last executing test programs: 1m8.39175435s ago: executing program 2 (id=2623): r0 = syz_usb_connect(0x2, 0x68, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902240001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r2}, 0x18) syz_usb_control_io(r0, 0x0, 0x0) 53.10356086s ago: executing program 2 (id=2623): r0 = syz_usb_connect(0x2, 0x68, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902240001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r2}, 0x18) syz_usb_control_io(r0, 0x0, 0x0) 42.882476912s ago: executing program 2 (id=2623): r0 = syz_usb_connect(0x2, 0x68, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902240001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r2}, 0x18) syz_usb_control_io(r0, 0x0, 0x0) 26.39175233s ago: executing program 2 (id=2623): r0 = syz_usb_connect(0x2, 0x68, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902240001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r2}, 0x18) syz_usb_control_io(r0, 0x0, 0x0) 15.786788447s ago: executing program 3 (id=3000): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080), 0x0) r2 = dup(r0) r3 = accept4(r1, 0x0, 0x0, 0x0) sendfile(r3, r2, 0x0, 0x8a002) 15.269548169s ago: executing program 3 (id=3002): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x2, 0x2, 0x44, 0x0, 0xd}) 15.168771008s ago: executing program 3 (id=3004): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r0, &(0x7f0000000100)=[{&(0x7f00000000c0)='4', 0x1}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 14.64631347s ago: executing program 3 (id=3006): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16) 13.572782052s ago: executing program 3 (id=3010): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) 12.184795063s ago: executing program 3 (id=3016): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) r0 = socket(0x1e, 0x5, 0x0) listen(r0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) accept4$inet6(r0, 0x0, 0x0, 0x0) 11.298884956s ago: executing program 2 (id=2623): r0 = syz_usb_connect(0x2, 0x68, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902240001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r2}, 0x18) syz_usb_control_io(r0, 0x0, 0x0) 5.577463439s ago: executing program 0 (id=3041): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x14, 0x4, 0x4, 0x448, 0x0, 0x1}, 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe, 0x0, &(0x7f00000001c0)="3f6c00c2231bc4cb501d70870800", 0x0, 0xdbf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 5.12476199s ago: executing program 4 (id=3042): socket$nl_route(0x10, 0x3, 0x0) r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = fsopen(&(0x7f0000000080)='debugfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0xb) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) 4.757520481s ago: executing program 0 (id=3044): sched_setscheduler(0x0, 0x2, 0x0) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000f00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000f40)={0x28, r0, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}}, 0x20000800) 4.020873191s ago: executing program 4 (id=3046): syz_clone(0x120e1100, 0x0, 0x0, 0x0, 0x0, 0x0) 3.709922887s ago: executing program 4 (id=3047): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x0) sendfile(r2, r0, 0x0, 0x80000000) 3.640122652s ago: executing program 0 (id=3048): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) r0 = socket(0x1e, 0x5, 0x0) listen(r0, 0x0) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) accept4$inet6(r0, 0x0, 0x0, 0x0) 2.802318824s ago: executing program 0 (id=3051): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$9p_tcp(&(0x7f00000002c0), &(0x7f0000000300)='./file0\x00', &(0x7f0000000380), 0x400, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=tc']) 2.736927951s ago: executing program 4 (id=3052): r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)='4', 0x1}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 2.631686511s ago: executing program 4 (id=3053): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c0000000f14010027bd7000fcdbdf250b00450075766572627300000800"], 0x2c}, 0x1, 0x0, 0x0, 0x20000010}, 0xc4000) 2.625172133s ago: executing program 2 (id=2623): r0 = syz_usb_connect(0x2, 0x68, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902240001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r2}, 0x18) syz_usb_control_io(r0, 0x0, 0x0) 2.586965354s ago: executing program 0 (id=3054): r0 = socket$rxrpc(0x21, 0x2, 0xa) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = syz_open_dev$usbfs(0x0, 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0, r5}, 0x18) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@ip_tos_int={{0x10, 0x110, 0xd, 0xfffffffc}}], 0x10, 0x4c00}, 0x10) 1.14187105s ago: executing program 0 (id=3055): syz_open_dev$evdev(&(0x7f0000000000), 0x9468, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000207d1e512d000000000001090224000100000000090400000103000200092100000001220500090581030014000000"], 0x0) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f01000000"], 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x28}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) r2 = syz_usb_connect(0x5, 0x35, &(0x7f0000000500)=ANY=[@ANYBLOB="120100004aaf36207205a5580a27010203010902230001000000000904010901a37d7e03090500004000020401080b01"], 0x0) syz_usb_disconnect(r2) r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$printer(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000c40)=ANY=[@ANYBLOB='\x00\x00W'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042) syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x44200) 1.125111346s ago: executing program 4 (id=3057): ioctl$SIOCX25SSUBSCRIP(0xffffffffffffffff, 0x89e1, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000005c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "48b603de"}]}}, 0x0}, 0x0) 810.024797ms ago: executing program 1 (id=3060): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, r2}) ioctl$DMA_BUF_SET_NAME_A(r4, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, &(0x7f0000000540)=0x1) 734.668998ms ago: executing program 1 (id=3061): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) getitimer(0x1, 0x0) 457.858542ms ago: executing program 1 (id=3062): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f00000000c0)=0x90000) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, &(0x7f0000000080)={@my=0x0}) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000) close_range(r0, 0xffffffffffffffff, 0x0) 340.2374ms ago: executing program 1 (id=3063): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x20040800) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x40820}, 0x10) writev(r0, &(0x7f0000000040), 0x2) close(r0) 227.041151ms ago: executing program 1 (id=3064): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000300)="f2435f0100088000000000850800", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100000000000000000000000002", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r1, @ANYBLOB="1400350064756d6d7930"], 0x3c}}, 0x0) 0s ago: executing program 1 (id=3065): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0x5, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4e1d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8) sendto$inet6(r3, 0x0, 0x0, 0x20000841, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r5, 0x84, 0x13, &(0x7f0000000100)=0x7, 0x4) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0) readv(r6, &(0x7f00000002c0)=[{&(0x7f0000001500)=""/4110, 0x100e}], 0x1) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): ] bond0: entered allmulticast mode [ 784.075972][T14938] bond_slave_0: entered allmulticast mode [ 784.081679][T14938] bond_slave_1: entered allmulticast mode [ 784.087811][T14938] team0: entered promiscuous mode [ 784.092823][T14938] team_slave_0: entered promiscuous mode [ 784.098497][T14938] team_slave_1: entered promiscuous mode [ 784.104180][T14938] team0: entered allmulticast mode [ 784.109260][T14938] team_slave_0: entered allmulticast mode [ 784.115313][T14938] team_slave_1: entered allmulticast mode [ 784.121530][T14938] dummy0: entered promiscuous mode [ 784.126617][T14938] dummy0: entered allmulticast mode [ 784.132116][T14938] nlmon0: entered promiscuous mode [ 784.137197][T14938] nlmon0: entered allmulticast mode [ 784.159277][T14938] caif0: entered promiscuous mode [ 784.164399][T14938] caif0: entered allmulticast mode [ 784.169546][T14938] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 784.411865][T14949] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2234'. [ 784.643617][T14961] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2237'. [ 784.675596][ T5913] usb 5-1: new full-speed USB device number 37 using dummy_hcd [ 784.892223][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 785.005269][T14962] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2239'. [ 785.103984][ T5913] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 785.116634][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.132314][ T5913] usb 5-1: config 0 descriptor?? [ 785.144079][T14950] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 785.647955][ T5913] elan 0003:04F3:0755.001C: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0 [ 785.839824][ T5913] usb 1-1: new full-speed USB device number 35 using dummy_hcd [ 786.193851][ T5971] usb 5-1: USB disconnect, device number 37 [ 786.331158][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 786.373184][ T5913] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 786.383192][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.530975][ T5913] usb 1-1: config 0 descriptor?? [ 786.549044][T14970] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 786.632856][T14982] netdevsim netdevsim1: Direct firmware load for . [ 786.632856][T14982] failed with error -2 [ 786.643443][T14982] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 786.643443][T14982] [ 786.964538][T14983] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 787.487453][ T5913] elan 0003:04F3:0755.001D: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0 [ 788.359609][ T5913] usb 1-1: USB disconnect, device number 35 [ 788.532325][T15002] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2250'. [ 789.204505][T15018] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2252'. [ 789.433496][T15028] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2255'. [ 789.450786][T15031] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2253'. [ 791.026136][T15053] netdevsim netdevsim4: Direct firmware load for . [ 791.026136][T15053] failed with error -2 [ 791.036740][T15053] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 791.036740][T15053] [ 791.391020][T15054] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 791.489787][ T942] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 791.691898][ T942] usb 1-1: Using ep0 maxpacket: 16 [ 791.722582][ T942] usb 1-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2 [ 791.870946][ T942] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 791.879716][ T942] usb 1-1: Product: syz [ 791.883876][ T942] usb 1-1: Manufacturer: syz [ 791.888457][ T942] usb 1-1: SerialNumber: syz [ 791.923338][ T942] usb 1-1: config 0 descriptor?? [ 791.939159][ T942] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 792.409911][T15049] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 792.456053][ T5913] libceph: mon0 (1)[c::]:6789 connect error [ 792.485605][T15063] ceph: No mds server is up or the cluster is laggy [ 792.508236][ T942] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 792.668081][ T942] usb 1-1: USB disconnect, device number 36 [ 792.730950][T12521] udevd[12521]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 792.980171][T15082] No control pipe specified [ 795.532231][T15106] No control pipe specified [ 795.624868][T15112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2273'. [ 797.729546][ T5971] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 797.884711][T15155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2288'. [ 797.911066][T13243] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 797.931223][ T5971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 797.945208][ T5971] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 797.977339][ T5971] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.990972][ T5971] usb 4-1: config 0 descriptor?? [ 797.997115][T15144] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 798.084013][T13243] usb 2-1: unable to get BOS descriptor or descriptor too short [ 798.093727][T13243] usb 2-1: config 2 has an invalid interface number: 34 but max is 2 [ 798.112162][T13243] usb 2-1: config 2 has an invalid interface number: 6 but max is 2 [ 798.121913][T13243] usb 2-1: config 2 contains an unexpected descriptor of type 0x1, skipping [ 798.130965][T13243] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 798.141603][T13243] usb 2-1: config 2 has 4 interfaces, different from the descriptor's value: 3 [ 798.151261][T13243] usb 2-1: config 2 has no interface number 0 [ 798.157398][T13243] usb 2-1: config 2 has no interface number 3 [ 798.163902][T13243] usb 2-1: config 2 interface 1 altsetting 190 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 798.175211][T13243] usb 2-1: config 2 interface 34 altsetting 8 has an invalid endpoint descriptor of length 5, skipping [ 798.186640][T13243] usb 2-1: config 2 interface 34 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 798.199645][ T5975] usb 1-1: new full-speed USB device number 37 using dummy_hcd [ 798.208182][T13243] usb 2-1: config 2 interface 6 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 798.226979][T13243] usb 2-1: config 2 interface 1 has no altsetting 0 [ 798.234200][T13243] usb 2-1: config 2 interface 34 has no altsetting 0 [ 798.241131][T13243] usb 2-1: config 2 interface 6 has no altsetting 0 [ 798.251052][T13243] usb 2-1: New USB device found, idVendor=1686, idProduct=00dd, bcdDevice=37.c4 [ 798.260250][T13243] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 798.268468][T13243] usb 2-1: Product: syz [ 798.272932][T13243] usb 2-1: Manufacturer: syz [ 798.277594][T13243] usb 2-1: SerialNumber: syz [ 798.371656][ T5975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 798.383077][ T5975] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 798.392602][ T5975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 798.411409][ T5975] usb 1-1: config 0 descriptor?? [ 798.417789][T15159] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 798.440752][ T5971] elan 0003:04F3:0755.001E: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 798.504463][T13243] usb 2-1: selecting invalid altsetting 0 [ 798.541529][T13243] hub 2-1:2.6: Invalid hub with more than one config or interface [ 798.557330][T13243] hub 2-1:2.6: probe with driver hub failed with error -22 [ 798.570370][T13243] usb 2-1: USB disconnect, device number 35 [ 798.671944][T12521] udevd[12521]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:2.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 798.968933][ T5975] elan 0003:04F3:0755.001F: hidraw1: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0 [ 799.108493][ T5975] usb 4-1: USB disconnect, device number 31 [ 799.497581][ T5913] usb 1-1: USB disconnect, device number 37 [ 800.342359][T15184] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2292'. [ 800.515823][ T5913] libceph: mon0 (1)[c::]:6789 connect error [ 800.931359][T15177] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2292'. [ 801.070770][T15190] ceph: No mds server is up or the cluster is laggy [ 801.869601][ T30] audit: type=1400 audit(1758761014.825:2723): avc: denied { watch watch_reads } for pid=15217 comm="syz.4.2302" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 801.978691][T15223] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2301'. [ 802.386046][T15232] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2303'. [ 806.842122][T15304] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2317'. [ 807.144622][T15300] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2317'. [ 807.266636][ T30] audit: type=1400 audit(1758761020.275:2724): avc: denied { mount } for pid=15308 comm="syz.4.2321" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 807.587119][ T30] audit: type=1400 audit(1758761020.285:2725): avc: denied { mounton } for pid=15308 comm="syz.4.2321" path="/454/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 808.130024][T15323] netdevsim netdevsim0: Direct firmware load for . [ 808.130024][T15323] failed with error -2 [ 808.140661][T15323] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 808.140661][T15323] [ 808.529829][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.642768][T15328] hfs: can't find a HFS filesystem on dev nullb0 [ 808.746250][T15324] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 809.547493][ T5913] usb 1-1: new full-speed USB device number 38 using dummy_hcd [ 809.740882][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 809.828771][ T5913] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 809.841066][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 809.855611][ T5913] usb 1-1: config 0 descriptor?? [ 809.861256][T15332] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 810.439583][ T30] audit: type=1400 audit(1758761023.475:2726): avc: denied { unmount } for pid=5860 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 810.837712][T13596] libceph: mon0 (1)[c::]:6789 connect error [ 810.845250][ T5913] elan 0003:04F3:0755.0020: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0 [ 811.102134][ T5913] libceph: mon0 (1)[c::]:6789 connect error [ 811.257014][T15348] ceph: No mds server is up or the cluster is laggy [ 811.858754][ T5913] usb 1-1: USB disconnect, device number 38 [ 811.923060][T13243] usb 5-1: new full-speed USB device number 38 using dummy_hcd [ 811.968951][T15373] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2332'. [ 812.075071][T15365] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2332'. [ 812.111005][T13243] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 812.124982][T13243] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 812.215230][T13243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 812.666639][ T30] audit: type=1400 audit(1758761025.435:2727): avc: denied { ioctl } for pid=15376 comm="syz.3.2336" path="socket:[51089]" dev="sockfs" ino=51089 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 812.725523][T13243] usb 5-1: config 0 descriptor?? [ 812.742687][T15360] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 812.931023][T15386] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2337'. [ 812.992057][T15386] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2337'. [ 813.067341][T15388] FAULT_INJECTION: forcing a failure. [ 813.067341][T15388] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 813.092914][T15388] CPU: 0 UID: 0 PID: 15388 Comm: syz.3.2338 Not tainted syzkaller #0 PREEMPT(full) [ 813.092940][T15388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 813.092952][T15388] Call Trace: [ 813.092958][T15388] [ 813.092970][T15388] dump_stack_lvl+0x16c/0x1f0 [ 813.092998][T15388] should_fail_ex+0x512/0x640 [ 813.093028][T15388] _copy_from_user+0x2e/0xd0 [ 813.093054][T15388] copy_msghdr_from_user+0x98/0x160 [ 813.093077][T15388] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 813.093110][T15388] ___sys_sendmsg+0xfe/0x1d0 [ 813.093133][T15388] ? __pfx____sys_sendmsg+0x10/0x10 [ 813.093181][T15388] __sys_sendmsg+0x16d/0x220 [ 813.093204][T15388] ? __pfx___sys_sendmsg+0x10/0x10 [ 813.093239][T15388] do_syscall_64+0xcd/0x4e0 [ 813.093265][T15388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.093283][T15388] RIP: 0033:0x7f18cd38eec9 [ 813.093298][T15388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 813.093316][T15388] RSP: 002b:00007f18ce207038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 813.093333][T15388] RAX: ffffffffffffffda RBX: 00007f18cd5e5fa0 RCX: 00007f18cd38eec9 [ 813.093345][T15388] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 813.093357][T15388] RBP: 00007f18ce207090 R08: 0000000000000000 R09: 0000000000000000 [ 813.093367][T15388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 813.093377][T15388] R13: 00007f18cd5e6038 R14: 00007f18cd5e5fa0 R15: 00007ffe83490e58 [ 813.093399][T15388] [ 813.506332][T13243] elan 0003:04F3:0755.0021: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0 [ 813.554575][T15390] 9pnet_fd: Insufficient options for proto=fd [ 813.859675][ T5913] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 814.330848][ T5913] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 814.464536][ T5913] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 814.482463][T13243] usb 5-1: USB disconnect, device number 38 [ 814.485762][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 814.500621][ T5913] usb 4-1: config 0 descriptor?? [ 814.506064][T15397] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 814.547767][T15401] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2340'. [ 815.448958][ T5913] elan 0003:04F3:0755.0022: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 815.830416][ T5913] libceph: mon0 (1)[c::]:6789 connect error [ 816.101737][ T5913] libceph: mon0 (1)[c::]:6789 connect error [ 816.169033][ T5913] usb 4-1: USB disconnect, device number 32 [ 816.325221][T15436] ceph: No mds server is up or the cluster is laggy [ 816.523238][T15456] comedi comedi0: Minor 47 could not be opened [ 816.876815][ T30] audit: type=1400 audit(1758761029.925:2728): avc: denied { ioctl } for pid=15439 comm="syz.1.2352" path="/dev/binderfs/binder1" dev="binder" ino=11 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 816.914527][ T30] audit: type=1400 audit(1758761029.925:2729): avc: denied { set_context_mgr } for pid=15439 comm="syz.1.2352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 817.928306][T15487] netdevsim netdevsim4: Direct firmware load for . [ 817.928306][T15487] failed with error -2 [ 817.938875][T15487] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 817.938875][T15487] [ 818.197517][T15470] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2357'. [ 818.209323][T15488] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 818.323280][T15491] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2363'. [ 818.891611][ T5913] libceph: mon0 (1)[c::]:6789 connect error [ 819.271864][T15509] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2365'. [ 819.328937][T15512] misc userio: Invalid payload size [ 819.329385][ T30] audit: type=1400 audit(1758761032.375:2730): avc: denied { getopt } for pid=15511 comm="syz.4.2367" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 819.368166][T15505] ceph: No mds server is up or the cluster is laggy [ 821.126933][T15540] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 821.143049][T15539] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2374'. [ 821.801378][ T30] audit: type=1400 audit(1758761034.665:2731): avc: denied { read write } for pid=15537 comm="syz.1.2374" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 821.842963][ T30] audit: type=1400 audit(1758761034.665:2732): avc: denied { open } for pid=15537 comm="syz.1.2374" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 821.884809][T15542] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 822.543227][T15547] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2377'. [ 822.962171][T15581] netlink: 'syz.0.2383': attribute type 10 has an invalid length. [ 822.972575][T15581] team0: left promiscuous mode [ 822.977375][T15581] team_slave_0: left promiscuous mode [ 822.983546][T15581] team_slave_1: left promiscuous mode [ 822.989545][T15581] team0: left allmulticast mode [ 822.994415][T15581] team_slave_0: left allmulticast mode [ 822.999903][T15581] team_slave_1: left allmulticast mode [ 823.018737][T15581] 8021q: adding VLAN 0 to HW filter on device team0 [ 823.029605][T15581] team0: entered promiscuous mode [ 823.034661][T15581] team_slave_0: entered promiscuous mode [ 823.040992][T15581] team_slave_1: entered promiscuous mode [ 823.047743][T15581] team0: entered allmulticast mode [ 823.052892][T15581] team_slave_0: entered allmulticast mode [ 823.058636][T15581] team_slave_1: entered allmulticast mode [ 823.068342][T15581] bond0: (slave team0): Enslaving as an active interface with an up link [ 823.100939][T15582] netlink: 'syz.0.2383': attribute type 10 has an invalid length. [ 823.128305][T15582] syz_tun: left promiscuous mode [ 823.136665][T15582] syz_tun: entered promiscuous mode [ 823.142220][T15582] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 824.148652][T15595] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 824.530670][T15605] FAULT_INJECTION: forcing a failure. [ 824.530670][T15605] name failslab, interval 1, probability 0, space 0, times 0 [ 824.578863][T15605] CPU: 0 UID: 0 PID: 15605 Comm: syz.0.2391 Not tainted syzkaller #0 PREEMPT(full) [ 824.578887][T15605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 824.578896][T15605] Call Trace: [ 824.578901][T15605] [ 824.578906][T15605] dump_stack_lvl+0x16c/0x1f0 [ 824.578924][T15605] should_fail_ex+0x512/0x640 [ 824.578939][T15605] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 824.578953][T15605] should_failslab+0xc2/0x120 [ 824.578966][T15605] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 824.578978][T15605] ? __alloc_skb+0x2b2/0x380 [ 824.578993][T15605] __alloc_skb+0x2b2/0x380 [ 824.579009][T15605] ? __pfx___alloc_skb+0x10/0x10 [ 824.579023][T15605] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 824.579041][T15605] netlink_alloc_large_skb+0x69/0x130 [ 824.579057][T15605] netlink_sendmsg+0x6a1/0xdd0 [ 824.579074][T15605] ? __pfx_netlink_sendmsg+0x10/0x10 [ 824.579094][T15605] ____sys_sendmsg+0xa98/0xc70 [ 824.579111][T15605] ? copy_msghdr_from_user+0x10a/0x160 [ 824.579125][T15605] ? __pfx_____sys_sendmsg+0x10/0x10 [ 824.579148][T15605] ___sys_sendmsg+0x134/0x1d0 [ 824.579163][T15605] ? __pfx____sys_sendmsg+0x10/0x10 [ 824.579192][T15605] __sys_sendmsg+0x16d/0x220 [ 824.579206][T15605] ? __pfx___sys_sendmsg+0x10/0x10 [ 824.579228][T15605] do_syscall_64+0xcd/0x4e0 [ 824.579244][T15605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.579256][T15605] RIP: 0033:0x7f9cabd8eec9 [ 824.579265][T15605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 824.579276][T15605] RSP: 002b:00007f9cacc68038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 824.579287][T15605] RAX: ffffffffffffffda RBX: 00007f9cabfe5fa0 RCX: 00007f9cabd8eec9 [ 824.579294][T15605] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003 [ 824.579301][T15605] RBP: 00007f9cacc68090 R08: 0000000000000000 R09: 0000000000000000 [ 824.579308][T15605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 824.579314][T15605] R13: 00007f9cabfe6038 R14: 00007f9cabfe5fa0 R15: 00007ffe5c7f4288 [ 824.579328][T15605] [ 825.211622][ T5913] usb 1-1: new full-speed USB device number 39 using dummy_hcd [ 825.223157][ T5975] usb 5-1: new full-speed USB device number 39 using dummy_hcd [ 825.247842][T15612] Set syz1 is full, maxelem 6117 reached [ 825.370964][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 825.437984][ T5975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 825.439523][ T5913] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 825.462015][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 825.473667][ T5913] usb 1-1: config 0 descriptor?? [ 825.489627][ T5975] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 825.492348][T15610] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 825.532809][ T5975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 825.564692][ T5975] usb 5-1: config 0 descriptor?? [ 825.573378][T15621] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2397'. [ 825.587594][T15615] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 826.150841][ T5975] elan 0003:04F3:0755.0023: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0 [ 826.189917][ T5913] elan 0003:04F3:0755.0024: hidraw1: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0 [ 826.513081][T15634] netdevsim netdevsim1: Direct firmware load for . [ 826.513081][T15634] failed with error -2 [ 826.523710][T15634] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 826.523710][T15634] [ 827.236198][T15635] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 827.479864][ T5913] usb 1-1: reset full-speed USB device number 39 using dummy_hcd [ 827.546521][ T5975] usb 5-1: reset full-speed USB device number 39 using dummy_hcd [ 828.126977][T15647] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2400'. [ 829.569601][T15652] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 829.672986][T15642] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2400'. [ 829.977203][ T5971] usb 5-1: USB disconnect, device number 39 [ 829.983868][T13596] usb 1-1: USB disconnect, device number 39 [ 830.156249][T15665] netlink: 'syz.0.2405': attribute type 5 has an invalid length. [ 830.305140][T15678] FAULT_INJECTION: forcing a failure. [ 830.305140][T15678] name failslab, interval 1, probability 0, space 0, times 0 [ 830.330081][ T30] audit: type=1400 audit(1758761043.374:2733): avc: denied { map } for pid=15682 comm="syz.4.2413" path="/dev/zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 830.355215][T15678] CPU: 1 UID: 0 PID: 15678 Comm: syz.1.2410 Not tainted syzkaller #0 PREEMPT(full) [ 830.355239][T15678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 830.355250][T15678] Call Trace: [ 830.355256][T15678] [ 830.355263][T15678] dump_stack_lvl+0x16c/0x1f0 [ 830.355291][T15678] should_fail_ex+0x512/0x640 [ 830.355313][T15678] ? fs_reclaim_acquire+0xae/0x150 [ 830.355338][T15678] ? tomoyo_encode2+0x100/0x3e0 [ 830.355363][T15678] should_failslab+0xc2/0x120 [ 830.355384][T15678] __kmalloc_noprof+0xd2/0x510 [ 830.355413][T15678] ? d_absolute_path+0x136/0x1a0 [ 830.355444][T15678] tomoyo_encode2+0x100/0x3e0 [ 830.355472][T15678] tomoyo_encode+0x29/0x50 [ 830.355496][T15678] tomoyo_realpath_from_path+0x18f/0x6e0 [ 830.355529][T15678] tomoyo_path_number_perm+0x245/0x580 [ 830.355551][T15678] ? tomoyo_path_number_perm+0x237/0x580 [ 830.355575][T15678] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 830.355599][T15678] ? find_held_lock+0x2b/0x80 [ 830.355643][T15678] ? find_held_lock+0x2b/0x80 [ 830.355669][T15678] ? hook_file_ioctl_common+0x145/0x410 [ 830.355694][T15678] ? __fget_files+0x20e/0x3c0 [ 830.355719][T15678] security_file_ioctl+0x9b/0x240 [ 830.355746][T15678] __x64_sys_ioctl+0xb7/0x210 [ 830.355775][T15678] do_syscall_64+0xcd/0x4e0 [ 830.355801][T15678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 830.355819][T15678] RIP: 0033:0x7f721318eec9 [ 830.355833][T15678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 830.355850][T15678] RSP: 002b:00007f72113f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 830.355867][T15678] RAX: ffffffffffffffda RBX: 00007f72133e5fa0 RCX: 00007f721318eec9 [ 830.355879][T15678] RDX: 0000200000000100 RSI: 0000000000003ba0 RDI: 0000000000000004 [ 830.355890][T15678] RBP: 00007f72113f6090 R08: 0000000000000000 R09: 0000000000000000 [ 830.355901][T15678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 830.355911][T15678] R13: 00007f72133e6038 R14: 00007f72133e5fa0 R15: 00007ffd095f3868 [ 830.355936][T15678] [ 830.355952][T15678] ERROR: Out of memory at tomoyo_realpath_from_path. [ 830.360972][T15683] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 830.660826][T15678] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 830.684877][T15687] FAULT_INJECTION: forcing a failure. [ 830.684877][T15687] name failslab, interval 1, probability 0, space 0, times 0 [ 831.126498][T15691] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 831.164228][T15693] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2411'. [ 831.174261][T15687] CPU: 1 UID: 0 PID: 15687 Comm: syz.0.2412 Not tainted syzkaller #0 PREEMPT(full) [ 831.174285][T15687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 831.174296][T15687] Call Trace: [ 831.174302][T15687] [ 831.174310][T15687] dump_stack_lvl+0x16c/0x1f0 [ 831.174337][T15687] should_fail_ex+0x512/0x640 [ 831.174359][T15687] ? fs_reclaim_acquire+0xae/0x150 [ 831.174384][T15687] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 831.174409][T15687] should_failslab+0xc2/0x120 [ 831.174430][T15687] __kmalloc_noprof+0xd2/0x510 [ 831.174454][T15687] tomoyo_realpath_from_path+0xc2/0x6e0 [ 831.174482][T15687] ? tomoyo_profile+0x47/0x60 [ 831.174503][T15687] tomoyo_path_number_perm+0x245/0x580 [ 831.174525][T15687] ? tomoyo_path_number_perm+0x237/0x580 [ 831.174550][T15687] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 831.174574][T15687] ? find_held_lock+0x2b/0x80 [ 831.174619][T15687] ? find_held_lock+0x2b/0x80 [ 831.174640][T15687] ? hook_file_ioctl_common+0x145/0x410 [ 831.174669][T15687] ? __fget_files+0x20e/0x3c0 [ 831.174695][T15687] security_file_ioctl+0x9b/0x240 [ 831.174722][T15687] __x64_sys_ioctl+0xb7/0x210 [ 831.174750][T15687] do_syscall_64+0xcd/0x4e0 [ 831.174775][T15687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 831.174793][T15687] RIP: 0033:0x7f9cabd8eec9 [ 831.174808][T15687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 831.174825][T15687] RSP: 002b:00007f9cacc47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 831.174842][T15687] RAX: ffffffffffffffda RBX: 00007f9cabfe6090 RCX: 00007f9cabd8eec9 [ 831.174854][T15687] RDX: 0000200000000280 RSI: 0000000040605346 RDI: 0000000000000009 [ 831.174866][T15687] RBP: 00007f9cacc47090 R08: 0000000000000000 R09: 0000000000000000 [ 831.174876][T15687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 831.174887][T15687] R13: 00007f9cabfe6128 R14: 00007f9cabfe6090 R15: 00007ffe5c7f4288 [ 831.174912][T15687] [ 831.174919][T15687] ERROR: Out of memory at tomoyo_realpath_from_path. [ 831.508264][T15689] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2411'. [ 831.522309][T15703] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2418'. [ 831.542537][T15705] program syz.1.2415 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 831.809533][T13596] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 832.091359][T13596] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 832.203275][T13596] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 832.712022][T13596] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 832.721131][T13596] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 832.729139][T13596] usb 2-1: Product: syz [ 832.735305][T13596] usb 2-1: Manufacturer: syz [ 832.763388][T13596] usb 2-1: SerialNumber: syz [ 832.783979][T13596] usb 2-1: config 0 descriptor?? [ 833.824432][T15739] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 833.893736][T13596] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 833.909060][T14248] udevd[14248]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 835.441512][T15763] No control pipe specified [ 835.664832][T15767] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2435'. [ 835.705767][T15762] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2431'. [ 836.096696][T15758] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2431'. [ 836.307223][ T5971] usb 2-1: USB disconnect, device number 36 [ 836.443390][T15784] FAULT_INJECTION: forcing a failure. [ 836.443390][T15784] name failslab, interval 1, probability 0, space 0, times 0 [ 836.507417][T15784] CPU: 0 UID: 0 PID: 15784 Comm: syz.0.2438 Not tainted syzkaller #0 PREEMPT(full) [ 836.507441][T15784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 836.507451][T15784] Call Trace: [ 836.507457][T15784] [ 836.507464][T15784] dump_stack_lvl+0x16c/0x1f0 [ 836.507493][T15784] should_fail_ex+0x512/0x640 [ 836.507514][T15784] ? fs_reclaim_acquire+0xae/0x150 [ 836.507539][T15784] ? tomoyo_encode2+0x100/0x3e0 [ 836.507564][T15784] should_failslab+0xc2/0x120 [ 836.507585][T15784] __kmalloc_noprof+0xd2/0x510 [ 836.507603][T15784] ? d_absolute_path+0x136/0x1a0 [ 836.507633][T15784] tomoyo_encode2+0x100/0x3e0 [ 836.507662][T15784] tomoyo_encode+0x29/0x50 [ 836.507686][T15784] tomoyo_realpath_from_path+0x18f/0x6e0 [ 836.507719][T15784] tomoyo_path_number_perm+0x245/0x580 [ 836.507741][T15784] ? tomoyo_path_number_perm+0x237/0x580 [ 836.507765][T15784] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 836.507789][T15784] ? find_held_lock+0x2b/0x80 [ 836.507833][T15784] ? find_held_lock+0x2b/0x80 [ 836.507851][T15784] ? hook_file_ioctl_common+0x145/0x410 [ 836.507875][T15784] ? __fget_files+0x20e/0x3c0 [ 836.507900][T15784] security_file_ioctl+0x9b/0x240 [ 836.507927][T15784] __x64_sys_ioctl+0xb7/0x210 [ 836.507956][T15784] do_syscall_64+0xcd/0x4e0 [ 836.507982][T15784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 836.508001][T15784] RIP: 0033:0x7f9cabd8eec9 [ 836.508015][T15784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 836.508034][T15784] RSP: 002b:00007f9cacc68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 836.508052][T15784] RAX: ffffffffffffffda RBX: 00007f9cabfe5fa0 RCX: 00007f9cabd8eec9 [ 836.508064][T15784] RDX: 0000200000000300 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 836.508075][T15784] RBP: 00007f9cacc68090 R08: 0000000000000000 R09: 0000000000000000 [ 836.508085][T15784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 836.508096][T15784] R13: 00007f9cabfe6038 R14: 00007f9cabfe5fa0 R15: 00007ffe5c7f4288 [ 836.508119][T15784] [ 836.715165][T15784] ERROR: Out of memory at tomoyo_realpath_from_path. [ 838.136802][T15796] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 839.209525][T15796] batadv1: entered promiscuous mode [ 839.216922][T15796] batadv1: entered allmulticast mode [ 839.223201][T15796] team0: Port device batadv1 added [ 839.229536][T15806] netdevsim netdevsim3: Direct firmware load for . [ 839.229536][T15806] failed with error -2 [ 839.240077][T15806] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 839.240077][T15806] [ 839.262557][ T5971] libceph: mon0 (1)[c::]:6789 connect error [ 839.265328][T15805] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 839.422410][T15803] ceph: No mds server is up or the cluster is laggy [ 840.279681][ T5971] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 840.431552][ T5971] usb 1-1: unable to get BOS descriptor or descriptor too short [ 840.468615][ T5971] usb 1-1: config 2 has an invalid interface number: 34 but max is 2 [ 840.492658][ T5971] usb 1-1: config 2 has an invalid interface number: 6 but max is 2 [ 840.508184][ T5971] usb 1-1: config 2 contains an unexpected descriptor of type 0x1, skipping [ 840.543587][ T5971] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 840.566908][T15839] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2450'. [ 840.589719][ T5975] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 840.622468][T15836] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2450'. [ 840.635506][ T5971] usb 1-1: config 2 has 4 interfaces, different from the descriptor's value: 3 [ 840.654449][ T5971] usb 1-1: config 2 has no interface number 0 [ 840.660920][ T5971] usb 1-1: config 2 has no interface number 3 [ 840.668374][ T5971] usb 1-1: config 2 interface 1 altsetting 190 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 840.705247][ T5971] usb 1-1: config 2 interface 34 altsetting 8 has an invalid endpoint descriptor of length 5, skipping [ 840.731594][ T5971] usb 1-1: config 2 interface 34 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 840.766508][ T5971] usb 1-1: config 2 interface 6 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 840.822151][ T5975] usb 4-1: Using ep0 maxpacket: 8 [ 840.835291][T15841] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2451'. [ 840.860815][ T5975] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 840.882458][ T5971] usb 1-1: config 2 interface 1 has no altsetting 0 [ 840.899241][ T5975] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 840.917452][ T5971] usb 1-1: config 2 interface 34 has no altsetting 0 [ 840.932374][ T5971] usb 1-1: config 2 interface 6 has no altsetting 0 [ 840.939049][ T5975] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 840.955990][ T5975] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 841.002776][T15841] ISOFS: Unable to identify CD-ROM format. [ 841.011825][ T5971] usb 1-1: New USB device found, idVendor=1686, idProduct=00dd, bcdDevice=37.c4 [ 841.048376][ T5975] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 841.058433][ T5971] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 841.074798][ T5975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 841.085693][ T5971] usb 1-1: Product: syz [ 841.094662][ T5971] usb 1-1: Manufacturer: syz [ 841.112603][ T5971] usb 1-1: SerialNumber: syz [ 841.351271][ T5975] usb 4-1: GET_CAPABILITIES returned 0 [ 841.357106][ T5971] usb 1-1: selecting invalid altsetting 0 [ 841.373916][ T5975] usbtmc 4-1:16.0: can't read capabilities [ 841.446218][ T5971] hub 1-1:2.6: Invalid hub with more than one config or interface [ 841.473563][ T5971] hub 1-1:2.6: probe with driver hub failed with error -22 [ 841.524260][ T5971] usb 1-1: USB disconnect, device number 40 [ 841.571461][T15824] Failed to initialize the IGMP autojoin socket (err -2) [ 841.614777][T12521] udevd[12521]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:2.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 841.633680][T13596] usb 4-1: USB disconnect, device number 33 [ 841.868016][T15852] FAULT_INJECTION: forcing a failure. [ 841.868016][T15852] name failslab, interval 1, probability 0, space 0, times 0 [ 841.889675][T15852] CPU: 0 UID: 0 PID: 15852 Comm: syz.1.2454 Not tainted syzkaller #0 PREEMPT(full) [ 841.889699][T15852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 841.889710][T15852] Call Trace: [ 841.889717][T15852] [ 841.889724][T15852] dump_stack_lvl+0x16c/0x1f0 [ 841.889752][T15852] should_fail_ex+0x512/0x640 [ 841.889773][T15852] ? fs_reclaim_acquire+0xae/0x150 [ 841.889799][T15852] ? tomoyo_encode2+0x100/0x3e0 [ 841.889824][T15852] should_failslab+0xc2/0x120 [ 841.889845][T15852] __kmalloc_noprof+0xd2/0x510 [ 841.889862][T15852] ? d_absolute_path+0x136/0x1a0 [ 841.889893][T15852] tomoyo_encode2+0x100/0x3e0 [ 841.889922][T15852] tomoyo_encode+0x29/0x50 [ 841.889946][T15852] tomoyo_realpath_from_path+0x18f/0x6e0 [ 841.889979][T15852] tomoyo_path_number_perm+0x245/0x580 [ 841.890001][T15852] ? tomoyo_path_number_perm+0x237/0x580 [ 841.890026][T15852] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 841.890050][T15852] ? find_held_lock+0x2b/0x80 [ 841.890096][T15852] ? find_held_lock+0x2b/0x80 [ 841.890117][T15852] ? hook_file_ioctl_common+0x145/0x410 [ 841.890141][T15852] ? __fget_files+0x20e/0x3c0 [ 841.890166][T15852] security_file_ioctl+0x9b/0x240 [ 841.890193][T15852] __x64_sys_ioctl+0xb7/0x210 [ 841.890222][T15852] do_syscall_64+0xcd/0x4e0 [ 841.890247][T15852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.890265][T15852] RIP: 0033:0x7f721318eec9 [ 841.890280][T15852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 841.890298][T15852] RSP: 002b:00007f72113f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 841.890316][T15852] RAX: ffffffffffffffda RBX: 00007f72133e5fa0 RCX: 00007f721318eec9 [ 841.890336][T15852] RDX: 0000200000000540 RSI: 00000000c4c85513 RDI: 0000000000000003 [ 841.890348][T15852] RBP: 00007f72113f6090 R08: 0000000000000000 R09: 0000000000000000 [ 841.890359][T15852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 841.890370][T15852] R13: 00007f72133e6038 R14: 00007f72133e5fa0 R15: 00007ffd095f3868 [ 841.890396][T15852] [ 841.898181][T15852] ERROR: Out of memory at tomoyo_realpath_from_path. [ 843.312171][T15862] netdevsim netdevsim2: Direct firmware load for . [ 843.312171][T15862] failed with error -2 [ 843.322834][T15862] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 843.322834][T15862] [ 843.744698][T15863] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 844.346276][T13596] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 844.389689][ T5971] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 844.405078][T15883] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2462'. [ 844.853267][T15880] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2462'. [ 844.899598][T13596] usb 2-1: Using ep0 maxpacket: 32 [ 844.910240][T13596] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 844.932205][ T5971] usb 4-1: Using ep0 maxpacket: 32 [ 844.944692][T13596] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 844.956886][ T5971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 844.976036][ T5971] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 844.984139][T13596] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 844.988101][ T5971] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 845.009521][ T5971] usb 4-1: config 0 descriptor?? [ 845.017611][T13596] usb 2-1: config 0 descriptor?? [ 845.681856][T15896] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2465'. [ 845.737871][ T5971] savu 0003:1E7D:2D5A.0025: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 845.744761][T13596] savu 0003:1E7D:2D5A.0026: hiddev1,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 846.212607][T15866] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 846.261774][T15871] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 846.271378][T15866] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 846.294153][T15871] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 846.313332][T13596] usb 2-1: USB disconnect, device number 37 [ 846.340536][ T5913] usb 4-1: USB disconnect, device number 34 [ 846.399678][ T5971] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 846.491850][T15912] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2470'. [ 846.641356][ T5971] usb 5-1: unable to get BOS descriptor or descriptor too short [ 846.649933][ T5971] usb 5-1: config 2 has an invalid interface number: 34 but max is 2 [ 846.665396][ T5971] usb 5-1: config 2 has an invalid interface number: 6 but max is 2 [ 846.688751][ T5971] usb 5-1: config 2 contains an unexpected descriptor of type 0x1, skipping [ 846.715967][ T5971] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 846.744976][ T5971] usb 5-1: config 2 has 4 interfaces, different from the descriptor's value: 3 [ 846.758659][ T5971] usb 5-1: config 2 has no interface number 0 [ 846.765090][ T5971] usb 5-1: config 2 has no interface number 3 [ 846.771269][ T5971] usb 5-1: config 2 interface 1 altsetting 190 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 846.782275][ T5971] usb 5-1: config 2 interface 34 altsetting 8 has an invalid endpoint descriptor of length 5, skipping [ 846.793842][ T5971] usb 5-1: config 2 interface 34 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 846.806872][ T5971] usb 5-1: config 2 interface 6 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 846.850281][ T5971] usb 5-1: config 2 interface 1 has no altsetting 0 [ 846.950611][ T5971] usb 5-1: config 2 interface 34 has no altsetting 0 [ 846.957406][ T5971] usb 5-1: config 2 interface 6 has no altsetting 0 [ 846.968519][ T5971] usb 5-1: New USB device found, idVendor=1686, idProduct=00dd, bcdDevice=37.c4 [ 846.977771][ T5971] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 847.069420][T15919] netdevsim netdevsim1: Direct firmware load for . [ 847.069420][T15919] failed with error -2 [ 847.080051][T15919] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 847.080051][T15919] [ 847.455433][T15920] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 847.477048][ T5971] usb 5-1: Product: syz [ 847.485545][ T5971] usb 5-1: Manufacturer: syz [ 847.490470][ T5971] usb 5-1: SerialNumber: syz [ 847.535792][T15925] overlayfs: failed to resolve './file1': -2 [ 848.156680][ T5971] usb 5-1: selecting invalid altsetting 0 [ 848.212137][ T5971] hub 5-1:2.6: Invalid hub with more than one config or interface [ 848.222534][ T5971] hub 5-1:2.6: probe with driver hub failed with error -22 [ 848.275081][ T5971] usb 5-1: USB disconnect, device number 40 [ 848.321109][T12521] udevd[12521]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:2.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 848.639754][T13243] usb 2-1: new full-speed USB device number 38 using dummy_hcd [ 848.880780][T13243] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 848.891764][T13243] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 848.900869][T13243] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 848.910644][T13243] usb 2-1: config 0 descriptor?? [ 849.348395][T15937] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 849.974504][T13243] elan 0003:04F3:0755.0027: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 850.002197][T15966] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2481'. [ 850.023496][T15959] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2482'. [ 850.067942][T15957] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2482'. [ 850.616742][T13243] usb 2-1: USB disconnect, device number 38 [ 850.654127][T15976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2484'. [ 850.809681][ T30] audit: type=1400 audit(1758761063.854:2734): avc: denied { map } for pid=15973 comm="syz.4.2485" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 850.886702][ T30] audit: type=1400 audit(1758761063.854:2735): avc: denied { execute } for pid=15973 comm="syz.4.2485" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 852.402367][T16003] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2492'. [ 852.762052][T16007] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 852.768582][T16007] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 852.776463][T16007] vhci_hcd vhci_hcd.0: Device attached [ 852.806683][T16007] loop2: detected capacity change from 0 to 7 [ 852.833959][T16007] Dev loop2: unable to read RDB block 7 [ 852.839677][T16007] loop2: unable to read partition table [ 852.845994][T16007] loop2: partition table beyond EOD, truncated [ 852.852238][T16007] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 853.199580][T13243] usb 36-1: SetAddress Request (2) to port 0 [ 853.206849][T13243] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd [ 853.334853][T16008] vhci_hcd: connection reset by peer [ 853.364641][ T13] vhci_hcd: stop threads [ 853.397671][ T13] vhci_hcd: release socket [ 853.418206][ T13] vhci_hcd: disconnect device [ 853.430546][ T30] audit: type=1326 audit(1758761066.474:2736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16018 comm="syz.3.2498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18cd38eec9 code=0x7ffc0000 [ 853.546501][ T30] audit: type=1326 audit(1758761066.474:2737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16018 comm="syz.3.2498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18cd38eec9 code=0x7ffc0000 [ 853.634323][ T30] audit: type=1326 audit(1758761066.514:2738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16018 comm="syz.3.2498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f18cd38eec9 code=0x7ffc0000 [ 853.689807][ T30] audit: type=1326 audit(1758761066.514:2739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16018 comm="syz.3.2498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18cd38eec9 code=0x7ffc0000 [ 853.779829][T16029] netlink: 'syz.2.2504': attribute type 4 has an invalid length. [ 854.174737][T16042] netlink: 1042 bytes leftover after parsing attributes in process `syz.3.2509'. [ 854.306297][T16048] tmpfs: Bad value for 'mpol' [ 854.578405][T16052] $H: renamed from bond0 (while UP) [ 854.608673][T16052] $H: left allmulticast mode [ 854.669935][T16052] bond_slave_0: left allmulticast mode [ 854.675421][T16052] bond_slave_1: left allmulticast mode [ 854.734008][T16061] random: crng reseeded on system resumption [ 854.743136][ T30] audit: type=1400 audit(1758761067.784:2740): avc: denied { append } for pid=16060 comm="syz.4.2517" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 854.830646][ T30] audit: type=1400 audit(1758761067.784:2741): avc: denied { open } for pid=16060 comm="syz.4.2517" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 854.983953][T16075] ubi31: attaching mtd0 [ 854.997422][T16075] ubi31: scanning is finished [ 855.011637][T16075] ubi31: empty MTD device detected [ 855.096923][ T30] audit: type=1400 audit(1758761068.144:2742): avc: denied { lock } for pid=16081 comm="syz.4.2528" path="socket:[54448]" dev="sockfs" ino=54448 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 855.129680][ T5975] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 855.158205][ T30] audit: type=1400 audit(1758761068.204:2743): avc: denied { setopt } for pid=16082 comm="syz.2.2527" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 855.203492][T13596] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 855.216666][T16075] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 855.235088][T16075] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 855.258269][T16075] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 855.276762][T16075] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 855.287116][T16075] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 855.294672][T16075] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 855.306149][T16075] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2169664663 [ 855.317254][T16075] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 855.321197][ T5975] usb 2-1: config 1 interface 0 altsetting 9 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 855.329744][T16087] ubi31: background thread "ubi_bgt31d" started, PID 16087 [ 855.382627][ T5975] usb 2-1: config 1 interface 0 has no altsetting 0 [ 855.383244][T13596] usb 4-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad [ 855.400285][ T5975] usb 2-1: language id specifier not provided by device, defaulting to English [ 855.420479][ T5975] usb 2-1: New USB device found, idVendor=054c, idProduct=042f, bcdDevice= 0.40 [ 855.422532][T13596] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 855.439475][ T5975] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 855.458021][ T5975] usb 2-1: Product: 矮ݯ萬ꓕ脩橺ẛ♞ᘷ쏂緁쥳氌闤뽧⡳쎀軓嬥ퟀ⑞补䉷ꮵిꇴ珼阻艵䦦㧱큫ﴈ [ 855.470348][T13596] usb 4-1: config 0 descriptor?? [ 855.520097][ T5975] usb 2-1: Manufacturer: С [ 855.525422][ T5975] usb 2-1: SerialNumber: ␁ [ 855.690885][T13596] usb 4-1: can't set first interface for hiFace device. [ 855.717968][T13596] snd-usb-hiface 4-1:0.0: probe with driver snd-usb-hiface failed with error -5 [ 855.751228][T13596] usb 4-1: USB disconnect, device number 35 [ 855.979916][ T5975] usbhid 2-1:1.0: can't add hid device: -71 [ 855.986412][ T5975] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 856.006711][ T5975] usb 2-1: USB disconnect, device number 39 [ 857.077780][T16094] Failed to initialize the IGMP autojoin socket (err -2) [ 857.309580][T16139] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2550'. [ 857.440489][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 857.440504][ T30] audit: type=1400 audit(1758761070.494:2746): avc: denied { read write } for pid=16142 comm="syz.4.2552" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 857.472476][ T30] audit: type=1400 audit(1758761070.494:2747): avc: denied { open } for pid=16142 comm="syz.4.2552" path="/487/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 857.509795][ T30] audit: type=1400 audit(1758761070.524:2748): avc: denied { map } for pid=16146 comm="syz.1.2554" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1  34"N[ 857.695239][ T30] audit: type=1400 audit(1758761070.744:2749): avc: denied { write } for pid=16160 comm="syz.4.2558" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 857.717742][T16165] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2562'. [ 857.761853][ T30] audit: type=1400 audit(1758761070.744:2750): avc: denied { ioctl } for pid=16160 comm="syz.4.2558" path="socket:[55740]" dev="sockfs" ino=55740 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 857.875372][ T30] audit: type=1400 audit(1758761070.904:2751): avc: denied { write } for pid=16170 comm="syz.0.2565" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 858.075912][ T30] audit: type=1400 audit(1758761071.124:2752): avc: denied { shutdown } for pid=16176 comm="syz.4.2567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 858.320293][T13243] usb 36-1: device descriptor read/8, error -110 [ 858.651093][ T30] audit: type=1400 audit(1758761071.694:2753): avc: denied { create } for pid=16189 comm="syz.3.2571" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 858.760489][T13243] usb usb36-port1: attempt power cycle [ 858.761745][T16197] 8021q: adding VLAN 0 to HW filter on device bond1 [ 858.890310][T16201] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 858.890802][T16201] batadv_slave_0: entered promiscuous mode [ 858.956506][T16197] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 858.965380][T16197] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 859.569967][T13243] usb usb36-port1: unable to enumerate USB device [ 859.696325][ T30] audit: type=1400 audit(1758761072.744:2754): avc: denied { unlink } for pid=5843 comm="syz-executor" name="file0" dev="tmpfs" ino=2717 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 859.968970][ T30] audit: type=1400 audit(1758761073.014:2755): avc: denied { mount } for pid=16220 comm="syz.3.2583" name="/" dev="configfs" ino=1228 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 863.144876][T16259] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2596'. [ 864.172813][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 864.172828][ T30] audit: type=1400 audit(1758761077.154:2760): avc: denied { read } for pid=16257 comm="syz.3.2595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 864.305489][T16268] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 864.318102][T16268] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -2 [ 865.279414][T16279] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2601'. [ 866.541106][ T30] audit: type=1400 audit(1758761079.594:2761): avc: denied { bind } for pid=16293 comm="syz.4.2607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 866.668747][ T30] audit: type=1400 audit(1758761079.594:2762): avc: denied { setopt } for pid=16293 comm="syz.4.2607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 868.036318][T16314] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 868.036318][T16314] The task syz.2.2612 (16314) triggered the difference, watch for misbehavior. [ 868.036837][T13596] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 868.260368][ T5913] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 868.292044][T13596] usb 1-1: Using ep0 maxpacket: 32 [ 868.334384][T13596] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 868.363525][T13596] usb 1-1: config 0 has no interface number 0 [ 868.375572][T13596] usb 1-1: config 0 interface 89 has no altsetting 0 [ 868.384297][T13596] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 868.394048][ T942] usb 5-1: new full-speed USB device number 41 using dummy_hcd [ 868.419540][ T5913] usb 4-1: Using ep0 maxpacket: 8 [ 868.426038][ T5913] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 868.530897][T13596] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 868.539279][T13596] usb 1-1: Product: syz [ 868.543541][ T5913] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 868.556504][T13596] usb 1-1: Manufacturer: syz [ 868.563780][T13596] usb 1-1: SerialNumber: syz [ 868.581426][T13596] usb 1-1: config 0 descriptor?? [ 868.593439][ T5913] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 869.018984][T13596] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 869.029146][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 869.037360][T13596] em28xx 1-1:0.89: Video interface 89 found: bulk [ 869.044841][ T5913] usb 4-1: Product: syz [ 869.053471][ T5913] usb 4-1: Manufacturer: syz [ 869.060787][ T942] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 869.071711][ T5913] usb 4-1: SerialNumber: syz [ 869.077212][ T942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 869.111017][ T5913] usb 4-1: bad CDC descriptors [ 869.119959][ T942] usb 5-1: config 0 descriptor?? [ 869.130477][ T5913] usbtest 4-1:1.0: couldn't get endpoints, -22 [ 869.136698][ T5913] usbtest 4-1:1.0: probe with driver usbtest failed with error -22 [ 869.382986][T16340] overlayfs: failed to clone upperpath [ 869.561507][T13596] em28xx 1-1:0.89: unknown em28xx chip ID (0) [ 869.592207][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.148982][ T942] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 870.179959][ T942] [drm:udl_init] *ERROR* Selecting channel failed [ 870.224128][ T942] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 870.247049][T16349] siw: device registration error -23 [ 870.250147][ T942] [drm] Initialized udl on minor 2 [ 870.284251][ T942] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 870.298452][ T5971] usb 4-1: USB disconnect, device number 36 [ 870.314251][ T942] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 870.338492][ T5913] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 870.357050][ T942] usb 5-1: USB disconnect, device number 41 [ 870.374615][ T5913] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 871.275222][ T5855] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 871.286108][ T5855] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 871.299891][ T5855] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 871.308086][ T5855] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 871.318945][ T5855] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 871.334422][T13596] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 871.369753][ T30] audit: type=1400 audit(1758761084.394:2763): avc: denied { mounton } for pid=16354 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 871.394957][T16354] Failed to initialize the IGMP autojoin socket (err -2) [ 871.418680][T13596] em28xx 1-1:0.89: board has no eeprom [ 871.841111][T13596] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67) [ 871.848857][T13596] em28xx 1-1:0.89: analog set to bulk mode. [ 871.865604][ T5913] em28xx 1-1:0.89: Registering V4L2 extension [ 871.897604][T13596] usb 1-1: USB disconnect, device number 41 [ 872.331932][T13596] em28xx 1-1:0.89: Disconnecting em28xx [ 872.374314][ T5913] em28xx 1-1:0.89: Config register raw data: 0xffffffed [ 872.385973][ T5913] em28xx 1-1:0.89: AC97 chip type couldn't be determined [ 872.393028][ T5913] em28xx 1-1:0.89: No AC97 audio processor [ 872.404149][ T5913] usb 1-1: Decoder not found [ 872.408724][ T5913] em28xx 1-1:0.89: failed to create media graph [ 872.415018][ T5913] em28xx 1-1:0.89: V4L2 device video103 deregistered [ 872.425093][ T5913] em28xx 1-1:0.89: Registering snapshot button... [ 872.436353][ T5913] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input15 [ 872.450731][ T5913] em28xx 1-1:0.89: Remote control support is not available for this card. [ 872.459403][T13596] em28xx 1-1:0.89: Closing input extension [ 872.492159][T13596] em28xx 1-1:0.89: Deregistering snapshot button [ 872.735805][T13596] em28xx 1-1:0.89: Freeing device [ 872.819685][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 873.747819][ T5855] Bluetooth: hci5: command tx timeout [ 874.175229][T16398] 9pnet_fd: p9_fd_create_tcp (16398): problem creating socket [ 874.501671][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 874.823596][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 875.104200][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 875.698536][T16423] openvswitch: : Dropping previously announced user features [ 875.727334][T16354] chnl_net:caif_netlink_parms(): no params data found [ 875.755570][ T30] audit: type=1326 audit(1758761088.774:2764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16433 comm="syz.4.2644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f637378eec9 code=0x7ffc0000 [ 875.838500][ T5855] Bluetooth: hci5: command tx timeout [ 875.863234][ T30] audit: type=1326 audit(1758761088.774:2765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16433 comm="syz.4.2644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f637378eec9 code=0x7ffc0000 [ 875.887009][ T30] audit: type=1326 audit(1758761088.774:2766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16433 comm="syz.4.2644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f637378eec9 code=0x7ffc0000 [ 876.029492][ T30] audit: type=1326 audit(1758761088.774:2767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16433 comm="syz.4.2644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f637378eec9 code=0x7ffc0000 [ 876.078577][ T30] audit: type=1326 audit(1758761088.774:2768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16433 comm="syz.4.2644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f637378eec9 code=0x7ffc0000 [ 876.104216][ T30] audit: type=1326 audit(1758761088.774:2769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16433 comm="syz.4.2644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f637378eec9 code=0x7ffc0000 [ 876.130034][ T30] audit: type=1326 audit(1758761088.774:2770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16433 comm="syz.4.2644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f637378eec9 code=0x7ffc0000 [ 876.175573][ T30] audit: type=1326 audit(1758761088.774:2771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16433 comm="syz.4.2644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f637378eec9 code=0x7ffc0000 [ 876.214447][ T30] audit: type=1326 audit(1758761088.774:2772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16433 comm="syz.4.2644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f637378eec9 code=0x7ffc0000 [ 877.293208][ T12] bond0 (unregistering): Released all slaves [ 877.809973][ T12] tipc: Left network mode [ 878.332516][ T5855] Bluetooth: hci5: command tx timeout [ 878.381503][T16354] bridge0: port 1(bridge_slave_0) entered blocking state [ 878.396842][T16354] bridge0: port 1(bridge_slave_0) entered disabled state [ 878.404335][T16354] bridge_slave_0: entered allmulticast mode [ 878.411604][T16354] bridge_slave_0: entered promiscuous mode [ 879.052058][T16354] bridge0: port 2(bridge_slave_1) entered blocking state [ 879.102452][T16354] bridge0: port 2(bridge_slave_1) entered disabled state [ 879.112380][T16354] bridge_slave_1: entered allmulticast mode [ 879.119933][T16354] bridge_slave_1: entered promiscuous mode [ 879.212426][T16476] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 879.218958][T16476] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 879.226709][T16476] vhci_hcd vhci_hcd.0: Device attached [ 879.234280][T16477] vhci_hcd: connection closed [ 879.238124][ T2996] vhci_hcd: stop threads [ 879.352736][ T2996] vhci_hcd: release socket [ 879.383057][ T2996] vhci_hcd: disconnect device [ 879.412301][ T5971] vhci_hcd: vhci_device speed not set [ 879.663743][T16484] input: syz1 as /devices/virtual/input/input16 [ 879.701096][T16354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 879.813787][T16483] netlink: 'syz.3.2654': attribute type 4 has an invalid length. [ 879.863842][T16483] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.2654'. [ 880.048114][T16354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 880.109910][T13243] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 880.195091][T16354] team0: Port device team_slave_0 added [ 880.240898][ T12] hsr_slave_0: left promiscuous mode [ 880.264447][ T12] hsr_slave_1: left promiscuous mode [ 880.309820][T13243] usb 2-1: Using ep0 maxpacket: 8 [ 880.323267][ T12] veth1_macvtap: left promiscuous mode [ 880.324042][T13243] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 880.349496][ T12] veth0_macvtap: left promiscuous mode [ 880.362753][ T12] veth1_vlan: left promiscuous mode [ 880.374316][ T12] veth0_vlan: left promiscuous mode [ 880.388357][T13243] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 880.389661][ T5855] Bluetooth: hci5: command tx timeout [ 880.431233][T13243] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 880.477437][T13243] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 880.554235][T13243] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 880.567437][T13243] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 880.871964][T16511] Bluetooth: MGMT ver 1.23 [ 881.227855][T13243] usb 2-1: GET_CAPABILITIES returned 0 [ 881.241693][T13243] usbtmc 2-1:16.0: can't read capabilities [ 881.253420][T13243] usb 2-1: USB disconnect, device number 40 [ 881.365567][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 881.365608][ T30] audit: type=1400 audit(1758761094.414:2792): avc: denied { open } for pid=16512 comm="syz.3.2659" path="/dev/ptyqa" dev="devtmpfs" ino=129 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 881.667847][ T30] audit: type=1400 audit(1758761094.424:2793): avc: denied { ioctl } for pid=16512 comm="syz.3.2659" path="/dev/ptyqa" dev="devtmpfs" ino=129 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 881.812591][T16521] netlink: 'syz.4.2660': attribute type 10 has an invalid length. [ 882.152914][ T30] audit: type=1400 audit(1758761095.204:2794): avc: denied { create } for pid=16536 comm="syz.1.2669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 883.029479][ T30] audit: type=1400 audit(1758761095.874:2795): avc: denied { read append } for pid=16540 comm="syz.1.2670" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 883.054506][ T5855] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 883.061561][ T5855] Bluetooth: hci2: command 0x0406 tx timeout [ 883.529585][ T30] audit: type=1400 audit(1758761095.874:2796): avc: denied { open } for pid=16540 comm="syz.1.2670" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 883.664267][ T30] audit: type=1400 audit(1758761096.704:2797): avc: denied { accept } for pid=16548 comm="syz.0.2672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 883.851511][ T30] audit: type=1400 audit(1758761096.894:2798): avc: denied { listen } for pid=16548 comm="syz.0.2672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 885.681819][T16424] usb 4-1: new low-speed USB device number 37 using dummy_hcd [ 885.787592][T16354] team0: Port device team_slave_1 added [ 885.852274][T16424] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 885.861174][T16521] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 885.868321][T16521] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 885.875909][T16424] usb 4-1: config 0 has no interface number 0 [ 885.891053][T16424] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 885.892718][T16521] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 885.914144][T16424] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 885.927014][T16424] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 885.949890][T16424] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 885.965656][T16424] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 885.977139][T16424] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 885.998409][T16424] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 886.008547][T16424] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 886.038935][T16424] usb 4-1: config 0 descriptor?? [ 886.081935][T16558] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 886.082285][T16354] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 886.154593][T16558] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 886.189608][T16354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 886.198089][T16424] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 886.234059][T16354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 886.417313][T16354] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 886.428371][T16354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 886.548311][T16354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 886.738800][ T5971] usb 4-1: USB disconnect, device number 37 [ 886.800394][ T5971] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 887.456869][T16354] hsr_slave_0: entered promiscuous mode [ 887.540864][T16354] hsr_slave_1: entered promiscuous mode [ 887.547489][T16354] debugfs: 'hsr0' already exists in 'hsr' [ 887.556345][T16354] Cannot create hsr debugfs directory [ 889.199843][ T5971] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 889.562618][T16606] siw: device registration error -23 [ 889.589524][ T5971] usb 4-1: Using ep0 maxpacket: 32 [ 889.606252][ T5971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 889.624843][ T5971] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 889.635175][T16608] random: crng reseeded on system resumption [ 889.635651][ T5971] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 889.642081][ T30] audit: type=1400 audit(1758761102.684:2799): avc: denied { write } for pid=16607 comm="syz.1.2690" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 889.686415][ T5971] usb 4-1: config 0 descriptor?? [ 889.924976][T16594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 889.942707][T16594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 890.176608][T16594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 890.200425][T16594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 890.437843][T16594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 890.457015][T16594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 890.464732][T16354] netdevsim netdevsim2 netdevsim0: renamed from eth1 [ 890.489044][ T5971] koneplus 0003:1E7D:2D51.0028: unknown main item tag 0x0 [ 890.511396][T16354] netdevsim netdevsim2 netdevsim1: renamed from eth2 [ 890.523225][ T5971] koneplus 0003:1E7D:2D51.0028: unknown main item tag 0x0 [ 890.541961][ T5971] koneplus 0003:1E7D:2D51.0028: unknown main item tag 0x0 [ 890.548169][T16354] netdevsim netdevsim2 netdevsim2: renamed from eth3 [ 890.556175][ T5971] koneplus 0003:1E7D:2D51.0028: unknown main item tag 0x0 [ 890.563523][ T5971] koneplus 0003:1E7D:2D51.0028: unknown main item tag 0x0 [ 890.578967][T16354] netdevsim netdevsim2 netdevsim3: renamed from eth4 [ 890.590172][ T5971] koneplus 0003:1E7D:2D51.0028: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.3-1/input0 [ 891.235236][ T5971] koneplus 0003:1E7D:2D51.0028: couldn't init struct koneplus_device [ 891.321337][ T5971] koneplus 0003:1E7D:2D51.0028: couldn't install mouse [ 891.332534][ T5971] koneplus 0003:1E7D:2D51.0028: probe with driver koneplus failed with error -71 [ 891.344486][T16608] Unrecognized hibernate image header format! [ 891.345525][ T5971] usb 4-1: USB disconnect, device number 38 [ 891.364545][T16608] PM: hibernation: Image mismatch: architecture specific data [ 891.734430][T16354] 8021q: adding VLAN 0 to HW filter on device team0 [ 891.791238][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 891.798331][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 891.936516][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 891.943603][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 893.366338][T16354] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 893.376761][T16354] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 895.445022][T16354] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 896.556317][T16354] veth0_vlan: entered promiscuous mode [ 896.583481][T16354] veth1_vlan: entered promiscuous mode [ 896.835531][T16354] veth0_macvtap: entered promiscuous mode [ 896.929260][T16354] veth1_macvtap: entered promiscuous mode [ 898.577143][T16354] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 898.705849][T16354] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 898.741371][T16430] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 898.915378][T16354] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 898.941332][T16354] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 898.969923][T16430] usb 2-1: Using ep0 maxpacket: 8 [ 898.986472][T16430] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 899.007867][T16354] wireguard: wg0: Could not create IPv4 socket [ 899.444994][T16430] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 899.456058][T16725] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 899.566910][T16430] usb 2-1: Product: syz [ 899.695382][T16354] wireguard: wg1: Could not create IPv4 socket [ 899.846637][T16430] usb 2-1: Manufacturer: syz [ 899.854096][T16430] usb 2-1: SerialNumber: syz [ 899.871975][T16354] wireguard: wg2: Could not create IPv4 socket [ 899.882889][T16430] usb 2-1: config 0 descriptor?? [ 900.118752][T16430] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 900.660325][ T24] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 900.959559][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 900.970020][ T24] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40 [ 900.979118][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 901.013981][ T30] audit: type=1400 audit(1758761114.054:2800): avc: denied { mount } for pid=16737 comm="syz.4.2728" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 901.097561][ T24] usb 1-1: config 0 descriptor?? [ 901.318010][ T24] dvb-usb: found a 'Elgato EyeTV DTT' in warm state. [ 901.325487][T16430] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 901.339795][T16430] usb 2-1: USB disconnect, device number 41 [ 901.365111][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 901.393982][ T24] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT) [ 901.402230][ T24] usb 1-1: media controller created [ 901.436684][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 901.521012][T16734] dib0700: tx buffer length is larger than 4. Not supported. [ 901.536424][ T24] DVB: Unable to find symbol dib7000p_attach() [ 901.566847][ T24] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT' [ 901.651538][ T24] rc_core: IR keymap rc-dib0700-rc5 not found [ 901.662715][ T24] Registered IR keymap rc-empty [ 901.667874][ T24] dvb-usb: could not initialize remote control. [ 901.689433][ T24] dvb-usb: Elgato EyeTV DTT successfully initialized and connected. [ 901.724127][ T24] usb 1-1: USB disconnect, device number 42 [ 901.829548][ T24] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected. [ 902.985387][T16753] kvm: kvm [16752]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xe200006a00 [ 903.213928][T16774] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 904.204693][ T5855] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 904.225450][ T5855] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 904.236864][ T5855] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 904.370507][ T5855] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 904.381649][ T5855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 904.516144][T16784] Failed to initialize the IGMP autojoin socket (err -2) [ 905.509655][T13243] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 905.789483][T13243] usb 1-1: Using ep0 maxpacket: 8 [ 905.798441][T13243] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 905.807806][T13243] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 905.856437][T13243] usb 1-1: Product: syz [ 905.878394][T13243] usb 1-1: Manufacturer: syz [ 905.910823][T13243] usb 1-1: SerialNumber: syz [ 905.937581][T13243] usb 1-1: config 0 descriptor?? [ 906.731339][ T5855] Bluetooth: hci3: command tx timeout [ 906.751260][T13243] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 907.607449][T16840] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 908.276194][T13243] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 908.360840][T13243] usb 1-1: USB disconnect, device number 43 [ 908.398132][T16784] netdevsim netdevsim2 netdevsim0: renamed from eth1 [ 908.434939][T16784] netdevsim netdevsim2 netdevsim1: renamed from eth2 [ 908.481015][T16784] netdevsim netdevsim2 netdevsim2: renamed from eth3 [ 908.529376][T16784] netdevsim netdevsim2 netdevsim3: renamed from eth4 [ 908.693665][T16858] input: syz1 as /devices/virtual/input/input18 [ 908.864314][ T5855] Bluetooth: hci3: command tx timeout [ 909.115916][T16858] netlink: 'syz.1.2754': attribute type 4 has an invalid length. [ 909.225852][T16858] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.2754'. [ 909.299848][T13243] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 909.484248][T13243] usb 1-1: Using ep0 maxpacket: 32 [ 909.567366][T13243] usb 1-1: config 0 has an invalid interface number: 38 but max is 0 [ 909.932417][T13243] usb 1-1: config 0 has no interface number 0 [ 909.979551][T13243] usb 1-1: config 0 interface 38 has no altsetting 0 [ 910.017142][T13243] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=7f.b3 [ 910.031848][T16784] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 910.058381][T13243] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 910.070077][T16784] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 910.085769][T13243] usb 1-1: Product: syz [ 910.096136][T13243] usb 1-1: Manufacturer: syz [ 910.122319][T16784] wireguard: wg0: Could not create IPv4 socket [ 910.129606][T13243] usb 1-1: SerialNumber: syz [ 910.147417][T13243] usb 1-1: config 0 descriptor?? [ 910.160236][T16784] wireguard: wg1: Could not create IPv4 socket [ 910.172111][T13243] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 910.191501][T16784] wireguard: wg2: Could not create IPv4 socket [ 910.953974][ T5855] Bluetooth: hci3: command tx timeout [ 911.188667][T13243] input: gspca_pac7302 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input19 [ 911.440880][T16424] usb 1-1: USB disconnect, device number 44 [ 912.085550][T16917] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 913.078205][ T30] audit: type=1400 audit(1758761125.864:2801): avc: denied { mount } for pid=16929 comm="syz.4.2769" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 913.106031][ T30] audit: type=1400 audit(1758761125.874:2802): avc: denied { search } for pid=16929 comm="syz.4.2769" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 913.710495][ T30] audit: type=1400 audit(1758761126.764:2803): avc: denied { unmount } for pid=5860 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 914.840045][T16424] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 915.505930][T16424] usb 2-1: config 0 has an invalid interface number: 102 but max is 0 [ 915.524065][T16424] usb 2-1: config 0 has no interface number 0 [ 915.540701][T16424] usb 2-1: New USB device found, idVendor=2001, idProduct=1a00, bcdDevice=38.f5 [ 915.563333][T16424] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 915.584668][T16424] usb 2-1: config 0 descriptor?? [ 915.701542][ T30] audit: type=1400 audit(1758761128.734:2804): avc: denied { ioctl } for pid=16990 comm="syz.0.2780" path="/dev/usbmon7" dev="devtmpfs" ino=737 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 916.624817][T17001] netlink: 'syz.0.2781': attribute type 11 has an invalid length. [ 916.649798][T17001] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2781'. [ 916.773065][T16424] asix 2-1:0.102 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 917.179636][T16424] asix 2-1:0.102: probe with driver asix failed with error -71 [ 917.203920][T16424] usb 2-1: USB disconnect, device number 42 [ 917.428339][T14551] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 917.438234][T14551] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 917.449688][T14551] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 917.461114][T14551] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 917.468870][T14551] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 917.546553][T17010] Failed to initialize the IGMP autojoin socket (err -2) [ 918.273371][ T30] audit: type=1400 audit(1758761131.314:2805): avc: denied { mount } for pid=17027 comm="syz.1.2787" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 918.477713][ T30] audit: type=1400 audit(1758761131.514:2806): avc: denied { unmount } for pid=5847 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 918.710677][T17038] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 919.115881][ T30] audit: type=1400 audit(1758761132.154:2807): avc: denied { ioctl } for pid=17044 comm="syz.1.2790" path="socket:[58930]" dev="sockfs" ino=58930 ioctlcmd=0xb100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 919.524461][T14551] Bluetooth: hci3: command tx timeout [ 921.650331][T14551] Bluetooth: hci3: command tx timeout [ 922.118449][T17010] netdevsim netdevsim2 netdevsim0: renamed from eth1 [ 922.232509][T17010] netdevsim netdevsim2 netdevsim1: renamed from eth2 [ 923.013998][T17010] netdevsim netdevsim2 netdevsim2: renamed from eth3 [ 923.040623][T17010] netdevsim netdevsim2 netdevsim3: renamed from eth4 [ 923.636948][T17102] netlink: 'syz.1.2803': attribute type 11 has an invalid length. [ 923.752972][T14551] Bluetooth: hci3: command tx timeout [ 924.369769][T17102] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2803'. [ 924.483796][T17112] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 926.045721][T14551] Bluetooth: hci3: command tx timeout [ 926.661853][T17010] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 926.730645][T17147] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2811'. [ 927.401167][T17010] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 927.421065][T17010] wireguard: wg0: Could not create IPv4 socket [ 928.713311][T17010] wireguard: wg1: Could not create IPv4 socket [ 928.846071][T17010] wireguard: wg2: Could not create IPv4 socket [ 929.034569][T17168] ubi: mtd0 is already attached to ubi31 [ 929.209944][ T30] audit: type=1400 audit(1758761142.254:2808): avc: denied { read } for pid=17178 comm="syz.3.2823" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 929.256884][ T30] audit: type=1400 audit(1758761142.254:2809): avc: denied { open } for pid=17178 comm="syz.3.2823" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 929.285058][ T30] audit: type=1400 audit(1758761142.304:2810): avc: denied { ioctl } for pid=17178 comm="syz.3.2823" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 929.311632][T13243] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 929.504926][T13243] usb 5-1: Using ep0 maxpacket: 8 [ 929.517315][T13243] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 929.548779][T13243] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 929.558813][T13243] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 929.573907][T13243] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 929.596756][T13243] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 929.690406][T13243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 930.057228][T13243] usb 5-1: GET_CAPABILITIES returned 0 [ 930.066633][T13243] usbtmc 5-1:16.0: can't read capabilities [ 930.509519][T14551] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 930.514081][T16424] usb 5-1: USB disconnect, device number 42 [ 930.515829][T14551] Bluetooth: hci2: command 0x0406 tx timeout [ 930.670184][ T30] audit: type=1400 audit(1758761143.714:2811): avc: denied { listen } for pid=17209 comm="syz.1.2828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 930.709649][ T30] audit: type=1400 audit(1758761143.744:2812): avc: denied { kexec_image_load } for pid=17209 comm="syz.1.2828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 931.036714][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.064709][T17223] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2831'. [ 931.344254][T17241] netlink: 'syz.3.2837': attribute type 4 has an invalid length. [ 931.844052][ T5855] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 931.854060][ T5855] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 931.862342][ T5855] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 931.899339][ T5855] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 931.908159][ T5855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 932.272335][T17248] Failed to initialize the IGMP autojoin socket (err -2) [ 933.560608][ T24] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 933.769655][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 933.828508][ T24] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 933.849363][ T24] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 933.870782][ T24] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 933.888202][ T24] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 933.937584][ T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 933.967776][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 933.989576][ T5855] Bluetooth: hci3: command tx timeout [ 934.144500][T17300] hub 9-0:1.0: USB hub found [ 934.160214][T17300] hub 9-0:1.0: 1 port detected [ 934.264920][ T24] usb 4-1: GET_CAPABILITIES returned 0 [ 934.281784][ T24] usbtmc 4-1:16.0: can't read capabilities [ 934.525824][ T24] usb 4-1: USB disconnect, device number 39 [ 934.659529][T13243] usb 2-1: new full-speed USB device number 43 using dummy_hcd [ 934.813839][T13243] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 934.841703][T13243] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 934.863570][T13243] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 934.888091][T13243] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 934.893096][T17248] netdevsim netdevsim2 netdevsim0: renamed from eth1 [ 934.916901][T17248] netdevsim netdevsim2 netdevsim1: renamed from eth2 [ 934.946087][T17248] netdevsim netdevsim2 netdevsim2: renamed from eth3 [ 934.965067][T13243] usb 2-1: config 0 descriptor?? [ 934.981978][T17248] netdevsim netdevsim2 netdevsim3: renamed from eth4 [ 935.390553][ T5971] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 935.416704][T13243] elan 0003:04F3:0755.0029: failed to start in urb: -90 [ 935.450088][T13243] elan 0003:04F3:0755.0029: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 935.552407][ T5971] usb 1-1: Using ep0 maxpacket: 32 [ 935.559248][ T5971] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 935.689566][ T5971] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 935.698616][ T5971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 935.998279][ T5971] usb 1-1: config 0 descriptor?? [ 936.009065][ T24] usb 2-1: USB disconnect, device number 43 [ 936.039035][T17248] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 936.069069][T17248] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 936.086650][ T5855] Bluetooth: hci3: command tx timeout [ 936.116107][T17248] wireguard: wg0: Could not create IPv4 socket [ 936.140980][T17248] wireguard: wg1: Could not create IPv4 socket [ 936.162775][T17248] wireguard: wg2: Could not create IPv4 socket [ 936.216404][T17321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 936.250383][T17321] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 936.301292][T13243] usb 5-1: new low-speed USB device number 43 using dummy_hcd [ 936.473804][T17321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 936.493459][T17321] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 936.621352][T13243] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 936.639195][T13243] usb 5-1: config 0 has no interface number 0 [ 936.646939][T13243] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 936.663689][T13243] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 936.677834][T13243] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 936.693389][T13243] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 936.724809][T17321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 937.302127][T17321] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 937.352911][ T5971] usbhid 1-1:0.0: can't add hid device: -71 [ 937.358903][ T5971] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 937.371739][T13243] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 937.384374][ T5971] usb 1-1: USB disconnect, device number 45 [ 937.446342][T13243] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 937.470031][T13243] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 937.479105][T13243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 937.490460][T13243] usb 5-1: config 0 descriptor?? [ 937.502198][T17348] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 937.517715][T17348] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 937.688555][T13243] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 938.160794][T13243] usb 5-1: USB disconnect, device number 43 [ 938.204144][T13243] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 938.304531][ T30] audit: type=1400 audit(1758761151.354:2813): avc: denied { ioctl } for pid=17391 comm="syz.1.2869" path="socket:[61658]" dev="sockfs" ino=61658 ioctlcmd=0x660c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 938.823502][ T30] audit: type=1400 audit(1758761151.874:2814): avc: denied { cmd } for pid=17401 comm="syz.0.2871" path="socket:[61687]" dev="sockfs" ino=61687 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 939.569518][ T30] audit: type=1400 audit(1758761152.424:2815): avc: denied { read } for pid=17425 comm="syz.3.2877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 939.732109][T17434] block nbd0: Attempted send on invalid socket [ 939.751349][T17434] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 939.964834][ T30] audit: type=1400 audit(1758761153.004:2816): avc: denied { create } for pid=17414 comm="syz.4.2875" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 942.926403][ T30] audit: type=1800 audit(1758761155.954:2817): pid=17502 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.2886" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 942.927924][ T24] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 943.024580][T17506] ubi: mtd0 is already attached to ubi31 [ 943.252735][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 943.289470][ T5975] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 943.384236][ T24] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 943.414303][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 943.546709][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 943.567626][ T24] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 943.637332][ T24] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 943.721909][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 944.020772][ T5975] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB6, changing to 0x86 [ 944.045380][ T5975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 944.065456][ T5975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 944.075699][T14551] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 944.077357][ T5975] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0a2b, bcdDevice= 0.00 [ 944.092050][T14551] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 944.102409][T14551] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 944.113205][ T5975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 944.121348][T14551] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 944.131808][ T5975] usb 4-1: config 0 descriptor?? [ 944.142605][T14551] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 944.149893][ T24] usb 2-1: GET_CAPABILITIES returned 0 [ 944.160448][ T24] usbtmc 2-1:16.0: can't read capabilities [ 944.205357][T17527] Failed to initialize the IGMP autojoin socket (err -2) [ 944.380176][ T5971] usb 2-1: USB disconnect, device number 44 [ 944.590965][ T5975] hid-corsair-void 0003:1B1C:0A2B.002A: unknown main item tag 0x0 [ 944.618697][ T5975] hid-corsair-void 0003:1B1C:0A2B.002A: unknown main item tag 0x0 [ 945.487583][ T5975] hid-corsair-void 0003:1B1C:0A2B.002A: unknown main item tag 0x0 [ 945.555621][ T5975] hid-corsair-void 0003:1B1C:0A2B.002A: unknown main item tag 0x0 [ 945.718720][ T5975] hid-corsair-void 0003:1B1C:0A2B.002A: unknown main item tag 0x0 [ 945.732801][ T5975] hid-corsair-void 0003:1B1C:0A2B.002A: unknown main item tag 0x0 [ 945.754057][ T5975] hid-corsair-void 0003:1B1C:0A2B.002A: unknown main item tag 0x0 [ 946.339788][ T5855] Bluetooth: hci3: command tx timeout [ 946.428873][ T5975] hid-corsair-void 0003:1B1C:0A2B.002A: hidraw0: USB HID v0.00 Device [HID 1b1c:0a2b] on usb-dummy_hcd.3-1/input0 [ 946.839450][ T5975] usb 4-1: USB disconnect, device number 40 [ 946.848634][T13243] hid-corsair-void 0003:1B1C:0A2B.002A: failed to request firmware (reason: -19) [ 946.859295][ T5971] hid-corsair-void 0003:1B1C:0A2B.002A: failed to request battery (reason: -19) [ 946.920231][T17559] fido_id[17559]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 947.838125][T17587] Bluetooth: hci0: load_link_keys: too big key_count value 65280 [ 947.899658][ T24] usb 2-1: new full-speed USB device number 45 using dummy_hcd [ 947.978702][T17585] overlayfs: upper fs does not support file handles, falling back to index=off. [ 948.135519][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 948.241134][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 948.283160][ T24] usb 2-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00 [ 948.300600][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 948.338730][ T24] usb 2-1: config 0 descriptor?? [ 948.385812][T17592] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 948.400029][ T5855] Bluetooth: hci3: command tx timeout [ 948.621282][ T24] usbhid 2-1:0.0: can't add hid device: -71 [ 948.627282][ T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 948.648889][ T24] usb 2-1: USB disconnect, device number 45 [ 949.385634][T17527] netdevsim netdevsim2 netdevsim0: renamed from eth1 [ 949.415031][T17527] netdevsim netdevsim2 netdevsim1: renamed from eth2 [ 949.474188][T17527] netdevsim netdevsim2 netdevsim2: renamed from eth3 [ 949.596117][T17527] netdevsim netdevsim2 netdevsim3: renamed from eth4 [ 949.607816][ T30] audit: type=1400 audit(1758761162.644:2818): avc: denied { accept } for pid=17617 comm="syz.3.2909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 950.480351][ T5855] Bluetooth: hci3: command tx timeout [ 950.750424][T17640] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2916'. [ 950.782304][T17640] bridge0: port 2(bridge_slave_1) entered disabled state [ 950.789894][T17640] bridge0: port 1(bridge_slave_0) entered disabled state [ 950.975833][T17640] bridge0: left allmulticast mode [ 952.188861][T17670] Invalid ELF header magic: != ELF [ 952.264167][ T30] audit: type=1400 audit(1758761165.234:2819): avc: denied { module_load } for pid=17665 comm="syz.3.2920" path="/605/bus" dev="tmpfs" ino=3189 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 952.546667][T17527] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 952.569574][ T5855] Bluetooth: hci3: command tx timeout [ 952.813759][T17527] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 952.918462][T17527] wireguard: wg0: Could not create IPv4 socket [ 952.947222][T17527] wireguard: wg1: Could not create IPv4 socket [ 953.124831][T17527] wireguard: wg2: Could not create IPv4 socket [ 953.642171][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 954.042284][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 954.082292][T17693] ceph: No mds server is up or the cluster is laggy [ 957.489659][ T24] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 957.809452][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 957.823590][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 957.847831][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 957.868487][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 957.882727][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 957.898066][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 957.916069][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 958.134197][ T24] usb 5-1: usb_control_msg returned -71 [ 958.144668][ T24] usbtmc 5-1:16.0: can't read capabilities [ 958.164987][ T24] usb 5-1: USB disconnect, device number 44 [ 958.870458][ T5975] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 959.069560][ T5975] usb 4-1: Using ep0 maxpacket: 32 [ 959.076690][ T5975] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 959.092579][ T5975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 959.120380][ T5975] usb 4-1: config 0 descriptor?? [ 959.416385][ T5975] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 959.529353][ T5975] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 959.642327][ T5975] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 959.682912][ T5975] usb 4-1: media controller created [ 959.700557][T14551] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 959.709472][T14551] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 959.717515][T14551] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 959.725829][T14551] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 959.733658][T14551] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 959.782157][T17817] Failed to initialize the IGMP autojoin socket (err -2) [ 959.883333][ T5975] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 960.010948][ T5975] az6027: usb out operation failed. (-71) [ 960.071721][ T5975] az6027: usb out operation failed. (-71) [ 960.113390][ T5975] stb0899_attach: Driver disabled by Kconfig [ 960.158117][ T5975] az6027: no front-end attached [ 960.158117][ T5975] [ 960.255245][ T5975] az6027: usb out operation failed. (-71) [ 960.264247][ T5975] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 960.428653][ T5975] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input20 [ 960.459331][T17838] 9pnet_virtio: no channels available for device 127.0.0.1 [ 960.593442][ T5855] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 960.594626][ T5975] dvb-usb: schedule remote query interval to 400 msecs. [ 960.605177][ T5855] CPU: 1 UID: 0 PID: 5855 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) [ 960.605201][ T5855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 960.605212][ T5855] Workqueue: hci1 hci_rx_work [ 960.605236][ T5855] Call Trace: [ 960.605243][ T5855] [ 960.605250][ T5855] dump_stack_lvl+0x16c/0x1f0 [ 960.605274][ T5855] sysfs_warn_dup+0x7f/0xa0 [ 960.605296][ T5855] sysfs_create_dir_ns+0x24b/0x2b0 [ 960.605316][ T5855] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 960.605340][ T5855] ? kobject_namespace+0x14f/0x1a0 [ 960.605367][ T5855] kobject_add_internal+0x2c4/0x9b0 [ 960.605393][ T5855] kobject_add+0x16e/0x240 [ 960.605415][ T5855] ? __pfx_kobject_add+0x10/0x10 [ 960.605440][ T5855] ? kobject_put+0xab/0x5a0 [ 960.605469][ T5855] device_add+0x288/0x1aa0 [ 960.605494][ T5855] ? __pfx_device_add+0x10/0x10 [ 960.605525][ T5855] hci_conn_add_sysfs+0x17e/0x230 [ 960.605545][ T5855] le_conn_complete_evt+0x1075/0x1d70 [ 960.605562][ T5855] ? preempt_count_sub+0xb0/0x160 [ 960.605587][ T5855] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 960.605604][ T5855] ? irqentry_exit+0x3b/0x90 [ 960.605623][ T5855] ? lockdep_hardirqs_on+0x7c/0x110 [ 960.605647][ T5855] hci_le_conn_complete_evt+0x23c/0x370 [ 960.605669][ T5855] hci_le_meta_evt+0x354/0x5e0 [ 960.605687][ T5855] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 960.605708][ T5855] hci_event_packet+0x685/0x11c0 [ 960.605725][ T5855] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 960.605744][ T5855] ? __pfx_hci_event_packet+0x10/0x10 [ 960.605764][ T5855] ? kcov_remote_start+0x3d9/0x6d0 [ 960.605788][ T5855] hci_rx_work+0x2c5/0x16b0 [ 960.605811][ T5855] process_one_work+0x9cc/0x1b70 [ 960.605839][ T5855] ? __pfx_process_one_work+0x10/0x10 [ 960.605863][ T5855] ? assign_work+0x1a0/0x250 [ 960.605882][ T5855] worker_thread+0x6c8/0xf10 [ 960.605910][ T5855] ? __pfx_worker_thread+0x10/0x10 [ 960.605927][ T5855] kthread+0x3c2/0x780 [ 960.605943][ T5855] ? __pfx_kthread+0x10/0x10 [ 960.605961][ T5855] ? rcu_is_watching+0x12/0xc0 [ 960.605980][ T5855] ? __pfx_kthread+0x10/0x10 [ 960.605997][ T5855] ret_from_fork+0x56a/0x730 [ 960.606012][ T5855] ? __pfx_kthread+0x10/0x10 [ 960.606028][ T5855] ret_from_fork_asm+0x1a/0x30 [ 960.606059][ T5855] [ 960.606082][ T5855] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 960.839885][ T5855] Bluetooth: hci1: failed to register connection device [ 961.167586][ T5975] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 961.264879][T17847] ubi: mtd0 is already attached to ubi31 [ 961.541008][ T5975] usb 4-1: USB disconnect, device number 41 [ 961.743945][ T5975] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 961.879450][T13243] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 961.899547][ T5855] Bluetooth: hci3: command tx timeout [ 962.059488][T13243] usb 1-1: Using ep0 maxpacket: 8 [ 962.076268][T13243] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 962.113943][T17871] batman_adv: batadv0: Adding interface: dummy0 [ 962.120229][T17871] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 962.145469][T17871] batman_adv: batadv0: Interface activated: dummy0 [ 962.177649][T17871] batadv0: mtu less than device minimum [ 962.184319][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 962.195854][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 962.207234][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 962.218608][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 962.229973][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 962.241313][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 962.252650][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 962.265825][ T30] audit: type=1400 audit(1758761175.214:2820): avc: denied { ioctl } for pid=17861 comm="syz.3.2962" path="socket:[62668]" dev="sockfs" ino=62668 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 962.266494][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 962.310979][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 962.391138][T13243] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 962.401173][T13243] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 962.411104][T13243] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 962.424806][T13243] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 962.433906][T13243] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 962.529197][ T30] audit: type=1400 audit(1758761175.484:2821): avc: denied { connect } for pid=17861 comm="syz.3.2962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 962.774753][T13243] usb 1-1: usb_control_msg returned -71 [ 962.786345][T13243] usbtmc 1-1:16.0: can't read capabilities [ 962.819036][T13243] usb 1-1: USB disconnect, device number 46 [ 963.950092][ T5855] Bluetooth: hci3: command tx timeout [ 963.976125][ T30] audit: type=1400 audit(1758761177.024:2822): avc: denied { write } for pid=17893 comm="syz.0.2970" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 964.086602][T17817] netdevsim netdevsim2 netdevsim0: renamed from eth1 [ 964.132547][T17817] netdevsim netdevsim2 netdevsim1: renamed from eth2 [ 964.172626][T17817] netdevsim netdevsim2 netdevsim2: renamed from eth3 [ 964.217513][T17817] netdevsim netdevsim2 netdevsim3: renamed from eth4 [ 965.045401][T17817] wireguard: wg0: Could not create IPv4 socket [ 965.057365][T17817] wireguard: wg1: Could not create IPv4 socket [ 965.070249][T17817] wireguard: wg2: Could not create IPv4 socket [ 965.169434][ T5975] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 965.350839][ T5975] usb 5-1: Using ep0 maxpacket: 32 [ 965.426359][ T5975] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 965.529347][ T5975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 965.546057][ T5975] usb 5-1: Product: syz [ 965.550518][ T5975] usb 5-1: Manufacturer: syz [ 965.555351][ T5975] usb 5-1: SerialNumber: syz [ 965.566387][ T5975] usb 5-1: config 0 descriptor?? [ 966.096870][ T5975] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 966.291860][ T5975] gspca_ov534_9: reg_w failed -71 [ 966.729481][ T5975] gspca_ov534_9: Unknown sensor 0000 [ 966.730464][ T5975] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22 [ 967.620657][ T5975] usb 5-1: USB disconnect, device number 45 [ 968.769017][T18029] 9pnet_virtio: no channels available for device 127.0.0.1 [ 969.862788][T18048] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3008'. [ 970.220114][T18048] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3008'. [ 972.215533][ T5975] usb 2-1: new full-speed USB device number 46 using dummy_hcd [ 972.380767][ T5975] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 972.405660][ T5975] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 972.428315][ T5975] usb 2-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00 [ 972.444932][ T5975] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 972.465429][ T5975] usb 2-1: config 0 descriptor?? [ 972.767932][ T5975] usbhid 2-1:0.0: can't add hid device: -71 [ 972.782285][ T5975] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 972.808397][ T5975] usb 2-1: USB disconnect, device number 46 [ 973.398767][T14551] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 973.408716][T14551] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 973.423946][T14551] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 973.433576][T14551] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 973.442013][T14551] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 973.457427][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 973.475528][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 33837 - 0 [ 973.497614][T18112] Failed to initialize the IGMP autojoin socket (err -2) [ 973.565197][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 973.578569][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 33837 - 0 [ 973.671804][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 973.689060][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 33837 - 0 [ 973.958188][ T30] audit: type=1400 audit(1758761186.854:2823): avc: denied { wake_alarm } for pid=18127 comm="syz.1.3022" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 974.902851][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 975.017426][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 33837 - 0 [ 975.509573][T14551] Bluetooth: hci1: command tx timeout [ 975.567958][T18148] syzkaller1: entered promiscuous mode [ 975.577182][T18148] syzkaller1: entered allmulticast mode [ 975.980855][ T5855] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 975.991322][ T5855] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 976.016587][ T5855] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 976.031114][ T5855] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 976.042185][ T5855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 976.333327][ T12] bridge_slave_1: left allmulticast mode [ 976.338991][ T12] bridge_slave_1: left promiscuous mode [ 976.387582][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 976.432962][ T12] bridge_slave_0: left allmulticast mode [ 976.438596][ T12] bridge_slave_0: left promiscuous mode [ 976.572203][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 977.620372][ T5855] Bluetooth: hci1: command tx timeout [ 978.072954][ T5855] Bluetooth: hci3: command tx timeout [ 979.669572][T14551] Bluetooth: hci1: command tx timeout [ 980.151474][ T5855] Bluetooth: hci3: command tx timeout [ 980.165934][ T12] $H (unregistering): (slave bond_slave_0): Releasing backup interface [ 980.181858][ T12] bond_slave_0: left promiscuous mode [ 980.206493][ T12] $H (unregistering): (slave bond_slave_1): Releasing backup interface [ 980.228987][ T12] bond_slave_1: left promiscuous mode [ 980.236723][ T12] $H (unregistering): Released all slaves [ 980.478913][ T12] bond1 (unregistering): Released all slaves [ 980.677119][T18150] Failed to initialize the IGMP autojoin socket (err -2) [ 981.216895][T18251] 9pnet: Could not find request transport: tc [ 981.286106][T18259] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3053'. [ 981.749503][ T5855] Bluetooth: hci1: command tx timeout [ 981.793746][ T12] hsr_slave_0: left promiscuous mode [ 981.861665][ T12] hsr_slave_1: left promiscuous mode [ 981.927145][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 981.996370][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 982.007919][ T12] net_ratelimit: 12 callbacks suppressed [ 982.007932][ T12] batadv0: mtu less than device minimum [ 982.025809][ T12] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 982.037549][ T12] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 982.048980][ T12] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 982.060345][ T12] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 982.071733][ T12] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 982.083128][ T12] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 982.094560][ T12] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 982.105961][ T12] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 982.117360][ T12] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272) [ 982.143962][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 982.154386][ T12] batman_adv: batadv0: Interface deactivated: dummy0 [ 982.164367][ T12] batman_adv: batadv0: Removing interface: dummy0 [ 982.242246][ T12] veth1_macvtap: left promiscuous mode [ 982.247788][ T12] veth0_macvtap: left promiscuous mode [ 982.254647][ T12] veth1_vlan: left promiscuous mode [ 982.259999][ T12] veth0_vlan: left promiscuous mode [ 982.630602][ T12] team_slave_1 (unregistering): left promiscuous mode [ 982.637399][ T12] team_slave_1 (unregistering): left allmulticast mode [ 982.647494][ T12] team0 (unregistering): Port device team_slave_1 removed [ 982.688072][ T12] team_slave_0 (unregistering): left promiscuous mode [ 982.702149][ T12] team_slave_0 (unregistering): left allmulticast mode [ 982.711362][ T12] team0 (unregistering): Port device team_slave_0 removed [ 983.019760][ T5975] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 983.059586][ T5971] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 983.196833][ T5975] usb 1-1: Using ep0 maxpacket: 32 [ 983.212278][ T5975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 983.223361][ T5971] usb 5-1: Using ep0 maxpacket: 16 [ 983.239696][ T5971] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 983.260060][T14551] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 983.275787][T14551] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 983.283978][T14551] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 983.292831][T14551] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 983.301311][T14551] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 983.322777][ T5975] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 983.423222][ T5971] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 983.434624][ T5975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 983.442926][ T5971] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 983.476261][ T5975] usb 1-1: config 0 descriptor?? [ 983.491391][ T5971] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 983.531982][ T5971] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 983.569933][ T5971] usb 5-1: config 0 descriptor?? [ 983.706423][T18291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 983.730950][T18291] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 983.782698][T18327] batman_adv: batadv0: Adding interface: dummy0 [ 983.789010][T18327] batman_adv: batadv0: Interface activated: dummy0 [ 983.821809][T18311] Failed to initialize the IGMP autojoin socket (err -2) [ 983.960863][T18291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 984.009657][T18291] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 984.027760][ T5971] input: HID 0955:7214 Haptics as /devices/virtual/input/input21 [ 984.097697][ T5971] shield 0003:0955:7214.002B: Registered Thunderstrike controller [ 984.112034][ T5971] shield 0003:0955:7214.002B: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 984.403425][T18291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 984.445704][ T12] ================================================================== [ 984.453792][ T12] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x9db/0xa30 [ 984.461853][ T12] Write of size 8 at addr ffff888053f60ce8 by task kworker/u8:0/12 [ 984.469729][ T12] [ 984.472040][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) [ 984.472061][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 984.472073][ T12] Workqueue: netns cleanup_net [ 984.472099][ T12] Call Trace: [ 984.472105][ T12] [ 984.472112][ T12] dump_stack_lvl+0x116/0x1f0 [ 984.472136][ T12] print_report+0xcd/0x630 [ 984.472157][ T12] ? __virt_addr_valid+0x81/0x610 [ 984.472180][ T12] ? __phys_addr+0xe8/0x180 [ 984.472202][ T12] ? __xfrm_state_delete+0x9db/0xa30 [ 984.472220][ T12] kasan_report+0xe0/0x110 [ 984.472240][ T12] ? __xfrm_state_delete+0x9db/0xa30 [ 984.472262][ T12] __xfrm_state_delete+0x9db/0xa30 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 984.472283][ T12] __xfrm_state_delete+0x85e/0xa30 [ 984.472303][ T12] xfrm_state_flush+0x512/0x700 [ 984.472324][ T12] ? __pfx_xfrm6_tunnel_net_exit+0x10/0x10 [ 984.472351][ T12] xfrm6_tunnel_net_exit+0x3d/0x160 [ 984.472376][ T12] ? __pfx_xfrm6_tunnel_net_exit+0x10/0x10 [ 984.472402][ T12] ops_undo_list+0x2ee/0xab0 [ 984.472427][ T12] ? __pfx_ops_undo_list+0x10/0x10 [ 984.472449][ T12] ? cleanup_net+0x334/0x890 [ 984.472471][ T12] ? idr_destroy+0x62/0x2e0 [ 984.472491][ T12] cleanup_net+0x408/0x890 [ 984.472514][ T12] ? __pfx_cleanup_net+0x10/0x10 [ 984.472539][ T12] ? rcu_is_watching+0x12/0xc0 [ 984.472568][ T12] process_one_work+0x9cc/0x1b70 [ 984.472592][ T12] ? __pfx_process_one_work+0x10/0x10 [ 984.472613][ T12] ? assign_work+0x1a0/0x250 [ 984.472632][ T12] worker_thread+0x6c8/0xf10 [ 984.472655][ T12] ? __pfx_worker_thread+0x10/0x10 [ 984.472675][ T12] kthread+0x3c2/0x780 [ 984.472692][ T12] ? __pfx_kthread+0x10/0x10 [ 984.472711][ T12] ? rcu_is_watching+0x12/0xc0 [ 984.472732][ T12] ? __pfx_kthread+0x10/0x10 [ 984.472748][ T12] ret_from_fork+0x56a/0x730 [ 984.472765][ T12] ? __pfx_kthread+0x10/0x10 [ 984.472783][ T12] ret_from_fork_asm+0x1a/0x30 [ 984.472809][ T12] [ 984.472816][ T12] [ 984.599782][T18291] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 984.600737][ T12] Allocated by task 9860: [ 984.619439][ T30] audit: type=1400 audit(1758761197.554:2824): avc: denied { write } for pid=5833 comm="syz-executor" path="pipe:[4556]" dev="pipefs" ino=4556 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 984.620114][ T12] kasan_save_stack+0x33/0x60 [ 984.620136][ T12] kasan_save_track+0x14/0x30 [ 984.658001][ T5971] usb 5-1: USB disconnect, device number 46 [ 984.659964][ T12] __kasan_slab_alloc+0x89/0x90 [ 984.659989][ T12] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 984.666800][T18338] shield 0003:0955:7214.002B: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 984.669985][ T12] xfrm_state_alloc+0x23/0x5c0 [ 984.670016][ T12] xfrm_state_find+0x31e6/0x84c0 [ 984.670033][ T12] xfrm_resolve_and_create_bundle+0x4cd/0x3740 [ 984.699585][T18338] shield 0003:0955:7214.002B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 984.702219][ T12] xfrm_lookup_with_ifid+0x2a0/0x1e40 [ 984.706931][T18338] shield 0003:0955:7214.002B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 984.712740][ T12] xfrm_lookup_route+0x3b/0x200 [ 984.712765][ T12] ip_route_output_flow+0x11e/0x150 [ 984.787053][ T12] udp_sendmsg+0x1af9/0x2870 [ 984.791630][ T12] inet_sendmsg+0x105/0x140 [ 984.796109][ T12] ____sys_sendmsg+0x973/0xc70 [ 984.800860][ T12] ___sys_sendmsg+0x134/0x1d0 [ 984.805518][ T12] __sys_sendmmsg+0x200/0x420 [ 984.810179][ T12] __x64_sys_sendmmsg+0x9c/0x100 [ 984.815097][ T12] do_syscall_64+0xcd/0x4e0 [ 984.819597][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 984.825467][ T12] [ 984.827765][ T12] Freed by task 5973: [ 984.831718][ T12] kasan_save_stack+0x33/0x60 [ 984.836371][ T12] kasan_save_track+0x14/0x30 [ 984.841025][ T12] kasan_save_free_info+0x3b/0x60 [ 984.846029][ T12] __kasan_slab_free+0x60/0x70 [ 984.850781][ T12] kmem_cache_free+0x2d1/0x4d0 [ 984.855520][ T12] xfrm_state_gc_task+0x50a/0x770 [ 984.860530][ T12] process_one_work+0x9cc/0x1b70 [ 984.865449][ T12] worker_thread+0x6c8/0xf10 [ 984.870017][ T12] kthread+0x3c2/0x780 [ 984.874085][ T12] ret_from_fork+0x56a/0x730 [ 984.878665][ T12] ret_from_fork_asm+0x1a/0x30 [ 984.883410][ T12] [ 984.885709][ T12] The buggy address belongs to the object at ffff888053f60cc0 [ 984.885709][ T12] which belongs to the cache xfrm_state of size 928 [ 984.899649][ T12] The buggy address is located 40 bytes inside of [ 984.899649][ T12] freed 928-byte region [ffff888053f60cc0, ffff888053f61060) [ 984.913332][ T12] [ 984.915634][ T12] The buggy address belongs to the physical page: [ 984.922018][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888053f60880 pfn:0x53f60 [ 984.932055][ T12] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 984.940527][ T12] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 984.948397][ T12] page_type: f5(slab) [ 984.952355][ T12] raw: 00fff00000000040 ffff88801c7f2140 ffffea000158e400 0000000000000003 [ 984.960913][ T12] raw: ffff888053f60880 00000000000f0002 00000000f5000000 0000000000000000 [ 984.969473][ T12] head: 00fff00000000040 ffff88801c7f2140 ffffea000158e400 0000000000000003 [ 984.978121][ T12] head: ffff888053f60880 00000000000f0002 00000000f5000000 0000000000000000 [ 984.986767][ T12] head: 00fff00000000002 ffffea00014fd801 00000000ffffffff 00000000ffffffff [ 984.995413][ T12] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 985.004055][ T12] page dumped because: kasan: bad access detected [ 985.010439][ T12] page_owner tracks the page as allocated [ 985.016126][ T12] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7266, tgid 7262 (syz.3.315), ts 188339305541, free_ts 188273959622 [ 985.035288][ T12] post_alloc_hook+0x1c0/0x230 [ 985.040039][ T12] get_page_from_freelist+0x132b/0x38e0 [ 985.045563][ T12] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 985.051431][ T12] alloc_pages_mpol+0x1fb/0x550 [ 985.056259][ T12] new_slab+0x247/0x330 [ 985.060396][ T12] ___slab_alloc+0xcf2/0x1750 [ 985.065061][ T12] __slab_alloc.constprop.0+0x56/0xb0 [ 985.070419][ T12] kmem_cache_alloc_noprof+0xef/0x3b0 [ 985.075769][ T12] xfrm_state_alloc+0x23/0x5c0 [ 985.080519][ T12] xfrm_add_sa+0x1283/0x5c50 [ 985.085111][ T12] xfrm_user_rcv_msg+0x58b/0xc00 [ 985.090025][ T12] netlink_rcv_skb+0x155/0x420 [ 985.094769][ T12] xfrm_netlink_rcv+0x71/0x90 [ 985.099421][ T12] netlink_unicast+0x5aa/0x870 [ 985.104165][ T12] netlink_sendmsg+0x8d1/0xdd0 [ 985.108907][ T12] ____sys_sendmsg+0xa98/0xc70 [ 985.113655][ T12] page last free pid 7272 tgid 7272 stack trace: [ 985.119953][ T12] __free_frozen_pages+0x7d5/0x10f0 [ 985.125133][ T12] __put_partials+0x165/0x1c0 [ 985.129792][ T12] qlist_free_all+0x4d/0x120 [ 985.134358][ T12] kasan_quarantine_reduce+0x195/0x1e0 [ 985.139792][ T12] __kasan_slab_alloc+0x69/0x90 [ 985.144622][ T12] __kmalloc_noprof+0x1d4/0x510 [ 985.149447][ T12] tomoyo_encode2+0x100/0x3e0 [ 985.154107][ T12] tomoyo_encode+0x29/0x50 [ 985.158506][ T12] tomoyo_path_perm+0x3a5/0x460 [ 985.163338][ T12] tomoyo_path_symlink+0x97/0xe0 [ 985.168249][ T12] security_path_symlink+0x152/0x2e0 [ 985.173518][ T12] do_symlinkat+0x10d/0x310 [ 985.178004][ T12] __x64_sys_symlinkat+0x93/0xc0 [ 985.182923][ T12] do_syscall_64+0xcd/0x4e0 [ 985.187413][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 985.193284][ T12] [ 985.195583][ T12] Memory state around the buggy address: [ 985.201186][ T12] ffff888053f60b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 985.209222][ T12] ffff888053f60c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 985.217258][ T12] >ffff888053f60c80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 985.225291][ T12] ^ [ 985.232718][ T12] ffff888053f60d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 985.240752][ T12] ffff888053f60d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 985.248785][ T12] ================================================================== [ 985.256902][ T12] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 985.264081][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) [ 985.273355][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 985.283403][ T12] Workqueue: netns cleanup_net [ 985.288170][ T12] Call Trace: [ 985.291440][ T12] [ 985.294360][ T12] dump_stack_lvl+0x3d/0x1f0 [ 985.298948][ T12] vpanic+0x6e8/0x7a0 [ 985.302933][ T12] ? __pfx_vpanic+0x10/0x10 [ 985.307437][ T12] ? __xfrm_state_delete+0x9db/0xa30 [ 985.312712][ T12] panic+0xca/0xd0 [ 985.316422][ T12] ? __pfx_panic+0x10/0x10 [ 985.320840][ T12] ? check_panic_on_warn+0x1f/0xb0 [ 985.325938][ T12] check_panic_on_warn+0xab/0xb0 [ 985.330866][ T12] end_report+0x107/0x170 [ 985.335190][ T12] kasan_report+0xee/0x110 [ 985.339600][ T12] ? __xfrm_state_delete+0x9db/0xa30 [ 985.344882][ T12] __xfrm_state_delete+0x9db/0xa30 [ 985.349993][ T12] __xfrm_state_delete+0x85e/0xa30 [ 985.355103][ T12] xfrm_state_flush+0x512/0x700 [ 985.359949][ T12] ? __pfx_xfrm6_tunnel_net_exit+0x10/0x10 [ 985.365757][ T12] xfrm6_tunnel_net_exit+0x3d/0x160 [ 985.370959][ T12] ? __pfx_xfrm6_tunnel_net_exit+0x10/0x10 [ 985.376766][ T12] ops_undo_list+0x2ee/0xab0 [ 985.381357][ T12] ? __pfx_ops_undo_list+0x10/0x10 [ 985.386468][ T12] ? cleanup_net+0x334/0x890 [ 985.391052][ T12] ? idr_destroy+0x62/0x2e0 [ 985.395538][ T12] cleanup_net+0x408/0x890 [ 985.399942][ T12] ? __pfx_cleanup_net+0x10/0x10 [ 985.404866][ T12] ? rcu_is_watching+0x12/0xc0 [ 985.409615][ T12] process_one_work+0x9cc/0x1b70 [ 985.414542][ T12] ? __pfx_process_one_work+0x10/0x10 [ 985.419899][ T12] ? assign_work+0x1a0/0x250 [ 985.424471][ T12] worker_thread+0x6c8/0xf10 [ 985.429049][ T12] ? __pfx_worker_thread+0x10/0x10 [ 985.434145][ T12] kthread+0x3c2/0x780 [ 985.438195][ T12] ? __pfx_kthread+0x10/0x10 [ 985.442765][ T12] ? rcu_is_watching+0x12/0xc0 [ 985.447516][ T12] ? __pfx_kthread+0x10/0x10 [ 985.452090][ T12] ret_from_fork+0x56a/0x730 [ 985.456662][ T12] ? __pfx_kthread+0x10/0x10 [ 985.461233][ T12] ret_from_fork_asm+0x1a/0x30 [ 985.465985][ T12] [ 985.469164][ T12] Kernel Offset: disabled [ 985.473461][ T12] Rebooting in 86400 seconds..