857] Bluetooth: hci2: command 0x0419 tx timeout [ 280.914204][ T5981] appleir 0003:05AC:8243.0026: unknown main item tag 0x0 [ 280.943678][ T5981] appleir 0003:05AC:8243.0026: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 281.010899][ T5955] libceph: connect (1)[c::]:6789 error -101 [ 281.019883][ T5955] libceph: mon0 (1)[c::]:6789 connect error [ 281.029451][T13260] ceph: No mds server is up or the cluster is laggy [ 281.029622][T13265] ceph: No mds server is up or the cluster is laggy [ 281.113240][ T5955] libceph: connect (1)[c::]:6789 error -101 [ 281.120087][ T5955] libceph: mon0 (1)[c::]:6789 connect error [ 281.632882][ T5914] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 281.752527][T13302] SELinux: ebitmap: empty map [ 281.787058][T13302] SELinux: failed to load policy [ 281.801059][ T5914] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 281.837778][ T5914] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 281.873345][ T5914] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 281.883183][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.151701][ T5914] usb 2-1: usb_control_msg returned -32 [ 282.158114][ T5914] usbtmc 2-1:16.0: can't read capabilities [ 282.695969][T13329] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 282.798735][ T5857] Bluetooth: hci2: command 0x0419 tx timeout [ 282.799163][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 283.611210][ T5914] usb 3-1: USB disconnect, device number 37 [ 283.770412][T13342] could not open pipe file descriptor [ 283.930483][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 283.930499][ T30] audit: type=1400 audit(1758747676.560:935): avc: denied { ioctl } for pid=13348 comm="syz.2.3106" path="/dev/usbmon7" dev="devtmpfs" ino=737 ioctlcmd=0x9206 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 284.064439][ T30] audit: type=1400 audit(1758747676.700:936): avc: denied { map } for pid=13358 comm="syz.2.3110" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 284.126323][ T30] audit: type=1400 audit(1758747676.700:937): avc: denied { execute } for pid=13358 comm="syz.2.3110" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 284.184098][T13362] netlink: 'syz.2.3112': attribute type 1 has an invalid length. [ 284.196017][T13362] netlink: 'syz.2.3112': attribute type 4 has an invalid length. [ 284.204702][T13362] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.3112'. [ 284.426674][ T5914] usb 2-1: USB disconnect, device number 29 [ 284.877160][ T51] Bluetooth: hci2: command 0x0419 tx timeout [ 285.087926][T13420] openvswitch: netlink: Multiple metadata blocks provided [ 285.186991][ T30] audit: type=1400 audit(1758747677.831:938): avc: denied { bind } for pid=13421 comm="syz.1.3138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 285.244860][ T30] audit: type=1400 audit(1758747677.831:939): avc: denied { listen } for pid=13421 comm="syz.1.3138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 285.579928][T13431] kvm: kvm [13430]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x5407 [ 285.591765][T13431] kvm: kvm [13430]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x5b07 [ 285.684004][T13431] kvm_intel: kvm [13430]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x1d9) = 0x9cbf [ 285.731189][T13431] kvm: kvm [13430]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x187) = 0xcabf [ 285.746330][T13431] kvm: kvm [13430]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x186) = 0x78ae [ 285.805112][T13431] kvm: kvm [13430]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x11e) = 0x835b [ 285.821644][T13431] kvm: kvm [13430]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x1b4a [ 285.839150][T13438] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3143'. [ 285.849768][T13431] kvm: kvm [13430]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x553a [ 285.990063][T13441] GUP no longer grows the stack in syz.1.3144 (13441): 200000004000-20000000a000 (200000002000) [ 286.055494][T13441] CPU: 0 UID: 0 PID: 13441 Comm: syz.1.3144 Not tainted syzkaller #0 PREEMPT(full) [ 286.055520][T13441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 286.055528][T13441] Call Trace: [ 286.055532][T13441] [ 286.055537][T13441] dump_stack_lvl+0x16c/0x1f0 [ 286.055560][T13441] gup_vma_lookup+0x1d2/0x220 [ 286.055578][T13441] __get_user_pages+0x243/0x34a0 [ 286.055598][T13441] ? find_held_lock+0x2b/0x80 [ 286.055616][T13441] ? __pfx___get_user_pages+0x10/0x10 [ 286.055635][T13441] get_user_pages_remote+0x243/0xab0 [ 286.055652][T13441] ? mas_parent_gap+0x6f0/0x7b0 [ 286.055668][T13441] ? __pfx_get_user_pages_remote+0x10/0x10 [ 286.055685][T13441] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 286.055701][T13441] __access_remote_vm+0x24d/0x850 [ 286.055717][T13441] ? do_raw_spin_lock+0x12c/0x2b0 [ 286.055729][T13441] ? __pfx___access_remote_vm+0x10/0x10 [ 286.055746][T13441] proc_pid_cmdline_read+0x4de/0x8e0 [ 286.055766][T13441] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 286.055781][T13441] ? rw_verify_area+0xcf/0x6c0 [ 286.055798][T13441] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 286.055811][T13441] vfs_readv+0x5c1/0x8b0 [ 286.055824][T13441] ? __pfx_vfs_readv+0x10/0x10 [ 286.055844][T13441] ? __fget_files+0x20e/0x3c0 [ 286.055861][T13441] ? do_preadv+0x1a6/0x270 [ 286.055871][T13441] do_preadv+0x1a6/0x270 [ 286.055881][T13441] ? __pfx_do_preadv+0x10/0x10 [ 286.055896][T13441] do_syscall_64+0xcd/0x4e0 [ 286.055913][T13441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.055925][T13441] RIP: 0033:0x7fe9e838eec9 [ 286.055934][T13441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.055945][T13441] RSP: 002b:00007fe9e9293038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 286.055956][T13441] RAX: ffffffffffffffda RBX: 00007fe9e85e5fa0 RCX: 00007fe9e838eec9 [ 286.055963][T13441] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 286.055969][T13441] RBP: 00007fe9e8411f91 R08: 0000000000000000 R09: 0000000000000000 [ 286.055975][T13441] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 286.055982][T13441] R13: 00007fe9e85e6038 R14: 00007fe9e85e5fa0 R15: 00007ffc1488def8 [ 286.055995][T13441] [ 286.286112][ C0] vkms_vblank_simulate: vblank timer overrun [ 286.326420][T13446] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 286.355319][ T30] audit: type=1400 audit(1758747678.962:940): avc: denied { name_bind 0x1000000 } for pid=13445 comm="syz.1.3145" path="socket:[51659]" dev="sockfs" ino=51659 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 286.460876][T13435] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 286.592680][T13454] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.3147'. [ 286.654516][T13435] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 287.043345][T13471] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.3156'. [ 287.078566][T13438] geneve3: entered promiscuous mode [ 287.091413][T13438] geneve3: entered allmulticast mode [ 287.120606][ T5981] syz1: Port: 1 Link DOWN [ 287.200883][T13477] loop6: detected capacity change from 0 to 7 [ 287.263333][T13477] Dev loop6: unable to read RDB block 7 [ 287.280544][T13477] loop6: AHDI p3 p4 [ 287.284667][T13477] loop6: partition table partially beyond EOD, truncated [ 287.291910][T13477] loop6: p3 start 1886353253 is beyond EOD, truncated [ 287.382050][T13486] block nbd7: Attempted send on invalid socket [ 287.402383][T13486] blk_print_req_error: 2 callbacks suppressed [ 287.402402][T13486] I/O error, dev nbd7, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 287.421612][T13486] block nbd7: Attempted send on invalid socket [ 287.428095][T13486] I/O error, dev nbd7, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 287.441794][T13486] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 287.475957][T13486] block nbd7: Send control failed (result -107) [ 287.485322][T13486] block nbd7: Request send failed, requeueing [ 287.492256][ T55] block nbd7: Dead connection, failed to find a fallback [ 287.500066][ T55] block nbd7: shutting down sockets [ 287.505462][ T55] I/O error, dev nbd7, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 287.515200][T13486] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 287.527410][T13486] I/O error, dev nbd7, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 287.537326][T13486] I/O error, dev nbd7, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 287.546906][T13486] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 287.559282][T13486] I/O error, dev nbd7, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 287.570118][T13486] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 287.582958][T13486] I/O error, dev nbd7, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 287.592661][T13486] I/O error, dev nbd7, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 287.604484][T13486] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 287.619384][T13486] I/O error, dev nbd7, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 287.631368][T13486] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 287.641941][T13486] I/O error, dev nbd7, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 287.651959][T13486] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 287.662034][T13486] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 287.672882][ T30] audit: type=1400 audit(1758747680.313:941): avc: denied { mount } for pid=13496 comm="syz.2.3167" name="/" dev="configfs" ino=1161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 287.745597][ T30] audit: type=1400 audit(1758747680.323:942): avc: denied { search } for pid=13496 comm="syz.2.3167" name="/" dev="configfs" ino=1161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 287.748513][T13486] UDF-fs: warning (device nbd7): udf_fill_super: No partition found (1) [ 287.794154][ T30] audit: type=1400 audit(1758747680.343:943): avc: denied { search } for pid=13496 comm="syz.2.3167" name="/" dev="configfs" ino=1161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 287.823651][ T30] audit: type=1400 audit(1758747680.343:944): avc: denied { read open } for pid=13496 comm="syz.2.3167" path="/" dev="configfs" ino=1161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 287.959104][T13515] netlink: 'syz.1.3175': attribute type 1 has an invalid length. [ 287.973833][T13515] netlink: 'syz.1.3175': attribute type 2 has an invalid length. [ 288.080374][T13518] SELinux: failed to load policy [ 288.123743][ T5914] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 288.283370][ T5914] usb 5-1: Using ep0 maxpacket: 8 [ 288.297895][ T5914] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 288.308842][ T5914] usb 5-1: config 179 has no interface number 0 [ 288.319076][ T5914] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 288.330494][ T5914] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 288.345639][ T5914] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 288.358139][ T5914] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 288.376237][ T5914] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 288.395089][ T5914] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 288.407525][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.419999][T13507] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 288.533335][ T5981] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 288.558657][T13548] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3189'. [ 288.702956][ T5981] usb 3-1: Using ep0 maxpacket: 16 [ 288.714200][ T5981] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 288.735602][ T5914] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input51 [ 288.748483][ T5981] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 288.765624][ T5981] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 288.776379][ T5981] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 12592, setting to 1024 [ 288.788357][ T5981] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 288.810404][ T5981] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 288.830446][ T5981] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 288.840006][ T5981] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 288.850723][ T5981] usb 3-1: SerialNumber: syz [ 288.861841][T13536] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 288.880073][ T5981] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 288.915969][ T5981] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -12 [ 288.936424][T13507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.949507][T13507] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 289.088589][ T5981] usb 3-1: USB disconnect, device number 38 [ 289.097025][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 289.097041][ T30] audit: type=1326 audit(1758747681.745:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13532 comm="syz.0.3184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbba4f8eec9 code=0x7fc00000 [ 289.206433][T13448] usb 5-1: USB disconnect, device number 33 [ 289.212546][ C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 289.212593][ C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 289.591466][ T30] audit: type=1400 audit(1758747682.235:948): avc: denied { bind } for pid=13582 comm="syz.1.3203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 289.648461][ T30] audit: type=1400 audit(1758747682.295:949): avc: denied { write } for pid=13582 comm="syz.1.3203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 289.809937][T13591] input: syz0 as /devices/virtual/input/input52 [ 290.261476][T13608] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3212'. [ 290.681889][ T5981] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 290.840626][ T5981] usb 3-1: Using ep0 maxpacket: 32 [ 290.847325][ T5981] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 290.856248][ T5981] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 290.866059][ T5981] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 290.876421][ T5981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 290.893692][ T5981] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 290.905948][ T5981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 290.918162][ T5981] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 290.928800][ T5981] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 290.980140][ T5981] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 290.992628][ T5981] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.006641][ T5981] usb 3-1: config 0 descriptor?? [ 291.015814][T13612] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 291.232141][ T5981] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 39 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 291.493711][T13638] SELinux: ebitmap start bit (4294967294) is not a multiple of the map unit size (64) [ 291.528237][ T10] usb 3-1: USB disconnect, device number 39 [ 291.535841][T13638] SELinux: failed to load policy [ 291.549035][ T10] usblp0: removed [ 292.229069][ T30] audit: type=1400 audit(1758747684.878:950): avc: denied { ioctl } for pid=13646 comm="syz.4.3229" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x125d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 292.253842][ C0] vkms_vblank_simulate: vblank timer overrun [ 292.273749][T13647] Trying to write to read-only block-device nullb0 [ 292.707642][T13662] SELinux: ebitmap: truncated map [ 292.735099][T13671] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3235'. [ 292.754491][T13662] SELinux: failed to load policy [ 292.771205][ T30] audit: type=1326 audit(1758747685.428:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13658 comm="syz.7.3233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f514158eec9 code=0x7fc00000 [ 292.911503][T13677] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3240'. [ 293.367174][ T30] audit: type=1326 audit(1758747686.009:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13658 comm="syz.7.3233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f514158eec9 code=0x7fc00000 [ 294.327887][T13714] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3255'. [ 294.349318][T13714] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3255'. [ 294.423462][T13720] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3258'. [ 294.669483][ T30] audit: type=1400 audit(1758747687.320:953): avc: denied { nlmsg_read } for pid=13725 comm="syz.2.3260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 294.766558][ T30] audit: type=1400 audit(1758747687.410:954): avc: denied { checkpoint_restore } for pid=13727 comm="syz.2.3261" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 295.585886][T13689] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 295.585965][ T51] Bluetooth: hci3: command 0x0419 tx timeout [ 296.360203][T13689] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 296.366506][T13689] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 296.372547][T13689] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 296.430047][T13738] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 296.524261][ T30] audit: type=1400 audit(1758747689.172:955): avc: denied { mounton } for pid=13742 comm="syz.2.3266" path="/file0" dev="ramfs" ino=54319 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 296.626110][ T5921] usb 1-1: new full-speed USB device number 39 using dummy_hcd [ 296.635034][ T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 296.637180][T13448] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 296.787207][ T5921] usb 1-1: device descriptor read/all, error -71 [ 296.797161][T13448] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 296.799681][ T10] usb 8-1: device descriptor read/all, error -71 [ 296.808146][T13448] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 296.825688][T13448] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 296.837408][T13448] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 296.849534][T13448] usb 2-1: SerialNumber: syz [ 296.854612][ T9] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 297.040609][ T9] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 297.051850][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.063323][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 297.085708][T13448] usb 2-1: 0:2 : does not exist [ 297.091778][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 297.122655][ T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 297.136737][ T9] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 297.137035][T13448] usb 2-1: USB disconnect, device number 30 [ 297.146949][ T9] usb 5-1: Manufacturer: syz [ 297.177224][ T9] usb 5-1: config 0 descriptor?? [ 297.616200][ T9] appleir 0003:05AC:8243.0027: unknown main item tag 0x0 [ 297.635134][ T9] appleir 0003:05AC:8243.0027: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 297.673796][ T51] Bluetooth: hci4: command 0x0419 tx timeout [ 297.853611][ T10] usb 8-1: new low-speed USB device number 3 using dummy_hcd [ 298.048130][ T10] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 298.057722][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.105188][ T10] usb 8-1: config 0 descriptor?? [ 298.318394][ T10] asix 8-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 298.383612][ T51] Bluetooth: hci2: command 0x0419 tx timeout [ 298.383638][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout [ 299.060107][T13810] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3292'. [ 299.069391][T13810] openvswitch: netlink: nsh attr 0 has unexpected len 8 expected 0 [ 299.077476][T13810] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 299.325992][ T10] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 299.348700][ T10] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 299.378282][ T10] asix 8-1:0.0: probe with driver asix failed with error -71 [ 299.401152][ T10] usb 8-1: USB disconnect, device number 3 [ 299.468089][ T30] audit: type=1400 audit(1758747692.125:956): avc: denied { ioctl } for pid=13825 comm="syz.0.3299" path="socket:[54653]" dev="sockfs" ino=54653 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 299.638316][ T5921] usb 5-1: USB disconnect, device number 34 [ 299.774556][ T30] audit: type=1400 audit(1758747692.425:957): avc: denied { ioctl } for pid=13838 comm="syz.2.3305" path="socket:[53510]" dev="sockfs" ino=53510 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 299.779226][T13839] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3305'. [ 299.817001][T13842] input: syz0 as /devices/virtual/input/input53 [ 299.930552][T13848] input: syz1 as /devices/virtual/input/input54 [ 299.958222][T13852] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3310'. [ 300.349063][ T5857] block nbd2: Receive control failed (result -32) [ 300.366397][T13875] block nbd2: shutting down sockets [ 300.437980][T13881] KVM: debugfs: duplicate directory 13881-4 [ 300.706905][ T30] audit: type=1400 audit(1758747693.366:958): avc: denied { map } for pid=13898 comm="syz.4.3332" path="socket:[53664]" dev="sockfs" ino=53664 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 300.757412][ T30] audit: type=1400 audit(1758747693.366:959): avc: denied { read } for pid=13898 comm="syz.4.3332" path="socket:[53664]" dev="sockfs" ino=53664 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 301.460138][ T30] audit: type=1400 audit(1758747694.057:960): avc: denied { setopt } for pid=13932 comm="syz.1.3347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 301.633663][ T30] audit: type=1400 audit(1758747694.297:961): avc: denied { mounton } for pid=13940 comm="syz.2.3350" path="/745/file0" dev="tmpfs" ino=3857 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 301.781769][T13950] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3354'. [ 301.948144][ T30] audit: type=1400 audit(1758747694.608:962): avc: denied { watch watch_reads } for pid=13961 comm="syz.7.3359" path="/64/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 302.096802][ T30] audit: type=1400 audit(1758747694.758:963): avc: denied { write } for pid=13970 comm="syz.2.3363" name="file0" dev="tmpfs" ino=3878 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 302.124175][ T30] audit: type=1400 audit(1758747694.758:964): avc: denied { open } for pid=13970 comm="syz.2.3363" path="/749/file0" dev="tmpfs" ino=3878 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 302.167042][ T30] audit: type=1400 audit(1758747694.808:965): avc: denied { ioctl } for pid=13970 comm="syz.2.3363" path="/749/file0" dev="tmpfs" ino=3878 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 302.170270][T13978] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 302.254450][T13981] evm: overlay not supported [ 302.265878][ T30] audit: type=1400 audit(1758747694.908:966): avc: denied { create } for pid=13980 comm="syz.4.3369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 302.307882][T13984] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3370'. [ 302.368148][T13984] 8021q: adding VLAN 0 to HW filter on device bond1 [ 302.410767][T13984] 8021q: adding VLAN 0 to HW filter on device bond1 [ 302.419745][T13984] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 302.450518][T13984] bond1: (slave vcan1): Error -95 calling set_mac_address [ 302.694897][T14009] overlayfs: overlapping lowerdir path [ 302.712924][T14009] overlayfs: failed to verify upper root origin [ 302.719528][ T5921] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 302.836643][T14013] syzkaller1: entered promiscuous mode [ 302.851785][T14013] syzkaller1: entered allmulticast mode [ 302.878687][ T5921] usb 1-1: Using ep0 maxpacket: 8 [ 302.889441][ T5921] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 302.897703][ T5921] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 302.915413][ T5921] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 302.925789][ T10] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 302.933631][ T5921] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 302.943887][ T5921] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 302.957945][ T5921] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 302.967065][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.985261][ T5857] block nbd1: Receive control failed (result -32) [ 303.001876][T14017] block nbd1: shutting down sockets [ 303.040994][T14022] lo speed is unknown, defaulting to 1000 [ 303.049324][T14022] lo speed is unknown, defaulting to 1000 [ 303.055892][T14022] lo speed is unknown, defaulting to 1000 [ 303.120145][ T10] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 303.129787][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.146688][ T10] usb 5-1: config 0 descriptor?? [ 303.186580][ T5921] usb 1-1: usb_control_msg returned -32 [ 303.202331][ T5921] usbtmc 1-1:16.0: can't read capabilities [ 303.301178][T14022] infiniband sz1: set down [ 303.305775][ T5921] lo speed is unknown, defaulting to 1000 [ 303.313986][T14022] infiniband sz1: added lo [ 303.351829][T14022] RDS/IB: sz1: added [ 303.356018][T14022] smc: adding ib device sz1 with port count 1 [ 303.362646][T14022] smc: ib device sz1 port 1 has pnetid [ 303.373133][T13448] lo speed is unknown, defaulting to 1000 [ 303.381917][T14022] lo speed is unknown, defaulting to 1000 [ 303.548507][T14022] lo speed is unknown, defaulting to 1000 [ 303.726514][T14022] lo speed is unknown, defaulting to 1000 [ 303.754258][T14035] input: syz1 as /devices/virtual/input/input55 [ 304.000242][T14022] lo speed is unknown, defaulting to 1000 [ 304.180391][ T10] pegasus 5-1:0.0: probe with driver pegasus failed with error -71 [ 304.191392][ T10] usb 5-1: USB disconnect, device number 35 [ 304.240710][T14022] lo speed is unknown, defaulting to 1000 [ 304.452358][T14059] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3405'. [ 304.464371][T14059] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3405'. [ 304.908134][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 304.918607][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 304.927167][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 304.937542][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 304.968799][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 305.577577][ T5921] usb 1-1: USB disconnect, device number 41 [ 305.693476][T14083] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 305.702402][T14081] vcan0: entered allmulticast mode [ 305.708628][T14081] vcan0: left allmulticast mode [ 305.879016][T14071] lo speed is unknown, defaulting to 1000 [ 306.069559][T14093] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 306.260078][ T5981] IPVS: starting estimator thread 0... [ 306.267198][T14105] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 306.285532][ C1] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 306.388081][T14106] IPVS: using max 38 ests per chain, 91200 per kthread [ 306.520979][T14120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3432'. [ 306.782469][T14071] chnl_net:caif_netlink_parms(): no params data found [ 306.939400][T14071] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.946864][ T5921] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 306.960193][T14071] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.984656][T14071] bridge_slave_0: entered allmulticast mode [ 306.996651][T14071] bridge_slave_0: entered promiscuous mode [ 307.017631][T14071] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.025618][T14071] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.033049][T14071] bridge_slave_1: entered allmulticast mode [ 307.043990][T14071] bridge_slave_1: entered promiscuous mode [ 307.091863][T14071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 307.101029][ T5857] Bluetooth: hci3: command tx timeout [ 307.130474][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 307.130489][ T30] audit: type=1400 audit(1758747699.793:973): avc: denied { append } for pid=14158 comm="syz.0.3446" name="usbmon5" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 307.148440][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 307.160127][ C1] vkms_vblank_simulate: vblank timer overrun [ 307.183017][T14071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 307.210341][ T5921] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 307.220497][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.233595][ T10] kernel read not supported for file /admmidi2 (pid: 10 comm: kworker/0:1) [ 307.260005][T14071] team0: Port device team_slave_0 added [ 307.265838][ T5921] usb 5-1: config 0 descriptor?? [ 307.292640][T14071] team0: Port device team_slave_1 added [ 307.418163][T14071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 307.433962][T14071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.459875][ C1] vkms_vblank_simulate: vblank timer overrun [ 307.561383][T14071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 307.589056][T14071] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 307.672327][ T5921] keytouch 0003:0926:3333.0028: fixing up Keytouch IEC report descriptor [ 307.690437][ T5921] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0028/input/input56 [ 307.729176][T14071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.788572][ T5921] keytouch 0003:0926:3333.0028: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 307.789568][T14071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 308.084654][T14071] hsr_slave_0: entered promiscuous mode [ 308.097547][T14071] hsr_slave_1: entered promiscuous mode [ 308.126870][T14071] debugfs: 'hsr0' already exists in 'hsr' [ 308.148874][T14071] Cannot create hsr debugfs directory [ 308.241708][ T5921] usb 5-1: USB disconnect, device number 36 [ 308.622040][T14071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 308.677972][T14071] 8021q: adding VLAN 0 to HW filter on device team0 [ 308.691922][ T1031] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.699162][ T1031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.724168][ T30] audit: type=1400 audit(1758747701.384:974): avc: denied { unmount } for pid=5855 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 308.741173][ T1031] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.751191][ T1031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 309.007382][ T30] audit: type=1400 audit(1758747701.675:975): avc: denied { unmount } for pid=5855 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 309.194337][ T5857] Bluetooth: hci3: command tx timeout [ 309.231786][ T5848] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 309.288121][T14071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 309.437855][ T30] audit: type=1400 audit(1758747702.105:976): avc: denied { read } for pid=14215 comm="syz.0.3463" lport=40955 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 309.468838][ T5848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 309.511373][ T5848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.547070][ T5848] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 309.598299][ T5848] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 309.628604][ T5848] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.659579][ T5848] usb 5-1: config 0 descriptor?? [ 309.679327][ T30] audit: type=1400 audit(1758747702.345:977): avc: denied { watch_reads } for pid=14226 comm="syz.0.3465" path="/687/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1 [ 309.885247][T14071] veth0_vlan: entered promiscuous mode [ 309.900779][T14071] veth1_vlan: entered promiscuous mode [ 309.950990][T14071] veth0_macvtap: entered promiscuous mode [ 309.966283][T14071] veth1_macvtap: entered promiscuous mode [ 309.993406][T14071] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 310.013646][T14071] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 310.105783][ T5848] plantronics 0003:047F:FFFF.0029: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 310.173934][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.182249][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.236314][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.244446][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.336843][ T5848] usb 5-1: USB disconnect, device number 37 [ 310.366027][T14245] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3472'. [ 310.379443][ T30] audit: type=1400 audit(1758747703.046:978): avc: denied { write } for pid=14242 comm="syz.8.3409" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 310.507148][T14248] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3473'. [ 310.536997][ T30] audit: type=1400 audit(1758747703.206:979): avc: denied { read write } for pid=14250 comm="syz.7.3475" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 310.600883][ T30] audit: type=1400 audit(1758747703.206:980): avc: denied { open } for pid=14250 comm="syz.7.3475" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 310.625205][ C1] vkms_vblank_simulate: vblank timer overrun [ 310.760707][ T5914] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 310.912314][ T5914] usb 1-1: Using ep0 maxpacket: 16 [ 310.942101][ T5914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 310.963578][ T5914] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 311.000480][ T5981] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 311.009154][ T5914] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 311.050403][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.073782][ T5914] usb 1-1: config 0 descriptor?? [ 311.170403][ T5981] usb 8-1: Using ep0 maxpacket: 16 [ 311.179357][ T5981] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 187, changing to 7 [ 311.196055][ T5981] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 311.206805][ T5981] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.224837][ T5981] usb 8-1: Product: syz [ 311.234703][ T5981] usb 8-1: Manufacturer: syz [ 311.244865][ T5981] usb 8-1: SerialNumber: syz [ 311.251191][ T5857] Bluetooth: hci3: command tx timeout [ 311.267863][ T5981] usb 8-1: config 0 descriptor?? [ 311.285822][ T5981] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 311.299611][ T5981] em28xx 8-1:0.0: DVB interface 0 found: isoc [ 311.497866][ T30] audit: type=1400 audit(1758747704.147:981): avc: denied { map } for pid=14267 comm="syz.4.3482" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 311.534266][ T5914] HID 045e:07da: Invalid code 65791 type 1 [ 311.562317][ T5914] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.002A/input/input58 [ 311.590594][ T5914] microsoft 0003:045E:07DA.002A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 311.595962][ T70] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.759199][ T70] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.812613][ T5981] em28xx 8-1:0.0: unknown em28xx chip ID (0) [ 311.872807][ T70] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.910000][ T5981] em28xx 8-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 311.928286][ T5981] em28xx 8-1:0.0: board has no eeprom [ 311.959499][ T5914] usb 9-1: new full-speed USB device number 2 using dummy_hcd [ 311.977028][ T70] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.009559][ T5981] em28xx 8-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 312.017411][ T5981] em28xx 8-1:0.0: dvb set to isoc mode. [ 312.033628][T13448] em28xx 8-1:0.0: Binding DVB extension [ 312.057135][ T5981] usb 8-1: USB disconnect, device number 4 [ 312.070240][ T5981] em28xx 8-1:0.0: Disconnecting em28xx [ 312.122583][ T5914] usb 9-1: config 1 has an invalid interface number: 105 but max is 0 [ 312.133880][T13448] em28xx 8-1:0.0: Registering input extension [ 312.140264][ T5914] usb 9-1: config 1 has no interface number 0 [ 312.147135][ T5981] em28xx 8-1:0.0: Closing input extension [ 312.156703][ T5914] usb 9-1: config 1 interface 105 altsetting 2 endpoint 0x82 has invalid maxpacket 80, setting to 64 [ 312.190848][ T5914] usb 9-1: config 1 interface 105 has no altsetting 0 [ 312.208457][ T5981] em28xx 8-1:0.0: Freeing device [ 312.213756][ T5914] usb 9-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 312.213834][ T70] bridge_slave_1: left allmulticast mode [ 312.229292][ T5914] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.238738][ T70] bridge_slave_1: left promiscuous mode [ 312.245364][ T70] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.249440][ T5914] usb 9-1: Product: syz [ 312.265766][ T5914] usb 9-1: Manufacturer: syz [ 312.270793][ T5914] usb 9-1: SerialNumber: syz [ 312.272473][ T70] bridge_slave_0: left allmulticast mode [ 312.287384][ T70] bridge_slave_0: left promiscuous mode [ 312.291088][T14271] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22 [ 312.305741][ T70] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.522607][ T30] audit: type=1400 audit(1758747705.198:982): avc: denied { mount } for pid=14284 comm="syz.7.3489" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 312.595505][ T30] audit: type=1400 audit(1758747705.218:983): avc: denied { mounton } for pid=14284 comm="syz.7.3489" path="/99/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 312.721504][T14292] netlink: 'syz.7.3491': attribute type 4 has an invalid length. [ 312.746043][T14271] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22 [ 312.856852][ T70] bond1 (unregistering): (slave geneve2): Releasing active interface [ 313.178402][ T5914] aqc111 9-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 313.201573][ T5914] aqc111 9-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 313.226139][ T5914] aqc111 9-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 313.328741][ T5857] Bluetooth: hci3: command tx timeout [ 313.342571][ T70] smc: removing net device bond0 with user defined pnetid SYZ2 [ 313.362760][ T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 313.385685][ T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 313.401348][ T70] bond0 (unregistering): Released all slaves [ 313.523107][ T5894] usb 1-1: USB disconnect, device number 42 [ 313.643973][ T70] bond1 (unregistering): Released all slaves [ 313.724235][ T5914] aqc111 9-1:1.105 eth17: register 'aqc111' at usb-dummy_hcd.8-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 56:52:3e:3d:9e:31 [ 313.766487][ T70] : left promiscuous mode [ 313.776058][ T5914] usb 9-1: USB disconnect, device number 2 [ 313.797465][ T5914] aqc111 9-1:1.105 eth17: unregister 'aqc111' usb-dummy_hcd.8-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 313.957247][ T5914] aqc111 9-1:1.105 eth17 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 313.975106][ T5914] aqc111 9-1:1.105 eth17 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 313.996095][ T5914] aqc111 9-1:1.105 eth17 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 315.009307][ T70] hsr_slave_0: left promiscuous mode [ 315.015321][ T70] hsr_slave_1: left promiscuous mode [ 315.023185][ T70] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 316.602304][T13448] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 316.611150][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.765177][ T5894] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 316.814770][T13448] usb 1-1: Using ep0 maxpacket: 8 [ 316.824232][T13448] usb 1-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 316.836961][T13448] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.848520][T13448] usb 1-1: Product: syz [ 316.852942][T13448] usb 1-1: Manufacturer: syz [ 316.870912][T13448] usb 1-1: SerialNumber: syz [ 316.895129][T13448] usb 1-1: config 0 descriptor?? [ 316.911507][T13448] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 316.920964][ T5894] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 316.938713][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.950083][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 316.964179][ T5894] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 316.981294][ T5894] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 316.991294][ T5894] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 317.002890][ T5894] usb 5-1: Manufacturer: syz [ 317.019312][ T5894] usb 5-1: config 0 descriptor?? [ 317.299336][ T70] IPVS: stop unused estimator thread 0... [ 317.453775][ T5894] appleir 0003:05AC:8243.002B: unknown main item tag 0x0 [ 317.496010][ T5894] appleir 0003:05AC:8243.002B: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 317.803903][ T5857] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 317.810539][ T51] Bluetooth: hci5: command 0x1003 tx timeout [ 318.118728][T13448] gspca_sonixj: reg_w1 err -71 [ 318.163360][T13448] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 318.183618][T13448] usb 1-1: USB disconnect, device number 43 [ 318.410606][ T30] audit: type=1400 audit(1758747711.084:984): avc: denied { shutdown } for pid=14406 comm="syz.7.3537" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 318.487902][T14413] [ 318.490264][T14413] ===================================================== [ 318.497197][T14413] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 318.504659][T14413] syzkaller #0 Not tainted [ 318.509085][T14413] ----------------------------------------------------- [ 318.516014][T14413] syz.8.3539/14413 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 318.523739][T14413] ffff888055949408 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 318.532471][T14413] [ 318.532471][T14413] and this task is already holding: [ 318.539837][T14413] ffff88807b881028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 318.549701][T14413] which would create a new lock dependency: [ 318.555592][T14413] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 318.563713][T14413] [ 318.563713][T14413] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 318.573218][T14413] (&dev->event_lock#2){..-.}-{3:3} [ 318.573257][T14413] [ 318.573257][T14413] ... which became SOFTIRQ-irq-safe at: [ 318.586159][T14413] lock_acquire+0x179/0x350 [ 318.590756][T14413] _raw_spin_lock_irqsave+0x3a/0x60 [ 318.596069][T14413] input_inject_event+0x9f/0x3b0 [ 318.601163][T14413] led_set_brightness+0x217/0x290 [ 318.606290][T14413] led_trigger_event+0xda/0x270 [ 318.611236][T14413] kbd_bh+0x21b/0x300 [ 318.615317][T14413] tasklet_action_common+0x281/0x400 [ 318.620701][T14413] handle_softirqs+0x219/0x8e0 [ 318.625560][T14413] run_ksoftirqd+0x3a/0x60 [ 318.630091][T14413] smpboot_thread_fn+0x3f7/0xae0 [ 318.635206][T14413] kthread+0x3c2/0x780 [ 318.639388][T14413] ret_from_fork+0x56a/0x730 [ 318.644180][T14413] ret_from_fork_asm+0x1a/0x30 [ 318.649084][T14413] [ 318.649084][T14413] to a SOFTIRQ-irq-unsafe lock: [ 318.656105][T14413] (tasklist_lock){.+.+}-{3:3} [ 318.656136][T14413] [ 318.656136][T14413] ... which became SOFTIRQ-irq-unsafe at: [ 318.668785][T14413] ... [ 318.668795][T14413] lock_acquire+0x179/0x350 [ 318.675964][T14413] _raw_read_lock+0x5f/0x70 [ 318.680572][T14413] __do_wait+0x105/0x890 [ 318.684973][T14413] do_wait+0x21e/0x5a0 [ 318.689166][T14413] kernel_wait+0x9f/0x160 [ 318.693593][T14413] call_usermodehelper_exec_work+0xf1/0x170 [ 318.699585][T14413] process_one_work+0x9cc/0x1b70 [ 318.704622][T14413] worker_thread+0x6c8/0xf10 [ 318.709348][T14413] kthread+0x3c2/0x780 [ 318.713525][T14413] ret_from_fork+0x56a/0x730 [ 318.718209][T14413] ret_from_fork_asm+0x1a/0x30 [ 318.723082][T14413] [ 318.723082][T14413] other info that might help us debug this: [ 318.723082][T14413] [ 318.733348][T14413] Chain exists of: [ 318.733348][T14413] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 318.733348][T14413] [ 318.747103][T14413] Possible interrupt unsafe locking scenario: [ 318.747103][T14413] [ 318.755425][T14413] CPU0 CPU1 [ 318.760799][T14413] ---- ---- [ 318.766166][T14413] lock(tasklist_lock); [ 318.770438][T14413] local_irq_disable(); [ 318.777191][T14413] lock(&dev->event_lock#2); [ 318.784407][T14413] lock(&client->buffer_lock); [ 318.791785][T14413] [ 318.795251][T14413] lock(&dev->event_lock#2); [ 318.800118][T14413] [ 318.800118][T14413] *** DEADLOCK *** [ 318.800118][T14413] [ 318.808264][T14413] 7 locks held by syz.8.3539/14413: [ 318.813466][T14413] #0: ffff888146b08118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x206/0x750 [ 318.822623][T14413] #1: ffff88801fb36230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 318.832742][T14413] #2: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 318.842439][T14413] #3: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 318.852031][T14413] #4: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 318.861211][T14413] #5: ffff88807b881028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 318.871501][T14413] #6: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 318.880578][T14413] [ 318.880578][T14413] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 318.890987][T14413] -> (&dev->event_lock#2){..-.}-{3:3} { [ 318.896657][T14413] IN-SOFTIRQ-W at: [ 318.900762][T14413] lock_acquire+0x179/0x350 [ 318.907103][T14413] _raw_spin_lock_irqsave+0x3a/0x60 [ 318.914145][T14413] input_inject_event+0x9f/0x3b0 [ 318.920952][T14413] led_set_brightness+0x217/0x290 [ 318.927824][T14413] led_trigger_event+0xda/0x270 [ 318.934512][T14413] kbd_bh+0x21b/0x300 [ 318.940340][T14413] tasklet_action_common+0x281/0x400 [ 318.947466][T14413] handle_softirqs+0x219/0x8e0 [ 318.954177][T14413] run_ksoftirqd+0x3a/0x60 [ 318.960432][T14413] smpboot_thread_fn+0x3f7/0xae0 [ 318.967226][T14413] kthread+0x3c2/0x780 [ 318.973126][T14413] ret_from_fork+0x56a/0x730 [ 318.979648][T14413] ret_from_fork_asm+0x1a/0x30 [ 318.986254][T14413] INITIAL USE at: [ 318.990258][T14413] lock_acquire+0x179/0x350 [ 318.996506][T14413] _raw_spin_lock_irqsave+0x3a/0x60 [ 319.003468][T14413] input_inject_event+0x9f/0x3b0 [ 319.010188][T14413] led_set_brightness+0x217/0x290 [ 319.016978][T14413] kbd_led_trigger_activate+0xcb/0x110 [ 319.024196][T14413] led_trigger_set+0x59a/0xc50 [ 319.030712][T14413] led_trigger_set_default+0x1e0/0x2e0 [ 319.037919][T14413] led_classdev_register_ext+0x7b8/0xa10 [ 319.045397][T14413] input_leds_connect+0x552/0x8e0 [ 319.052217][T14413] input_attach_handler.isra.0+0x176/0x250 [ 319.060329][T14413] input_register_device+0xab9/0x1180 [ 319.067818][T14413] atkbd_connect+0x5f8/0xa40 [ 319.074251][T14413] serio_driver_probe+0x7c/0xd0 [ 319.080864][T14413] really_probe+0x241/0xa90 [ 319.087209][T14413] __driver_probe_device+0x1de/0x440 [ 319.094315][T14413] driver_probe_device+0x4c/0x1b0 [ 319.101120][T14413] __driver_attach+0x283/0x580 [ 319.107681][T14413] bus_for_each_dev+0x13e/0x1d0 [ 319.114295][T14413] serio_handle_event+0x335/0xc30 [ 319.121215][T14413] process_one_work+0x9cc/0x1b70 [ 319.127915][T14413] worker_thread+0x6c8/0xf10 [ 319.134262][T14413] kthread+0x3c2/0x780 [ 319.140109][T14413] ret_from_fork+0x56a/0x730 [ 319.146454][T14413] ret_from_fork_asm+0x1a/0x30 [ 319.152977][T14413] } [ 319.155565][T14413] ... key at: [] __key.7+0x0/0x40 [ 319.162803][T14413] -> (&client->buffer_lock){....}-{3:3} { [ 319.168544][T14413] INITIAL USE at: [ 319.172447][T14413] lock_acquire+0x179/0x350 [ 319.178524][T14413] _raw_spin_lock+0x2e/0x40 [ 319.184614][T14413] evdev_pass_values+0x10e/0x9b0 [ 319.191138][T14413] evdev_events+0x1bb/0x390 [ 319.197233][T14413] input_pass_values+0x74e/0x880 [ 319.203749][T14413] input_handle_event+0xf00/0x14d0 [ 319.210446][T14413] input_inject_event+0x1e8/0x3b0 [ 319.217076][T14413] evdev_write+0x457/0x750 [ 319.223078][T14413] vfs_write+0x2a0/0x11d0 [ 319.228992][T14413] ksys_write+0x1f8/0x250 [ 319.235015][T14413] do_syscall_64+0xcd/0x4e0 [ 319.241363][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.248918][T14413] } [ 319.251421][T14413] ... key at: [] __key.1+0x0/0x40 [ 319.258583][T14413] ... acquired at: [ 319.262387][T14413] _raw_spin_lock+0x2e/0x40 [ 319.267083][T14413] evdev_pass_values+0x10e/0x9b0 [ 319.272231][T14413] evdev_events+0x1bb/0x390 [ 319.276920][T14413] input_pass_values+0x74e/0x880 [ 319.282089][T14413] input_handle_event+0xf00/0x14d0 [ 319.288090][T14413] input_inject_event+0x1e8/0x3b0 [ 319.293328][T14413] evdev_write+0x457/0x750 [ 319.297952][T14413] vfs_write+0x2a0/0x11d0 [ 319.302480][T14413] ksys_write+0x1f8/0x250 [ 319.307087][T14413] do_syscall_64+0xcd/0x4e0 [ 319.311892][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.317978][T14413] [ 319.320651][T14413] [ 319.320651][T14413] the dependencies between the lock to be acquired [ 319.320662][T14413] and SOFTIRQ-irq-unsafe lock: [ 319.334297][T14413] -> (tasklist_lock){.+.+}-{3:3} { [ 319.339608][T14413] HARDIRQ-ON-R at: [ 319.343769][T14413] lock_acquire+0x179/0x350 [ 319.350283][T14413] _raw_read_lock+0x5f/0x70 [ 319.356818][T14413] __do_wait+0x105/0x890 [ 319.363156][T14413] do_wait+0x21e/0x5a0 [ 319.369245][T14413] kernel_wait+0x9f/0x160 [ 319.375636][T14413] call_usermodehelper_exec_work+0xf1/0x170 [ 319.383547][T14413] process_one_work+0x9cc/0x1b70 [ 319.390502][T14413] worker_thread+0x6c8/0xf10 [ 319.397119][T14413] kthread+0x3c2/0x780 [ 319.403209][T14413] ret_from_fork+0x56a/0x730 [ 319.409803][T14413] ret_from_fork_asm+0x1a/0x30 [ 319.416587][T14413] SOFTIRQ-ON-R at: [ 319.420771][T14413] lock_acquire+0x179/0x350 [ 319.427291][T14413] _raw_read_lock+0x5f/0x70 [ 319.433809][T14413] __do_wait+0x105/0x890 [ 319.440074][T14413] do_wait+0x21e/0x5a0 [ 319.446167][T14413] kernel_wait+0x9f/0x160 [ 319.452501][T14413] call_usermodehelper_exec_work+0xf1/0x170 [ 319.460401][T14413] process_one_work+0x9cc/0x1b70 [ 319.467349][T14413] worker_thread+0x6c8/0xf10 [ 319.473938][T14413] kthread+0x3c2/0x780 [ 319.480030][T14413] ret_from_fork+0x56a/0x730 [ 319.486618][T14413] ret_from_fork_asm+0x1a/0x30 [ 319.493397][T14413] INITIAL USE at: [ 319.497484][T14413] lock_acquire+0x179/0x350 [ 319.503901][T14413] _raw_write_lock_irq+0x36/0x50 [ 319.510744][T14413] copy_process+0x4caf/0x7690 [ 319.517335][T14413] kernel_clone+0xfc/0x930 [ 319.523671][T14413] user_mode_thread+0xc7/0x110 [ 319.530363][T14413] rest_init+0x23/0x2b0 [ 319.536450][T14413] start_kernel+0x3ee/0x4d0 [ 319.542885][T14413] x86_64_start_reservations+0x18/0x30 [ 319.550264][T14413] x86_64_start_kernel+0x130/0x190 [ 319.557377][T14413] common_startup_64+0x13e/0x148 [ 319.564237][T14413] INITIAL READ USE at: [ 319.568848][T14413] lock_acquire+0x179/0x350 [ 319.575704][T14413] _raw_read_lock+0x5f/0x70 [ 319.582596][T14413] __do_wait+0x105/0x890 [ 319.589171][T14413] do_wait+0x21e/0x5a0 [ 319.595581][T14413] kernel_wait+0x9f/0x160 [ 319.602251][T14413] call_usermodehelper_exec_work+0xf1/0x170 [ 319.610475][T14413] process_one_work+0x9cc/0x1b70 [ 319.617772][T14413] worker_thread+0x6c8/0xf10 [ 319.624720][T14413] kthread+0x3c2/0x780 [ 319.631136][T14413] ret_from_fork+0x56a/0x730 [ 319.638073][T14413] ret_from_fork_asm+0x1a/0x30 [ 319.645187][T14413] } [ 319.647865][T14413] ... key at: [] tasklist_lock+0x18/0x40 [ 319.655763][T14413] ... acquired at: [ 319.659731][T14413] _raw_read_lock+0x5f/0x70 [ 319.664393][T14413] send_sigurg+0xed/0xc80 [ 319.668886][T14413] sk_send_sigurg+0x76/0x360 [ 319.673647][T14413] unix_stream_sendmsg+0xfa5/0x1340 [ 319.679025][T14413] ____sys_sendmsg+0xa98/0xc70 [ 319.683996][T14413] ___sys_sendmsg+0x134/0x1d0 [ 319.688862][T14413] __sys_sendmsg+0x16d/0x220 [ 319.693613][T14413] do_syscall_64+0xcd/0x4e0 [ 319.698469][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.704786][T14413] [ 319.707106][T14413] -> (&f_owner->lock){....}-{3:3} { [ 319.712395][T14413] INITIAL USE at: [ 319.716370][T14413] lock_acquire+0x179/0x350 [ 319.722616][T14413] _raw_write_lock_irq+0x36/0x50 [ 319.729330][T14413] __f_setown+0x61/0x3c0 [ 319.735325][T14413] fcntl_dirnotify+0x7b1/0xb60 [ 319.741814][T14413] do_fcntl+0xe62/0x15a0 [ 319.747780][T14413] __x64_sys_fcntl+0x163/0x200 [ 319.754287][T14413] do_syscall_64+0xcd/0x4e0 [ 319.760519][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.768131][T14413] INITIAL READ USE at: [ 319.772531][T14413] lock_acquire+0x179/0x350 [ 319.779192][T14413] _raw_read_lock_irqsave+0x74/0x90 [ 319.786574][T14413] send_sigio+0x31/0x3e0 [ 319.792978][T14413] dnotify_handle_event+0x15e/0x2b0 [ 319.800333][T14413] fsnotify_handle_inode_event.isra.0+0x1df/0x3f0 [ 319.808904][T14413] fsnotify+0x13d6/0x1dc0 [ 319.815385][T14413] vfs_readv+0x7a6/0x8b0 [ 319.821797][T14413] do_preadv+0x1a6/0x270 [ 319.828200][T14413] do_syscall_64+0xcd/0x4e0 [ 319.834857][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.842901][T14413] } [ 319.845467][T14413] ... key at: [] __key.1+0x0/0x40 [ 319.852649][T14413] ... acquired at: [ 319.856519][T14413] _raw_read_lock_irqsave+0x74/0x90 [ 319.861890][T14413] send_sigio+0x31/0x3e0 [ 319.866291][T14413] kill_fasync+0x214/0x510 [ 319.870883][T14413] lease_break_callback+0x23/0x30 [ 319.876067][T14413] __break_lease+0x671/0x1810 [ 319.880934][T14413] do_dentry_open+0x91f/0x1530 [ 319.885856][T14413] vfs_open+0x82/0x3f0 [ 319.890084][T14413] path_openat+0x1de4/0x2cb0 [ 319.894830][T14413] do_filp_open+0x20b/0x470 [ 319.899487][T14413] do_sys_openat2+0x11b/0x1d0 [ 319.904320][T14413] __x64_sys_openat+0x174/0x210 [ 319.909336][T14413] do_syscall_64+0xcd/0x4e0 [ 319.913997][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.920046][T14413] [ 319.922349][T14413] -> (&new->fa_lock){....}-{3:3} { [ 319.927457][T14413] INITIAL USE at: [ 319.931332][T14413] lock_acquire+0x179/0x350 [ 319.937381][T14413] _raw_write_lock_irq+0x36/0x50 [ 319.943866][T14413] fasync_remove_entry+0xb2/0x1e0 [ 319.950443][T14413] fasync_helper+0xaf/0xd0 [ 319.956409][T14413] sock_fasync+0x92/0x140 [ 319.962305][T14413] __fput+0x96b/0xb70 [ 319.967840][T14413] task_work_run+0x150/0x240 [ 319.973988][T14413] exit_to_user_mode_loop+0xeb/0x110 [ 319.980818][T14413] do_syscall_64+0x41c/0x4e0 [ 319.986954][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.994389][T14413] INITIAL READ USE at: [ 319.998697][T14413] lock_acquire+0x179/0x350 [ 320.005191][T14413] _raw_read_lock_irqsave+0x74/0x90 [ 320.012392][T14413] kill_fasync+0x138/0x510 [ 320.018804][T14413] sock_wake_async+0x132/0x160 [ 320.025565][T14413] sock_def_error_report+0x352/0x400 [ 320.032868][T14413] sk_error_report+0x3f/0x290 [ 320.039524][T14413] unix_dgram_disconnected+0x121/0x150 [ 320.046980][T14413] unix_dgram_connect+0x86f/0xc80 [ 320.053987][T14413] __sys_connect_file+0x141/0x1a0 [ 320.060990][T14413] __sys_connect+0x13b/0x160 [ 320.067556][T14413] __x64_sys_connect+0x72/0xb0 [ 320.074297][T14413] do_syscall_64+0xcd/0x4e0 [ 320.080785][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.088829][T14413] } [ 320.091316][T14413] ... key at: [] __key.0+0x0/0x40 [ 320.098421][T14413] ... acquired at: [ 320.102200][T14413] lock_acquire+0x179/0x350 [ 320.106859][T14413] _raw_read_lock_irqsave+0x74/0x90 [ 320.112215][T14413] kill_fasync+0x138/0x510 [ 320.116799][T14413] evdev_pass_values+0x619/0x9b0 [ 320.121899][T14413] evdev_events+0x1bb/0x390 [ 320.126563][T14413] input_pass_values+0x74e/0x880 [ 320.131686][T14413] input_handle_event+0xf00/0x14d0 [ 320.136981][T14413] input_inject_event+0x1e8/0x3b0 [ 320.142180][T14413] evdev_write+0x457/0x750 [ 320.146755][T14413] vfs_write+0x2a0/0x11d0 [ 320.151247][T14413] ksys_write+0x1f8/0x250 [ 320.155731][T14413] do_syscall_64+0xcd/0x4e0 [ 320.160394][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.166448][T14413] [ 320.168748][T14413] [ 320.168748][T14413] stack backtrace: [ 320.174624][T14413] CPU: 1 UID: 0 PID: 14413 Comm: syz.8.3539 Not tainted syzkaller #0 PREEMPT(full) [ 320.174641][T14413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 320.174650][T14413] Call Trace: [ 320.174656][T14413] [ 320.174663][T14413] dump_stack_lvl+0x116/0x1f0 [ 320.174681][T14413] check_irq_usage+0x7dc/0x920 [ 320.174703][T14413] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 320.174722][T14413] ? check_path.constprop.0+0x24/0x50 [ 320.174744][T14413] ? __lock_acquire+0x12bc/0x1ce0 [ 320.174765][T14413] __lock_acquire+0x12bc/0x1ce0 [ 320.174789][T14413] lock_acquire+0x179/0x350 [ 320.174800][T14413] ? kill_fasync+0x138/0x510 [ 320.174822][T14413] _raw_read_lock_irqsave+0x74/0x90 [ 320.174838][T14413] ? kill_fasync+0x138/0x510 [ 320.174857][T14413] kill_fasync+0x138/0x510 [ 320.174877][T14413] evdev_pass_values+0x619/0x9b0 [ 320.174900][T14413] evdev_events+0x1bb/0x390 [ 320.174921][T14413] input_pass_values+0x74e/0x880 [ 320.174944][T14413] input_handle_event+0xf00/0x14d0 [ 320.174965][T14413] ? _copy_from_user+0x59/0xd0 [ 320.174987][T14413] input_inject_event+0x1e8/0x3b0 [ 320.175009][T14413] evdev_write+0x457/0x750 [ 320.175023][T14413] ? __pfx_evdev_write+0x10/0x10 [ 320.175035][T14413] ? bpf_lsm_file_permission+0x9/0x10 [ 320.175053][T14413] ? security_file_permission+0x71/0x210 [ 320.175076][T14413] ? rw_verify_area+0xcf/0x6c0 [ 320.175098][T14413] ? __pfx_evdev_write+0x10/0x10 [ 320.175109][T14413] vfs_write+0x2a0/0x11d0 [ 320.175124][T14413] ? __pfx_vfs_write+0x10/0x10 [ 320.175137][T14413] ? find_held_lock+0x2b/0x80 [ 320.175153][T14413] ? __fget_files+0x204/0x3c0 [ 320.175169][T14413] ? __fget_files+0x20e/0x3c0 [ 320.175186][T14413] ksys_write+0x1f8/0x250 [ 320.175200][T14413] ? __pfx_ksys_write+0x10/0x10 [ 320.175216][T14413] do_syscall_64+0xcd/0x4e0 [ 320.175234][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.175248][T14413] RIP: 0033:0x7f161ad8eec9 [ 320.175260][T14413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.175274][T14413] RSP: 002b:00007f161bd0a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 320.175288][T14413] RAX: ffffffffffffffda RBX: 00007f161afe5fa0 RCX: 00007f161ad8eec9 [ 320.175298][T14413] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004 [ 320.175306][T14413] RBP: 00007f161ae11f91 R08: 0000000000000000 R09: 0000000000000000 [ 320.175315][T14413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 320.175323][T14413] R13: 00007f161afe6038 R14: 00007f161afe5fa0 R15: 00007ffc9c4c1e38 [ 320.175336][T14413] [ 320.435047][ T51] Bluetooth: hci3: command 0x0405 tx timeout [ 320.478761][ T30] audit: type=1400 audit(1758747712.966:985): avc: denied { unmount } for pid=5855 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 320.480514][ T5921] usb 5-1: USB disconnect, device number 38 [ 320.536394][ T30] audit: type=1400 audit(1758747713.216:986): avc: denied { unmount } for pid=5855 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 320.558736][ T30] audit: type=1400 audit(1758747713.236:987): avc: denied { unmount } for pid=5855 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1