last executing test programs: 4m27.991080977s ago: executing program 4 (id=182): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f0000000280)) 4m27.726788744s ago: executing program 4 (id=186): open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0xb9) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb) 4m27.575935173s ago: executing program 4 (id=188): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 4m26.342411813s ago: executing program 4 (id=207): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='dyn']) 4m26.19064487s ago: executing program 4 (id=209): r0 = syz_io_uring_setup(0xb8c, &(0x7f00000005c0)={0x0, 0x20054ba, 0x0, 0x0, 0x3da}, &(0x7f00000001c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000340)=0x7, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x1d69, 0x0, 0x0, 0x0, 0x0) 4m25.825911468s ago: executing program 4 (id=215): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xe9ba1000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) clock_adjtime(0x1, 0x0) 4m25.573664107s ago: executing program 32 (id=215): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xe9ba1000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) clock_adjtime(0x1, 0x0) 52.841046386s ago: executing program 3 (id=3933): r0 = socket$inet6(0xa, 0x80003, 0xff) r1 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000fcb000), 0x4) setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000fcb000), 0x4) setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000000040), 0x4) 52.703734445s ago: executing program 3 (id=3934): r0 = socket$alg(0x26, 0x5, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) 52.358827667s ago: executing program 3 (id=3938): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, 0x0) 52.241052502s ago: executing program 3 (id=3939): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x80000, &(0x7f0000000700)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 52.216773243s ago: executing program 3 (id=3941): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x1, 0x1}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 51.869086187s ago: executing program 3 (id=3951): creat(&(0x7f0000000ac0)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) chown(&(0x7f00000003c0)='./file0\x00', r0, 0xee01) lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000300)={{}, {}, [{}, {0x2, 0x6}], {}, [], {0x10, 0x2}}, 0x34, 0x0) creat(&(0x7f0000000ac0)='./file0\x00', 0x0) 51.694446654s ago: executing program 33 (id=3951): creat(&(0x7f0000000ac0)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) chown(&(0x7f00000003c0)='./file0\x00', r0, 0xee01) lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000300)={{}, {}, [{}, {0x2, 0x6}], {}, [], {0x10, 0x2}}, 0x34, 0x0) creat(&(0x7f0000000ac0)='./file0\x00', 0x0) 37.560415997s ago: executing program 1 (id=4162): syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="e706f2ff011f391e7dd7a2d786dd609907a600302c03cb697a653e336f000000500000000000ff02000000000000000000000000000102009078"], 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff02000000000000000000000000000102000003"], 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="e706f2ffff1f391e7dd7a2d786dd609907a600302c03cb697a653e336f000000500000000000ff020000000000000000000000000001020090"], 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[], 0x0) 37.312757236s ago: executing program 1 (id=4165): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0) 29.975994009s ago: executing program 1 (id=4165): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0) 22.429729666s ago: executing program 1 (id=4165): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0) 14.403140055s ago: executing program 1 (id=4165): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0) 5.602869074s ago: executing program 1 (id=4165): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0) 4.437206542s ago: executing program 5 (id=4578): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) r1 = dup(r0) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000000)="be39", 0xffeb}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}], 0xf}, 0x0) recvmmsg(r1, &(0x7f0000001e00), 0x400000000000183, 0x40010022, 0x0) 4.373578882s ago: executing program 5 (id=4579): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) read(r0, &(0x7f0000000080)=""/146, 0x92) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000040)={0x6, 0x1006, 0xefcc, 0x0, 0x5, "f46fca54683cc267a000002000", 0x5, 0xb}) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x4010942a, &(0x7f0000000140)={0x1, 0x80000000}) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000000)) 4.243561158s ago: executing program 5 (id=4582): syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000) r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[], 0x0) 3.117745755s ago: executing program 0 (id=4591): pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x2e80, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f00000000c0)=0x1) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "fe94b89fc43c3328eae0cae1f5eba329e6f216"}) splice(r1, 0x0, r0, 0x0, 0x4, 0x0) 3.027152027s ago: executing program 0 (id=4592): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[], 0x118}, 0x1, 0x0, 0x0, 0x240048c1}, 0x0) 2.937030749s ago: executing program 0 (id=4593): ioctl$SW_SYNC_IOC_INC(0xffffffffffffffff, 0x40045701, 0x0) r0 = syz_usbip_server_init(0x1) syz_usb_connect(0x0, 0x24, &(0x7f0000000540)=ANY=[@ANYBLOB="12010000e2793b10d10501200009010203010902"], 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) write$usbip_server(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="0000000300000001"], 0x31) 1.836521642s ago: executing program 6 (id=4598): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)=0xfffffffd) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)=0x2) writev(r0, &(0x7f0000001500)=[{&(0x7f00000013c0)="f0", 0x1}], 0x1) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r0, 0x0) 1.680544484s ago: executing program 6 (id=4599): pipe(&(0x7f0000000100)) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x5, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x0, 0x7fff, 0x0, 0x5, 0x8, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xfffffffa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x1, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x20000d7, 0x200, 0xffff3441, 0xfff]}, 0x45c) syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2) syz_open_dev$vim2m(&(0x7f0000000040), 0x40005, 0x2) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 1.581326046s ago: executing program 5 (id=4601): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 1.55491405s ago: executing program 6 (id=4602): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x2, @empty, 0xfff}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0xa2, &(0x7f0000000600)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60010100006c1100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0) 1.483713893s ago: executing program 0 (id=4603): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x26e1, 0x0) close(r0) r1 = socket$kcm(0xa, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000004c0)={&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x4, 0x3, 0x3, 0x0, {0xa, 0x4e23, 0x9, @loopback, 0x97}}}, 0x80, 0x0}, 0x2000f765) ioctl$SIOCSIFHWADDR(r0, 0x8b32, &(0x7f0000000000)={'virt_wifi0\x00', @multicast}) 1.460636834s ago: executing program 5 (id=4604): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x40000000000029d, 0x832b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x40000, @mcast1}, 0x1c) 1.393020652s ago: executing program 6 (id=4605): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x60, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2b, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}, 0x0, @random=0x7ff, 0x1, @void, @void, @val={0x3, 0x1, 0x3}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x81}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 860.774329ms ago: executing program 2 (id=4610): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001f000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000400)=ANY=[@ANYBLOB="04000000000000008004"]) 677.470926ms ago: executing program 2 (id=4611): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x103a, 0x1000, 0x103a, 0xfffffffc, 0xff, 0x80000000}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) 445.094695ms ago: executing program 2 (id=4612): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @empty}, 0x10) connect$unix(r0, &(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e) connect$inet(r0, &(0x7f0000000200)={0x2, 0x4e21, @empty}, 0x10) 423.147419ms ago: executing program 2 (id=4613): r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) sendto$inet6(r0, &(0x7f0000000040), 0x3000, 0x0, 0x0, 0x0) 162.55698ms ago: executing program 0 (id=4614): r0 = socket(0x2c, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r1, &(0x7f0000000140), &(0x7f0000000080)=@udp=r0}, 0x20) r2 = socket(0x2c, 0x3, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000180), &(0x7f00000002c0)=@tcp6=r2, 0x2}, 0x20) 153.450228ms ago: executing program 6 (id=4615): r0 = gettid() r1 = epoll_create(0x20003fd) r2 = eventfd(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0x2}) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, r2, &(0x7f0000000080)={r1, r2}) 142.946637ms ago: executing program 2 (id=4616): creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYRES32=0xffffffffffffffff], 0x1c8}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESOCT=r1]) 76.478396ms ago: executing program 2 (id=4617): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x14004, 0x100000, 0x10, 0x1, 0xfe}, {0x0, 0x2000, 0xf, 0xfe, 0x0, 0x0, 0x0, 0xff, 0x8, 0x0, 0x5}, {0xd000, 0x2, 0x0, 0x80, 0xf9, 0x0, 0x0, 0x0, 0x23, 0x0, 0x4}, {0x5000, 0x2, 0xf, 0x41, 0x0, 0x2, 0x1, 0xfc, 0x0, 0x3}, {0x4000, 0xeeef0000, 0xc, 0x1, 0x3, 0x10, 0xc0, 0x0, 0x1, 0x0, 0x4}, {0x0, 0x100000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x8000000, 0x2000, 0xa, 0x0, 0x2, 0xfd, 0x0, 0x7, 0x3a, 0x2}, {0x0, 0x2, 0x0, 0x2, 0x0, 0x6, 0x7, 0x0, 0xfe, 0x0, 0xfe, 0x5}, {0x0, 0x400}, {}, 0xddf8ffdb, 0x0, 0x0, 0x100, 0x7, 0x8000, 0xffff1000, [0x0, 0x10000000020, 0x2]}) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000001280)={0x0, 0xdddd0000, 0x2, 0x5, 0x50}) 16.667518ms ago: executing program 5 (id=4618): r0 = socket$caif_seqpacket(0x25, 0x5, 0x1) r1 = syz_io_uring_setup(0x115, &(0x7f0000000140)={0x0, 0xb6e7, 0x800, 0x3}, &(0x7f0000000340)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x8000051, 0x1}) io_uring_enter(r1, 0x47f9, 0x0, 0x0, 0x0, 0x0) 16.268445ms ago: executing program 6 (id=4619): socket$inet6(0xa, 0x1, 0x8010000000000084) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='L'], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000080)={{0x0, 0x0, 0x8}, 'syz1\x00', 0x4}) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=4620): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x862b01) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xb, &(0x7f0000000540)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) fcntl$setstatus(r1, 0x4, 0x2400) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) kernel console output (not intermixed with test programs): 00 audit(1751089768.493:2116): avc: denied { listen } for pid=14785 comm="syz.2.3725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 285.571808][T14792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3728'. [ 285.706733][T14778] syz.5.3721 (14778): drop_caches: 2 [ 285.731296][T14778] syz.5.3721 (14778): drop_caches: 2 [ 285.943536][ T10] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 285.963657][ T10] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 285.986079][ T30] audit: type=1326 audit(1751089769.063:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14803 comm="syz.5.3733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa824b8e929 code=0x7fc00000 [ 286.022106][ T10] aqc111 1-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41 [ 286.033385][ T5819] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 286.037207][ T10] usb 1-1: USB disconnect, device number 46 [ 286.053721][ T10] aqc111 1-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 286.125372][ T10] aqc111 1-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 286.136611][ T10] aqc111 1-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 286.147343][ T10] aqc111 1-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 286.224559][ T5819] usb 4-1: Using ep0 maxpacket: 32 [ 286.231101][ T5819] usb 4-1: config 0 interface 0 has no altsetting 0 [ 286.248741][ T5819] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 286.248915][ T30] audit: type=1400 audit(1751089769.323:2118): avc: denied { mount } for pid=14821 comm="syz.2.3741" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 286.268395][ T5819] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.287594][ T30] audit: type=1400 audit(1751089769.363:2119): avc: denied { mounton } for pid=14821 comm="syz.2.3741" path="/696/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1 [ 286.319380][ T5819] usb 4-1: Product: syz [ 286.325458][ T5819] usb 4-1: Manufacturer: syz [ 286.330158][ T5819] usb 4-1: SerialNumber: syz [ 286.338971][ T5819] usb 4-1: config 0 descriptor?? [ 286.357405][ T30] audit: type=1400 audit(1751089769.433:2120): avc: denied { unmount } for pid=5810 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 286.451867][ T30] audit: type=1400 audit(1751089769.523:2121): avc: denied { map } for pid=14832 comm="syz.1.3744" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 286.475065][ T30] audit: type=1400 audit(1751089769.523:2122): avc: denied { execute } for pid=14832 comm="syz.1.3744" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 286.575504][T12139] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 286.593372][T12101] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 286.665166][ T30] audit: type=1326 audit(1751089769.743:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14803 comm="syz.5.3733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa824b8e929 code=0x7fc00000 [ 286.689970][T14841] netlink: 'syz.2.3747': attribute type 39 has an invalid length. [ 286.756466][ T5819] gs_usb 4-1:0.0: Couldn't get device config: (err=-71) [ 286.773703][ T5819] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -71 [ 286.800209][ T5819] usb 4-1: USB disconnect, device number 35 [ 287.184568][T14864] netlink: 84 bytes leftover after parsing attributes in process `syz.2.3756'. [ 287.227011][T12101] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.557415][T14885] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.3767'. [ 287.603084][T14888] syz.1.3769 (14888): attempted to duplicate a private mapping with mremap. This is not supported. [ 287.639342][T14890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3768'. [ 287.693077][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.701606][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.770582][T14901] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3776'. [ 287.779734][T14901] netlink: 'syz.5.3776': attribute type 7 has an invalid length. [ 287.787611][T14901] netlink: 'syz.5.3776': attribute type 8 has an invalid length. [ 287.796639][T14901] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3776'. [ 287.814991][T14901] gretap0: entered promiscuous mode [ 287.829014][T14901] gretap0: left promiscuous mode [ 287.853397][T12139] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.873073][ T10] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 287.913297][ T5962] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 288.008233][T14909] overlayfs: workdir and upperdir must reside under the same mount [ 288.034633][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 288.053324][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 288.075011][ T10] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 288.087862][ T5962] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 288.102680][ T5962] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 288.116139][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.131636][ T5962] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 288.157816][ T10] usb 4-1: config 0 descriptor?? [ 288.165878][ T5962] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.184179][ T5962] usb 2-1: config 0 descriptor?? [ 288.485628][T14929] tipc: Started in network mode [ 288.490525][T14929] tipc: Node identity 5, cluster identity 4711 [ 288.498147][T14929] tipc: Node number set to 5 [ 288.605647][ T5962] Bluetooth: Can't get version to change to load ram patch err [ 288.623117][ T5962] Bluetooth: Loading patch file failed [ 288.632588][ T5962] ath3k 2-1:0.0: probe with driver ath3k failed with error -71 [ 288.642543][ T5962] usb 2-1: USB disconnect, device number 47 [ 288.817977][T14947] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3797'. [ 288.925299][T14953] netlink: 64535 bytes leftover after parsing attributes in process `syz.5.3800'. [ 289.085172][ C0] vcan0: j1939_tp_rxtimer: 0xffff888058fe8000: rx timeout, send abort [ 289.235556][ T10] usb 4-1: USB disconnect, device number 36 [ 289.349728][T14973] syzkaller1: entered promiscuous mode [ 289.358991][T14973] syzkaller1: entered allmulticast mode [ 289.585786][T14977] loop6: detected capacity change from 0 to 63 [ 289.594728][ C0] vcan0: j1939_tp_rxtimer: 0xffff888058fe8000: abort rx timeout. Force session deactivation [ 289.610681][T14977] buffer_io_error: 22 callbacks suppressed [ 289.610697][T14977] Buffer I/O error on dev loop6, logical block 0, async page read [ 289.625283][T14977] Buffer I/O error on dev loop6, logical block 1, async page read [ 289.634599][T14977] Buffer I/O error on dev loop6, logical block 2, async page read [ 289.642533][T14977] Buffer I/O error on dev loop6, logical block 3, async page read [ 289.651243][T14977] Buffer I/O error on dev loop6, logical block 0, async page read [ 289.660586][T14977] Buffer I/O error on dev loop6, logical block 1, async page read [ 289.669072][T14977] Buffer I/O error on dev loop6, logical block 2, async page read [ 289.677830][T14977] Buffer I/O error on dev loop6, logical block 3, async page read [ 289.739562][T14981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3813'. [ 289.915259][T14990] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 290.224473][T15009] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.263188][ T5920] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 290.333144][T15013] bond_slave_1: left promiscuous mode [ 290.365610][T15018] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3830'. [ 290.417694][ T5920] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 290.441590][T15013] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.450557][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 290.469396][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 290.480683][T15013] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.489502][ T5920] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 290.514777][ T5920] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 290.529664][ T5920] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 290.537722][ T5920] usb 4-1: Manufacturer: syz [ 290.550008][ T5920] usb 4-1: config 0 descriptor?? [ 290.555347][T15013] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.566462][T15013] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.575611][T15013] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.593022][T15013] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.633269][T15013] batman_adv: batadv0: Interface deactivated: ipvlan2 [ 290.685233][T15025] could not open pipe file descriptor [ 290.739839][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 290.739854][ T30] audit: type=1400 audit(1751089773.813:2142): avc: denied { create } for pid=15026 comm="syz.0.3834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 290.785718][ T30] audit: type=1400 audit(1751089773.843:2143): avc: denied { ioctl } for pid=15026 comm="syz.0.3834" path="socket:[50590]" dev="sockfs" ino=50590 ioctlcmd=0x4943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 290.838038][ T30] audit: type=1400 audit(1751089773.913:2144): avc: denied { map } for pid=15032 comm="syz.0.3836" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 290.977226][ T5920] rc_core: IR keymap rc-hauppauge not found [ 290.985948][ T5920] Registered IR keymap rc-empty [ 290.990977][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.013111][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.041862][ T30] audit: type=1400 audit(1751089774.113:2145): avc: denied { create } for pid=15041 comm="syz.1.3840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 291.069592][ T5920] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 291.094360][ T5920] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input61 [ 291.109431][ T30] audit: type=1400 audit(1751089774.113:2146): avc: denied { ioctl } for pid=15041 comm="syz.1.3840" path="socket:[50665]" dev="sockfs" ino=50665 ioctlcmd=0x8b36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 291.138493][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.163537][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.223086][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.243069][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.263573][T15050] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 291.278937][ T30] audit: type=1400 audit(1751089774.353:2147): avc: denied { mounton } for pid=15048 comm="syz.0.3843" path="/proc/1495/cgroup" dev="proc" ino=50692 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 291.306970][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.343243][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.355361][ T30] audit: type=1400 audit(1751089774.353:2148): avc: denied { remount } for pid=15048 comm="syz.0.3843" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=filesystem permissive=1 [ 291.385493][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.413394][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.424092][T15053] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3845'. [ 291.469118][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.503108][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 291.544911][ T5920] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 291.568725][ T30] audit: type=1400 audit(1751089774.643:2149): avc: denied { create } for pid=15067 comm="syz.2.3851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 291.593484][ T5920] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 291.613403][ T5920] usb 4-1: USB disconnect, device number 37 [ 291.621636][ T30] audit: type=1400 audit(1751089774.693:2150): avc: denied { write } for pid=15067 comm="syz.2.3851" path="socket:[50715]" dev="sockfs" ino=50715 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 291.697606][T12094] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.774071][ T30] audit: type=1400 audit(1751089774.853:2151): avc: denied { attach_queue } for pid=15073 comm="syz.5.3854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 291.934222][ T5823] Bluetooth: hci0: command tx timeout [ 291.995154][T15088] Bluetooth: hci5: Frame reassembly failed (-84) [ 292.136186][T15098] netlink: 'syz.1.3866': attribute type 7 has an invalid length. [ 292.164287][T15098] netlink: 'syz.1.3866': attribute type 8 has an invalid length. [ 292.198599][T15098] gretap0: entered promiscuous mode [ 292.207245][T15098] batadv_slave_1: entered promiscuous mode [ 292.220375][T15098] gretap0: left promiscuous mode [ 292.263926][T15098] batadv_slave_1: left promiscuous mode [ 292.334966][T12097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 292.343090][T12097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 292.413229][T15113] __nla_validate_parse: 2 callbacks suppressed [ 292.413245][T15113] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3872'. [ 292.559952][T15113] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 292.575545][T15113] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 292.586797][T15113] bond0 (unregistering): (slave bond1): Releasing backup interface [ 292.590862][T15125] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 292.608130][T15125] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 292.621180][T15113] bond0 (unregistering): (slave team0): Releasing backup interface [ 292.639613][T15113] bond0 (unregistering): Released all slaves [ 292.837945][T15137] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15137 comm=syz.0.3883 [ 293.004035][T15149] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 293.213210][ T5920] usb 6-1: new full-speed USB device number 38 using dummy_hcd [ 293.375341][ T5920] usb 6-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 293.384901][ T5920] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.396074][ T5920] usb 6-1: config 0 descriptor?? [ 293.402605][ T5920] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 293.549072][T15158] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.613996][T12139] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 293.626952][ T5920] gp8psk: usb in 128 operation failed. [ 293.646527][T15158] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.715172][T15158] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.790485][T15158] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.840547][ T5920] gp8psk: usb in 146 operation failed. [ 293.863112][ T5920] gp8psk: failed to get FW version [ 293.873468][ T5920] gp8psk: FPGA Version = 46 [ 293.906085][T15158] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.939885][T15158] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.958092][T15158] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.975032][T15158] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.013972][ T5823] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 294.078722][ T5920] gp8psk: usb in 138 operation failed. [ 294.087371][ T5920] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 294.098401][T15177] tun0: tun_chr_ioctl cmd 1074025675 [ 294.105010][ T5920] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 294.118386][ T5920] usb 6-1: USB disconnect, device number 38 [ 294.123583][T15177] tun0: persist enabled [ 294.129774][T15177] tun0: tun_chr_ioctl cmd 1074025675 [ 294.138883][T15177] tun0: persist disabled [ 294.253179][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 294.261399][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 294.357218][T15191] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.3906'. [ 294.580647][T15204] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 294.803224][ T10] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 294.918000][T15227] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3923'. [ 294.953187][T15227] mac80211_hwsim hwsim12 wlan0: entered promiscuous mode [ 294.966612][ T10] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 294.988285][ T10] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 295.013168][T15227] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3923'. [ 295.022128][ T10] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 295.043077][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.062125][T15203] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 295.072518][ T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 295.213099][ T5920] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 295.287392][ T5819] usb 2-1: USB disconnect, device number 48 [ 295.362996][ T5920] usb 3-1: Using ep0 maxpacket: 8 [ 295.375695][ T5920] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 295.391803][ T5920] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 295.421494][ T5920] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 295.441968][ T5920] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 295.483279][ T5920] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 295.499966][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.731010][ T5920] usb 3-1: GET_CAPABILITIES returned 0 [ 295.741431][ T5920] usbtmc 3-1:16.0: can't read capabilities [ 295.974473][ T10] usb 3-1: USB disconnect, device number 45 [ 296.417447][T12101] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.508369][T12101] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.655426][T12101] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.706553][T12100] Bluetooth: hci2: Frame reassembly failed (-84) [ 296.714004][T15301] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3959'. [ 296.734446][T12100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.925585][T12101] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.938230][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 296.938245][ T30] audit: type=1400 audit(1751089780.013:2168): avc: denied { read } for pid=15309 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 296.952498][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 296.973453][ T30] audit: type=1400 audit(1751089780.013:2169): avc: denied { open } for pid=15309 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 297.002611][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 297.012106][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 297.020478][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 297.028762][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 297.072775][ T30] audit: type=1400 audit(1751089780.113:2170): avc: denied { mounton } for pid=15309 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 297.103025][ T24] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 297.243711][T15317] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 297.264309][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 297.284642][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 297.304025][T12101] bridge_slave_1: left allmulticast mode [ 297.309753][T12101] bridge_slave_1: left promiscuous mode [ 297.311160][ T24] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 297.318388][T12101] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.336664][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.337493][ T30] audit: type=1400 audit(1751089780.413:2171): avc: denied { append } for pid=15318 comm="syz.5.3965" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 297.371041][T12101] bridge_slave_0: left allmulticast mode [ 297.373105][ T24] usb 2-1: config 0 descriptor?? [ 297.380662][T12101] bridge_slave_0: left promiscuous mode [ 297.395710][T12101] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.588808][ T24] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 297.643068][ T5920] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 297.717524][T12101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 297.726631][T12101] bond_slave_0: left allmulticast mode [ 297.733674][T12101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 297.742517][T12101] bond_slave_1: left allmulticast mode [ 297.748713][T12101] bond0 (unregistering): Released all slaves [ 297.817238][ T5920] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 297.833076][ T5920] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 297.853770][ T5920] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 297.863119][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 297.871109][ T5920] usb 3-1: SerialNumber: syz [ 298.011253][T15309] chnl_net:caif_netlink_parms(): no params data found [ 298.015369][ T30] audit: type=1400 audit(1751089781.083:2172): avc: denied { connect } for pid=15333 comm="syz.5.3970" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 298.019674][ T5871] usb 2-1: USB disconnect, device number 49 [ 298.097648][ T5920] usb 3-1: 0:2 : does not exist [ 298.108305][T12139] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 298.129849][ T5920] usb 3-1: USB disconnect, device number 46 [ 298.235819][T15309] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.268797][T15309] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.283313][T15309] bridge_slave_0: entered allmulticast mode [ 298.296403][T15309] bridge_slave_0: entered promiscuous mode [ 298.318579][T15309] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.333073][T15309] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.353164][T15309] bridge_slave_1: entered allmulticast mode [ 298.365323][T15309] bridge_slave_1: entered promiscuous mode [ 298.410427][T12101] hsr_slave_0: left promiscuous mode [ 298.417096][T12101] hsr_slave_1: left promiscuous mode [ 298.422999][T12101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 298.430436][T12101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 298.439662][T12101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 298.447929][T12101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 298.469354][T12101] veth1_macvtap: left promiscuous mode [ 298.475080][T12101] veth0_macvtap: left promiscuous mode [ 298.480678][T12101] veth1_vlan: left promiscuous mode [ 298.486079][T12101] veth0_vlan: left promiscuous mode [ 298.557176][T15344] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3973'. [ 298.743341][ T51] Bluetooth: hci2: command 0x1003 tx timeout [ 298.749601][ T5823] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 298.808866][T15354] af_packet: tpacket_rcv: packet too big, clamped from 52 to 0. macoff=72 [ 298.989585][T15364] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3981'. [ 299.017216][T12101] team0 (unregistering): Port device team_slave_1 removed [ 299.048565][T12101] team0 (unregistering): Port device team_slave_0 removed [ 299.066110][ T5823] Bluetooth: hci5: command tx timeout [ 299.332484][T15344] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 299.341520][T15344] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 299.376826][T12100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 299.440581][T15364] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 299.450656][T15364] bond0 (unregistering): Released all slaves [ 299.466790][T15309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 299.478665][T15309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 299.517684][T15309] team0: Port device team_slave_0 added [ 299.530516][T15309] team0: Port device team_slave_1 added [ 299.582859][T15309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 299.592523][T15309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.642163][T15309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 299.667104][T15309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.678320][T15309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.708205][ T10] usb 2-1: new full-speed USB device number 50 using dummy_hcd [ 299.723801][T15309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 299.820921][T15309] hsr_slave_0: entered promiscuous mode [ 299.834321][T15309] hsr_slave_1: entered promiscuous mode [ 299.908325][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 299.951346][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 299.980794][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 300.010249][T15382] input: syz1 as /devices/virtual/input/input62 [ 300.021124][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 300.040479][ T10] usb 2-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00 [ 300.051043][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.063318][ T10] usb 2-1: config 0 descriptor?? [ 300.219935][T15390] netlink: 'syz.0.3993': attribute type 10 has an invalid length. [ 300.231514][T15390] team0: Device hsr_slave_0 failed to register rx_handler [ 300.254979][T15309] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 300.276269][T15309] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 300.294296][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 300.308202][T15309] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 300.319560][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 300.322399][T15309] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 300.350694][ T10] usb 2-1: USB disconnect, device number 50 [ 300.388349][T15394] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 300.519460][T15309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.560148][T15309] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.590284][T12100] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.597426][T12100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 300.614231][T12094] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.621342][T12094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 300.725203][T15414] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4000'. [ 300.759617][T15414] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 300.782194][T15414] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4000'. [ 300.801905][ T30] audit: type=1400 audit(1751089783.873:2173): avc: denied { ioctl } for pid=15417 comm="syz.2.4001" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 300.834740][ T10] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 300.928115][T15309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.994564][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 301.006428][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 301.034924][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.058597][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 301.078798][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 301.100717][ T10] usb 2-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00 [ 301.112637][T15428] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 301.125391][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.137356][ T5823] Bluetooth: hci5: command tx timeout [ 301.144730][ T10] usb 2-1: config 0 descriptor?? [ 301.276637][T15309] veth0_vlan: entered promiscuous mode [ 301.291948][T15309] veth1_vlan: entered promiscuous mode [ 301.299854][ T30] audit: type=1400 audit(1751089784.373:2174): avc: denied { create } for pid=15440 comm="syz.5.4007" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 301.336512][ T30] audit: type=1400 audit(1751089784.403:2175): avc: denied { write } for pid=15440 comm="syz.5.4007" path="socket:[52051]" dev="sockfs" ino=52051 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 301.338601][T15309] veth0_macvtap: entered promiscuous mode [ 301.378923][T15309] veth1_macvtap: entered promiscuous mode [ 301.400613][T15309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 301.402375][ T30] audit: type=1400 audit(1751089784.463:2176): avc: denied { setopt } for pid=15440 comm="syz.5.4007" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 301.449382][T15309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 301.484481][T15309] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.496252][T15309] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.505402][T15309] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.518981][T15309] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.571757][ T10] betop 0003:20BC:5500.002E: unknown main item tag 0x0 [ 301.587681][ T10] betop 0003:20BC:5500.002E: unknown main item tag 0x0 [ 301.607889][ T10] betop 0003:20BC:5500.002E: hidraw0: USB HID v0.00 Device [HID 20bc:5500] on usb-dummy_hcd.1-1/input0 [ 301.644652][ T10] betop 0003:20BC:5500.002E: no inputs found [ 301.663272][T12139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.671109][T12139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.717454][T12097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.735023][T12097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.762644][ T30] audit: type=1400 audit(1751089784.823:2177): avc: denied { mounton } for pid=15309 comm="syz-executor" path="/root/syzkaller.JJpuur/syz-tmp" dev="sda1" ino=2051 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 301.803728][ T5920] usb 2-1: USB disconnect, device number 51 [ 301.863049][ T3823] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 301.924748][T15466] loop8: detected capacity change from 0 to 7 [ 301.938333][T15466] Dev loop8: unable to read RDB block 7 [ 301.943518][T12109] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 301.944937][T15466] loop8: unable to read partition table [ 301.959684][T15466] loop8: partition table beyond EOD, truncated [ 301.965959][T15466] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 302.014677][ T3823] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 302.026465][ T3823] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 302.055378][ T3823] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 302.065321][ T3823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.075143][ T3823] usb 3-1: Product: syz [ 302.079473][ T3823] usb 3-1: Manufacturer: syz [ 302.084612][ T3823] usb 3-1: SerialNumber: syz [ 302.291629][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 302.291646][ T30] audit: type=1400 audit(1751089785.363:2184): avc: denied { create } for pid=15478 comm="syz.0.4025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 302.342182][ T30] audit: type=1400 audit(1751089785.363:2185): avc: denied { setopt } for pid=15478 comm="syz.0.4025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 302.371022][ T30] audit: type=1400 audit(1751089785.363:2186): avc: denied { bind } for pid=15478 comm="syz.0.4025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 302.399086][ T30] audit: type=1326 audit(1751089785.473:2187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15480 comm="syz.0.4026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 302.446254][ T30] audit: type=1326 audit(1751089785.473:2188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15480 comm="syz.0.4026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 302.479825][ T30] audit: type=1326 audit(1751089785.473:2189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15480 comm="syz.0.4026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 302.506456][ T30] audit: type=1326 audit(1751089785.473:2190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15480 comm="syz.0.4026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 302.530044][ T30] audit: type=1326 audit(1751089785.473:2191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15480 comm="syz.0.4026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 302.553848][ T30] audit: type=1326 audit(1751089785.473:2192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15480 comm="syz.0.4026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 302.578359][ T30] audit: type=1326 audit(1751089785.473:2193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15480 comm="syz.0.4026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 302.589814][T15483] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.686079][T15483] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 302.698717][T15483] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 302.769709][T15483] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.779516][T15483] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.788788][T15483] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.797356][T15483] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.808908][T15483] hsr0: left allmulticast mode [ 302.820345][T15483] hsr_slave_0: left allmulticast mode [ 302.825877][T15483] hsr_slave_1: left allmulticast mode [ 302.834790][T15483] vti0: left promiscuous mode [ 303.070303][T15498] syzkaller1: entered promiscuous mode [ 303.084858][T15498] syzkaller1: entered allmulticast mode [ 303.093299][T15500] input: syz0 as /devices/virtual/input/input64 [ 303.129750][ T3823] cdc_ncm 3-1:1.0: bind() failure [ 303.155612][ T3823] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 303.166681][ T3823] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 303.180075][ T3823] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 303.200284][ T3823] usb 3-1: USB disconnect, device number 47 [ 303.213972][ T5823] Bluetooth: hci5: command tx timeout [ 303.863370][T12109] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 303.871502][T12097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 304.413878][T12094] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 304.644285][T15566] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4060'. [ 304.684540][T15566] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4060'. [ 304.911065][T15578] netlink: 14 bytes leftover after parsing attributes in process `syz.5.4067'. [ 304.984333][T15580] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 305.100010][T15578] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 305.121849][T15578] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 305.138638][T15578] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 305.149569][T15578] bond0 (unregistering): Released all slaves [ 305.223176][ T3823] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 305.295063][ T5823] Bluetooth: hci5: command tx timeout [ 305.377508][ T3823] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 305.389165][ T3823] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 305.399532][ T3823] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 305.411267][ T3823] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 305.431852][ T3823] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 305.466307][ T3823] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 305.483121][ T3823] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 305.491129][ T3823] usb 7-1: Product: syz [ 305.502909][ T3823] usb 7-1: Manufacturer: syz [ 305.518076][ T3823] cdc_wdm 7-1:1.0: skipping garbage [ 305.523393][ T3823] cdc_wdm 7-1:1.0: skipping garbage [ 305.529755][ T3823] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 305.538473][ T3823] cdc_wdm 7-1:1.0: Unknown control protocol [ 305.600597][T15596] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4073'. [ 305.610463][T15596] netlink: 'syz.1.4073': attribute type 30 has an invalid length. [ 305.629428][T15596] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.638272][T15596] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.646589][T15596] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.655065][T15596] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.865177][ T5871] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 306.043582][ T5871] usb 3-1: Using ep0 maxpacket: 32 [ 306.051593][ T5871] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 306.060726][ T5871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.069141][ T5871] usb 3-1: Product: syz [ 306.073347][ T5871] usb 3-1: Manufacturer: syz [ 306.077937][ T5871] usb 3-1: SerialNumber: syz [ 306.084543][ T5871] usb 3-1: config 0 descriptor?? [ 306.091636][ T5871] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 306.295032][T15622] netlink: 'syz.1.4084': attribute type 10 has an invalid length. [ 306.414726][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 306.422990][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 306.623536][T15639] netlink: 176 bytes leftover after parsing attributes in process `syz.1.4092'. [ 306.945827][ T10] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 307.093187][ T5962] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 307.115918][ T5871] gspca_ov534_9: reg_w failed -71 [ 307.123850][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 307.139646][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 307.149734][ T10] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 307.158956][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.171632][ T10] usb 6-1: config 0 descriptor?? [ 307.265308][ T5962] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 307.285846][ T5962] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 307.297216][ T5962] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 307.307411][ T5962] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 307.321374][ T5962] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 307.330627][ T5962] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 307.338762][ T5962] usb 2-1: Manufacturer: syz [ 307.345783][ T5962] usb 2-1: config 0 descriptor?? [ 307.443235][ T5871] gspca_ov534_9: Unknown sensor 0000 [ 307.443306][ T5871] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 307.461413][ T5871] usb 3-1: USB disconnect, device number 48 [ 307.487483][T15672] netlink: 566 bytes leftover after parsing attributes in process `syz.0.4107'. [ 307.596388][ T10] pyra 0003:1E7D:2CF6.002F: item fetching failed at offset 5/7 [ 307.605738][ T10] pyra 0003:1E7D:2CF6.002F: parse failed [ 307.611444][ T10] pyra 0003:1E7D:2CF6.002F: probe with driver pyra failed with error -22 [ 307.636386][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 307.636401][ T30] audit: type=1326 audit(1751089790.713:2204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 307.699513][ T30] audit: type=1326 audit(1751089790.713:2205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 307.723363][T12100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.756133][ T30] audit: type=1326 audit(1751089790.743:2206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 307.791924][ T5962] appleir 0003:05AC:8243.0030: unknown main item tag 0x0 [ 307.828116][ T24] usb 6-1: USB disconnect, device number 39 [ 307.834665][ T5962] appleir 0003:05AC:8243.0030: hiddev1,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 307.853671][ T30] audit: type=1326 audit(1751089790.743:2207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 307.913038][ T30] audit: type=1326 audit(1751089790.743:2208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 307.936610][ T30] audit: type=1326 audit(1751089790.743:2209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f009238e929 code=0x7ffc0000 [ 307.960237][ T30] audit: type=1326 audit(1751089790.743:2210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f009232ab19 code=0x7ffc0000 [ 307.994631][ T5962] usb 7-1: USB disconnect, device number 2 [ 308.025345][ T30] audit: type=1326 audit(1751089790.743:2211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f009232ab19 code=0x7ffc0000 [ 308.034214][ T5819] usb 2-1: USB disconnect, device number 52 [ 308.099763][ T30] audit: type=1326 audit(1751089790.743:2212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f009232ab19 code=0x7ffc0000 [ 308.158401][ T30] audit: type=1326 audit(1751089790.743:2213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f009232ab19 code=0x7ffc0000 [ 308.320224][T15691] netlink: 14 bytes leftover after parsing attributes in process `syz.6.4116'. [ 308.512002][T15691] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 308.524735][T15691] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 308.563814][T15691] bond0 (unregistering): Released all slaves [ 308.775612][T15701] netlink: 'syz.6.4120': attribute type 23 has an invalid length. [ 308.973530][T12095] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 309.432685][ T5819] kernel write not supported for file /snd/seq (pid: 5819 comm: kworker/1:3) [ 309.533366][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 309.587877][T15726] netlink: 'syz.6.4131': attribute type 2 has an invalid length. [ 309.605707][T15726] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4131'. [ 309.623906][T12097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 309.633114][T12094] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 309.800767][ T24] hid-generic 0010:70BD2B:25DFDBFB.0031: hidraw0: HID va508.05 Device [syz1] on syz0 [ 309.830072][T15740] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 309.886071][T15744] loop4: detected capacity change from 0 to 7 [ 309.905907][T15744] Dev loop4: unable to read RDB block 7 [ 309.911504][T15744] loop4: unable to read partition table [ 309.945636][T15744] loop4: partition table beyond EOD, truncated [ 309.951969][T15744] loop_reread_partitions: partition scan of loop4 (被x ) failed (rc=-5) [ 310.061155][T15753] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 310.901269][T12095] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 310.979474][T12095] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 311.087280][T12095] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 311.158546][T12095] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 311.386275][T12095] bridge_slave_1: left promiscuous mode [ 311.392011][T12095] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.422882][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 311.433686][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 311.441784][T12095] bridge_slave_0: left promiscuous mode [ 311.448224][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 311.458332][T12095] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.475728][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 311.483986][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 311.824689][T15820] netlink: 104 bytes leftover after parsing attributes in process `syz.2.4172'. [ 311.831734][T15832] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4178'. [ 311.905541][T12095] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 311.915846][T12095] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 311.925370][T12095] bond0 (unregistering): Released all slaves [ 311.938541][T12095] bond1 (unregistering): Released all slaves [ 311.949200][T12095] bond2 (unregistering): Released all slaves [ 312.083486][ T3823] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 312.099053][T12095] IPVS: stopping master sync thread 6251 ... [ 312.268879][ T3823] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 312.285177][ T3823] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.299239][ T3823] usb 6-1: config 0 descriptor?? [ 312.307117][ T3823] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 312.443010][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 312.711610][ T3823] cpia1 6-1:0.0: unexpected state after lo power cmd: 00 [ 312.833705][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 312.906621][ T30] kauditd_printk_skb: 2263 callbacks suppressed [ 312.906637][ T30] audit: type=1326 audit(1751090051.987:4477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.6.4184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca2ab2ab19 code=0x7ffc0000 [ 312.936390][ C1] vkms_vblank_simulate: vblank timer overrun [ 313.031905][ T30] audit: type=1326 audit(1751090052.037:4478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.6.4184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca2ab2ab19 code=0x7ffc0000 [ 313.059024][ T30] audit: type=1326 audit(1751090052.037:4479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.6.4184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca2ab2ab19 code=0x7ffc0000 [ 313.087935][ T30] audit: type=1326 audit(1751090052.037:4480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.6.4184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca2ab2ab19 code=0x7ffc0000 [ 313.112860][ T30] audit: type=1326 audit(1751090052.037:4481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.6.4184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca2ab2ab19 code=0x7ffc0000 [ 313.141945][ T30] audit: type=1326 audit(1751090052.037:4482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.6.4184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca2ab2ab19 code=0x7ffc0000 [ 313.171967][ T3823] cpia1 6-1:0.0: only firmware version 1 is supported (got: 0) [ 313.199759][ T30] audit: type=1326 audit(1751090052.037:4483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.6.4184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca2ab2ab19 code=0x7ffc0000 [ 313.223163][ C1] vkms_vblank_simulate: vblank timer overrun [ 313.229648][ T30] audit: type=1326 audit(1751090052.037:4484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.6.4184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca2ab2ab19 code=0x7ffc0000 [ 313.253039][ C1] vkms_vblank_simulate: vblank timer overrun [ 313.259218][ T30] audit: type=1326 audit(1751090052.037:4485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.6.4184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca2ab2ab19 code=0x7ffc0000 [ 313.282623][ T10] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 313.291091][ T30] audit: type=1326 audit(1751090052.037:4486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.6.4184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca2ab2ab19 code=0x7ffc0000 [ 313.316177][T12095] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 313.325341][T12095] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 313.390166][ T3823] usb 6-1: USB disconnect, device number 40 [ 313.435586][ T10] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 313.446331][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.457435][ T10] usb 7-1: config 0 descriptor?? [ 313.457626][T12100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 313.464149][ T10] cp210x 7-1:0.0: cp210x converter detected [ 313.537417][ T5823] Bluetooth: hci1: command tx timeout [ 313.657797][T12095] team0 (unregistering): Port device team_slave_1 removed [ 313.694890][T12095] team0 (unregistering): Port device C removed [ 313.877532][ T10] cp210x 7-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 314.121115][ T10] usb 7-1: cp210x converter now attached to ttyUSB0 [ 314.179433][T15814] chnl_net:caif_netlink_parms(): no params data found [ 314.310346][ T10] usb 7-1: USB disconnect, device number 3 [ 314.367760][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 314.408795][ T10] cp210x 7-1:0.0: device disconnected [ 314.431847][T15814] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.445173][T15814] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.452473][T15814] bridge_slave_0: entered allmulticast mode [ 314.462162][T15814] bridge_slave_0: entered promiscuous mode [ 314.475651][T15814] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.482817][T15814] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.490344][T15814] bridge_slave_1: entered allmulticast mode [ 314.497770][T15814] bridge_slave_1: entered promiscuous mode [ 314.549554][T15814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 314.569460][T15814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 314.611515][T15814] team0: Port device team_slave_0 added [ 314.621807][T15814] team0: Port device team_slave_1 added [ 314.686095][T15814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 314.701166][T15814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.727544][T15814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 314.739140][T12100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 314.740832][T15814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 314.754649][T15814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.787382][T15814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 314.958640][T15814] hsr_slave_0: entered promiscuous mode [ 314.974281][T15814] hsr_slave_1: entered promiscuous mode [ 314.987620][T15814] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 315.005771][T15913] overlayfs: unescaped trailing colons in lowerdir mount option. [ 315.006467][T15814] Cannot create hsr debugfs directory [ 315.227488][T15924] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 315.378181][ C1] sd 0:0:1:0: [sda] tag#6888 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 315.384136][T12100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 315.388582][ C1] sd 0:0:1:0: [sda] tag#6888 CDB: Write(6) 0a 00 00 00 05 00 00 00 02 00 00 00 [ 315.397211][T12129] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 315.571898][T15814] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 315.589443][T15814] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 315.589541][T15939] block device autoloading is deprecated and will be removed. [ 315.606677][T15814] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 315.613590][ T5823] Bluetooth: hci1: command tx timeout [ 315.656219][T15814] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 315.744071][T15814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 315.781227][T15814] 8021q: adding VLAN 0 to HW filter on device team0 [ 315.808221][T12109] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.815364][T12109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 315.864969][T12109] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.872061][T12109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 316.310615][T15814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 316.395404][T15814] veth0_vlan: entered promiscuous mode [ 316.421721][T15814] veth1_vlan: entered promiscuous mode [ 316.478870][T15814] veth0_macvtap: entered promiscuous mode [ 316.510195][T15814] veth1_macvtap: entered promiscuous mode [ 316.534197][T15814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 316.552326][T15814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 316.565007][T15814] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.593012][T15814] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.602042][T15814] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.618173][T15814] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.658254][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.664908][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.749425][T12094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 316.768117][T12094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 316.832843][T12129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 316.850477][T12129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.398890][T16020] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.522029][T16020] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.577772][T16036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 317.609763][T16020] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.686176][T16020] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.686607][T16045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4265'. [ 317.726650][T16045] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4265'. [ 317.750280][T12097] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 317.759006][T12097] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 317.789190][ T5819] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 317.815637][T16020] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.859166][T16020] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.875006][T16020] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.903797][T16020] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.290826][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 318.290843][ T30] audit: type=1400 audit(1751090057.367:4537): avc: denied { mount } for pid=16068 comm="syz.6.4275" name="/" dev="configfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 318.325180][ T30] audit: type=1400 audit(1751090057.397:4538): avc: denied { search } for pid=16068 comm="syz.6.4275" name="/" dev="configfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 318.375851][ T30] audit: type=1400 audit(1751090057.397:4539): avc: denied { search } for pid=16068 comm="syz.6.4275" name="/" dev="configfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 318.434485][ T30] audit: type=1400 audit(1751090057.397:4540): avc: denied { search } for pid=16068 comm="syz.6.4275" name="/" dev="configfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 318.439663][T12094] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.493424][ T5892] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 318.573452][T12100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 318.583650][ T3823] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 318.676986][T16080] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4277'. [ 318.782990][ T30] audit: type=1400 audit(1751090057.847:4541): avc: denied { mount } for pid=16083 comm="syz.5.4282" name="/" dev="ramfs" ino=57236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 318.873381][ T5962] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 318.937324][T16088] kvm: apic: phys broadcast and lowest prio [ 318.943865][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 318.955344][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 318.964649][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 318.974137][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 318.981898][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 319.033409][ T3823] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 319.043018][ T5962] usb 3-1: Using ep0 maxpacket: 8 [ 319.054983][ T5962] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 319.084898][ T5962] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 319.108678][ T5962] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 319.136252][ T30] audit: type=1400 audit(1751090058.217:4542): avc: denied { ioctl } for pid=16095 comm="syz.5.4287" path="socket:[57893]" dev="sockfs" ino=57893 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 319.174271][ T5962] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 319.196385][ T5962] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 319.215725][ T5962] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.233283][ T3823] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 319.236700][ T5962] hub 3-1:1.0: bad descriptor, ignoring hub [ 319.250240][ T5962] hub 3-1:1.0: probe with driver hub failed with error -5 [ 319.255967][ T3823] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 319.258409][ T5962] cdc_wdm 3-1:1.0: skipping garbage [ 319.272381][ T5962] cdc_wdm 3-1:1.0: skipping garbage [ 319.279031][ T5962] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 319.285143][ T5962] cdc_wdm 3-1:1.0: Unknown control protocol [ 319.308221][ T3823] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 319.356722][ T3823] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 319.402960][ T3823] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.437750][ T3823] usb 1-1: config 0 descriptor?? [ 319.576197][T16091] chnl_net:caif_netlink_parms(): no params data found [ 319.693742][ T5962] usb 3-1: USB disconnect, device number 49 [ 319.737358][T12094] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.838300][T16091] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.854019][T12129] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 319.855301][T16091] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.884566][T16091] bridge_slave_0: entered allmulticast mode [ 319.890742][ T3823] plantronics 0003:047F:FFFF.0032: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 319.894613][T16091] bridge_slave_0: entered promiscuous mode [ 319.958328][T12094] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.978938][T16091] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.986833][T16091] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.994018][T16091] bridge_slave_1: entered allmulticast mode [ 320.001896][T16091] bridge_slave_1: entered promiscuous mode [ 320.033272][ T5962] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 320.066299][T12094] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.091882][T16091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 320.104115][T16091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 320.152137][T16091] team0: Port device team_slave_0 added [ 320.169239][T16091] team0: Port device team_slave_1 added [ 320.185759][ T30] audit: type=1400 audit(1751090059.267:4543): avc: denied { write } for pid=16123 comm="syz.5.4297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 320.207828][ T5962] usb 3-1: Using ep0 maxpacket: 8 [ 320.214409][ T5962] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 320.228414][ T5962] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 320.237532][ T5962] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 320.251858][ T5962] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 320.264380][ T5962] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 320.273618][ T5962] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.291831][ T5962] hub 3-1:1.0: bad descriptor, ignoring hub [ 320.298366][ T5962] hub 3-1:1.0: probe with driver hub failed with error -5 [ 320.310754][T16091] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 320.318126][T16091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 320.321391][ T5962] cdc_wdm 3-1:1.0: skipping garbage [ 320.353087][ T5962] cdc_wdm 3-1:1.0: skipping garbage [ 320.359780][ T5962] cdc_wdm 3-1:1.0: cdc-wdm1: USB WDM device [ 320.367681][T16091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 320.382724][T16091] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 320.394692][T16091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 320.404523][ T5962] cdc_wdm 3-1:1.0: Unknown control protocol [ 320.431921][T16091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 320.521906][T16091] hsr_slave_0: entered promiscuous mode [ 320.532552][T16091] hsr_slave_1: entered promiscuous mode [ 320.547814][T16091] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 320.556844][T16091] Cannot create hsr debugfs directory [ 320.638016][T12094] bridge_slave_1: left allmulticast mode [ 320.644741][T12094] bridge_slave_1: left promiscuous mode [ 320.660313][T12094] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.677665][T12094] bridge_slave_0: left allmulticast mode [ 320.692423][T12094] bridge_slave_0: left promiscuous mode [ 320.706773][T12094] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.713432][ T5962] usb 3-1: USB disconnect, device number 50 [ 321.048707][T12094] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 321.053141][ T5823] Bluetooth: hci1: command tx timeout [ 321.067843][T12094] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 321.077748][T12094] bond0 (unregistering): Released all slaves [ 321.425326][ T30] audit: type=1326 audit(1751090060.507:4544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16147 comm="syz.5.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa824b8e929 code=0x7ffc0000 [ 321.481253][ T30] audit: type=1326 audit(1751090060.507:4545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16147 comm="syz.5.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa824b8e929 code=0x7ffc0000 [ 321.504733][ C0] vkms_vblank_simulate: vblank timer overrun [ 321.540694][ T30] audit: type=1326 audit(1751090060.527:4546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16147 comm="syz.5.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fa824b8e929 code=0x7ffc0000 [ 321.693166][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 321.968881][ T24] usb 1-1: USB disconnect, device number 47 [ 322.045141][T12094] hsr_slave_0: left promiscuous mode [ 322.063114][T12094] hsr_slave_1: left promiscuous mode [ 322.069066][T12094] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 322.078238][T12094] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 322.090015][T12094] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 322.101063][T12094] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 322.128313][T12094] veth1_macvtap: left promiscuous mode [ 322.134112][T12094] veth0_macvtap: left promiscuous mode [ 322.139805][T12094] veth1_vlan: left promiscuous mode [ 322.145634][T12094] veth0_vlan: left promiscuous mode [ 322.610458][T12094] team0 (unregistering): Port device team_slave_1 removed [ 322.644186][T12094] team0 (unregistering): Port device team_slave_0 removed [ 323.133025][ T5823] Bluetooth: hci1: command tx timeout [ 323.255459][T16091] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 323.264997][T16091] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 323.274346][T16091] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 323.290518][T16091] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 323.323219][ T5962] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 323.389465][T16091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 323.409763][T16091] 8021q: adding VLAN 0 to HW filter on device team0 [ 323.425587][T12101] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.432703][T12101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 323.451091][T12094] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.458200][T12094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 323.477811][ T30] kauditd_printk_skb: 171 callbacks suppressed [ 323.477823][ T30] audit: type=1400 audit(1751090062.557:4718): avc: denied { bind } for pid=16207 comm="syz.6.4330" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 323.504403][ C0] vkms_vblank_simulate: vblank timer overrun [ 323.540873][ T5962] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 323.560979][ T5962] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 323.574765][ T5962] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 323.590115][ T5962] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.618453][T16189] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 323.630971][ T5962] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 323.715107][T16091] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 323.748001][T16091] veth0_vlan: entered promiscuous mode [ 323.757924][T16091] veth1_vlan: entered promiscuous mode [ 323.775989][T16091] veth0_macvtap: entered promiscuous mode [ 323.786961][T16091] veth1_macvtap: entered promiscuous mode [ 323.801178][T16091] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 323.812474][T16091] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 323.822790][T16091] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.831504][T16091] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.840950][T16091] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.849673][T16091] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.910046][ T9] usb 1-1: USB disconnect, device number 48 [ 323.975603][T12101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 323.988732][T12101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.021161][T12139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 324.030291][T12139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.300066][ T30] audit: type=1400 audit(1751090063.377:4719): avc: denied { sqpoll } for pid=16229 comm="syz.6.4340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 324.319378][ C0] vkms_vblank_simulate: vblank timer overrun [ 324.338907][ T30] audit: type=1400 audit(1751090063.377:4720): avc: denied { bind } for pid=16231 comm="syz.5.4339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 324.755261][ T30] audit: type=1400 audit(1751090063.837:4721): avc: denied { read } for pid=16255 comm="syz.6.4350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 324.889666][T16269] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4355'. [ 324.905508][T16269] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4355'. [ 325.118111][ T30] audit: type=1400 audit(1751090064.197:4722): avc: denied { ioctl } for pid=16281 comm="syz.0.4361" path="pid:[4026532940]" dev="nsfs" ino=4026532940 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 325.173569][ T9] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 325.199335][T16285] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4362'. [ 325.333130][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 325.340851][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 325.356503][ T9] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 325.365765][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.380961][ T9] usb 3-1: config 0 descriptor?? [ 325.796746][ T9] hid-picolcd 0003:04D8:C002.0033: unknown main item tag 0x0 [ 325.810472][ T9] hid-picolcd 0003:04D8:C002.0033: unknown main item tag 0x0 [ 325.822531][ T9] hid-picolcd 0003:04D8:C002.0033: unknown main item tag 0x0 [ 325.840504][ T9] hid-picolcd 0003:04D8:C002.0033: unknown main item tag 0x0 [ 325.859194][ T9] hid-picolcd 0003:04D8:C002.0033: unknown main item tag 0x0 [ 325.903047][ T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 325.936365][ T9] hid-picolcd 0003:04D8:C002.0033: No report with id 0x11 found [ 325.948481][T12101] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.027242][ T3823] usb 3-1: USB disconnect, device number 51 [ 326.065352][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 326.074126][ T10] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 326.082559][ T10] usb 7-1: config 179 has no interface number 0 [ 326.098723][ T10] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 326.130294][ T10] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 326.130700][T16302] syzkaller1: entered promiscuous mode [ 326.159664][ T10] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 326.174507][T16302] syzkaller1: entered allmulticast mode [ 326.189160][ T10] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 326.210878][ T10] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 326.242395][ T10] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 326.263013][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.286866][T16296] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 326.427337][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 326.438597][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 326.447243][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 326.455202][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 326.463304][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 326.615922][ T3823] hid-generic 0000:0000:0000.0034: unknown main item tag 0x0 [ 326.645480][ T3823] hid-generic 0000:0000:0000.0034: hidraw0: HID v0.00 Device [syz1] on syz0 [ 326.696016][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input65 [ 326.890931][T16296] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 326.923221][T16296] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 327.004585][ T30] audit: type=1400 audit(1751090066.077:4723): avc: denied { write } for pid=16322 comm="syz.2.4377" path="socket:[59615]" dev="sockfs" ino=59615 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 327.161740][ C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 327.161742][ T5819] usb 7-1: USB disconnect, device number 4 [ 327.176711][ C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 327.185023][ C0] vkms_vblank_simulate: vblank timer overrun [ 327.186641][ T5819] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 327.386016][T16337] tun0: tun_chr_ioctl cmd 1074025675 [ 327.411617][T16337] tun0: persist enabled [ 327.433362][T16335] tun0: tun_chr_ioctl cmd 1074025675 [ 327.438691][T16335] tun0: persist enabled [ 327.448964][T16308] chnl_net:caif_netlink_parms(): no params data found [ 327.772471][T16339] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4384'. [ 327.815976][T12101] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.829992][T16339] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4384'. [ 327.843294][T16339] netlink: 'syz.2.4384': attribute type 18 has an invalid length. [ 327.882259][T16339] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 327.890529][T16339] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 327.898741][T16339] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 327.906944][T16339] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 327.985628][T12101] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.033902][T16308] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.041504][T16308] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.052549][T16308] bridge_slave_0: entered allmulticast mode [ 328.060511][T16308] bridge_slave_0: entered promiscuous mode [ 328.085935][T12101] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.101283][T16308] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.112045][T16308] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.119254][T16308] bridge_slave_1: entered allmulticast mode [ 328.129700][T16308] bridge_slave_1: entered promiscuous mode [ 328.161278][T16308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 328.175541][T16308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 328.213102][ T10] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 328.246144][T16308] team0: Port device team_slave_0 added [ 328.257511][T16308] team0: Port device team_slave_1 added [ 328.316417][T16308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 328.324057][T16308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.352552][T16308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 328.364033][T12101] bridge_slave_1: left allmulticast mode [ 328.370501][T12101] bridge_slave_1: left promiscuous mode [ 328.376334][T12101] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.387475][ T10] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 328.396638][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.406059][T12101] bridge_slave_0: left allmulticast mode [ 328.406639][ T10] usb 6-1: Product: syz [ 328.411688][T12101] bridge_slave_0: left promiscuous mode [ 328.416642][ T10] usb 6-1: Manufacturer: syz [ 328.424512][T12101] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.433008][ T10] usb 6-1: SerialNumber: syz [ 328.453933][ T10] usb 6-1: config 0 descriptor?? [ 328.461300][ T10] ch341 6-1:0.0: ch341-uart converter detected [ 328.496578][ T5823] Bluetooth: hci1: command tx timeout [ 328.748669][T12101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 328.761197][T12101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 328.793521][T12101] bond0 (unregistering): Released all slaves [ 328.812172][T16308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 328.822674][T16308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.849937][T16308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 328.980889][T16378] netlink: 'syz.6.4400': attribute type 1 has an invalid length. [ 328.991955][T16378] netlink: 216 bytes leftover after parsing attributes in process `syz.6.4400'. [ 329.084808][T16382] sock: sock_set_timeout: `syz.2.4401' (pid 16382) tries to set negative timeout [ 329.111282][T16308] hsr_slave_0: entered promiscuous mode [ 329.127650][T16308] hsr_slave_1: entered promiscuous mode [ 329.135178][T16308] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 329.144301][T16308] Cannot create hsr debugfs directory [ 329.453101][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 329.470254][ T10] usb 6-1: failed to send control message: -71 [ 329.491584][ T10] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 329.528919][ T10] usb 6-1: USB disconnect, device number 41 [ 329.547705][ T10] ch341 6-1:0.0: device disconnected [ 329.619436][T12101] hsr_slave_0: left promiscuous mode [ 329.633040][T12101] hsr_slave_1: left promiscuous mode [ 329.643855][T12101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 329.651270][T12101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 329.681971][T12101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 329.690212][T12101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 329.698945][T16406] sctp: [Deprecated]: syz.6.4409 (pid 16406) Use of struct sctp_assoc_value in delayed_ack socket option. [ 329.698945][T16406] Use struct sctp_sack_info instead [ 329.756611][T12101] veth1_macvtap: left promiscuous mode [ 329.762135][T12101] veth0_macvtap: left promiscuous mode [ 329.784055][T12101] veth1_vlan: left promiscuous mode [ 329.789317][T12101] veth0_vlan: left promiscuous mode [ 330.205991][T16423] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4416'. [ 330.289806][T12101] team0 (unregistering): Port device team_slave_1 removed [ 330.322439][T12101] team0 (unregistering): Port device team_slave_0 removed [ 330.573269][ T5823] Bluetooth: hci1: command tx timeout [ 331.328191][ T30] audit: type=1400 audit(1751090070.407:4724): avc: denied { watch_reads } for pid=16446 comm="syz.5.4426" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=1117 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 331.351152][T16308] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 331.413423][T16308] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 331.455230][T16308] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 331.495671][T16308] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 331.801126][T16308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.807826][ T10] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 331.838877][ T30] audit: type=1400 audit(1751090070.917:4725): avc: denied { connect } for pid=16470 comm="syz.0.4434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 331.849492][T16308] 8021q: adding VLAN 0 to HW filter on device team0 [ 331.881447][T12094] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.888624][T12094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.939529][T12094] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.946708][T12094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 331.978626][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 331.992792][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 332.006167][ T10] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 332.035513][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.100584][ T10] usb 6-1: config 0 descriptor?? [ 332.272470][T16485] netlink: 'syz.0.4440': attribute type 3 has an invalid length. [ 332.396952][T16308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 332.471245][T16308] veth0_vlan: entered promiscuous mode [ 332.499159][T16308] veth1_vlan: entered promiscuous mode [ 332.538809][ T10] cm6533_jd 0003:0D8C:0022.0035: unknown main item tag 0x0 [ 332.557836][ T10] cm6533_jd 0003:0D8C:0022.0035: unknown main item tag 0x0 [ 332.564308][T16308] veth0_macvtap: entered promiscuous mode [ 332.580410][ T10] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0D8C:0022.0035/input/input66 [ 332.589275][T16308] veth1_macvtap: entered promiscuous mode [ 332.614577][T16308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 332.627632][ T10] cm6533_jd 0003:0D8C:0022.0035: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.5-1/input0 [ 332.632425][T16308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 332.654161][ T5823] Bluetooth: hci1: command tx timeout [ 332.678025][T16308] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.687000][T16308] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.696177][T16308] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.708490][T16308] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.764409][ C1] vcan0: j1939_tp_rxtimer: 0xffff88814cb49800: rx timeout, send abort [ 332.772727][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805628a800: rx timeout, send abort [ 332.781116][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88814cb49800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 332.797096][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805628a800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 332.859467][ T10] usb 6-1: USB disconnect, device number 42 [ 332.916270][T12101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.924700][T12101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.964339][T12101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.972717][T12101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.030831][T16506] netlink: 'syz.0.4446': attribute type 29 has an invalid length. [ 333.083620][T16506] netlink: 'syz.0.4446': attribute type 29 has an invalid length. [ 333.101212][T16506] netlink: 500 bytes leftover after parsing attributes in process `syz.0.4446'. [ 333.116735][ T30] audit: type=1400 audit(1751090072.197:4726): avc: denied { append } for pid=16509 comm="syz.6.4448" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 333.144917][T16510] random: crng reseeded on system resumption [ 333.583142][ T5819] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 333.743077][ T3823] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 333.787247][ T5819] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 333.797640][ T5819] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 333.808088][ T5819] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 333.817946][ T5819] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.838644][ T5819] usb 7-1: config 0 descriptor?? [ 333.854413][ T5819] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 333.861060][ T5819] dvb-usb: bulk message failed: -22 (3/0) [ 333.885733][ T5819] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 333.903654][ T5819] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 333.920873][ T5819] usb 7-1: media controller created [ 333.927860][ T3823] usb 6-1: Using ep0 maxpacket: 32 [ 333.938278][T12101] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.944523][ T5819] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 333.963094][ T3823] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 333.973844][ T3823] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.995711][ T5819] dvb-usb: bulk message failed: -22 (6/0) [ 334.001812][ T5819] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 334.011543][ T5819] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input67 [ 334.023652][ T3823] usb 6-1: config 0 descriptor?? [ 334.033466][ T3823] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 334.041057][ T5819] dvb-usb: schedule remote query interval to 150 msecs. [ 334.056709][ T5819] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 334.068030][ T5819] usb 7-1: USB disconnect, device number 5 [ 334.082591][ T5819] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 334.438008][ T3823] gspca_nw80x: reg_r err -71 [ 334.442639][ T3823] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 334.453385][ T3823] usb 6-1: USB disconnect, device number 43 [ 334.768317][T12101] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.840645][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 334.850444][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 334.860165][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 334.868864][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 334.877698][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 334.963115][T16553] netlink: 'syz.2.4466': attribute type 3 has an invalid length. [ 335.168352][ T30] audit: type=1400 audit(1751090074.247:4727): avc: denied { bind } for pid=16558 comm="syz.2.4469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 335.394091][T16550] chnl_net:caif_netlink_parms(): no params data found [ 335.585616][T12101] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.720840][T12101] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.819396][T16550] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.828288][T12139] Bluetooth: hci2: Frame reassembly failed (-84) [ 335.829084][T16550] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.854759][T16550] bridge_slave_0: entered allmulticast mode [ 335.861979][T16550] bridge_slave_0: entered promiscuous mode [ 335.898739][T16550] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.907621][T16550] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.921028][T16550] bridge_slave_1: entered allmulticast mode [ 335.934771][T16550] bridge_slave_1: entered promiscuous mode [ 335.953111][ T30] audit: type=1400 audit(1751090075.027:4728): avc: denied { listen } for pid=16602 comm="syz.6.4486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 335.983226][ T24] usb 3-1: new full-speed USB device number 52 using dummy_hcd [ 336.042261][T16550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 336.070574][T16550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 336.110718][T12101] bridge_slave_1: left allmulticast mode [ 336.116522][T12101] bridge_slave_1: left promiscuous mode [ 336.123392][T12101] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.135929][T12101] bridge_slave_0: left allmulticast mode [ 336.141568][T12101] bridge_slave_0: left promiscuous mode [ 336.161868][ T24] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 336.170900][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 336.185248][T12101] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.205094][ T24] usb 3-1: config 0 has no interface number 0 [ 336.219239][ T24] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 336.240978][ T24] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 6779, setting to 64 [ 336.268333][ T24] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 336.299030][ T24] usb 3-1: config 0 interface 52 has no altsetting 0 [ 336.317727][ T24] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 336.328553][ T24] usb 3-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 336.347865][ T24] usb 3-1: Product: syz [ 336.352131][ T24] usb 3-1: Manufacturer: syz [ 336.367155][ T24] usb 3-1: SerialNumber: syz [ 336.395445][ T24] usb 3-1: config 0 descriptor?? [ 336.621369][ T24] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input68 [ 336.633295][T12101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 336.648974][T12101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 336.660745][T12101] bond0 (unregistering): Released all slaves [ 336.711646][T16550] team0: Port device team_slave_0 added [ 336.747440][T16550] team0: Port device team_slave_1 added [ 336.798623][T16550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 336.813315][T16550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.882049][T16550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 336.909960][ T5863] usb 3-1: USB disconnect, device number 52 [ 336.909960][ C1] synaptics_usb 3-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 336.982844][T16550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 336.983073][ T5823] Bluetooth: hci1: command tx timeout [ 336.992810][T16550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 337.120012][T16550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 337.395655][T16550] hsr_slave_0: entered promiscuous mode [ 337.402112][T16550] hsr_slave_1: entered promiscuous mode [ 337.410713][T16550] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 337.420555][T16550] Cannot create hsr debugfs directory [ 337.572997][ T10] usb 6-1: new full-speed USB device number 44 using dummy_hcd [ 337.733046][T12101] hsr_slave_0: left promiscuous mode [ 337.745274][ T10] usb 6-1: unable to get BOS descriptor or descriptor too short [ 337.753684][ T10] usb 6-1: not running at top speed; connect to a high speed hub [ 337.761480][T12101] hsr_slave_1: left promiscuous mode [ 337.762367][ T10] usb 6-1: config 7 has an invalid interface number: 213 but max is 0 [ 337.767478][T12101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 337.778282][ T10] usb 6-1: config 7 has no interface number 0 [ 337.786704][T12101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 337.796103][ T10] usb 6-1: config 7 interface 213 altsetting 1 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 337.807218][ T10] usb 6-1: config 7 interface 213 has no altsetting 0 [ 337.807754][T12101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 337.818429][ T10] usb 6-1: New USB device found, idVendor=100d, idProduct=3342, bcdDevice=22.3e [ 337.822981][T12101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 337.830736][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.847011][ T10] usb 6-1: Product: syz [ 337.851183][ T10] usb 6-1: Manufacturer: syz [ 337.857474][ T51] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 337.863146][ T5823] Bluetooth: hci2: command 0xfc11 tx timeout [ 337.867998][ T10] usb 6-1: SerialNumber: syz [ 337.903095][ T5863] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 337.930326][T12101] veth1_macvtap: left promiscuous mode [ 337.943201][T12101] veth0_macvtap: left promiscuous mode [ 337.950186][T12101] veth1_vlan: left promiscuous mode [ 337.971169][T12101] veth0_vlan: left promiscuous mode [ 337.973116][ T5962] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 338.063137][ T5863] usb 3-1: Using ep0 maxpacket: 8 [ 338.069974][ T5863] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 338.082168][ T5863] usb 3-1: config 179 has no interface number 0 [ 338.108432][ T5863] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 338.133100][ T5962] usb 7-1: Using ep0 maxpacket: 32 [ 338.139863][ T5863] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 338.171959][ T5962] usb 7-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 338.190487][ T5863] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 102, changing to 10 [ 338.202423][ T5962] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.216435][ T5863] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 24624, setting to 1024 [ 338.230606][ T5962] usb 7-1: config 0 descriptor?? [ 338.240716][ T5863] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 338.266855][ T5962] gspca_main: sunplus-2.14.0 probing 041e:400b [ 338.277185][ T5863] usb 3-1: config 179 interface 65 has no altsetting 0 [ 338.284183][ T5863] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 338.297265][ T5863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.320811][ T5863] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input69 [ 338.376342][ T5169] input input69: unable to receive magic message: -110 [ 338.406358][ T5169] input input69: unable to receive magic message: -32 [ 338.427944][ T5169] input input69: unable to receive magic message: -32 [ 338.478703][ T5169] input input69: unable to receive magic message: -32 [ 338.587580][T16640] input input69: unable to receive magic message: -32 [ 338.596981][ T30] audit: type=1326 audit(1751090077.677:4729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16639 comm="syz.2.4501" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f968bd8e929 code=0x0 [ 338.710288][ T5863] usb 3-1: USB disconnect, device number 53 [ 338.716279][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 338.727813][ T5863] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 338.862729][T12101] team0 (unregistering): Port device team_slave_1 removed [ 338.904122][T12101] team0 (unregistering): Port device team_slave_0 removed [ 339.023177][ T5871] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 339.053840][ T51] Bluetooth: hci1: command tx timeout [ 339.173056][ T5871] usb 1-1: Using ep0 maxpacket: 16 [ 339.180638][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 339.193615][ T5871] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 339.202876][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.211000][ T5871] usb 1-1: Product: syz [ 339.220105][ T5871] usb 1-1: Manufacturer: syz [ 339.225078][ T5871] usb 1-1: SerialNumber: syz [ 339.232343][ T5871] usb 1-1: config 0 descriptor?? [ 339.240713][ T5871] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 339.253657][ T5871] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 339.312148][ T5962] gspca_sunplus: reg_w_riv err -71 [ 339.318263][ T5962] sunplus 7-1:0.0: probe with driver sunplus failed with error -71 [ 339.338920][ T5962] usb 7-1: USB disconnect, device number 6 [ 339.360732][ T10] cxacru 6-1:7.213: cxacru_bind: interface has incorrect endpoints [ 339.369414][ T10] cxacru 6-1:7.213: usbatm_usb_probe: bind failed: -19! [ 339.386928][ T10] usb 6-1: USB disconnect, device number 44 [ 339.504187][ T5871] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 339.568061][ T5871] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 339.577007][ T5871] em28xx 1-1:0.0: board has no eeprom [ 339.643043][ T5871] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 339.654625][ T5871] em28xx 1-1:0.0: dvb set to bulk mode. [ 339.660204][ T5863] em28xx 1-1:0.0: Binding DVB extension [ 339.670248][ T5871] usb 1-1: USB disconnect, device number 49 [ 339.683995][ T5871] em28xx 1-1:0.0: Disconnecting em28xx [ 339.713807][ T5863] em28xx 1-1:0.0: Registering input extension [ 339.720077][ T5871] em28xx 1-1:0.0: Closing input extension [ 339.745373][ T5871] em28xx 1-1:0.0: Freeing device [ 339.759704][T16550] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 339.770400][T16550] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 339.779640][T16550] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 339.789395][T16550] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 339.838435][T16550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 339.862541][T16550] 8021q: adding VLAN 0 to HW filter on device team0 [ 339.876691][T12109] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.883819][T12109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 339.921488][T12109] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.928651][T12109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 340.005399][T16673] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 340.090921][T16679] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4514'. [ 340.117582][T16679] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4514'. [ 340.197658][T16550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 340.278279][T16550] veth0_vlan: entered promiscuous mode [ 340.296141][T16550] veth1_vlan: entered promiscuous mode [ 340.328726][T16550] veth0_macvtap: entered promiscuous mode [ 340.341247][T16550] veth1_macvtap: entered promiscuous mode [ 340.362402][T16550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 340.377499][T16550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 340.385225][ T5863] usb 6-1: new full-speed USB device number 45 using dummy_hcd [ 340.405866][T16550] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.418218][T16550] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.429223][T16550] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.438159][T16550] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.554824][ T5863] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 340.580331][ T5863] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 340.603023][T12129] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.619986][T12129] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.627955][ T5863] usb 6-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00 [ 340.642287][ T5863] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.667424][T16701] netlink: 'syz.6.4524': attribute type 4 has an invalid length. [ 340.674014][ T5863] usb 6-1: config 0 descriptor?? [ 340.676984][T12129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.680623][T16683] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 340.706969][T12129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.801441][ T30] audit: type=1400 audit(1751090079.877:4730): avc: denied { setopt } for pid=16702 comm="syz.0.4526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 340.857259][T16708] pim6reg1: entered promiscuous mode [ 340.873880][T16708] pim6reg1: entered allmulticast mode [ 340.941465][ T30] audit: type=1400 audit(1751090080.017:4731): avc: denied { unmount } for pid=5808 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 341.131112][ T5863] apple 0003:05AC:0264.0036: unbalanced delimiter at end of report description [ 341.159189][ T5863] apple 0003:05AC:0264.0036: parse failed [ 341.165201][ T5863] apple 0003:05AC:0264.0036: probe with driver apple failed with error -22 [ 341.170176][T16721] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4534'. [ 341.215568][T16721] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 341.416478][ T5892] usb 6-1: USB disconnect, device number 45 [ 341.461255][T16734] netlink: 'syz.0.4539': attribute type 4 has an invalid length. [ 341.579748][T16737] binder: 16735:16737 ioctl 400c620e 2000000001c0 returned -22 [ 341.664438][T16740] tipc: Started in network mode [ 341.669322][T16740] tipc: Node identity 4, cluster identity 4711 [ 341.676973][T16740] tipc: Node number set to 4 [ 341.688420][ T30] audit: type=1400 audit(1751090080.767:4732): avc: denied { create } for pid=16741 comm="syz.2.4544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 341.709544][ T30] audit: type=1400 audit(1751090080.787:4733): avc: denied { shutdown } for pid=16739 comm="syz.0.4543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 341.711740][T16742] wlan0 speed is unknown, defaulting to 1000 [ 341.729348][ T30] audit: type=1400 audit(1751090080.787:4734): avc: denied { write } for pid=16741 comm="syz.2.4544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 341.764267][T16742] wlan0 speed is unknown, defaulting to 1000 [ 341.771425][T16742] wlan0 speed is unknown, defaulting to 1000 [ 341.788378][T16742] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 341.807501][T16742] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 341.829797][ T30] audit: type=1400 audit(1751090080.907:4735): avc: denied { read } for pid=16746 comm="syz.0.4546" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 341.840014][T16742] wlan0 speed is unknown, defaulting to 1000 [ 341.871545][T16742] wlan0 speed is unknown, defaulting to 1000 [ 341.876923][ T30] audit: type=1400 audit(1751090080.907:4736): avc: denied { open } for pid=16746 comm="syz.0.4546" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 341.884774][T16742] wlan0 speed is unknown, defaulting to 1000 [ 341.911640][ T30] audit: type=1400 audit(1751090080.937:4737): avc: denied { ioctl } for pid=16746 comm="syz.0.4546" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 341.945932][T16742] wlan0 speed is unknown, defaulting to 1000 [ 341.953620][T16742] wlan0 speed is unknown, defaulting to 1000 [ 342.090214][T16757] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4551'. [ 342.282777][T16771] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4557'. [ 342.358895][T16778] netlink: 'syz.0.4560': attribute type 13 has an invalid length. [ 342.373402][T16778] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 342.391608][T16778] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 342.405909][T16778] gretap1: entered promiscuous mode [ 342.411123][T16778] gretap1: entered allmulticast mode [ 342.445875][T16782] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 342.823393][ T5863] usb 6-1: new full-speed USB device number 46 using dummy_hcd [ 342.855424][T12109] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.996581][ T5863] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 343.006921][ T5863] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 343.017849][ T5863] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 343.026888][ T5863] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 343.034938][ T5863] usb 6-1: SerialNumber: syz [ 343.042265][ T5863] cdc_acm 6-1:1.0: Control and data interfaces are not separated! [ 343.050777][ T5863] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -12 [ 343.258621][ T5863] usb 6-1: USB disconnect, device number 46 [ 343.476344][ T5920] hid-generic 0000:0000:0000.0037: unknown main item tag 0x0 [ 343.509362][ T5920] hid-generic 0000:0000:0000.0037: hidraw0: HID v0.00 Device [syz1] on syz0 [ 343.774457][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 343.788882][ T5823] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 343.799449][ T5823] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 343.821941][ T5823] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 343.832275][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 343.923003][ T5892] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 344.074507][ T5892] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 344.082826][ T5892] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 344.106865][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 344.133669][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 344.163223][ T5892] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 344.177877][T12109] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.185920][ T5892] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 344.211483][T16816] wlan0 speed is unknown, defaulting to 1000 [ 344.217673][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.237053][ T5892] usb 3-1: config 0 descriptor?? [ 344.249109][T16812] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 344.278156][T12109] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.283045][ T5819] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 344.340228][T16833] 9p: Unknown uid 00000000004294967295 [ 344.373671][T12109] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.455768][ T5819] usb 6-1: Using ep0 maxpacket: 8 [ 344.491232][ T5819] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 344.517249][T16816] chnl_net:caif_netlink_parms(): no params data found [ 344.522339][ T5819] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 344.568323][ T5819] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 344.592049][ T5819] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 344.633055][ T5819] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 344.662617][ T5819] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.689786][ T5892] plantronics 0003:047F:FFFF.0038: reserved main item tag 0xd [ 344.704897][ T5819] hub 6-1:1.0: bad descriptor, ignoring hub [ 344.711028][ T5819] hub 6-1:1.0: probe with driver hub failed with error -5 [ 344.719757][T16816] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.721732][ T5819] cdc_wdm 6-1:1.0: skipping garbage [ 344.735670][ T5819] cdc_wdm 6-1:1.0: skipping garbage [ 344.735857][T16816] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.741028][ T5892] plantronics 0003:047F:FFFF.0038: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 344.766407][T16816] bridge_slave_0: entered allmulticast mode [ 344.776737][ T5819] cdc_wdm 6-1:1.0: cdc-wdm1: USB WDM device [ 344.782746][ T5819] cdc_wdm 6-1:1.0: Unknown control protocol [ 344.804575][T16816] bridge_slave_0: entered promiscuous mode [ 344.858515][T16816] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.866783][T16816] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.884929][T16816] bridge_slave_1: entered allmulticast mode [ 344.896258][T16816] bridge_slave_1: entered promiscuous mode [ 344.970662][T12109] bridge_slave_1: left allmulticast mode [ 344.986872][T12109] bridge_slave_1: left promiscuous mode [ 344.992595][T12109] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.002668][ T5892] usb 3-1: USB disconnect, device number 54 [ 345.041271][T12109] bridge_slave_0: left allmulticast mode [ 345.048630][T12109] bridge_slave_0: left promiscuous mode [ 345.055280][T12109] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.138792][ T24] usb 6-1: USB disconnect, device number 47 [ 345.348264][T16861] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 345.354815][T16861] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 345.365713][T16861] vhci_hcd vhci_hcd.0: Device attached [ 345.463103][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 345.475057][T12109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 345.486528][T12109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 345.495291][ T24] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 345.504911][T12109] bond0 (unregistering): Released all slaves [ 345.521750][T16816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 345.558509][T16816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 345.613289][ T3823] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 345.620949][ T5892] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 345.656107][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 345.664891][ T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 345.679000][ T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 345.701947][ T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 345.702412][T16816] team0: Port device team_slave_0 added [ 345.729702][ T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 345.732422][T16867] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4595'. [ 345.750055][ T24] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 345.750081][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.758325][ T24] hub 6-1:1.0: bad descriptor, ignoring hub [ 345.799878][ T24] hub 6-1:1.0: probe with driver hub failed with error -5 [ 345.807587][ T24] cdc_wdm 6-1:1.0: skipping garbage [ 345.812885][ T24] cdc_wdm 6-1:1.0: skipping garbage [ 345.821090][ T3823] usb 1-1: Using ep0 maxpacket: 16 [ 345.828156][ T24] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 345.837042][ T3823] usb 1-1: config 0 has no interfaces? [ 345.844452][ T3823] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 345.856435][ T24] cdc_wdm 6-1:1.0: Unknown control protocol [ 345.862390][ T3823] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.879068][ T3823] usb 1-1: Product: syz [ 345.885210][ T3823] usb 1-1: Manufacturer: syz [ 345.887080][T16816] team0: Port device team_slave_1 added [ 345.889874][ T3823] usb 1-1: SerialNumber: syz [ 345.907281][ T3823] usb 1-1: config 0 descriptor?? [ 345.933986][ T51] Bluetooth: hci1: command tx timeout [ 346.023347][ T3823] IPVS: starting estimator thread 0... [ 346.037576][T16870] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 346.115153][T16816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 346.132681][T16816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 346.164804][ T3823] usb 6-1: USB disconnect, device number 48 [ 346.172163][T16872] IPVS: using max 39 ests per chain, 93600 per kthread [ 346.198077][ T3823] usb 1-1: USB disconnect, device number 50 [ 346.200932][T16862] usb 33-1: recv xbuf, 0 [ 346.217477][T16816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 346.244627][T12100] vhci_hcd: stop threads [ 346.249658][T16816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 346.252962][ T30] audit: type=1400 audit(1751090085.327:4738): avc: denied { ioctl } for pid=16873 comm="syz.6.4597" path="socket:[63228]" dev="sockfs" ino=63228 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 346.267061][T16816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 346.307473][T12100] vhci_hcd: release socket [ 346.311285][ T30] audit: type=1400 audit(1751090085.367:4739): avc: denied { setopt } for pid=16873 comm="syz.6.4597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 346.316813][T12100] vhci_hcd: disconnect device [ 346.361515][T16816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 346.381229][ T30] audit: type=1400 audit(1751090085.417:4740): avc: denied { read } for pid=16873 comm="syz.6.4597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 346.661814][T12109] hsr_slave_0: left promiscuous mode [ 346.682423][T12109] hsr_slave_1: left promiscuous mode [ 346.693206][T12109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 346.711917][T12109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 346.738598][T12109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 346.746316][T12109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 346.804929][T12109] veth1_macvtap: left promiscuous mode [ 346.810488][T12109] veth0_macvtap: left promiscuous mode [ 346.824095][T12109] veth1_vlan: left promiscuous mode [ 346.829470][T12109] veth0_vlan: left promiscuous mode [ 346.904231][ T30] audit: type=1400 audit(1751090085.987:4741): avc: denied { lock } for pid=16891 comm="syz.2.4606" path="socket:[63266]" dev="sockfs" ino=63266 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 347.183292][ T5823] Bluetooth: hci2: sending frame failed (-49) [ 347.190364][ T51] Bluetooth: hci2: Opcode 0x1003 failed: -49 [ 347.549054][T12109] team0 (unregistering): Port device team_slave_1 removed [ 347.612134][T12109] team0 (unregistering): Port device team_slave_0 removed [ 347.854567][ T30] audit: type=1400 audit(1751090086.937:4742): avc: denied { ioctl } for pid=16911 comm="syz.2.4613" path="socket:[64210]" dev="sockfs" ino=64210 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 348.011058][T16816] hsr_slave_0: entered promiscuous mode [ 348.013066][ T51] Bluetooth: hci1: command tx timeout [ 348.017759][T16816] hsr_slave_1: entered promiscuous mode [ 348.028138][T16816] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 348.035815][T16816] Cannot create hsr debugfs directory [ 348.131838][T16917] fuse: Invalid gid '00000000000037777777777' [ 348.353194][T16927] [ 348.355542][T16927] ===================================================== [ 348.362461][T16927] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 348.369900][T16927] 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 Not tainted [ 348.377001][T16927] ----------------------------------------------------- [ 348.383924][T16927] syz.0.4620/16927 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 348.391640][T16927] ffff88803523b4b0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 348.400351][T16927] [ 348.400351][T16927] and this task is already holding: [ 348.407706][T16927] ffff88803518d028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 348.417531][T16927] which would create a new lock dependency: [ 348.423401][T16927] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 348.431475][T16927] [ 348.431475][T16927] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 348.440901][T16927] (&dev->event_lock#2){..-.}-{3:3} [ 348.440926][T16927] [ 348.440926][T16927] ... which became SOFTIRQ-irq-safe at: [ 348.453778][T16927] lock_acquire+0x179/0x350 [ 348.458360][T16927] _raw_spin_lock_irqsave+0x3a/0x60 [ 348.463633][T16927] input_event+0x70/0xb0 [ 348.467947][T16927] atp_complete_geyser_3_4+0xa2c/0x16f0 [ 348.473568][T16927] __usb_hcd_giveback_urb+0x38d/0x6e0 [ 348.479013][T16927] usb_hcd_giveback_urb+0x39b/0x450 [ 348.484281][T16927] dummy_timer+0x180e/0x3a20 [ 348.488956][T16927] __hrtimer_run_queues+0x202/0xad0 [ 348.494228][T16927] hrtimer_run_softirq+0x17d/0x350 [ 348.499407][T16927] handle_softirqs+0x216/0x8e0 [ 348.504244][T16927] __irq_exit_rcu+0x109/0x170 [ 348.508991][T16927] irq_exit_rcu+0x9/0x30 [ 348.513302][T16927] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 348.519010][T16927] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 348.525060][T16927] _raw_spin_unlock_irqrestore+0x31/0x80 [ 348.530770][T16927] dummy_urb_enqueue+0x558/0x920 [ 348.535787][T16927] usb_hcd_submit_urb+0x25b/0x1c60 [ 348.540973][T16927] usb_submit_urb+0x87c/0x1790 [ 348.545812][T16927] atp_open+0x60/0xd0 [ 348.549870][T16927] input_open_device+0x233/0x390 [ 348.554877][T16927] mousedev_open_device+0xe0/0x140 [ 348.560056][T16927] mousedev_open+0x2fd/0x580 [ 348.564717][T16927] chrdev_open+0x234/0x6a0 [ 348.569213][T16927] do_dentry_open+0x744/0x1c10 [ 348.574050][T16927] vfs_open+0x82/0x3f0 [ 348.578208][T16927] path_openat+0x1de4/0x2cb0 [ 348.582869][T16927] do_filp_open+0x20b/0x470 [ 348.587447][T16927] do_sys_openat2+0x11b/0x1d0 [ 348.592189][T16927] __x64_sys_openat+0x174/0x210 [ 348.597106][T16927] do_syscall_64+0xcd/0x4c0 [ 348.601684][T16927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.607648][T16927] [ 348.607648][T16927] to a SOFTIRQ-irq-unsafe lock: [ 348.614645][T16927] (tasklist_lock){.+.+}-{3:3} [ 348.614666][T16927] [ 348.614666][T16927] ... which became SOFTIRQ-irq-unsafe at: [ 348.627258][T16927] ... [ 348.627263][T16927] lock_acquire+0x179/0x350 [ 348.634401][T16927] _raw_read_lock+0x5f/0x70 [ 348.638976][T16927] __do_wait+0x105/0x890 [ 348.643291][T16927] do_wait+0x21e/0x5a0 [ 348.647434][T16927] kernel_wait+0x9f/0x160 [ 348.651853][T16927] call_usermodehelper_exec_work+0xf1/0x170 [ 348.657908][T16927] process_one_work+0x9cc/0x1b70 [ 348.662914][T16927] worker_thread+0x6c8/0xf10 [ 348.667573][T16927] kthread+0x3c2/0x780 [ 348.671709][T16927] ret_from_fork+0x5d4/0x6f0 [ 348.676375][T16927] ret_from_fork_asm+0x1a/0x30 [ 348.681208][T16927] [ 348.681208][T16927] other info that might help us debug this: [ 348.681208][T16927] [ 348.691414][T16927] Chain exists of: [ 348.691414][T16927] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 348.691414][T16927] [ 348.704956][T16927] Possible interrupt unsafe locking scenario: [ 348.704956][T16927] [ 348.713255][T16927] CPU0 CPU1 [ 348.718610][T16927] ---- ---- [ 348.723952][T16927] lock(tasklist_lock); [ 348.728177][T16927] local_irq_disable(); [ 348.734927][T16927] lock(&dev->event_lock#2); [ 348.742109][T16927] lock(&client->buffer_lock); [ 348.749458][T16927] [ 348.752892][T16927] lock(&dev->event_lock#2); [ 348.757734][T16927] [ 348.757734][T16927] *** DEADLOCK *** [ 348.757734][T16927] [ 348.765860][T16927] 7 locks held by syz.0.4620/16927: [ 348.771035][T16927] #0: ffff88802bd8b118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x206/0x750 [ 348.780169][T16927] #1: ffff88814675a230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x390 [ 348.790253][T16927] #2: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x390 [ 348.799894][T16927] #3: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x890 [ 348.809449][T16927] #4: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 348.818581][T16927] #5: ffff88803518d028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 348.828828][T16927] #6: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 348.837854][T16927] [ 348.837854][T16927] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 348.848236][T16927] -> (&dev->event_lock#2){..-.}-{3:3} { [ 348.853870][T16927] IN-SOFTIRQ-W at: [ 348.857918][T16927] lock_acquire+0x179/0x350 [ 348.864247][T16927] _raw_spin_lock_irqsave+0x3a/0x60 [ 348.871254][T16927] input_event+0x70/0xb0 [ 348.877304][T16927] atp_complete_geyser_3_4+0xa2c/0x16f0 [ 348.884662][T16927] __usb_hcd_giveback_urb+0x38d/0x6e0 [ 348.891844][T16927] usb_hcd_giveback_urb+0x39b/0x450 [ 348.898849][T16927] dummy_timer+0x180e/0x3a20 [ 348.905266][T16927] __hrtimer_run_queues+0x202/0xad0 [ 348.912270][T16927] hrtimer_run_softirq+0x17d/0x350 [ 348.919188][T16927] handle_softirqs+0x216/0x8e0 [ 348.925761][T16927] __irq_exit_rcu+0x109/0x170 [ 348.932245][T16927] irq_exit_rcu+0x9/0x30 [ 348.938294][T16927] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 348.945738][T16927] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 348.953524][T16927] _raw_spin_unlock_irqrestore+0x31/0x80 [ 348.960966][T16927] dummy_urb_enqueue+0x558/0x920 [ 348.967721][T16927] usb_hcd_submit_urb+0x25b/0x1c60 [ 348.974647][T16927] usb_submit_urb+0x87c/0x1790 [ 348.981221][T16927] atp_open+0x60/0xd0 [ 348.987012][T16927] input_open_device+0x233/0x390 [ 348.993755][T16927] mousedev_open_device+0xe0/0x140 [ 349.000670][T16927] mousedev_open+0x2fd/0x580 [ 349.007063][T16927] chrdev_open+0x234/0x6a0 [ 349.013291][T16927] do_dentry_open+0x744/0x1c10 [ 349.019861][T16927] vfs_open+0x82/0x3f0 [ 349.025744][T16927] path_openat+0x1de4/0x2cb0 [ 349.032143][T16927] do_filp_open+0x20b/0x470 [ 349.038454][T16927] do_sys_openat2+0x11b/0x1d0 [ 349.044935][T16927] __x64_sys_openat+0x174/0x210 [ 349.051586][T16927] do_syscall_64+0xcd/0x4c0 [ 349.057900][T16927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.065597][T16927] INITIAL USE at: [ 349.069558][T16927] lock_acquire+0x179/0x350 [ 349.075784][T16927] _raw_spin_lock_irqsave+0x3a/0x60 [ 349.082702][T16927] input_inject_event+0x9f/0x390 [ 349.089364][T16927] led_set_brightness+0x217/0x290 [ 349.096106][T16927] kbd_led_trigger_activate+0xcb/0x110 [ 349.103291][T16927] led_trigger_set+0x59a/0xc50 [ 349.109834][T16927] led_trigger_set_default+0x1e0/0x2e0 [ 349.117030][T16927] led_classdev_register_ext+0x7b8/0xa10 [ 349.124386][T16927] input_leds_connect+0x552/0x8e0 [ 349.131129][T16927] input_attach_handler.isra.0+0x181/0x260 [ 349.138656][T16927] input_register_device+0xa84/0x1130 [ 349.145747][T16927] atkbd_connect+0x5da/0xa20 [ 349.152059][T16927] serio_driver_probe+0x74/0xb0 [ 349.158639][T16927] really_probe+0x241/0xa90 [ 349.164872][T16927] __driver_probe_device+0x1de/0x440 [ 349.171878][T16927] driver_probe_device+0x4c/0x1b0 [ 349.178627][T16927] __driver_attach+0x283/0x580 [ 349.185117][T16927] bus_for_each_dev+0x13b/0x1d0 [ 349.191693][T16927] serio_handle_event+0x247/0xa50 [ 349.198442][T16927] process_one_work+0x9cc/0x1b70 [ 349.205108][T16927] worker_thread+0x6c8/0xf10 [ 349.211416][T16927] kthread+0x3c2/0x780 [ 349.217200][T16927] ret_from_fork+0x5d4/0x6f0 [ 349.223514][T16927] ret_from_fork_asm+0x1a/0x30 [ 349.230000][T16927] } [ 349.232571][T16927] ... key at: [] __key.7+0x0/0x40 [ 349.239756][T16927] -> (&client->buffer_lock){....}-{3:3} { [ 349.245474][T16927] INITIAL USE at: [ 349.249350][T16927] lock_acquire+0x179/0x350 [ 349.255407][T16927] _raw_spin_lock+0x2e/0x40 [ 349.261458][T16927] evdev_pass_values+0x10e/0x9b0 [ 349.267944][T16927] evdev_events+0x1bb/0x390 [ 349.273994][T16927] input_pass_values+0x6c4/0x890 [ 349.280484][T16927] input_handle_event+0xf00/0x14d0 [ 349.287141][T16927] input_inject_event+0x1cd/0x390 [ 349.293714][T16927] evdev_write+0x457/0x750 [ 349.299675][T16927] vfs_write+0x2a0/0x1150 [ 349.305550][T16927] ksys_write+0x1f8/0x250 [ 349.311425][T16927] do_syscall_64+0xcd/0x4c0 [ 349.317477][T16927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.324917][T16927] } [ 349.327392][T16927] ... key at: [] __key.1+0x0/0x40 [ 349.334489][T16927] ... acquired at: [ 349.338269][T16927] _raw_spin_lock+0x2e/0x40 [ 349.342929][T16927] evdev_pass_values+0x10e/0x9b0 [ 349.348021][T16927] evdev_events+0x1bb/0x390 [ 349.352678][T16927] input_pass_values+0x6c4/0x890 [ 349.357771][T16927] input_handle_event+0xf00/0x14d0 [ 349.363040][T16927] input_inject_event+0x1cd/0x390 [ 349.368220][T16927] evdev_write+0x457/0x750 [ 349.372792][T16927] vfs_write+0x2a0/0x1150 [ 349.377278][T16927] ksys_write+0x1f8/0x250 [ 349.381764][T16927] do_syscall_64+0xcd/0x4c0 [ 349.386426][T16927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.392473][T16927] [ 349.394780][T16927] [ 349.394780][T16927] the dependencies between the lock to be acquired [ 349.394787][T16927] and SOFTIRQ-irq-unsafe lock: [ 349.408251][T16927] -> (tasklist_lock){.+.+}-{3:3} { [ 349.413529][T16927] HARDIRQ-ON-R at: [ 349.417663][T16927] lock_acquire+0x179/0x350 [ 349.424149][T16927] _raw_read_lock+0x5f/0x70 [ 349.430631][T16927] __do_wait+0x105/0x890 [ 349.436857][T16927] do_wait+0x21e/0x5a0 [ 349.442907][T16927] kernel_wait+0x9f/0x160 [ 349.449222][T16927] call_usermodehelper_exec_work+0xf1/0x170 [ 349.457097][T16927] process_one_work+0x9cc/0x1b70 [ 349.464013][T16927] worker_thread+0x6c8/0xf10 [ 349.470582][T16927] kthread+0x3c2/0x780 [ 349.476626][T16927] ret_from_fork+0x5d4/0x6f0 [ 349.483199][T16927] ret_from_fork_asm+0x1a/0x30 [ 349.489939][T16927] SOFTIRQ-ON-R at: [ 349.494071][T16927] lock_acquire+0x179/0x350 [ 349.500558][T16927] _raw_read_lock+0x5f/0x70 [ 349.507042][T16927] __do_wait+0x105/0x890 [ 349.513267][T16927] do_wait+0x21e/0x5a0 [ 349.519319][T16927] kernel_wait+0x9f/0x160 [ 349.525634][T16927] call_usermodehelper_exec_work+0xf1/0x170 [ 349.533517][T16927] process_one_work+0x9cc/0x1b70 [ 349.540432][T16927] worker_thread+0x6c8/0xf10 [ 349.546999][T16927] kthread+0x3c2/0x780 [ 349.553045][T16927] ret_from_fork+0x5d4/0x6f0 [ 349.559618][T16927] ret_from_fork_asm+0x1a/0x30 [ 349.566360][T16927] INITIAL USE at: [ 349.570405][T16927] lock_acquire+0x179/0x350 [ 349.576805][T16927] _raw_write_lock_irq+0x36/0x50 [ 349.583638][T16927] copy_process+0x4caf/0x76a0 [ 349.590209][T16927] kernel_clone+0xfc/0x960 [ 349.596520][T16927] user_mode_thread+0xc7/0x110 [ 349.603180][T16927] rest_init+0x23/0x2b0 [ 349.609227][T16927] start_kernel+0x3ee/0x4d0 [ 349.615626][T16927] x86_64_start_reservations+0x18/0x30 [ 349.622978][T16927] x86_64_start_kernel+0x130/0x190 [ 349.629984][T16927] common_startup_64+0x13e/0x148 [ 349.636810][T16927] INITIAL READ USE at: [ 349.641292][T16927] lock_acquire+0x179/0x350 [ 349.648125][T16927] _raw_read_lock+0x5f/0x70 [ 349.654957][T16927] __do_wait+0x105/0x890 [ 349.661531][T16927] do_wait+0x21e/0x5a0 [ 349.667930][T16927] kernel_wait+0x9f/0x160 [ 349.674592][T16927] call_usermodehelper_exec_work+0xf1/0x170 [ 349.682812][T16927] process_one_work+0x9cc/0x1b70 [ 349.690072][T16927] worker_thread+0x6c8/0xf10 [ 349.696985][T16927] kthread+0x3c2/0x780 [ 349.703376][T16927] ret_from_fork+0x5d4/0x6f0 [ 349.710298][T16927] ret_from_fork_asm+0x1a/0x30 [ 349.717388][T16927] } [ 349.720039][T16927] ... key at: [] tasklist_lock+0x18/0x40 [ 349.727911][T16927] ... acquired at: [ 349.731866][T16927] _raw_read_lock+0x5f/0x70 [ 349.736526][T16927] send_sigio+0xb8/0x3e0 [ 349.740922][T16927] dnotify_handle_event+0x15e/0x2b0 [ 349.746280][T16927] fsnotify_handle_inode_event.isra.0+0x1df/0x3f0 [ 349.752851][T16927] fsnotify+0x13d6/0x1dc0 [ 349.757336][T16927] vfs_mkdir+0x71d/0x8c0 [ 349.761735][T16927] do_mkdirat+0x304/0x3e0 [ 349.766221][T16927] __x64_sys_mkdirat+0x83/0xb0 [ 349.771141][T16927] do_syscall_64+0xcd/0x4c0 [ 349.775805][T16927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.781852][T16927] [ 349.784153][T16927] -> (&f_owner->lock){....}-{3:3} { [ 349.789432][T16927] INITIAL USE at: [ 349.793392][T16927] lock_acquire+0x179/0x350 [ 349.799620][T16927] _raw_write_lock_irq+0x36/0x50 [ 349.806282][T16927] __f_setown+0x61/0x3c0 [ 349.812251][T16927] fcntl_dirnotify+0x78f/0xb50 [ 349.818738][T16927] do_fcntl+0xe62/0x15a0 [ 349.824694][T16927] __x64_sys_fcntl+0x163/0x200 [ 349.831175][T16927] do_syscall_64+0xcd/0x4c0 [ 349.837404][T16927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.845012][T16927] INITIAL READ USE at: [ 349.849406][T16927] lock_acquire+0x179/0x350 [ 349.856068][T16927] _raw_read_lock_irqsave+0x74/0x90 [ 349.863424][T16927] send_sigio+0x31/0x3e0 [ 349.869814][T16927] kill_fasync+0x214/0x510 [ 349.876381][T16927] lease_break_callback+0x23/0x30 [ 349.883565][T16927] __break_lease+0x674/0x1810 [ 349.890393][T16927] do_dentry_open+0x6e1/0x1c10 [ 349.897310][T16927] vfs_open+0x82/0x3f0 [ 349.903538][T16927] path_openat+0x1de4/0x2cb0 [ 349.910282][T16927] do_filp_open+0x20b/0x470 [ 349.916939][T16927] do_sys_openat2+0x11b/0x1d0 [ 349.923767][T16927] __x64_sys_openat+0x174/0x210 [ 349.930770][T16927] do_syscall_64+0xcd/0x4c0 [ 349.937429][T16927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.945486][T16927] } [ 349.948054][T16927] ... key at: [] __key.1+0x0/0x40 [ 349.955241][T16927] ... acquired at: [ 349.959108][T16927] _raw_read_lock_irqsave+0x74/0x90 [ 349.964468][T16927] send_sigio+0x31/0x3e0 [ 349.968868][T16927] kill_fasync+0x214/0x510 [ 349.973440][T16927] lease_break_callback+0x23/0x30 [ 349.978654][T16927] __break_lease+0x674/0x1810 [ 349.983492][T16927] do_dentry_open+0x6e1/0x1c10 [ 349.988415][T16927] vfs_open+0x82/0x3f0 [ 349.992657][T16927] path_openat+0x1de4/0x2cb0 [ 349.997412][T16927] do_filp_open+0x20b/0x470 [ 350.002075][T16927] do_sys_openat2+0x11b/0x1d0 [ 350.006904][T16927] __x64_sys_openat+0x174/0x210 [ 350.011910][T16927] do_syscall_64+0xcd/0x4c0 [ 350.016576][T16927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.022624][T16927] [ 350.024927][T16927] -> (&new->fa_lock){....}-{3:3} { [ 350.030036][T16927] INITIAL USE at: [ 350.033909][T16927] lock_acquire+0x179/0x350 [ 350.039966][T16927] _raw_write_lock_irq+0x36/0x50 [ 350.046456][T16927] fasync_remove_entry+0xb2/0x1e0 [ 350.053036][T16927] fasync_helper+0xaf/0xd0 [ 350.058999][T16927] snd_fasync_helper+0xdd/0x250 [ 350.065402][T16927] __fput+0x96b/0xb70 [ 350.070930][T16927] task_work_run+0x150/0x240 [ 350.077067][T16927] exit_to_user_mode_loop+0xeb/0x110 [ 350.083900][T16927] do_syscall_64+0x3f6/0x4c0 [ 350.090041][T16927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.097480][T16927] INITIAL READ USE at: [ 350.101788][T16927] lock_acquire+0x179/0x350 [ 350.108277][T16927] _raw_read_lock_irqsave+0x74/0x90 [ 350.115457][T16927] kill_fasync+0x138/0x510 [ 350.121851][T16927] snd_fasync_work_fn+0x1ac/0x240 [ 350.128857][T16927] process_one_work+0x9cc/0x1b70 [ 350.135783][T16927] worker_thread+0x6c8/0xf10 [ 350.142362][T16927] kthread+0x3c2/0x780 [ 350.148413][T16927] ret_from_fork+0x5d4/0x6f0 [ 350.154992][T16927] ret_from_fork_asm+0x1a/0x30 [ 350.161742][T16927] } [ 350.164226][T16927] ... key at: [] __key.0+0x0/0x40 [ 350.171328][T16927] ... acquired at: [ 350.175115][T16927] lock_acquire+0x179/0x350 [ 350.179784][T16927] _raw_read_lock_irqsave+0x74/0x90 [ 350.185146][T16927] kill_fasync+0x138/0x510 [ 350.189718][T16927] evdev_pass_values+0x619/0x9b0 [ 350.194818][T16927] evdev_events+0x1bb/0x390 [ 350.199484][T16927] input_pass_values+0x6c4/0x890 [ 350.204579][T16927] input_handle_event+0xf00/0x14d0 [ 350.209847][T16927] input_inject_event+0x1cd/0x390 [ 350.215027][T16927] evdev_write+0x457/0x750 [ 350.219600][T16927] vfs_write+0x2a0/0x1150 [ 350.224088][T16927] ksys_write+0x1f8/0x250 [ 350.228574][T16927] do_syscall_64+0xcd/0x4c0 [ 350.233241][T16927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.239287][T16927] [ 350.241589][T16927] [ 350.241589][T16927] stack backtrace: [ 350.247455][T16927] CPU: 0 UID: 0 PID: 16927 Comm: syz.0.4620 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) [ 350.247475][T16927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 350.247484][T16927] Call Trace: [ 350.247491][T16927] [ 350.247498][T16927] dump_stack_lvl+0x116/0x1f0 [ 350.247520][T16927] check_irq_usage+0x7dc/0x920 [ 350.247541][T16927] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 350.247562][T16927] ? check_path.constprop.0+0x24/0x50 [ 350.247585][T16927] ? __lock_acquire+0x1285/0x1c90 [ 350.247606][T16927] __lock_acquire+0x1285/0x1c90 [ 350.247631][T16927] lock_acquire+0x179/0x350 [ 350.247653][T16927] ? kill_fasync+0x138/0x510 [ 350.247669][T16927] _raw_read_lock_irqsave+0x74/0x90 [ 350.247687][T16927] ? kill_fasync+0x138/0x510 [ 350.247700][T16927] kill_fasync+0x138/0x510 [ 350.247715][T16927] evdev_pass_values+0x619/0x9b0 [ 350.247734][T16927] evdev_events+0x1bb/0x390 [ 350.247756][T16927] input_pass_values+0x6c4/0x890 [ 350.247775][T16927] input_handle_event+0xf00/0x14d0 [ 350.247792][T16927] ? _copy_from_user+0x59/0xd0 [ 350.247814][T16927] input_inject_event+0x1cd/0x390 [ 350.247834][T16927] evdev_write+0x457/0x750 [ 350.247853][T16927] ? __pfx_evdev_write+0x10/0x10 [ 350.247871][T16927] ? bpf_lsm_file_permission+0x9/0x10 [ 350.247894][T16927] ? security_file_permission+0x71/0x210 [ 350.247916][T16927] ? rw_verify_area+0xcf/0x680 [ 350.247933][T16927] ? __pfx_evdev_write+0x10/0x10 [ 350.247950][T16927] vfs_write+0x2a0/0x1150 [ 350.247969][T16927] ? __pfx_vfs_write+0x10/0x10 [ 350.247986][T16927] ? find_held_lock+0x2b/0x80 [ 350.248003][T16927] ? __fget_files+0x204/0x3c0 [ 350.248023][T16927] ? __fget_files+0x20e/0x3c0 [ 350.248044][T16927] ksys_write+0x1f8/0x250 [ 350.248062][T16927] ? __pfx_ksys_write+0x10/0x10 [ 350.248082][T16927] do_syscall_64+0xcd/0x4c0 [ 350.248104][T16927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.248119][T16927] RIP: 0033:0x7f009238e929 [ 350.248131][T16927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.248145][T16927] RSP: 002b:00007f00931fb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 350.248160][T16927] RAX: ffffffffffffffda RBX: 00007f00925b5fa0 RCX: 00007f009238e929 [ 350.248170][T16927] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000003 [ 350.248179][T16927] RBP: 00007f0092410b39 R08: 0000000000000000 R09: 0000000000000000 [ 350.248189][T16927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.248197][T16927] R13: 0000000000000000 R14: 00007f00925b5fa0 R15: 00007ffcfddc8658 [ 350.248212][T16927] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 350.510171][ T51] Bluetooth: hci1: command tx timeout [ 350.544020][ T30] audit: type=1400 audit(1751090089.627:4743): avc: denied { write } for pid=5797 comm="syz-executor" path="pipe:[3694]" dev="pipefs" ino=3694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 350.980941][T12109] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.056540][T12109] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.115377][T12109] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.207044][T12109] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.254848][T12109] bridge_slave_1: left allmulticast mode [ 351.260478][T12109] bridge_slave_1: left promiscuous mode [ 351.266232][T12109] bridge0: port 2(bridge_slave_1) entered disabled state [ 351.274525][T12109] bridge_slave_0: left allmulticast mode [ 351.280139][T12109] bridge_slave_0: left promiscuous mode [ 351.285934][T12109] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.609982][T12109] hsr_slave_0: left promiscuous mode [ 351.615589][T12109] hsr_slave_1: left promiscuous mode [ 351.621179][T12109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 351.628604][T12109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 351.636020][T12109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 351.643777][T12109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 351.655215][T12109] veth1_macvtap: left promiscuous mode [ 351.660702][T12109] veth0_macvtap: left promiscuous mode [ 351.667513][T12109] veth1_vlan: left promiscuous mode [ 351.672727][T12109] veth0_vlan: left promiscuous mode [ 351.759356][T12109] team0 (unregistering): Port device team_slave_1 removed [ 351.776348][T12109] team0 (unregistering): Port device team_slave_0 removed [ 352.105795][T12109] IPVS: stop unused estimator thread 0... [ 352.143906][T12109] bridge_slave_1: left allmulticast mode [ 352.149548][T12109] bridge_slave_1: left promiscuous mode [ 352.155276][T12109] bridge0: port 2(bridge_slave_1) entered disabled state [ 352.162864][T12109] bridge_slave_0: left allmulticast mode [ 352.168535][T12109] bridge_slave_0: left promiscuous mode [ 352.174178][T12109] bridge0: port 1(bridge_slave_0) entered disabled state [ 352.207875][T12109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 352.217698][T12109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 352.226717][T12109] bond0 (unregistering): Released all slaves [ 352.355912][T12109] hsr_slave_0: left promiscuous mode [ 352.361418][T12109] hsr_slave_1: left promiscuous mode [ 352.366987][T12109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 352.375029][T12109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 352.428108][T12109] team0 (unregistering): Port device team_slave_1 removed [ 352.445044][T12109] team0 (unregistering): Port device team_slave_0 removed