last executing test programs: 5m19.99440611s ago: executing program 1 (id=2296): r0 = socket$inet6(0xa, 0x1, 0x84) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) sendto$inet6(r0, &(0x7f00000002c0)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x27b6a97, @private2={0xfc, 0x2, '\x00', 0xff}, 0x8080}, 0x1c) getsockopt$bt_hci(r0, 0x84, 0x6d, &(0x7f00000006c0)=""/4097, &(0x7f0000000040)=0x1001) 5m19.121242368s ago: executing program 1 (id=2310): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000000)={0x8, {{0x2, 0x4e21, @multicast1}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) 5m19.044279065s ago: executing program 1 (id=2312): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000001740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000bc7ef9642d29ba564165605dca29708efdf9b15a5c10a126121b2751f642635bcd9a8bf7a928a5d054b0d2c54d519ea75c52f41ed6f2886973626b684c8bd9108c0b0b2ea7e556948f0367aff4fbcede3294f6e73d06ad16dc2d26725ff833b5f83b499918e6a6ec245b781d41aee9624c847e2f2312d6b9db45bad354fc1a3f20407ffe406483a0524937ee7559e4bf70136746b37fdfbbb152758d37ed8bcac41fb7243bdcd536249c7996e898b61927eaa5a8790054ba13d3ade593220f96027090a34aaf7ea92f41aab73e7a85eef87e956bb7c5c76a347264fd99359f4e57b0dcc2bcc188ea880a4b11a8bb81eb22b0ddfc689e3218cf310dcc61cab354149d9107d8a88b0aa5b5661555f00443aee5e714009e52cee5e88f008148ddbc0fa81bf938bed4a1ac778d5337cc0311d0772eeac3eab38426e8d1472ff514aa5379ed21551790cc10148410b4fc27582fd7106a8887a9a0b613dfe10aee77542d887208f5534f5dce4d43f258fc9ef975834e1917666e2aff1cebfc3ce2c1e8ff66bba1d9050000000000000078db7024bf321636bede8651e672ed4f01ba5da2c3f9042a8552bd3f2c9ad546ad0ea20b4d35fb0a15c6239f67c7747a40fe26a88adf727fd1b801b4e56fbffcad99ce68fe2af0d94fdc78d27268de435021dca51acaa7a9e0944bdf579c170db6405944b6791a7713ee54f650fdf71b57c3629fb185efce700620ef5744623be08ec935dd563e6ba0b461bda98b364acf3dcdafa9b0e68c21ea509212c2938aa09cc31aa4ee5bfb8e507181909f5854b13997af4888cd61c8aab5fdfd701a16d546e5a533cd9b985dcc582b67979551dcc750fc51f2c9b6814edeffc76a86ea9f58b7c66fa24540daf14c2163d064f8cf0b4878f81e6b8bc4dabc10dac82b39e033963a6d02434cb783a198829d1373790a85c0e01a362d89e80165d280283af3c2060000000000000034b12a73b0c53bfae5d2f6e55728052247adfe0966c6c5eca57918c4540c979a70a281ba00e408c9fe1b20fa208976dd6a56f9bd9a74d81447c9b265d8c23f0e983e0b1d2d62d1e57c9188e4882634476e62ab1b7415a58208eaaf166d14720092f79a6197fe8b4ea7d5485cc6b3630afed8d3403cfa4d7bf48efb371706e0e65901eea3743c98261cbb7a246cf62f99bbc918741d32539ec0754e7d7f08dd45aaf49623342eabf466e54d8da4346e73da54ba2e4b5e2ae2823864d4147b490e55c9509f75c8828500ac32cab11b0262e75fa9e39e3792d01e0b210fdfb686bfffdc677432f6332c1a27502b43997060acdf7784c79fed0325e06f6b64b6434ebf4730509bcf95b9a1d0ba7c469d55351cc1dce6c90f5872e7ad5eed5f850d9d1f928b4e0263b241e8fe03e5e66252c8a3bd320e8deee5b91c653b8f22f58cff36c2ba4d6774f14229939595d2beb998c9312212de00468fc488591aca07ab75fba4a318d3ee4581711927b77a7f14dbcd639892f8cb0000000000000080411736eb1ee86eec338197a56293c9cdb72e84155681553b896d58b62a96852320e74dc4c9b41d6f90d2353dc573a94a092a84209c12da57f8c78e161b0899eb1c8b694d26c5fbf7f65fefacdbf39151f335dddc3b179a13f6de93ffb338e94738c86e35e9fcc654e4d6618dc1201cbd16e1281df911e6c699da16fbbb7a2e5c77966c98d3e7edd58cabfe6bf1bb7f6329084e3e4a2a36da07bbac3ebc00472f55b7966f250109fcce0ad5d4526d20ef74d1a634d724"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x0, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1c, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000002ff0100000000000000000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r2, r1}, 0x94) 5m19.043763645s ago: executing program 1 (id=2313): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) 5m18.980061415s ago: executing program 1 (id=2314): r0 = syz_io_uring_setup(0xbc3, &(0x7f0000000180)={0x0, 0x1064, 0x0, 0x0, 0x271}, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_OPENAT2={0x1c, 0x4, 0x0, 0xffffffffffffff9c, &(0x7f0000000040)={0x141000, 0x6a, 0x48}, &(0x7f0000000140)='./file0\x00', 0x18, 0x0, 0x12345}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0) 5m18.735274782s ago: executing program 1 (id=2321): openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="110000000400000004"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r0, &(0x7f00000000c0), 0x0}, 0x20) 5m18.624644932s ago: executing program 32 (id=2321): openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="110000000400000004"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r0, &(0x7f00000000c0), 0x0}, 0x20) 5m12.06719245s ago: executing program 5 (id=2434): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000380)={0xffffffffffffffff}, 0x106, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0xfffe, 0x0, @empty, 0xab8}, {0xa, 0x0, 0x0, @loopback, 0xfffffffc}, r1, 0x400}}, 0x48) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000980)={0x16, 0x98, 0xfa00, {0x0, 0x2, r1, 0x30, 0x0, @ib={0x1b, 0x1, 0x1, {"f8430000000000000000000000070080"}, 0x7, 0x5, 0x3}}}, 0xa0) 5m12.038142292s ago: executing program 5 (id=2435): r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcfd0"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000880)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340), 0x10}, 0x94) bpf$BPF_LINK_CREATE(0xa, &(0x7f0000000040)={r1, 0xffffffffffffffff, 0x10, 0x0, @val=@iter={&(0x7f0000001a40)=@cgroup, 0x10}}, 0x40) 5m10.392895069s ago: executing program 5 (id=2479): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) unshare(0x28060400) 5m10.047933756s ago: executing program 5 (id=2488): mkdir(&(0x7f0000005740)='./file0\x00', 0x3b) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) chdir(&(0x7f00000000c0)='./file0\x00') mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn']) 5m9.999412073s ago: executing program 5 (id=2490): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x4000000, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000040)="18", 0x1}], 0x1}}, {{&(0x7f00000000c0)={0xa, 0x4e21, 0x5, @local, 0x6}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000100)="a8", 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) 5m9.684119655s ago: executing program 5 (id=2498): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f0000000040)={0x0, 0x5, 0xfffffd62, 0x2}) 5m9.47982579s ago: executing program 33 (id=2498): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f0000000040)={0x0, 0x5, 0xfffffd62, 0x2}) 1m7.213163856s ago: executing program 2 (id=6704): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000088a805005600080054"], 0xfdef) 1m7.085925384s ago: executing program 2 (id=6709): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x10e, 0x0) 1m6.967559244s ago: executing program 2 (id=6711): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000000100)=0xfffffffa, 0x4) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e20004db0"], 0x0) 1m6.959414681s ago: executing program 2 (id=6712): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0) 1m6.904008453s ago: executing program 2 (id=6713): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) lsetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@known='trusted.overlay.impure\x00', 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 1m6.393584325s ago: executing program 2 (id=6718): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='b *:4\tw'], 0xa) write$cgroup_devices(r1, &(0x7f0000000580)={'c', ' *:* ', 'w\x00'}, 0x8) 1m6.230437116s ago: executing program 34 (id=6718): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='b *:4\tw'], 0xa) write$cgroup_devices(r1, &(0x7f0000000580)={'c', ' *:* ', 'w\x00'}, 0x8) 21.078150187s ago: executing program 3 (id=7484): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CAP_DISABLE_QUIRKS2(r1, 0x4068aea3, &(0x7f0000000000)={0xd5, 0x0, 0xc1}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0xdddd1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) 20.926631101s ago: executing program 3 (id=7489): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r1, &(0x7f0000000000)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) bind$ax25(r0, &(0x7f0000000100)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) close(r0) 20.883762385s ago: executing program 3 (id=7490): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$vim2m(&(0x7f0000000280), 0x85c4, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000000)=0x1) 20.624026567s ago: executing program 3 (id=7496): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a95004, 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00') 20.614017173s ago: executing program 3 (id=7497): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd}) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r0, 0xc01064b3, &(0x7f00000000c0)={r2}) 20.42799959s ago: executing program 3 (id=7499): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000071123700000000009500000000000000410d5a538f0606"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="0300000000000000000000807f0000000200000001ffffff060000003b00000000000000000000000000000000000000010000400200000000000000010000000e000000080000006008000000000000000000000000000008000080"]) 20.375571387s ago: executing program 35 (id=7499): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000071123700000000009500000000000000410d5a538f0606"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="0300000000000000000000807f0000000200000001ffffff060000003b00000000000000000000000000000000000000010000400200000000000000010000000e000000080000006008000000000000000000000000000008000080"]) 2.772114299s ago: executing program 4 (id=7725): r0 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) gettid() rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffed]}, 0x0, 0x8) timer_create(0x2, 0x0, &(0x7f0000044000)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) 2.323281302s ago: executing program 7 (id=7731): r0 = socket(0x200000000000011, 0x2, 0xd) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0x32, 0x0, 0x0) syz_emit_ethernet(0x33, &(0x7f0000000500)={@random="e90c610faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x11, 0x0, @gue={{0x1, 0x1, 0x2, 0xc, 0x100, @void}, "00fd3c2d87"}}}}}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x7, 0x18, 0x0, @wg=@data={0x4, 0x80, 0x3}}}}}}, 0x0) 2.297628737s ago: executing program 7 (id=7732): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100)=r2, 0x4) sendmsg$unix(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000440)="041000", 0x3}], 0x1, 0x0, 0x0, 0x20040004}, 0x20004011) recvmsg$unix(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002) sendmsg$inet(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)='l', 0x1}], 0x1}, 0x2404c140) 2.221774734s ago: executing program 7 (id=7733): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0) lseek(r1, 0x2, 0x2) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendfile(r2, r1, 0x0, 0x3) 2.189486831s ago: executing program 7 (id=7734): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r0, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x34}, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x7, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xffffffff}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 2.159872581s ago: executing program 7 (id=7735): r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r0) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r1, &(0x7f0000000340)={0x2020}, 0xcb0a) 2.119730382s ago: executing program 7 (id=7736): socket$inet6_udp(0xa, 0x2, 0x0) ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040)) 1.924923221s ago: executing program 4 (id=7740): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 1.745131266s ago: executing program 6 (id=7744): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x2, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) 1.651290386s ago: executing program 6 (id=7745): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10", 0x48}], 0x3}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x40000340) 1.58012785s ago: executing program 0 (id=7746): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0xda) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000040)={0xbffffff8, 0x7fff, 0xfffffffd, 0x407ff, 0x7, "0451677f010000000000008000", 0x4, 0x200}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x8) 1.567924143s ago: executing program 6 (id=7747): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000580)={0x0, 0x0, r3, r4, 0x4003, 0x100, 0xfffffffc, 0x804, {0xac7c, 0x1, 0x3, 0x67, 0xf48, 0x1, 0x2, 0x5, 0x4130, 0xe154, 0x200, 0x7f, 0x158, 0xffffffff, "fe1d00003413000000000020b42717e47f00"}}) 1.567120797s ago: executing program 0 (id=7748): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xa90}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000440)={0x1, 0x0, 0xeeef0000, 0x1000, &(0x7f0000fe6000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000000)=[@text16={0x10, 0x0}], 0x1, 0x1a, 0x0, 0x0) 1.552084213s ago: executing program 6 (id=7749): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1) getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="380000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="00000000408000001800128008000100736974000c00028008000100", @ANYRES32=r2], 0x38}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f00000001c0)={'sit0\x00', r2, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x67, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}}) 1.468390296s ago: executing program 6 (id=7750): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000380)="e8", 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x7f, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4) shutdown(r0, 0x1) 1.440641815s ago: executing program 6 (id=7751): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x1, 0x5, "989eafdf24"}, 0x0}) 1.419991364s ago: executing program 0 (id=7752): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)='N', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x4e24, 0x0, @private2}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000300)={0x0, 0x2}, 0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8) 1.383015841s ago: executing program 0 (id=7753): r0 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f0000000100)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000001c0)={0x0, 0x5, 0x8100, 0x1}, 0x10) 1.017965996s ago: executing program 4 (id=7754): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000001c80)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x9, @private0, 0x3}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000440)="14", 0x1}], 0x1}}, {{&(0x7f0000000300)={0xa, 0x4e24, 0x1, @dev={0xfe, 0x80, '\x00', 0x30}, 0x8}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000000800)='M', 0x1}], 0x1}}], 0x2, 0x931766f6319eed40) shutdown(r0, 0x1) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/pid_for_children\x00') mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x800000}}, [0x6, 0x5, 0x3, 0x7fffffffffffffff, 0x80000001, 0x6, 0x8, 0x9, 0x28f9238, 0xfffffffffffffffe, 0x8000000000000000, 0x5, 0xcc76, 0x0, 0x80000913]}, &(0x7f0000000100)=0x100) 970.330966ms ago: executing program 4 (id=7755): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0x6, 0x80800) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000000)={0x4, r3}) close_range(r0, 0xffffffffffffffff, 0x0) 878.910379ms ago: executing program 4 (id=7756): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000600)=0x1801, 0x4) sendmmsg$inet(r0, &(0x7f0000007fc0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000840)="2b9b55f1e4d659ef3988105f5c04687ad75f66363fbda5a1f67eea7f73a809ae93b687ee53d9ca6449d70e254edcbb81242680b9ca63df061c865541b830b3051365dc4b3c77b71f58b06009d1f43b42dde4af39add2ba361cd070c118328bfc401a48d61ebca8a2cc02d4f30ea152b76128dde728beaa42f0fc0a3ed9143ce36ffd3a361d30fccd1dd312bd64c75841ca10f5acdc30136b2a58300d3a670c1add5b822f555a6777c410634216f91150645d123b2bfecd4957b975bf69922599e1f34b572e62ae556c7adadd338a80e29baf1fae6b14d2f16cb407518f3aff3b44097b553adde12ee8ccd1bd20c15c30d746767aec05972c9766c3059e8b398457688aa74f5edebf5991d0c40168bda60933cc5b830b0320a2e91579aa31b657030783c4b42c1aa0c9fffd0ca0a17b1654754bfe206420baaa99778f47ab083f04d26b55b0e07c52c72c368213b7018b8c91d76f1bb40ffce1150ecbe344e8c72b4984beb013e3f6c6667a120b6f5cf77e7370b7f3226dbc9b37206eaf603f6d5d7c0b0e34b4a9fae0dd2bb667f99f1c2be8b110fdae40d6b8ef429032243133e086a8077c66f2dfbd0c34d892334c81c66897619db4deccb5dd5c9eeb4c5db1f3a0a756c934766257f6b4e270c01fba9c2708f44f1b71ee1066c88b9f1d3af4da41a04ab27a59f7e5ba34c2c406b0b6d4e98cb32e", 0x1f5}], 0x1}}], 0x1, 0x4000040) 849.441263ms ago: executing program 4 (id=7757): r0 = fsopen(&(0x7f00000000c0)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = gettid() fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000100)='\x00\x00\x00\xa6\a=', 0x0, r0) tkill(r1, 0xb) 505.812031ms ago: executing program 0 (id=7759): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlink(&(0x7f000000a900)='./file0\x00', &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') readlink(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000002200)=""/4096, 0x1000) 446.263947ms ago: executing program 0 (id=7760): syz_usb_connect(0x0, 0x24, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000240)) 395.461846ms ago: executing program 8 (id=7761): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x5, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="2681770b6d0000000f01c9660f3820c6c4c2ddbe1563020000360f017269676426660f5905c4e13d67dbf30f2d266618d8650f01c8", 0x35}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 258.925652ms ago: executing program 8 (id=7762): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_TSC_KHZ_vm(r1, 0xaea2, 0x100080f) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000bc0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535ef976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fce30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac353b21fe733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52af50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472787621147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600"}) 151.694681ms ago: executing program 8 (id=7763): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x2, 0x3, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}}) close_range(r1, 0xffffffffffffffff, 0x0) 114.733505ms ago: executing program 8 (id=7764): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="12000000040000000400000001"], 0x48) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000040), &(0x7f00000000c0)=@udp6=r1, 0x1}, 0x20) recvfrom(r1, &(0x7f00000004c0)=""/182, 0xb6, 0x0, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={r0, &(0x7f0000001380)}, 0x20) shutdown(r1, 0x0) 1.143435ms ago: executing program 8 (id=7765): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0x3, &(0x7f0000000100)=@framed, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 0s ago: executing program 8 (id=7766): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) kernel console output (not intermixed with test programs): ected from ttyUSB0 [ 448.185146][ T9607] ftdi_sio 4-1:0.0: device disconnected [ 448.741611][ T9623] usb 5-1: new full-speed USB device number 77 using dummy_hcd [ 448.916740][ T9623] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 448.939317][ T9623] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 448.957778][ T9623] usb 5-1: Product: syz [ 448.962687][ T9623] usb 5-1: Manufacturer: syz [ 448.967954][ T9623] usb 5-1: SerialNumber: syz [ 448.977761][ T9623] usb 5-1: config 0 descriptor?? [ 448.986775][ T9623] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 449.011242][T21197] @: renamed from vlan0 (while UP) [ 449.095851][ T9612] video4linux radio48: keene_cmd_set failed (-71) [ 449.116538][ T9612] radio-keene 3-1:0.0: V4L2 device registered as radio48 [ 449.128851][ T9612] usb 3-1: USB disconnect, device number 80 [ 449.148131][T21205] syzkaller1: entered promiscuous mode [ 449.168354][T21205] syzkaller1: entered allmulticast mode [ 449.469170][T21220] netlink: del zone limit has 4 unknown bytes [ 449.696803][T21232] netlink: 'syz.3.6665': attribute type 12 has an invalid length. [ 449.704822][T21232] netlink: 'syz.3.6665': attribute type 29 has an invalid length. [ 449.720838][T21232] netlink: 148 bytes leftover after parsing attributes in process `syz.3.6665'. [ 449.738470][T21232] netlink: 59 bytes leftover after parsing attributes in process `syz.3.6665'. [ 449.788340][T21236] @: renamed from vlan0 (while UP) [ 450.004734][ T9623] gspca_stk1135: reg_w 0x7 err -71 [ 450.012211][ T9623] gspca_stk1135: serial bus timeout: status=0x00 [ 450.018553][ T9623] gspca_stk1135: Sensor write failed [ 450.024443][ T9623] gspca_stk1135: serial bus timeout: status=0x00 [ 450.031318][ T9623] gspca_stk1135: Sensor write failed [ 450.036620][ T9623] gspca_stk1135: serial bus timeout: status=0x00 [ 450.043680][ T9623] gspca_stk1135: Sensor read failed [ 450.050112][ T9623] gspca_stk1135: serial bus timeout: status=0x00 [ 450.059161][ T9623] gspca_stk1135: Sensor read failed [ 450.064718][ T9623] gspca_stk1135: Detected sensor type unknown (0x0) [ 450.071892][ T9623] gspca_stk1135: serial bus timeout: status=0x00 [ 450.078267][ T9623] gspca_stk1135: Sensor read failed [ 450.084340][ T9623] gspca_stk1135: serial bus timeout: status=0x00 [ 450.090759][ T9623] gspca_stk1135: Sensor read failed [ 450.096018][ T9623] gspca_stk1135: serial bus timeout: status=0x00 [ 450.102454][ T9623] gspca_stk1135: Sensor write failed [ 450.107814][ T9623] gspca_stk1135: serial bus timeout: status=0x00 [ 450.114474][ T9623] gspca_stk1135: Sensor write failed [ 450.119838][ T9623] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71 [ 450.129233][ T9623] usb 5-1: USB disconnect, device number 77 [ 450.161334][ T9607] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 450.310692][ T9607] usb 1-1: Using ep0 maxpacket: 32 [ 450.317082][ T9607] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 450.326657][ T9607] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.334815][ T9605] usb 3-1: new full-speed USB device number 81 using dummy_hcd [ 450.344039][ T9607] usb 1-1: config 0 descriptor?? [ 450.492775][ T9605] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 450.503045][ T9605] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 450.511993][ T9605] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 450.521162][ T9605] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.540723][ T9605] usb 3-1: config 0 descriptor?? [ 450.548823][ T9605] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 450.561762][ T9605] dvb-usb: bulk message failed: -22 (3/0) [ 450.567695][ T9607] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 450.578308][ T9605] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 450.595761][ T9607] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 450.605789][ T9605] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 450.613799][ T9607] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 450.621167][ T9605] usb 3-1: media controller created [ 450.626434][ T9607] usb 1-1: media controller created [ 450.633186][ T9605] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 450.656426][ T9607] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 450.658740][T21261] overlayfs: upper fs does not support tmpfile. [ 450.668210][ T9605] dvb-usb: bulk message failed: -22 (6/0) [ 450.692177][ T9605] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 450.705456][ T9605] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input116 [ 450.728391][ T9605] dvb-usb: schedule remote query interval to 150 msecs. [ 450.737821][ T9605] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 450.777944][T21246] dvb-usb: bulk message failed: -22 (14/0) [ 450.796128][ T9607] az6027: usb out operation failed. (-71) [ 450.802389][ T9607] az6027: usb out operation failed. (-71) [ 450.808347][ T9607] stb0899_attach: Driver disabled by Kconfig [ 450.814631][ T9607] az6027: no front-end attached [ 450.814631][ T9607] [ 450.822177][ T9607] az6027: usb out operation failed. (-71) [ 450.828136][ T9607] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 450.849255][ T9607] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input117 [ 450.874349][ T9607] dvb-usb: schedule remote query interval to 400 msecs. [ 450.891012][ T9605] dvb-usb: bulk message failed: -22 (1/0) [ 450.899008][ T9605] dvb-usb: error while querying for an remote control event. [ 450.911400][ T9607] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 450.933655][ T9607] usb 1-1: USB disconnect, device number 83 [ 450.967740][ T9612] usb 3-1: USB disconnect, device number 81 [ 450.983660][T21270] GUP no longer grows the stack in syz.4.6683 (21270): 200000004000-20000000a000 (200000002000) [ 450.992872][ T9607] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 451.024029][T21270] CPU: 0 UID: 0 PID: 21270 Comm: syz.4.6683 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(full) [ 451.024058][T21270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 451.024070][T21270] Call Trace: [ 451.024081][T21270] [ 451.024089][T21270] dump_stack_lvl+0x16c/0x1f0 [ 451.024114][T21270] gup_vma_lookup+0x1d2/0x220 [ 451.024139][T21270] __get_user_pages+0x243/0x34a0 [ 451.024172][T21270] ? find_held_lock+0x2b/0x80 [ 451.024195][T21270] ? __pfx___get_user_pages+0x10/0x10 [ 451.024227][T21270] get_user_pages_remote+0x243/0xab0 [ 451.024251][T21270] ? mas_parent_gap+0x6f0/0x7b0 [ 451.024272][T21270] ? __pfx_get_user_pages_remote+0x10/0x10 [ 451.024297][T21270] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 451.024323][T21270] __access_remote_vm+0x24d/0x850 [ 451.024351][T21270] ? do_raw_spin_lock+0x12c/0x2b0 [ 451.024370][T21270] ? __pfx___access_remote_vm+0x10/0x10 [ 451.024397][T21270] proc_pid_cmdline_read+0x4de/0x8e0 [ 451.024423][T21270] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 451.024449][T21270] ? rw_verify_area+0xcf/0x6c0 [ 451.024485][T21270] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 451.024511][T21270] vfs_readv+0x5be/0x8b0 [ 451.024534][T21270] ? __pfx_vfs_readv+0x10/0x10 [ 451.024552][T21270] ? kmem_cache_free+0x2d1/0x4d0 [ 451.024586][T21270] ? __fget_files+0x20e/0x3c0 [ 451.024613][T21270] ? do_preadv+0x1a6/0x270 [ 451.024629][T21270] do_preadv+0x1a6/0x270 [ 451.024646][T21270] ? __pfx_do_preadv+0x10/0x10 [ 451.024669][T21270] do_syscall_64+0xcd/0x4c0 [ 451.024690][ T9612] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 451.024690][T21270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.024708][T21270] RIP: 0033:0x7f3fd338ebe9 [ 451.024721][T21270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.024734][T21270] RSP: 002b:00007f3fd42af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 451.024748][T21270] RAX: ffffffffffffffda RBX: 00007f3fd35b5fa0 RCX: 00007f3fd338ebe9 [ 451.024758][T21270] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 451.024767][T21270] RBP: 00007f3fd3411e19 R08: 0000000000000000 R09: 0000000000000000 [ 451.024776][T21270] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 451.024786][T21270] R13: 00007f3fd35b6038 R14: 00007f3fd35b5fa0 R15: 00007fff4ddd2168 [ 451.024808][T21270] [ 451.588596][ T30] audit: type=1400 audit(1755080576.247:910): avc: denied { unmount } for pid=13883 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 451.680768][ T9612] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 451.709134][T21298] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 451.795081][T21302] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 451.796334][T21304] raw_sendmsg: syz.6.6699 forgot to set AF_INET. Fix it! [ 451.841190][ T9612] usb 5-1: Using ep0 maxpacket: 32 [ 451.849837][ T9612] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 451.860399][ T9612] usb 5-1: config 0 has no interface number 0 [ 451.868929][ T9612] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 451.885516][ T9612] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.907830][ T9612] usb 5-1: Product: syz [ 451.923585][ T9612] usb 5-1: Manufacturer: syz [ 451.928209][ T9612] usb 5-1: SerialNumber: syz [ 451.936604][ T9612] usb 5-1: config 0 descriptor?? [ 451.953120][ T9612] smsc95xx v2.0.0 [ 451.959993][T21312] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6703'. [ 452.140972][T21324] bio_check_eod: 14 callbacks suppressed [ 452.140990][T21324] syz.2.6709: attempt to access beyond end of device [ 452.140990][T21324] loop5: rw=0, sector=0, nr_sectors = 1 limit=0 [ 452.168402][T21324] FAT-fs (loop5): unable to read boot sector [ 452.270127][ T30] audit: type=1400 audit(1755080576.927:911): avc: denied { ioctl } for pid=21327 comm="syz.0.6710" path="socket:[92743]" dev="sockfs" ino=92743 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 452.774825][ T9612] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout [ 452.883421][ T6937] bridge_slave_1: left allmulticast mode [ 452.889158][ T6937] bridge_slave_1: left promiscuous mode [ 452.895335][ T6937] bridge0: port 2(bridge_slave_1) entered disabled state [ 452.904265][ T6937] bridge_slave_0: left allmulticast mode [ 452.909948][ T6937] bridge_slave_0: left promiscuous mode [ 452.915875][ T6937] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.947138][ T9607] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 452.978471][ T9612] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 453.002054][ T9612] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 453.041746][ T9612] usb 5-1: USB disconnect, device number 78 [ 453.123040][ T9607] usb 1-1: config 0 has no interfaces? [ 453.139127][ T9607] usb 1-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 453.163346][ T9607] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.186272][ T9607] usb 1-1: Product: syz [ 453.190465][ T9607] usb 1-1: Manufacturer: syz [ 453.195480][ T9607] usb 1-1: SerialNumber: syz [ 453.212854][ T9607] usb 1-1: config 0 descriptor?? [ 453.219338][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 453.222217][ T6937] team0: Port device geneve0 removed [ 453.231846][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 453.233019][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 453.253984][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 453.272130][T21348] netlink: 'syz.6.6720': attribute type 5 has an invalid length. [ 453.275064][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 453.279943][T21348] netlink: 130080 bytes leftover after parsing attributes in process `syz.6.6720'. [ 453.292612][ T5171] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 453.303957][ T5171] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 453.312528][ T5171] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 453.323063][ T5171] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 453.330498][ T5171] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 453.357926][ T30] audit: type=1400 audit(1755080578.017:912): avc: denied { append } for pid=21349 comm="syz.6.6721" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 453.382339][ T30] audit: type=1400 audit(1755080578.047:913): avc: denied { map } for pid=21349 comm="syz.6.6721" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 453.406782][ T30] audit: type=1400 audit(1755080578.047:914): avc: denied { execute } for pid=21349 comm="syz.6.6721" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 453.472597][ T9612] usb 1-1: USB disconnect, device number 84 [ 453.475178][ T5845] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 453.480745][ T5858] Bluetooth: hci5: command 0x1003 tx timeout [ 453.666376][ T6937] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 453.676053][ T6937] bond_slave_0: left promiscuous mode [ 453.684700][ T6937] bond_slave_0: left allmulticast mode [ 453.691476][ T6937] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 453.700202][ T6937] batadv0: left promiscuous mode [ 453.709146][ T6937] bond0 (unregistering): Released all slaves [ 453.724421][T21356] batadv_slave_1: entered promiscuous mode [ 453.737332][T21355] batadv_slave_1: left promiscuous mode [ 453.891483][T21368] syzkaller1: entered promiscuous mode [ 453.897112][T21368] syzkaller1: entered allmulticast mode [ 453.990195][T21345] chnl_net:caif_netlink_parms(): no params data found [ 454.043679][ T9607] kernel write not supported for file /amidi2 (pid: 9607 comm: kworker/0:9) [ 454.124843][T21345] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.132670][T21345] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.140270][T21345] bridge_slave_0: entered allmulticast mode [ 454.147936][T21345] bridge_slave_0: entered promiscuous mode [ 454.157266][T21345] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.164848][T21345] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.172206][ T9620] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 454.180811][T21345] bridge_slave_1: entered allmulticast mode [ 454.201741][T21345] bridge_slave_1: entered promiscuous mode [ 454.285624][T21345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 454.316591][T21345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 454.332217][ T9620] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 454.345976][ T9620] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 454.385625][ T9620] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 454.419692][T21394] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6737'. [ 454.456435][ T9620] usb 5-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00 [ 454.460844][T21396] netlink: 'syz.3.6738': attribute type 7 has an invalid length. [ 454.474737][ T9620] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.476330][T21396] netlink: 'syz.3.6738': attribute type 3 has an invalid length. [ 454.492063][T21396] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6738'. [ 454.505559][T21345] team0: Port device team_slave_0 added [ 454.518116][ T9620] usb 5-1: config 0 descriptor?? [ 454.562245][T21345] team0: Port device team_slave_1 added [ 454.665880][T21345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 454.691664][T21345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.717565][ C0] vkms_vblank_simulate: vblank timer overrun [ 454.733979][T21345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 454.766553][T21345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 454.777075][T21345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.802983][ C0] vkms_vblank_simulate: vblank timer overrun [ 454.815228][T21345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 455.006028][ T9620] hid-udraw 0003:20D6:CB17.007A: unknown main item tag 0x0 [ 455.045796][ T9620] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:20D6:CB17.007A/input/input118 [ 455.069421][T21345] hsr_slave_0: entered promiscuous mode [ 455.079991][T21345] hsr_slave_1: entered promiscuous mode [ 455.086819][T21345] debugfs: 'hsr0' already exists in 'hsr' [ 455.097557][T21345] Cannot create hsr debugfs directory [ 455.169837][ T9620] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:20D6:CB17.007A/input/input119 [ 455.175290][T21373] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 455.208039][T21417] netlink: 84 bytes leftover after parsing attributes in process `syz.0.6748'. [ 455.239384][T21417] nbd: must specify at least one socket [ 455.250958][T21373] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 455.252206][ T9620] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:20D6:CB17.007A/input/input120 [ 455.315572][ T9620] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:20D6:CB17.007A/input/input121 [ 455.391905][ T5845] Bluetooth: hci2: command tx timeout [ 455.458206][ T9620] hid-udraw 0003:20D6:CB17.007A: hidraw0: USB HID v0.00 Device [HID 20d6:cb17] on usb-dummy_hcd.4-1/input0 [ 455.502168][ T9620] usb 5-1: USB disconnect, device number 79 [ 455.645973][ T6937] tipc: Disabling bearer [ 455.663618][ T6937] tipc: Left network mode [ 455.674500][T21345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 455.863902][T21345] 8021q: adding VLAN 0 to HW filter on device team0 [ 455.884050][ T3489] bridge0: port 1(bridge_slave_0) entered blocking state [ 455.891199][ T3489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 455.906523][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 455.913676][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 456.038684][T21452] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.6761'. [ 456.439605][ T6937] hsr_slave_0: left promiscuous mode [ 456.478350][ T6937] hsr_slave_1: left promiscuous mode [ 456.501554][ T6937] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 456.520995][ T9607] usb 7-1: new high-speed USB device number 60 using dummy_hcd [ 456.670819][ T9607] usb 7-1: Using ep0 maxpacket: 16 [ 456.684121][ T9607] usb 7-1: New USB device found, idVendor=10b9, idProduct=8000, bcdDevice=c0.fa [ 456.701002][ T9607] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.719407][ T9607] usb 7-1: Product: syz [ 456.724939][ T9607] usb 7-1: Manufacturer: syz [ 456.746889][ T9607] usb 7-1: SerialNumber: syz [ 456.758177][ T9607] usb 7-1: config 0 descriptor?? [ 456.850752][ T1608] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 457.000361][ T9607] usb 7-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 457.008666][ T9607] dvb_usb_af9015 7-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 457.034439][ T1608] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 457.047092][ T1608] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.057581][ T9607] usb 7-1: USB disconnect, device number 60 [ 457.066544][ T1608] usb 1-1: Product: syz [ 457.074151][ T1608] usb 1-1: Manufacturer: syz [ 457.083044][ T1608] usb 1-1: SerialNumber: syz [ 457.089781][ T1608] usb 1-1: config 0 descriptor?? [ 457.097434][ T1608] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 457.216821][ T6937] team0 (unregistering): Port device team_slave_1 removed [ 457.259247][ T6937] team0 (unregistering): Port device team_slave_0 removed [ 457.298217][ T1608] gspca_sunplus: reg_r err -71 [ 457.304393][ T1608] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 457.314018][ T1608] usb 1-1: USB disconnect, device number 85 [ 457.471188][ T5845] Bluetooth: hci2: command tx timeout [ 457.666986][T21487] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 457.714746][T21345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 457.929545][ T6937] IPVS: stop unused estimator thread 0... [ 458.082444][T21345] veth0_vlan: entered promiscuous mode [ 458.117528][T21345] veth1_vlan: entered promiscuous mode [ 458.201558][T21345] veth0_macvtap: entered promiscuous mode [ 458.226528][T21345] veth1_macvtap: entered promiscuous mode [ 458.279176][T21345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 458.315322][T21345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 458.431183][ T9620] usb 4-1: new full-speed USB device number 86 using dummy_hcd [ 458.508087][ T6954] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 458.540406][ T6954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 458.613482][ T6954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 458.633169][ T9620] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 458.637052][ T6954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 458.650733][ T9620] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 288, setting to 64 [ 458.736254][ T30] audit: type=1400 audit(1755080583.397:915): avc: denied { mounton } for pid=21345 comm="syz-executor" path="/root/syzkaller.oahwwC/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=94535 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 458.784703][ T9620] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 458.811556][T21520] dvmrp0: entered allmulticast mode [ 458.832489][ T9620] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 458.876456][ T9620] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 458.891300][ T9620] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 458.899596][ T9620] usb 4-1: SerialNumber: syz [ 458.933477][T21508] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 458.944501][ T9620] cdc_acm 4-1:1.0: skipping garbage [ 458.949716][ T9620] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 459.000706][ T9620] cdc_acm 4-1:1.0: This needs exactly 3 endpoints [ 459.008234][ T9620] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -22 [ 459.051995][T21534] netlink: 'syz.4.6791': attribute type 1 has an invalid length. [ 459.059748][T21534] netlink: 144 bytes leftover after parsing attributes in process `syz.4.6791'. [ 459.089729][T21534] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6791'. [ 459.194103][ T9607] usb 4-1: USB disconnect, device number 86 [ 459.557416][ T5845] Bluetooth: hci2: command tx timeout [ 459.854190][T21565] netlink: 'syz.3.6806': attribute type 1 has an invalid length. [ 459.887599][T21570] input: syz0 as /devices/virtual/input/input123 [ 459.929422][T21565] bond1: entered promiscuous mode [ 459.938761][T21565] 8021q: adding VLAN 0 to HW filter on device bond1 [ 460.047561][T21572] 8021q: adding VLAN 0 to HW filter on device bond2 [ 460.056598][T21572] bond1: (slave bond2): making interface the new active one [ 460.064724][T21572] bond2: entered promiscuous mode [ 460.072471][T21572] bond1: (slave bond2): Enslaving as an active interface with an up link [ 460.121279][ T9623] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 460.177548][T21583] binder: 21582:21583 ioctl c0306201 200000002800 returned -14 [ 460.288132][ T9623] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 460.309442][T21590] input: syz0 as /devices/virtual/input/input124 [ 460.325471][ T9623] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 460.338207][ T9623] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 460.362290][ T9623] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 460.376386][ T9623] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 460.390760][ T9623] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.405344][ T9623] usb 5-1: config 0 descriptor?? [ 460.479388][T21599] block device autoloading is deprecated and will be removed. [ 460.575798][T21603] syzkaller1: entered promiscuous mode [ 460.581536][T21603] syzkaller1: entered allmulticast mode [ 460.827010][ T9623] plantronics 0003:047F:FFFF.007B: ignoring exceeding usage max [ 460.848462][ T9623] plantronics 0003:047F:FFFF.007B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 461.130746][ T9605] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 461.291409][ T9605] usb 1-1: Using ep0 maxpacket: 16 [ 461.299733][ T9605] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 461.313188][ T9605] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.323516][ T9605] usb 1-1: Product: syz [ 461.327724][ T9605] usb 1-1: Manufacturer: syz [ 461.338532][ T9605] usb 1-1: SerialNumber: syz [ 461.348112][ T9605] usb 1-1: config 0 descriptor?? [ 461.350414][T21646] netlink: 'syz.6.6839': attribute type 4 has an invalid length. [ 461.567208][T21655] netlink: 'syz.3.6844': attribute type 1 has an invalid length. [ 461.575427][T21655] netlink: 'syz.3.6844': attribute type 2 has an invalid length. [ 461.630836][ T5845] Bluetooth: hci2: command tx timeout [ 461.698816][ T30] audit: type=1400 audit(1755080586.357:916): avc: denied { read } for pid=21664 comm="syz.3.6847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 461.772850][ T9605] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 461.785458][ T9605] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 461.818632][ T9605] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 461.833393][ T9605] usb 1-1: media controller created [ 461.852220][ T9605] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 462.005422][T21679] openvswitch: netlink: IPv4 tun info is not correct [ 462.270828][ T1608] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 462.277807][ T1608] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 462.410953][ T9623] usb 7-1: new high-speed USB device number 61 using dummy_hcd [ 462.421012][ T9605] zl10353_read_register: readreg error (reg=127, ret==0) [ 462.428099][T21623] dtv5100: wlen = 0, aborting. [ 462.435489][ T9605] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 462.446899][ T9605] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 462.457772][ T9605] usb 1-1: USB disconnect, device number 86 [ 462.481208][ T9605] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 462.580796][ T9623] usb 7-1: Using ep0 maxpacket: 16 [ 462.605605][ T9623] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.627855][ T9623] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 462.641745][ T9623] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.671964][ T9623] usb 7-1: config 0 descriptor?? [ 462.855173][ T9620] usb 5-1: USB disconnect, device number 80 [ 462.982644][T21706] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.6867'. [ 463.096491][T21710] veth0: entered promiscuous mode [ 463.120136][ T9623] mcp2221 0003:04D8:00DD.007C: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0 [ 463.132825][T21709] veth0: left promiscuous mode [ 463.170713][ T1608] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 463.315574][T21724] netlink: 'syz.7.6874': attribute type 10 has an invalid length. [ 463.327132][T21724] netlink: 'syz.7.6874': attribute type 17 has an invalid length. [ 463.336693][ T1608] usb 4-1: config 0 has an invalid interface number: 98 but max is 0 [ 463.353840][T21724] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 463.369257][ T1608] usb 4-1: config 0 has no interface number 0 [ 463.376914][ T1608] usb 4-1: config 0 interface 98 has no altsetting 0 [ 463.400032][ T1608] usb 4-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24 [ 463.424295][ T1608] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.450736][ T1608] usb 4-1: Product: syz [ 463.454923][ T1608] usb 4-1: Manufacturer: syz [ 463.459507][ T1608] usb 4-1: SerialNumber: syz [ 463.491541][ T1608] usb 4-1: config 0 descriptor?? [ 463.586230][ T9605] usb 7-1: USB disconnect, device number 61 [ 463.710320][ T1608] usb 4-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II [ 464.324973][T21763] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6899'. [ 464.401795][ T1608] usb 4-1: reset high-speed USB device number 87 using dummy_hcd [ 464.618942][ T30] audit: type=1400 audit(1755080589.277:917): avc: denied { nlmsg_read } for pid=21770 comm="syz.0.6892" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 464.793337][ T1608] usb 4-1: failed to restore interface 98 altsetting 4 (error=-71) [ 464.804250][ T1608] usb 4-1: [ueagle-atm] pre-firmware device, uploading firmware [ 464.820851][ T1608] usb 4-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 464.829170][ T9605] usb 4-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2 [ 464.849059][ T9605] usb 4-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw [ 464.859840][ T30] audit: type=1400 audit(1755080589.507:918): avc: denied { firmware_load } for pid=9605 comm="kworker/0:8" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 464.880828][ T1608] usb 4-1: USB disconnect, device number 87 [ 465.668698][T21806] af_packet: tpacket_rcv: packet too big, clamped from 57 to 4294967272. macoff=96 [ 465.821176][ T9620] usb 7-1: new high-speed USB device number 62 using dummy_hcd [ 465.900584][ T30] audit: type=1400 audit(1755080590.557:919): avc: denied { remount } for pid=21814 comm="syz.0.6913" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 466.022114][ T9620] usb 7-1: New USB device found, idVendor=0c70, idProduct=f010, bcdDevice= 0.00 [ 466.039863][ T9620] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.063168][ T9620] usb 7-1: config 0 descriptor?? [ 466.245982][ T30] audit: type=1400 audit(1755080590.907:920): avc: denied { read } for pid=21832 comm="syz.3.6920" path="socket:[96107]" dev="sockfs" ino=96107 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 466.269109][ C0] vkms_vblank_simulate: vblank timer overrun [ 466.495666][T21849] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 466.510482][ T9620] aquacomputer_d5next 0003:0C70:F010.007D: item fetching failed at offset 1/5 [ 466.524845][ T9620] aquacomputer_d5next 0003:0C70:F010.007D: probe with driver aquacomputer_d5next failed with error -22 [ 466.548629][ T1608] usb 1-1: new full-speed USB device number 87 using dummy_hcd [ 466.739297][ T9620] usb 7-1: USB disconnect, device number 62 [ 466.752193][ T1608] usb 1-1: config 0 has no interfaces? [ 466.765415][ T1608] usb 1-1: New USB device found, idVendor=5543, idProduct=3031, bcdDevice= 0.00 [ 466.779736][ T1608] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.792982][ T1608] usb 1-1: config 0 descriptor?? [ 466.822921][T21866] overlayfs: conflicting lowerdir path [ 466.836882][T21866] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 467.023518][ T9623] usb 1-1: USB disconnect, device number 87 [ 467.090173][T21874] input: syz1 as /devices/virtual/input/input125 [ 467.140778][ T1608] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 467.184854][T21877] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 467.293996][ T1608] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 467.303751][ T1608] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 467.316714][ T1608] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 467.319162][T21883] pim6reg1: entered promiscuous mode [ 467.329118][ T1608] usb 4-1: config 0 interface 0 has no altsetting 0 [ 467.333635][T21883] pim6reg1: entered allmulticast mode [ 467.349002][ T1608] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 467.358783][ T1608] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 467.369934][ T1608] usb 4-1: config 0 interface 0 has no altsetting 0 [ 467.377450][ T1608] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 467.386422][ T1608] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 467.397968][ T1608] usb 4-1: config 0 interface 0 has no altsetting 0 [ 467.405512][ T1608] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 467.414479][ T1608] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 467.425379][ T1608] usb 4-1: config 0 interface 0 has no altsetting 0 [ 467.433087][ T1608] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 467.442010][ T1608] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 467.452917][ T1608] usb 4-1: config 0 interface 0 has no altsetting 0 [ 467.463098][ T1608] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 467.476016][ T1608] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 467.486956][ T1608] usb 4-1: config 0 interface 0 has no altsetting 0 [ 467.494510][ T1608] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 467.503751][ T1608] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 467.514737][ T1608] usb 4-1: config 0 interface 0 has no altsetting 0 [ 467.522291][ T1608] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 467.531387][ T1608] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 467.535202][T21887] sock: sock_set_timeout: `syz.6.6945' (pid 21887) tries to set negative timeout [ 467.552705][ T1608] usb 4-1: config 0 interface 0 has no altsetting 0 [ 467.569106][ T1608] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 467.578366][ T1608] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 467.592459][ T1608] usb 4-1: Product: syz [ 467.596701][ T1608] usb 4-1: Manufacturer: syz [ 467.601425][ T1608] usb 4-1: SerialNumber: syz [ 467.612214][ T1608] usb 4-1: config 0 descriptor?? [ 467.638749][ T1608] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 467.844805][ T1608] usb 4-1: USB disconnect, device number 88 [ 467.853225][ T1608] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 468.272391][ T1608] hid-generic 0000:0000:0000.007E: unknown main item tag 0x0 [ 468.283247][ T1608] hid-generic 0000:0000:0000.007E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 468.825266][T21935] trusted_key: encrypted_key: keyword 'upEe' not recognized [ 468.840699][ T9620] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 468.992171][ T9620] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 469.002486][ T9620] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 469.017025][ T9620] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 469.026378][ T9620] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.034381][ T9620] usb 4-1: Product: syz [ 469.038541][ T9620] usb 4-1: Manufacturer: syz [ 469.043152][ T9620] usb 4-1: SerialNumber: syz [ 469.146590][ T9623] kernel read not supported for file /dsp (pid: 9623 comm: kworker/1:14) [ 469.255828][T21923] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 469.264727][T21923] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 469.277822][ T9620] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 469.291583][ T9620] usb 4-1: USB disconnect, device number 89 [ 469.297682][T21942] syzkaller1: entered promiscuous mode [ 469.303348][T21942] syzkaller1: entered allmulticast mode [ 469.733103][ T9620] usb 4-1: new full-speed USB device number 90 using dummy_hcd [ 469.912241][ T9620] usb 4-1: config index 0 descriptor too short (expected 301, got 72) [ 469.920563][ T9620] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 469.933551][ T9620] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 469.944752][ T9620] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 1024, setting to 64 [ 469.958594][ T9620] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 469.969914][ T9620] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 469.987326][ T9620] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 469.987497][T21984] random: crng reseeded on system resumption [ 469.997304][ T9620] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.014728][T21923] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 470.120920][ T9623] usb 5-1: new full-speed USB device number 81 using dummy_hcd [ 470.240739][ T9620] usb 4-1: usb_control_msg returned -71 [ 470.248576][ T9620] usbtmc 4-1:16.0: can't read capabilities [ 470.320664][ T9620] usb 4-1: USB disconnect, device number 90 [ 470.335420][ T9623] usb 5-1: config 0 has no interfaces? [ 470.362271][ T9623] usb 5-1: New USB device found, idVendor=1604, idProduct=8005, bcdDevice=9d.51 [ 470.377469][ T9623] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.385861][ T9623] usb 5-1: Product: syz [ 470.390017][ T9623] usb 5-1: Manufacturer: syz [ 470.397479][ T9623] usb 5-1: SerialNumber: syz [ 470.404136][ T9623] usb 5-1: config 0 descriptor?? [ 470.519523][ T30] audit: type=1326 audit(1755080595.177:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22007 comm="syz.6.6997" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f760578ebe9 code=0x0 [ 470.637531][ T9620] usb 5-1: USB disconnect, device number 81 [ 470.722759][T22019] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7002'. [ 471.172199][ T30] audit: type=1326 audit(1755080595.837:922): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22048 comm="syz.0.7017" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x0 [ 471.260839][ T9623] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 471.433507][ T9623] usb 4-1: Using ep0 maxpacket: 16 [ 471.440126][ T9623] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 471.452998][ T9623] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 471.468434][ T9623] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 471.479525][ T9623] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 471.491958][ T9623] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 471.507601][ T9623] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 471.518280][ T9623] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 471.527865][ T9623] usb 4-1: Manufacturer: syz [ 471.536429][ T9623] usb 4-1: config 0 descriptor?? [ 471.657989][T22067] netlink: 'syz.4.7025': attribute type 21 has an invalid length. [ 471.800742][ T9623] rc_core: IR keymap rc-hauppauge not found [ 471.810741][ T9623] Registered IR keymap rc-empty [ 471.820854][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 471.850694][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 471.885179][ T9623] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 471.913074][ T9623] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input126 [ 471.942271][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 471.971894][T22073] infiniband syz2: set down [ 471.976841][T22073] infiniband syz2: added syzkaller0 [ 471.992048][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 472.011601][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 472.041212][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 472.055286][T22073] RDS/IB: syz2: added [ 472.063088][T22073] smc: adding ib device syz2 with port count 1 [ 472.069852][T22077] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7028'. [ 472.079115][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 472.088499][T22073] smc: ib device syz2 port 1 has pnetid [ 472.111124][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 472.158391][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 472.200716][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 472.241093][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 472.260777][ T9623] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 472.293557][ T9623] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 472.307818][ T30] audit: type=1400 audit(1755080596.967:923): avc: denied { ioctl } for pid=22080 comm="syz.0.7030" path="socket:[97839]" dev="sockfs" ino=97839 ioctlcmd=0x8b19 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 472.309432][ T9623] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 472.332559][ C0] vkms_vblank_simulate: vblank timer overrun [ 472.389026][ T9623] usb 4-1: USB disconnect, device number 91 [ 472.800856][ T9612] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 472.940755][ T9623] usb 7-1: new high-speed USB device number 63 using dummy_hcd [ 472.962140][ T9612] usb 1-1: config 0 has an invalid interface number: 252 but max is 0 [ 472.962765][ T30] audit: type=1326 audit(1755080597.627:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22105 comm="syz.3.7042" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d6b98ebe9 code=0x0 [ 472.970523][ T9612] usb 1-1: config 0 has no interface number 0 [ 473.002766][ T9612] usb 1-1: config 0 interface 252 altsetting 207 bulk endpoint 0x2 has invalid maxpacket 16 [ 473.015067][ T9612] usb 1-1: config 0 interface 252 altsetting 207 endpoint 0x5 has an invalid bInterval 181, changing to 11 [ 473.028220][ T9612] usb 1-1: config 0 interface 252 has no altsetting 0 [ 473.036369][ T9612] usb 1-1: New USB device found, idVendor=0bfd, idProduct=010d, bcdDevice=ea.ea [ 473.047106][ T9612] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.058881][ T9612] usb 1-1: config 0 descriptor?? [ 473.065965][T22091] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 473.090817][ T9623] usb 7-1: Using ep0 maxpacket: 32 [ 473.097658][ T9623] usb 7-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 473.106991][ T9623] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.122159][ T9623] usb 7-1: config 0 descriptor?? [ 473.130506][ T9623] gspca_main: sq930x-2.14.0 probing 041e:403c [ 473.158717][ T6937] smc: removing ib device syz2 [ 473.281821][T22091] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7035'. [ 473.300011][ T9612] usb 1-1: string descriptor 0 read error: -71 [ 473.311010][ T9612] kvaser_usb 1-1:0.252: error -ENODEV: Cannot get usb endpoint(s) [ 473.345245][ T9612] usb 1-1: USB disconnect, device number 88 [ 473.991747][T22120] netlink: 'syz.0.7048': attribute type 1 has an invalid length. [ 474.100968][ T9612] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 474.145883][ T9623] gspca_sq930x: ucbus_write failed -71 [ 474.145986][T22128] netlink: 'syz.0.7052': attribute type 4 has an invalid length. [ 474.160966][ T9623] sq930x 7-1:0.0: probe with driver sq930x failed with error -71 [ 474.172478][ T9623] usb 7-1: USB disconnect, device number 63 [ 474.271079][ T9612] usb 4-1: Using ep0 maxpacket: 32 [ 474.281246][ T9612] usb 4-1: config 0 interface 0 has no altsetting 0 [ 474.290669][ T9612] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 474.299744][ T9612] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 474.308182][ T9612] usb 4-1: Product: syz [ 474.312611][ T9612] usb 4-1: Manufacturer: syz [ 474.317851][ T9612] usb 4-1: SerialNumber: syz [ 474.324728][ T9612] usb 4-1: config 0 descriptor?? [ 474.711506][ T9623] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 474.736559][ T9612] gs_usb 4-1:0.0: Configuring for 2 interfaces [ 474.769589][T22149] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 474.880865][ T9623] usb 5-1: Using ep0 maxpacket: 32 [ 474.888795][ T9623] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 474.897930][ T9623] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 474.905996][ T9623] usb 5-1: Product: syz [ 474.910169][ T9623] usb 5-1: Manufacturer: syz [ 474.914821][ T9623] usb 5-1: SerialNumber: syz [ 474.921016][ T9623] usb 5-1: config 0 descriptor?? [ 475.040781][ T1608] usb 7-1: new high-speed USB device number 64 using dummy_hcd [ 475.194098][ T1608] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 475.202601][ T1608] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 475.213457][ T1608] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 475.222582][ T1608] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 475.231510][ T1608] usb 7-1: Manufacturer: syz [ 475.238061][ T1608] usb 7-1: config 0 descriptor?? [ 475.300671][ T1608] rc_core: IR keymap rc-hauppauge not found [ 475.306596][ T1608] Registered IR keymap rc-empty [ 475.313915][ T1608] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 475.328368][ T1608] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input127 [ 475.339926][ T9623] airspy 5-1:0.0: Board ID: 00 [ 475.347223][ T9612] gs_usb 4-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO) [ 475.355613][ T9623] airspy 5-1:0.0: Firmware version: [ 475.412116][ T9612] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -71 [ 475.424452][ T9612] usb 4-1: USB disconnect, device number 92 [ 475.464950][T22151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 475.475531][T22151] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 475.494982][ T1608] usb 7-1: USB disconnect, device number 64 [ 475.860707][ T9609] usb 1-1: new high-speed USB device number 89 using dummy_hcd [ 475.945276][ T9623] airspy 5-1:0.0: usb_control_msg() failed -71 request 12 [ 475.955448][ T9623] airspy 5-1:0.0: Registered as swradio24 [ 475.961965][ T9623] airspy 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 475.973290][ T9623] usb 5-1: USB disconnect, device number 82 [ 476.010687][ T9609] usb 1-1: Using ep0 maxpacket: 8 [ 476.018525][ T9609] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 476.034570][ T9609] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 476.043982][ T9609] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 476.052238][ T9609] usb 1-1: Product: syz [ 476.056463][ T9609] usb 1-1: Manufacturer: syz [ 476.061221][ T9609] usb 1-1: SerialNumber: syz [ 476.170743][ T9612] usb 4-1: new full-speed USB device number 93 using dummy_hcd [ 476.273234][ T9609] usb 1-1: Invalid connection information received from device [ 476.322343][ T9612] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 476.332615][ T9612] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 476.345501][ T9612] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 476.354680][ T9612] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.364817][ T9612] usb 4-1: Product: syz [ 476.368982][ T9612] usb 4-1: Manufacturer: syz [ 476.373625][ T9612] usb 4-1: SerialNumber: syz [ 476.486113][ T9623] usb 1-1: USB disconnect, device number 89 [ 476.848508][T22208] input: syz1 as /devices/virtual/input/input128 [ 477.294854][T22241] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 477.406401][ T9612] cdc_ncm 4-1:1.0: bind() failure [ 477.433830][ T9612] usbtest 4-1:1.1: probe with driver usbtest failed with error -71 [ 477.447084][ T6937] Bluetooth: hci5: Frame reassembly failed (-84) [ 477.498627][ T9612] usb 4-1: USB disconnect, device number 93 [ 477.581766][T22257] syzkaller1: entered promiscuous mode [ 477.587337][T22257] syzkaller1: entered allmulticast mode [ 477.875666][T22280] binder: 22279:22280 ioctl c0306201 0 returned -14 [ 477.884235][T22280] binder: 22279:22280 ioctl c0306201 200000000540 returned -11 [ 478.076249][T22291] tipc: Started in network mode [ 478.084170][T22291] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711 [ 478.093260][T22291] tipc: Enabling of bearer rejected, failed to enable media [ 478.163455][T22298] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 478.695435][ T30] audit: type=1400 audit(1755080603.357:925): avc: denied { read } for pid=22321 comm="syz.0.7138" path="socket:[98504]" dev="sockfs" ino=98504 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 478.719324][ C0] vkms_vblank_simulate: vblank timer overrun [ 478.746449][T22324] netlink: 240 bytes leftover after parsing attributes in process `syz.0.7138'. [ 478.784162][ T9612] hid-generic 0000:0000:0000.007F: unknown main item tag 0x0 [ 478.797457][ T9612] hid-generic 0000:0000:0000.007F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 479.404431][T22352] block nbd3: NBD_DISCONNECT [ 479.412758][T22352] block nbd3: Send disconnect failed -22 [ 479.418509][ T30] audit: type=1400 audit(1755080604.067:926): avc: denied { write } for pid=22351 comm="syz.3.7151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 479.468771][T22351] block nbd3: Disconnected due to user request. [ 479.471781][ T5845] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 479.475871][ T5858] Bluetooth: hci5: command 0x1003 tx timeout [ 479.494536][T22351] block nbd3: shutting down sockets [ 479.560713][T22360] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7155'. [ 479.982892][ T30] audit: type=1400 audit(1755080604.647:927): avc: denied { create } for pid=22373 comm="syz.3.7162" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=chr_file permissive=1 [ 480.169775][ T30] audit: type=1400 audit(1755080604.827:928): avc: denied { accept } for pid=22377 comm="syz.4.7164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 480.466777][T22410] syzkaller1: entered promiscuous mode [ 480.474336][T22410] syzkaller1: entered allmulticast mode [ 480.503062][T22411] netlink: 44 bytes leftover after parsing attributes in process `syz.0.7174'. [ 480.513854][T22411] netlink: 43 bytes leftover after parsing attributes in process `syz.0.7174'. [ 480.538374][T22411] netlink: 'syz.0.7174': attribute type 6 has an invalid length. [ 480.548266][T22411] netlink: 'syz.0.7174': attribute type 5 has an invalid length. [ 480.557149][T22411] netlink: 43 bytes leftover after parsing attributes in process `syz.0.7174'. [ 480.750741][ T9612] usb 7-1: new high-speed USB device number 65 using dummy_hcd [ 480.950950][ T9612] usb 7-1: Using ep0 maxpacket: 8 [ 480.959854][ T9612] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 480.983632][ T9612] usb 7-1: config 179 has no interface number 0 [ 481.010197][ T9612] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 481.041466][ T9612] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 481.070066][ T9612] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 481.091050][ T9612] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 481.120686][ T9612] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 481.155472][ T9612] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 481.180110][ T9612] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.203234][T22413] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 481.429997][ T5870] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input129 [ 481.500758][ T9612] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 481.539150][ T30] audit: type=1400 audit(1755080606.197:929): avc: denied { remount } for pid=22456 comm="syz.7.7195" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 481.627301][T22413] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 481.641008][T22413] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 481.670856][ T9612] usb 5-1: Using ep0 maxpacket: 32 [ 481.674405][T22463] syzkaller1: entered promiscuous mode [ 481.677811][ T9612] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 481.681671][T22463] syzkaller1: entered allmulticast mode [ 481.706763][ T9612] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 481.725574][ T9612] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 481.745499][ T9612] usb 5-1: Product: syz [ 481.749749][ T9612] usb 5-1: Manufacturer: syz [ 481.764285][ T9612] usb 5-1: SerialNumber: syz [ 481.775175][ T9612] usb 5-1: config 0 descriptor?? [ 481.781965][T22439] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 481.852037][ T9607] usb 7-1: USB disconnect, device number 65 [ 481.852093][ C1] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 481.866681][ C1] dummy_hcd dummy_hcd.6: timer fired with no URBs pending? [ 481.878706][ T30] audit: type=1326 audit(1755080606.547:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22468 comm="syz.0.7201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 481.900457][T22471] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7202'. [ 481.902100][ C0] vkms_vblank_simulate: vblank timer overrun [ 481.920501][ T30] audit: type=1326 audit(1755080606.577:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22468 comm="syz.0.7201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 481.948275][ T30] audit: type=1326 audit(1755080606.577:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22468 comm="syz.0.7201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 481.977139][ T30] audit: type=1326 audit(1755080606.577:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22468 comm="syz.0.7201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 482.004431][ T30] audit: type=1326 audit(1755080606.577:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22468 comm="syz.0.7201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 482.058413][ T9607] usb 5-1: USB disconnect, device number 83 [ 482.781681][T22510] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=22510 comm=syz.3.7219 [ 482.796160][T22510] netlink: 32 bytes leftover after parsing attributes in process `syz.3.7219'. [ 483.401366][T22548] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 483.411352][T22548] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 483.420389][T22548] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 483.429459][T22548] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 483.438520][T22548] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 483.447580][T22548] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 483.456640][T22548] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 483.465703][T22548] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 483.474765][T22548] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 483.483817][T22548] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 484.001900][ T9612] usb 7-1: new high-speed USB device number 66 using dummy_hcd [ 484.013247][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 484.013261][ T30] audit: type=1326 audit(1755080608.677:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22577 comm="syz.3.7248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 484.060087][ T30] audit: type=1326 audit(1755080608.677:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22577 comm="syz.3.7248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 484.161315][ T9612] usb 7-1: Using ep0 maxpacket: 32 [ 484.170370][ T9612] usb 7-1: config 254 has an invalid interface number: 160 but max is 0 [ 484.179148][ T9612] usb 7-1: config 254 has no interface number 0 [ 484.188419][ T9612] usb 7-1: config 254 interface 160 has no altsetting 0 [ 484.197457][ T9612] usb 7-1: New USB device found, idVendor=24df, idProduct=d062, bcdDevice=c0.3f [ 484.206646][ T9612] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.226897][ T9612] usb 7-1: Product: syz [ 484.237134][ T9612] usb 7-1: Manufacturer: syz [ 484.260700][ T9612] usb 7-1: SerialNumber: syz [ 484.340926][T22597] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 484.349255][T22592] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 484.684611][ T9612] usb 7-1: bad CDC descriptors [ 484.693572][ T9612] usb 7-1: USB disconnect, device number 66 [ 484.920676][ T9623] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 485.070763][ T9623] usb 4-1: Using ep0 maxpacket: 32 [ 485.077301][ T9623] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 485.085313][ T9623] usb 4-1: config 0 has no interface number 0 [ 485.093249][ T9623] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 485.102427][ T9623] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.110419][ T9623] usb 4-1: Product: syz [ 485.114583][ T9623] usb 4-1: Manufacturer: syz [ 485.119146][ T9623] usb 4-1: SerialNumber: syz [ 485.125930][ T9623] usb 4-1: config 0 descriptor?? [ 485.151106][ T9623] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 485.159903][ T9623] usb 4-1: selecting invalid altsetting 1 [ 485.168693][ T9623] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 485.179409][ T9623] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 485.190180][ T9623] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 485.198647][ T9623] usb 4-1: media controller created [ 485.230276][ T9623] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 485.397915][ T9623] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 485.410571][ T9623] zl10353_read_register: readreg error (reg=127, ret==-32) [ 485.450869][ T1608] usb 5-1: new full-speed USB device number 84 using dummy_hcd [ 485.613323][ T1608] usb 5-1: config index 0 descriptor too short (expected 69, got 36) [ 485.621530][ T1608] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 485.634924][ T1608] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 485.644249][ T1608] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.652434][ T1608] usb 5-1: Product: syz [ 485.656591][ T1608] usb 5-1: Manufacturer: syz [ 485.661711][ T1608] usb 5-1: SerialNumber: syz [ 485.668579][ T1608] usb 5-1: config 0 descriptor?? [ 485.684597][ T1608] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 485.730846][ T9612] usb 7-1: new high-speed USB device number 67 using dummy_hcd [ 485.893881][ T9612] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 485.907356][ T9612] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.919065][ T9612] usb 7-1: config 0 descriptor?? [ 485.928455][ T9612] cp210x 7-1:0.0: cp210x converter detected [ 486.337459][ T9612] cp210x 7-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 486.348820][ T9612] usb 7-1: cp210x converter now attached to ttyUSB0 [ 486.431162][T22613] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 486.441262][ T9623] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 486.466804][ T9623] usb 4-1: USB disconnect, device number 94 [ 486.489955][ T1608] input: gspca_pac7302 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input130 [ 486.558721][ T9607] usb 7-1: USB disconnect, device number 67 [ 486.567119][ T9607] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 486.581677][ T9607] cp210x 7-1:0.0: device disconnected [ 486.693885][ T1608] usb 5-1: USB disconnect, device number 84 [ 487.833472][ T9607] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 487.992422][ T9607] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 488.004093][ T9607] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 488.015589][ T9607] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 488.025384][ T9607] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 488.038445][ T9607] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 488.047556][ T9607] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.057038][ T9607] usb 5-1: config 0 descriptor?? [ 488.141415][ T1608] usb 7-1: new high-speed USB device number 68 using dummy_hcd [ 488.290650][ T1608] usb 7-1: Using ep0 maxpacket: 32 [ 488.297219][ T1608] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 488.305527][ T1608] usb 7-1: config 0 has no interface number 0 [ 488.313377][ T1608] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 488.322497][ T1608] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.330481][ T1608] usb 7-1: Product: syz [ 488.334674][ T1608] usb 7-1: Manufacturer: syz [ 488.339280][ T1608] usb 7-1: SerialNumber: syz [ 488.345405][ T1608] usb 7-1: config 0 descriptor?? [ 488.352785][ T1608] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 488.394024][ T30] audit: type=1326 audit(1755080613.057:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22736 comm="syz.0.7314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 488.418888][ T30] audit: type=1326 audit(1755080613.057:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22736 comm="syz.0.7314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 488.447532][ T30] audit: type=1326 audit(1755080613.057:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22736 comm="syz.0.7314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 488.478685][ T30] audit: type=1326 audit(1755080613.057:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22736 comm="syz.0.7314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 488.502063][ C0] vkms_vblank_simulate: vblank timer overrun [ 488.528336][ T9607] plantronics 0003:047F:FFFF.0080: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 488.560710][ T30] audit: type=1326 audit(1755080613.057:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22736 comm="syz.0.7314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 488.584113][ C0] vkms_vblank_simulate: vblank timer overrun [ 488.595882][ T30] audit: type=1326 audit(1755080613.057:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22736 comm="syz.0.7314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 488.619263][ C0] vkms_vblank_simulate: vblank timer overrun [ 488.629720][ T1608] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 488.652846][ T1608] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 488.708589][ T30] audit: type=1326 audit(1755080613.057:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22736 comm="syz.0.7314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 488.732039][ C0] vkms_vblank_simulate: vblank timer overrun [ 488.773608][ T30] audit: type=1326 audit(1755080613.057:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22736 comm="syz.0.7314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 488.797061][ C0] vkms_vblank_simulate: vblank timer overrun [ 488.828389][ T9623] usb 5-1: USB disconnect, device number 85 [ 489.011661][T22756] sp0: Synchronizing with TNC [ 489.023200][T22756] sp0: Found TNC [ 489.046697][ C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 489.047015][ T9612] usb 7-1: USB disconnect, device number 68 [ 489.072790][ T9612] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 489.094240][ T9612] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 489.106364][ T9612] quatech2 7-1:0.51: device disconnected [ 489.290684][ T9623] usb 1-1: new high-speed USB device number 90 using dummy_hcd [ 489.350170][T22774] bridge0: entered allmulticast mode [ 489.462444][ T9623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.475432][ T9623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.485662][ T9623] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 489.494776][ T9623] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.504354][ T9623] usb 1-1: config 0 descriptor?? [ 489.774725][T22793] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7339'. [ 489.830813][ T1608] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 489.918491][ T9623] cm6533_jd 0003:0D8C:0022.0081: unknown main item tag 0x0 [ 489.928329][ T9623] cm6533_jd 0003:0D8C:0022.0081: unknown main item tag 0x0 [ 489.941645][ T9623] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0081/input/input132 [ 489.961784][ T9623] cm6533_jd 0003:0D8C:0022.0081: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 489.993943][ T1608] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 490.014975][ T1608] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 490.024823][ T1608] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 490.037823][ T1608] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 490.047171][ T1608] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.059073][ T1608] usb 5-1: config 0 descriptor?? [ 490.172008][ T9623] usb 1-1: USB disconnect, device number 90 [ 490.477991][ T1608] plantronics 0003:047F:FFFF.0082: unknown main item tag 0x0 [ 490.486732][ T1608] plantronics 0003:047F:FFFF.0082: unknown main item tag 0x0 [ 490.498171][ T1608] plantronics 0003:047F:FFFF.0082: unknown main item tag 0x0 [ 490.506684][ T1608] plantronics 0003:047F:FFFF.0082: unknown main item tag 0x0 [ 490.514474][ T1608] plantronics 0003:047F:FFFF.0082: unknown main item tag 0x0 [ 490.522064][ T1608] plantronics 0003:047F:FFFF.0082: unknown main item tag 0x0 [ 490.535988][ T1608] plantronics 0003:047F:FFFF.0082: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 490.550885][ T9607] usb 7-1: new high-speed USB device number 69 using dummy_hcd [ 490.700791][ T9607] usb 7-1: Using ep0 maxpacket: 16 [ 490.707388][ T9607] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 490.722900][ T9607] usb 7-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 490.732089][ T9607] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.740062][ T9607] usb 7-1: Product: syz [ 490.744278][ T9607] usb 7-1: Manufacturer: syz [ 490.748869][ T9607] usb 7-1: SerialNumber: syz [ 490.758089][ T9620] usb 5-1: USB disconnect, device number 86 [ 490.761851][ T9607] usb 7-1: config 0 descriptor?? [ 490.770746][ T9607] hub 7-1:0.0: bad descriptor, ignoring hub [ 490.776658][ T9607] hub 7-1:0.0: probe with driver hub failed with error -5 [ 490.785084][ T9607] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 491.295092][ T9620] kernel write not supported for file /3391/sched (pid: 9620 comm: kworker/1:11) [ 491.582532][ T9620] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 491.750680][ T9620] usb 5-1: Using ep0 maxpacket: 8 [ 491.756982][ T9620] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 491.768089][ T9620] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 491.777164][ T9620] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.787541][ T9620] usb 5-1: config 0 descriptor?? [ 491.950822][ T9623] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 492.013831][ T9620] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 492.073145][ T5870] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 492.102564][ T9623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 492.120671][ T9623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 492.130519][ T9623] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 492.139667][ T9623] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.149710][ T9623] usb 1-1: config 0 descriptor?? [ 492.242628][ T5870] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 492.252875][ T5870] usb 4-1: config 0 has no interfaces? [ 492.264380][ T5870] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 492.274242][ T5870] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 492.282467][ T5870] usb 4-1: Manufacturer: syz [ 492.288798][ T5870] usb 4-1: config 0 descriptor?? [ 492.428835][ T1608] usb 5-1: USB disconnect, device number 87 [ 492.507558][ T9607] usb 4-1: USB disconnect, device number 95 [ 492.565313][ T9623] cp2112 0003:10C4:EA90.0083: unknown main item tag 0x0 [ 492.574109][ T9623] cp2112 0003:10C4:EA90.0083: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 492.764429][ T9623] cp2112 0003:10C4:EA90.0083: Part Number: 0x82 Device Version: 0xFE [ 492.965376][ T9623] cp2112 0003:10C4:EA90.0083: error requesting SMBus config [ 492.974574][ T9623] cp2112 0003:10C4:EA90.0083: probe with driver cp2112 failed with error -71 [ 492.989018][ T9623] usb 1-1: USB disconnect, device number 91 [ 493.010456][T22864] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7371'. [ 493.024162][T22864] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7371'. [ 493.307099][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 493.307114][ T30] audit: type=1326 audit(1755080617.967:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22875 comm="syz.3.7377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 493.369986][ T9607] usb 7-1: USB disconnect, device number 69 [ 493.383597][ T30] audit: type=1326 audit(1755080617.967:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22875 comm="syz.3.7377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 493.412313][ T5870] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 493.413821][ T30] audit: type=1326 audit(1755080617.967:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22875 comm="syz.3.7377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 493.450120][ T30] audit: type=1326 audit(1755080617.967:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22875 comm="syz.3.7377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 493.481624][ T30] audit: type=1326 audit(1755080617.967:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22875 comm="syz.3.7377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 493.527819][ T30] audit: type=1326 audit(1755080617.967:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22875 comm="syz.3.7377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 493.551198][ C0] vkms_vblank_simulate: vblank timer overrun [ 493.582742][ T30] audit: type=1326 audit(1755080617.987:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22875 comm="syz.3.7377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 493.609711][ T30] audit: type=1326 audit(1755080617.987:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22875 comm="syz.3.7377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 493.621406][ T5870] usb 5-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73 [ 493.633098][ C0] vkms_vblank_simulate: vblank timer overrun [ 493.633696][ T30] audit: type=1326 audit(1755080617.987:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22875 comm="syz.3.7377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 493.675389][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.687219][ T30] audit: type=1326 audit(1755080617.987:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22875 comm="syz.3.7377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d6b98ebe9 code=0x7ffc0000 [ 493.687851][ T5870] usb 5-1: Product: syz [ 493.715771][ T5870] usb 5-1: Manufacturer: syz [ 493.754857][ T5870] usb 5-1: SerialNumber: syz [ 493.763637][ T5870] usb 5-1: config 0 descriptor?? [ 494.650305][T22937] netlink: 'syz.3.7406': attribute type 2 has an invalid length. [ 494.659196][T22937] netlink: 1184 bytes leftover after parsing attributes in process `syz.3.7406'. [ 494.790189][ T5870] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 494.801766][ T5870] asix 5-1:0.0: probe with driver asix failed with error -71 [ 494.813217][ T5870] usb 5-1: USB disconnect, device number 88 [ 494.994567][T22951] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 495.008770][T22951] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 495.023096][T22951] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 495.033267][T22951] overlayfs: conflicting lowerdir path [ 495.094994][T22959] kernel read not supported for file /eth0 (pid: 22959 comm: syz.3.7417) [ 495.109968][T22960] pim6reg: entered allmulticast mode [ 495.134878][T22960] pim6reg: left allmulticast mode [ 495.600869][ T5870] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 495.752150][ T5870] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 495.762377][ T5870] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 495.773390][ T5870] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 495.785097][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 495.793285][ T5870] usb 5-1: SerialNumber: syz [ 495.859031][T23001] ALSA: seq fatal error: cannot create timer (-22) [ 495.940833][ T9607] usb 1-1: new high-speed USB device number 92 using dummy_hcd [ 495.990720][ T1608] usb 7-1: new high-speed USB device number 70 using dummy_hcd [ 496.020473][ T5870] usb 5-1: 0:2 : does not exist [ 496.025448][ T5870] usb 5-1: usbmixer: too many channels (61) in unit 5 [ 496.046131][ T5870] usb 5-1: USB disconnect, device number 89 [ 496.100811][ T9607] usb 1-1: Using ep0 maxpacket: 8 [ 496.132113][ T9607] usb 1-1: config 0 has an invalid interface number: 186 but max is 0 [ 496.152711][ T1608] usb 7-1: Using ep0 maxpacket: 16 [ 496.161022][ T9607] usb 1-1: config 0 has no interface number 0 [ 496.172260][ T9607] usb 1-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 496.191070][ T9607] usb 1-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 496.203258][ T9607] usb 1-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 496.214812][ T9607] usb 1-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 496.229372][ T1608] usb 7-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 496.238566][ T1608] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.246853][ T1608] usb 7-1: Product: syz [ 496.251137][ T1608] usb 7-1: Manufacturer: syz [ 496.255885][ T1608] usb 7-1: SerialNumber: syz [ 496.271948][ T1608] usb 7-1: config 0 descriptor?? [ 496.277606][ T9607] usb 1-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 496.288446][ T1608] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 496.297309][ T9607] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.305554][ T9607] usb 1-1: Product: syz [ 496.309756][ T9607] usb 1-1: Manufacturer: syz [ 496.314471][ T9607] usb 1-1: SerialNumber: syz [ 496.331410][ T9607] usb 1-1: config 0 descriptor?? [ 496.491177][ T1608] gp8psk: usb in 128 operation failed. [ 496.501125][ T1608] gp8psk: usb in 137 operation failed. [ 496.506661][ T1608] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 496.520128][ T1608] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver) [ 496.531178][ T1608] usb 7-1: media controller created [ 496.553717][ T9607] iowarrior 1-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 496.565681][ T1608] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 496.588265][ T1608] gp8psk_fe: Frontend revision 1 attached [ 496.599682][T23008] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 496.606757][ T1608] usb 7-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 496.633198][ T1608] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 496.784137][ T9612] usb 1-1: USB disconnect, device number 92 [ 496.852874][ T1608] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected. [ 496.870758][ T1608] gp8psk: found Genpix USB device pID = 201 (hex) [ 497.039719][T23038] netlink: 'syz.4.7453': attribute type 10 has an invalid length. [ 497.063454][ T1608] usb 7-1: USB disconnect, device number 70 [ 497.129531][ T1608] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected. [ 498.000945][ T9612] usb 7-1: new high-speed USB device number 71 using dummy_hcd [ 498.035197][T23100] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 498.162855][ T9612] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 498.200341][ T9612] usb 7-1: config 0 interface 0 has no altsetting 0 [ 498.217956][ T9612] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 498.228069][ T9612] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 498.242193][ T9612] usb 7-1: Product: syz [ 498.246362][ T9612] usb 7-1: Manufacturer: syz [ 498.258967][ T9612] usb 7-1: SerialNumber: syz [ 498.266604][ T9612] usb 7-1: config 0 descriptor?? [ 498.284871][ T9612] usb 7-1: selecting invalid altsetting 0 [ 498.415448][T23121] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 498.488433][ T9612] usb 7-1: USB disconnect, device number 71 [ 498.534982][T23129] syzkaller1: entered promiscuous mode [ 498.542145][T23129] syzkaller1: entered allmulticast mode [ 498.690953][ T5870] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 498.850743][ T5870] usb 5-1: Using ep0 maxpacket: 32 [ 498.864218][ T5870] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 498.873202][ T5870] usb 5-1: config 0 has no interface number 0 [ 498.879300][ T5870] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 498.893112][ T5870] usb 5-1: config 0 interface 85 has no altsetting 0 [ 498.901786][ T5870] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 498.920866][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.930640][ T5870] usb 5-1: Product: syz [ 498.935124][ T5870] usb 5-1: Manufacturer: syz [ 498.950190][ T5870] usb 5-1: SerialNumber: syz [ 498.962426][ T5870] usb 5-1: config 0 descriptor?? [ 499.104301][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 499.114877][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 499.124178][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 499.132885][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 499.140444][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 499.157147][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 499.164864][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 499.166055][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 499.166066][ T30] audit: type=1400 audit(1755080623.827:974): avc: denied { mount } for pid=23151 comm="syz.7.7506" name="/" dev="bdev" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bdev_t tclass=filesystem permissive=1 [ 499.177513][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 499.210572][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 499.219308][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 499.363295][T23161] input input134: cannot allocate more than FF_MAX_EFFECTS effects [ 499.526398][T23147] chnl_net:caif_netlink_parms(): no params data found [ 499.612783][ T5870] appletouch 5-1:0.85: Geyser mode initialized. [ 499.624154][ T30] audit: type=1400 audit(1755080624.287:975): avc: denied { sys_nice } for pid=23174 comm="syz.0.7515" capability=23 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 499.630195][ T5870] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input133 [ 499.759341][T23147] bridge0: port 1(bridge_slave_0) entered blocking state [ 499.794856][T23147] bridge0: port 1(bridge_slave_0) entered disabled state [ 499.820887][T23147] bridge_slave_0: entered allmulticast mode [ 499.828126][T23147] bridge_slave_0: entered promiscuous mode [ 499.836154][T23147] bridge0: port 2(bridge_slave_1) entered blocking state [ 499.850862][T23147] bridge0: port 2(bridge_slave_1) entered disabled state [ 499.860936][T23147] bridge_slave_1: entered allmulticast mode [ 499.883848][ T30] audit: type=1326 audit(1755080624.547:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23180 comm="syz.0.7516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a26d2add9 code=0x7ffc0000 [ 499.884094][T23147] bridge_slave_1: entered promiscuous mode [ 499.973401][ T1608] usb 5-1: USB disconnect, device number 90 [ 499.983632][ T30] audit: type=1326 audit(1755080624.547:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23180 comm="syz.0.7516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 500.007983][ T30] audit: type=1326 audit(1755080624.547:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23180 comm="syz.0.7516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 500.031355][ C0] vkms_vblank_simulate: vblank timer overrun [ 500.038132][ T30] audit: type=1326 audit(1755080624.547:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23180 comm="syz.0.7516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 500.070696][ T30] audit: type=1326 audit(1755080624.547:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23180 comm="syz.0.7516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 500.112341][ T30] audit: type=1326 audit(1755080624.547:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23180 comm="syz.0.7516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 500.136586][ T1608] appletouch 5-1:0.85: input: appletouch disconnected [ 500.167240][ T30] audit: type=1326 audit(1755080624.577:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23180 comm="syz.0.7516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 500.178698][T23147] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 500.217834][ T30] audit: type=1326 audit(1755080624.577:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23180 comm="syz.0.7516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a26d8ebe9 code=0x7ffc0000 [ 500.281593][T23147] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 500.362171][T23147] team0: Port device team_slave_0 added [ 500.378832][T23147] team0: Port device team_slave_1 added [ 500.492697][T23147] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 500.499709][T23147] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 500.574486][T23147] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 500.588653][T23197] syz.4.7524 (23197): /proc/23194/oom_adj is deprecated, please use /proc/23194/oom_score_adj instead. [ 500.590545][T23195] loop8: detected capacity change from 0 to 8 [ 500.607574][T23147] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 500.626222][T23147] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 500.638304][T23195] Dev loop8: unable to read RDB block 8 [ 500.676887][T23195] loop8: unable to read partition table [ 500.686610][T23147] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 500.702748][T23195] loop8: partition table beyond EOD, truncated [ 500.709363][T23195] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 500.711809][T23203] vivid-000: disconnect [ 500.856675][T23147] hsr_slave_0: entered promiscuous mode [ 500.865980][T23201] vivid-000: reconnect [ 500.881574][T23147] hsr_slave_1: entered promiscuous mode [ 500.891306][T23147] debugfs: 'hsr0' already exists in 'hsr' [ 500.897030][T23147] Cannot create hsr debugfs directory [ 500.996494][ T1298] net_ratelimit: 3319 callbacks suppressed [ 500.996509][ T1298] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 501.013974][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.310748][ T5858] Bluetooth: hci1: command tx timeout [ 501.311842][T23147] 8021q: adding VLAN 0 to HW filter on device bond0 [ 501.340662][ T1608] usb 7-1: new high-speed USB device number 72 using dummy_hcd [ 501.344273][T23147] 8021q: adding VLAN 0 to HW filter on device team0 [ 501.359543][ T6931] bridge0: port 1(bridge_slave_0) entered blocking state [ 501.366655][ T6931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 501.380210][ T6932] bridge0: port 2(bridge_slave_1) entered blocking state [ 501.387318][ T6932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 501.500104][ T1608] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 501.515814][ T1608] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 501.529388][ T1608] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 501.540119][ T9607] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 501.549414][ T1608] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.565537][T23212] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 501.575860][ T1608] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 501.625469][T23147] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 501.700768][ T9607] usb 5-1: Using ep0 maxpacket: 16 [ 501.712808][ T9607] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 501.726418][ T9607] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 501.734840][ T9607] usb 5-1: Product: syz [ 501.739050][ T9607] usb 5-1: Manufacturer: syz [ 501.743805][ T9607] usb 5-1: SerialNumber: syz [ 501.760761][ T9607] usb 5-1: config 0 descriptor?? [ 501.828503][ T5870] usb 7-1: USB disconnect, device number 72 [ 501.905608][T23147] veth0_vlan: entered promiscuous mode [ 501.918432][T23147] veth1_vlan: entered promiscuous mode [ 501.938869][T23247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7539'. [ 501.948041][T23247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7539'. [ 501.951084][T23147] veth0_macvtap: entered promiscuous mode [ 501.967540][T23147] veth1_macvtap: entered promiscuous mode [ 501.983347][T23147] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 501.994076][T23147] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 502.015290][ T9607] usb 5-1: USB disconnect, device number 91 [ 502.102590][ T6996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 502.119744][ T6996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 502.148540][ T6932] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 502.159723][ T6932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 502.224378][T23254] netlink: 28 bytes leftover after parsing attributes in process `syz.8.7500'. [ 502.234834][T23254] netlink: 'syz.8.7500': attribute type 7 has an invalid length. [ 502.242621][T23254] netlink: 'syz.8.7500': attribute type 8 has an invalid length. [ 502.250387][T23254] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7500'. [ 502.621881][ T9609] usb 1-1: new high-speed USB device number 93 using dummy_hcd [ 502.651581][T23272] block nbd6: NBD_DISCONNECT [ 502.656648][T23272] block nbd6: Send disconnect failed -22 [ 502.664532][T23271] block nbd6: Disconnected due to user request. [ 502.680767][T23271] block nbd6: shutting down sockets [ 502.790651][ T9609] usb 1-1: Using ep0 maxpacket: 8 [ 502.805129][ T9609] usb 1-1: config 0 has no interfaces? [ 502.810863][ T9609] usb 1-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 502.819924][ T9609] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.864285][ T9609] usb 1-1: config 0 descriptor?? [ 503.097223][ T1608] usb 1-1: USB disconnect, device number 93 [ 503.391003][ T5858] Bluetooth: hci1: command tx timeout [ 503.896213][T23334] netlink: 24 bytes leftover after parsing attributes in process `syz.8.7576'. [ 503.930705][ T1608] usb 7-1: new high-speed USB device number 73 using dummy_hcd [ 503.990769][ T5870] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 504.086060][ T1608] usb 7-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 504.100532][ T1608] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.119678][ T1608] usb 7-1: Product: syz [ 504.124083][ T1608] usb 7-1: Manufacturer: syz [ 504.134057][ T1608] usb 7-1: SerialNumber: syz [ 504.143512][ T1608] usb 7-1: config 0 descriptor?? [ 504.177528][ T5870] usb 1-1: Using ep0 maxpacket: 16 [ 504.189094][ T5870] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 504.220688][ T5870] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 504.230503][ T5870] usb 1-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 504.241017][ T5870] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.251742][ T5870] usb 1-1: config 0 descriptor?? [ 504.360108][ T30] kauditd_printk_skb: 128 callbacks suppressed [ 504.360129][ T30] audit: type=1400 audit(1755080629.017:1112): avc: denied { ioctl } for pid=23321 comm="syz.6.7571" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 504.427394][ T30] audit: type=1400 audit(1755080629.087:1113): avc: denied { recv } for pid=23147 comm="syz-executor" saddr=10.128.0.169 src=30006 daddr=10.128.1.50 dest=56340 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 504.452958][ C0] vkms_vblank_simulate: vblank timer overrun [ 504.459699][ T30] audit: type=1400 audit(1755080629.087:1114): avc: denied { read write } for pid=23147 comm="syz-executor" name="loop8" dev="devtmpfs" ino=655 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 504.483945][ C0] vkms_vblank_simulate: vblank timer overrun [ 504.490486][ T30] audit: type=1400 audit(1755080629.087:1115): avc: denied { open } for pid=23147 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=655 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 504.514645][ C0] vkms_vblank_simulate: vblank timer overrun [ 504.520998][ T30] audit: type=1400 audit(1755080629.087:1116): avc: denied { ioctl } for pid=23147 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=655 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 504.546621][ C0] vkms_vblank_simulate: vblank timer overrun [ 504.553844][ T9612] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 504.562203][ T30] audit: type=1400 audit(1755080629.127:1117): avc: denied { prog_load } for pid=23355 comm="syz.8.7586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 504.582645][ T30] audit: type=1400 audit(1755080629.127:1118): avc: denied { bpf } for pid=23355 comm="syz.8.7586" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 504.607762][ T30] audit: type=1400 audit(1755080629.127:1119): avc: denied { perfmon } for pid=23355 comm="syz.8.7586" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 504.636530][ T30] audit: type=1400 audit(1755080629.127:1120): avc: denied { prog_run } for pid=23355 comm="syz.8.7586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 504.661930][ T30] audit: type=1400 audit(1755080629.277:1121): avc: denied { read write } for pid=23357 comm="syz.8.7587" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 504.690343][ T5870] input: HID 05ac:8241 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:05AC:8241.0084/input/input135 [ 504.720784][ T9612] usb 5-1: Using ep0 maxpacket: 8 [ 504.728788][ T9612] usb 5-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 504.740360][ T9612] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.748919][ T9612] usb 5-1: Product: syz [ 504.756556][ T9612] usb 5-1: Manufacturer: syz [ 504.768183][ T5870] appleir 0003:05AC:8241.0084: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.0-1/input0 [ 504.785181][ T9612] usb 5-1: SerialNumber: syz [ 504.793848][ T9612] usb 5-1: config 0 descriptor?? [ 504.801420][ T9612] gspca_main: sq905-2.14.0 probing 2770:9120 [ 505.192568][ T1608] usb 7-1: f81604_read: reg: 100f failed: -EPROTO [ 505.205091][ T1608] usb 7-1: f81604_read: reg: 200f failed: -EPROTO [ 505.214859][ T1608] usb 7-1: USB disconnect, device number 73 [ 505.222368][ T1608] usb 7-1: f81604_read: reg: 100f failed: -ENODEV [ 505.261507][ T9607] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 505.272165][ T1608] usb 7-1: f81604_read: reg: 200f failed: -ENODEV [ 505.412615][ T9607] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 505.423787][ T9607] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 505.432893][ T9607] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.444221][ T9607] usb 9-1: config 0 descriptor?? [ 505.470778][ T5858] Bluetooth: hci1: command tx timeout [ 505.655241][ T9607] usbhid 9-1:0.0: can't add hid device: -71 [ 505.661314][ T9607] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 505.671058][ T9607] usb 9-1: USB disconnect, device number 2 [ 505.828378][ T9612] gspca_sq905: sq905_read_data: usb_control_msg failed (-71) [ 505.839439][ T9612] sq905 5-1:0.0: probe with driver sq905 failed with error -71 [ 505.849792][ T9612] usb 5-1: USB disconnect, device number 92 [ 505.999596][T23385] tls_set_device_offload_rx: netdev not found [ 506.127371][ T5870] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 506.280879][ T8858] usb 7-1: new high-speed USB device number 74 using dummy_hcd [ 506.300737][ T5870] usb 9-1: Using ep0 maxpacket: 32 [ 506.311304][ T5870] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 506.322755][ T5870] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 506.332151][ T5870] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.342653][ T5870] usb 9-1: config 0 descriptor?? [ 506.351878][ T5870] ldusb 9-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 506.366270][ T5870] ldusb 9-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 506.454861][ T8858] usb 7-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30 [ 506.466164][ T8858] usb 7-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1 [ 506.477664][ T8858] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 506.498781][ T8858] usb 7-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101 [ 506.531306][ T9623] usb 1-1: USB disconnect, device number 94 [ 506.541449][ T8858] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 506.556766][ T8858] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.770146][ T9607] usb 9-1: USB disconnect, device number 3 [ 506.778339][ T9607] ldusb 9-1:0.0: LD USB Device #1 now disconnected [ 506.786050][ T8858] ath6kl: Failed to submit usb control message: -71 [ 506.793387][ T8858] ath6kl: unable to send the bmi data to the device: -71 [ 506.800405][ T8858] ath6kl: Unable to send get target info: -71 [ 506.812816][ T8858] ath6kl: Failed to init ath6kl core: -71 [ 506.819106][ T8858] ath6kl_usb 7-1:4.0: probe with driver ath6kl_usb failed with error -71 [ 506.830566][ T8858] usb 7-1: USB disconnect, device number 74 [ 506.880715][ T9623] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 506.900696][ T9620] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 507.050787][ T9623] usb 1-1: Using ep0 maxpacket: 16 [ 507.055978][ T9620] usb 5-1: Using ep0 maxpacket: 32 [ 507.062559][ T9623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 507.073900][ T9620] usb 5-1: unable to get BOS descriptor or descriptor too short [ 507.081621][ T9623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 507.091568][ T9623] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 507.104444][ T9623] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 507.113692][ T9623] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.122116][ T9620] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 507.134455][ T9623] usb 1-1: config 0 descriptor?? [ 507.140959][ T9620] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 507.149993][ T9620] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.159824][ T9620] usb 5-1: Product: syz [ 507.164010][ T9620] usb 5-1: Manufacturer: syz [ 507.168599][ T9620] usb 5-1: SerialNumber: syz [ 507.387409][ T9620] usb 5-1: Limiting number of CPorts to U8_MAX [ 507.407157][ T9620] usb 5-1: Not enough endpoints found in device, aborting! [ 507.553177][ T5858] Bluetooth: hci1: command tx timeout [ 507.567243][ T9623] shield 0003:0955:7214.0085: unknown main item tag 0x0 [ 507.579047][ T9623] shield 0003:0955:7214.0085: unknown main item tag 0x0 [ 507.610669][ T9623] shield 0003:0955:7214.0085: unknown main item tag 0x0 [ 507.629021][ T5870] usb 5-1: USB disconnect, device number 93 [ 507.637148][ T9623] shield 0003:0955:7214.0085: unknown main item tag 0x0 [ 507.654130][ T9623] shield 0003:0955:7214.0085: unknown main item tag 0x0 [ 507.687418][ T9623] input: HID 0955:7214 Haptics as /devices/virtual/input/input136 [ 507.730247][ T9623] shield 0003:0955:7214.0085: Registered Thunderstrike controller [ 507.753280][ T9623] shield 0003:0955:7214.0085: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 507.820966][ T8858] shield 0003:0955:7214.0085: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 507.837290][ T9623] usb 1-1: USB disconnect, device number 95 [ 507.849314][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 507.852785][ T8858] shield 0003:0955:7214.0085: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 507.871027][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 507.885233][ T8858] shield 0003:0955:7214.0085: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 507.900258][ T8858] shield 0003:0955:7214.0085: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 508.180897][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 508.351689][ T9607] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 508.513267][ T9607] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 508.569724][ T9607] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 508.581154][ T9607] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 508.592872][ T9607] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 508.609550][ T9607] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 508.611661][T23449] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7629'. [ 508.618653][ T9607] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.637608][ T9607] usb 9-1: config 0 descriptor?? [ 508.644302][T23431] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 508.692474][ T9623] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 508.750708][ T8858] usb 1-1: new high-speed USB device number 96 using dummy_hcd [ 508.775177][T23453] binder: 23452:23453 ioctl c0306201 200000000c40 returned -22 [ 508.850732][ T9623] usb 5-1: Using ep0 maxpacket: 32 [ 508.858092][ T9623] usb 5-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 508.867702][ T9623] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.878421][ T9623] usb 5-1: config 0 descriptor?? [ 508.886440][ T9623] gspca_main: sq930x-2.14.0 probing 041e:403c [ 508.902327][ T8858] usb 1-1: config 0 has no interfaces? [ 508.911305][ T8858] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 508.920474][ T8858] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.928685][ T8858] usb 1-1: Product: syz [ 508.931732][T23458] netlink: 'syz.6.7633': attribute type 2 has an invalid length. [ 508.933063][ T8858] usb 1-1: Manufacturer: syz [ 508.943275][T23458] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.7633'. [ 508.955195][ T8858] usb 1-1: SerialNumber: syz [ 508.961436][T23458] nbd: must specify a device to reconfigure [ 508.963727][ T8858] usb 1-1: config 0 descriptor?? [ 509.063821][ T9607] plantronics 0003:047F:FFFF.0086: reserved main item tag 0xd [ 509.088789][ T9607] plantronics 0003:047F:FFFF.0086: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 509.090704][ T9623] gspca_sq930x: reg_r 001f failed -71 [ 509.120256][ T9623] sq930x 5-1:0.0: probe with driver sq930x failed with error -71 [ 509.134735][ T9623] usb 5-1: USB disconnect, device number 94 [ 509.238410][ T6996] tipc: Subscription rejected, illegal request [ 509.254494][ T9607] usb 1-1: USB disconnect, device number 96 [ 509.382459][ T9609] usb 9-1: USB disconnect, device number 4 [ 509.691026][ T30] kauditd_printk_skb: 93 callbacks suppressed [ 509.691043][ T30] audit: type=1400 audit(1755080634.347:1215): avc: denied { mount } for pid=23477 comm="syz.4.7642" name="/" dev="ramfs" ino=106906 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 509.719632][ C1] vkms_vblank_simulate: vblank timer overrun [ 509.775726][ T30] audit: type=1400 audit(1755080634.437:1216): avc: denied { create } for pid=23481 comm="syz.4.7644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 509.801521][ T30] audit: type=1400 audit(1755080634.447:1217): avc: denied { write } for pid=23481 comm="syz.4.7644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 509.938835][ T30] audit: type=1400 audit(1755080634.597:1218): avc: denied { create } for pid=23490 comm="syz.8.7648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 509.968872][ T30] audit: type=1400 audit(1755080634.617:1219): avc: denied { ioctl } for pid=23490 comm="syz.8.7648" path="socket:[106046]" dev="sockfs" ino=106046 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 510.015883][ T30] audit: type=1400 audit(1755080634.677:1220): avc: denied { bind } for pid=23494 comm="syz.8.7650" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 510.035683][ T30] audit: type=1400 audit(1755080634.677:1221): avc: denied { node_bind } for pid=23494 comm="syz.8.7650" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 510.275435][ T30] audit: type=1400 audit(1755080634.937:1222): avc: denied { mount } for pid=23499 comm="syz.6.7653" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 510.303304][ T9609] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 510.349704][ T30] audit: type=1400 audit(1755080635.007:1223): avc: denied { unmount } for pid=11861 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 510.400060][ T30] audit: type=1400 audit(1755080635.037:1224): avc: denied { create } for pid=23503 comm="syz.7.7654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 510.502154][ T9609] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 510.520288][ T9609] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 510.553736][ T9609] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 510.564544][ T9609] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.577940][ T9609] usb 9-1: Product: syz [ 510.588101][ T9609] usb 9-1: Manufacturer: syz [ 510.602578][ T9609] usb 9-1: SerialNumber: syz [ 510.619855][ T9609] cdc_mbim 9-1:1.0: skipping garbage [ 510.657666][T23512] netlink: 36 bytes leftover after parsing attributes in process `syz.6.7658'. [ 510.833119][T23497] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 511.440935][ T9623] usb 7-1: new high-speed USB device number 75 using dummy_hcd [ 511.480554][T23497] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 511.488626][ T9609] cdc_mbim 9-1:1.0: setting rx_max = 16384 [ 511.500713][ T9607] usb 1-1: new high-speed USB device number 97 using dummy_hcd [ 511.610639][ T9623] usb 7-1: Using ep0 maxpacket: 8 [ 511.616903][ T9623] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 511.625328][ T9623] usb 7-1: config 179 has no interface number 0 [ 511.631612][ T9623] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 511.642905][ T9623] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 511.654147][ T9623] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 511.665567][ T9623] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 511.677033][ T9623] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 511.690297][ T9623] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 511.700400][ T9607] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 511.701247][ T9623] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.719559][ T9609] cdc_mbim 9-1:1.0: setting tx_max = 16384 [ 511.724253][T23536] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 511.726368][ T9607] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 511.742683][ T9609] cdc_mbim 9-1:1.0: cdc-wdm0: USB WDM device [ 511.752771][ T9607] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 511.762713][ T9609] wwan wwan0: port wwan0mbim0 attached [ 511.773598][ T9609] cdc_mbim 9-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.8-1, CDC MBIM, d2:30:ec:33:11:8a [ 511.784115][ T9607] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.796908][ T9607] usb 1-1: config 0 descriptor?? [ 511.802115][ T9609] usb 9-1: USB disconnect, device number 5 [ 511.808858][ T9609] cdc_mbim 9-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.8-1, CDC MBIM [ 511.873577][ T9609] wwan wwan0: port wwan0mbim0 disconnected [ 511.944598][ T9623] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input138 [ 512.148060][T23536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 512.157985][T23536] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 512.233986][ T9607] hid-led 0003:0FC5:B080.0087: unknown main item tag 0x0 [ 512.241185][ T9607] hid-led 0003:0FC5:B080.0087: unknown main item tag 0x0 [ 512.248221][ T9607] hid-led 0003:0FC5:B080.0087: unknown main item tag 0x0 [ 512.369967][ C1] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 512.369973][ T9609] usb 7-1: USB disconnect, device number 75 [ 512.370094][ C1] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 512.700752][ T1608] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 512.847787][ T9623] usb 1-1: USB disconnect, device number 97 [ 512.860675][ T1608] usb 9-1: Using ep0 maxpacket: 16 [ 512.867444][ T1608] usb 9-1: config 0 has an invalid interface number: 214 but max is 0 [ 512.875694][ T1608] usb 9-1: config 0 has no interface number 0 [ 512.881956][ T1608] usb 9-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 512.894977][ T1608] usb 9-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 512.904360][ T1608] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.912771][ T1608] usb 9-1: Product: syz [ 512.917097][ T1608] usb 9-1: Manufacturer: syz [ 512.921809][ T1608] usb 9-1: SerialNumber: syz [ 512.928473][ T1608] usb 9-1: config 0 descriptor?? [ 513.141014][ T1608] usbtouchscreen 9-1:0.214: Failed to read FW rev: -32 [ 513.165832][ T1608] usbtouchscreen 9-1:0.214: probe with driver usbtouchscreen failed with error -32 [ 513.188816][ T1608] usb 9-1: USB disconnect, device number 6 [ 513.470719][ T9620] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 513.620702][ T9623] usb 1-1: new high-speed USB device number 98 using dummy_hcd [ 513.650763][ T9620] usb 5-1: Using ep0 maxpacket: 32 [ 513.657556][ T9620] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 513.669535][ T9620] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 513.678864][ T9620] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 513.687382][ T9620] usb 5-1: Product: syz [ 513.692194][ T9620] usb 5-1: Manufacturer: syz [ 513.696849][ T9620] usb 5-1: SerialNumber: syz [ 513.704479][ T9620] usb 5-1: config 0 descriptor?? [ 513.710805][T23575] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 513.774131][ T9623] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 513.785057][ T9623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 513.797316][ T9623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 513.810041][ T9623] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 513.827282][ T9623] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 513.836571][ T9623] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 513.848348][ T9623] usb 1-1: Manufacturer: syz [ 513.854974][ T9623] usb 1-1: config 0 descriptor?? [ 513.968836][ T1608] usb 5-1: USB disconnect, device number 95 [ 514.006210][T23595] netlink: 96 bytes leftover after parsing attributes in process `syz.8.7697'. [ 514.272827][ T9623] appleir 0003:05AC:8243.0088: unknown main item tag 0x0 [ 514.289594][ T9623] appleir 0003:05AC:8243.0088: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 514.522433][T23607] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7701'. [ 514.718978][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 514.719000][ T30] audit: type=1400 audit(1755080639.377:1250): avc: denied { read write } for pid=23616 comm="syz.4.7706" name="vhost-vsock" dev="devtmpfs" ino=1275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 514.749765][ C1] vkms_vblank_simulate: vblank timer overrun [ 514.758669][ T30] audit: type=1400 audit(1755080639.377:1251): avc: denied { open } for pid=23616 comm="syz.4.7706" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 514.783926][ T30] audit: type=1400 audit(1755080639.377:1252): avc: denied { ioctl } for pid=23616 comm="syz.4.7706" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 514.810287][ T30] audit: type=1400 audit(1755080639.467:1253): avc: denied { create } for pid=23619 comm="syz.4.7707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 514.832757][ T30] audit: type=1400 audit(1755080639.467:1254): avc: denied { connect } for pid=23619 comm="syz.4.7707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 514.882772][ T30] audit: type=1400 audit(1755080639.547:1255): avc: denied { load_policy } for pid=23621 comm="syz.4.7708" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 514.885796][T23622] SELinux: failed to load policy [ 514.999034][ T30] audit: type=1400 audit(1755080639.657:1256): avc: denied { name_bind } for pid=23629 comm="syz.6.7711" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 515.148553][ T30] audit: type=1400 audit(1755080639.807:1257): avc: denied { read write } for pid=23639 comm="syz.8.7714" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 515.171939][ C1] vkms_vblank_simulate: vblank timer overrun [ 515.178422][ T30] audit: type=1400 audit(1755080639.807:1258): avc: denied { open } for pid=23639 comm="syz.8.7714" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 515.205226][ T30] audit: type=1400 audit(1755080639.817:1259): avc: denied { mount } for pid=23639 comm="syz.8.7714" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 515.360768][ T9620] usb 7-1: new high-speed USB device number 76 using dummy_hcd [ 515.511952][ T9620] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 515.522092][ T9620] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 515.533955][ T9620] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 515.546305][ T9620] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 515.555424][ T9620] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.563419][ T9620] usb 7-1: Product: syz [ 515.567576][ T9620] usb 7-1: Manufacturer: syz [ 515.572210][ T9620] usb 7-1: SerialNumber: syz [ 515.578226][ T9620] usb 7-1: config 0 descriptor?? [ 515.583788][T23638] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 515.591361][T23638] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 515.599353][ T9620] usb 7-1: ucan: probing device on interface #0 [ 516.212395][ T9620] ucan 7-1:0.0 can0: registered device [ 516.408209][ T9620] ucan 7-1:0.0 can0: firmware string: '" [ 516.450701][ T9609] usb 1-1: reset high-speed USB device number 98 using dummy_hcd [ 516.463718][ T9609] usb 1-1: device reset changed ep0 maxpacket size! [ 516.472833][ T1608] usb 1-1: USB disconnect, device number 98 [ 516.613047][ T1608] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 516.635260][ T9609] usb 7-1: USB disconnect, device number 76 [ 516.770898][ T1608] usb 1-1: Using ep0 maxpacket: 8 [ 516.777908][ T1608] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 516.789078][ T1608] usb 1-1: config 0 has no interface number 0 [ 516.795454][ T1608] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 516.809407][ T1608] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 516.818894][ T1608] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.834309][ T1608] usb 1-1: config 0 descriptor?? [ 516.843127][ T1608] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 517.048745][ T1608] usb 1-1: USB disconnect, device number 99 [ 517.226812][T23694] netlink: 28 bytes leftover after parsing attributes in process `syz.6.7739'. [ 517.235949][T23694] netlink: 'syz.6.7739': attribute type 7 has an invalid length. [ 517.243873][T23694] netlink: 'syz.6.7739': attribute type 8 has an invalid length. [ 517.252020][T23694] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7739'. [ 518.020684][ T9609] usb 7-1: new high-speed USB device number 77 using dummy_hcd [ 518.110812][ T5858] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 518.117761][ T5845] Bluetooth: hci5: command 0x1003 tx timeout [ 518.170865][ T9609] usb 7-1: Using ep0 maxpacket: 32 [ 518.187710][ T9609] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 518.203928][ T9609] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 518.213835][ T9609] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 518.226029][ T9609] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.241511][ T9609] usb 7-1: config 0 descriptor?? [ 518.384487][ T9623] libceph: connect (1)[c::]:6789 error -22 [ 518.391990][ T9623] libceph: mon0 (1)[c::]:6789 connect error [ 518.400148][ T9623] libceph: connect (1)[c::]:6789 error -22 [ 518.406230][ T9623] libceph: mon0 (1)[c::]:6789 connect error [ 518.652313][ T9609] ft260 0003:0403:6030.0089: unknown main item tag 0x7 [ 518.674161][ T9623] libceph: connect (1)[c::]:6789 error -22 [ 518.690708][ T9623] libceph: mon0 (1)[c::]:6789 connect error [ 518.708533][T23739] vlan2: entered allmulticast mode [ 518.715516][T23739] dummy0: entered allmulticast mode [ 518.859654][ T9609] ft260 0003:0403:6030.0089: chip code: 6424 8183 [ 518.874165][T23745] kvm: MWAIT instruction emulated as NOP! [ 518.975698][T23748] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 519.060258][ T9609] ft260 0003:0403:6030.0089: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.6-1/input0 [ 519.204712][T23733] ceph: No mds server is up or the cluster is laggy [ 519.221496][ T9620] libceph: connect (1)[c::]:6789 error -22 [ 519.227739][ T9620] libceph: mon0 (1)[c::]:6789 connect error [ 519.245395][T23757] [ 519.247741][T23757] ===================================================== [ 519.254658][T23757] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 519.262098][T23757] 6.16.0-syzkaller-12288-g2b38afce25c4 #0 Not tainted [ 519.268836][T23757] ----------------------------------------------------- [ 519.275741][T23757] syz.8.7766/23757 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 519.283436][T23757] ffff88807e7f2a98 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 519.292142][T23757] [ 519.292142][T23757] and this task is already holding: [ 519.299483][T23757] ffff888063f41028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 519.309294][T23757] which would create a new lock dependency: [ 519.315162][T23757] (&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 519.323233][T23757] [ 519.323233][T23757] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 519.332655][T23757] (&client->buffer_lock){..-.}-{3:3} [ 519.332676][T23757] [ 519.332676][T23757] ... which became SOFTIRQ-irq-safe at: [ 519.345700][T23757] lock_acquire+0x179/0x350 [ 519.350279][T23757] _raw_spin_lock+0x2e/0x40 [ 519.354874][T23757] evdev_pass_values+0x10e/0x9b0 [ 519.359881][T23757] evdev_events+0x1bb/0x390 [ 519.364454][T23757] input_pass_values+0x74e/0x880 [ 519.369458][T23757] input_handle_event+0xb29/0x14d0 [ 519.374638][T23757] input_event+0x8e/0xd0 [ 519.378946][T23757] hidinput_hid_event+0x1d55/0x2420 [ 519.384208][T23757] hid_process_event+0x4b7/0x5e0 [ 519.389214][T23757] hid_report_raw_event+0xa0a/0x1290 [ 519.394566][T23757] __hid_input_report.constprop.0+0x33f/0x450 [ 519.400708][T23757] hid_irq_in+0x35e/0x870 [ 519.405105][T23757] __usb_hcd_giveback_urb+0x38d/0x6e0 [ 519.410544][T23757] usb_hcd_giveback_urb+0x39b/0x450 [ 519.415810][T23757] dummy_timer+0x1814/0x3a30 [ 519.420462][T23757] __hrtimer_run_queues+0x202/0xad0 [ 519.425726][T23757] hrtimer_run_softirq+0x17d/0x350 [ 519.430905][T23757] handle_softirqs+0x216/0x8e0 [ 519.435741][T23757] __irq_exit_rcu+0x109/0x170 [ 519.440501][T23757] irq_exit_rcu+0x9/0x30 [ 519.444822][T23757] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 519.450544][T23757] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 519.456603][T23757] finish_task_switch.isra.0+0x22a/0xc10 [ 519.462307][T23757] __schedule+0x1198/0x5de0 [ 519.466881][T23757] schedule_idle+0x5c/0x90 [ 519.471367][T23757] do_idle+0x2b6/0x510 [ 519.475499][T23757] cpu_startup_entry+0x4f/0x60 [ 519.480326][T23757] rest_init+0x16b/0x2b0 [ 519.484631][T23757] start_kernel+0x3ee/0x4d0 [ 519.489205][T23757] x86_64_start_reservations+0x18/0x30 [ 519.494734][T23757] x86_64_start_kernel+0x130/0x190 [ 519.499922][T23757] common_startup_64+0x13e/0x148 [ 519.504925][T23757] [ 519.504925][T23757] to a SOFTIRQ-irq-unsafe lock: [ 519.511918][T23757] (tasklist_lock){.+.+}-{3:3} [ 519.511938][T23757] [ 519.511938][T23757] ... which became SOFTIRQ-irq-unsafe at: [ 519.524528][T23757] ... [ 519.524534][T23757] lock_acquire+0x179/0x350 [ 519.531659][T23757] _raw_read_lock+0x5f/0x70 [ 519.536237][T23757] __do_wait+0x105/0x890 [ 519.540550][T23757] do_wait+0x21e/0x5a0 [ 519.544689][T23757] kernel_wait+0x9f/0x160 [ 519.549078][T23757] call_usermodehelper_exec_work+0xf1/0x170 [ 519.555038][T23757] process_one_work+0x9cc/0x1b70 [ 519.560040][T23757] worker_thread+0x6c8/0xf10 [ 519.564695][T23757] kthread+0x3c5/0x780 [ 519.568825][T23757] ret_from_fork+0x5d7/0x6f0 [ 519.573476][T23757] ret_from_fork_asm+0x1a/0x30 [ 519.578307][T23757] [ 519.578307][T23757] other info that might help us debug this: [ 519.578307][T23757] [ 519.588508][T23757] Chain exists of: [ 519.588508][T23757] &client->buffer_lock --> &new->fa_lock --> tasklist_lock [ 519.588508][T23757] [ 519.601604][T23757] Possible interrupt unsafe locking scenario: [ 519.601604][T23757] [ 519.609895][T23757] CPU0 CPU1 [ 519.615236][T23757] ---- ---- [ 519.620574][T23757] lock(tasklist_lock); [ 519.624799][T23757] local_irq_disable(); [ 519.631526][T23757] lock(&client->buffer_lock); [ 519.638871][T23757] lock(&new->fa_lock); [ 519.645608][T23757] [ 519.649037][T23757] lock(&client->buffer_lock); [ 519.654041][T23757] [ 519.654041][T23757] *** DEADLOCK *** [ 519.654041][T23757] [ 519.662170][T23757] 7 locks held by syz.8.7766/23757: [ 519.667340][T23757] #0: ffff88802b038118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x206/0x750 [ 519.676455][T23757] #1: ffff88801fb75230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 519.686527][T23757] #2: ffffffff8e5c11e0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 519.696173][T23757] #3: ffffffff8e5c11e0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 519.705716][T23757] #4: ffffffff8e5c11e0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 519.714826][T23757] #5: ffff888063f41028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 519.725066][T23757] #6: ffffffff8e5c11e0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 519.734090][T23757] [ 519.734090][T23757] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 519.744468][T23757] -> (&client->buffer_lock){..-.}-{3:3} { [ 519.750174][T23757] IN-SOFTIRQ-W at: [ 519.754128][T23757] lock_acquire+0x179/0x350 [ 519.760266][T23757] _raw_spin_lock+0x2e/0x40 [ 519.766398][T23757] evdev_pass_values+0x10e/0x9b0 [ 519.772981][T23757] evdev_events+0x1bb/0x390 [ 519.779112][T23757] input_pass_values+0x74e/0x880 [ 519.785678][T23757] input_handle_event+0xb29/0x14d0 [ 519.792419][T23757] input_event+0x8e/0xd0 [ 519.798292][T23757] hidinput_hid_event+0x1d55/0x2420 [ 519.805120][T23757] hid_process_event+0x4b7/0x5e0 [ 519.811693][T23757] hid_report_raw_event+0xa0a/0x1290 [ 519.818608][T23757] __hid_input_report.constprop.0+0x33f/0x450 [ 519.826307][T23757] hid_irq_in+0x35e/0x870 [ 519.832267][T23757] __usb_hcd_giveback_urb+0x38d/0x6e0 [ 519.839281][T23757] usb_hcd_giveback_urb+0x39b/0x450 [ 519.846109][T23757] dummy_timer+0x1814/0x3a30 [ 519.852325][T23757] __hrtimer_run_queues+0x202/0xad0 [ 519.859154][T23757] hrtimer_run_softirq+0x17d/0x350 [ 519.865892][T23757] handle_softirqs+0x216/0x8e0 [ 519.872286][T23757] __irq_exit_rcu+0x109/0x170 [ 519.878591][T23757] irq_exit_rcu+0x9/0x30 [ 519.884463][T23757] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 519.891731][T23757] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 519.899339][T23757] finish_task_switch.isra.0+0x22a/0xc10 [ 519.906600][T23757] __schedule+0x1198/0x5de0 [ 519.912735][T23757] schedule_idle+0x5c/0x90 [ 519.918785][T23757] do_idle+0x2b6/0x510 [ 519.924482][T23757] cpu_startup_entry+0x4f/0x60 [ 519.930873][T23757] rest_init+0x16b/0x2b0 [ 519.936745][T23757] start_kernel+0x3ee/0x4d0 [ 519.942882][T23757] x86_64_start_reservations+0x18/0x30 [ 519.949972][T23757] x86_64_start_kernel+0x130/0x190 [ 519.956714][T23757] common_startup_64+0x13e/0x148 [ 519.963279][T23757] INITIAL USE at: [ 519.967147][T23757] lock_acquire+0x179/0x350 [ 519.973195][T23757] _raw_spin_lock+0x2e/0x40 [ 519.979243][T23757] evdev_pass_values+0x10e/0x9b0 [ 519.985722][T23757] evdev_events+0x1bb/0x390 [ 519.991766][T23757] input_pass_values+0x74e/0x880 [ 519.998245][T23757] input_handle_event+0xf00/0x14d0 [ 520.004900][T23757] input_inject_event+0x1e8/0x3b0 [ 520.011468][T23757] evdev_write+0x457/0x750 [ 520.017429][T23757] vfs_write+0x29d/0x11d0 [ 520.023297][T23757] ksys_write+0x1f8/0x250 [ 520.029166][T23757] do_syscall_64+0xcd/0x4c0 [ 520.035208][T23757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.042639][T23757] } [ 520.045113][T23757] ... key at: [] __key.1+0x0/0x40 [ 520.052199][T23757] [ 520.052199][T23757] the dependencies between the lock to be acquired [ 520.052205][T23757] and SOFTIRQ-irq-unsafe lock: [ 520.065664][T23757] -> (tasklist_lock){.+.+}-{3:3} { [ 520.070942][T23757] HARDIRQ-ON-R at: [ 520.075072][T23757] lock_acquire+0x179/0x350 [ 520.081561][T23757] _raw_read_lock+0x5f/0x70 [ 520.088059][T23757] __do_wait+0x105/0x890 [ 520.094290][T23757] do_wait+0x21e/0x5a0 [ 520.100351][T23757] kernel_wait+0x9f/0x160 [ 520.106666][T23757] call_usermodehelper_exec_work+0xf1/0x170 [ 520.114542][T23757] process_one_work+0x9cc/0x1b70 [ 520.121455][T23757] worker_thread+0x6c8/0xf10 [ 520.128018][T23757] kthread+0x3c5/0x780 [ 520.134059][T23757] ret_from_fork+0x5d7/0x6f0 [ 520.140621][T23757] ret_from_fork_asm+0x1a/0x30 [ 520.147378][T23757] SOFTIRQ-ON-R at: [ 520.151517][T23757] lock_acquire+0x179/0x350 [ 520.158011][T23757] _raw_read_lock+0x5f/0x70 [ 520.164498][T23757] __do_wait+0x105/0x890 [ 520.170726][T23757] do_wait+0x21e/0x5a0 [ 520.176781][T23757] kernel_wait+0x9f/0x160 [ 520.183085][T23757] call_usermodehelper_exec_work+0xf1/0x170 [ 520.190957][T23757] process_one_work+0x9cc/0x1b70 [ 520.197872][T23757] worker_thread+0x6c8/0xf10 [ 520.204441][T23757] kthread+0x3c5/0x780 [ 520.210482][T23757] ret_from_fork+0x5d7/0x6f0 [ 520.217050][T23757] ret_from_fork_asm+0x1a/0x30 [ 520.223796][T23757] INITIAL USE at: [ 520.227839][T23757] lock_acquire+0x179/0x350 [ 520.234234][T23757] _raw_write_lock_irq+0x36/0x50 [ 520.241075][T23757] copy_process+0x4caf/0x7690 [ 520.247644][T23757] kernel_clone+0xfc/0x930 [ 520.253952][T23757] user_mode_thread+0xc7/0x110 [ 520.260605][T23757] rest_init+0x23/0x2b0 [ 520.266652][T23757] start_kernel+0x3ee/0x4d0 [ 520.273049][T23757] x86_64_start_reservations+0x18/0x30 [ 520.280400][T23757] x86_64_start_kernel+0x130/0x190 [ 520.287404][T23757] common_startup_64+0x13e/0x148 [ 520.294230][T23757] INITIAL READ USE at: [ 520.298705][T23757] lock_acquire+0x179/0x350 [ 520.305546][T23757] _raw_read_lock+0x5f/0x70 [ 520.312378][T23757] __do_wait+0x105/0x890 [ 520.318962][T23757] do_wait+0x21e/0x5a0 [ 520.325357][T23757] kernel_wait+0x9f/0x160 [ 520.332006][T23757] call_usermodehelper_exec_work+0xf1/0x170 [ 520.340224][T23757] process_one_work+0x9cc/0x1b70 [ 520.347481][T23757] worker_thread+0x6c8/0xf10 [ 520.354406][T23757] kthread+0x3c5/0x780 [ 520.360795][T23757] ret_from_fork+0x5d7/0x6f0 [ 520.367706][T23757] ret_from_fork_asm+0x1a/0x30 [ 520.374792][T23757] } [ 520.377438][T23757] ... key at: [] tasklist_lock+0x18/0x40 [ 520.385306][T23757] ... acquired at: [ 520.389257][T23757] _raw_read_lock+0x5f/0x70 [ 520.393918][T23757] send_sigurg+0xed/0xc80 [ 520.398406][T23757] sk_send_sigurg+0x76/0x360 [ 520.403153][T23757] unix_stream_sendmsg+0xfa5/0x1340 [ 520.408501][T23757] ____sys_sendmsg+0xa98/0xc70 [ 520.413415][T23757] ___sys_sendmsg+0x134/0x1d0 [ 520.418256][T23757] __sys_sendmmsg+0x200/0x420 [ 520.423084][T23757] __x64_sys_sendmmsg+0x9c/0x100 [ 520.428171][T23757] do_syscall_64+0xcd/0x4c0 [ 520.432825][T23757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.438883][T23757] [ 520.441181][T23757] -> (&f_owner->lock){....}-{3:3} { [ 520.446457][T23757] INITIAL USE at: [ 520.450411][T23757] lock_acquire+0x179/0x350 [ 520.456634][T23757] _raw_write_lock_irq+0x36/0x50 [ 520.463300][T23757] __f_setown+0x61/0x3c0 [ 520.469261][T23757] fcntl_dirnotify+0x7b1/0xb60 [ 520.475743][T23757] do_fcntl+0xe62/0x15a0 [ 520.481702][T23757] __x64_sys_fcntl+0x163/0x200 [ 520.488181][T23757] do_syscall_64+0xcd/0x4c0 [ 520.494396][T23757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.502005][T23757] INITIAL READ USE at: [ 520.506393][T23757] lock_acquire+0x179/0x350 [ 520.513050][T23757] _raw_read_lock_irqsave+0x74/0x90 [ 520.520403][T23757] send_sigio+0x31/0x3e0 [ 520.526798][T23757] dnotify_handle_event+0x15e/0x2b0 [ 520.534147][T23757] fsnotify_handle_inode_event.isra.0+0x1e2/0x3f0 [ 520.542708][T23757] fsnotify+0x13d6/0x1dc0 [ 520.549185][T23757] vfs_mkdir+0x71d/0x8c0 [ 520.555584][T23757] do_mkdirat+0x304/0x3e0 [ 520.562067][T23757] __x64_sys_mkdirat+0x83/0xb0 [ 520.568979][T23757] do_syscall_64+0xcd/0x4c0 [ 520.575629][T23757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.583668][T23757] } [ 520.586230][T23757] ... key at: [] __key.1+0x0/0x40 [ 520.593401][T23757] ... acquired at: [ 520.597265][T23757] _raw_read_lock_irqsave+0x74/0x90 [ 520.602619][T23757] send_sigio+0x31/0x3e0 [ 520.607018][T23757] kill_fasync+0x214/0x510 [ 520.611589][T23757] lease_break_callback+0x23/0x30 [ 520.616768][T23757] __break_lease+0x674/0x1810 [ 520.621593][T23757] do_dentry_open+0x91f/0x1530 [ 520.626507][T23757] vfs_open+0x82/0x3f0 [ 520.630726][T23757] path_openat+0x1de4/0x2cb0 [ 520.635466][T23757] do_filp_open+0x20b/0x470 [ 520.640118][T23757] do_sys_openat2+0x11b/0x1d0 [ 520.644952][T23757] __x64_sys_open+0x153/0x1e0 [ 520.649782][T23757] do_syscall_64+0xcd/0x4c0 [ 520.654441][T23757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.660486][T23757] [ 520.662784][T23757] -> (&new->fa_lock){....}-{3:3} { [ 520.667897][T23757] INITIAL USE at: [ 520.671768][T23757] lock_acquire+0x179/0x350 [ 520.677816][T23757] _raw_write_lock_irq+0x36/0x50 [ 520.684298][T23757] fasync_remove_entry+0xb2/0x1e0 [ 520.690865][T23757] fasync_helper+0xaf/0xd0 [ 520.696827][T23757] sock_fasync+0x92/0x140 [ 520.702696][T23757] __fput+0x968/0xb70 [ 520.708220][T23757] task_work_run+0x150/0x240 [ 520.714350][T23757] exit_to_user_mode_loop+0xeb/0x110 [ 520.721175][T23757] do_syscall_64+0x3f6/0x4c0 [ 520.727316][T23757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.734748][T23757] INITIAL READ USE at: [ 520.739052][T23757] lock_acquire+0x179/0x350 [ 520.745536][T23757] _raw_read_lock_irqsave+0x74/0x90 [ 520.752712][T23757] kill_fasync+0x138/0x510 [ 520.759109][T23757] sock_wake_async+0x132/0x160 [ 520.765847][T23757] mptcp_close_wake_up+0x2eb/0x600 [ 520.772937][T23757] __mptcp_close_ssk+0xd54/0x14d0 [ 520.779941][T23757] mptcp_destroy_common+0x65a/0xaf0 [ 520.787118][T23757] mptcp_disconnect+0x228/0x870 [ 520.793940][T23757] inet_shutdown+0x26c/0x440 [ 520.800511][T23757] __sys_shutdown+0x116/0x1b0 [ 520.807159][T23757] __x64_sys_shutdown+0x53/0x80 [ 520.813982][T23757] do_syscall_64+0xcd/0x4c0 [ 520.820458][T23757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.828325][T23757] } [ 520.830798][T23757] ... key at: [] __key.0+0x0/0x40 [ 520.837883][T23757] ... acquired at: [ 520.841659][T23757] lock_acquire+0x179/0x350 [ 520.846318][T23757] _raw_read_lock_irqsave+0x74/0x90 [ 520.851674][T23757] kill_fasync+0x138/0x510 [ 520.856247][T23757] evdev_pass_values+0x619/0x9b0 [ 520.861338][T23757] evdev_events+0x1bb/0x390 [ 520.865993][T23757] input_pass_values+0x74e/0x880 [ 520.871086][T23757] input_handle_event+0xf00/0x14d0 [ 520.876351][T23757] input_inject_event+0x1e8/0x3b0 [ 520.881528][T23757] evdev_write+0x457/0x750 [ 520.886097][T23757] vfs_write+0x29d/0x11d0 [ 520.890576][T23757] ksys_write+0x1f8/0x250 [ 520.895060][T23757] do_syscall_64+0xcd/0x4c0 [ 520.899714][T23757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.905757][T23757] [ 520.908058][T23757] [ 520.908058][T23757] stack backtrace: [ 520.913927][T23757] CPU: 0 UID: 0 PID: 23757 Comm: syz.8.7766 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(full) [ 520.913946][T23757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 520.913955][T23757] Call Trace: [ 520.913960][T23757] [ 520.913965][T23757] dump_stack_lvl+0x116/0x1f0 [ 520.913979][T23757] check_irq_usage+0x7dc/0x920 [ 520.914000][T23757] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 520.914019][T23757] ? check_path.constprop.0+0x24/0x50 [ 520.914041][T23757] ? __lock_acquire+0x12bc/0x1ce0 [ 520.914061][T23757] __lock_acquire+0x12bc/0x1ce0 [ 520.914085][T23757] lock_acquire+0x179/0x350 [ 520.914105][T23757] ? kill_fasync+0x138/0x510 [ 520.914125][T23757] _raw_read_lock_irqsave+0x74/0x90 [ 520.914146][T23757] ? kill_fasync+0x138/0x510 [ 520.914164][T23757] kill_fasync+0x138/0x510 [ 520.914183][T23757] evdev_pass_values+0x619/0x9b0 [ 520.914203][T23757] evdev_events+0x1bb/0x390 [ 520.914221][T23757] input_pass_values+0x74e/0x880 [ 520.914239][T23757] input_handle_event+0xf00/0x14d0 [ 520.914256][T23757] ? _copy_from_user+0x59/0xd0 [ 520.914276][T23757] input_inject_event+0x1e8/0x3b0 [ 520.914294][T23757] evdev_write+0x457/0x750 [ 520.914313][T23757] ? __pfx_evdev_write+0x10/0x10 [ 520.914332][T23757] ? bpf_lsm_file_permission+0x9/0x10 [ 520.914350][T23757] ? security_file_permission+0x71/0x210 [ 520.914371][T23757] ? rw_verify_area+0xcf/0x6c0 [ 520.914392][T23757] ? __pfx_evdev_write+0x10/0x10 [ 520.914409][T23757] vfs_write+0x29d/0x11d0 [ 520.914424][T23757] ? __pfx_vfs_write+0x10/0x10 [ 520.914436][T23757] ? find_held_lock+0x2b/0x80 [ 520.914452][T23757] ? __fget_files+0x204/0x3c0 [ 520.914468][T23757] ? __fget_files+0x20e/0x3c0 [ 520.914485][T23757] ksys_write+0x1f8/0x250 [ 520.914498][T23757] ? __pfx_ksys_write+0x10/0x10 [ 520.914514][T23757] do_syscall_64+0xcd/0x4c0 [ 520.914528][T23757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.914541][T23757] RIP: 0033:0x7f4bc5b8ebe9 [ 520.914553][T23757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 520.914567][T23757] RSP: 002b:00007f4bc6ad5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 520.914581][T23757] RAX: ffffffffffffffda RBX: 00007f4bc5db5fa0 RCX: 00007f4bc5b8ebe9 [ 520.914590][T23757] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004 [ 520.914598][T23757] RBP: 00007f4bc5c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 520.914607][T23757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 520.914615][T23757] R13: 00007f4bc5db6038 R14: 00007f4bc5db5fa0 R15: 00007ffc7c682ff8 [ 520.914628][T23757] [ 521.215992][ T9609] ft260 0003:0403:6030.0089: failed to retrieve status: -71, no wakeup [ 521.226507][ T9609] ft260 0003:0403:6030.0089: failed to retrieve status: -71 [ 521.235398][ T9609] ft260 0003:0403:6030.0089: failed to reset I2C controller: -71 [ 521.246545][ T9609] usb 7-1: USB disconnect, device number 77 [ 526.591394][ T9605] usb 4-1: [UEAGLE-ATM] firmware is not available