last executing test programs: 35.858671067s ago: executing program 3 (id=2926): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010100000000000000002b00000008000300", @ANYRES32=r3, @ANYBLOB="05003400b3000000080026009015"], 0x44}}, 0x0) 35.576145979s ago: executing program 3 (id=2930): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) setresuid(0x0, 0x0, 0xee00) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) statfs(&(0x7f0000000180)='./file0\x00', &(0x7f0000000340)=""/58) 35.289307205s ago: executing program 3 (id=2932): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2}, 0x10) socket$kcm(0xa, 0x6, 0x0) 35.126209786s ago: executing program 3 (id=2935): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) rt_sigtimedwait(&(0x7f0000000040), 0x0, &(0x7f0000000100), 0x8) 34.612476165s ago: executing program 3 (id=2939): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000e80)={0x78, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x3a, 0xe, {{{}, {}, @device_a, @device_b}, 0x0, @default, 0x0, @void, @val, @void, @val={0x4, 0x6}, @void, @void, @val={0x25, 0x3, {0x2}}, @val={0x2a, 0x1, {0x1}}, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_PROBE_RESP={0x6, 0x91, "c9b1"}]]}, 0x78}}, 0x0) 26.307689824s ago: executing program 0 (id=2987): r0 = socket$inet6(0xa, 0x802, 0x0) r1 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x60, 0x0, r0, 0x0, 0x0, 0x0, 0x40000100, 0x1}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 25.836872093s ago: executing program 0 (id=2991): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$packet(0x11, 0x3, 0x300) close_range(r0, 0xffffffffffffffff, 0x0) 25.517739856s ago: executing program 0 (id=2994): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0xc0, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0xffffff80, 0x2, [@TCA_HTB_INIT={0x18}, @TCA_HTB_INIT={0x18}, @TCA_HTB_INIT={0x18}, @TCA_HTB_DIRECT_QLEN={0x8}, @TCA_HTB_INIT={0x18}]}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x61, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0xc0}}, 0x0) 25.20865837s ago: executing program 0 (id=2997): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port1\x00', 0xeb, 0x111c27}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) dup(r0) close_range(r0, 0xffffffffffffffff, 0x0) 24.947929291s ago: executing program 0 (id=3001): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x29) r1 = accept$alg(r0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='mountstats\x00') sendfile(r1, r2, 0x0, 0x35) 24.681717041s ago: executing program 0 (id=3004): r0 = syz_io_uring_setup(0x4f5, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x5}, &(0x7f0000000100), &(0x7f0000000000)) io_uring_enter(r0, 0x0, 0x400000, 0x1, 0x0, 0x0) io_uring_enter(r0, 0x52e, 0x0, 0x0, 0x0, 0x0) r1 = eventfd2(0x1fffff, 0x80800) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000040)=r1, 0x1) 17.598455567s ago: executing program 3 (id=2939): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000e80)={0x78, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x3a, 0xe, {{{}, {}, @device_a, @device_b}, 0x0, @default, 0x0, @void, @val, @void, @val={0x4, 0x6}, @void, @void, @val={0x25, 0x3, {0x2}}, @val={0x2a, 0x1, {0x1}}, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_PROBE_RESP={0x6, 0x91, "c9b1"}]]}, 0x78}}, 0x0) 2.743196627s ago: executing program 4 (id=3112): r0 = socket(0x400000000010, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001500)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x100}, 0x0) write(r0, &(0x7f0000000040)="3a03000018002551075c0165ff0ffc02802000030004000500e1000c0400070080000900", 0x33a) 2.435707115s ago: executing program 4 (id=3115): syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x9, 0xa2c65) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)) 2.400133599s ago: executing program 2 (id=3116): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x2035, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 2.291429513s ago: executing program 1 (id=3117): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000480)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xd, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x90}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 2.086522235s ago: executing program 4 (id=3118): r0 = fsopen(&(0x7f0000000040)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat(r1, &(0x7f0000000040)='./file2\x00', 0x14b042, 0x0) read$FUSE(r2, &(0x7f00000004c0)={0x2020}, 0x2020) 1.991497055s ago: executing program 1 (id=3119): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}}, 0x0, 0x0, 0x43, 0x0, "e541bd3d3aa6a2d875e9671e8abcb31c134f3a9db8f52e1f54fe6e079f35ac63186c7244fc3b3801e79b8e5545b90f2dbec29f15cec2fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db"}, 0xd8) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000400)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @broadcast}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xd7}}}}}}, 0x0) 1.965064886s ago: executing program 2 (id=3120): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x1, 0x40, 0x40, 0x41, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'virt_wifi0\x00', @random="0100ffffffff"}) 1.727839993s ago: executing program 4 (id=3121): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETA(r1, 0x5406, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7ff, 0x0, "0b77380a49fed5c1"}) 1.666493485s ago: executing program 1 (id=3122): r0 = open(&(0x7f0000000040)='./bus\x00', 0x14507e, 0x0) r1 = eventfd2(0x20, 0x0) r2 = dup2(r1, r0) ppoll(&(0x7f0000002980)=[{r2}], 0x1, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000400)={0x2020}, 0x2020) 1.648789961s ago: executing program 2 (id=3123): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000b80)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "65f658", 0x15, 0x6, 0x0, @remote, @private0, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"8c"}}}}}}}}, 0x4f) 818.662966ms ago: executing program 2 (id=3124): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r0, r1, 0x26}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r0, r2, 0x5}, 0x10) 700.999708ms ago: executing program 4 (id=3125): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000080)) prlimit64(0x0, 0x7, &(0x7f0000000040)={0x3, 0x40}, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000040)=ANY=[]) 651.421144ms ago: executing program 1 (id=3126): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read(r1, &(0x7f0000000040)=""/148, 0xffffff96) 537.394721ms ago: executing program 2 (id=3127): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a0435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@local, @random="5f198721fa66", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "a8b4ce", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@mptcp=@remove_addr={0x1e, 0x3, 0x0, 0x3}]}}}}}}}}, 0x0) 338.515412ms ago: executing program 1 (id=3128): mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) mount$binder(0x0, &(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000240)={[{@stats}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') r1 = open(&(0x7f0000000a40)='./bus\x00', 0x141a42, 0x0) sendfile(r1, r0, 0x0, 0x100801700) 222.343718ms ago: executing program 4 (id=3129): unshare(0x68060200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108) r0 = socket$igmp(0x2, 0x3, 0x2) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000240)={'security\x00', 0x0, [0x2, 0x0, 0x4, 0x0, 0xfffffffe]}, &(0x7f00000001c0)=0x54) 132.570004ms ago: executing program 2 (id=3130): r0 = timerfd_create(0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)) timerfd_settime(r0, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) 0s ago: executing program 1 (id=3131): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000006c0)={'vcan0\x00', 0x0}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x1d, r1}, 0x10, &(0x7f0000000240)={&(0x7f0000000180)={0x4, 0x0, 0x0, {0x0, 0xea60}, {}, {}, 0x1, @can={{}, 0xfc, 0x0, 0x4, 0x0, "63bad47c2fbf2948"}}, 0x48}}, 0x0) kernel console output (not intermixed with test programs): 25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.195830][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.207292][ T29] audit: type=1326 audit(1725948996.142:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.4.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48e17def9 code=0x7ffc0000 [ 326.242605][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.268660][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.289235][ T29] audit: type=1326 audit(1725948996.142:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.4.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48e17def9 code=0x7ffc0000 [ 326.312859][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.329986][ T9809] Bluetooth: hci3: too big key_count value 40847 [ 326.332832][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.364637][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.384966][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.405306][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.428686][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.446617][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.487290][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.525052][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.538713][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.566995][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.581576][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.597502][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.608232][ T9813] netlink: 'syz.4.2024': attribute type 1 has an invalid length. [ 326.633448][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.638484][ T9813] netlink: 'syz.4.2024': attribute type 3 has an invalid length. [ 326.648631][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.668695][ T9813] netlink: 216 bytes leftover after parsing attributes in process `syz.4.2024'. [ 326.704724][ T9813] NCSI netlink: No device for ifindex 813332851 [ 326.715123][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.743983][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.768947][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.786868][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.811862][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.827061][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.868203][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.890138][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.902449][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.918815][ T25] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 326.956635][ T25] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving [ 327.040725][ T25] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 327.118759][ T25] usb 3-1: USB disconnect, device number 19 [ 327.326063][ T9833] binder_alloc: binder_alloc_mmap_handler: 9832 20ffc000-20ffd000 already mapped failed -16 [ 327.951906][ T5289] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 328.172566][ T5289] usb 3-1: New USB device found, idVendor=05ac, idProduct=022b, bcdDevice= 0.00 [ 328.182794][ T5289] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.237209][ T5289] usb 3-1: config 0 descriptor?? [ 328.284654][ T29] kauditd_printk_skb: 39 callbacks suppressed [ 328.284679][ T29] audit: type=1400 audit(1725948998.212:539): avc: denied { create } for pid=9854 comm="syz.1.2043" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 328.331166][ T29] audit: type=1400 audit(1725948998.232:540): avc: denied { bind } for pid=9854 comm="syz.1.2043" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 328.357820][ T29] audit: type=1400 audit(1725948998.232:541): avc: denied { name_bind } for pid=9854 comm="syz.1.2043" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 328.454732][ T29] audit: type=1400 audit(1725948998.232:542): avc: denied { node_bind } for pid=9854 comm="syz.1.2043" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 328.661931][ T5289] apple 0003:05AC:022B.0017: unknown main item tag 0x0 [ 328.690624][ T5289] apple 0003:05AC:022B.0017: unknown main item tag 0x0 [ 328.706300][ T5289] apple 0003:05AC:022B.0017: unknown main item tag 0x0 [ 328.722387][ T5289] apple 0003:05AC:022B.0017: unknown main item tag 0x0 [ 328.735209][ T5289] apple 0003:05AC:022B.0017: unknown main item tag 0x0 [ 328.755989][ T5289] apple 0003:05AC:022B.0017: unknown main item tag 0x0 [ 328.773641][ T5289] apple 0003:05AC:022B.0017: unknown main item tag 0x0 [ 328.802250][ T5289] apple 0003:05AC:022B.0017: hidraw0: USB HID v0.00 Device [HID 05ac:022b] on usb-dummy_hcd.2-1/input0 [ 328.886769][ T1177] usb 3-1: USB disconnect, device number 20 [ 328.927370][ T29] audit: type=1400 audit(1725948998.862:543): avc: denied { read } for pid=9870 comm="syz.0.2051" name="usbmon0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 329.009433][ T29] audit: type=1400 audit(1725948998.862:544): avc: denied { open } for pid=9870 comm="syz.0.2051" path="/dev/usbmon0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 329.433604][ T9886] binder_alloc: binder_alloc_mmap_handler: 9883 20ffd000-20fff000 already mapped failed -16 [ 330.023683][ T29] audit: type=1400 audit(1725948999.962:545): avc: denied { write } for pid=9907 comm="syz.4.2069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 330.242426][ T9916] netlink: 'syz.4.2072': attribute type 2 has an invalid length. [ 330.272161][ T9916] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2072'. [ 330.358930][ T1177] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 330.509372][ T9921] pimreg: entered allmulticast mode [ 330.551409][ T1177] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 330.575311][ T1177] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 330.580569][ T29] audit: type=1326 audit(1725949000.502:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9922 comm="syz.4.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48e17def9 code=0x7ffc0000 [ 330.616580][ T1177] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 330.636369][ T1177] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.671656][ T1177] usb 2-1: Product: syz [ 330.675906][ T1177] usb 2-1: Manufacturer: syz [ 330.703516][ T1177] usb 2-1: SerialNumber: syz [ 330.728713][ T9901] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 330.767594][ T29] audit: type=1400 audit(1725949000.702:547): avc: denied { set_context_mgr } for pid=9927 comm="syz.3.2079" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 330.856160][ T9932] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 331.000423][ T1177] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71 [ 331.030302][ T1177] usb 2-1: USB disconnect, device number 20 [ 331.054547][ T9936] usb usb8: usbfs: process 9936 (syz.2.2081) did not claim interface 0 before use [ 331.300793][ T29] audit: type=1400 audit(1725949001.242:548): avc: denied { name_bind } for pid=9942 comm="syz.2.2085" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 331.566561][ T9954] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2091'. [ 331.648666][ T5289] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 331.862447][ T5289] usb 4-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 331.888684][ T5289] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.910093][ T5289] usb 4-1: config 0 descriptor?? [ 332.259689][ T9979] batadv_slave_1: entered allmulticast mode [ 332.259854][ T9979] batadv_slave_1: left allmulticast mode [ 332.330886][ T9981] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2104'. [ 332.340441][ T9981] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2104'. [ 332.365010][ T5289] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 332.782996][ T5289] gs_usb 4-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO) [ 332.801278][ T5289] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -71 [ 332.837119][ T5289] usb 4-1: USB disconnect, device number 12 [ 333.130224][ T5319] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 333.344149][ T5319] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.364864][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 333.364887][ T29] audit: type=1400 audit(1725949003.302:551): avc: denied { setopt } for pid=10012 comm="syz.0.2120" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 333.374509][ T5319] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 333.440545][ T5319] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 333.450876][ T5319] usb 2-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 333.461416][ T5319] usb 2-1: Product: syz [ 333.550477][ T5319] usb 2-1: config 0 descriptor?? [ 333.946767][T10029] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2127'. [ 333.980053][ T5319] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x0 [ 334.001399][ T5319] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x0 [ 334.034562][ T5319] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x0 [ 334.071005][ T5319] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x0 [ 334.078244][ T5319] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x0 [ 334.118779][ T5319] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x0 [ 334.145405][ T5319] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x0 [ 334.165226][ T5319] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x0 [ 334.195514][ T5319] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x0 [ 334.214439][ T5319] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x0 [ 334.230689][ T5319] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x0 [ 334.280727][ T5319] konepure 0003:1E7D:2DB4.0018: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 334.325306][ T5319] usb 2-1: USB disconnect, device number 21 [ 334.449379][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.518885][ T1177] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 334.528962][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.539943][ T29] audit: type=1400 audit(1725949004.472:552): avc: denied { ioctl } for pid=10043 comm="syz.0.2136" path="/dev/usbmon0" dev="devtmpfs" ino=707 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 334.711405][ T1177] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 334.721143][ T1177] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.734696][ T1177] usb 5-1: config 0 descriptor?? [ 334.763645][ T1177] cp210x 5-1:0.0: cp210x converter detected [ 335.199274][ T1177] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 335.437419][ T1177] usb 5-1: cp210x converter now attached to ttyUSB0 [ 335.593676][ T29] audit: type=1400 audit(1725949005.532:553): avc: denied { ioctl } for pid=10076 comm="syz.2.2149" path="socket:[25641]" dev="sockfs" ino=25641 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 335.639014][ T942] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 335.650614][ T5310] usb 5-1: USB disconnect, device number 9 [ 335.681043][ T5310] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 335.761902][ T5310] cp210x 5-1:0.0: device disconnected [ 335.841815][ T942] usb 4-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 335.865498][ T942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.900188][ T942] usb 4-1: config 0 descriptor?? [ 336.124966][T10094] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2158'. [ 336.340489][ T942] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 336.700669][T10110] netlink: 'syz.2.2165': attribute type 9 has an invalid length. [ 336.708495][T10110] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2165'. [ 336.760305][ T942] gs_usb 4-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 336.783420][ T942] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -22 [ 336.790078][T10111] netlink: 'syz.2.2165': attribute type 9 has an invalid length. [ 336.792523][ T5319] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 336.824861][T10111] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2165'. [ 336.979026][ T8] usb 4-1: USB disconnect, device number 13 [ 337.003898][ T5319] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 337.043960][ T5319] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 337.064233][ T5319] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 337.091977][ T5319] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 337.118675][ T5319] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.150803][ T5319] usb 5-1: config 0 descriptor?? [ 337.198201][T10119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.210151][T10119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.222073][T10119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.231645][T10119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.243307][T10119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.253751][T10119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.264605][T10119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.279199][T10119] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.299053][ T25] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 337.491748][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 337.524025][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 337.550520][ T25] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 337.584867][ T25] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 337.588391][ T5319] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving [ 337.601250][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.634100][ T25] usb 2-1: config 0 descriptor?? [ 337.683035][ T5319] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 337.926094][ T5310] usb 5-1: USB disconnect, device number 10 [ 338.024311][ T29] audit: type=1400 audit(1725949007.962:554): avc: denied { setopt } for pid=10136 comm="syz.0.2177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 338.225255][ T25] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 338.260454][ T25] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 338.276893][ T25] plantronics 0003:047F:FFFF.001A: No inputs registered, leaving [ 338.318027][ T25] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 338.666268][ T29] audit: type=1400 audit(1725949008.612:555): avc: denied { append } for pid=10154 comm="syz.2.2186" name="card0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 338.680697][T10158] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0 [ 338.702966][ T25] usb 2-1: USB disconnect, device number 22 [ 338.900538][ T29] audit: type=1400 audit(1725949008.842:556): avc: denied { write } for pid=10159 comm="syz.3.2188" path="socket:[26736]" dev="sockfs" ino=26736 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 338.934529][ T5310] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 339.146457][ T5310] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 339.178362][ T5310] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 339.205383][ T5310] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 339.217356][ T5310] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 339.227292][ T5310] usb 1-1: SerialNumber: syz [ 339.472389][ T5310] usb 1-1: 0:2 : does not exist [ 339.515416][ T5310] usb 1-1: 5:0: failed to get current value for ch 1 (-22) [ 339.609342][T10180] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.2198'. [ 339.619225][ T5310] usb 1-1: USB disconnect, device number 14 [ 339.646997][T10180] net_ratelimit: 111 callbacks suppressed [ 339.647025][T10180] openvswitch: netlink: IP tunnel dst address not specified [ 340.219649][ T29] audit: type=1326 audit(1725949010.162:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10195 comm="syz.3.2206" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa92ad7def9 code=0x0 [ 340.243949][T10201] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2208'. [ 340.254335][T10201] netlink: 'syz.0.2208': attribute type 2 has an invalid length. [ 340.273115][T10201] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2208'. [ 340.288963][ T8] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 340.501734][ T8] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 340.541180][ T8] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 340.562466][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.585945][ T8] usb 3-1: Product: syz [ 340.594712][ T8] usb 3-1: Manufacturer: syz [ 340.606684][ T8] usb 3-1: SerialNumber: syz [ 340.622727][T10192] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 340.671113][ T29] audit: type=1400 audit(1725949010.612:558): avc: denied { accept } for pid=10210 comm="syz.0.2212" lport=51345 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 340.694109][ C1] vkms_vblank_simulate: vblank timer overrun [ 340.747359][ T29] audit: type=1400 audit(1725949010.652:559): avc: denied { getopt } for pid=10210 comm="syz.0.2212" lport=51345 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 340.927193][ T8] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 340.946016][ T8] usb 3-1: USB disconnect, device number 21 [ 341.550647][ T5310] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 341.752515][ T5310] usb 3-1: config index 0 descriptor too short (expected 301, got 72) [ 341.778044][ T5310] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 341.796812][ T5310] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 1024, setting to 64 [ 341.808483][ T5310] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 341.841981][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 341.848648][ T5310] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2007, setting to 64 [ 341.918608][ T5310] usb 3-1: config 16 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 3 [ 341.968934][ T5310] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 341.998661][ T5289] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 342.010817][ T5310] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.050214][T10192] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 342.219681][ T5289] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 342.257022][ T5289] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 342.298887][ T5289] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 342.318798][ T5289] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 342.319083][ T5310] usb 3-1: usb_control_msg returned -71 [ 342.342436][T10248] input: syz1 as /devices/virtual/input/input16 [ 342.344115][ T5289] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 342.364808][ T5310] usbtmc 3-1:16.0: can't read capabilities [ 342.392092][ T5289] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.403599][ T5310] usb 3-1: USB disconnect, device number 22 [ 342.417740][ T5289] usb 5-1: config 0 descriptor?? [ 342.939964][ T5289] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving [ 342.981682][ T5289] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 343.442045][ T29] audit: type=1400 audit(1725949013.382:560): avc: denied { map } for pid=10260 comm="syz.1.2234" path="/dev/sg0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 343.517854][ T29] audit: type=1400 audit(1725949013.412:561): avc: denied { execute } for pid=10260 comm="syz.1.2234" path="/dev/sg0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 343.542116][ C1] vkms_vblank_simulate: vblank timer overrun [ 343.843378][T10271] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=10271 comm=syz.0.2236 [ 345.256086][ T5286] usb 5-1: USB disconnect, device number 11 [ 345.568981][ T8] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 345.794159][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 345.830520][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 345.856657][ T8] usb 2-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00 [ 345.886454][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.925866][ T8] usb 2-1: config 0 descriptor?? [ 346.264639][T10307] sctp: [Deprecated]: syz.0.2253 (pid 10307) Use of struct sctp_assoc_value in delayed_ack socket option. [ 346.264639][T10307] Use struct sctp_sack_info instead [ 346.460097][ T8] cypress 0003:04B4:07B1.001C: unknown main item tag 0x6 [ 346.490785][ T8] cypress 0003:04B4:07B1.001C: item fetching failed at offset 4/5 [ 346.516118][ T8] cypress 0003:04B4:07B1.001C: parse failed [ 346.547792][ T8] cypress 0003:04B4:07B1.001C: probe with driver cypress failed with error -22 [ 346.572631][T10312] syz_tun: entered promiscuous mode [ 346.612195][T10312] batadv_slave_0: entered promiscuous mode [ 346.782671][ T29] audit: type=1400 audit(1725949016.722:562): avc: denied { setopt } for pid=10315 comm="syz.2.2256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 347.053064][ T5286] usb 2-1: USB disconnect, device number 23 [ 347.155576][ T29] audit: type=1400 audit(1725949017.092:563): avc: denied { sqpoll } for pid=10325 comm="syz.3.2261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 347.273759][ T25] kernel write not supported for file bpf-prog (pid: 25 comm: kworker/1:0) [ 347.365115][ T5310] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 347.500342][ T29] audit: type=1400 audit(1725949017.432:564): avc: denied { execute } for pid=10330 comm="syz.0.2263" path="/dev/audio1" dev="devtmpfs" ino=1101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 347.570262][ T5310] usb 3-1: Using ep0 maxpacket: 8 [ 347.587948][ T5310] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 347.598149][ T29] audit: type=1400 audit(1725949017.472:565): avc: denied { mount } for pid=10333 comm="syz.4.2264" name="/" dev="hugetlbfs" ino=26252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 347.638364][ T5310] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 347.668816][ T5310] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 347.688792][ T29] audit: type=1804 audit(1725949017.572:566): pid=10334 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.2264" name="/newroot/457/file0/bus" dev="hugetlbfs" ino=26253 res=1 errno=0 [ 347.718752][ T5310] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 347.751551][ T5310] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 347.770473][ T29] audit: type=1400 audit(1725949017.682:567): avc: denied { unmount } for pid=5244 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 347.796928][ T5310] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 347.849040][ T5310] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.122233][ T5310] usb 3-1: GET_CAPABILITIES returned 0 [ 348.127853][ T5310] usbtmc 3-1:16.0: can't read capabilities [ 348.232347][ T29] audit: type=1400 audit(1725949018.172:568): avc: denied { write } for pid=10343 comm="syz.1.2269" name="mdstat" dev="proc" ino=4026532011 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_mdstat_t tclass=file permissive=1 [ 348.504578][ T5286] usb 3-1: USB disconnect, device number 23 [ 348.684265][ T29] audit: type=1400 audit(1725949018.622:569): avc: denied { execute } for pid=10355 comm="syz.0.2274" name="file0" dev="ramfs" ino=27054 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 348.758990][ T29] audit: type=1400 audit(1725949018.632:570): avc: denied { execute_no_trans } for pid=10355 comm="syz.0.2274" path="/file0" dev="ramfs" ino=27054 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 349.240086][T10371] trusted_key: syz.3.2281 sent an empty control message without MSG_MORE. [ 349.365612][ T29] audit: type=1400 audit(1725949019.302:571): avc: denied { read } for pid=10373 comm="syz.2.2284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 350.675514][T10386] orangefs_mount: mount request failed with -4 [ 350.965760][T10405] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2296'. [ 351.637595][T10423] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 352.377700][ T29] audit: type=1400 audit(1725949022.312:572): avc: denied { watch watch_reads } for pid=10443 comm="syz.3.2315" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CC1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F5202864656C6574656429 dev="tmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 352.670785][T10452] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2318'. [ 353.888091][ T29] audit: type=1400 audit(1725949023.812:573): avc: denied { append } for pid=10486 comm="syz.3.2334" name="sg0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 354.485943][T10506] netlink: 'syz.4.2342': attribute type 2 has an invalid length. [ 354.509413][T10506] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2342'. [ 355.999853][T10546] netlink: 'syz.3.2359': attribute type 3 has an invalid length. [ 356.346138][T10553] syzkaller1: entered promiscuous mode [ 356.373380][T10553] syzkaller1: entered allmulticast mode [ 357.671643][T10584] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2376'. [ 358.359234][T10600] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 359.605297][T10632] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2398'. [ 360.359233][ T5246] Bluetooth: hci0: command 0x0406 tx timeout [ 360.577038][T10653] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 360.584639][T10653] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 360.647513][T10653] vhci_hcd vhci_hcd.0: Device attached [ 360.826958][T10654] vhci_hcd: connection closed [ 360.858142][ T53] vhci_hcd: stop threads [ 360.896303][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 360.903756][ T53] vhci_hcd: release socket [ 360.905216][ T5286] usb 11-1: new high-speed USB device number 2 using vhci_hcd [ 360.919213][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 360.939174][ T53] vhci_hcd: disconnect device [ 361.604373][ T29] audit: type=1400 audit(1725949031.542:574): avc: denied { append } for pid=10668 comm="syz.1.2413" name="virtual_nci" dev="devtmpfs" ino=684 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 361.649153][ T25] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 361.846887][ T29] audit: type=1400 audit(1725949031.772:575): avc: denied { read } for pid=10675 comm="syz.3.2414" path="socket:[27989]" dev="sockfs" ino=27989 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 361.906704][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 361.928249][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 361.959035][ T25] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 361.993664][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.024090][ T25] usb 1-1: config 0 descriptor?? [ 362.342641][ T29] audit: type=1400 audit(1725949032.282:576): avc: denied { mount } for pid=10686 comm="syz.2.2419" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 362.531628][ T25] hid-multitouch 0003:1FD2:6007.001D: unknown main item tag 0x3 [ 362.545370][ T25] hid-multitouch 0003:1FD2:6007.001D: unknown main item tag 0x4 [ 362.575605][ T25] hid-multitouch 0003:1FD2:6007.001D: item fetching failed at offset 4/5 [ 362.604633][ T25] hid-multitouch 0003:1FD2:6007.001D: probe with driver hid-multitouch failed with error -22 [ 362.931040][ T25] usb 1-1: USB disconnect, device number 15 [ 363.032187][ T29] audit: type=1400 audit(1725949032.972:577): avc: denied { getopt } for pid=10700 comm="syz.2.2426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 363.571455][ T8] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 363.602784][ T5319] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 363.786807][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 363.805931][ T5319] usb 5-1: Using ep0 maxpacket: 32 [ 363.823945][ T5319] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 363.834571][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 363.852852][ T5319] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.865673][ T8] usb 4-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00 [ 363.877983][ T5319] usb 5-1: Product: syz [ 363.887707][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.898141][ T5319] usb 5-1: Manufacturer: syz [ 363.903122][ T5319] usb 5-1: SerialNumber: syz [ 363.917246][ T8] usb 4-1: config 0 descriptor?? [ 363.934403][ T5319] usb 5-1: config 0 descriptor?? [ 363.947151][ T5319] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 364.044775][ T29] audit: type=1400 audit(1725949033.982:578): avc: denied { watch_mount } for pid=10734 comm="syz.1.2440" path="/471" dev="tmpfs" ino=2411 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 364.373920][ T8] pantherlord 0003:0F30:0111.001E: item fetching failed at offset 6/7 [ 364.399738][ T8] pantherlord 0003:0F30:0111.001E: parse failed [ 364.406199][ T8] pantherlord 0003:0F30:0111.001E: probe with driver pantherlord failed with error -22 [ 364.553850][ T29] audit: type=1400 audit(1725949034.492:579): avc: denied { lock } for pid=10743 comm="syz.2.2444" path="socket:[28154]" dev="sockfs" ino=28154 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 364.610426][ T1177] usb 4-1: USB disconnect, device number 14 [ 364.769314][ T29] audit: type=1400 audit(1725949034.712:580): avc: denied { write } for pid=10746 comm="syz.1.2445" name="usbmon0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 364.837870][ T5319] gspca_stk1135: reg_w 0x5 err -71 [ 364.846704][ T5319] gspca_stk1135: serial bus timeout: status=0x00 [ 364.854748][ T5319] gspca_stk1135: Sensor write failed [ 364.861892][ T5319] gspca_stk1135: serial bus timeout: status=0x00 [ 364.868402][ T5319] gspca_stk1135: Sensor write failed [ 364.874357][ T5319] gspca_stk1135: serial bus timeout: status=0x00 [ 364.881870][ T5319] gspca_stk1135: Sensor read failed [ 364.887128][ T5319] gspca_stk1135: serial bus timeout: status=0x00 [ 364.893686][ T5319] gspca_stk1135: Sensor read failed [ 364.899518][ T5319] gspca_stk1135: Detected sensor type unknown (0x0) [ 364.907507][ T5319] gspca_stk1135: serial bus timeout: status=0x00 [ 364.914423][ T5319] gspca_stk1135: Sensor read failed [ 364.919878][ T5319] gspca_stk1135: serial bus timeout: status=0x00 [ 364.926347][ T5319] gspca_stk1135: Sensor read failed [ 364.935442][ T5319] gspca_stk1135: serial bus timeout: status=0x00 [ 364.941919][ T5319] gspca_stk1135: Sensor write failed [ 364.947310][ T5319] gspca_stk1135: serial bus timeout: status=0x00 [ 364.955099][ T5319] gspca_stk1135: Sensor write failed [ 364.960641][ T5319] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71 [ 364.975152][ T5319] usb 5-1: USB disconnect, device number 12 [ 365.362061][T10753] vcan0: tx address claim with dest, not broadcast [ 365.532964][ T29] audit: type=1400 audit(1725949035.472:581): avc: denied { ioctl } for pid=10755 comm="syz.3.2449" path="/dev/ptp0" dev="devtmpfs" ino=1075 ioctlcmd=0x3d07 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 365.581438][ T5246] Bluetooth: hci4: unexpected event for opcode 0x1003 [ 365.837678][ T29] audit: type=1400 audit(1725949035.772:582): avc: denied { write } for pid=10766 comm="syz.1.2455" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 365.861923][T10768] random: crng reseeded on system resumption [ 365.929988][ T29] audit: type=1400 audit(1725949035.772:583): avc: denied { open } for pid=10766 comm="syz.1.2455" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 366.118899][ T5286] vhci_hcd: vhci_device speed not set [ 367.059790][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 367.149246][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 367.158263][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 367.166962][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 367.175748][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 367.184472][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 367.229096][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 367.908690][ T8] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 367.928744][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 367.928769][ T29] audit: type=1400 audit(1725949037.862:587): avc: denied { getopt } for pid=10808 comm="syz.3.2472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 368.165637][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.189014][ T29] audit: type=1400 audit(1725949038.122:588): avc: denied { write } for pid=10820 comm="syz.3.2478" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 368.191231][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 368.266241][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 368.284513][ T8] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 368.304153][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.340941][ T8] usb 5-1: config 0 descriptor?? [ 368.528801][ T1177] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 368.728211][ T1177] usb 1-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 368.749780][ T1177] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.758439][ T1177] usb 1-1: Product: syz [ 368.798893][ T1177] usb 1-1: Manufacturer: syz [ 368.802736][ T8] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0 [ 368.803829][ T1177] usb 1-1: SerialNumber: syz [ 368.821010][ T1177] usb 1-1: config 0 descriptor?? [ 368.838740][ T8] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0 [ 368.847863][ T8] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0 [ 368.889091][ T8] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0 [ 368.896585][ T8] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0 [ 368.924034][ T8] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0 [ 368.937775][ T8] plantronics 0003:047F:FFFF.001F: No inputs registered, leaving [ 368.967721][ T8] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 369.206858][ T5286] usb 5-1: USB disconnect, device number 13 [ 369.265220][ T29] audit: type=1400 audit(1725949295.210:589): avc: denied { bind } for pid=10846 comm="syz.2.2489" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 369.309835][T10848] Bluetooth: hci3: service_discovery: expected 52 bytes, got 7 bytes [ 369.452445][ T29] audit: type=1400 audit(1725949295.400:590): avc: denied { mount } for pid=10851 comm="syz.2.2492" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 369.517153][ T29] audit: type=1400 audit(1725949295.400:591): avc: denied { remount } for pid=10851 comm="syz.2.2492" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 369.642441][ T5246] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 369.652203][ T5246] Bluetooth: hci4: Injecting HCI hardware error event [ 369.667677][ T5243] Bluetooth: hci4: hardware error 0x00 [ 369.911804][ T1177] usb 1-1: f81604_read: reg: 100f failed: -EPROTO [ 369.961306][ T1177] usb 1-1: f81604_read: reg: 200f failed: -EPROTO [ 369.985365][ T1177] usb 1-1: USB disconnect, device number 16 [ 370.013870][ T1177] usb 1-1: f81604_read: reg: 100f failed: -ENODEV [ 370.108350][ T1177] usb 1-1: f81604_read: reg: 200f failed: -ENODEV [ 370.740577][T10888] syz.2.2505: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 370.753880][T10888] CPU: 0 UID: 0 PID: 10888 Comm: syz.2.2505 Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0 [ 370.753930][T10888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 370.753958][T10888] Call Trace: [ 370.753973][T10888] [ 370.753988][T10888] dump_stack_lvl+0x16c/0x1f0 [ 370.754037][T10888] warn_alloc+0x24d/0x3a0 [ 370.754081][T10888] ? __pfx_warn_alloc+0x10/0x10 [ 370.754114][T10888] ? hlock_class+0x4e/0x130 [ 370.754152][T10888] ? stack_depot_save_flags+0x28/0x8f0 [ 370.754208][T10888] ? kasan_save_stack+0x42/0x60 [ 370.754258][T10888] ? kasan_save_stack+0x33/0x60 [ 370.754308][T10888] ? kasan_save_track+0x14/0x30 [ 370.754356][T10888] ? __kasan_kmalloc+0xaa/0xb0 [ 370.754403][T10888] ? xskq_create+0x52/0x1d0 [ 370.754430][T10888] ? xsk_setsockopt+0x757/0xa10 [ 370.754477][T10888] ? __sys_setsockopt+0x1a4/0x270 [ 370.754523][T10888] ? __x64_sys_setsockopt+0xbd/0x160 [ 370.754565][T10888] ? do_syscall_64+0xcd/0x250 [ 370.754616][T10888] __vmalloc_node_range_noprof+0x10a3/0x14e0 [ 370.754666][T10888] ? xskq_create+0xfb/0x1d0 [ 370.754728][T10888] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 370.754776][T10888] ? xskq_create+0xfb/0x1d0 [ 370.754805][T10888] vmalloc_user_noprof+0x6b/0x90 [ 370.754840][T10888] ? xskq_create+0xfb/0x1d0 [ 370.754868][T10888] xskq_create+0xfb/0x1d0 [ 370.754901][T10888] xsk_setsockopt+0x757/0xa10 [ 370.754950][T10888] ? __pfx_xsk_setsockopt+0x10/0x10 [ 370.754999][T10888] ? find_held_lock+0x2d/0x110 [ 370.755040][T10888] ? selinux_socket_setsockopt+0x6a/0x80 [ 370.755090][T10888] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 370.755134][T10888] ? __pfx_xsk_setsockopt+0x10/0x10 [ 370.755183][T10888] do_sock_setsockopt+0x222/0x480 [ 370.755215][T10888] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 370.755269][T10888] ? __fget_light+0x173/0x210 [ 370.755307][T10888] __sys_setsockopt+0x1a4/0x270 [ 370.755354][T10888] ? __pfx___sys_setsockopt+0x10/0x10 [ 370.755397][T10888] ? handle_mm_fault+0x52d/0xa60 [ 370.755446][T10888] __x64_sys_setsockopt+0xbd/0x160 [ 370.755495][T10888] ? do_syscall_64+0x91/0x250 [ 370.755537][T10888] ? lockdep_hardirqs_on+0x7c/0x110 [ 370.755578][T10888] do_syscall_64+0xcd/0x250 [ 370.755626][T10888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.755659][T10888] RIP: 0033:0x7f68a377def9 [ 370.755689][T10888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.755718][T10888] RSP: 002b:00007f68a4571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 370.755748][T10888] RAX: ffffffffffffffda RBX: 00007f68a3936058 RCX: 00007f68a377def9 [ 370.755769][T10888] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000003 [ 370.755789][T10888] RBP: 00007f68a37f09f6 R08: 0000000000000020 R09: 0000000000000000 [ 370.755809][T10888] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 370.755830][T10888] R13: 0000000000000001 R14: 00007f68a3936058 R15: 00007ffe5c848ff8 [ 370.755870][T10888] [ 370.774482][T10888] Mem-Info: [ 370.774510][T10888] active_anon:3505 inactive_anon:0 isolated_anon:0 [ 370.774510][T10888] active_file:12648 inactive_file:38892 isolated_file:0 [ 370.774510][T10888] unevictable:768 dirty:448 writeback:0 [ 370.774510][T10888] slab_reclaimable:10126 slab_unreclaimable:97198 [ 370.774510][T10888] mapped:20884 shmem:1262 pagetables:892 [ 370.774510][T10888] sec_pagetables:0 bounce:0 [ 370.774510][T10888] kernel_misc_reclaimable:0 [ 370.774510][T10888] free:1352515 free_pcp:610 free_cma:0 [ 370.774610][T10888] Node 0 active_anon:14020kB inactive_anon:0kB active_file:50592kB inactive_file:155496kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:83536kB dirty:1792kB writeback:0kB shmem:3512kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10248kB pagetables:3568kB sec_pagetables:0kB all_unreclaimable? no [ 370.774707][T10888] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 370.774795][T10888] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 370.774898][T10888] lowmem_reserve[]: 0 2467 2468 0 0 [ 370.774972][T10888] Node 0 DMA32 free:1446420kB boost:0kB min:34228kB low:42784kB high:51340kB reserved_highatomic:0KB active_anon:14004kB inactive_anon:0kB active_file:50592kB inactive_file:154676kB unevictable:1536kB writepending:1792kB present:3129332kB managed:2553820kB mlocked:0kB bounce:0kB free_pcp:2404kB local_pcp:1304kB free_cma:0kB [ 370.775076][T10888] lowmem_reserve[]: 0 0 0 0 0 [ 370.775147][T10888] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:16kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:8kB free_cma:0kB [ 370.775240][T10888] lowmem_reserve[]: 0 0 0 0 0 [ 370.775307][T10888] Node 1 Normal free:3948280kB boost:0kB min:55660kB low:69572kB high:83484kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 370.775409][T10888] lowmem_reserve[]: 0 0 0 0 0 [ 370.775474][T10888] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 370.776129][T10888] Node 0 DMA32: 975*4kB (UM) 1075*8kB (UME) 773*16kB (UME) 559*32kB (UME) 338*64kB (UME) 62*128kB (UME) 33*256kB (UME) 9*512kB (UME) 5*1024kB (ME) 2*2048kB (ME) 330*4096kB (UM) = 1446276kB [ 370.776449][T10888] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 370.776637][T10888] Node 1 Normal: 4*4kB (U) 3*8kB (U) 3*16kB (U) 7*32kB (U) 3*64kB (UM) 8*128kB (U) 3*256kB (UM) 3*512kB (UM) 2*1024kB (U) 3*2048kB (U) 961*4096kB (UM) = 3948280kB [ 370.776963][T10888] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 370.776995][T10888] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 370.777031][T10888] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 370.777063][T10888] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 370.777093][T10888] 52802 total pagecache pages [ 370.777107][T10888] 0 pages in swap cache [ 370.777119][T10888] Free swap = 124576kB [ 370.777132][T10888] Total swap = 124996kB [ 370.777146][T10888] 2097051 pages RAM [ 370.777159][T10888] 0 pages HighMem/MovableOnly [ 370.777173][T10888] 427258 pages reserved [ 370.777185][T10888] 0 pages cma reserved [ 371.223239][T10899] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2511'. [ 371.288719][ T1177] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 371.754361][ T5243] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 371.807980][ T5243] block nbd1: Receive control failed (result -107) [ 371.889160][T10902] nbd1: detected capacity change from 0 to 15960 [ 371.927613][T10898] block nbd1: shutting down sockets [ 371.975825][ T1177] usb 1-1: Using ep0 maxpacket: 8 [ 371.986399][T10911] random: crng reseeded on system resumption [ 372.002353][ T1177] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 372.030662][ T1177] usb 1-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 372.078675][ T1177] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.117619][ T1177] usb 1-1: config 0 descriptor?? [ 372.135962][ T1177] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 372.678037][T10895] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 372.725208][T10895] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 372.758936][T10923] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2521'. [ 372.824568][ T1177] usb 1-1: USB disconnect, device number 17 [ 373.461596][T10948] netlink: 'syz.4.2532': attribute type 19 has an invalid length. [ 373.656011][ T8] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 373.868416][T10955] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 373.891732][ T8] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 373.907504][ T8] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 373.928823][T10955] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 373.947201][T10955] hsr0: entered allmulticast mode [ 373.952632][T10955] hsr_slave_0: entered allmulticast mode [ 373.958340][T10955] hsr_slave_1: entered allmulticast mode [ 373.958403][ T29] audit: type=1400 audit(1725949299.900:592): avc: denied { shutdown } for pid=10958 comm="syz.0.2547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 373.994687][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 374.079280][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 374.110769][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 374.148047][ T8] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 374.181558][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.212770][ T8] usb 2-1: config 0 descriptor?? [ 374.219494][T10944] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 374.622756][T10946] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2533'. [ 374.636951][T10946] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 374.710091][T10946] syz.2.2533 (10946) used greatest stack depth: 21280 bytes left [ 374.744937][ T8] plantronics 0003:047F:FFFF.0020: unknown main item tag 0xe [ 374.762844][ T8] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x2 [ 374.780230][ T8] plantronics 0003:047F:FFFF.0020: No inputs registered, leaving [ 374.827301][ T8] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 374.973742][T10980] netlink: 64535 bytes leftover after parsing attributes in process `syz.4.2546'. [ 375.333405][ T8] usb 2-1: USB disconnect, device number 24 [ 375.798299][T11001] netlink: 'syz.4.2557': attribute type 33 has an invalid length. [ 375.828838][T11001] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2557'. [ 376.062322][ T5243] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260 [ 376.358667][ T8] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 376.422359][T11021] kernel read not supported for file /eth0 (pid: 11021 comm: syz.1.2566) [ 376.426191][ T5289] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 376.434914][ T29] audit: type=1800 audit(1725949302.380:593): pid=11021 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.2566" name="eth0" dev="mqueue" ino=22165 res=0 errno=0 [ 376.571593][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 376.582194][ T8] usb 4-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01 [ 376.594764][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.632470][ T8] usb 4-1: config 0 descriptor?? [ 376.661954][ T5289] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 376.672363][ T8] ums-jumpshot 4-1:0.0: USB Mass Storage device detected [ 376.689274][ T5289] usb 1-1: config 0 has no interface number 0 [ 376.699735][ T5289] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 376.736947][ T8] ums-jumpshot 4-1:0.0: Quirks match for vid 05dc pid 0001: 2 [ 376.750357][ T5289] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 376.778387][ T5289] usb 1-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 376.800714][ T5289] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.826442][ T5289] usb 1-1: config 0 descriptor?? [ 376.966368][T11036] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2573'. [ 377.078891][ T5319] usb 4-1: USB disconnect, device number 15 [ 377.305023][ T5289] hid (null): global environment stack underflow [ 377.349325][ T5289] uclogic 0003:5543:0522.0021: global environment stack underflow [ 377.373566][ T5289] uclogic 0003:5543:0522.0021: item 0 1 1 11 parsing failed [ 377.391518][ T5289] uclogic 0003:5543:0522.0021: parse failed [ 377.407960][ T5289] uclogic 0003:5543:0522.0021: probe with driver uclogic failed with error -22 [ 377.529393][ T29] audit: type=1400 audit(1725949303.480:594): avc: denied { read } for pid=11049 comm="syz.2.2580" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 377.588165][ T29] audit: type=1400 audit(1725949303.480:595): avc: denied { open } for pid=11049 comm="syz.2.2580" path="/520/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 377.668370][ T5289] usb 1-1: USB disconnect, device number 18 [ 377.685456][ T29] audit: type=1400 audit(1725949303.500:596): avc: denied { ioctl } for pid=11049 comm="syz.2.2580" path="/520/file0" dev="overlay" ino=2 ioctlcmd=0x5820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 378.489293][ T5286] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 378.701556][ T5286] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 378.718353][ T5286] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 378.746695][ T5286] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 378.782582][ T5286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 378.792252][T11097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2601'. [ 378.815149][ T5286] usb 4-1: SerialNumber: syz [ 378.829991][T11075] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 379.052402][T11075] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 379.102145][ T5319] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 379.132918][T11106] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 379.140277][T11106] IPv6: NLM_F_CREATE should be set when creating new route [ 379.147627][T11106] IPv6: NLM_F_CREATE should be set when creating new route [ 379.181554][ T5289] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 379.192980][T11106] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 379.290380][ T5319] usb 2-1: Using ep0 maxpacket: 32 [ 379.327123][ T5319] usb 2-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=10.ae [ 379.348619][ T5319] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.360208][ T5319] usb 2-1: Product: syz [ 379.366918][ T5319] usb 2-1: Manufacturer: syz [ 379.371931][ T5289] usb 3-1: Using ep0 maxpacket: 8 [ 379.378698][ T5319] usb 2-1: SerialNumber: syz [ 379.388886][ T5289] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 379.410114][ T5319] usb 2-1: config 0 descriptor?? [ 379.417360][ T5289] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x2C, changing to 0xC [ 379.435809][ T5289] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 64 [ 379.438813][ T5319] ums_eneub6250 2-1:0.0: USB Mass Storage device detected [ 379.456316][ T5289] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 379.478816][ T5289] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 2.40 [ 379.496244][ T5289] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.523635][T11100] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 379.529369][ T5286] cdc_ether 4-1:1.0 wwan0: register 'cdc_ether' at usb-dummy_hcd.3-1, Mobile Broadband Network Device, 42:42:42:42:42:42 [ 379.721835][ T1177] usb 4-1: USB disconnect, device number 16 [ 379.734945][ T1177] cdc_ether 4-1:1.0 wwan0: unregister 'cdc_ether' usb-dummy_hcd.3-1, Mobile Broadband Network Device [ 379.735722][T11112] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2608'. [ 379.833379][ T5319] usb 2-1: USB disconnect, device number 25 [ 380.328993][T11117] netlink: 'syz.4.2610': attribute type 10 has an invalid length. [ 380.337049][T11117] netlink: 55 bytes leftover after parsing attributes in process `syz.4.2610'. [ 380.652530][ T5289] cdc_ncm 3-1:1.0: bind() failure [ 380.672528][ T5289] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 380.683842][ T5289] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 380.694850][ T5289] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 380.724310][ T5289] usb 3-1: USB disconnect, device number 24 [ 380.759202][ T5246] Bluetooth: hci5: command 0x1003 tx timeout [ 380.767333][ T5243] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 380.980520][ T942] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 380.985102][ T29] audit: type=1400 audit(1725949306.930:597): avc: denied { setopt } for pid=11130 comm="syz.0.2616" lport=48447 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 381.190597][ T942] usb 4-1: Using ep0 maxpacket: 8 [ 381.207948][ T942] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 381.225572][ T942] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.250221][ T942] usb 4-1: Product: syz [ 381.259001][ T942] usb 4-1: Manufacturer: syz [ 381.263683][ T942] usb 4-1: SerialNumber: syz [ 381.285011][ T942] usb 4-1: config 0 descriptor?? [ 381.297085][T11136] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2618'. [ 381.324764][T11136] netlink: 'syz.1.2618': attribute type 7 has an invalid length. [ 381.338836][T11136] netlink: 'syz.1.2618': attribute type 8 has an invalid length. [ 381.353678][T11136] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2618'. [ 381.537598][ T942] dvb_usb_rtl28xxu 4-1:0.0: chip type detection failed -71 [ 381.557810][ T942] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 381.576426][ T942] usb 4-1: USB disconnect, device number 17 [ 381.652961][T11138] syzkaller1: entered promiscuous mode [ 381.669858][T11138] syzkaller1: entered allmulticast mode [ 382.428650][ T5286] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 382.656558][ T5286] usb 1-1: Using ep0 maxpacket: 16 [ 382.678124][ T5286] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 382.708671][ T5286] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 382.730378][ T5286] usb 1-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 382.744709][ T5286] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.769953][ T5286] usb 1-1: config 0 descriptor?? [ 382.954412][T11175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2635'. [ 383.280676][ T5286] waterforce 0003:1044:7A4D.0022: unknown main item tag 0x0 [ 383.303906][ T5286] waterforce 0003:1044:7A4D.0022: unknown main item tag 0x0 [ 383.340870][ T29] audit: type=1400 audit(1725949309.290:598): avc: denied { mounton } for pid=11181 comm="syz.4.2638" path="/proc/1169" dev="proc" ino=29589 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 383.344072][ T5286] waterforce 0003:1044:7A4D.0022: unknown main item tag 0x0 [ 383.416725][ T5286] waterforce 0003:1044:7A4D.0022: unknown main item tag 0x0 [ 383.472772][ T5286] waterforce 0003:1044:7A4D.0022: hidraw0: USB HID v0.00 Device [HID 1044:7a4d] on usb-dummy_hcd.0-1/input0 [ 383.579955][ T5286] waterforce 0003:1044:7A4D.0022: fw version request failed with -38 [ 383.608065][ T29] audit: type=1400 audit(1725949309.550:599): avc: denied { relabelfrom } for pid=11185 comm="syz.2.2640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 383.640537][ T5286] usb 1-1: USB disconnect, device number 19 [ 383.697306][ T29] audit: type=1400 audit(1725949309.550:600): avc: denied { relabelto } for pid=11185 comm="syz.2.2640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 383.819498][ T29] audit: type=1400 audit(1725949309.770:601): avc: denied { mounton } for pid=11192 comm="syz.3.2643" path="/syzcgroup/unified/syz3" dev="cgroup2" ino=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 383.868862][ T942] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 384.073063][T11199] bridge0: port 1(bridge_slave_0) entered disabled state [ 384.099792][T11199] bridge0: entered allmulticast mode [ 384.124993][ T942] usb 2-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc [ 384.148628][ T942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.156707][ T942] usb 2-1: Product: syz [ 384.188858][ T942] usb 2-1: Manufacturer: syz [ 384.193585][ T942] usb 2-1: SerialNumber: syz [ 384.257150][ T942] usb 2-1: config 0 descriptor?? [ 384.287777][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.305114][ T942] cypress_m8 2-1:0.0: Nokia CA-42 V2 Adapter converter detected [ 384.321607][ T942] nokiaca42v2 ttyUSB0: required endpoint is missing [ 384.610943][ T29] audit: type=1326 audit(1725949310.560:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11210 comm="syz.3.2650" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa92ad7def9 code=0x0 [ 384.721930][ T29] audit: type=1400 audit(1725949310.670:603): avc: denied { ioctl } for pid=11213 comm="syz.4.2653" path="socket:[30024]" dev="sockfs" ino=30024 ioctlcmd=0x8b1b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 384.988714][ T5310] usb 2-1: USB disconnect, device number 26 [ 385.019047][ T5310] cypress_m8 2-1:0.0: device disconnected [ 385.052450][ T29] audit: type=1400 audit(1725949311.000:604): avc: denied { setopt } for pid=11221 comm="syz.4.2655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 386.905070][T11266] netlink: 'syz.2.2675': attribute type 3 has an invalid length. [ 386.928718][ T5286] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 386.942557][T11266] netlink: 'syz.2.2675': attribute type 4 has an invalid length. [ 386.959016][T11266] netlink: 'syz.2.2675': attribute type 7 has an invalid length. [ 386.978736][T11266] netlink: 'syz.2.2675': attribute type 8 has an invalid length. [ 387.003433][T11266] netlink: 'syz.2.2675': attribute type 7 has an invalid length. [ 387.021835][T11266] netlink: 198180 bytes leftover after parsing attributes in process `syz.2.2675'. [ 387.138898][ T5286] usb 1-1: Using ep0 maxpacket: 16 [ 387.182492][ T5286] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 387.208566][ T5286] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 387.234382][ T5286] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 387.261053][ T5286] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 387.270489][ T5286] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.312187][ T5286] usb 1-1: config 0 descriptor?? [ 387.815951][ T5286] HID 045e:07da: Invalid code 65791 type 1 [ 387.860947][ T5286] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0023/input/input18 [ 387.920103][ T5286] microsoft 0003:045E:07DA.0023: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 388.152055][ T5286] usb 1-1: USB disconnect, device number 20 [ 388.158704][ T5310] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 388.381869][ T5310] usb 4-1: config 0 has no interfaces? [ 388.396504][ T5310] usb 4-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=a0.35 [ 388.416750][ T5310] usb 4-1: New USB device strings: Mfr=140, Product=47, SerialNumber=177 [ 388.437143][ T5310] usb 4-1: Product: syz [ 388.447290][ T5310] usb 4-1: Manufacturer: syz [ 388.457434][ T5310] usb 4-1: SerialNumber: syz [ 388.474230][ T5310] usb 4-1: config 0 descriptor?? [ 388.589040][ T1177] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 388.768833][T11292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 388.795196][ T1177] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 388.798926][T11292] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 388.816631][ T1177] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 388.847775][ T1177] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 388.885456][ T1177] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 388.923298][ T1177] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 388.938254][ T1177] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.948734][ T5286] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 388.983202][ T1177] usb 5-1: config 0 descriptor?? [ 388.990840][T11303] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 389.129738][ T5288] usb 4-1: USB disconnect, device number 18 [ 389.189066][ T5286] usb 3-1: Using ep0 maxpacket: 8 [ 389.203962][ T5286] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 389.240545][ T5286] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.268951][ T5286] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 389.288029][ T5286] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 389.303359][ T5286] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 389.314031][ T5286] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 389.329908][ T5286] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 389.348553][ T5286] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.357344][ T5286] usb 3-1: Product: syz [ 389.369885][ T5286] usb 3-1: Manufacturer: syz [ 389.374591][ T5286] usb 3-1: SerialNumber: syz [ 389.502813][ T1177] plantronics 0003:047F:FFFF.0024: unknown main item tag 0xd [ 389.525686][ T1177] plantronics 0003:047F:FFFF.0024: No inputs registered, leaving [ 389.568268][ T1177] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 389.577345][T11329] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2704'. [ 389.629286][ T5286] cdc_ncm 3-1:1.0: bind() failure [ 389.645005][ T5286] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 389.668687][ T5286] cdc_ncm 3-1:1.1: bind() failure [ 389.692564][ T5286] usb 3-1: USB disconnect, device number 25 [ 389.936096][ T5288] usb 5-1: USB disconnect, device number 14 [ 390.076042][T11338] ax25_connect(): syz.1.2708 uses autobind, please contact jreuter@yaina.de [ 390.086183][ T29] audit: type=1400 audit(1725949316.020:605): avc: denied { connect } for pid=11337 comm="syz.1.2708" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 390.170768][ T5310] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 390.395050][ T5310] usb 4-1: config 0 has an invalid interface number: 62 but max is 0 [ 390.403497][ T5310] usb 4-1: config 0 has no interface number 0 [ 390.422493][ T5310] usb 4-1: New USB device found, idVendor=093a, idProduct=2624, bcdDevice=94.5b [ 390.438809][ T5310] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.446938][ T5310] usb 4-1: Product: syz [ 390.453898][ T5310] usb 4-1: Manufacturer: syz [ 390.458679][ T5286] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 390.466510][ T5310] usb 4-1: SerialNumber: syz [ 390.490379][ T5310] usb 4-1: config 0 descriptor?? [ 390.505238][ T5310] gspca_main: gspca_pac7302-2.14.0 probing 093a:2624 [ 390.678808][ T5286] usb 2-1: Using ep0 maxpacket: 8 [ 390.696688][ T5286] usb 2-1: New USB device found, idVendor=0c45, idProduct=6100, bcdDevice=c4.6d [ 390.728607][ T5286] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.758604][ T5286] usb 2-1: Product: syz [ 390.763531][ T5286] usb 2-1: Manufacturer: syz [ 390.768215][ T5286] usb 2-1: SerialNumber: syz [ 390.799697][ T5286] usb 2-1: config 0 descriptor?? [ 390.817626][ T5286] gspca_main: sonixj-2.14.0 probing 0c45:6100 [ 391.208893][ T5319] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 391.405149][ T5310] input: gspca_pac7302 as /devices/platform/dummy_hcd.3/usb4/4-1/input/input20 [ 391.409039][ T5319] usb 1-1: Using ep0 maxpacket: 8 [ 391.439831][ T5319] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 391.464295][ T5319] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 391.482949][ T5319] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 391.508711][ T5319] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 391.523430][ T5319] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 391.557067][ T5319] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 391.587833][ T5319] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.804750][ T5289] usb 4-1: USB disconnect, device number 19 [ 391.881996][ T5286] gspca_sonixj: reg_w1 err -71 [ 391.908258][ T5319] usb 1-1: usb_control_msg returned -32 [ 391.928214][ T5319] usbtmc 1-1:16.0: can't read capabilities [ 391.941558][ T5286] sonixj 2-1:0.0: probe with driver sonixj failed with error -71 [ 391.986157][ T5286] usb 2-1: USB disconnect, device number 27 [ 392.594685][ T29] audit: type=1400 audit(1725949318.540:606): avc: denied { connect } for pid=11381 comm="syz.3.2727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 393.556928][ T29] audit: type=1400 audit(1725949319.500:607): avc: denied { nlmsg_write } for pid=11407 comm="syz.1.2739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 393.777967][ T29] audit: type=1400 audit(1725949319.720:608): avc: denied { search } for pid=11418 comm="syz.3.2744" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 393.828245][ T29] audit: type=1400 audit(1725949319.750:609): avc: denied { write } for pid=11418 comm="syz.3.2744" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 393.973672][ T5286] usb 1-1: USB disconnect, device number 21 [ 394.447061][T11433] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 395.136696][ T29] audit: type=1400 audit(1725949321.080:610): avc: denied { module_request } for pid=11416 comm="syz.1.2743" kmod="net-pf-2-proto-132-type-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 395.305582][T11455] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 395.788716][ T5310] usb 1-1: new low-speed USB device number 22 using dummy_hcd [ 396.007642][ T5310] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 396.029322][ T5310] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 396.052421][ T5310] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 396.072600][ T5310] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 396.142520][ T5310] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 396.195479][ T5310] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 396.223399][ T5310] usb 1-1: Product: И [ 396.227557][ T5310] usb 1-1: Manufacturer: ࠓ [ 396.259497][ T5310] usb 1-1: config 0 descriptor?? [ 396.278107][T11463] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 396.289186][ T5310] hub 1-1:0.0: bad descriptor, ignoring hub [ 396.308423][ T5310] hub 1-1:0.0: probe with driver hub failed with error -5 [ 396.346889][T11477] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2763'. [ 396.347000][ T5310] input: ࠓ И as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input21 [ 396.458257][ C1] usb_acecad 1-1:0.0: can't resubmit intr, dummy_hcd.0-1/input0, status -1 [ 396.525774][ T5310] usb 1-1: USB disconnect, device number 22 [ 396.552405][T11479] netlink: 'syz.3.2765': attribute type 8 has an invalid length. [ 396.577556][T11479] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2765'. [ 396.939275][ T5286] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 397.038693][ T5289] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 397.125152][ T5286] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 397.138719][ T5286] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.167330][ T5286] usb 5-1: Product: syz [ 397.177491][ T5286] usb 5-1: Manufacturer: syz [ 397.191862][ T5286] usb 5-1: SerialNumber: syz [ 397.210899][ T5286] usb 5-1: config 0 descriptor?? [ 397.218221][ T29] audit: type=1400 audit(1725949323.160:611): avc: denied { watch } for pid=11495 comm="syz.1.2772" path="/542" dev="tmpfs" ino=2770 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 397.241495][ T5289] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 397.273864][ T5289] usb 3-1: config 1 has no interface number 0 [ 397.287994][ T29] audit: type=1400 audit(1725949323.160:612): avc: denied { watch_sb } for pid=11495 comm="syz.1.2772" path="/542" dev="tmpfs" ino=2770 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 397.294166][ T5289] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 397.356887][ T5289] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 397.378740][ T5289] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 52, changing to 7 [ 397.418628][ T5289] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 9272, setting to 1024 [ 397.452977][ T5289] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 397.472857][ T5289] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.494375][ T5289] usb 3-1: Product: syz [ 397.504697][ T5289] usb 3-1: Manufacturer: syz [ 397.513284][ T5289] usb 3-1: SerialNumber: syz [ 397.549927][T11503] tun1: tun_chr_ioctl cmd 1074025675 [ 397.558072][T11503] tun1: persist enabled [ 397.566740][T11503] tun1: tun_chr_ioctl cmd 1074025675 [ 397.578615][T11503] tun1: persist enabled [ 397.615327][ T5288] usb 5-1: USB disconnect, device number 15 [ 397.622247][ T5286] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 397.828682][ T5286] usb 4-1: Using ep0 maxpacket: 8 [ 397.877786][ T5286] usb 4-1: New USB device found, idVendor=041e, idProduct=4053, bcdDevice= c.b2 [ 397.924094][ T5286] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.934734][ T5286] usb 4-1: Product: syz [ 397.944885][ T5286] usb 4-1: Manufacturer: syz [ 397.955861][ T5286] usb 4-1: SerialNumber: syz [ 397.982194][ T5286] usb 4-1: config 0 descriptor?? [ 398.013382][ T5286] gspca_main: gspca_zc3xx-2.14.0 probing 041e:4053 [ 398.407243][ T5289] cdc_ncm 3-1:1.1: bind() failure [ 398.496624][ T5286] gspca_zc3xx: reg_r err -71 [ 398.506063][ T5286] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 398.527750][ T5286] usb 4-1: USB disconnect, device number 20 [ 398.813633][ T5289] usb 3-1: USB disconnect, device number 26 [ 398.831386][T11528] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 398.902006][ T29] audit: type=1400 audit(1725949324.850:613): avc: denied { mount } for pid=11531 comm="syz.1.2789" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 398.995760][ T29] audit: type=1400 audit(1725949324.940:614): avc: denied { unmount } for pid=5240 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 399.100785][ T29] audit: type=1400 audit(1725949325.050:615): avc: denied { connect } for pid=11534 comm="syz.0.2792" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 399.151361][ T29] audit: type=1400 audit(1725949325.090:616): avc: denied { setopt } for pid=11534 comm="syz.0.2792" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 399.293109][T11540] netlink: 'syz.4.2793': attribute type 4 has an invalid length. [ 399.311793][T11540] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2793'. [ 399.408177][ T29] audit: type=1400 audit(1725949325.350:617): avc: denied { bind } for pid=11544 comm="syz.3.2796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 399.995341][ T29] audit: type=1400 audit(1725949325.930:618): avc: denied { read write } for pid=11565 comm="syz.4.2805" name="nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 400.019482][ T5288] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 400.047709][ T29] audit: type=1400 audit(1725949325.930:619): avc: denied { open } for pid=11565 comm="syz.4.2805" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 400.068775][T11564] mkiss: ax0: crc mode is auto. [ 400.217665][ T5288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 400.238230][ T5288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 400.257119][ T5288] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 400.298114][ T5288] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 400.313922][ T5288] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.336415][ T5288] usb 2-1: config 0 descriptor?? [ 400.836475][ T5288] plantronics 0003:047F:FFFF.0025: No inputs registered, leaving [ 400.873811][ T5288] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 401.126850][T11583] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2812'. [ 401.146322][T11583] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2812'. [ 401.213463][T11583] gtp0: entered promiscuous mode [ 401.238034][T11583] gtp0: entered allmulticast mode [ 401.324903][ T5289] usb 2-1: USB disconnect, device number 28 [ 401.505959][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 401.505984][ T29] audit: type=1400 audit(1725949327.450:622): avc: denied { map } for pid=11587 comm="syz.4.2814" path="/585/bus" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 401.807499][ T29] audit: type=1400 audit(1725949327.750:623): avc: denied { getopt } for pid=11594 comm="syz.2.2817" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 401.831443][T11599] netlink: 'syz.3.2818': attribute type 1 has an invalid length. [ 401.845922][T11599] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2818'. [ 401.925564][ T29] audit: type=1400 audit(1725949327.860:624): avc: denied { setopt } for pid=11596 comm="syz.3.2818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 402.428103][ T29] audit: type=1400 audit(1725949328.360:625): avc: denied { execute } for pid=11617 comm="syz.4.2826" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 402.887959][ T29] audit: type=1400 audit(1725949328.830:626): avc: denied { read write } for pid=11631 comm="syz.0.2833" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 402.954676][ T29] audit: type=1400 audit(1725949328.860:627): avc: denied { open } for pid=11631 comm="syz.0.2833" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 403.514194][ T29] audit: type=1400 audit(1725949329.460:628): avc: denied { read } for pid=11652 comm="syz.0.2843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 403.533633][ C0] vkms_vblank_simulate: vblank timer overrun [ 403.989671][ T5243] block nbd3: Receive control failed (result -32) [ 403.993553][T11642] block nbd3: shutting down sockets [ 404.029634][ T1177] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 404.097296][ T29] audit: type=1326 audit(1725949330.040:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11670 comm="syz.2.2851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 404.120797][ C0] vkms_vblank_simulate: vblank timer overrun [ 404.175238][ T29] audit: type=1326 audit(1725949330.040:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11670 comm="syz.2.2851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 404.198677][ C0] vkms_vblank_simulate: vblank timer overrun [ 404.249990][ T29] audit: type=1326 audit(1725949330.090:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11670 comm="syz.2.2851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 404.327162][ T1177] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 404.387628][ T1177] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 404.415705][ T1177] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 404.430264][ T1177] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 404.450077][ T1177] usb 5-1: SerialNumber: syz [ 404.667275][T11680] netlink: 'syz.0.2855': attribute type 1 has an invalid length. [ 404.675759][T11680] netlink: 9344 bytes leftover after parsing attributes in process `syz.0.2855'. [ 404.723685][ T1177] usb 5-1: 0:2 : does not exist [ 404.735721][T11680] netlink: 'syz.0.2855': attribute type 1 has an invalid length. [ 404.825124][ T1177] usb 5-1: USB disconnect, device number 16 [ 405.137586][T11686] vxcan0: tx drop: invalid da for name 0x0000000000000001 [ 405.348290][T11688] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2859'. [ 405.717330][T11703] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2867'. [ 407.505143][T11751] sit0: entered allmulticast mode [ 407.622404][T11751] sit0: entered promiscuous mode [ 407.839762][T11757] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2891'. [ 408.130557][T11765] bridge0: port 3(gretap0) entered blocking state [ 408.137387][T11765] bridge0: port 3(gretap0) entered disabled state [ 408.167643][T11765] gretap0: entered allmulticast mode [ 408.209935][T11765] gretap0: entered promiscuous mode [ 408.217012][T11765] bridge0: port 3(gretap0) entered blocking state [ 408.226115][T11765] bridge0: port 3(gretap0) entered forwarding state [ 408.237153][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 408.237180][ T29] audit: type=1400 audit(1725949334.180:645): avc: denied { read } for pid=11770 comm="syz.2.2898" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 408.306868][T11771] gretap0: left allmulticast mode [ 408.327265][ T29] audit: type=1400 audit(1725949334.180:646): avc: denied { open } for pid=11770 comm="syz.2.2898" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 408.363329][T11771] gretap0: left promiscuous mode [ 408.414487][T11771] bridge0: port 3(gretap0) entered disabled state [ 408.764704][T11788] netlink: 4272 bytes leftover after parsing attributes in process `syz.0.2904'. [ 409.310998][ T1177] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 409.508663][ T1177] usb 3-1: Using ep0 maxpacket: 8 [ 409.535489][ T1177] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 409.566099][ T1177] usb 3-1: config 179 has no interface number 0 [ 409.584795][ T1177] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 409.615048][ T1177] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 409.649875][ T1177] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 409.670743][T11823] smc: net device batadv_slave_1 applied user defined pnetid SYZ0 [ 409.690200][ T1177] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 409.725728][ T1177] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 409.756775][ T1177] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 409.777176][ T1177] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.815178][T11798] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 410.289208][ T5310] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input22 [ 410.378802][ T1177] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 410.500843][ T5310] usb 3-1: USB disconnect, device number 27 [ 410.500917][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 410.515237][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 410.530645][ T5310] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 410.572296][ T1177] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 410.591916][ T1177] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 410.606241][ T1177] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 410.616181][ T1177] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 410.630556][ T1177] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 410.661440][ T1177] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.676405][ T1177] usb 5-1: config 0 descriptor?? [ 411.148850][ T1177] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 411.174130][ T1177] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 411.190308][ T1177] plantronics 0003:047F:FFFF.0026: No inputs registered, leaving [ 411.231521][ T1177] plantronics 0003:047F:FFFF.0026: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 411.256315][T11844] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2926'. [ 411.628048][ T5310] usb 5-1: USB disconnect, device number 17 [ 411.969149][ T5286] usb 1-1: new low-speed USB device number 23 using dummy_hcd [ 412.205693][ T5286] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 412.224391][ T5286] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 412.249395][ T5286] usb 1-1: config 0 has no interface number 0 [ 412.266845][ T5286] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 412.338602][ T5286] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 412.347798][ T5286] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.369567][ T5319] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 412.393701][ T5286] usb 1-1: config 0 descriptor?? [ 412.417232][T11854] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 412.628892][ T5319] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 412.643403][ T5319] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 412.708364][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.719959][ T5319] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 412.760752][ T5319] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 412.803002][ T5319] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 412.819436][T11868] bond0: entered promiscuous mode [ 412.833576][ T5319] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.834839][T11868] bond_slave_0: entered promiscuous mode [ 412.880587][ T5319] usb 3-1: config 0 descriptor?? [ 412.890194][T11868] bond_slave_1: entered promiscuous mode [ 412.902169][T11862] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 412.964587][T11869] bond0: (slave bond_slave_0): Releasing backup interface [ 412.994880][T11869] bond_slave_0: left promiscuous mode [ 413.074503][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.154611][ T5286] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.21/input/input23 [ 413.179763][T11867] bond0: left promiscuous mode [ 413.188715][T11867] bond_slave_1: left promiscuous mode [ 413.453384][ T5319] plantronics 0003:047F:FFFF.0027: unknown main item tag 0xd [ 413.477767][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.522150][ T5319] plantronics 0003:047F:FFFF.0027: No inputs registered, leaving [ 413.599298][ T5319] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 413.744544][ C1] keyspan_remote 1-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19 [ 413.784238][ T5286] usb 1-1: USB disconnect, device number 23 [ 413.792989][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.987361][ T5288] usb 3-1: USB disconnect, device number 28 [ 414.277177][ T35] bridge_slave_1: left allmulticast mode [ 414.295609][ T35] bridge_slave_1: left promiscuous mode [ 414.320041][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.359794][ T35] bridge_slave_0: left allmulticast mode [ 414.365533][ T35] bridge_slave_0: left promiscuous mode [ 414.386545][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.397874][ T5246] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 414.413662][ T5246] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 414.433950][ T5246] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 414.448052][ T5246] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 414.459672][ T5246] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 414.467539][ T5246] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 414.501158][ T29] audit: type=1400 audit(1725949340.450:647): avc: denied { mounton } for pid=11884 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 414.749418][T11890] nbd: device at index 4 is going down [ 415.486249][ T29] audit: type=1400 audit(1725949341.430:648): avc: denied { nlmsg_read } for pid=11907 comm="syz.2.2956" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 415.524358][ T29] audit: type=1400 audit(1725949341.460:649): avc: denied { read } for pid=11907 comm="syz.2.2956" path="socket:[32416]" dev="sockfs" ino=32416 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 415.977381][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 415.998706][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 416.021852][ T35] bond0 (unregistering): Released all slaves [ 416.288861][ T35] IPVS: stopping backup sync thread 10158 ... [ 416.398856][ T942] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 416.519921][ T5246] Bluetooth: hci0: command tx timeout [ 416.628740][ T942] usb 3-1: Using ep0 maxpacket: 8 [ 416.642877][ T942] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 416.668898][ T942] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 416.675459][T11930] fuse: blksize only supported for fuseblk [ 416.682752][ T942] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 416.696111][ T942] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 416.709659][ T942] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 416.719571][ T942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.863415][ T29] audit: type=1400 audit(1725949342.800:650): avc: denied { mounton } for pid=11932 comm="syz.0.2967" path="/proc/1278/cgroup" dev="proc" ino=32494 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 416.890649][ T29] audit: type=1400 audit(1725949342.810:651): avc: denied { remount } for pid=11932 comm="syz.0.2967" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=filesystem permissive=1 [ 417.008146][ T942] usb 3-1: GET_CAPABILITIES returned 0 [ 417.022254][ T942] usbtmc 3-1:16.0: can't read capabilities [ 417.035161][T11938] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2970'. [ 417.124992][ T35] hsr_slave_0: left promiscuous mode [ 417.135425][ T35] hsr_slave_1: left promiscuous mode [ 417.144729][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 417.163020][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 417.185858][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 417.209830][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 417.251994][ T35] veth1_macvtap: left promiscuous mode [ 417.259271][ T35] veth0_macvtap: left promiscuous mode [ 417.265226][ T35] veth1_vlan: left promiscuous mode [ 417.273880][ T35] veth0_vlan: left promiscuous mode [ 417.323979][ T942] usb 3-1: USB disconnect, device number 29 [ 417.502457][ T5286] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 417.674690][T11950] Bluetooth: MGMT ver 1.23 [ 417.698799][ T5286] usb 5-1: Using ep0 maxpacket: 16 [ 417.717217][ T5286] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 417.744937][ T5286] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.780606][ T5286] usb 5-1: config 0 descriptor?? [ 417.815515][ T5286] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 417.892340][T11952] loop0: detected capacity change from 0 to 7 [ 417.912710][T11952] Dev loop0: unable to read RDB block 7 [ 417.927913][T11952] loop0: AHDI p3 [ 417.932011][T11952] loop0: partition table partially beyond EOD, truncated [ 418.557716][ T35] smc: removing net device batadv_slave_1 with user defined pnetid SYZ0 [ 418.600538][ T5246] Bluetooth: hci0: command tx timeout [ 418.751605][ T35] team_slave_1 (unregistering): left allmulticast mode [ 418.770437][ T35] team0 (unregistering): Port device team_slave_1 removed [ 418.868833][ T35] team_slave_0 (unregistering): left allmulticast mode [ 418.877561][ T35] team0 (unregistering): Port device team_slave_0 removed [ 418.927343][ T5286] gspca_sonixj: reg_w1 err -71 [ 418.961236][ T5286] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 418.989150][ T5286] usb 5-1: USB disconnect, device number 18 [ 419.933243][T11960] netlink: 'syz.1.2979': attribute type 15 has an invalid length. [ 420.153525][T11884] chnl_net:caif_netlink_parms(): no params data found [ 420.488872][ T8] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 420.651670][T11884] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.667076][T11884] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.682816][ T5246] Bluetooth: hci0: command tx timeout [ 420.698939][T11884] bridge_slave_0: entered allmulticast mode [ 420.718089][ T8] usb 3-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 420.728300][T11884] bridge_slave_0: entered promiscuous mode [ 420.738820][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.746976][ T8] usb 3-1: Product: syz [ 420.753051][ T8] usb 3-1: Manufacturer: syz [ 420.774016][T11884] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.778614][ T8] usb 3-1: SerialNumber: syz [ 420.794356][ T8] usb 3-1: config 0 descriptor?? [ 420.813723][T11884] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.868916][T11884] bridge_slave_1: entered allmulticast mode [ 420.878296][T11884] bridge_slave_1: entered promiscuous mode [ 421.111005][T11884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 421.145631][T11884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 421.155007][ T8] kaweth 3-1:0.0: Firmware present in device. [ 421.347050][ T8] kaweth 3-1:0.0: Statistics collection: 0 [ 421.363846][ T8] kaweth 3-1:0.0: Multicast filter limit: 0 [ 421.371050][T11884] team0: Port device team_slave_0 added [ 421.380782][ T8] kaweth 3-1:0.0: MTU: 0 [ 421.388182][ T8] kaweth 3-1:0.0: Read MAC address 00:00:00:00:00:00 [ 421.407155][T11884] team0: Port device team_slave_1 added [ 421.617408][T12001] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2994'. [ 421.652309][T11884] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 421.670783][T11884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 421.708608][T11884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 421.746506][T11884] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 421.758381][T11884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 421.796507][T11884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 421.955608][ T8] kaweth 3-1:0.0: Error setting receive filter [ 421.979414][ T8] kaweth 3-1:0.0: probe with driver kaweth failed with error -5 [ 422.019299][ T8] usb 3-1: USB disconnect, device number 30 [ 422.035012][T11884] hsr_slave_0: entered promiscuous mode [ 422.096495][T11884] hsr_slave_1: entered promiscuous mode [ 422.118752][ T29] audit: type=1400 audit(1725949348.060:652): avc: denied { bind } for pid=12012 comm="syz.4.3000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 422.155202][T11884] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 422.168555][T11884] Cannot create hsr debugfs directory [ 422.682345][T12027] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3006'. [ 422.702760][T12027] netlink: 'syz.4.3006': attribute type 1 has an invalid length. [ 422.759212][ T5246] Bluetooth: hci0: command tx timeout [ 423.090360][T12034] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3009'. [ 423.378754][ T5310] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 423.443301][ T29] audit: type=1400 audit(1725949349.390:653): avc: denied { listen } for pid=12040 comm="syz.2.3012" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 423.552559][T11884] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 423.568683][ T5310] usb 5-1: Using ep0 maxpacket: 32 [ 423.613245][T11884] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 423.624861][ T5310] usb 5-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=10.ae [ 423.646685][ T5310] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.660808][T11884] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 423.676921][ T5310] usb 5-1: Product: syz [ 423.685748][ T5310] usb 5-1: Manufacturer: syz [ 423.690585][ T5310] usb 5-1: SerialNumber: syz [ 423.709919][ T5310] usb 5-1: config 0 descriptor?? [ 423.730995][ T5310] ums_eneub6250 5-1:0.0: USB Mass Storage device detected [ 423.739575][T11884] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 423.976725][ T942] usb 5-1: USB disconnect, device number 19 [ 424.186640][T11884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 424.253561][T11884] 8021q: adding VLAN 0 to HW filter on device team0 [ 424.305654][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.312947][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 424.390658][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.398111][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 425.027609][ T29] audit: type=1400 audit(1725949350.970:654): avc: denied { mount } for pid=12064 comm="syz.2.3018" name="/" dev="autofs" ino=33942 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 425.173190][ T29] audit: type=1400 audit(1725949351.120:655): avc: denied { unmount } for pid=5233 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 425.309932][T11884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 425.505807][T12070] netlink: 196 bytes leftover after parsing attributes in process `syz.4.3020'. [ 425.538909][T12070] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3020'. [ 425.549758][T11884] veth0_vlan: entered promiscuous mode [ 425.557746][T12070] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3020'. [ 425.598193][T11884] veth1_vlan: entered promiscuous mode [ 425.744371][T11884] veth0_macvtap: entered promiscuous mode [ 425.822713][T11884] veth1_macvtap: entered promiscuous mode [ 425.890023][T11884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.900693][T11884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.929409][T11884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.949716][T11884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.970198][T11884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 426.009204][T11884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.039378][T11884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 426.075923][T11884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.103765][T11884] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 426.162719][T11884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.203934][T11884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.237015][T11884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.268556][T11884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.318761][T11884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.340463][T11884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.380420][T11884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.409300][T11884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.449731][T11884] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 426.495948][T11884] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.548569][T11884] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.557471][T11884] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.618554][T11884] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.721198][T12091] input: syz0 as /devices/virtual/input/input25 [ 426.797410][T12095] sock: sock_set_timeout: `syz.1.3030' (pid 12095) tries to set negative timeout [ 426.963985][T11884] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 427.027193][T11884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.067661][T11884] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 427.095995][T11884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.169232][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.187373][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.310533][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.321122][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.389365][ T29] audit: type=1400 audit(1725949353.330:656): avc: denied { name_connect } for pid=12105 comm="syz.2.3035" dest=32 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 429.485466][ T2567] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.498719][ T5310] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 429.708718][ T5310] usb 2-1: Using ep0 maxpacket: 16 [ 429.730513][ T5310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 429.748161][ T5310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 429.761236][ T5310] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 429.785321][ T5310] usb 2-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 429.809770][ T5310] usb 2-1: Product: syz [ 429.814017][ T5310] usb 2-1: Manufacturer: syz [ 429.860460][ T5310] usb 2-1: config 0 descriptor?? [ 430.222042][ T2567] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.323987][ T5310] kovaplus 0003:1E7D:2D50.0028: item fetching failed at offset 5/7 [ 430.355825][ T5310] kovaplus 0003:1E7D:2D50.0028: parse failed [ 430.372742][ T5310] kovaplus 0003:1E7D:2D50.0028: probe with driver kovaplus failed with error -22 [ 430.482061][ T2567] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.751362][ T2567] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.803053][ T1177] usb 2-1: USB disconnect, device number 29 [ 431.145736][ T5243] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 431.184142][ T5243] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 431.239277][ T5243] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 431.298060][ T5243] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 431.311730][ T5243] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 431.320559][ T5243] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 431.566949][ T2567] bridge_slave_1: left allmulticast mode [ 431.574270][ T2567] bridge_slave_1: left promiscuous mode [ 431.589019][ T2567] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.611926][ T2567] bridge_slave_0: left allmulticast mode [ 431.619085][ T2567] bridge_slave_0: left promiscuous mode [ 431.625108][ T2567] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.978088][ T29] audit: type=1326 audit(1725949357.920:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12176 comm="syz.1.3068" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff7de57def9 code=0x0 [ 432.065757][ T29] audit: type=1400 audit(1725949358.010:658): avc: denied { listen } for pid=12178 comm="syz.2.3069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 432.115695][ T29] audit: type=1400 audit(1725949358.040:659): avc: denied { accept } for pid=12178 comm="syz.2.3069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 432.431813][ T29] audit: type=1400 audit(1725949358.380:660): avc: denied { mount } for pid=12181 comm="syz.2.3070" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 433.399084][ T5246] Bluetooth: hci0: command tx timeout [ 433.456143][ T29] audit: type=1400 audit(1725949359.400:661): avc: denied { mounton } for pid=12191 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 433.497711][ T2567] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 433.528285][ T5243] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 433.540526][ T5243] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 433.589772][ T5243] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 433.607840][ T5243] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 433.625058][ T5243] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 433.633086][ T5243] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 433.659332][ T2567] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 433.677002][ T2567] bond0 (unregistering): Released all slaves [ 433.698538][ T29] audit: type=1400 audit(1725949359.640:662): avc: denied { setattr } for pid=12193 comm="syz.1.3074" name="bus" dev="tmpfs" ino=3172 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 433.933610][ T29] audit: type=1400 audit(1725949359.880:663): avc: denied { unmount } for pid=5233 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 434.849433][ T2567] hsr_slave_0: left promiscuous mode [ 434.874281][ T2567] hsr_slave_1: left promiscuous mode [ 434.908228][ T2567] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 434.916392][ T2567] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 434.937953][ T2567] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 434.958659][ T2567] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 435.043018][ T2567] veth1_macvtap: left promiscuous mode [ 435.049236][ T2567] veth0_macvtap: left promiscuous mode [ 435.056051][ T2567] veth1_vlan: left promiscuous mode [ 435.061692][ T2567] veth0_vlan: left promiscuous mode [ 435.499531][ T5246] Bluetooth: hci0: command tx timeout [ 435.718785][ T5246] Bluetooth: hci5: command tx timeout [ 436.716058][ T2567] team0 (unregistering): Port device team_slave_1 removed [ 436.815053][ T2567] team0 (unregistering): Port device team_slave_0 removed [ 437.558667][ T5246] Bluetooth: hci0: command tx timeout [ 437.798623][ T5246] Bluetooth: hci5: command tx timeout [ 438.921986][T12164] chnl_net:caif_netlink_parms(): no params data found [ 439.268747][ T5310] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 439.287401][T12191] chnl_net:caif_netlink_parms(): no params data found [ 439.448516][ T29] audit: type=1326 audit(1725949365.390:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12251 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 439.508654][ T5310] usb 5-1: Using ep0 maxpacket: 32 [ 439.514625][T12164] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.548966][ T5310] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.560976][T12164] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.566466][ T29] audit: type=1326 audit(1725949365.400:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12251 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 439.568321][T12164] bridge_slave_0: entered allmulticast mode [ 439.614603][ T5310] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.638927][ T5246] Bluetooth: hci0: command tx timeout [ 439.639276][ T5310] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 439.647222][ T29] audit: type=1326 audit(1725949365.410:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12251 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 439.682737][ T29] audit: type=1326 audit(1725949365.410:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12251 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 439.691120][T12164] bridge_slave_0: entered promiscuous mode [ 439.707311][ T29] audit: type=1326 audit(1725949365.420:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12251 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 439.714953][ T5310] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.781025][ T29] audit: type=1326 audit(1725949365.420:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12251 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 439.793505][T12164] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.826111][T12164] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.842036][ T5310] hub 5-1:4.0: USB hub found [ 439.842597][ T29] audit: type=1326 audit(1725949365.420:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12251 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 439.868102][T12164] bridge_slave_1: entered allmulticast mode [ 439.888771][ T5246] Bluetooth: hci5: command tx timeout [ 439.891100][T12164] bridge_slave_1: entered promiscuous mode [ 439.910500][ T29] audit: type=1326 audit(1725949365.420:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12251 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 439.972283][ T29] audit: type=1326 audit(1725949365.420:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12251 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 440.130079][ T5310] hub 5-1:4.0: 21 ports detected [ 440.135192][ T5310] usb 5-1: selecting invalid altsetting 1 [ 440.141706][ T29] audit: type=1326 audit(1725949365.420:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12251 comm="syz.2.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68a377def9 code=0x7ffc0000 [ 440.203311][ T5310] hub 5-1:4.0: Using single TT (err -22) [ 440.220967][ T5310] hub 5-1:4.0: insufficient power available to use all downstream ports [ 440.332603][ T5310] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 440.359704][ T5310] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 440.414970][T12164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 440.489464][ T5310] usb 5-1: USB disconnect, device number 20 [ 440.768102][T12164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 440.873531][T12191] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.908945][T12191] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.916410][T12191] bridge_slave_0: entered allmulticast mode [ 440.945636][T12191] bridge_slave_0: entered promiscuous mode [ 441.077762][T12164] team0: Port device team_slave_0 added [ 441.128933][T12191] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.136310][T12191] bridge0: port 2(bridge_slave_1) entered disabled state [ 441.198955][T12191] bridge_slave_1: entered allmulticast mode [ 441.207418][T12191] bridge_slave_1: entered promiscuous mode [ 441.332816][T12164] team0: Port device team_slave_1 added [ 441.508707][ T5289] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 441.644385][T12164] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 441.678826][T12164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.733353][ T5289] usb 2-1: Using ep0 maxpacket: 8 [ 441.758664][T12164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 441.792840][ T5289] usb 2-1: config 167 has too many interfaces: 202, using maximum allowed: 32 [ 441.808611][ T5289] usb 2-1: config 167 has 1 interface, different from the descriptor's value: 202 [ 441.816575][T12191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 441.855877][T12164] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 441.864616][ T5289] usb 2-1: New USB device found, idVendor=1025, idProduct=005f, bcdDevice=fe.29 [ 441.887417][ T5289] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.908667][T12164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.916645][ T5289] usb 2-1: Product: syz [ 441.962278][ T5246] Bluetooth: hci5: command tx timeout [ 441.989561][ T5289] usb 2-1: Manufacturer: syz [ 442.000072][ T5289] usb 2-1: SerialNumber: syz [ 442.004929][T12164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 442.029579][ T5289] dvb-usb: found a 'Unknown USB1.1 DVB-T device ???? please report the name to the author' in warm state. [ 442.046431][ T5289] dvb-usb: bulk message failed: -22 (3/0) [ 442.100826][ T5289] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 442.130512][ T5289] dvbdev: DVB: registering new adapter (Unknown USB1.1 DVB-T device ???? please report the name to the author) [ 442.153230][T12191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 442.183408][ T5289] usb 2-1: media controller created [ 442.347128][ T5289] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 442.525239][ T5289] dvb-usb: bulk message failed: -22 (6/0) [ 442.540286][T12191] team0: Port device team_slave_0 added [ 442.554101][ T5289] dvb-usb: no frontend was attached by 'Unknown USB1.1 DVB-T device ???? please report the name to the author' [ 442.583206][T12191] team0: Port device team_slave_1 added [ 442.601023][ T5289] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input26 [ 442.655573][ T5289] dvb-usb: schedule remote query interval to 150 msecs. [ 442.676296][ T5289] dvb-usb: bulk message failed: -22 (3/0) [ 442.719566][ T5289] dvb-usb: Unknown USB1.1 DVB-T device ???? please report the name to the author successfully initialized and connected. [ 442.775856][ T5289] usb 2-1: USB disconnect, device number 30 [ 442.935053][T12191] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 442.965767][T12191] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.021722][ T5289] dvb-usb: Unknown USB1.1 DVB-T device ???? please successfully deinitialized and disconnected. [ 443.040833][T12191] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 443.077420][T12164] hsr_slave_0: entered promiscuous mode [ 443.113379][T12164] hsr_slave_1: entered promiscuous mode [ 443.127926][T12164] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 443.144306][T12164] Cannot create hsr debugfs directory [ 443.268273][T12191] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 443.307595][T12191] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.342214][T12286] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 443.383909][T12191] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 443.516930][T12288] vlan0: entered promiscuous mode [ 443.536784][T12288] vlan0: entered allmulticast mode [ 443.593011][T12289] veth0_vlan: entered allmulticast mode [ 443.606706][T12289] vlan0: left promiscuous mode [ 443.636707][T12289] vlan0: left allmulticast mode [ 443.668531][T12289] veth0_vlan: left allmulticast mode [ 443.893555][T12191] hsr_slave_0: entered promiscuous mode [ 443.919105][T12191] hsr_slave_1: entered promiscuous mode [ 443.951768][T12191] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 443.980090][T12191] Cannot create hsr debugfs directory [ 444.011757][T12295] overlayfs: invalid origin (0000) [ 444.431493][T12303] netlink: 566 bytes leftover after parsing attributes in process `syz.4.3112'. [ 445.506910][T12191] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.727475][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.788961][T12191] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.033715][T12191] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.482510][T12191] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.593086][T12341] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 447.049916][T12164] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 551.958458][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 551.965501][ C0] rcu: 1-...!: (1 GPs behind) idle=f7c4/1/0x4000000000000000 softirq=34928/34929 fqs=6 [ 551.977215][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P35/1:b..l [ 551.985100][ C0] rcu: (detected by 0, t=10502 jiffies, g=63629, q=62 ncpus=2) [ 551.992883][ C0] Sending NMI from CPU 0 to CPUs 1: [ 551.998137][ C1] NMI backtrace for cpu 1 [ 551.998162][ C1] CPU: 1 UID: 0 PID: 5288 Comm: kworker/1:5 Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0 [ 551.998195][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 551.998214][ C1] Workqueue: events_freezable_pwr_efficient sync_hw_clock [ 551.998258][ C1] RIP: 0010:lock_acquire+0xc3/0x560 [ 551.998302][ C1] Code: 07 0f 87 0e 04 00 00 89 d5 be 08 00 00 00 48 89 e8 48 c1 e8 06 48 8d 3c c5 18 4d 14 90 e8 05 c9 80 00 48 0f a3 2d b5 7c aa 0e <0f> 82 ad 03 00 00 48 c7 c0 18 80 14 90 48 ba 00 00 00 00 00 fc ff [ 551.998328][ C1] RSP: 0018:ffffc90000a18c00 EFLAGS: 00000047 [ 551.998348][ C1] RAX: 0000000000000001 RBX: 1ffff92000143182 RCX: ffffffff8169d05b [ 551.998366][ C1] RDX: fffffbfff20289a4 RSI: 0000000000000008 RDI: ffffffff90144d18 [ 551.998385][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff20289a3 [ 551.998402][ C1] R10: ffffffff90144d1f R11: 0000000000000000 R12: 0000000000000001 [ 551.998419][ C1] R13: 0000000000000001 R14: ffffffff8e8735a0 R15: 0000000000000000 [ 551.998436][ C1] FS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000 [ 551.998464][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 551.998483][ C1] CR2: 0000001b32f1dff8 CR3: 00000000597b2000 CR4: 00000000003506f0 [ 551.998500][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 551.998517][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 551.998534][ C1] Call Trace: [ 551.998544][ C1] [ 551.998557][ C1] ? show_regs+0x8c/0xa0 [ 551.998600][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 551.998641][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 551.998679][ C1] ? nmi_handle+0x1a9/0x5c0 [ 551.998705][ C1] ? lock_acquire+0xc3/0x560 [ 551.998744][ C1] ? default_do_nmi+0x6a/0x160 [ 551.998773][ C1] ? exc_nmi+0x170/0x1e0 [ 551.998801][ C1] ? end_repeat_nmi+0xf/0x53 [ 551.998835][ C1] ? lock_acquire+0xbb/0x560 [ 551.998885][ C1] ? lock_acquire+0xc3/0x560 [ 551.998925][ C1] ? lock_acquire+0xc3/0x560 [ 551.998965][ C1] ? lock_acquire+0xc3/0x560 [ 551.999004][ C1] [ 551.999012][ C1] [ 551.999022][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 551.999065][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 551.999107][ C1] ? debug_object_activate+0x13e/0x540 [ 551.999153][ C1] ? __pfx_advance_sched+0x10/0x10 [ 551.999189][ C1] debug_object_activate+0x14c/0x540 [ 551.999231][ C1] ? debug_object_activate+0x13e/0x540 [ 551.999272][ C1] ? lock_acquire+0x1b1/0x560 [ 551.999311][ C1] ? __pfx_debug_object_activate+0x10/0x10 [ 551.999359][ C1] ? do_raw_spin_lock+0x12d/0x2c0 [ 551.999389][ C1] ? __pfx_advance_sched+0x10/0x10 [ 551.999424][ C1] ? enqueue_hrtimer+0x25/0x3c0 [ 551.999452][ C1] enqueue_hrtimer+0x25/0x3c0 [ 551.999481][ C1] __hrtimer_run_queues+0xaac/0xcc0 [ 551.999516][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 551.999546][ C1] ? ktime_get_update_offsets_now+0x201/0x310 [ 551.999591][ C1] hrtimer_interrupt+0x31b/0x800 [ 551.999630][ C1] __sysvec_apic_timer_interrupt+0x10f/0x450 [ 551.999660][ C1] sysvec_apic_timer_interrupt+0x90/0xb0 [ 551.999697][ C1] [ 551.999705][ C1] [ 551.999714][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 551.999744][ C1] RIP: 0010:lock_acquire+0x1f2/0x560 [ 551.999784][ C1] Code: c1 05 1a ba 98 7e 83 f8 01 0f 85 ea 02 00 00 9c 58 f6 c4 02 0f 85 d5 02 00 00 48 85 ed 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24 [ 551.999809][ C1] RSP: 0018:ffffc90004777bd8 EFLAGS: 00000206 [ 551.999828][ C1] RAX: dffffc0000000000 RBX: 1ffff920008eef7d RCX: 0000000000000001 [ 551.999846][ C1] RDX: 0000000000000001 RSI: ffffffff8b4cda40 RDI: ffffffff8bb0fc00 [ 551.999863][ C1] RBP: 0000000000000200 R08: 0000000000000001 R09: 0000000000000000 [ 551.999885][ C1] R10: ffffffff93c94d37 R11: 0000000000000000 R12: 0000000000000001 [ 551.999901][ C1] R13: 0000000000000000 R14: ffff88801ac81d48 R15: 0000000000000000 [ 551.999933][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 551.999973][ C1] ? __pfx_lock_release+0x10/0x10 [ 552.000019][ C1] ? process_one_work+0x1277/0x1b40 [ 552.000061][ C1] process_one_work+0x12a6/0x1b40 [ 552.000101][ C1] ? process_one_work+0x1277/0x1b40 [ 552.000150][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 552.000189][ C1] ? __pfx_process_one_work+0x10/0x10 [ 552.000237][ C1] ? assign_work+0x1a0/0x250 [ 552.000277][ C1] worker_thread+0x6c8/0xed0 [ 552.000326][ C1] ? __kthread_parkme+0x148/0x220 [ 552.000359][ C1] ? __pfx_worker_thread+0x10/0x10 [ 552.000400][ C1] kthread+0x2c1/0x3a0 [ 552.000428][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 552.000463][ C1] ? __pfx_kthread+0x10/0x10 [ 552.000493][ C1] ret_from_fork+0x45/0x80 [ 552.000534][ C1] ? __pfx_kthread+0x10/0x10 [ 552.000564][ C1] ret_from_fork_asm+0x1a/0x30 [ 552.000613][ C1] [ 552.001131][ C0] task:kworker/u8:2 state:R running task stack:24272 pid:35 tgid:35 ppid:2 flags:0x00004000 [ 552.488623][ C0] Workqueue: bat_events batadv_nc_worker [ 552.494321][ C0] Call Trace: [ 552.497627][ C0] [ 552.500599][ C0] __schedule+0xe37/0x5490 [ 552.505075][ C0] ? __pfx_mark_lock+0x10/0x10 [ 552.509920][ C0] ? __pfx___schedule+0x10/0x10 [ 552.514830][ C0] ? mark_held_locks+0x9f/0xe0 [ 552.519743][ C0] ? irqentry_exit+0x3b/0x90 [ 552.524417][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 552.529675][ C0] ? preempt_schedule_notrace_thunk+0x1a/0x30 [ 552.535801][ C0] preempt_schedule_notrace+0x62/0xe0 [ 552.541233][ C0] preempt_schedule_notrace_thunk+0x1a/0x30 [ 552.547179][ C0] ? lock_acquire+0xbb/0x560 [ 552.551826][ C0] rcu_is_watching+0x8e/0xc0 [ 552.556480][ C0] lock_acquire+0x47b/0x560 [ 552.561046][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 552.566125][ C0] ? batadv_nc_worker+0x887/0x1060 [ 552.571303][ C0] ? __pfx_lock_release+0x10/0x10 [ 552.576407][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 552.581671][ C0] batadv_nc_worker+0x16a/0x1060 [ 552.586666][ C0] ? batadv_nc_worker+0x164/0x1060 [ 552.591895][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 552.597345][ C0] ? __pfx_lock_release+0x10/0x10 [ 552.602453][ C0] process_one_work+0x9c5/0x1b40 [ 552.607476][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 552.612914][ C0] ? __pfx_process_one_work+0x10/0x10 [ 552.618368][ C0] ? assign_work+0x1a0/0x250 [ 552.623036][ C0] worker_thread+0x6c8/0xed0 [ 552.627919][ C0] ? __kthread_parkme+0x148/0x220 [ 552.633006][ C0] ? __pfx_worker_thread+0x10/0x10 [ 552.638179][ C0] kthread+0x2c1/0x3a0 [ 552.642296][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 552.647546][ C0] ? __pfx_kthread+0x10/0x10 [ 552.652189][ C0] ret_from_fork+0x45/0x80 [ 552.656661][ C0] ? __pfx_kthread+0x10/0x10 [ 552.661303][ C0] ret_from_fork_asm+0x1a/0x30 [ 552.666156][ C0] [ 552.669207][ C0] rcu: rcu_preempt kthread starved for 10487 jiffies! g63629 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 552.680530][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 552.690550][ C0] rcu: RCU grace-period kthread stack dump: [ 552.696558][ C0] task:rcu_preempt state:R running task stack:27680 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 552.708348][ C0] Call Trace: [ 552.711661][ C0] [ 552.714720][ C0] __schedule+0xe37/0x5490 [ 552.719197][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 552.724478][ C0] ? __pfx___schedule+0x10/0x10 [ 552.729386][ C0] ? schedule+0x298/0x350 [ 552.733775][ C0] ? __pfx_lock_release+0x10/0x10 [ 552.738855][ C0] ? __pfx___mod_timer+0x10/0x10 [ 552.743859][ C0] ? lock_acquire+0x1b1/0x560 [ 552.748617][ C0] ? lockdep_init_map_type+0x16d/0x7d0 [ 552.754246][ C0] schedule+0xe7/0x350 [ 552.758386][ C0] schedule_timeout+0x136/0x2a0 [ 552.763288][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 552.768712][ C0] ? __pfx_process_timeout+0x10/0x10 [ 552.774060][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 552.779933][ C0] ? prepare_to_swait_event+0xf0/0x470 [ 552.785459][ C0] rcu_gp_fqs_loop+0x1eb/0xb00 [ 552.790284][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 552.795621][ C0] ? rcu_gp_init+0xc82/0x1630 [ 552.800357][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 552.805629][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 552.811497][ C0] rcu_gp_kthread+0x271/0x380 [ 552.816231][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 552.821490][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 552.826747][ C0] ? __kthread_parkme+0x148/0x220 [ 552.831825][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 552.837523][ C0] kthread+0x2c1/0x3a0 [ 552.841744][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 552.846997][ C0] ? __pfx_kthread+0x10/0x10 [ 552.851637][ C0] ret_from_fork+0x45/0x80 [ 552.856114][ C0] ? __pfx_kthread+0x10/0x10 [ 552.860757][ C0] ret_from_fork_asm+0x1a/0x30 [ 552.865600][ C0] [ 552.868675][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 552.875043][ C0] CPU: 0 UID: 0 PID: 12347 Comm: syz.2.3130 Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0 [ 552.885869][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 552.895966][ C0] RIP: 0010:smp_call_function_many_cond+0x4e7/0x1420 [ 552.902700][ C0] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 cb 34 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 f7 0c 00 00 8b 43 08 31 [ 552.922373][ C0] RSP: 0018:ffffc9000334f818 EFLAGS: 00000293 [ 552.928488][ C0] RAX: 0000000000000000 RBX: ffff8880b8944b80 RCX: ffffffff817f9bab [ 552.936506][ C0] RDX: ffff88803468bc00 RSI: ffffffff817f9b85 RDI: 0000000000000005 [ 552.944562][ C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 552.952578][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed1017128971 [ 552.960675][ C0] R13: 0000000000000001 R14: ffff8880b8944b88 R15: ffff8880b883ffc0 [ 552.968698][ C0] FS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 552.977677][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 552.984300][ C0] CR2: 0000001b32f1bff8 CR3: 0000000065576000 CR4: 00000000003506f0 [ 552.992312][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 553.000333][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 553.008343][ C0] Call Trace: [ 553.011781][ C0] [ 553.014667][ C0] ? show_regs+0x8c/0xa0 [ 553.018986][ C0] ? rcu_check_gp_kthread_starvation+0x31b/0x450 [ 553.025375][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 553.030627][ C0] ? rcu_sched_clock_irq+0x24f4/0x33e0 [ 553.036169][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 553.041870][ C0] ? __asan_memcpy+0x3c/0x60 [ 553.046521][ C0] ? __asan_memcpy+0x3c/0x60 [ 553.051166][ C0] ? cgroup_rstat_updated+0x2a/0xb20 [ 553.056530][ C0] ? update_process_times+0x175/0x220 [ 553.062054][ C0] ? __pfx_update_process_times+0x10/0x10 [ 553.070149][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 553.075844][ C0] ? update_wall_time+0x1c/0x40 [ 553.080770][ C0] ? tick_nohz_handler+0x376/0x530 [ 553.085942][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 553.091449][ C0] ? __hrtimer_run_queues+0x657/0xcc0 [ 553.096885][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 553.102751][ C0] ? ktime_get_update_offsets_now+0x201/0x310 [ 553.108983][ C0] ? hrtimer_interrupt+0x31b/0x800 [ 553.114181][ C0] ? __sysvec_apic_timer_interrupt+0x10f/0x450 [ 553.120475][ C0] ? sysvec_apic_timer_interrupt+0x90/0xb0 [ 553.126423][ C0] [ 553.129478][ C0] [ 553.132530][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 553.138746][ C0] ? smp_call_function_many_cond+0x50b/0x1420 [ 553.144860][ C0] ? smp_call_function_many_cond+0x4e5/0x1420 [ 553.151065][ C0] ? smp_call_function_many_cond+0x4e7/0x1420 [ 553.157182][ C0] ? smp_call_function_many_cond+0x4e5/0x1420 [ 553.163402][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 553.169811][ C0] ? free_pgtables+0x62d/0x950 [ 553.174643][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 553.179984][ C0] on_each_cpu_cond_mask+0x40/0x90 [ 553.185147][ C0] flush_tlb_mm_range+0x293/0x330 [ 553.190237][ C0] tlb_finish_mmu+0x3c9/0x7b0 [ 553.195007][ C0] exit_mmap+0x3d1/0xb20 [ 553.199319][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 553.204184][ C0] __mmput+0x12a/0x480 [ 553.208313][ C0] mmput+0x62/0x70 [ 553.212078][ C0] do_exit+0x9bf/0x2bb0 [ 553.216294][ C0] ? get_signal+0x8f2/0x2770 [ 553.220932][ C0] ? __pfx_do_exit+0x10/0x10 [ 553.225575][ C0] ? do_raw_spin_lock+0x12d/0x2c0 [ 553.230646][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 553.236080][ C0] do_group_exit+0xd3/0x2a0 [ 553.240641][ C0] get_signal+0x25fb/0x2770 [ 553.245208][ C0] ? __pfx_get_signal+0x10/0x10 [ 553.250107][ C0] ? __pfx_do_futex+0x10/0x10 [ 553.254842][ C0] arch_do_signal_or_restart+0x90/0x7e0 [ 553.260445][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 553.266688][ C0] syscall_exit_to_user_mode+0x150/0x2a0 [ 553.272391][ C0] do_syscall_64+0xda/0x250 [ 553.276958][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.282895][ C0] RIP: 0033:0x7f68a377def9 [ 553.287347][ C0] Code: Unable to access opcode bytes at 0x7f68a377decf. [ 553.294394][ C0] RSP: 002b:00007f68a45920e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 553.302939][ C0] RAX: fffffffffffffe00 RBX: 00007f68a3935f88 RCX: 00007f68a377def9 [ 553.310964][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f68a3935f88 [ 553.318976][ C0] RBP: 00007f68a3935f80 R08: 0000000000000000 R09: 0000000000000000 [ 553.326996][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f68a3935f8c [ 553.335087][ C0] R13: 0000000000000000 R14: 00007ffe5c848f10 R15: 00007ffe5c848ff8 [ 553.343227][ C0]