last executing test programs: 11m49.94593772s ago: executing program 2 (id=1592): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f00000008c0)=';', 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4) sendmmsg$inet6(r0, &(0x7f0000000e00)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000001240)=[{{0x0, 0x0, 0x0}, 0x7f}], 0x1, 0x12141, 0x0) 11m49.738776815s ago: executing program 2 (id=1595): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xc, 0x0, 0x7ffc1ffb}]}) openat$ocfs2_control(0xffffff9c, &(0x7f0000000000), 0x2002, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setpriority(0x1, 0x0, 0x7) 11m49.632556457s ago: executing program 2 (id=1597): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=@newsa={0xf8, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in6=@private1}, {@in, 0x0, 0x32}, @in=@multicast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@etimer_thresh={0x8}]}, 0xf8}}, 0x0) 11m49.448784859s ago: executing program 2 (id=1601): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0) 11m48.098321441s ago: executing program 2 (id=1609): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000140)={0x14, &(0x7f0000000080)={0x20, 0x0, 0x2, {0x2, 0x2a}}, 0x0}, &(0x7f0000000280)={0x1c, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="401401000000ff"], 0x0, 0x0, 0x0, 0x0}) 11m45.470381286s ago: executing program 2 (id=1620): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004) accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14, 0x80400) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) recvmmsg(r0, &(0x7f00000050c0)=[{{0x0, 0x0, &(0x7f00000001c0), 0x2000000000000112}, 0x3268455f}, {{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/171, 0xab}], 0x1}, 0xfffffff9}], 0x2, 0x2, 0x0) fsopen(&(0x7f0000000100)='binfmt_misc\x00', 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80042, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xd) r2 = dup(r1) write$RDMA_USER_CM_CMD_DESTROY_ID(r2, 0x0, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x300, 0x0, 0x0, 0x0, 0x37a0}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 11m30.061704243s ago: executing program 32 (id=1620): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004) accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14, 0x80400) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) recvmmsg(r0, &(0x7f00000050c0)=[{{0x0, 0x0, &(0x7f00000001c0), 0x2000000000000112}, 0x3268455f}, {{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/171, 0xab}], 0x1}, 0xfffffff9}], 0x2, 0x2, 0x0) fsopen(&(0x7f0000000100)='binfmt_misc\x00', 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80042, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xd) r2 = dup(r1) write$RDMA_USER_CM_CMD_DESTROY_ID(r2, 0x0, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x300, 0x0, 0x0, 0x0, 0x37a0}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 7m43.747475225s ago: executing program 5 (id=2994): syz_extract_tcp_res$synack(0x0, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000280)=@filter={'filter\x00', 0xe, 0x4, 0x2d8, 0xffffffff, 0xb0, 0x0, 0x190, 0xffffffff, 0xffffffff, 0x260, 0x260, 0x260, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "c25898b277e722f335aa54f8deb4f8e9613dd2e15614f65c582fc95ecb07"}}, {{@ip={@multicast1, @empty, 0x0, 0xff, 'geneve0\x00', 'nr0\x00', {}, {0xff}, 0x6, 0x1, 0x12}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@unspec=@cpu={{0x28}, {0x200}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0xd920, 0x5}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @remote, 0x5, 0xb, [0x2, 0x1c, 0x35, 0x1d, 0x1a, 0x31, 0x3, 0x2a, 0x14, 0xd, 0x25, 0xd, 0x26, 0x23, 0x8, 0x25], 0x1, 0xffff0001}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x338) openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) close(r3) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) getpeername(0xffffffffffffffff, 0x0, &(0x7f0000000200)) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@newtfilter={0x24, 0x11, 0x1, 0x74bd2b, 0x0, {0x0, 0x0, 0x74, r4, {0x6, 0x8}, {0x5, 0xfff3}, {0xfff1, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0x0) 7m40.047997125s ago: executing program 5 (id=3001): syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_procfs(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x3, 0xb6) connect$inet6(r4, &(0x7f0000000000)={0xa, 0xe0, 0x4, @loopback}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0x62, 0x0) 7m38.751629452s ago: executing program 5 (id=3004): syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040e"], 0x7) syz_emit_vhci(0x0, 0x0) mknod(0x0, 0x0, 0x0) lsetxattr$security_capability(0x0, &(0x7f0000000180), 0x0, 0x0, 0x0) close(0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 7m35.625199481s ago: executing program 5 (id=3018): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)={0x30, r1, 0x1, 0x0, 0x8000000, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) 7m35.393902231s ago: executing program 5 (id=3020): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000020601000000000005"], 0x1c}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000001c0)=ANY=[@ANYBLOB="01"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000340)=ANY=[]) 7m34.882920444s ago: executing program 5 (id=3022): syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syslog(0x1, &(0x7f0000000380)=""/180, 0xb4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x1}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) r2 = userfaultfd(0x1) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa07, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}}) lstat(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000900)) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x3c}}, 0x0) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000440)=ANY=[@ANYBLOB="5c000000100003050000", @ANYRES32=0x0, @ANYBLOB="15460100000000002c0012800b0001006d616373656300001c0002800800050000800000060002404e200000050006000100000008000500"], 0x5c}}, 0x0) sendmsg$inet(r4, 0x0, 0x0) 7m18.995032111s ago: executing program 33 (id=3022): syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syslog(0x1, &(0x7f0000000380)=""/180, 0xb4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x1}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) r2 = userfaultfd(0x1) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa07, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}}) lstat(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000900)) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x3c}}, 0x0) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000440)=ANY=[@ANYBLOB="5c000000100003050000", @ANYRES32=0x0, @ANYBLOB="15460100000000002c0012800b0001006d616373656300001c0002800800050000800000060002404e200000050006000100000008000500"], 0x5c}}, 0x0) sendmsg$inet(r4, 0x0, 0x0) 13.001514954s ago: executing program 3 (id=4713): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000c0000e40000be437ecfe3e7dc1a7adb8b5d3c61967eb61d38c7", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffffffffff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa8}, @call={0x85, 0x0, 0x0, 0x50}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@fallback, 0xffffffffffffffff, 0x2f, 0x0, 0x0, @void, @value}, 0x20) unshare(0x22020400) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 11.999066953s ago: executing program 3 (id=4718): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a00000004000000080000000a0000000000", @ANYRES32, @ANYRES32], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x2d6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x2170a8, &(0x7f0000000400)) chdir(&(0x7f0000001180)='./bus\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000087}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) chdir(&(0x7f0000000480)='./cgroup\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) fanotify_init(0x200, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x2) clock_adjtime(0x0, &(0x7f0000000300)={0x3fc5, 0xfffffffffffffff9, 0x3ff, 0x7, 0x1912, 0x3, 0x6, 0x4, 0x4, 0x6, 0x2, 0x40, 0x3, 0x1e80000000, 0x8, 0x100000000, 0x2, 0x100000000, 0x0, 0x24c, 0x3, 0x1ff, 0xfffffffffffffffe, 0x3f, 0x6, 0x4}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000030000000900010073797a300000000040000000030a03000000000000000000030000000900030073797a30000000000900010073797a30000000001400048008000240000000000800014000000002140000001100010000002200000000000000000a617cde74c6c7ba2efb1754d031da5c010a731712487c1cc9768873feff7bacc01d045925cb186ca09e4c3efa79ac11446f4eb8dfa85ad024b7680c90ff53d054b624c8f76519ceba7f1d725aa8ced6b35e8ba14f0165107cb5a41c917ddfbe9a70b29ed3fdc5fdfd4b87f3e632c4d4fd17e852e02b3866dc3270bda09a182cc07b34936c8e0a4375c2b19f8f30b09b41875c183253c9a88556cf75731eacfc46fb98e0ae7fc4675404f69e1ba4107de23c3ffd38b4e099d89912898e685d6389eaa0459965421569b1ae36f41fd9316068d5335194560567853653e85612de3a8242510851"], 0x88}}, 0x0) 10.955595774s ago: executing program 3 (id=4724): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_usb_connect(0x5, 0x24, &(0x7f0000002040)=ANY=[], 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x535, 0x200) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000180)=""/135) 7.814742215s ago: executing program 4 (id=4738): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) socket$inet6_sctp(0xa, 0x1, 0x84) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) eventfd(0x6) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd}, 0x0, &(0x7f0000000080)={0x3ff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x5}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 7.814548216s ago: executing program 3 (id=4739): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$rds(0x15, 0x5, 0x0) fsopen(0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) write$UHID_CREATE2(r2, 0x0, 0x1b9) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r3, &(0x7f00000001c0)=[{0x0}], 0x1, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$PTP_PEROUT_REQUEST2(r2, 0x40383d0c, &(0x7f0000000100)={{0x7f, 0x800}, {0x7f, 0x8}, 0xe}) mkdir(0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000840), 0x6000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000580)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000e00000018000180140002006d6163766c616e310000000000000000770023ba774729d24bd4073a05450478c7be361a5d4be5b3b4140d092720c7a2fcef25a96336347944d5bbcc43eb51f78c72116c13cc9b1d2308071ce36ae61c6921802796150c9da39bc99e18fb5691c6bc8c54e6bf682b18355bd9db419ad94f1a720ace3d4310815a0425d453a23eb627e3be8b454e3d2a881ed9656d7127bfb824017008bfdff55d6d69f73186bac2"], 0x2c}}, 0x0) getsockopt$bt_hci(r4, 0x84, 0x7d, &(0x7f00000022c0)=""/4104, &(0x7f0000001080)=0x1008) ioctl$EVIOCGEFFECTS(r3, 0x80044584, 0x0) 6.817311467s ago: executing program 3 (id=4743): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0xfffffffffffffffd, &(0x7f0000000100), 0x13f, 0x1}}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r3, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) sendto$netrom(r3, 0x0, 0x0, 0x0, 0x0, 0x0) 5.274752331s ago: executing program 3 (id=4747): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x3}}, 0xfffffdc6) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000340)={0x7, 0x8, 0xfa00, {r2}}, 0x10) 5.257157964s ago: executing program 6 (id=4748): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081) syz_genetlink_get_family_id$smc(&(0x7f00000005c0), 0xffffffffffffffff) 5.138165239s ago: executing program 6 (id=4751): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd25, 0x4, {0x0, 0x0, 0x0, r3, {0x2, 0x1}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_ACT={0x34, 0x9, 0x0, 0x1, [@m_mirred={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x68}}, 0x2004c084) 4.393323701s ago: executing program 1 (id=4753): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$rds(0x15, 0x5, 0x0) fsopen(0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) write$UHID_CREATE2(r2, 0x0, 0x1b9) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r3, &(0x7f00000001c0)=[{0x0}], 0x1, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$PTP_PEROUT_REQUEST2(r2, 0x40383d0c, &(0x7f0000000100)={{0x7f, 0x800}, {0x7f, 0x8}, 0xe}) mkdir(0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000840), 0x6000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000580)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000e00000018000180140002006d6163766c616e310000000000000000770023ba774729d24bd4073a05450478c7be361a5d4be5b3b4140d092720c7a2fcef25a96336347944d5bbcc43eb51f78c72116c13cc9b1d2308071ce36ae61c6921802796150c9da39bc99e18fb5691c6bc8c54e6bf682b18355bd9db419ad94f1a720ace3d4310815a0425d453a23eb627e3be8b454e3d2a881ed9656d7127bfb824017008bfdff55d6d69f73186bac2"], 0x2c}}, 0x0) getsockopt$bt_hci(r4, 0x84, 0x7d, &(0x7f00000022c0)=""/4104, &(0x7f0000001080)=0x1008) ioctl$EVIOCGEFFECTS(r3, 0x80044584, 0x0) 4.066638024s ago: executing program 0 (id=4754): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@mcast2, 0x800, 0x0, 0x3, 0x1, 0x0, 0x3}, 0x20) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[], 0x28}}, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f00000005c0)="4a420dee1949415fea4ebbc47e323fa005c924a2e5fb20bf5e644e6e91410548f3e87488d465942c877687c6f3fc091e5d75aeb956f0d987e015c07fa2d965b62f552aa66ed92eb803f44f08e2c8e7a0eee17327b8a34cd9e4df3c2203d7e4c674d1a13ab2028b639eadff21ece646316a6a207f4d8729a774b93e836855bef1d8c85d5944e766ba9f23463efbb7ea0361e88112d77121abcc0563f5ca79a5c02c7fab3d421cdc0bcebcb283873038202cef6fc5757fdde45e03446dd66a2e67cc4dbd0788723d5054d38e965c846319528c3e12bc93bc8d1c", &(0x7f0000000200)=""/40}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x2000, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="540000000a0601020000000000000000020000000900020073797a310000000005000100070000002c0007800c00018008000140ffffffff0500070029000000060004404e2100000c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000340)="f20f090fc7ae4f6c0fc79bfeff648fc30f7f6e0036363e0f06f30f09d5f4d6bad104edbaf80c66b8e8df5a8666efbafc0cec", 0x32}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 3.726993255s ago: executing program 1 (id=4755): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000240)=[@mss, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x7) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 3.678755692s ago: executing program 4 (id=4756): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x30, r2, 0x5, 0x70bd2a, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_WPA_VERSIONS={0x8}]]}, 0x30}}, 0x0) 3.590441605s ago: executing program 6 (id=4757): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0xfffffffffffffffd, &(0x7f0000000100), 0x13f, 0x1}}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r3, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) sendto$netrom(r3, 0x0, 0x0, 0x0, 0x0, 0x0) 3.119185646s ago: executing program 1 (id=4758): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x44010) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x30}}, 0x0) 3.002999564s ago: executing program 4 (id=4759): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000300)={'sit0\x00', &(0x7f00000003c0)={'gre0\x00', 0x0, 0x20, 0x10, 0x7ff, 0x1, {{0x14, 0x4, 0x3, 0x5, 0x50, 0x67, 0x0, 0x3, 0x2f, 0x0, @private=0xa010101, @empty, {[@timestamp_addr={0x44, 0x3c, 0x13, 0x1, 0x5, [{@local, 0x8f500000}, {@loopback, 0x7}, {@dev={0xac, 0x14, 0x14, 0x22}, 0x3f79a5eb}, {@remote, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1ff}, {@empty, 0x9}, {@loopback, 0x200}]}]}}}}}) sendmsg$nl_route(r0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) syz_io_uring_setup(0x10d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340), 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_misc(r5, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000023c0)={0x2020}, 0xfffffe9f) 2.988620145s ago: executing program 0 (id=4760): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r3, 0x84, 0x81, &(0x7f00000002c0)="1a000000", 0x4) lsetxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="040000400000000000330000200043d97815b1b2aa8cf700b46a50aa24000000009f003cbe97fde631b81864ab5b6756"], 0x2c, 0x0) chmod(&(0x7f0000000180)='./file0\x00', 0x3b6) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, 0x0, 0x9) sendto$inet6(r3, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x8000) ioctl$SIOCPNADDRESOURCE(r0, 0x89e0, &(0x7f0000000300)) 2.250055904s ago: executing program 0 (id=4761): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a"], 0xb0) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r3, &(0x7f0000001900)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r2, &(0x7f0000000440)={0x90, 0x0, r4, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8}}}, 0x90) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@posixacl}]}}) 2.249738985s ago: executing program 6 (id=4762): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081) syz_genetlink_get_family_id$smc(&(0x7f00000005c0), 0xffffffffffffffff) 2.206443771s ago: executing program 1 (id=4763): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r0, &(0x7f0000000380)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "a05c7b5d00008023e9c5bcf5ff7700"}) r1 = syz_open_pts(r0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r2}}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000240)) 2.134684193s ago: executing program 4 (id=4764): socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @empty}, 0x1c) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0xffd8) 2.104357825s ago: executing program 6 (id=4765): madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, 0x0, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x2) write(r1, 0x0, 0x0) 2.00080913s ago: executing program 6 (id=4766): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) socket$inet6_sctp(0xa, 0x1, 0x84) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) eventfd(0x6) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd}, 0x0, &(0x7f0000000080)={0x3ff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x5}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1.833197394s ago: executing program 0 (id=4767): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd25, 0x4, {0x0, 0x0, 0x0, r3, {0x2, 0x1}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_ACT={0x34, 0x9, 0x0, 0x1, [@m_mirred={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x68}}, 0x2004c084) 1.21268374s ago: executing program 0 (id=4768): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000240)=[@mss, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x7) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 1.174535029s ago: executing program 1 (id=4769): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x30, r2, 0x5, 0x70bd2a, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_WPA_VERSIONS={0x8}]]}, 0x30}}, 0x0) 1.078868314s ago: executing program 4 (id=4770): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@mcast2, 0x800, 0x0, 0x3, 0x1, 0x0, 0x3}, 0x20) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[], 0x28}}, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f00000005c0)="4a420dee1949415fea4ebbc47e323fa005c924a2e5fb20bf5e644e6e91410548f3e87488d465942c877687c6f3fc091e5d75aeb956f0d987e015c07fa2d965b62f552aa66ed92eb803f44f08e2c8e7a0eee17327b8a34cd9e4df3c2203d7e4c674d1a13ab2028b639eadff21ece646316a6a207f4d8729a774b93e836855bef1d8c85d5944e766ba9f23463efbb7ea0361e88112d77121abcc0563f5ca79a5c02c7fab3d421cdc0bcebcb283873038202cef6fc5757fdde45e03446dd66a2e67cc4dbd0788723d5054d38e965c846319528c3e12bc93bc8d1c", &(0x7f0000000200)=""/40}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x2000, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="540000000a0601020000000000000000020000000900020073797a310000000005000100070000002c0007800c00018008000140ffffffff0500070029000000060004404e2100000c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000340)="f20f090fc7ae4f6c0fc79bfeff648fc30f7f6e0036363e0f06f30f09d5f4d6bad104edbaf80c66b8e8df5a8666efbafc0cec", 0x32}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 542.623257ms ago: executing program 1 (id=4771): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) futex(0x0, 0xa, 0x2, &(0x7f0000000040)={0x0, 0x989680}, &(0x7f0000000080)=0x2, 0x2) landlock_create_ruleset(0x0, 0x0, 0x0) close(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) dup(0xffffffffffffffff) socket$packet(0x11, 0x3, 0x300) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) 487.915385ms ago: executing program 4 (id=4772): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='loginuid\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$radio(&(0x7f0000002b40), 0x3, 0x2) pselect6(0x40, &(0x7f0000000600)={0x2, 0xfffffffffffffff8, 0x0, 0x7ffffffbfffffffe, 0xfffffffffffffffe, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x200000002, 0x8, 0x0, 0x0, 0xc3ad, 0x0, 0x40}, 0x0, 0x0) listen(r0, 0x3) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) 0s ago: executing program 0 (id=4773): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x44010) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x30}}, 0x0) kernel console output (not intermixed with test programs): an't read configurations, error -22 [ 863.576850][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 863.642493][ T934] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 863.803007][ T934] usb 5-1: no configurations [ 863.817829][ T934] usb 5-1: can't read configurations, error -22 [ 863.876513][ T934] usb usb5-port1: attempt power cycle [ 864.286857][ T934] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 864.345961][ T934] usb 5-1: no configurations [ 864.350575][ T934] usb 5-1: can't read configurations, error -22 [ 864.492356][ T934] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 864.629946][ T934] usb 5-1: no configurations [ 864.640773][ T934] usb 5-1: can't read configurations, error -22 [ 864.660748][ T934] usb usb5-port1: unable to enumerate USB device [ 865.942538][T16010] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 865.948948][T16010] Bluetooth: hci0: command 0x0406 tx timeout [ 866.801652][T17408] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3551'. [ 866.815183][T17408] batadv1: entered promiscuous mode [ 866.820440][T17408] batadv1: entered allmulticast mode [ 867.363155][ T5821] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 867.570211][ T5821] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 867.699379][ T5821] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 867.882886][ T5821] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 867.964912][ T5821] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 867.990424][ T5821] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 867.999660][ T5821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 868.171200][ T5821] usb 1-1: config 0 descriptor?? [ 868.518357][T16010] Bluetooth: hci0: unexpected event for opcode 0x2019 [ 868.601623][ T5821] plantronics 0003:047F:FFFF.0025: unknown main item tag 0x0 [ 868.611894][ T5821] plantronics 0003:047F:FFFF.0025: No inputs registered, leaving [ 868.628841][ T5821] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 868.659549][T11222] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 868.873964][ T9] usb 1-1: USB disconnect, device number 76 [ 869.024670][T11222] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 869.035009][T11222] usb 2-1: config 0 has no interfaces? [ 869.040511][T11222] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 869.049633][T11222] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 869.059115][T11222] usb 2-1: config 0 descriptor?? [ 870.252830][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.259177][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.661891][T17495] nfs4: Unknown parameter 'dev/cpu/#/msr' [ 871.798705][T15213] usb 2-1: USB disconnect, device number 91 [ 872.248081][T17505] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3582'. [ 872.384225][T17505] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3582'. [ 873.196987][T16010] Bluetooth: hci4: unexpected event for opcode 0x100c [ 874.965223][T17532] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3593'. [ 877.374235][ T29] audit: type=1400 audit(1735862096.656:724): avc: denied { getopt } for pid=17555 comm="syz.3.3601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 877.492199][T17567] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3603'. [ 877.520596][T17567] batadv1: entered promiscuous mode [ 877.525995][T17567] batadv1: entered allmulticast mode [ 877.766957][ T9] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 877.952383][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 877.961473][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 877.984064][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 877.995469][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 878.191298][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 878.312730][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 878.340613][ T9] usb 1-1: New USB device strings: Mfr=0, Product=7, SerialNumber=0 [ 878.376183][ T9] usb 1-1: Product: syz [ 878.672074][ T9] usb 1-1: usb_control_msg returned -71 [ 878.679580][ T9] usbtmc 1-1:16.0: can't read capabilities [ 878.700654][ T9] usb 1-1: USB disconnect, device number 77 [ 878.941721][T17584] kvm: kvm [17580]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x18000004008 [ 878.969021][T17584] kvm: kvm [17580]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x1b400004054 [ 878.997175][T17584] kvm: kvm [17580]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x1c0000000c1 [ 879.022625][T15213] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 879.079657][T17584] kvm: kvm [17580]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x1d7000040f0 [ 879.124768][T17584] kvm: kvm [17580]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x24c0000408c [ 879.159160][T17584] kvm: kvm [17580]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x251000040ff [ 879.180732][T17584] kvm: kvm [17580]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x26400000185 [ 879.197101][T17584] kvm: kvm [17580]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x31c000040bc [ 879.203404][T15213] usb 2-1: Using ep0 maxpacket: 8 [ 879.209332][T17584] kvm: kvm [17580]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0x35a00000196 [ 879.224199][T15213] usb 2-1: config 0 has no interfaces? [ 879.227555][T17584] kvm: kvm [17580]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x35d00004032 [ 879.806957][T15213] usb 2-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 879.816439][T15213] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 879.824540][T15213] usb 2-1: Product: syz [ 879.828723][T15213] usb 2-1: Manufacturer: syz [ 879.833572][T15213] usb 2-1: SerialNumber: syz [ 879.848584][T17584] kvm_intel: kvm [17580]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x1d9) = 0x3b900004093 [ 879.864237][T17595] xt_CT: No such helper "snmp_trap" [ 879.888592][T15213] usb 2-1: config 0 descriptor?? [ 880.242038][ T5821] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 880.310969][T17619] netlink: 256 bytes leftover after parsing attributes in process `syz.6.3624'. [ 880.434355][ T9] usb 2-1: USB disconnect, device number 92 [ 880.437935][ T5821] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 880.453107][ T5821] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 880.473889][ T5821] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 880.897363][ T9] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 881.061504][ T5821] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 881.072588][ T5821] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 881.085204][ T5821] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 881.102540][ T5821] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 881.121002][ T5821] usb 5-1: Product: syz [ 881.143975][ T5821] usb 5-1: Manufacturer: syz [ 881.210317][ T5821] cdc_wdm 5-1:1.0: skipping garbage [ 881.222632][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 881.225235][ T5821] cdc_wdm 5-1:1.0: skipping garbage [ 881.237578][ T9] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 881.249101][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 881.260998][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 881.262709][ T5821] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 881.275360][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 881.280030][ T5821] cdc_wdm 5-1:1.0: Unknown control protocol [ 881.289861][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 881.332505][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 881.344385][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 881.638910][ T9] usb 4-1: usb_control_msg returned -32 [ 881.668559][T12118] usb 5-1: USB disconnect, device number 99 [ 881.801745][ T9] usbtmc 4-1:16.0: can't read capabilities [ 882.288079][T17646] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 882.361714][T17650] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 882.377354][T17646] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 883.419107][ T5821] usb 4-1: USB disconnect, device number 69 [ 883.568010][T17664] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3640'. [ 883.608665][T17664] batadv1: entered promiscuous mode [ 883.613996][T17664] batadv1: entered allmulticast mode [ 883.621177][T11222] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 883.792429][T11222] usb 5-1: Using ep0 maxpacket: 8 [ 883.868653][T11222] usb 5-1: config 0 has no interfaces? [ 883.913498][T11222] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 883.923007][T11222] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 883.931334][T11222] usb 5-1: Product: syz [ 883.944652][T11222] usb 5-1: Manufacturer: syz [ 883.949381][T11222] usb 5-1: SerialNumber: syz [ 884.019006][T11222] usb 5-1: config 0 descriptor?? [ 884.115202][T17675] 9pnet_fd: Insufficient options for proto=fd [ 884.396659][T12118] usb 5-1: USB disconnect, device number 100 [ 885.977765][T17705] misc userio: The device must be registered before sending interrupts [ 885.987505][T17705] misc userio: The device must be registered before sending interrupts [ 889.361826][T17769] ISOFS: Unable to identify CD-ROM format. [ 889.369347][T17772] mmap: syz.4.3676 (17772) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 890.955267][T17785] xt_CT: No such helper "snmp_trap" [ 891.394504][T17788] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 891.431233][T17788] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 891.722615][T15213] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 891.896566][T15213] usb 4-1: Using ep0 maxpacket: 8 [ 891.913190][T15213] usb 4-1: too many endpoints for config 0 interface 0 altsetting 127: 255, using maximum allowed: 30 [ 891.939789][T15213] usb 4-1: config 0 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 125, changing to 10 [ 892.055165][T15213] usb 4-1: config 0 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 892.099804][T15213] usb 4-1: config 0 interface 0 has no altsetting 0 [ 892.122333][T15213] usb 4-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 892.147861][T15213] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 892.203045][T15213] usb 4-1: config 0 descriptor?? [ 892.318625][T17804] netlink: 244 bytes leftover after parsing attributes in process `syz.6.3688'. [ 893.260554][T17809] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3685'. [ 893.697239][ T9] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 893.801642][T15213] usbhid 4-1:0.0: can't add hid device: -71 [ 893.807692][T15213] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 893.818986][T15213] usb 4-1: USB disconnect, device number 70 [ 894.074206][ T9] usb 7-1: config index 0 descriptor too short (expected 3133, got 61) [ 894.082824][ T9] usb 7-1: config 0 has an invalid interface number: 156 but max is 1 [ 894.091005][ T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 894.101573][ T9] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 894.110568][ T9] usb 7-1: config 0 has no interface number 0 [ 894.652329][ T9] usb 7-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 894.662607][ T9] usb 7-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 894.673688][ T9] usb 7-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 894.683618][ T9] usb 7-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 894.696830][ T9] usb 7-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 894.706046][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 894.759437][ T9] usb 7-1: config 0 descriptor?? [ 894.825013][ T9] gspca_main: spca561-2.14.0 probing abcd:cdee [ 895.921024][T17840] xt_CT: No such helper "snmp_trap" [ 895.979605][ T9] spca561 7-1:0.156: probe with driver spca561 failed with error -22 [ 895.988669][ T9] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 895.996087][ T9] usb 7-1: MIDIStreaming interface descriptor not found [ 896.239622][T17850] overlayfs: missing 'lowerdir' [ 896.693418][ T9] usb 7-1: USB disconnect, device number 13 [ 898.338484][T17879] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 898.938523][T12118] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 899.002716][ T5821] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 899.122440][T12118] usb 5-1: Using ep0 maxpacket: 32 [ 899.129473][T12118] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 899.138028][T12118] usb 5-1: config 0 has no interface number 0 [ 899.150684][T12118] usb 5-1: config 0 interface 184 has no altsetting 0 [ 899.159801][T12118] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 899.171165][T12118] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 899.203129][T16827] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 899.211133][T12118] usb 5-1: Product: syz [ 899.224272][T12118] usb 5-1: Manufacturer: syz [ 899.228973][T12118] usb 5-1: SerialNumber: syz [ 899.232341][ T5821] usb 7-1: Using ep0 maxpacket: 8 [ 899.245219][ T5821] usb 7-1: too many endpoints for config 0 interface 0 altsetting 127: 255, using maximum allowed: 30 [ 899.254836][T12118] usb 5-1: config 0 descriptor?? [ 899.256410][ T5821] usb 7-1: config 0 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 125, changing to 10 [ 899.283083][T12118] smsc75xx v1.0.0 [ 899.305247][ T5821] usb 7-1: config 0 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 899.362433][ T5821] usb 7-1: config 0 interface 0 has no altsetting 0 [ 899.373594][ T5821] usb 7-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 899.402696][ T5821] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 899.410862][T16827] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 899.444167][T16827] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 899.464440][ T5821] usb 7-1: config 0 descriptor?? [ 899.481855][T16827] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 899.502314][T16827] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 899.510388][T16827] usb 4-1: SerialNumber: syz [ 899.770694][T17902] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3709'. [ 900.056019][T12118] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 900.782644][T16827] usb 4-1: 0:2 : does not exist [ 900.788381][T16827] usb 4-1: unit 5 not found! [ 900.788394][T12118] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 900.975730][T12118] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 900.979897][ T5821] usbhid 7-1:0.0: can't add hid device: -71 [ 900.992436][T12118] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 901.000376][ T5821] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 901.012560][T12118] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 901.032321][T16827] usb 4-1: USB disconnect, device number 71 [ 901.075485][T12118] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -61 [ 901.089727][ T5821] usb 7-1: USB disconnect, device number 14 [ 901.146983][T11222] usb 5-1: USB disconnect, device number 101 [ 902.160142][T16635] udevd[16635]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 902.267409][T17931] erspan1: entered promiscuous mode [ 903.976556][T16827] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 904.324614][T16827] usb 1-1: Using ep0 maxpacket: 32 [ 904.341859][T16827] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 904.441866][T16827] usb 1-1: config 0 has no interface number 0 [ 904.532615][T16827] usb 1-1: config 0 interface 184 has no altsetting 0 [ 904.545704][T17988] overlayfs: failed to resolve './file1': -2 [ 904.549246][T16827] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 904.593545][T16827] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 904.602185][T16827] usb 1-1: Product: syz [ 904.606827][T16827] usb 1-1: Manufacturer: syz [ 904.611453][T16827] usb 1-1: SerialNumber: syz [ 904.624883][T16827] usb 1-1: config 0 descriptor?? [ 904.646999][T16827] smsc75xx v1.0.0 [ 905.285912][T18006] netlink: 'syz.3.3733': attribute type 1 has an invalid length. [ 905.293885][T18006] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3733'. [ 905.669713][T16827] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 905.680674][T16827] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 905.999371][T18011] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 906.006797][T16827] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 906.019616][T16827] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 906.037609][T16827] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 906.048817][T16827] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -61 [ 907.091202][T18048] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3745'. [ 907.100235][T18050] overlayfs: failed to resolve './file1': -2 [ 907.438794][ T29] audit: type=1400 audit(1735862126.766:725): avc: denied { getopt } for pid=18053 comm="syz.4.3749" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 907.489019][ T9] usb 1-1: USB disconnect, device number 78 [ 908.619488][T18080] misc userio: Invalid payload size [ 908.625655][T18080] misc userio: No port type given on /dev/userio [ 908.780949][T18080] misc userio: The device must be registered before sending interrupts [ 909.015505][T18086] misc userio: The device must be registered before sending interrupts [ 909.099454][T18085] overlayfs: missing 'workdir' [ 909.656581][T18102] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 909.664053][ T29] audit: type=1400 audit(1735862128.986:726): avc: denied { setopt } for pid=18097 comm="syz.3.3764" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 909.685319][T18102] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 909.832619][T15213] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 910.113739][T15213] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 910.123061][T15213] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 910.139170][T15213] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 910.153016][T15213] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 910.170232][T15213] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 910.183039][T15213] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 910.192392][T15213] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 910.200433][T15213] usb 2-1: Product: syz [ 910.204654][T15213] usb 2-1: Manufacturer: syz [ 910.213170][T15213] cdc_wdm 2-1:1.0: skipping garbage [ 910.218817][T15213] cdc_wdm 2-1:1.0: skipping garbage [ 910.228988][T15213] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 910.235078][T15213] cdc_wdm 2-1:1.0: Unknown control protocol [ 910.524128][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 910.524144][ T5821] usb 2-1: USB disconnect, device number 93 [ 910.536878][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 910.542963][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 910.959354][T18127] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3772'. [ 911.835025][T18132] misc userio: Invalid payload size [ 911.854617][T18132] misc userio: No port type given on /dev/userio [ 911.866439][ T29] audit: type=1400 audit(1735862131.196:727): avc: denied { connect } for pid=18135 comm="syz.4.3776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 911.900366][T18132] misc userio: The device must be registered before sending interrupts [ 911.920943][T18132] misc userio: The device must be registered before sending interrupts [ 912.717149][T18145] xt_CT: No such helper "snmp_trap" [ 912.857207][T18150] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3779'. [ 912.866574][T18150] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3779'. [ 915.401718][T18179] misc userio: Invalid payload size [ 915.407528][T18179] misc userio: No port type given on /dev/userio [ 915.414234][T18179] misc userio: The device must be registered before sending interrupts [ 915.422780][T18179] misc userio: The device must be registered before sending interrupts [ 915.612933][T18184] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input72 [ 916.101350][T18195] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3797'. [ 916.114281][T18195] batadv1: entered promiscuous mode [ 916.119572][T18195] batadv1: entered allmulticast mode [ 917.112973][ T5821] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 917.292810][ T5821] usb 2-1: Using ep0 maxpacket: 16 [ 917.410671][ T5821] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 917.420465][ T5821] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 917.447194][ T5821] usb 2-1: Product: syz [ 917.471900][ T5821] usb 2-1: Manufacturer: syz [ 917.489094][ T5821] usb 2-1: SerialNumber: syz [ 917.511844][ T5821] r8152-cfgselector 2-1: Unknown version 0x0000 [ 917.528182][ T5821] r8152-cfgselector 2-1: config 0 descriptor?? [ 918.354669][T18224] xt_CT: No such helper "snmp_trap" [ 919.883910][T18215] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3802'. [ 919.899525][T18228] ISOFS: Unable to identify CD-ROM format. [ 919.920138][T11222] r8152-cfgselector 2-1: USB disconnect, device number 94 [ 919.931155][T18215] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3802'. [ 922.342307][T18266] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3814'. [ 922.376016][T18266] batadv1: entered promiscuous mode [ 922.376108][T18266] batadv1: entered allmulticast mode [ 922.703700][T18269] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3817'. [ 924.426841][T18282] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3820'. [ 924.471896][T18282] netlink: 830 bytes leftover after parsing attributes in process `syz.0.3820'. [ 925.033038][T11222] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 925.035203][T18291] ISOFS: Unable to identify CD-ROM format. [ 925.052967][ T5865] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 925.255801][ T5865] usb 7-1: Using ep0 maxpacket: 16 [ 925.287605][ T5865] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 925.308640][ T5865] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 925.357335][T11222] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 925.375048][T11222] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 925.512441][ T5865] usb 7-1: Product: syz [ 925.516654][ T5865] usb 7-1: Manufacturer: syz [ 925.521291][ T5865] usb 7-1: SerialNumber: syz [ 925.530605][T11222] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 925.546208][T11222] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 925.565799][ T5865] r8152-cfgselector 7-1: Unknown version 0x0000 [ 925.572221][T11222] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 925.581307][T11222] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 925.602364][ T5865] r8152-cfgselector 7-1: config 0 descriptor?? [ 925.622391][T11222] usb 5-1: Manufacturer: syz [ 925.658727][T11222] usb 5-1: config 0 descriptor?? [ 925.742073][T18292] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 926.369321][T11222] usbhid 5-1:0.0: can't add hid device: -71 [ 926.381937][T11222] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 926.511196][T18310] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3830'. [ 926.539417][T18310] batadv1: entered promiscuous mode [ 926.544853][T18310] batadv1: entered allmulticast mode [ 926.723506][T11222] usb 5-1: USB disconnect, device number 102 [ 927.156734][ T5821] r8152-cfgselector 7-1: USB disconnect, device number 15 [ 928.248526][ T54] Bluetooth: hci5: Frame reassembly failed (-84) [ 930.307646][ T5128] Bluetooth: hci5: command 0x1003 tx timeout [ 930.322345][T16010] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 931.615668][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.927094][T18404] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3861'. [ 932.967428][T18404] netlink: 830 bytes leftover after parsing attributes in process `syz.3.3861'. [ 934.164519][T18424] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3869'. [ 935.371166][T18439] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3875'. [ 935.403024][T18439] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3875'. [ 936.298587][T18456] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 937.169114][ T29] audit: type=1400 audit(1735862156.496:728): avc: denied { write } for pid=18462 comm="syz.6.3883" name="task" dev="proc" ino=67643 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 937.229364][ T29] audit: type=1400 audit(1735862156.536:729): avc: denied { add_name } for pid=18462 comm="syz.6.3883" name="cpu.stat" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 937.289125][ T29] audit: type=1400 audit(1735862156.536:730): avc: denied { create } for pid=18462 comm="syz.6.3883" name="cpu.stat" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1 [ 937.309414][ C1] vkms_vblank_simulate: vblank timer overrun [ 937.402650][ T5865] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 937.619534][ T5865] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 937.626803][ T29] audit: type=1400 audit(1735862156.536:731): avc: denied { associate } for pid=18462 comm="syz.6.3883" name="cpu.stat" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 937.642322][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 937.686618][ T5865] usb 2-1: config 0 descriptor?? [ 937.710113][ T5865] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 937.718047][ T29] audit: type=1400 audit(1735862156.536:732): avc: denied { write } for pid=18462 comm="syz.6.3883" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 937.741053][ C1] vkms_vblank_simulate: vblank timer overrun [ 938.130674][ T5865] cpia1 2-1:0.0: unexpected state after lo power cmd: 00 [ 938.399722][ T5865] gspca_cpia1: usb_control_msg 01, error -32 [ 938.460272][T18491] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 938.756298][ T5865] gspca_cpia1: usb_control_msg 02, error -71 [ 938.768196][ T5865] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 938.934150][ T5865] usb 2-1: USB disconnect, device number 95 [ 940.960217][T18503] xt_CT: No such helper "snmp_trap" [ 941.990914][T18521] xt_CT: No such helper "snmp_trap" [ 942.714231][T18529] bridge0: port 3(erspan0) entered blocking state [ 942.721836][T18529] bridge0: port 3(erspan0) entered disabled state [ 942.731168][T18529] erspan0: entered allmulticast mode [ 942.764016][T18529] erspan0: entered promiscuous mode [ 942.813784][T18529] bridge0: port 3(erspan0) entered blocking state [ 942.820288][T18529] bridge0: port 3(erspan0) entered forwarding state [ 944.142676][T11222] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 944.185788][T18554] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 944.320200][T11222] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 944.361687][T11222] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 944.511796][T11222] usb 4-1: config 0 descriptor?? [ 944.549231][T11222] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 944.812724][T15213] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 944.962390][T15213] usb 5-1: Using ep0 maxpacket: 8 [ 945.061168][T11222] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 945.063553][T15213] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 945.102533][T15213] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 945.130491][T15213] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 945.161243][T15213] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 945.187214][T18559] xt_CT: No such helper "snmp_trap" [ 945.195428][T11222] gspca_cpia1: usb_control_msg 01, error -32 [ 945.200098][T15213] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 945.228052][T15213] usb 5-1: New USB device strings: Mfr=0, Product=7, SerialNumber=0 [ 945.247871][T15213] usb 5-1: Product: syz [ 945.413814][T11222] gspca_cpia1: usb_control_msg 02, error -71 [ 945.421118][T11222] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0) [ 945.462357][T11222] usb 4-1: USB disconnect, device number 72 [ 945.468574][T15213] usb 5-1: GET_CAPABILITIES returned 0 [ 945.482445][T15213] usbtmc 5-1:16.0: can't read capabilities [ 945.893440][T15213] usb 5-1: USB disconnect, device number 103 [ 947.025832][T18589] netlink: 830 bytes leftover after parsing attributes in process `syz.4.3924'. [ 948.871842][T18625] ax25_connect(): syz.3.3931 uses autobind, please contact jreuter@yaina.de [ 950.192533][T12118] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 950.534024][T18641] xt_CT: No such helper "snmp_trap" [ 950.995578][T18648] netlink: 830 bytes leftover after parsing attributes in process `syz.0.3937'. [ 951.257953][T12118] usb 4-1: config index 0 descriptor too short (expected 3133, got 61) [ 951.268562][T12118] usb 4-1: config 0 has an invalid interface number: 156 but max is 1 [ 951.287141][T12118] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 951.308173][T12118] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 951.318060][T12118] usb 4-1: config 0 has no interface number 0 [ 951.324327][T12118] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 951.334384][T12118] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 951.345685][T12118] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 951.355813][T12118] usb 4-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 951.369053][T12118] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 951.378413][T12118] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 951.498930][T12118] usb 4-1: config 0 descriptor?? [ 951.702790][T12118] gspca_main: spca561-2.14.0 probing abcd:cdee [ 951.903951][T12118] spca561 4-1:0.156: probe with driver spca561 failed with error -22 [ 951.912844][T12118] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 952.531617][T12118] usb 4-1: MIDIStreaming interface descriptor not found [ 952.558655][T12118] usb 4-1: USB disconnect, device number 73 [ 953.613107][T18683] xt_CT: No such helper "snmp_trap" [ 954.139201][T18696] netlink: 830 bytes leftover after parsing attributes in process `syz.4.3952'. [ 954.491798][T18697] input: syz0 as /devices/virtual/input/input73 [ 955.952483][ T5865] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 956.144139][ T5865] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 956.152883][ T5865] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 956.192843][ T5865] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 956.236417][ T5865] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 956.486821][ T5865] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 956.556259][ T5865] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 956.596056][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 956.686354][ T5865] usb 5-1: Product: syz [ 956.700999][ T5865] usb 5-1: Manufacturer: syz [ 956.733195][ T5865] cdc_wdm 5-1:1.0: skipping garbage [ 956.738410][ T5865] cdc_wdm 5-1:1.0: skipping garbage [ 956.755930][T18732] ISOFS: Unable to identify CD-ROM format. [ 957.475783][ T5865] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 957.482981][ T5865] cdc_wdm 5-1:1.0: Unknown control protocol [ 957.769529][T18743] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 957.777039][ T5865] usb 5-1: USB disconnect, device number 104 [ 959.937004][T18768] ISOFS: Unable to identify CD-ROM format. [ 961.672425][ T5868] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 961.869843][ T5868] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 961.886063][ T5868] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 961.931768][ T5868] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 961.994807][ T5868] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 962.195425][ T5868] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 962.208423][ T5868] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 962.218194][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 962.227329][ T5868] usb 4-1: Product: syz [ 962.234414][ T5868] usb 4-1: Manufacturer: syz [ 962.441532][ T5868] cdc_wdm 4-1:1.0: skipping garbage [ 962.498604][ T5868] cdc_wdm 4-1:1.0: skipping garbage [ 962.727244][ T5868] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 962.769796][ T5868] cdc_wdm 4-1:1.0: Unknown control protocol [ 962.804774][ T5868] usb 4-1: USB disconnect, device number 74 [ 962.989881][T18812] netlink: 830 bytes leftover after parsing attributes in process `syz.4.3985'. [ 965.264389][T12118] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 965.433995][T12118] usb 2-1: Using ep0 maxpacket: 8 [ 965.516792][T12118] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 965.535405][T12118] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 965.588187][T12118] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 965.768704][T12118] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 965.778758][T12118] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 965.791859][T12118] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 965.801005][T12118] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 967.540538][T12118] usb 2-1: usb_control_msg returned -32 [ 967.546407][T12118] usbtmc 2-1:16.0: can't read capabilities [ 968.188190][T12118] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 968.364045][T12118] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 968.379601][T12118] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 968.400846][T12118] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 968.415967][T12118] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 968.469524][T12118] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 969.424895][T12118] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 969.434077][T12118] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 969.442083][T12118] usb 4-1: Product: syz [ 969.453096][ T9] usb 2-1: USB disconnect, device number 96 [ 969.471726][ T5128] Bluetooth: hci3: link tx timeout [ 969.477491][ T5128] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 969.588046][T12118] usb 4-1: Manufacturer: syz [ 969.648313][T12118] cdc_wdm 4-1:1.0: skipping garbage [ 969.653877][T12118] cdc_wdm 4-1:1.0: skipping garbage [ 971.100347][T12118] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 971.112312][T12118] cdc_wdm 4-1:1.0: Unknown control protocol [ 971.469663][T16010] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 971.532405][T16010] Bluetooth: hci0: command 0x0406 tx timeout [ 971.622842][T16010] Bluetooth: hci3: command 0x0405 tx timeout [ 972.093141][T12118] usb 4-1: USB disconnect, device number 75 [ 973.114499][ T5868] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 973.282535][ T5868] usb 1-1: Using ep0 maxpacket: 8 [ 973.289371][ T5868] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 973.298259][ T5868] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 973.319124][ T5868] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 973.330383][ T5868] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 973.341253][ T5868] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 973.392415][ T5868] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 973.411856][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 973.420156][T11222] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 973.551970][T18920] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4019'. [ 973.612409][T18930] fuse: Bad value for 'fd' [ 973.623617][T18920] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4019'. [ 974.139283][ T5868] usb 1-1: usb_control_msg returned -32 [ 974.145057][ T5868] usbtmc 1-1:16.0: can't read capabilities [ 974.182990][T11222] usb 7-1: Using ep0 maxpacket: 8 [ 974.258702][T11222] usb 7-1: too many endpoints for config 0 interface 0 altsetting 127: 255, using maximum allowed: 30 [ 974.270013][T11222] usb 7-1: config 0 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 125, changing to 10 [ 974.281732][T11222] usb 7-1: config 0 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 974.295092][T11222] usb 7-1: config 0 interface 0 has no altsetting 0 [ 974.301768][T11222] usb 7-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 974.311415][T11222] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 974.506158][T11222] usb 7-1: config 0 descriptor?? [ 975.018657][T18944] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4020'. [ 975.292435][T16010] Bluetooth: hci3: command 0x0405 tx timeout [ 975.331596][T11222] usbhid 7-1:0.0: can't add hid device: -71 [ 975.337663][T11222] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 975.397638][T11222] usb 7-1: USB disconnect, device number 16 [ 975.531088][T12118] usb 1-1: USB disconnect, device number 79 [ 976.649059][T18971] fuse: Bad value for 'fd' [ 978.525072][T12118] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 979.069755][T18981] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4039'. [ 979.080884][T12118] usb 1-1: Using ep0 maxpacket: 8 [ 979.086514][T18981] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4039'. [ 979.087882][T12118] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 979.112918][ T9] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 979.692644][T12118] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 979.717346][T12118] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 979.736267][T12118] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 979.746416][T12118] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 979.760411][T12118] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 979.769653][T12118] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 979.895912][ T9] usb 2-1: config index 0 descriptor too short (expected 3133, got 61) [ 979.909628][ T9] usb 2-1: config 0 has an invalid interface number: 156 but max is 1 [ 979.920239][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 979.930573][ T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 979.941403][ T9] usb 2-1: config 0 has no interface number 0 [ 979.947891][ T9] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 980.218471][ T9] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 980.231003][ T9] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 980.241182][ T9] usb 2-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 980.255783][ T9] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 980.264968][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 980.275847][T12118] usb 1-1: usb_control_msg returned -32 [ 980.281549][T12118] usbtmc 1-1:16.0: can't read capabilities [ 980.289378][ T9] usb 2-1: config 0 descriptor?? [ 980.313463][T12118] usb 1-1: USB disconnect, device number 80 [ 980.904918][ T9] gspca_main: spca561-2.14.0 probing abcd:cdee [ 981.309165][ T9] spca561 2-1:0.156: probe with driver spca561 failed with error -22 [ 981.318680][ T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 981.366146][ T9] usb 2-1: MIDIStreaming interface descriptor not found [ 981.422827][ T9] usb 2-1: USB disconnect, device number 97 [ 981.690673][T18675] udevd[18675]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.156/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 981.752382][T11222] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 981.922766][T11222] usb 1-1: Using ep0 maxpacket: 8 [ 981.936061][T11222] usb 1-1: config 0 has no interfaces? [ 982.299730][T19035] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 982.341313][T11222] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 982.371421][T11222] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 982.395582][T11222] usb 1-1: Product: syz [ 982.406216][T11222] usb 1-1: Manufacturer: syz [ 982.425936][T11222] usb 1-1: SerialNumber: syz [ 982.458013][T11222] usb 1-1: config 0 descriptor?? [ 983.659362][T19049] xt_CT: No such helper "snmp_trap" [ 983.718735][T16010] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 983.730586][T16010] Bluetooth: hci0: command 0x0406 tx timeout [ 984.154105][T19061] netlink: 'syz.1.4059': attribute type 1 has an invalid length. [ 984.162656][T19061] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4059'. [ 985.134042][T12118] usb 1-1: USB disconnect, device number 81 [ 985.179662][T19068] netlink: 3 bytes leftover after parsing attributes in process `syz.1.4063'. [ 985.193382][T19068] batadv1: entered promiscuous mode [ 985.198670][T19068] batadv1: entered allmulticast mode [ 985.585337][T19077] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 986.717997][T19093] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 987.612355][T16010] Bluetooth: hci0: command 0x0406 tx timeout [ 987.618451][ T5830] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 988.504117][ T5865] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 989.132530][T19124] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 989.367501][T19121] tty tty1: ldisc open failed (-12), clearing slot 0 [ 990.341674][ T5865] usb 4-1: Using ep0 maxpacket: 16 [ 990.356334][ T5865] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 990.479163][ T5865] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 990.506255][ T5830] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 990.526390][ T5865] usb 4-1: Product: syz [ 990.541139][ T5865] usb 4-1: Manufacturer: syz [ 990.626539][ T5865] usb 4-1: SerialNumber: syz [ 990.649859][ T5865] r8152-cfgselector 4-1: Unknown version 0x0000 [ 990.660758][ T5865] r8152-cfgselector 4-1: config 0 descriptor?? [ 990.718939][ T5865] r8152-cfgselector 4-1: can't set config #0, error -71 [ 990.740392][ T5865] r8152-cfgselector 4-1: USB disconnect, device number 76 [ 991.112496][ T9] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 991.282553][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 991.303201][ T9] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 991.314416][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 991.359623][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 991.372728][ T5830] Bluetooth: hci0: command 0x0406 tx timeout [ 991.432645][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 991.443302][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 991.458429][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 991.467923][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 991.750397][ T9] usb 1-1: usb_control_msg returned -32 [ 991.778369][ T9] usbtmc 1-1:16.0: can't read capabilities [ 991.863168][ T9] usb 1-1: USB disconnect, device number 82 [ 992.451772][T19164] overlayfs: failed to resolve './file1': -2 [ 992.474975][T19166] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 993.168244][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.988409][ T5865] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 994.232310][T11222] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 994.295246][ T5865] usb 1-1: device descriptor read/64, error -71 [ 994.425321][T11222] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 994.440426][T11222] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 994.468480][T11222] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 994.478769][T11222] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 994.497559][T11222] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 994.516080][T11222] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 994.572566][ T5865] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 994.595496][T11222] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 994.618687][T11222] usb 2-1: Product: syz [ 994.628186][T11222] usb 2-1: Manufacturer: syz [ 994.838283][T11222] cdc_wdm 2-1:1.0: skipping garbage [ 994.843601][T11222] cdc_wdm 2-1:1.0: skipping garbage [ 994.856569][T11222] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 994.862769][T11222] cdc_wdm 2-1:1.0: Unknown control protocol [ 995.042595][ T5865] usb 1-1: device descriptor read/64, error -71 [ 995.164497][ T5865] usb usb1-port1: attempt power cycle [ 995.303516][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 995.303873][ T9] usb 2-1: USB disconnect, device number 98 [ 995.310154][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 995.310184][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 995.539792][ T5865] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 995.593471][ T5865] usb 1-1: device descriptor read/8, error -71 [ 995.842562][ T5865] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 995.867470][ T5865] usb 1-1: device descriptor read/8, error -71 [ 995.992477][ T5865] usb usb1-port1: unable to enumerate USB device [ 996.574026][ T934] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 996.584795][ T9] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 996.742410][ T9] usb 7-1: Using ep0 maxpacket: 16 [ 996.753499][ T934] usb 2-1: Using ep0 maxpacket: 8 [ 996.761942][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 996.785324][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 996.803825][ T9] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 996.826034][ T934] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 996.836458][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 996.848557][ T934] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 996.865242][ T9] usb 7-1: config 0 descriptor?? [ 996.909848][ T934] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 996.928532][ T934] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 996.952892][ T934] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 996.962152][ T934] usb 2-1: Product: syz [ 996.968027][ T934] usb 2-1: Manufacturer: syz [ 996.974522][ T934] usb 2-1: SerialNumber: syz [ 997.393659][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.401024][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.408577][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.415910][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.423224][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.430507][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.437910][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.445319][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.452868][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.460138][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.467541][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.475213][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.483009][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.490240][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.497556][ T9] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 997.505343][ T9] microsoft 0003:045E:07DA.0026: No inputs registered, leaving [ 997.515094][ T9] microsoft 0003:045E:07DA.0026: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0 [ 997.526538][ T9] microsoft 0003:045E:07DA.0026: no inputs found [ 997.533108][ T9] microsoft 0003:045E:07DA.0026: could not initialize ff, continuing anyway [ 997.672492][ T5865] usb 1-1: new high-speed USB device number 87 using dummy_hcd [ 997.784031][ T934] usb 2-1: 0:2 : does not exist [ 997.813700][ T934] usb 2-1: USB disconnect, device number 99 [ 997.843639][ T5865] usb 1-1: Using ep0 maxpacket: 32 [ 997.855750][ T5865] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 997.868764][ T5865] usb 1-1: config 0 has no interface number 0 [ 997.875820][ T5865] usb 1-1: config 0 interface 184 has no altsetting 0 [ 997.891184][ T5865] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 997.900787][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 997.909037][ T5865] usb 1-1: Product: syz [ 997.913535][ T5865] usb 1-1: Manufacturer: syz [ 997.918145][ T5865] usb 1-1: SerialNumber: syz [ 997.925504][ T5865] usb 1-1: config 0 descriptor?? [ 997.933069][ T5865] smsc75xx v1.0.0 [ 998.115891][T18188] udevd[18188]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 998.147095][T19243] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4117'. [ 998.913010][ T5865] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 998.932477][ T5865] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 999.566070][ T5865] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 999.686162][ T5865] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 1000.009679][ T9] usb 7-1: USB disconnect, device number 17 [ 1000.032430][ T5865] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 1000.073312][ T5865] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -61 [ 1000.185610][ T29] audit: type=1400 audit(1735862219.506:733): avc: denied { ioctl } for pid=19246 comm="syz.3.4120" path="socket:[70942]" dev="sockfs" ino=70942 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 1000.922992][ T934] usb 1-1: USB disconnect, device number 87 [ 1001.571010][T19291] netlink: 68 bytes leftover after parsing attributes in process `syz.6.4131'. [ 1002.111201][ T5865] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 1002.263632][ T5865] usb 5-1: Using ep0 maxpacket: 8 [ 1002.272120][ T5865] usb 5-1: config 0 has no interfaces? [ 1002.279749][ T5865] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 1002.296308][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1002.325205][ T5865] usb 5-1: Product: syz [ 1002.331315][ T5865] usb 5-1: Manufacturer: syz [ 1002.371395][ T5865] usb 5-1: SerialNumber: syz [ 1002.561081][ T5865] usb 5-1: config 0 descriptor?? [ 1002.793923][T11976] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 1003.072458][T11976] usb 1-1: Using ep0 maxpacket: 16 [ 1003.085601][T11976] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1003.126852][T11976] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1003.179249][T11976] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1003.189830][T11976] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1003.213124][T11976] usb 1-1: config 0 descriptor?? [ 1003.303492][ T5865] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 1003.481001][ T5865] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1003.483732][ T934] usb 5-1: USB disconnect, device number 105 [ 1003.553376][ T5865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1003.622585][ T5865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1003.651632][ T5865] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1003.791140][ T5865] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1003.840821][ T5865] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1003.868552][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1003.884136][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1003.892055][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1003.903151][ T5865] usb 2-1: Manufacturer: syz [ 1003.916946][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1003.943194][ T5865] usb 2-1: config 0 descriptor?? [ 1003.958915][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1004.012790][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1004.020130][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1004.027687][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1004.035318][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1004.042883][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1004.050149][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1004.058104][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1004.065910][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1004.073794][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1004.081153][T11976] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1004.092770][T11976] microsoft 0003:045E:07DA.0027: No inputs registered, leaving [ 1004.144837][T11976] microsoft 0003:045E:07DA.0027: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 1004.156712][T11976] microsoft 0003:045E:07DA.0027: no inputs found [ 1004.163841][T11976] microsoft 0003:045E:07DA.0027: could not initialize ff, continuing anyway [ 1004.515156][ T5865] appleir 0003:05AC:8243.0028: unknown main item tag 0x0 [ 1004.538909][ T5865] appleir 0003:05AC:8243.0028: No inputs registered, leaving [ 1004.754118][ T5865] appleir 0003:05AC:8243.0028: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 1004.966790][ T5865] usb 2-1: USB disconnect, device number 100 [ 1005.312070][T11976] usb 1-1: USB disconnect, device number 88 [ 1005.933303][ T5868] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 1006.541534][ T5868] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1006.556692][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1006.599145][ T5868] usb 4-1: Product: syz [ 1006.684686][ T5868] usb 4-1: Manufacturer: syz [ 1006.738160][ T5868] usb 4-1: SerialNumber: syz [ 1006.864334][ T5868] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1006.879721][ T5868] r8152-cfgselector 4-1: config 0 descriptor?? [ 1007.496604][ T9] usb 1-1: new high-speed USB device number 89 using dummy_hcd [ 1007.565280][ T5868] r8152-cfgselector 4-1: USB disconnect, device number 77 [ 1007.789019][T19366] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4155'. [ 1007.943690][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1007.963107][ T9] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1007.976728][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1007.986302][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1008.043736][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1008.117285][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1008.162315][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1008.170620][ T9] usb 1-1: Product: syz [ 1008.182310][ T9] usb 1-1: Manufacturer: syz [ 1008.197271][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 1008.224949][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 1008.243027][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 1008.251492][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [ 1008.420469][ T9] usb 1-1: USB disconnect, device number 89 [ 1009.092590][ T934] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 1009.289958][ T934] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1009.310514][ T934] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1009.329257][ T934] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1009.341116][ T934] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1009.361197][ T934] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1009.370574][ T934] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1009.391330][ T934] usb 7-1: config 0 descriptor?? [ 1009.512389][T11976] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1009.843592][T11976] usb 2-1: Using ep0 maxpacket: 16 [ 1010.304560][ T934] plantronics 0003:047F:FFFF.0029: unknown main item tag 0x0 [ 1010.312751][ T934] plantronics 0003:047F:FFFF.0029: No inputs registered, leaving [ 1010.326893][ T934] plantronics 0003:047F:FFFF.0029: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 1010.401957][ T934] usb 7-1: USB disconnect, device number 18 [ 1010.669251][T11976] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1010.679052][T11976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1010.692475][T11976] usb 2-1: Product: syz [ 1010.696719][T11976] usb 2-1: Manufacturer: syz [ 1010.701429][T11976] usb 2-1: SerialNumber: syz [ 1011.154439][T11976] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1011.235812][T11976] r8152-cfgselector 2-1: config 0 descriptor?? [ 1011.644092][T19422] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4172'. [ 1012.192951][T11976] r8152-cfgselector 2-1: USB disconnect, device number 101 [ 1013.270028][T19443] netlink: 3 bytes leftover after parsing attributes in process `syz.6.4177'. [ 1013.789582][T19436] xt_CT: No such helper "snmp_trap" [ 1014.092450][ T9] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 1014.106260][T19443] batadv1: entered promiscuous mode [ 1014.111509][T19443] batadv1: entered allmulticast mode [ 1014.257901][ T9] usb 4-1: config index 0 descriptor too short (expected 3133, got 61) [ 1014.277341][ T9] usb 4-1: config 0 has an invalid interface number: 156 but max is 1 [ 1014.287338][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1014.300011][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1014.311733][ T9] usb 4-1: config 0 has no interface number 0 [ 1014.318260][ T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1014.328702][ T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1014.340647][ T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1014.350755][ T9] usb 4-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1014.364235][ T9] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 1014.374001][ T934] usb 1-1: new high-speed USB device number 90 using dummy_hcd [ 1014.381666][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1014.393649][ T9] usb 4-1: config 0 descriptor?? [ 1014.404999][ T9] gspca_main: spca561-2.14.0 probing abcd:cdee [ 1014.418408][T19457] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 1014.545236][ T934] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1014.557157][ T934] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1014.581464][ T934] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1014.596604][ T934] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1014.617805][ T934] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1014.627444][ T934] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1014.642842][ T934] usb 1-1: config 0 descriptor?? [ 1014.914010][ T9] spca561 4-1:0.156: probe with driver spca561 failed with error -22 [ 1014.923100][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1014.930180][ T9] usb 4-1: MIDIStreaming interface descriptor not found [ 1015.063302][ T934] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 1015.114306][ T934] plantronics 0003:047F:FFFF.002A: No inputs registered, leaving [ 1015.141158][ T934] plantronics 0003:047F:FFFF.002A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1015.444815][ T5868] usb 1-1: USB disconnect, device number 90 [ 1016.323872][T19484] bridge0: port 3(erspan0) entered blocking state [ 1016.330872][T19484] bridge0: port 3(erspan0) entered disabled state [ 1016.340059][T19484] erspan0: entered allmulticast mode [ 1016.444821][T19484] erspan0: entered promiscuous mode [ 1016.457845][T19484] bridge0: port 3(erspan0) entered blocking state [ 1016.464634][T19484] bridge0: port 3(erspan0) entered forwarding state [ 1016.534743][ T5868] usb 4-1: USB disconnect, device number 78 [ 1017.584816][T19502] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 1019.266774][T12118] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 1019.473931][T12118] usb 5-1: Using ep0 maxpacket: 16 [ 1019.531704][T12118] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1019.550715][T12118] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1019.560629][T12118] usb 5-1: Product: syz [ 1019.571199][T12118] usb 5-1: Manufacturer: syz [ 1019.578220][T12118] usb 5-1: SerialNumber: syz [ 1019.605824][T12118] r8152-cfgselector 5-1: Unknown version 0x0000 [ 1019.614029][T12118] r8152-cfgselector 5-1: config 0 descriptor?? [ 1019.782414][ T29] audit: type=1400 audit(1735862239.066:734): avc: denied { ioctl } for pid=19541 comm="syz.3.4209" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x89f8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1019.806947][ C0] vkms_vblank_simulate: vblank timer overrun [ 1020.139684][T12118] r8152-cfgselector 5-1: Unknown version 0x0000 [ 1020.622090][T12118] r8152-cfgselector 5-1: bad CDC descriptors [ 1021.216923][T12118] r8152-cfgselector 5-1: USB disconnect, device number 106 [ 1021.237351][T19561] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 1023.882463][T11222] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 1024.442348][T11222] usb 4-1: Using ep0 maxpacket: 8 [ 1024.452717][T11222] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1024.473451][T19624] netlink: 'syz.4.4225': attribute type 1 has an invalid length. [ 1024.481274][T19624] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4225'. [ 1024.568665][T11222] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1025.018801][T11222] usb 4-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00 [ 1025.038736][T11222] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1025.048974][T19629] netlink: 830 bytes leftover after parsing attributes in process `syz.6.4226'. [ 1025.094572][T11222] usb 4-1: config 0 descriptor?? [ 1026.169691][T11222] usbhid 4-1:0.0: can't add hid device: -71 [ 1026.189974][T11222] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1026.210442][T11222] usb 4-1: USB disconnect, device number 79 [ 1026.260628][T19641] binder: 19632:19641 ioctl c0306201 0 returned -14 [ 1026.985566][T19652] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1029.104515][T19667] netlink: 68 bytes leftover after parsing attributes in process `syz.6.4236'. [ 1029.983186][T12118] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 1030.212647][T12118] usb 1-1: Using ep0 maxpacket: 16 [ 1030.239946][T12118] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1030.262692][ T9] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 1030.357221][T12118] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1030.370535][T12118] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1030.379961][T12118] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1030.494331][T12118] usb 1-1: config 0 descriptor?? [ 1030.523345][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 1030.538331][ T9] usb 7-1: config 0 has no interfaces? [ 1030.556200][ T9] usb 7-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 1030.644758][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1030.724410][ T9] usb 7-1: Product: syz [ 1030.760361][ T9] usb 7-1: Manufacturer: syz [ 1030.811333][ T9] usb 7-1: SerialNumber: syz [ 1030.911519][ T9] usb 7-1: config 0 descriptor?? [ 1031.012980][T12118] microsoft 0003:045E:07DA.002B: unknown main item tag 0x0 [ 1031.026589][T12118] microsoft 0003:045E:07DA.002B: unknown main item tag 0x0 [ 1031.064655][T12118] microsoft 0003:045E:07DA.002B: unknown main item tag 0x0 [ 1031.183183][T19687] binder: 19682:19687 ioctl c0306201 0 returned -14 [ 1031.202425][T12118] microsoft 0003:045E:07DA.002B: unknown main item tag 0x0 [ 1031.214961][T12118] microsoft 0003:045E:07DA.002B: unknown main item tag 0x0 [ 1031.222591][T12118] microsoft 0003:045E:07DA.002B: unknown main item tag 0x0 [ 1031.230246][T12118] microsoft 0003:045E:07DA.002B: unknown main item tag 0x0 [ 1031.239182][T12118] microsoft 0003:045E:07DA.002B: unknown main item tag 0x0 [ 1031.246545][T12118] microsoft 0003:045E:07DA.002B: unknown main item tag 0x0 [ 1031.254020][T12118] microsoft 0003:045E:07DA.002B: unknown main item tag 0x0 [ 1031.261757][T12118] HID 045e:07da: Invalid code 65791 type 1 [ 1031.273717][T12118] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.002B/input/input76 [ 1031.430351][ T9] usb 7-1: USB disconnect, device number 19 [ 1031.646394][T12118] microsoft 0003:045E:07DA.002B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 1031.699132][ T9] usb 1-1: USB disconnect, device number 91 [ 1032.015245][T19702] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4246'. [ 1033.670544][T19722] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4250'. [ 1035.028179][T19738] binder: 19731:19738 ioctl c0306201 0 returned -14 [ 1038.073262][T19785] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4271'. [ 1042.215258][T19840] mkiss: ax0: crc mode is auto. [ 1042.241189][ T5830] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 1045.314250][ T5868] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 1045.653993][ T5868] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1045.662908][ T5868] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1045.673810][ T5868] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1045.687899][ T5868] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1045.701041][ T5868] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1045.720022][ T5868] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1045.731493][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1045.965897][ T29] audit: type=1400 audit(1735862265.226:735): avc: denied { shutdown } for pid=19886 comm="syz.4.4292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1046.235894][ T5868] usb 4-1: Product: syz [ 1046.240108][ T5868] usb 4-1: Manufacturer: syz [ 1046.266473][ T5868] cdc_wdm 4-1:1.0: skipping garbage [ 1046.272180][ T5868] cdc_wdm 4-1:1.0: skipping garbage [ 1046.283097][ T5868] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 1046.289031][ T5868] cdc_wdm 4-1:1.0: Unknown control protocol [ 1046.390269][T19900] Process accounting resumed [ 1046.756048][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1046.762706][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1046.769102][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1046.775735][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1046.782319][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1046.788951][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1046.795480][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1046.802117][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1046.808521][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1046.815152][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1046.821527][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1046.828158][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1046.835289][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1046.841928][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1046.848434][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1046.855070][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1046.861359][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1046.867997][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1046.874359][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1046.880991][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1046.887585][T11976] usb 4-1: USB disconnect, device number 80 [ 1046.893629][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 1048.156915][ T5830] Bluetooth: hci2: command 0x0406 tx timeout [ 1048.189716][ T29] audit: type=1400 audit(1735862266.696:736): avc: denied { mount } for pid=19899 comm="syz.1.4295" name="/" dev="configfs" ino=1210 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 1048.283409][ T29] audit: type=1400 audit(1735862266.726:737): avc: denied { write } for pid=19899 comm="syz.1.4295" name="/" dev="configfs" ino=1210 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1048.313455][ T29] audit: type=1400 audit(1735862266.806:738): avc: denied { append } for pid=19902 comm="syz.6.4297" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 1048.363409][ T29] audit: type=1400 audit(1735862267.506:739): avc: denied { unmount } for pid=15110 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 1049.421574][T19923] bridge0: port 3(erspan0) entered blocking state [ 1049.430038][T19923] bridge0: port 3(erspan0) entered disabled state [ 1049.438556][T19923] erspan0: entered allmulticast mode [ 1049.728751][T19923] erspan0: entered promiscuous mode [ 1049.750997][T19923] bridge0: port 3(erspan0) entered blocking state [ 1049.757596][T19923] bridge0: port 3(erspan0) entered forwarding state [ 1049.764936][ T29] audit: type=1400 audit(1735862268.896:740): avc: denied { listen } for pid=19915 comm="syz.6.4301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1049.771507][T19915] delete_channel: no stack [ 1049.912644][T19921] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4301'. [ 1051.010753][ T5128] Bluetooth: hci3: link tx timeout [ 1051.016061][ T5128] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 1053.055739][ T5830] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 1053.062111][ T5830] Bluetooth: hci0: command 0x0406 tx timeout [ 1053.077194][ T5128] Bluetooth: hci3: command 0x0405 tx timeout [ 1054.526743][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.673852][T19980] loop5: detected capacity change from 0 to 7 [ 1054.680130][T19980] buffer_io_error: 4 callbacks suppressed [ 1054.680140][T19980] Buffer I/O error on dev loop5, logical block 0, async page read [ 1054.693914][T19980] Buffer I/O error on dev loop5, logical block 0, async page read [ 1054.701777][T19980] Buffer I/O error on dev loop5, logical block 0, async page read [ 1054.709724][T19980] Buffer I/O error on dev loop5, logical block 0, async page read [ 1054.717963][T19980] Buffer I/O error on dev loop5, logical block 0, async page read [ 1054.725864][T19980] Buffer I/O error on dev loop5, logical block 0, async page read [ 1054.733731][T19980] Buffer I/O error on dev loop5, logical block 0, async page read [ 1054.741534][T19980] ldm_validate_partition_table(): Disk read failed. [ 1054.748209][T19980] Buffer I/O error on dev loop5, logical block 0, async page read [ 1054.756099][T19980] Buffer I/O error on dev loop5, logical block 0, async page read [ 1054.764027][T19980] Buffer I/O error on dev loop5, logical block 0, async page read [ 1054.771884][T19980] Dev loop5: unable to read RDB block 0 [ 1054.777626][T19980] loop5: unable to read partition table [ 1054.783379][T19980] loop5: partition table beyond EOD, truncated [ 1054.789540][T19980] loop_reread_partitions: partition scan of loop5 (被xڬdƤݡ [ 1054.789540][T19980] ) failed (rc=-5) [ 1058.487486][T20030] xt_CT: No such helper "snmp_trap" [ 1061.221479][ T29] audit: type=1400 audit(1735862280.546:741): avc: denied { listen } for pid=20069 comm="syz.4.4344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1061.267210][ T29] audit: type=1326 audit(1735862280.586:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20071 comm="syz.6.4345" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf43185d29 code=0x0 [ 1061.460705][T20074] openvswitch: netlink: Message has 1275 unknown bytes. [ 1061.468556][T20074] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1062.232829][T11222] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 1062.395475][T11222] usb 2-1: Using ep0 maxpacket: 16 [ 1062.411613][T11222] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1062.411721][T11222] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1062.411779][T11222] usb 2-1: Product: syz [ 1062.411848][T11222] usb 2-1: Manufacturer: syz [ 1062.411940][T11222] usb 2-1: SerialNumber: syz [ 1062.433193][T11222] usb 2-1: config 0 descriptor?? [ 1062.680235][T20089] fuse: Bad value for 'fd' [ 1062.892369][T11176] Bluetooth: hci3: command 0x0405 tx timeout [ 1062.892587][T11176] Bluetooth: hci0: command 0x0406 tx timeout [ 1062.927887][ T5128] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 1063.082615][ T9] usb 2-1: USB disconnect, device number 102 [ 1063.878047][T20101] hfs: can't find a HFS filesystem on dev nullb0 [ 1064.252546][T20105] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4355'. [ 1065.049112][T20128] netlink: 3 bytes leftover after parsing attributes in process `syz.4.4364'. [ 1065.142477][ T5868] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1065.302592][ T5868] usb 2-1: device descriptor read/64, error -71 [ 1065.597810][ T5868] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 1065.661814][T20128] batadv1: entered promiscuous mode [ 1065.783368][ T5868] usb 2-1: device descriptor read/64, error -71 [ 1065.841576][T20128] batadv1: entered allmulticast mode [ 1065.876744][ T7210] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 1065.919231][ T5868] usb usb2-port1: attempt power cycle [ 1066.125939][ T9] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 1066.272607][ T5868] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1066.308990][ T5868] usb 2-1: device descriptor read/8, error -71 [ 1066.552669][ T5868] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 1066.574371][ T5868] usb 2-1: device descriptor read/8, error -71 [ 1066.642355][ T8] usb 1-1: new high-speed USB device number 92 using dummy_hcd [ 1066.673208][ T9] usb 4-1: config index 0 descriptor too short (expected 3133, got 61) [ 1066.674841][T20141] netlink: 'syz.4.4367': attribute type 3 has an invalid length. [ 1066.681506][ T9] usb 4-1: config 0 has an invalid interface number: 156 but max is 1 [ 1066.698730][T20141] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.4367'. [ 1066.705097][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1066.721502][ T5868] usb usb2-port1: unable to enumerate USB device [ 1066.791925][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1066.806998][ T9] usb 4-1: config 0 has no interface number 0 [ 1066.817473][ T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1066.827617][ T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1066.838838][ T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1066.849143][ T9] usb 4-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1066.866608][ T9] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 1066.879380][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1066.887645][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 1066.897308][ T8] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1066.916619][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1066.992759][ T5128] Bluetooth: hci1: command 0x0406 tx timeout [ 1066.994435][ T9] usb 4-1: config 0 descriptor?? [ 1067.005462][ T8] usb 1-1: Product: syz [ 1067.044516][ T8] usb 1-1: Manufacturer: syz [ 1067.080787][ T8] usb 1-1: SerialNumber: syz [ 1067.172312][ T9] gspca_main: spca561-2.14.0 probing abcd:cdee [ 1067.346946][ T8] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1067.362584][ T8] r8152-cfgselector 1-1: config 0 descriptor?? [ 1067.394777][ T9] spca561 4-1:0.156: probe with driver spca561 failed with error -22 [ 1067.422013][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1067.438164][ T9] usb 4-1: MIDIStreaming interface descriptor not found [ 1067.495696][ T9] usb 4-1: USB disconnect, device number 81 [ 1067.885267][ T8] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1067.891611][ T8] r8152-cfgselector 1-1: bad CDC descriptors [ 1067.932649][ T8] r8152-cfgselector 1-1: USB disconnect, device number 92 [ 1068.236003][T20157] udevd[20157]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.156/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1068.611304][T20166] xt_CT: No such helper "snmp_trap" [ 1069.297384][T20180] xt_CT: No such helper "snmp_trap" [ 1069.832632][ T9] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 1069.992855][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1069.999845][ T9] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1070.086563][ T9] usb 4-1: config 0 has no interface number 0 [ 1070.222436][ T29] audit: type=1400 audit(1735862289.496:743): avc: denied { create } for pid=20187 comm="syz.1.4381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 1070.295469][ T29] audit: type=1400 audit(1735862289.506:744): avc: denied { write } for pid=20187 comm="syz.1.4381" path="socket:[73777]" dev="sockfs" ino=73777 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 1070.302313][ T9] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1070.605839][ T9] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1070.615139][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1070.623464][ T9] usb 4-1: Product: syz [ 1070.627803][ T9] usb 4-1: Manufacturer: syz [ 1070.632490][ T9] usb 4-1: SerialNumber: syz [ 1070.639064][ T9] usb 4-1: config 0 descriptor?? [ 1070.645935][ T9] smsc75xx v1.0.0 [ 1070.662665][T11222] usb 1-1: new high-speed USB device number 93 using dummy_hcd [ 1070.803909][T11222] usb 1-1: device descriptor read/64, error -71 [ 1070.832381][ T8] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 1071.042393][T11222] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 1071.102347][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 1071.272896][ T29] audit: type=1400 audit(1735862290.446:745): avc: denied { execmem } for pid=20198 comm="syz.4.4384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 1071.322404][T11222] usb 1-1: device descriptor read/64, error -71 [ 1071.338317][ T8] usb 2-1: config 0 has an invalid interface number: 224 but max is 0 [ 1072.208332][ T8] usb 2-1: config 0 has no interface number 0 [ 1072.208833][T11222] usb usb1-port1: attempt power cycle [ 1072.214665][ T8] usb 2-1: config 0 interface 224 has no altsetting 0 [ 1072.264481][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 1072.422516][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1072.570848][ T8] usb 2-1: New USB device found, idVendor=06cd, idProduct=0108, bcdDevice=b0.a1 [ 1072.579999][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1072.588309][ T8] usb 2-1: Product: syz [ 1072.592683][ T8] usb 2-1: Manufacturer: syz [ 1072.597449][ T8] usb 2-1: SerialNumber: syz [ 1072.606607][ T8] usb 2-1: config 0 descriptor?? [ 1072.692440][T11222] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 1072.713007][T11222] usb 1-1: device descriptor read/8, error -71 [ 1072.814052][ T8] keyspan 2-1:0.224: Keyspan 1 port adapter converter detected [ 1072.821768][ T8] keyspan 2-1:0.224: found no endpoint descriptor for endpoint 87 [ 1072.829794][ T8] keyspan 2-1:0.224: found no endpoint descriptor for endpoint 7 [ 1072.839185][ T8] keyspan 2-1:0.224: found no endpoint descriptor for endpoint 81 [ 1072.847249][ T8] keyspan 2-1:0.224: unsupported endpoint type 0 [ 1072.853729][ T8] keyspan 2-1:0.224: found no endpoint descriptor for endpoint 2 [ 1072.861562][ T8] keyspan 2-1:0.224: found no endpoint descriptor for endpoint 85 [ 1072.870091][ T8] keyspan 2-1:0.224: found no endpoint descriptor for endpoint 5 [ 1072.882746][ T8] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1072.902915][ T8] usb 2-1: USB disconnect, device number 107 [ 1072.952477][T11222] usb 1-1: new high-speed USB device number 96 using dummy_hcd [ 1072.990967][T11222] usb 1-1: device descriptor read/8, error -71 [ 1073.104108][T11222] usb usb1-port1: unable to enumerate USB device [ 1073.166238][ T8] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1073.176941][ T8] keyspan 2-1:0.224: device disconnected [ 1073.214773][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 1073.225998][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61 [ 1073.867371][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 1073.877005][ T9] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -61 [ 1073.994887][T20221] xt_CT: No such helper "snmp_trap" [ 1074.014085][T20219] Process accounting resumed [ 1074.119751][T20226] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4394'. [ 1074.389881][ T5868] usb 4-1: USB disconnect, device number 82 [ 1076.024830][T20260] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4405'. [ 1076.516997][T20261] Process accounting resumed [ 1077.032487][T20277] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4409'. [ 1079.426000][T20312] Process accounting resumed [ 1081.822960][ T29] audit: type=1400 audit(1735862301.136:746): avc: denied { create } for pid=20342 comm="syz.4.4431" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1082.890589][T20358] netlink: 830 bytes leftover after parsing attributes in process `syz.6.4436'. [ 1082.972635][T11222] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1083.162619][T11222] usb 2-1: Using ep0 maxpacket: 16 [ 1083.216985][T11222] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1083.260786][T11222] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1083.279484][T11222] usb 2-1: Product: syz [ 1083.289283][T11222] usb 2-1: Manufacturer: syz [ 1083.299852][T11222] usb 2-1: SerialNumber: syz [ 1083.306862][T11222] usb 2-1: config 0 descriptor?? [ 1083.310480][T20365] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4438'. [ 1083.565842][ T9] usb 2-1: USB disconnect, device number 108 [ 1083.855671][ T8] usb 1-1: new high-speed USB device number 97 using dummy_hcd [ 1084.251339][ T29] audit: type=1326 audit(1735862303.476:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20380 comm="syz.4.4444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae8785d29 code=0x7ffc0000 [ 1084.277981][ T29] audit: type=1326 audit(1735862303.476:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20380 comm="syz.4.4444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae8785d29 code=0x7ffc0000 [ 1084.301611][ T29] audit: type=1326 audit(1735862303.486:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20380 comm="syz.4.4444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f3ae8785d29 code=0x7ffc0000 [ 1084.325433][ T29] audit: type=1326 audit(1735862303.486:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20380 comm="syz.4.4444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae8785d29 code=0x7ffc0000 [ 1084.349486][ T29] audit: type=1326 audit(1735862303.496:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20380 comm="syz.4.4444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae8785d29 code=0x7ffc0000 [ 1084.373052][ T29] audit: type=1326 audit(1735862303.496:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20380 comm="syz.4.4444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f3ae8785d29 code=0x7ffc0000 [ 1084.396727][ T29] audit: type=1326 audit(1735862303.496:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20380 comm="syz.4.4444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae8785d29 code=0x7ffc0000 [ 1084.420481][ T29] audit: type=1326 audit(1735862303.496:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20380 comm="syz.4.4444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae8785d29 code=0x7ffc0000 [ 1084.622819][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 1084.658218][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1084.669483][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1085.283504][ T8] usb 1-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00 [ 1085.292722][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1085.303039][ T8] usb 1-1: config 0 descriptor?? [ 1085.774988][ T29] audit: type=1400 audit(1735862305.106:755): avc: denied { remount } for pid=20399 comm="syz.1.4451" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1085.891041][ T8] usbhid 1-1:0.0: can't add hid device: -71 [ 1085.897070][ T8] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1085.929404][ T8] usb 1-1: USB disconnect, device number 97 [ 1086.533787][T20415] netlink: 'syz.1.4455': attribute type 1 has an invalid length. [ 1086.562513][T20415] netlink: 244 bytes leftover after parsing attributes in process `syz.1.4455'. [ 1088.135874][T20441] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 1088.303378][ T8] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 1088.612555][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 1088.621299][ T8] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1088.695239][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1088.726325][ T8] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1088.736118][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1088.750680][ T8] usb 5-1: Product: syz [ 1088.762394][ T8] usb 5-1: Manufacturer: syz [ 1088.770222][ T8] usb 5-1: SerialNumber: syz [ 1088.785730][ T8] usb 5-1: config 0 descriptor?? [ 1088.801921][ T8] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1088.814088][ T8] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 1089.029099][T20459] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4470'. [ 1089.456812][ T8] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 1089.524840][ T8] em28xx 5-1:0.0: Config register raw data: 0x56 [ 1090.248143][ T8] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 1090.255291][ T8] em28xx 5-1:0.0: No AC97 audio processor [ 1090.304139][ T8] usb 5-1: USB disconnect, device number 107 [ 1090.393135][ T8] em28xx 5-1:0.0: Disconnecting em28xx [ 1090.404158][ T8] em28xx 5-1:0.0: Freeing device [ 1090.594657][T20471] x_tables: eb_tables: nfacct.0 match: invalid size 40 (kernel) != (user) 31 [ 1091.807870][ T9] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 1091.984618][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 1092.050258][T20492] xt_CT: No such helper "snmp_trap" [ 1092.058723][ T9] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1092.073021][ T9] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1092.081669][ T9] usb 4-1: Product: syz [ 1092.091501][ T9] usb 4-1: Manufacturer: syz [ 1092.668506][ T9] usb 4-1: SerialNumber: syz [ 1092.684696][ T9] usb 4-1: config 0 descriptor?? [ 1092.916662][ T9] usb 4-1: USB disconnect, device number 83 [ 1093.335220][T20529] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4484'. [ 1093.791374][T20536] netlink: 'syz.1.4483': attribute type 1 has an invalid length. [ 1093.799519][T20536] netlink: 'syz.1.4483': attribute type 3 has an invalid length. [ 1093.807479][T20536] netlink: 216 bytes leftover after parsing attributes in process `syz.1.4483'. [ 1094.954976][T20553] orangefs_mount: mount request failed with -4 [ 1096.446165][ T5128] Bluetooth: hci3: command 0x0405 tx timeout [ 1097.132706][T20577] xt_CT: No such helper "snmp_trap" [ 1099.712569][ T8] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 1099.992395][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 1100.003737][ T8] usb 4-1: config 0 has no interfaces? [ 1100.030762][ T8] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 1100.053809][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1100.062090][ T8] usb 4-1: Product: syz [ 1100.069445][ T8] usb 4-1: Manufacturer: syz [ 1100.075571][ T8] usb 4-1: SerialNumber: syz [ 1100.081912][ T8] usb 4-1: config 0 descriptor?? [ 1100.815096][ T9] usb 4-1: USB disconnect, device number 84 [ 1101.252654][ T9] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1101.432422][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1101.452907][ T9] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1101.462181][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1101.477881][ T9] usb 2-1: Product: syz [ 1101.482157][ T9] usb 2-1: Manufacturer: syz [ 1101.490220][ T9] usb 2-1: SerialNumber: syz [ 1101.505359][ T9] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1101.535071][ T9] r8152-cfgselector 2-1: config 0 descriptor?? [ 1101.775079][ T9] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1101.793904][ T9] r8152-cfgselector 2-1: bad CDC descriptors [ 1101.969205][T20649] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4520'. [ 1102.378514][ T9] r8152-cfgselector 2-1: USB disconnect, device number 109 [ 1102.735036][ T29] audit: type=1400 audit(1735862328.060:756): avc: denied { setattr } for pid=20656 comm="syz.3.4523" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sock_file permissive=1 [ 1102.778958][T20657] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4523'. [ 1103.181908][ T29] audit: type=1400 audit(1735862328.100:757): avc: denied { write } for pid=20656 comm="syz.3.4523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1103.285830][ T29] audit: type=1400 audit(1735862328.100:758): avc: denied { nlmsg_write } for pid=20656 comm="syz.3.4523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1103.612850][ T9] kernel write not supported for file bpf-prog (pid: 9 comm: kworker/0:1) [ 1104.266717][ T9] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1105.194861][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1105.205106][ T9] usb 2-1: config 8 has an invalid interface number: 44 but max is 2 [ 1105.217195][ T9] usb 2-1: config 8 has an invalid interface number: 55 but max is 2 [ 1105.226152][ T9] usb 2-1: config 8 has no interface number 0 [ 1105.232944][ T9] usb 2-1: config 8 has no interface number 1 [ 1105.249321][ T9] usb 2-1: config 8 interface 44 has no altsetting 0 [ 1105.270911][ T9] usb 2-1: config 8 interface 55 has no altsetting 0 [ 1105.280330][ T9] usb 2-1: config 8 interface 2 has no altsetting 0 [ 1105.295867][ T9] usb 2-1: New USB device found, idVendor=05c6, idProduct=9202, bcdDevice=8d.28 [ 1105.308194][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1105.316574][ T9] usb 2-1: Product: syz [ 1105.321188][ T9] usb 2-1: Manufacturer: syz [ 1105.328665][ T9] usb 2-1: SerialNumber: syz [ 1108.152347][T20721] xt_CT: No such helper "snmp_trap" [ 1108.388495][ T9] usb 2-1: selecting invalid altsetting 0 [ 1108.399911][ T9] usb 2-1: Could not set interface, error -22 [ 1108.410908][ T9] usb 2-1: USB disconnect, device number 110 [ 1108.807144][T20737] netlink: 'syz.6.4547': attribute type 1 has an invalid length. [ 1108.816322][T20737] netlink: 'syz.6.4547': attribute type 3 has an invalid length. [ 1108.905710][T20737] netlink: 216 bytes leftover after parsing attributes in process `syz.6.4547'. [ 1109.243961][ T9] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 1109.741029][T20741] netlink: 'syz.4.4548': attribute type 4 has an invalid length. [ 1109.752332][ T29] audit: type=1400 audit(1735862341.056:759): avc: denied { write } for pid=20731 comm="syz.4.4548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1109.795722][ T9] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 1109.817081][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1109.952960][ T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1109.975440][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1109.985226][ T9] usb 2-1: config 0 descriptor?? [ 1110.001462][ T9] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1112.177007][T20773] xt_CT: No such helper "snmp_trap" [ 1112.224607][ T9] usb 2-1: USB disconnect, device number 111 [ 1115.718148][T20825] xt_CT: No such helper "snmp_trap" [ 1115.978298][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.558185][ T5868] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 1116.730017][ T5868] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 1116.742827][ T5868] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1116.756157][ T5868] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1116.826936][T20846] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1117.325670][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1117.438491][ T5868] usb 5-1: config 0 descriptor?? [ 1117.513697][ T5868] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1117.823656][T20850] netlink: 'syz.1.4579': attribute type 1 has an invalid length. [ 1117.831591][T20850] netlink: 'syz.1.4579': attribute type 3 has an invalid length. [ 1117.839736][T20850] netlink: 216 bytes leftover after parsing attributes in process `syz.1.4579'. [ 1118.032101][T20851] hfs: can't find a HFS filesystem on dev nullb0 [ 1119.093793][T20150] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 1119.618147][T20150] usb 2-1: Using ep0 maxpacket: 8 [ 1119.641529][T20150] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1119.817714][T20150] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1119.827874][T20150] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1119.837986][T20150] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1120.308533][T20150] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1120.315484][ T5868] usb 5-1: USB disconnect, device number 108 [ 1120.317811][T20150] usb 2-1: New USB device strings: Mfr=0, Product=7, SerialNumber=0 [ 1120.331916][T20150] usb 2-1: Product: syz [ 1120.492422][T20882] xt_CT: No such helper "snmp_trap" [ 1121.692455][T20150] usb 2-1: GET_CAPABILITIES returned 0 [ 1121.697985][T20150] usbtmc 2-1:16.0: can't read capabilities [ 1122.506662][T20150] usb 2-1: USB disconnect, device number 112 [ 1122.783386][T20907] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 1123.958775][T20918] hfs: can't find a HFS filesystem on dev nullb0 [ 1124.166183][ T7210] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 1125.752488][T15213] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 1125.912528][T15213] usb 5-1: Using ep0 maxpacket: 8 [ 1125.924978][T15213] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1125.942888][T15213] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1126.026368][T20947] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 1126.490497][T15213] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1126.572544][T15213] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1126.587264][T15213] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1126.596581][T15213] usb 5-1: New USB device strings: Mfr=0, Product=7, SerialNumber=0 [ 1126.605003][T15213] usb 5-1: Product: syz [ 1126.681281][T20952] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4611'. [ 1126.819598][T15213] usb 5-1: GET_CAPABILITIES returned 0 [ 1126.839491][T15213] usbtmc 5-1:16.0: can't read capabilities [ 1126.909503][T20957] xt_CT: No such helper "snmp_trap" [ 1127.029583][T20963] hfs: can't find a HFS filesystem on dev nullb0 [ 1127.345146][T15213] usb 5-1: USB disconnect, device number 109 [ 1128.360905][T20986] syz0: rxe_newlink: already configured on ip6_vti0 [ 1128.506111][ T5868] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 1129.437601][ T5868] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1129.459972][ T5868] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1129.520542][ T5868] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 1129.549395][T20992] loop5: detected capacity change from 0 to 7 [ 1129.575509][T20992] buffer_io_error: 4 callbacks suppressed [ 1129.575713][T20992] Buffer I/O error on dev loop5, logical block 0, async page read [ 1129.581608][ T5868] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1129.599208][T20992] Buffer I/O error on dev loop5, logical block 0, async page read [ 1129.609545][T20992] Buffer I/O error on dev loop5, logical block 0, async page read [ 1129.615684][ T5868] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1129.628027][T20992] Buffer I/O error on dev loop5, logical block 0, async page read [ 1129.640046][T20992] Buffer I/O error on dev loop5, logical block 0, async page read [ 1129.650003][T20992] Buffer I/O error on dev loop5, logical block 0, async page read [ 1129.659952][T20992] Buffer I/O error on dev loop5, logical block 0, async page read [ 1129.669146][T20992] ldm_validate_partition_table(): Disk read failed. [ 1129.669359][ T5868] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 1129.684701][T20992] Buffer I/O error on dev loop5, logical block 0, async page read [ 1129.697968][T20992] Buffer I/O error on dev loop5, logical block 0, async page read [ 1129.708766][T20992] Buffer I/O error on dev loop5, logical block 0, async page read [ 1129.720904][T20992] Dev loop5: unable to read RDB block 0 [ 1129.730305][T20992] loop5: unable to read partition table [ 1129.740045][T20992] loop5: partition table beyond EOD, truncated [ 1129.746735][T20992] loop_reread_partitions: partition scan of loop5 (被xڬdƤݡ [ 1129.746735][T20992] ) failed (rc=-5) [ 1129.882095][ T5868] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 1130.322512][ T5868] usb 7-1: USB disconnect, device number 20 [ 1130.379701][T21007] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4626'. [ 1130.687070][T20727] udevd[20727]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1131.502906][ T5866] kworker/1:5 (5866) used greatest stack depth: 20480 bytes left [ 1133.413312][ T29] audit: type=1400 audit(1735862364.736:760): avc: denied { write } for pid=21027 comm="syz.3.4633" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1133.562492][T20150] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 1134.392516][T20150] usb 2-1: Using ep0 maxpacket: 8 [ 1134.411154][T20150] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1134.421611][T20150] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1134.432023][T20150] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1134.452845][T20150] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1134.459863][T11976] usb 1-1: new high-speed USB device number 98 using dummy_hcd [ 1134.484249][T20150] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1134.503740][T20150] usb 2-1: New USB device strings: Mfr=0, Product=7, SerialNumber=0 [ 1134.512107][T20150] usb 2-1: Product: syz [ 1134.762700][T11976] usb 1-1: Using ep0 maxpacket: 32 [ 1134.787723][T11976] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 1134.857255][T11976] usb 1-1: config 0 has no interface number 0 [ 1134.896401][T20150] usb 2-1: GET_CAPABILITIES returned 0 [ 1134.902021][T11976] usb 1-1: config 0 interface 184 has no altsetting 0 [ 1134.902062][T20150] usbtmc 2-1:16.0: can't read capabilities [ 1134.950944][T11976] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1135.005088][T11976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1135.076482][T11976] usb 1-1: Product: syz [ 1135.080662][T11976] usb 1-1: Manufacturer: syz [ 1135.120075][T11976] usb 1-1: SerialNumber: syz [ 1135.140759][T11976] usb 1-1: config 0 descriptor?? [ 1135.151772][T11976] smsc75xx v1.0.0 [ 1135.158321][T20150] usb 2-1: USB disconnect, device number 113 [ 1135.353242][T11976] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 1135.365025][T11976] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 1136.105888][T11976] usb 1-1: USB disconnect, device number 98 [ 1137.378296][T21081] Process accounting resumed [ 1138.152317][T21083] xt_CT: No such helper "snmp_trap" [ 1139.529115][T20150] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 1139.712343][T20150] usb 7-1: Using ep0 maxpacket: 8 [ 1139.775417][T20150] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1139.882722][T11976] usb 5-1: new high-speed USB device number 110 using dummy_hcd [ 1139.912310][T20150] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1139.961540][T20150] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1139.982521][T20150] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1140.008180][T20150] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1140.030149][T20150] usb 7-1: New USB device strings: Mfr=0, Product=7, SerialNumber=0 [ 1140.042321][T20150] usb 7-1: Product: syz [ 1140.069291][T11976] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1140.079500][T11976] usb 5-1: config 8 has an invalid interface number: 44 but max is 2 [ 1140.092539][T11976] usb 5-1: config 8 has an invalid interface number: 55 but max is 2 [ 1140.111710][T11976] usb 5-1: config 8 has no interface number 0 [ 1140.302315][T11976] usb 5-1: config 8 has no interface number 1 [ 1140.307170][T20150] usb 7-1: GET_CAPABILITIES returned 0 [ 1140.308430][T11976] usb 5-1: config 8 interface 44 has no altsetting 0 [ 1140.321410][T11976] usb 5-1: config 8 interface 55 has no altsetting 0 [ 1140.322045][T20150] usbtmc 7-1:16.0: can't read capabilities [ 1140.328392][T11976] usb 5-1: config 8 interface 2 has no altsetting 0 [ 1140.344036][T11976] usb 5-1: New USB device found, idVendor=05c6, idProduct=9202, bcdDevice=8d.28 [ 1140.389063][T11976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1140.567901][T20150] usb 7-1: USB disconnect, device number 21 [ 1140.608154][T11976] usb 5-1: Product: syz [ 1140.618304][T11976] usb 5-1: Manufacturer: syz [ 1140.633016][T11976] usb 5-1: SerialNumber: syz [ 1142.693510][T21136] xt_CT: No such helper "snmp_trap" [ 1142.717889][T21138] netlink: 3 bytes leftover after parsing attributes in process `syz.1.4660'. [ 1142.856106][T21138] batadv1: entered promiscuous mode [ 1142.861607][T21138] batadv1: entered allmulticast mode [ 1143.084948][T21142] Process accounting resumed [ 1143.466995][T11976] usb 5-1: selecting invalid altsetting 0 [ 1143.511904][T11976] usb 5-1: Could not set interface, error -22 [ 1143.558666][T11976] usb 5-1: USB disconnect, device number 110 [ 1144.324275][T11976] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 1144.512641][T11976] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1144.528171][T11976] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1144.565410][T11976] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1144.630536][T11976] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1145.237011][T11976] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1145.246499][T11976] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1145.326307][T11976] usb 7-1: config 0 descriptor?? [ 1145.422999][T11222] usb 5-1: new high-speed USB device number 111 using dummy_hcd [ 1145.423513][T21167] hfs: can't find a HFS filesystem on dev nullb0 [ 1146.501456][T21173] xt_CT: No such helper "snmp_trap" [ 1146.569333][T11222] usb 5-1: Using ep0 maxpacket: 8 [ 1146.700536][T11222] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 1146.709061][T11222] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1146.718918][T11222] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1146.777148][T11222] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1146.787511][T11222] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1146.802057][T11222] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1146.811579][T11222] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1146.890692][T11976] usbhid 7-1:0.0: can't add hid device: -71 [ 1146.897338][T11976] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1146.946801][T11976] usb 7-1: USB disconnect, device number 22 [ 1146.982391][ T5868] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 1147.129394][T11222] usb 5-1: usb_control_msg returned -32 [ 1147.140664][T11222] usbtmc 5-1:16.0: can't read capabilities [ 1147.152390][ T5868] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1147.161666][ T5868] usb 1-1: config 8 has an invalid interface number: 44 but max is 2 [ 1147.190523][ T5868] usb 1-1: config 8 has an invalid interface number: 55 but max is 2 [ 1147.208851][ T5868] usb 1-1: config 8 has no interface number 0 [ 1147.216022][ T5868] usb 1-1: config 8 has no interface number 1 [ 1147.223527][ T5868] usb 1-1: config 8 interface 44 has no altsetting 0 [ 1147.230477][ T5868] usb 1-1: config 8 interface 55 has no altsetting 0 [ 1147.238066][ T5868] usb 1-1: config 8 interface 2 has no altsetting 0 [ 1147.247396][ T5868] usb 1-1: New USB device found, idVendor=05c6, idProduct=9202, bcdDevice=8d.28 [ 1147.257021][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1147.265374][ T5868] usb 1-1: Product: syz [ 1147.269775][ T5868] usb 1-1: Manufacturer: syz [ 1147.274785][ T5868] usb 1-1: SerialNumber: syz [ 1148.720242][T11222] usb 5-1: USB disconnect, device number 111 [ 1151.163489][ T5868] usb 1-1: selecting invalid altsetting 0 [ 1151.182385][ T5868] usb 1-1: Could not set interface, error -22 [ 1151.197518][ T5868] usb 1-1: USB disconnect, device number 99 [ 1151.362638][ T29] audit: type=1400 audit(1735862388.665:761): avc: denied { append } for pid=21227 comm="syz.3.4688" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1151.409699][ T29] audit: type=1400 audit(1735862388.725:762): avc: denied { map } for pid=21227 comm="syz.3.4688" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1151.484329][ T29] audit: type=1400 audit(1735862388.725:763): avc: denied { execute } for pid=21227 comm="syz.3.4688" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1152.559233][ T5868] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 1153.132462][ T5868] usb 1-1: Using ep0 maxpacket: 8 [ 1153.147177][T21248] xt_CT: No such helper "snmp_trap" [ 1153.208655][ T5868] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1153.252349][ T5868] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1153.262166][ T5868] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1153.303190][ T5868] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1153.313643][ T5868] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1153.335870][ T5868] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1153.359370][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1153.367784][ T29] audit: type=1400 audit(1735862390.665:764): avc: denied { read } for pid=21251 comm="syz.3.4696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1154.222863][ T5868] usb 1-1: usb_control_msg returned -32 [ 1154.228492][ T5868] usbtmc 1-1:16.0: can't read capabilities [ 1154.692524][T15213] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 1154.865117][T15213] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1154.993353][T15213] usb 4-1: config 8 has an invalid interface number: 44 but max is 2 [ 1155.012526][T15213] usb 4-1: config 8 has an invalid interface number: 55 but max is 2 [ 1155.020654][T15213] usb 4-1: config 8 has no interface number 0 [ 1155.040063][T15213] usb 4-1: config 8 has no interface number 1 [ 1155.051969][T15213] usb 4-1: config 8 interface 44 has no altsetting 0 [ 1155.066825][T15213] usb 4-1: config 8 interface 55 has no altsetting 0 [ 1155.081488][T15213] usb 4-1: config 8 interface 2 has no altsetting 0 [ 1155.169515][T15213] usb 4-1: New USB device found, idVendor=05c6, idProduct=9202, bcdDevice=8d.28 [ 1155.178884][T15213] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1155.187366][T15213] usb 4-1: Product: syz [ 1155.191852][T15213] usb 4-1: Manufacturer: syz [ 1155.197508][T15213] usb 4-1: SerialNumber: syz [ 1155.686435][T21275] overlayfs: failed to resolve './file0': -2 [ 1156.794505][T20150] usb 1-1: USB disconnect, device number 100 [ 1157.722525][ T9] usb 5-1: new high-speed USB device number 112 using dummy_hcd [ 1158.597045][T15213] usb 4-1: selecting invalid altsetting 0 [ 1158.603030][T15213] usb 4-1: Could not set interface, error -22 [ 1158.621116][T15213] usb 4-1: USB disconnect, device number 85 [ 1158.652766][ T9] usb 5-1: device descriptor read/64, error -71 [ 1158.978079][ T9] usb 5-1: new high-speed USB device number 113 using dummy_hcd [ 1159.182325][ T9] usb 5-1: device descriptor read/64, error -71 [ 1159.441331][ T9] usb usb5-port1: attempt power cycle [ 1159.594352][T21311] netlink: 'syz.1.4707': attribute type 4 has an invalid length. [ 1159.882354][ T9] usb 5-1: new high-speed USB device number 114 using dummy_hcd [ 1160.074508][ T9] usb 5-1: device descriptor read/8, error -71 [ 1160.153280][T21321] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4711'. [ 1162.962723][ T9] usb 5-1: new high-speed USB device number 115 using dummy_hcd [ 1163.019315][ T9] usb 5-1: device descriptor read/8, error -71 [ 1163.081180][T21328] netlink: 3 bytes leftover after parsing attributes in process `syz.3.4713'. [ 1163.127087][T21328] batadv1: entered promiscuous mode [ 1163.149760][T21328] batadv1: entered allmulticast mode [ 1163.256185][ T9] usb usb5-port1: unable to enumerate USB device [ 1163.402309][T15213] usb 1-1: new high-speed USB device number 101 using dummy_hcd [ 1163.843883][T15213] usb 1-1: Using ep0 maxpacket: 8 [ 1163.876113][T15213] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1163.919233][T15213] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1163.929436][T21338] xt_CT: No such helper "snmp_trap" [ 1163.938681][T15213] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1163.949579][T15213] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1163.961426][T15213] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1163.977176][T15213] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1163.986898][T15213] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1164.386466][T15213] usb 1-1: usb_control_msg returned -32 [ 1164.405852][T15213] usbtmc 1-1:16.0: can't read capabilities [ 1165.347209][T21366] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4723'. [ 1166.138065][T15213] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 1166.331944][ T5868] usb 1-1: USB disconnect, device number 101 [ 1166.368175][ T29] audit: type=1400 audit(1735862409.696:765): avc: denied { listen } for pid=21371 comm="syz.0.4728" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1166.527962][T15213] usb 4-1: device descriptor read/64, error -71 [ 1166.582123][ T29] audit: type=1400 audit(1735862409.696:766): avc: denied { getopt } for pid=21371 comm="syz.0.4728" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1167.070930][T15213] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 1167.166352][T21382] xt_CT: No such helper "snmp_trap" [ 1167.233003][T15213] usb 4-1: device descriptor read/64, error -71 [ 1167.342721][T15213] usb usb4-port1: attempt power cycle [ 1167.707489][T15213] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 1167.760448][T15213] usb 4-1: device descriptor read/8, error -71 [ 1168.032509][T15213] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 1168.073714][T15213] usb 4-1: device descriptor read/8, error -71 [ 1168.084059][T21405] 9pnet_fd: Insufficient options for proto=fd [ 1168.202718][T15213] usb usb4-port1: unable to enumerate USB device [ 1168.271472][T21409] netlink: 68 bytes leftover after parsing attributes in process `syz.6.4737'. [ 1168.443436][T11222] usb 5-1: new high-speed USB device number 116 using dummy_hcd [ 1169.043318][T11222] usb 5-1: Using ep0 maxpacket: 8 [ 1169.057991][T11222] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 1169.066929][T11222] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1169.079761][T11222] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1169.153064][T11222] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1169.163870][T11222] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1169.182468][T11222] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1169.195865][T11222] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1169.873876][T11222] usb 5-1: usb_control_msg returned -32 [ 1169.886670][T11222] usbtmc 5-1:16.0: can't read capabilities [ 1171.238838][T21449] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4752'. [ 1172.247492][T11222] usb 5-1: USB disconnect, device number 116 [ 1173.919500][T21493] 9pnet_fd: Insufficient options for proto=fd [ 1174.237375][T21503] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4764'. [ 1174.822354][T11222] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 1174.982960][T11222] usb 7-1: Using ep0 maxpacket: 8 [ 1175.285868][T11222] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 1175.294500][T11222] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1175.322378][T11222] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1175.340646][T11222] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1175.397730][T11222] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1175.416421][T11222] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1175.438252][T11222] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1175.773777][T11222] usb 7-1: usb_control_msg returned -32 [ 1175.779603][T11222] usbtmc 7-1:16.0: can't read capabilities [ 1175.984325][ T5128] ================================================================== [ 1175.992432][ T5128] BUG: KASAN: slab-use-after-free in l2cap_sock_ready_cb+0x16a/0x170 [ 1176.000544][ T5128] Read of size 8 at addr ffff888061874188 by task kworker/u9:1/5128 [ 1176.008536][ T5128] [ 1176.010856][ T5128] CPU: 0 UID: 0 PID: 5128 Comm: kworker/u9:1 Not tainted 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0 [ 1176.021780][ T5128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1176.031832][ T5128] Workqueue: hci3 hci_rx_work [ 1176.036601][ T5128] Call Trace: [ 1176.039947][ T5128] [ 1176.042874][ T5128] dump_stack_lvl+0x116/0x1f0 [ 1176.047569][ T5128] print_report+0xc3/0x620 [ 1176.051985][ T5128] ? __virt_addr_valid+0x5e/0x590 [ 1176.057010][ T5128] ? __phys_addr+0xc6/0x150 [ 1176.061519][ T5128] kasan_report+0xd9/0x110 [ 1176.065934][ T5128] ? l2cap_sock_ready_cb+0x16a/0x170 [ 1176.071221][ T5128] ? l2cap_sock_ready_cb+0x16a/0x170 [ 1176.076498][ T5128] l2cap_sock_ready_cb+0x16a/0x170 [ 1176.081606][ T5128] l2cap_le_start+0x1ec/0xe40 [ 1176.086269][ T5128] ? l2cap_connect_cfm+0x5f4/0xf10 [ 1176.091369][ T5128] ? __pfx_l2cap_le_start+0x10/0x10 [ 1176.096554][ T5128] ? __pfx_l2cap_global_fixed_chan+0x10/0x10 [ 1176.102523][ T5128] ? __l2cap_chan_add+0x3db/0xa20 [ 1176.107536][ T5128] l2cap_connect_cfm+0x99f/0xf10 [ 1176.112463][ T5128] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 1176.117914][ T5128] ? hci_cb_lookup+0x319/0x4e0 [ 1176.122678][ T5128] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 1176.128130][ T5128] le_conn_complete_evt+0x168d/0x1da0 [ 1176.133494][ T5128] ? __pfx_lock_release+0x10/0x10 [ 1176.138511][ T5128] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1176.144225][ T5128] ? trace_contention_end+0xee/0x140 [ 1176.149503][ T5128] hci_le_conn_complete_evt+0x23c/0x370 [ 1176.155042][ T5128] hci_le_meta_evt+0x2e2/0x5d0 [ 1176.159797][ T5128] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1176.165865][ T5128] hci_event_packet+0x666/0x1180 [ 1176.170796][ T5128] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1176.176081][ T5128] ? __pfx_hci_event_packet+0x10/0x10 [ 1176.181446][ T5128] ? mark_held_locks+0x9f/0xe0 [ 1176.186199][ T5128] ? kcov_remote_start+0x3cf/0x6e0 [ 1176.191303][ T5128] ? lockdep_hardirqs_on+0x7c/0x110 [ 1176.196497][ T5128] hci_rx_work+0x2c5/0x16b0 [ 1176.201002][ T5128] ? process_one_work+0x921/0x1ba0 [ 1176.206106][ T5128] process_one_work+0x9c5/0x1ba0 [ 1176.211034][ T5128] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1176.216656][ T5128] ? __pfx_process_one_work+0x10/0x10 [ 1176.222017][ T5128] ? rcu_is_watching+0x12/0xc0 [ 1176.226775][ T5128] ? assign_work+0x1a0/0x250 [ 1176.231351][ T5128] worker_thread+0x6c8/0xf00 [ 1176.235932][ T5128] ? __kthread_parkme+0x148/0x220 [ 1176.240954][ T5128] ? __pfx_worker_thread+0x10/0x10 [ 1176.246050][ T5128] kthread+0x2c1/0x3a0 [ 1176.250114][ T5128] ? _raw_spin_unlock_irq+0x23/0x50 [ 1176.255302][ T5128] ? __pfx_kthread+0x10/0x10 [ 1176.259883][ T5128] ret_from_fork+0x45/0x80 [ 1176.264290][ T5128] ? __pfx_kthread+0x10/0x10 [ 1176.268878][ T5128] ret_from_fork_asm+0x1a/0x30 [ 1176.273643][ T5128] [ 1176.276646][ T5128] [ 1176.278950][ T5128] Allocated by task 21521: [ 1176.283343][ T5128] kasan_save_stack+0x33/0x60 [ 1176.288013][ T5128] kasan_save_track+0x14/0x30 [ 1176.292677][ T5128] __kasan_kmalloc+0xaa/0xb0 [ 1176.297252][ T5128] __kmalloc_noprof+0x21c/0x510 [ 1176.302104][ T5128] sk_prot_alloc+0x1a8/0x2a0 [ 1176.306689][ T5128] sk_alloc+0x36/0xb90 [ 1176.310752][ T5128] bt_sock_alloc+0x3b/0x3a0 [ 1176.315242][ T5128] l2cap_sock_alloc.constprop.0+0x33/0x1c0 [ 1176.321041][ T5128] l2cap_sock_create+0x123/0x1f0 [ 1176.325969][ T5128] bt_sock_create+0x182/0x350 [ 1176.330631][ T5128] __sock_create+0x335/0x8d0 [ 1176.335209][ T5128] __sys_socket+0x14f/0x260 [ 1176.339696][ T5128] __x64_sys_socket+0x72/0xb0 [ 1176.344362][ T5128] do_syscall_64+0xcd/0x250 [ 1176.348851][ T5128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1176.354733][ T5128] [ 1176.357038][ T5128] Freed by task 21520: [ 1176.361085][ T5128] kasan_save_stack+0x33/0x60 [ 1176.365747][ T5128] kasan_save_track+0x14/0x30 [ 1176.370410][ T5128] kasan_save_free_info+0x3b/0x60 [ 1176.375422][ T5128] __kasan_slab_free+0x51/0x70 [ 1176.380176][ T5128] kfree+0x14f/0x4b0 [ 1176.384058][ T5128] __sk_destruct+0x5eb/0x720 [ 1176.388641][ T5128] sk_destruct+0xc2/0xf0 [ 1176.392874][ T5128] __sk_free+0xf4/0x3e0 [ 1176.397015][ T5128] sk_free+0x6a/0x90 [ 1176.400894][ T5128] l2cap_sock_kill+0x171/0x2d0 [ 1176.405647][ T5128] l2cap_sock_release+0x189/0x210 [ 1176.410676][ T5128] __sock_release+0xb0/0x270 [ 1176.415249][ T5128] sock_close+0x1c/0x30 [ 1176.419384][ T5128] __fput+0x3f8/0xb60 [ 1176.423349][ T5128] task_work_run+0x14e/0x250 [ 1176.427939][ T5128] syscall_exit_to_user_mode+0x27b/0x2a0 [ 1176.433556][ T5128] do_syscall_64+0xda/0x250 [ 1176.438043][ T5128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1176.443931][ T5128] [ 1176.446253][ T5128] The buggy address belongs to the object at ffff888061874000 [ 1176.446253][ T5128] which belongs to the cache kmalloc-2k of size 2048 [ 1176.460286][ T5128] The buggy address is located 392 bytes inside of [ 1176.460286][ T5128] freed 2048-byte region [ffff888061874000, ffff888061874800) [ 1176.474174][ T5128] [ 1176.476478][ T5128] The buggy address belongs to the physical page: [ 1176.482879][ T5128] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61870 [ 1176.491618][ T5128] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1176.500099][ T5128] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1176.508060][ T5128] page_type: f5(slab) [ 1176.512024][ T5128] raw: 00fff00000000040 ffff88801b042000 0000000000000000 dead000000000001 [ 1176.520602][ T5128] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 1176.529168][ T5128] head: 00fff00000000040 ffff88801b042000 0000000000000000 dead000000000001 [ 1176.537818][ T5128] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 1176.546470][ T5128] head: 00fff00000000003 ffffea0001861c01 ffffffffffffffff 0000000000000000 [ 1176.555120][ T5128] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1176.563766][ T5128] page dumped because: kasan: bad access detected [ 1176.570160][ T5128] page_owner tracks the page as allocated [ 1176.575853][ T5128] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3021, tgid 3021 (kworker/u8:6), ts 60530521224, free_ts 13173426475 [ 1176.596588][ T5128] post_alloc_hook+0x2d1/0x350 [ 1176.601339][ T5128] get_page_from_freelist+0xfce/0x2f80 [ 1176.606783][ T5128] __alloc_pages_noprof+0x223/0x25b0 [ 1176.612057][ T5128] alloc_pages_mpol_noprof+0x2c9/0x610 [ 1176.617502][ T5128] new_slab+0x2c9/0x410 [ 1176.621637][ T5128] ___slab_alloc+0xd7d/0x17a0 [ 1176.626295][ T5128] __slab_alloc.constprop.0+0x56/0xb0 [ 1176.631676][ T5128] __kmalloc_node_track_caller_noprof+0x2f1/0x510 [ 1176.638077][ T5128] kmalloc_reserve+0xef/0x2c0 [ 1176.642740][ T5128] __alloc_skb+0x164/0x380 [ 1176.647142][ T5128] inet6_ifinfo_notify+0x77/0x150 [ 1176.652154][ T5128] addrconf_notify+0x81a/0x19c0 [ 1176.656988][ T5128] notifier_call_chain+0xb7/0x410 [ 1176.662000][ T5128] call_netdevice_notifiers_info+0xbe/0x140 [ 1176.667876][ T5128] netdev_state_change+0x115/0x150 [ 1176.672969][ T5128] linkwatch_do_dev+0x12b/0x160 [ 1176.677804][ T5128] page last free pid 1 tgid 1 stack trace: [ 1176.683584][ T5128] free_unref_page+0x661/0x1080 [ 1176.688421][ T5128] free_contig_range+0x133/0x3f0 [ 1176.693341][ T5128] destroy_args+0x802/0xa50 [ 1176.697825][ T5128] debug_vm_pgtable+0x168e/0x31a0 [ 1176.702830][ T5128] do_one_initcall+0x128/0x700 [ 1176.707583][ T5128] kernel_init_freeable+0x5c7/0x900 [ 1176.712769][ T5128] kernel_init+0x1c/0x2b0 [ 1176.717080][ T5128] ret_from_fork+0x45/0x80 [ 1176.721565][ T5128] ret_from_fork_asm+0x1a/0x30 [ 1176.726322][ T5128] [ 1176.728625][ T5128] Memory state around the buggy address: [ 1176.734231][ T5128] ffff888061874080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1176.742276][ T5128] ffff888061874100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1176.750322][ T5128] >ffff888061874180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1176.758446][ T5128] ^ [ 1176.762751][ T5128] ffff888061874200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1176.770795][ T5128] ffff888061874280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1176.778834][ T5128] ================================================================== [ 1176.788446][ T5128] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1176.795665][ T5128] CPU: 0 UID: 0 PID: 5128 Comm: kworker/u9:1 Not tainted 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0 [ 1176.806524][ T5128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1176.816579][ T5128] Workqueue: hci3 hci_rx_work [ 1176.821243][ T5128] Call Trace: [ 1176.824500][ T5128] [ 1176.827408][ T5128] dump_stack_lvl+0x3d/0x1f0 [ 1176.831978][ T5128] panic+0x71d/0x800 [ 1176.835875][ T5128] ? __pfx_panic+0x10/0x10 [ 1176.840269][ T5128] ? preempt_schedule_thunk+0x1a/0x30 [ 1176.845637][ T5128] ? preempt_schedule_common+0x44/0xc0 [ 1176.851112][ T5128] check_panic_on_warn+0xab/0xb0 [ 1176.856056][ T5128] end_report+0x117/0x180 [ 1176.860377][ T5128] kasan_report+0xe9/0x110 [ 1176.864772][ T5128] ? l2cap_sock_ready_cb+0x16a/0x170 [ 1176.870036][ T5128] ? l2cap_sock_ready_cb+0x16a/0x170 [ 1176.875298][ T5128] l2cap_sock_ready_cb+0x16a/0x170 [ 1176.880396][ T5128] l2cap_le_start+0x1ec/0xe40 [ 1176.885067][ T5128] ? l2cap_connect_cfm+0x5f4/0xf10 [ 1176.890160][ T5128] ? __pfx_l2cap_le_start+0x10/0x10 [ 1176.895338][ T5128] ? __pfx_l2cap_global_fixed_chan+0x10/0x10 [ 1176.901294][ T5128] ? __l2cap_chan_add+0x3db/0xa20 [ 1176.906294][ T5128] l2cap_connect_cfm+0x99f/0xf10 [ 1176.911208][ T5128] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 1176.916658][ T5128] ? hci_cb_lookup+0x319/0x4e0 [ 1176.921400][ T5128] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 1176.926851][ T5128] le_conn_complete_evt+0x168d/0x1da0 [ 1176.932214][ T5128] ? __pfx_lock_release+0x10/0x10 [ 1176.937224][ T5128] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1176.942938][ T5128] ? trace_contention_end+0xee/0x140 [ 1176.948225][ T5128] hci_le_conn_complete_evt+0x23c/0x370 [ 1176.953760][ T5128] hci_le_meta_evt+0x2e2/0x5d0 [ 1176.958507][ T5128] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1176.964553][ T5128] hci_event_packet+0x666/0x1180 [ 1176.969466][ T5128] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1176.974731][ T5128] ? __pfx_hci_event_packet+0x10/0x10 [ 1176.980085][ T5128] ? mark_held_locks+0x9f/0xe0 [ 1176.984829][ T5128] ? kcov_remote_start+0x3cf/0x6e0 [ 1176.989940][ T5128] ? lockdep_hardirqs_on+0x7c/0x110 [ 1176.995131][ T5128] hci_rx_work+0x2c5/0x16b0 [ 1176.999615][ T5128] ? process_one_work+0x921/0x1ba0 [ 1177.004706][ T5128] process_one_work+0x9c5/0x1ba0 [ 1177.009620][ T5128] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1177.015230][ T5128] ? __pfx_process_one_work+0x10/0x10 [ 1177.020574][ T5128] ? rcu_is_watching+0x12/0xc0 [ 1177.025319][ T5128] ? assign_work+0x1a0/0x250 [ 1177.029880][ T5128] worker_thread+0x6c8/0xf00 [ 1177.034448][ T5128] ? __kthread_parkme+0x148/0x220 [ 1177.039449][ T5128] ? __pfx_worker_thread+0x10/0x10 [ 1177.044549][ T5128] kthread+0x2c1/0x3a0 [ 1177.048608][ T5128] ? _raw_spin_unlock_irq+0x23/0x50 [ 1177.053797][ T5128] ? __pfx_kthread+0x10/0x10 [ 1177.058378][ T5128] ret_from_fork+0x45/0x80 [ 1177.062778][ T5128] ? __pfx_kthread+0x10/0x10 [ 1177.067353][ T5128] ret_from_fork_asm+0x1a/0x30 [ 1177.072101][ T5128] [ 1177.075320][ T5128] Kernel Offset: disabled [ 1177.079646][ T5128] Rebooting in 86400 seconds..