last executing test programs: 5.883487848s ago: executing program 2 (id=356): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000002740)={'vlan0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000280)="f4416e", 0x3, 0x0, &(0x7f0000002780)={0x11, 0x0, r3, 0x1, 0x4, 0x6, @broadcast}, 0x14) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000000)=0x0) setuid(r4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x4, 0x0, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x2, 0x13, 0x40, 0x9, 0x2, 0x0, 0x70bd2d, 0x25dfdbfd}, 0x10}}, 0x8010) 5.883376308s ago: executing program 2 (id=357): sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)=@id={0x1e, 0x3, 0x2, {0x4e22, 0x2}}, 0x10, 0x0}, 0x10) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0xa4}, 0x1, 0x0, 0x0, 0x8004}, 0x0) r0 = socket(0x10, 0x803, 0x0) recvmsg(r0, &(0x7f0000000400)={&(0x7f0000000000)=@l2tp={0x2, 0x0, @initdev}, 0x80, 0x0}, 0x142) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/64, 0xd}, {&(0x7f0000000200)=""/77, 0x9c}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/6, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) 5.876840908s ago: executing program 2 (id=358): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x181100, 0x0) read$rfkill(r0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x84082, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x79, 0x0, 0x1}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_test', 0x1a1081, 0x18) write$khugepaged_scan(r1, &(0x7f0000000000), 0x8) ioctl$KVM_CAP_HYPERV_SYNIC(r1, 0x4068aea3, &(0x7f00000002c0)) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c7, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x3, 0xf000, 0x1000, &(0x7f0000001000/0x1000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x7f, 0x7ffc0002}]}) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r4, 0x400455c8, 0x0) ioctl$PIO_UNIMAPCLR(r4, 0x4b68, &(0x7f00000000c0)={0x8, 0x4, 0x9}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x40) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x42) symlink(&(0x7f0000000040)='.\x00', 0x0) ioctl$TIOCGSOFTCAR(r4, 0x5419, &(0x7f0000000100)) ioctl$TCXONC(r4, 0x540a, 0x0) 3.813052297s ago: executing program 2 (id=381): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x0, 0x2, 0x1b9, 0x7fffffff}) fcntl$lock(r0, 0x6, &(0x7f0000000180)={0x2, 0x1, 0x5, 0x80000001}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000380)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"}) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0) r2 = eventfd2(0x9, 0x800) r3 = signalfd4(r1, &(0x7f0000000040)={[0x100]}, 0x8, 0x80800) dup3(r2, r3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="1f043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/pm_async', 0x1, 0x0) write$cgroup_pid(r5, &(0x7f00000004c0)=0xffffffffffffffff, 0x12) 3.315383367s ago: executing program 0 (id=389): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x800, 0x0) syz_io_uring_setup(0x1e72, &(0x7f00000000c0)={0x0, 0x5e03, 0x4, 0x3, 0x186}, 0x0, 0x0) ioctl$HIDIOCGFIELDINFO(0xffffffffffffffff, 0xc038480a, 0x0) mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0x5, 0xd) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000000)=@ccm_128={{0x304}, "f56b34d8c70e8da2", "732250070080000000000000fcffffff", "d1bb2f83", "0000000600"}, 0x28) sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="4400000000000000000000000700000007038f8609fffffffe0103450044145313ac1e01010000009264010002fffffffe070f250a01010000000000ac1e01019404010000000000f03a6cdd26bebb3514937c2117a6cfce086eb6d16ec0a88f4673ff96cf64e6bcc875086407537787cc3ad736262cedc2b86bc71e4f25c9c6af3d010ce9932c1f67591b510cfc4355441d55ab5335705a6cd3244a612531e00000f6597991fc19d0e042e1dcb1e74bbac0e75bc7e52f1e55a62b06f3a1482a77505e81ebf1988b02d049ea40e2bcd3ba2cfb"], 0x48}, 0xc040) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) setsockopt$WPAN_WANTACK(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000f80)=0x1, 0x4) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r4 = epoll_create(0x8000409) readv(r4, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r6) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r5, &(0x7f0000000040)=[{&(0x7f0000000440)="e600e0af6bc1e945a415f4ae0806", 0xe}], 0x1) r7 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'bridge_slave_0\x00', &(0x7f0000000040)=@ethtool_cmd={0x26, 0x0, 0x40004, 0x86cc, 0x81, 0xf4, 0x4, 0x4, 0xc0, 0x14, 0x2, 0xa5, 0xa, 0x6, 0x5, 0xcc, [0xf6000000, 0x1]}}) syz_open_dev$evdev(&(0x7f000001fa80), 0x20000000, 0x0) 3.313670307s ago: executing program 0 (id=390): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x181100, 0x0) read$rfkill(r0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x84082, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x79, 0x0, 0x1}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_test', 0x1a1081, 0x18) write$khugepaged_scan(r1, &(0x7f0000000000), 0x8) r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c7, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x3, 0xf000, 0x1000, &(0x7f0000001000/0x1000)=nil}) ioctl$KVM_RUN(r4, 0xae80, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x7f, 0x7ffc0002}]}) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x0) ioctl$PIO_UNIMAPCLR(r5, 0x4b68, &(0x7f00000000c0)={0x8, 0x4, 0x9}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x40) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x42) symlink(&(0x7f0000000040)='.\x00', 0x0) ioctl$TIOCGSOFTCAR(r5, 0x5419, &(0x7f0000000100)) ioctl$TCXONC(r5, 0x540a, 0x0) 2.954140484s ago: executing program 2 (id=392): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x3}) r3 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3}) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000100)={r3, 0xfffffff9, 0x1, r3}) r4 = syz_open_dev$loop(&(0x7f0000000100), 0xd5d1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) syz_usb_connect(0x5, 0x35, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000545e0d209904b76b2f680102030109022300010000c0050904970001ff70790008240201210126ff0905123a"], 0x0) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x6fd523b, 0x0, 0x0, 0xb, 0x4, "fee8a2ab78fc979fd1e00d96072000001ea89de2c1fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x3, 0x9]}}) write$binfmt_format(0xffffffffffffffff, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2, 0x7, 0x0, 0x12, 0x1, 0x4, "6a4a42aba98b2f07359d3272d6e8ce294686c732c24a39cc509c79ad4bf6de70b02c91ffbe04916d065f1681d04be078c2e4c1014ec966a8158d76d7aa63c0d9", "ce5862f532d5bff5ff013807abc3406dfe731e87f50cd5bb091fff519936869fd5295ddc045503fe0b01150b5b5ebf1561daa3dc633d717f3f7a3d1f1edac2f2", "c0c045fd3dfd710ca2562c2d8e828bb61dea84761cff87e28f9c8a246fa4f376", [0x8, 0xa]}) io_setup(0x4, &(0x7f0000000140)) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) syz_fuse_handle_req(r7, &(0x7f0000002180), 0x2000, &(0x7f0000004180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) ioctl$TUNSETLINK(r6, 0x400454cd, 0x20) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) close_range(r0, 0xffffffffffffffff, 0x0) 1.59116912s ago: executing program 3 (id=406): sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)=@id={0x1e, 0x3, 0x2, {0x4e22, 0x2}}, 0x10, 0x0}, 0x10) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0xa4}, 0x1, 0x0, 0x0, 0x8004}, 0x0) r0 = socket(0x10, 0x803, 0x0) recvmsg(r0, &(0x7f0000000400)={&(0x7f0000000000)=@l2tp={0x2, 0x0, @initdev}, 0x80, 0x0, 0x0, &(0x7f0000000340)=""/54, 0x36}, 0x142) sendto(r0, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/64, 0xd}, {&(0x7f0000000200)=""/77, 0x9c}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/6, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) 1.535958881s ago: executing program 3 (id=407): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x2, 0x13, 0x40, 0x9, 0x2, 0x0, 0x70bd2d, 0x25dfdbfd}, 0x10}, 0x1, 0x0, 0x80030000000000}, 0x8010) 1.53580412s ago: executing program 3 (id=408): r0 = socket$key(0xf, 0x3, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r1, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@newspdinfo={0x5c, 0x24, 0x400, 0x70bd2c, 0x25dfdbfe, 0x3, [@XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20008800}, 0x400c840) sendmsg$key(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x2, 0x13, 0x40, 0x9, 0x2, 0x0, 0x70bd2d, 0x25dfdbfd}, 0x10}}, 0x8010) 1.535355951s ago: executing program 3 (id=409): r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="5500000020007fafb72d13b2a4a2719302000000030b43016c26236925000400fe7f0000bd2dca8a9848a3c728f138d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade5b175c0a9b2ce9", 0x55}], 0x1}, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1e7d, 0x2ced, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x4, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) utimes(0x0, &(0x7f0000000100)={{0x77359400}, {0x77359400}}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r2, 0x400455c8, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f00000003c0), 0x6) arch_prctl$ARCH_SET_GS(0x1001, 0x0) write$bt_hci(r4, &(0x7f0000000180)=ANY=[], 0x6) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000005c0)={0x24, 0x1a, 0x1, 0x0, 0x25dfdbff, "", [@typed={0x2, 0x3ffc, 0x0, 0x0, @str=':*^${\x00'}, @nested={0x8, 0x1c, 0x0, 0x1, [@generic="579d06ab3d77bdea0c5872b296a14470992a821be6ffdbf32c5366d1e30fbdf4979f70e209020724c90325a8f94f1c8d11dd08335526a4f561b8df1fc39ae9311177a9ba01fbcf916493691b8d325fe6f58df14d663c15c1f7d39b145a4dffc7b06a7436e1860dd3e79f9219f29924203db97abdd9640c62b8"]}]}, 0x24}], 0x1}, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r3, 0x0, 0x81, &(0x7f0000000400)={'broute\x00', 0x0, 0x0, 0x0, [0x5, 0x7fffffff, 0x401, 0x9, 0x80000000000, 0xcd1a], 0x6, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}, {}, {}]}, 0xd8) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000280)={0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="000112"], 0x0, 0x0, 0x0, 0x0}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000008) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='ns\x00') getdents64(r6, &(0x7f00000046c0)=""/4096, 0x1000) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="2b06000000000000c204000013c60502054b040104040107050200070105000000000005020000071000000000010100000100000fdf81790432f187fa768809590ba8918f9d6ddb4d06c83ac658277eda4b502f00419549afc60add46199c56132c1446c12c61a630209f0ac44749fe7116ee56118e1afefa5b490665165fe60298aba963038e52c2d1b60727b82afddc469749b99dd255e388e97820152cfd000000000000"], 0x40) getsockopt$inet6_mreq(r7, 0x29, 0x4d, 0x0, &(0x7f0000001840)=0x1c) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='vfat\x00', 0x808081, 0x0) 1.475097372s ago: executing program 2 (id=410): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) r1 = socket$inet6(0xa, 0x6, 0x40) getsockopt$inet6_int(r1, 0x29, 0x33, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0x3, 0x4}, 0x6) syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 1.102769329s ago: executing program 0 (id=411): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd2(0xe5c, 0x80000) r3 = eventfd2(0x4001, 0x800) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x7, 0x2, r3}) eventfd2(0x8, 0x80001) ioctl$KVM_IRQFD(r1, 0x4020ae76, 0x0) 983.506421ms ago: executing program 0 (id=412): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001900)=ANY=[@ANYBLOB="1c0000005e0001010000000000230000080041008e9de9bf7c5079af10283e"], 0x1c}], 0x1, 0x0, 0x0, 0x3000000}, 0x0) 983.251602ms ago: executing program 1 (id=413): r0 = gettid() timer_create(0x6, &(0x7f0000000080)={0x0, 0x5, 0x4, @tid=r0}, &(0x7f0000000100)) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext=']) r1 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') ptrace$setregs(0xf, r0, 0x7, &(0x7f0000000300)="94a8c959bbf815ca3c9d46398d6984a55660889a916ba4d041000000000a669cc1b1be55f27a793ac591b49efd2e2087d07da47a221b8dfc7c86fdea5d8105ef63c9df3c90d89709051b3b9d28e1160e7cd04d8872be6d275f00000000f4e3afd602493c03c48c706e325a33f03f70daff529ed8b025b929735977be11fb1da2e6f96d3eb9a4dcb9c3ddca2640ed206f9aefc28c84b618fc13eb14b0a32dae419480c3049ae841") setpgid(r0, r0) preadv(r1, &(0x7f0000000400)=[{&(0x7f0000000a40)=""/65, 0x41}], 0x1, 0x8001, 0x0) ioctl$KVM_GET_MSRS_cpu(r1, 0xc008ae88, &(0x7f0000000000)={0x3, 0x0, [{0x37e, 0x0, 0xfffffffffffffe00}, {0x8b}, {0xad7, 0x0, 0xd4}]}) gettid() (async) timer_create(0x6, &(0x7f0000000080)={0x0, 0x5, 0x4, @tid=r0}, &(0x7f0000000100)) (async) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext=']) (async) syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') (async) ptrace$setregs(0xf, r0, 0x7, &(0x7f0000000300)="94a8c959bbf815ca3c9d46398d6984a55660889a916ba4d041000000000a669cc1b1be55f27a793ac591b49efd2e2087d07da47a221b8dfc7c86fdea5d8105ef63c9df3c90d89709051b3b9d28e1160e7cd04d8872be6d275f00000000f4e3afd602493c03c48c706e325a33f03f70daff529ed8b025b929735977be11fb1da2e6f96d3eb9a4dcb9c3ddca2640ed206f9aefc28c84b618fc13eb14b0a32dae419480c3049ae841") (async) setpgid(r0, r0) (async) preadv(r1, &(0x7f0000000400)=[{&(0x7f0000000a40)=""/65, 0x41}], 0x1, 0x8001, 0x0) (async) ioctl$KVM_GET_MSRS_cpu(r1, 0xc008ae88, &(0x7f0000000000)={0x3, 0x0, [{0x37e, 0x0, 0xfffffffffffffe00}, {0x8b}, {0xad7, 0x0, 0xd4}]}) (async) 981.685431ms ago: executing program 0 (id=414): r0 = socket(0xa, 0x2400000001, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, 0x0, &(0x7f0000e5f000)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x802, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) unshare(0x2c020400) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x51, 0x0, &(0x7f0000000400)="c6547e22bade76f1a03b79e954ee20b943f7fe47218a02ff8ba942478a7b6946e9a6000055002cc15e854564e7d309f20d222f9220c8d9b1b0d196137252587ab1794808000000000000000e647c2e7094"}) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 974.198112ms ago: executing program 1 (id=415): sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)=@id={0x1e, 0x3, 0x2, {0x4e22, 0x2}}, 0x10, 0x0}, 0x10) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0xa4}, 0x1, 0x0, 0x0, 0x8004}, 0x0) r0 = socket(0x10, 0x803, 0x0) recvmsg(r0, &(0x7f0000000400)={&(0x7f0000000000)=@l2tp={0x2, 0x0, @initdev}, 0x80, 0x0, 0x0, &(0x7f0000000340)=""/54, 0x36}, 0x142) sendto(r0, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/64, 0xd}, {&(0x7f0000000200)=""/77, 0x9c}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/6, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) 956.705032ms ago: executing program 1 (id=416): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x426001, 0x92) r1 = socket(0x10, 0x2, 0x0) r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000a00)) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x16, 0x0, 0x0, 0xfffffffffffffffa, 0x11, 0x0, 0x3, 0x30}) (async, rerun: 32) sendmsg$DEVLINK_CMD_SB_POOL_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)={0x44, 0x0, 0x328, 0x70bd28, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7fff}, {0x6, 0x11, 0x3ff}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24040000}, 0x8001) (rerun: 32) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000380)={'ip6tnl0\x00', &(0x7f0000000100)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x8, 0x40, @empty, @empty, 0x0, 0x0, 0xffff, 0x7}}) (async) r3 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x50b7a1, 0x140) ioctl$KVM_CREATE_VCPU(r3, 0x7706, 0x2) 899.546863ms ago: executing program 1 (id=417): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x2, 0x13, 0x40, 0x9, 0x2, 0x0, 0x70bd2d, 0x25dfdbfd}, 0x10}, 0x1, 0x0, 0x400000000000000}, 0x8010) 899.079363ms ago: executing program 1 (id=418): syz_open_dev$evdev(0x0, 0x2, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, r0) waitid(0x2, r0, 0x0, 0x4, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(r1, 0x0, 0x4000000a, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x2, 0x13, 0x40, 0x9, 0x2, 0x0, 0x70bd2d, 0x25dfdbfd}, 0x10}}, 0x8010) 894.139703ms ago: executing program 0 (id=419): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x181100, 0x0) read$rfkill(r0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x84082, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x79, 0x0, 0x1}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_test', 0x1a1081, 0x18) write$khugepaged_scan(r1, &(0x7f0000000000), 0x8) r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c7, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x3, 0xf000, 0x1000, &(0x7f0000001000/0x1000)=nil}) ioctl$KVM_RUN(r4, 0xae80, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x7f, 0x7ffc0002}]}) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x0) ioctl$PIO_UNIMAPCLR(r5, 0x4b68, &(0x7f00000000c0)={0x8, 0x4, 0x9}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x40) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x42) symlink(&(0x7f0000000040)='.\x00', 0x0) ioctl$TIOCGSOFTCAR(r5, 0x5419, &(0x7f0000000100)) ioctl$TCXONC(r5, 0x540a, 0x0) 688.293267ms ago: executing program 1 (id=420): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x3}) r3 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3}) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000100)={r3, 0xfffffff9, 0x1, r3}) r4 = syz_open_dev$loop(&(0x7f0000000100), 0xd5d1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) syz_usb_connect(0x5, 0x35, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000545e0d209904b76b2f680102030109022300010000c0050904970001ff70790008240201210126ff0905123a"], 0x0) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x6fd523b, 0x0, 0x0, 0xb, 0x4, "fee8a2ab78fc979fd1e00d96072000001ea89de2c1fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x3, 0x9]}}) write$binfmt_format(0xffffffffffffffff, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2, 0x7, 0x0, 0x12, 0x1, 0x4, "6a4a42aba98b2f07359d3272d6e8ce294686c732c24a39cc509c79ad4bf6de70b02c91ffbe04916d065f1681d04be078c2e4c1014ec966a8158d76d7aa63c0d9", "ce5862f532d5bff5ff013807abc3406dfe731e87f50cd5bb091fff519936869fd5295ddc045503fe0b01150b5b5ebf1561daa3dc633d717f3f7a3d1f1edac2f2", "c0c045fd3dfd710ca2562c2d8e828bb61dea84761cff87e28f9c8a246fa4f376", [0x8, 0xa]}) io_setup(0x4, &(0x7f0000000140)) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) syz_fuse_handle_req(r7, &(0x7f0000002180), 0x2000, &(0x7f0000004180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) ioctl$TUNSETLINK(r6, 0x400454cd, 0x20) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)) close_range(r0, 0xffffffffffffffff, 0x0) 127.425928ms ago: executing program 3 (id=421): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x20, 0x0, 0x0) (async) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x17) (async, rerun: 64) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (rerun: 64) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) (async) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=0']) (async) close_range(r1, r4, 0x0) 0s ago: executing program 3 (id=422): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd2(0xe5c, 0x80000) r3 = eventfd2(0x4001, 0x800) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x7, 0x2, r3}) r4 = eventfd2(0x8, 0x80001) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r2, 0x2, 0x2, r4}) kernel console output (not intermixed with test programs): ] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.973913][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.987053][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.994130][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.003301][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.010405][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.030044][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.037187][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.050023][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.057130][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.077298][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.084360][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.092428][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.099513][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.150733][ T289] veth0_vlan: entered promiscuous mode [ 27.163605][ T291] veth0_vlan: entered promiscuous mode [ 27.177165][ T290] veth0_vlan: entered promiscuous mode [ 27.185116][ T292] veth0_vlan: entered promiscuous mode [ 27.208416][ T289] veth1_macvtap: entered promiscuous mode [ 27.218483][ T290] veth1_macvtap: entered promiscuous mode [ 27.225522][ T291] veth1_macvtap: entered promiscuous mode [ 27.232849][ T292] veth1_macvtap: entered promiscuous mode [ 27.302018][ T290] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 27.409510][ T341] rust_binder: Error while translating object. [ 27.409588][ T341] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 27.417408][ T341] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:4 [ 27.433540][ T346] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7'. [ 27.463660][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 27.531532][ T357] rust_binder: 350 RLIMIT_NICE not set [ 27.590722][ T360] .N: renamed from veth0_to_bond (while UP) [ 27.745407][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 27.785176][ T369] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 27.821271][ T127] Bluetooth: hci1: Frame reassembly failed (-84) [ 27.877016][ T45] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 27.895395][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 27.903517][ T10] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 27.912792][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.921278][ T10] usb 1-1: Product: syz [ 27.925529][ T10] usb 1-1: Manufacturer: syz [ 27.930162][ T10] usb 1-1: SerialNumber: syz [ 27.935947][ T10] usb 1-1: config 0 descriptor?? [ 27.942086][ T10] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 27.950197][ T10] usb 1-1: Detected FT-X [ 28.035791][ T45] usb 3-1: Using ep0 maxpacket: 32 [ 28.042213][ T45] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 28.050813][ T45] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 28.059553][ T45] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 28.068579][ T45] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 28.078375][ T45] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 28.088091][ T45] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 28.101211][ T45] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 28.110473][ T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.120068][ T45] usb 3-1: config 0 descriptor?? [ 28.328833][ T45] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 28.341067][ T45] usb 3-1: USB disconnect, device number 2 [ 28.348204][ T45] usblp0: removed [ 28.765441][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 28.915358][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 28.921637][ T9] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 28.930437][ T9] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 28.939395][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 28.948591][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 28.958538][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 28.968586][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 28.981898][ T9] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 28.991077][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.002483][ T9] usb 3-1: config 0 descriptor?? [ 29.410279][ T9] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 29.423051][ T9] usb 3-1: USB disconnect, device number 3 [ 29.430632][ T9] usblp0: removed [ 29.475365][ T371] Bluetooth: hci0: command 0x1003 tx timeout [ 29.475667][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 29.489588][ T10] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 29.496673][ T10] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 29.503729][ T10] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71 [ 29.510977][ T10] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 29.520087][ T10] usb 1-1: USB disconnect, device number 2 [ 29.528231][ T10] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 29.538075][ T10] ftdi_sio 1-1:0.0: device disconnected [ 29.875423][ T351] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 29.876081][ T53] Bluetooth: hci1: command 0x1003 tx timeout [ 29.951793][ T36] kauditd_printk_skb: 85 callbacks suppressed [ 29.951812][ T36] audit: type=1400 audit(1757390790.080:159): avc: denied { create } for pid=380 comm="syz.1.23" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 29.954675][ T381] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.965142][ T36] audit: type=1400 audit(1757390790.080:160): avc: denied { connect } for pid=380 comm="syz.1.23" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 29.980897][ T381] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:11 [ 29.993969][ T36] audit: type=1400 audit(1757390790.080:161): avc: denied { write } for pid=380 comm="syz.1.23" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 30.057678][ T388] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.057778][ T388] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:16 [ 30.073156][ T391] 9pnet_fd: p9_fd_create_unix (391): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 30.073824][ T394] loop0: detected capacity change from 0 to 7 [ 30.082464][ T36] audit: type=1400 audit(1757390790.110:162): avc: denied { read write } for pid=380 comm="syz.1.23" name="fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 30.144902][ C0] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 30.154169][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 30.162447][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 30.171672][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 30.179650][ T340] loop0: unable to read partition table [ 30.187461][ C0] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 30.196658][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 30.223766][ T36] audit: type=1400 audit(1757390790.110:163): avc: denied { open } for pid=380 comm="syz.1.23" path="/dev/fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 30.248663][ T400] Invalid logical block size (7) [ 30.258231][ T36] audit: type=1400 audit(1757390790.170:164): avc: denied { write } for pid=386 comm="syz.3.17" name="001" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 30.281015][ C0] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 30.290202][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 30.298415][ C0] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 30.307689][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 30.315690][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 30.318764][ T36] audit: type=1326 audit(1757390790.190:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=386 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef518ebe9 code=0x7ffc0000 [ 30.324910][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 30.325769][ T394] loop0: unable to read partition table [ 30.349140][ C0] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 30.366697][ T394] loop_reread_partitions: partition scan of loop0 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 30.370926][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 30.392577][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 30.394888][ T36] audit: type=1326 audit(1757390790.190:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=386 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7efef518ebe9 code=0x7ffc0000 [ 30.401799][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 30.433539][ C0] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 30.437954][ T408] ======================================================= [ 30.437954][ T408] WARNING: The mand mount option has been deprecated and [ 30.437954][ T408] and is ignored by this kernel. Remove the mand [ 30.437954][ T408] option from the mount to silence this warning. [ 30.437954][ T408] ======================================================= [ 30.442710][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 30.485654][ T36] audit: type=1326 audit(1757390790.190:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=386 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef518ebe9 code=0x7ffc0000 [ 30.508764][ C0] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 30.508803][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 30.518087][ T408] binder: Unknown parameter 'context' [ 30.526232][ T397] loop0: unable to read partition table [ 30.531616][ T36] audit: type=1326 audit(1757390790.190:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=386 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef518ebe9 code=0x7ffc0000 [ 30.651886][ T423] cgroup: name respecified [ 30.658340][ T423] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.658367][ T423] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:15 [ 30.684580][ T426] overlay: filesystem on ./bus is read-only [ 30.701509][ T426] overlay: filesystem on ./bus is read-only [ 30.756357][ T438] loop0: detected capacity change from 0 to 7 [ 30.763208][ T438] loop0: unable to read partition table [ 30.769013][ T438] loop_reread_partitions: partition scan of loop0 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 30.783853][ T438] netlink: 'syz.1.35': attribute type 1 has an invalid length. [ 30.792423][ T438] loop0: unable to read partition table [ 30.815514][ T438] Invalid logical block size (7) [ 30.835835][ T439] Invalid logical block size (7) [ 30.935389][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 31.065373][ T9] usb 1-1: device descriptor read/64, error -71 [ 31.105340][ T45] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 31.255388][ T45] usb 3-1: Using ep0 maxpacket: 16 [ 31.261729][ T45] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 31.272013][ T45] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 31.281103][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.289130][ T45] usb 3-1: Product: syz [ 31.293312][ T45] usb 3-1: Manufacturer: syz [ 31.297982][ T45] usb 3-1: SerialNumber: syz [ 31.303297][ T45] usb 3-1: config 0 descriptor?? [ 31.309341][ T45] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 31.315337][ T9] usb 1-1: device descriptor read/64, error -71 [ 31.317477][ T45] usb 3-1: Detected FT232R [ 31.509250][ T45] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 31.555378][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 31.695359][ T9] usb 1-1: device descriptor read/64, error -71 [ 31.716801][ T449] loop2: detected capacity change from 0 to 7 [ 31.723915][ T339] loop2: unable to read partition table [ 31.730113][ T45] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 31.740457][ T449] loop2: unable to read partition table [ 31.749801][ T449] loop_reread_partitions: partition scan of loop2 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 31.768760][ T449] loop2: unable to read partition table [ 31.935337][ T9] usb 1-1: device descriptor read/64, error -71 [ 32.045468][ T9] usb usb1-port1: attempt power cycle [ 32.385359][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 32.406379][ T9] usb 1-1: device descriptor read/8, error -71 [ 32.425660][ T10] usb 3-1: USB disconnect, device number 4 [ 32.433704][ T109] loop2: unable to read partition table [ 32.434311][ T10] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 32.449727][ T10] ftdi_sio 3-1:0.0: device disconnected [ 32.536648][ T9] usb 1-1: device descriptor read/8, error -71 [ 32.613751][ T464] cgroup: fork rejected by pids controller in /syz2 [ 32.668888][ T594] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 32.676631][ T351] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 32.681538][ T53] Bluetooth: hci0: command 0x1003 tx timeout [ 32.766053][ T352] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 32.785347][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 32.806809][ T9] usb 1-1: device descriptor read/8, error -71 [ 32.925706][ T352] usb 2-1: Using ep0 maxpacket: 8 [ 32.935359][ T352] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 32.943660][ T352] usb 2-1: config 179 has no interface number 0 [ 32.953217][ T352] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 32.968441][ T9] usb 1-1: device descriptor read/8, error -71 [ 32.974959][ T352] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 32.991628][ T352] usb 2-1: config 179 interface 65 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 33.003292][ T352] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 33.017269][ T352] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 33.026721][ T352] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.036482][ T460] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 33.075429][ T9] usb usb1-port1: unable to enumerate USB device [ 33.104002][ T614] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 152, size: 228) [ 33.104038][ T614] rust_binder: Error while translating object. [ 33.114790][ T614] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 33.121298][ T614] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:30 [ 33.249616][ T45] usb 2-1: USB disconnect, device number 2 [ 33.319644][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 33.345430][ T31] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 33.496677][ T31] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0 [ 33.509061][ T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 33.519371][ T31] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 33.533763][ T31] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 33.543057][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.551194][ T31] usb 3-1: Product: syz [ 33.556334][ T31] usb 3-1: Manufacturer: syz [ 33.560977][ T31] usb 3-1: SerialNumber: syz [ 33.566412][ T31] usb 3-1: config 0 descriptor?? [ 33.572231][ T31] usb-storage 3-1:0.0: USB Mass Storage device detected [ 33.580622][ T31] usb-storage 3-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 33.772263][ T613] rust_binder: 610 RLIMIT_NICE not set [ 33.772549][ T629] netlink: 'syz.0.56': attribute type 27 has an invalid length. [ 33.788336][ T45] usb 3-1: USB disconnect, device number 5 [ 33.873961][ T633] syzkaller0: entered promiscuous mode [ 33.879608][ T633] syzkaller0: entered allmulticast mode [ 34.031658][ T641] rust_binder: 50: no such ref 0 [ 34.062077][ T644] netlink: 'syz.1.64': attribute type 27 has an invalid length. [ 34.122970][ T645] 9pnet_fd: Insufficient options for proto=fd [ 34.299999][ T9] rust_binder: 609: removing orphan mapping 0:4240 [ 34.545492][ T45] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 34.627285][ T661] SELinux: security_context_str_to_sid () failed with errno=-22 [ 34.697260][ T45] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 34.706593][ T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.716123][ T45] usb 3-1: config 0 descriptor?? [ 34.871496][ T672] netlink: 'syz.0.74': attribute type 27 has an invalid length. [ 34.973319][ T675] capability: warning: `syz.1.75' uses deprecated v2 capabilities in a way that may be insecure [ 35.235525][ T663] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 35.325707][ T45] usb 3-1: Cannot set MAC address [ 35.330894][ T45] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 35.343243][ T45] usb 3-1: USB disconnect, device number 6 [ 35.385320][ T663] usb 2-1: Using ep0 maxpacket: 8 [ 35.391972][ T663] usb 2-1: unable to get BOS descriptor or descriptor too short [ 35.399707][ T351] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 35.405337][ T53] Bluetooth: hci0: command 0x1003 tx timeout [ 35.406353][ T663] usb 2-1: too many configurations: 95, using maximum allowed: 8 [ 35.422183][ T663] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 35.429956][ T663] usb 2-1: can't read configurations, error -61 [ 35.463407][ T36] kauditd_printk_skb: 108 callbacks suppressed [ 35.463425][ T36] audit: type=1400 audit(1757390795.590:277): avc: denied { remount } for pid=681 comm="syz.3.78" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 35.464245][ T682] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 35.489283][ T682] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:42 [ 35.505055][ T36] audit: type=1400 audit(1757390795.630:278): avc: denied { unmount } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 35.565350][ T663] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 35.715364][ T663] usb 2-1: Using ep0 maxpacket: 8 [ 35.721874][ T663] usb 2-1: unable to get BOS descriptor or descriptor too short [ 35.729640][ T663] usb 2-1: too many configurations: 95, using maximum allowed: 8 [ 35.738496][ T663] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 35.746130][ T663] usb 2-1: can't read configurations, error -61 [ 35.752556][ T663] usb usb2-port1: attempt power cycle [ 35.858917][ T36] audit: type=1400 audit(1757390795.990:279): avc: denied { bind } for pid=696 comm="syz.2.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 35.879081][ T36] audit: type=1400 audit(1757390796.010:280): avc: denied { read write } for pid=696 comm="syz.2.83" dev="sockfs" ino=5224 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 35.915364][ T31] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 35.936734][ T127] Bluetooth: hci0: Frame reassembly failed (-84) [ 35.943327][ T127] Bluetooth: hci0: Frame reassembly failed (-84) [ 35.952933][ T701] rust_binder: Write failure EFAULT in pid:201 [ 36.065455][ T31] usb 1-1: Using ep0 maxpacket: 8 [ 36.083239][ T31] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 36.091623][ T31] usb 1-1: config 179 has no interface number 0 [ 36.100966][ T663] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 36.108617][ T31] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 36.119855][ T31] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 36.131301][ T31] usb 1-1: config 179 interface 65 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 36.142299][ T31] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 36.155637][ T31] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 36.164739][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.172839][ T663] usb 2-1: Using ep0 maxpacket: 8 [ 36.179264][ T692] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 36.186857][ T663] usb 2-1: unable to get BOS descriptor or descriptor too short [ 36.194562][ T663] usb 2-1: too many configurations: 95, using maximum allowed: 8 [ 36.205098][ T663] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 36.212801][ T663] usb 2-1: can't read configurations, error -61 [ 36.345359][ T663] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 36.365661][ T663] usb 2-1: Using ep0 maxpacket: 8 [ 36.372185][ T663] usb 2-1: unable to get BOS descriptor or descriptor too short [ 36.379992][ T663] usb 2-1: too many configurations: 95, using maximum allowed: 8 [ 36.388840][ T352] usb 1-1: USB disconnect, device number 7 [ 36.388875][ T663] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 36.402661][ T663] usb 2-1: can't read configurations, error -61 [ 36.409138][ T663] usb usb2-port1: unable to enumerate USB device [ 36.984363][ T715] tmpfs: Unknown parameter '0000000000000000000500000000000000000000005' [ 36.985317][ T36] audit: type=1400 audit(1757390797.110:281): avc: denied { write } for pid=714 comm="syz.0.89" name="raw6" dev="proc" ino=4026532366 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 37.092143][ T720] netlink: 'syz.0.90': attribute type 27 has an invalid length. [ 37.100512][ T719] process 'syz.3.91' launched './file1' with NULL argv: empty string added [ 37.125321][ T36] audit: type=1400 audit(1757390797.250:282): avc: denied { execute_no_trans } for pid=718 comm="syz.3.91" path="/18/file1" dev="tmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 37.152314][ T718] Trying to write to read-only block-device rnullb0 [ 37.234135][ T36] audit: type=1400 audit(1757390797.360:283): avc: denied { append } for pid=725 comm="syz.3.94" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 37.333006][ T36] audit: type=1400 audit(1757390797.460:284): avc: denied { mounton } for pid=732 comm="syz.3.96" path="/23/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 37.427275][ T36] audit: type=1400 audit(1757390797.560:285): avc: denied { unmount } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 37.506065][ T13] Bluetooth: hci1: Frame reassembly failed (-84) [ 37.955350][ T351] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 37.955400][ T371] Bluetooth: hci0: command 0x1003 tx timeout [ 38.037428][ T752] Zero length message leads to an empty skb [ 38.073533][ T36] audit: type=1326 audit(1757390798.200:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=757 comm="syz.2.104" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb20df8ebe9 code=0x0 [ 38.119081][ T763] netlink: 40 bytes leftover after parsing attributes in process `syz.0.106'. [ 38.323142][ T769] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 38.323194][ T769] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:71 [ 38.333108][ T769] rust_binder: 71: no such ref 2 [ 38.347203][ T769] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:71 [ 38.964824][ T779] rust_binder: Write failure EFAULT in pid:216 [ 39.067073][ T783] loop2: detected capacity change from 0 to 7 [ 39.080106][ C1] blk_print_req_error: 23 callbacks suppressed [ 39.080119][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.095580][ C1] buffer_io_error: 23 callbacks suppressed [ 39.095597][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 39.109386][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.118559][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 39.126537][ T291] loop2: unable to read partition table [ 39.133147][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.142342][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 39.150434][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.159603][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 39.167958][ T783] loop2: unable to read partition table [ 39.173764][ T783] loop_reread_partitions: partition scan of loop2 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 39.187699][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.196915][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 39.205319][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.214506][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 39.223054][ T109] loop2: unable to read partition table [ 39.229446][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.238789][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 39.246930][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.256124][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 39.263999][ T784] loop2: unable to read partition table [ 39.273342][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.282562][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 39.291354][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.300583][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 39.362234][ T795] netlink: 'syz.0.117': attribute type 27 has an invalid length. [ 39.449905][ T801] rust_binder: Error while translating object. [ 39.449958][ T801] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 39.456371][ T801] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:232 [ 39.555334][ T351] Bluetooth: hci1: command 0x1003 tx timeout [ 39.555518][ T53] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 39.935363][ T377] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 40.085354][ T377] usb 4-1: Using ep0 maxpacket: 32 [ 40.091815][ T377] usb 4-1: config 0 has an invalid interface number: 151 but max is 0 [ 40.100268][ T377] usb 4-1: config 0 has no interface number 0 [ 40.106608][ T377] usb 4-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2 [ 40.124878][ T841] netlink: 188 bytes leftover after parsing attributes in process `syz.1.135'. [ 40.126935][ T377] usb 4-1: config 0 interface 151 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 40.135817][ T841] overlayfs: missing 'lowerdir' [ 40.144113][ T377] usb 4-1: config 0 interface 151 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 40.173395][ T377] usb 4-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 40.182612][ T377] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.203142][ T377] usb 4-1: Product: syz [ 40.208138][ T13] syzkaller0: tun_net_xmit 76 [ 40.209989][ T377] usb 4-1: Manufacturer: syz [ 40.217899][ T841] syzkaller0: create flow: hash 1935851842 index 1 [ 40.218393][ T13] syzkaller0: tun_net_xmit 48 [ 40.224706][ T377] usb 4-1: SerialNumber: syz [ 40.235534][ T841] syzkaller0: delete flow: hash 1935851842 index 1 [ 40.242952][ T377] usb 4-1: config 0 descriptor?? [ 40.445342][ T663] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 40.491410][ T36] kauditd_printk_skb: 19 callbacks suppressed [ 40.491430][ T36] audit: type=1400 audit(1757390800.620:306): avc: denied { mounton } for pid=854 comm="syz.2.141" path="/47/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 40.526637][ T832] support for cryptoloop has been removed. Use dm-crypt instead. [ 40.537390][ T832] pim6reg1: entered promiscuous mode [ 40.543618][ T832] pim6reg1: entered allmulticast mode [ 40.585406][ T663] usb 1-1: device descriptor read/64, error -71 [ 40.600568][ T377] usb 4-1: invalid MIDI in EP 0 [ 40.617216][ T377] snd-usb-audio 4-1:0.151: probe with driver snd-usb-audio failed with error -22 [ 40.627906][ T377] usb 4-1: USB disconnect, device number 2 [ 40.715789][ T339] udevd[339]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 40.740273][ T867] netlink: 'syz.2.144': attribute type 27 has an invalid length. [ 40.825409][ T663] usb 1-1: device descriptor read/64, error -71 [ 41.065336][ T663] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 41.195482][ T663] usb 1-1: device descriptor read/64, error -71 [ 41.435528][ T663] usb 1-1: device descriptor read/64, error -71 [ 41.545440][ T663] usb usb1-port1: attempt power cycle [ 41.550350][ T876] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 41.563385][ T36] audit: type=1400 audit(1757390801.690:307): avc: denied { getopt } for pid=875 comm="syz.2.148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 41.565389][ T31] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 41.735355][ T31] usb 4-1: Using ep0 maxpacket: 8 [ 41.742399][ T31] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 105, changing to 10 [ 41.753866][ T31] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64 [ 41.763808][ T31] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 41.773499][ T31] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 41.784514][ T31] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 41.793599][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.802385][ T31] usb 4-1: Product: Щ [ 41.806555][ T31] usb 4-1: Manufacturer: 鳐竬靓綥䯶뫷䱊몄뫗捷Ƣઞ᳾䖧ꛘ슴弘ی섛覌䏊ꏤ·萘űꮐ㞑宸ੑ⮶턱戆ﳊ᧟龄쇂⼕ﴌ姯摫乕獚蓇뎩큣⍼賶⇩厷典Ӵ嶅ᴑ懬䉱뚭⇎ꐑ꟫튊蚁퀼ोךּ㋞碑苣娥휍㬻ⰵ퍰唌䕖娨第뿂俾嘔똨錽ᔊ䷢⏓雷ᔗᘭ䮹娦๋텖ﶟ범 [ 41.837276][ T31] usb 4-1: SerialNumber: 뫌鄗﹪胳셙糸ᤖ뉚離霨ꏀ늀暕揫ꦴ칎祜箸ࢫ槔柇胔 [ 41.905349][ T663] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 41.926326][ T663] usb 1-1: device descriptor read/8, error -71 [ 42.050487][ T871] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 42.058785][ T663] usb 1-1: device descriptor read/8, error -71 [ 42.258662][ T31] cdc_ncm 4-1:1.0: bind() failure [ 42.264952][ T31] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 42.273264][ T31] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 42.283384][ T31] usb 4-1: USB disconnect, device number 3 [ 42.295384][ T663] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 42.316510][ T663] usb 1-1: device descriptor read/8, error -71 [ 42.365387][ T377] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 42.446341][ T663] usb 1-1: device descriptor read/8, error -71 [ 42.516990][ T377] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 42.527239][ T377] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 42.537699][ T377] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 42.546872][ T377] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.555021][ T377] usb 3-1: Product: syz [ 42.559305][ T377] usb 3-1: Manufacturer: syz [ 42.564151][ T377] usb 3-1: SerialNumber: syz [ 42.565506][ T663] usb usb1-port1: unable to enumerate USB device [ 42.774039][ T127] Bluetooth: hci0: Frame reassembly failed (-84) [ 42.775025][ T885] netlink: 56 bytes leftover after parsing attributes in process `syz.3.151'. [ 42.789658][ T36] audit: type=1400 audit(1757390802.920:308): avc: denied { mount } for pid=882 comm="syz.2.150" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 42.816623][ T36] audit: type=1400 audit(1757390802.950:309): avc: denied { ioctl } for pid=882 comm="syz.2.150" path="socket:[6747]" dev="sockfs" ino=6747 ioctlcmd=0x48d4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 42.844294][ T377] usb 3-1: 0:2 : does not exist [ 42.851771][ T377] usb 3-1: cannot find UAC_HEADER [ 42.857783][ T377] snd-usb-audio 3-1:1.1: probe with driver snd-usb-audio failed with error -22 [ 42.867702][ T377] usb 3-1: USB disconnect, device number 7 [ 43.025374][ T663] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 43.175348][ T663] usb 4-1: Using ep0 maxpacket: 16 [ 43.182871][ T663] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 43.192009][ T663] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.200051][ T663] usb 4-1: Product: syz [ 43.204283][ T663] usb 4-1: Manufacturer: syz [ 43.209233][ T663] usb 4-1: SerialNumber: syz [ 43.214702][ T663] usb 4-1: config 0 descriptor?? [ 43.221350][ T663] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 43.229436][ T663] usb 4-1: Detected FT-X [ 43.349899][ T36] audit: type=1400 audit(1757390803.480:310): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 43.515653][ T36] audit: type=1400 audit(1757390803.650:311): avc: denied { mount } for pid=890 comm="syz.2.153" name="/" dev="configfs" ino=1610 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 43.551558][ T898] netlink: 'syz.1.155': attribute type 27 has an invalid length. [ 43.615372][ T377] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 43.778025][ T377] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 43.787272][ T377] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.795431][ T377] usb 1-1: Product: syz [ 43.799643][ T377] usb 1-1: Manufacturer: syz [ 43.804260][ T377] usb 1-1: SerialNumber: syz [ 43.865370][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 44.015333][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 44.023499][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 44.032697][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 44.040763][ T9] usb 3-1: Product: syz [ 44.044962][ T9] usb 3-1: Manufacturer: syz [ 44.049676][ T9] usb 3-1: SerialNumber: syz [ 44.259729][ T9] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 44.290974][ T9] usb 3-1: USB disconnect, device number 8 [ 44.300180][ T9] usblp0: removed [ 44.380543][ T36] audit: type=1400 audit(1757390804.510:312): avc: denied { read } for pid=914 comm="syz.2.161" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 44.404992][ T36] audit: type=1400 audit(1757390804.510:313): avc: denied { open } for pid=914 comm="syz.2.161" path="/60/file0/.pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 44.429660][ T36] audit: type=1400 audit(1757390804.510:314): avc: denied { ioctl } for pid=914 comm="syz.2.161" path="/60/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x671e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 44.460920][ T36] audit: type=1400 audit(1757390804.510:315): avc: denied { ioctl } for pid=914 comm="syz.2.161" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=5744 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 44.615322][ T352] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 44.729301][ T930] netlink: 'syz.2.167': attribute type 4 has an invalid length. [ 44.775368][ T352] usb 2-1: Using ep0 maxpacket: 16 [ 44.781883][ T352] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 44.792257][ T352] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 44.803054][ T352] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 44.811545][ T933] netlink: 'syz.2.168': attribute type 27 has an invalid length. [ 44.812615][ T352] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 44.828276][ T352] usb 2-1: Product: syz [ 44.832477][ T352] usb 2-1: Manufacturer: syz [ 44.837355][ T351] Bluetooth: hci0: command 0x1003 tx timeout [ 44.843418][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 44.851212][ T352] usb 2-1: SerialNumber: syz [ 44.852165][ T663] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 44.868273][ T663] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 44.875406][ T663] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 44.882734][ T663] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 44.892102][ T663] usb 4-1: USB disconnect, device number 4 [ 44.899567][ T663] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 44.909365][ T663] ftdi_sio 4-1:0.0: device disconnected [ 45.072014][ T913] SELinux: Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped). [ 45.083676][ T352] usb 2-1: 0:2 : does not exist [ 45.091363][ T352] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 45.104142][ T352] usb 2-1: USB disconnect, device number 7 [ 45.115252][ T340] udevd[340]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 45.592389][ T36] kauditd_printk_skb: 28 callbacks suppressed [ 45.592407][ T36] audit: type=1400 audit(1757390805.720:344): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 45.618424][ T9] usb 4-1: new low-speed USB device number 5 using dummy_hcd [ 45.619901][ T36] audit: type=1400 audit(1757390805.750:345): avc: denied { write } for pid=290 comm="syz-executor" name="34" dev="tmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0" [ 45.660869][ T36] audit: type=1400 audit(1757390805.750:346): avc: denied { remove_name } for pid=290 comm="syz-executor" name="file0" dev="tmpfs" ino=204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0" [ 45.688148][ T36] audit: type=1400 audit(1757390805.750:347): avc: denied { rmdir } for pid=290 comm="syz-executor" name="34" dev="tmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0" [ 45.730364][ T36] audit: type=1326 audit(1757390805.860:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=938 comm="syz.2.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 45.753877][ T351] Bluetooth: hci0: sending frame failed (-49) [ 45.760100][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 45.768183][ T36] audit: type=1326 audit(1757390805.860:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=938 comm="syz.2.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 45.783305][ T944] netlink: 68 bytes leftover after parsing attributes in process `syz.1.172'. [ 45.791419][ T36] audit: type=1326 audit(1757390805.860:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=938 comm="syz.2.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 45.801471][ T9] usb 4-1: Invalid ep0 maxpacket: 64 [ 45.823894][ T36] audit: type=1326 audit(1757390805.860:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=938 comm="syz.2.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 45.852021][ T36] audit: type=1326 audit(1757390805.860:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=938 comm="syz.2.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 45.875790][ T36] audit: type=1326 audit(1757390805.860:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=938 comm="syz.2.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 45.965445][ T9] usb 4-1: new low-speed USB device number 6 using dummy_hcd [ 46.025961][ T947] rust_binder: 946 RLIMIT_NICE not set [ 46.027242][ T947] rust_binder: Read failure Err(EFAULT) in pid:321 [ 46.115329][ T9] usb 4-1: Invalid ep0 maxpacket: 64 [ 46.127422][ T9] usb usb4-port1: attempt power cycle [ 46.241845][ T352] usb 1-1: USB disconnect, device number 12 [ 46.276415][ T949] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 46.285786][ T949] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 46.294236][ T949] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 46.302686][ T949] kvm: requested 14247 ns i8254 timer period limited to 200000 ns [ 46.310795][ T949] kvm: requested 107276 ns i8254 timer period limited to 200000 ns [ 46.318856][ T949] kvm: requested 46933 ns i8254 timer period limited to 200000 ns [ 46.327683][ T949] kvm: requested 107276 ns i8254 timer period limited to 200000 ns [ 46.335781][ T949] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 46.343664][ T949] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 46.351622][ T949] kvm: requested 160914 ns i8254 timer period limited to 200000 ns [ 46.475310][ T9] usb 4-1: new low-speed USB device number 7 using dummy_hcd [ 46.495694][ T9] usb 4-1: Invalid ep0 maxpacket: 64 [ 46.535304][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 46.542798][ T962] netlink: 56 bytes leftover after parsing attributes in process `syz.1.177'. [ 46.599323][ T964] rust_binder: BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch [ 46.626492][ T9] usb 4-1: new low-speed USB device number 8 using dummy_hcd [ 46.646670][ T9] usb 4-1: Invalid ep0 maxpacket: 64 [ 46.653230][ T9] usb usb4-port1: unable to enumerate USB device [ 46.688398][ T967] binder: Bad value for 'defcontext' [ 46.760250][ T970] netlink: 'syz.0.180': attribute type 27 has an invalid length. [ 46.785341][ T352] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 46.867751][ T972] TCP: TCP_TX_DELAY enabled [ 46.893851][ T46] Bluetooth: hci1: Frame reassembly failed (-84) [ 46.901743][ T46] Bluetooth: hci1: Frame reassembly failed (-84) [ 46.935501][ T352] usb 2-1: Using ep0 maxpacket: 16 [ 46.943295][ T352] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 46.952576][ T352] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.960873][ T352] usb 2-1: Product: syz [ 46.965058][ T352] usb 2-1: Manufacturer: syz [ 46.970295][ T352] usb 2-1: SerialNumber: syz [ 46.976225][ T352] usb 2-1: config 0 descriptor?? [ 46.982232][ T352] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 46.990205][ T352] usb 2-1: Detected FT-X [ 47.795736][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 47.946272][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.957983][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.967793][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 47.980849][ T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 47.989926][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.998637][ T9] usb 1-1: config 0 descriptor?? [ 48.407368][ T9] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 48.420492][ T9] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 48.595483][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 48.595589][ T371] Bluetooth: hci0: command 0x1003 tx timeout [ 48.612746][ T352] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 48.620576][ T352] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 48.627729][ T352] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 48.635122][ T352] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 48.644446][ T352] usb 2-1: USB disconnect, device number 8 [ 48.651485][ T352] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 48.661182][ T352] ftdi_sio 2-1:0.0: device disconnected [ 48.682623][ T979] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.691450][ T979] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.700927][ T979] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:107 [ 48.746973][ T31] usb 1-1: USB disconnect, device number 13 [ 48.785354][ T45] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 48.915358][ T53] Bluetooth: hci1: command 0x1003 tx timeout [ 48.915356][ T351] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 48.936408][ T45] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 48.945649][ T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.954490][ T45] usb 4-1: config 0 descriptor?? [ 49.040739][ T994] FAULT_INJECTION: forcing a failure. [ 49.040739][ T994] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 49.053977][ T994] CPU: 0 UID: 0 PID: 994 Comm: syz.2.187 Not tainted syzkaller #0 1976820a860199aae9d2abf4727fc3b97aa7bbea [ 49.054011][ T994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 49.054032][ T994] Call Trace: [ 49.054039][ T994] [ 49.054046][ T994] __dump_stack+0x21/0x30 [ 49.054078][ T994] dump_stack_lvl+0x10c/0x190 [ 49.054105][ T994] ? __cfi_dump_stack_lvl+0x10/0x10 [ 49.054134][ T994] ? kstrtoull+0x13b/0x1e0 [ 49.054163][ T994] dump_stack+0x19/0x20 [ 49.054188][ T994] should_fail_ex+0x3d9/0x530 [ 49.054204][ T994] should_fail+0xf/0x20 [ 49.054217][ T994] should_fail_usercopy+0x1e/0x30 [ 49.054240][ T994] _copy_from_user+0x22/0xb0 [ 49.054269][ T994] ___sys_sendmsg+0x159/0x2a0 [ 49.054292][ T994] ? __sys_sendmsg+0x280/0x280 [ 49.054314][ T994] ? proc_fail_nth_write+0x17e/0x210 [ 49.054340][ T994] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 49.054365][ T994] __x64_sys_sendmsg+0x1eb/0x2c0 [ 49.054382][ T994] ? fput+0x1a5/0x240 [ 49.054408][ T994] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 49.054430][ T994] ? ksys_write+0x1ef/0x250 [ 49.054450][ T994] ? __kasan_check_read+0x15/0x20 [ 49.054480][ T994] x64_sys_call+0x2a4c/0x2ee0 [ 49.054503][ T994] do_syscall_64+0x58/0xf0 [ 49.054526][ T994] ? clear_bhb_loop+0x50/0xa0 [ 49.054552][ T994] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 49.054577][ T994] RIP: 0033:0x7fb20df8ebe9 [ 49.054599][ T994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.054616][ T994] RSP: 002b:00007fb20ee2b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 49.054636][ T994] RAX: ffffffffffffffda RBX: 00007fb20e1c5fa0 RCX: 00007fb20df8ebe9 [ 49.054647][ T994] RDX: 0000000000008010 RSI: 00002000000007c0 RDI: 0000000000000003 [ 49.054657][ T994] RBP: 00007fb20ee2b090 R08: 0000000000000000 R09: 0000000000000000 [ 49.054667][ T994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 49.054676][ T994] R13: 00007fb20e1c6038 R14: 00007fb20e1c5fa0 R15: 00007ffee7f897a8 [ 49.054695][ T994] [ 49.371473][ T1008] netlink: 'syz.1.191': attribute type 27 has an invalid length. [ 49.394228][ T1010] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 49.580196][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 50.177499][ T1018] rust_binder: 1018 RLIMIT_NICE not set [ 50.215544][ T1022] kvm: user requested TSC rate below hardware speed [ 50.242556][ T45] usb 4-1: Cannot set MAC address [ 50.248253][ T45] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 50.262806][ T45] usb 4-1: USB disconnect, device number 9 [ 50.272157][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 50.282444][ T1025] netlink: 56 bytes leftover after parsing attributes in process `syz.3.197'. [ 50.415387][ T663] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 50.554371][ T1030] FAULT_INJECTION: forcing a failure. [ 50.554371][ T1030] name failslab, interval 1, probability 0, space 0, times 1 [ 50.567193][ T1030] CPU: 1 UID: 0 PID: 1030 Comm: syz.0.199 Not tainted syzkaller #0 1976820a860199aae9d2abf4727fc3b97aa7bbea [ 50.567224][ T1030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 50.567240][ T1030] Call Trace: [ 50.567246][ T1030] [ 50.567254][ T1030] __dump_stack+0x21/0x30 [ 50.567284][ T1030] dump_stack_lvl+0x10c/0x190 [ 50.567308][ T1030] ? __cfi_dump_stack_lvl+0x10/0x10 [ 50.567333][ T1030] ? avc_has_perm_noaudit+0x286/0x360 [ 50.567363][ T1030] dump_stack+0x19/0x20 [ 50.567386][ T1030] should_fail_ex+0x3d9/0x530 [ 50.567406][ T1030] should_failslab+0xac/0x100 [ 50.567426][ T1030] kmem_cache_alloc_node_noprof+0x45/0x3b0 [ 50.567454][ T1030] ? __alloc_skb+0x10c/0x370 [ 50.567482][ T1030] __alloc_skb+0x10c/0x370 [ 50.567508][ T1030] pfkey_sendmsg+0x185/0x1030 [ 50.567529][ T1030] ? __cfi_avc_has_perm+0x10/0x10 [ 50.567556][ T1030] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 50.567576][ T1030] ? selinux_socket_sendmsg+0x284/0x380 [ 50.567604][ T1030] ? __cfi_selinux_socket_sendmsg+0x10/0x10 [ 50.567634][ T1030] ? arch_stack_walk+0x10b/0x170 [ 50.567652][ T1030] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 50.567676][ T1030] ? security_socket_sendmsg+0x33/0xd0 [ 50.567693][ T1030] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 50.567712][ T1030] ____sys_sendmsg+0xa18/0xa70 [ 50.567735][ T1030] ? __sys_sendmsg_sock+0x50/0x50 [ 50.567755][ T1030] ? import_iovec+0x81/0xb0 [ 50.567779][ T1030] ___sys_sendmsg+0x220/0x2a0 [ 50.567799][ T1030] ? __sys_sendmsg+0x280/0x280 [ 50.567819][ T1030] ? proc_fail_nth_write+0x17e/0x210 [ 50.567844][ T1030] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 50.567874][ T1030] __x64_sys_sendmsg+0x1eb/0x2c0 [ 50.567894][ T1030] ? fput+0x1a5/0x240 [ 50.567915][ T1030] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 50.567935][ T1030] ? ksys_write+0x1ef/0x250 [ 50.567953][ T1030] ? __kasan_check_read+0x15/0x20 [ 50.567979][ T1030] x64_sys_call+0x2a4c/0x2ee0 [ 50.568007][ T1030] do_syscall_64+0x58/0xf0 [ 50.568034][ T1030] ? clear_bhb_loop+0x50/0xa0 [ 50.568056][ T1030] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 50.568079][ T1030] RIP: 0033:0x7faa1b58ebe9 [ 50.568095][ T1030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.568117][ T1030] RSP: 002b:00007faa1c32b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 50.568138][ T1030] RAX: ffffffffffffffda RBX: 00007faa1b7c5fa0 RCX: 00007faa1b58ebe9 [ 50.568151][ T1030] RDX: 0000000000008010 RSI: 00002000000007c0 RDI: 0000000000000003 [ 50.568163][ T1030] RBP: 00007faa1c32b090 R08: 0000000000000000 R09: 0000000000000000 [ 50.568175][ T1030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 50.568186][ T1030] R13: 00007faa1b7c6038 R14: 00007faa1b7c5fa0 R15: 00007fff5774b968 [ 50.568201][ T1030] [ 50.569187][ T663] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 50.835383][ T352] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 50.836686][ T45] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 50.872771][ T663] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 50.885644][ T663] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 50.894899][ T663] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.904141][ T663] usb 2-1: config 0 descriptor?? [ 50.986566][ T352] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 51.002372][ T352] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.011474][ T352] usb 1-1: config 0 descriptor?? [ 51.045347][ T45] usb 4-1: Using ep0 maxpacket: 16 [ 51.053593][ T45] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 51.063027][ T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.071273][ T45] usb 4-1: Product: syz [ 51.075548][ T45] usb 4-1: Manufacturer: syz [ 51.080280][ T45] usb 4-1: SerialNumber: syz [ 51.086256][ T45] usb 4-1: config 0 descriptor?? [ 51.092752][ T45] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 51.101154][ T45] usb 4-1: Detected FT-X [ 51.312900][ T663] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 51.320305][ T663] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 51.329259][ T663] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 51.336504][ T663] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 51.343796][ T663] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 51.351988][ T663] kovaplus 0003:1E7D:2D50.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0 [ 51.635367][ T351] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 51.635397][ T371] Bluetooth: hci0: command 0x1003 tx timeout [ 51.684465][ T36] kauditd_printk_skb: 53 callbacks suppressed [ 51.684482][ T36] audit: type=1400 audit(1757390811.810:407): avc: denied { unlink } for pid=1034 comm="syz.2.201" name="#3" dev="tmpfs" ino=440 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 51.713327][ T36] audit: type=1400 audit(1757390811.810:408): avc: denied { mount } for pid=1034 comm="syz.2.201" name="/" dev="overlay" ino=435 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 51.875946][ T36] audit: type=1400 audit(1757390812.010:409): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 51.960984][ T1041] netlink: 12 bytes leftover after parsing attributes in process `syz.2.202'. [ 52.077332][ T1042] syzkaller1: entered promiscuous mode [ 52.114860][ T663] kovaplus 0003:1E7D:2D50.0002: couldn't init struct kovaplus_device [ 52.123152][ T663] kovaplus 0003:1E7D:2D50.0002: couldn't install mouse [ 52.130832][ T663] kovaplus 0003:1E7D:2D50.0002: probe with driver kovaplus failed with error -71 [ 52.142168][ T663] usb 2-1: USB disconnect, device number 9 [ 52.355571][ T351] Bluetooth: hci1: command 0x1003 tx timeout [ 52.355606][ T53] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 52.371118][ T45] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 52.378478][ T45] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 52.385614][ T45] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 52.392869][ T45] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 52.402819][ T45] usb 4-1: USB disconnect, device number 10 [ 52.410105][ T45] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 52.420094][ T45] ftdi_sio 4-1:0.0: device disconnected [ 52.578398][ T352] usb 1-1: Cannot set autoneg [ 52.583958][ T352] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 52.596634][ T352] usb 1-1: USB disconnect, device number 14 [ 52.624763][ T376] rust_binder: 1017: removing orphan mapping 0:1192 [ 52.803313][ T1049] netlink: 'syz.2.204': attribute type 27 has an invalid length. [ 52.875349][ T376] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 53.035565][ T376] usb 2-1: Using ep0 maxpacket: 32 [ 53.042096][ T376] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 53.054121][ T376] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 53.063773][ T376] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 53.077556][ T376] usb 2-1: Product: syz [ 53.092364][ T376] usb 2-1: Manufacturer: syz [ 53.099579][ T376] usb 2-1: SerialNumber: syz [ 53.105438][ T36] audit: type=1400 audit(1757390813.230:410): avc: denied { mount } for pid=1059 comm="syz.3.208" name="/" dev="ramfs" ino=7621 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 53.111611][ T376] usb 2-1: config 0 descriptor?? [ 53.135315][ T1060] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 53.144907][ T376] usb 2-1: bad CDC descriptors [ 53.150364][ T376] usb 2-1: unsupported MDLM descriptors [ 53.196498][ T36] audit: type=1326 audit(1757390813.330:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1062 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 53.220150][ T36] audit: type=1326 audit(1757390813.330:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1062 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 53.230155][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 53.256135][ T36] audit: type=1326 audit(1757390813.330:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1062 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 53.284896][ T36] audit: type=1326 audit(1757390813.330:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1062 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 53.309472][ T36] audit: type=1326 audit(1757390813.330:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1062 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 53.333489][ T36] audit: type=1326 audit(1757390813.330:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1062 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 53.358191][ T1045] usb usb8: usbfs: process 1045 (syz.1.203) did not claim interface 0 before use [ 53.368760][ T1073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.379445][ T1073] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 53.384849][ T1076] netlink: 56 bytes leftover after parsing attributes in process `syz.3.214'. [ 53.396761][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 53.533062][ T377] usb 2-1: USB disconnect, device number 10 [ 53.725741][ T1214] rust_binder: Error in use_page_slow: ESRCH [ 53.725762][ T1214] rust_binder: use_range failure ESRCH [ 53.725880][ T1215] rust_binder: Error in use_page_slow: ESRCH [ 53.731795][ T1214] rust_binder: Failed to allocate buffer. len:1168, is_oneway:true [ 53.731825][ T1214] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 53.737801][ T1215] rust_binder: use_range failure ESRCH [ 53.743508][ T1214] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:493 [ 53.751611][ T1215] rust_binder: Failed to allocate buffer. len:1168, is_oneway:true [ 53.775430][ T1215] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 53.783424][ T1215] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:493 [ 54.037692][ T1225] kvm: user requested TSC rate below hardware speed [ 54.165315][ T663] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 54.228326][ T1228] FAULT_INJECTION: forcing a failure. [ 54.228326][ T1228] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 54.241616][ T1228] CPU: 0 UID: 0 PID: 1228 Comm: syz.1.221 Not tainted syzkaller #0 1976820a860199aae9d2abf4727fc3b97aa7bbea [ 54.241651][ T1228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 54.241665][ T1228] Call Trace: [ 54.241673][ T1228] [ 54.241682][ T1228] __dump_stack+0x21/0x30 [ 54.241716][ T1228] dump_stack_lvl+0x10c/0x190 [ 54.241743][ T1228] ? __cfi_dump_stack_lvl+0x10/0x10 [ 54.241774][ T1228] dump_stack+0x19/0x20 [ 54.241795][ T1228] should_fail_ex+0x3d9/0x530 [ 54.241811][ T1228] should_fail+0xf/0x20 [ 54.241824][ T1228] should_fail_usercopy+0x1e/0x30 [ 54.241840][ T1228] _copy_from_iter+0x1a3/0x14b0 [ 54.241857][ T1228] ? kasan_save_alloc_info+0x40/0x50 [ 54.241879][ T1228] ? __kasan_slab_alloc+0x73/0x90 [ 54.241896][ T1228] ? __virt_addr_valid+0x2a6/0x380 [ 54.241914][ T1228] ? __cfi__copy_from_iter+0x10/0x10 [ 54.241931][ T1228] ? __check_object_size+0x50a/0x810 [ 54.241946][ T1228] ? __cfi___check_object_size+0x10/0x10 [ 54.241960][ T1228] ? __alloc_skb+0x1bc/0x370 [ 54.241983][ T1228] ? skb_put+0x112/0x1f0 [ 54.242006][ T1228] pfkey_sendmsg+0x1e0/0x1030 [ 54.242024][ T1228] ? __cfi_avc_has_perm+0x10/0x10 [ 54.242048][ T1228] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 54.242065][ T1228] ? selinux_socket_sendmsg+0x284/0x380 [ 54.242089][ T1228] ? __cfi_selinux_socket_sendmsg+0x10/0x10 [ 54.242114][ T1228] ? arch_stack_walk+0x10b/0x170 [ 54.242130][ T1228] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 54.242149][ T1228] ? security_socket_sendmsg+0x33/0xd0 [ 54.242163][ T1228] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 54.242181][ T1228] ____sys_sendmsg+0xa18/0xa70 [ 54.242199][ T1228] ? __sys_sendmsg_sock+0x50/0x50 [ 54.242217][ T1228] ? import_iovec+0x81/0xb0 [ 54.242236][ T1228] ___sys_sendmsg+0x220/0x2a0 [ 54.242253][ T1228] ? __sys_sendmsg+0x280/0x280 [ 54.242270][ T1228] ? proc_fail_nth_write+0x17e/0x210 [ 54.242291][ T1228] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 54.242317][ T1228] __x64_sys_sendmsg+0x1eb/0x2c0 [ 54.242334][ T1228] ? fput+0x1a5/0x240 [ 54.242352][ T1228] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 54.242369][ T1228] ? ksys_write+0x1ef/0x250 [ 54.242385][ T1228] ? __kasan_check_read+0x15/0x20 [ 54.242408][ T1228] x64_sys_call+0x2a4c/0x2ee0 [ 54.242431][ T1228] do_syscall_64+0x58/0xf0 [ 54.242455][ T1228] ? clear_bhb_loop+0x50/0xa0 [ 54.242475][ T1228] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 54.242500][ T1228] RIP: 0033:0x7ffb8c18ebe9 [ 54.242513][ T1228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.242527][ T1228] RSP: 002b:00007ffb8cfb2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.242544][ T1228] RAX: ffffffffffffffda RBX: 00007ffb8c3c5fa0 RCX: 00007ffb8c18ebe9 [ 54.242556][ T1228] RDX: 0000000000008010 RSI: 00002000000007c0 RDI: 0000000000000003 [ 54.242566][ T1228] RBP: 00007ffb8cfb2090 R08: 0000000000000000 R09: 0000000000000000 [ 54.242576][ T1228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 54.242585][ T1228] R13: 00007ffb8c3c6038 R14: 00007ffb8c3c5fa0 R15: 00007ffc44c0d458 [ 54.242599][ T1228] [ 54.345344][ T663] usb 3-1: device descriptor read/64, error -71 [ 54.534345][ T1237] netlink: 'syz.1.224': attribute type 27 has an invalid length. [ 54.775429][ T663] usb 3-1: device descriptor read/64, error -71 [ 55.015362][ T663] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 55.145376][ T663] usb 3-1: device descriptor read/64, error -71 [ 55.235326][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 55.235338][ T371] Bluetooth: hci0: command 0x1003 tx timeout [ 55.385328][ T663] usb 3-1: device descriptor read/64, error -71 [ 55.395344][ T53] Bluetooth: hci1: command 0x1003 tx timeout [ 55.401469][ T351] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 55.496597][ T663] usb usb3-port1: attempt power cycle [ 55.693535][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 55.835414][ T663] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 55.856626][ T663] usb 3-1: device descriptor read/8, error -71 [ 55.875371][ T376] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 55.942429][ T1283] FAULT_INJECTION: forcing a failure. [ 55.942429][ T1283] name failslab, interval 1, probability 0, space 0, times 0 [ 55.956855][ T1283] CPU: 0 UID: 0 PID: 1283 Comm: syz.3.239 Not tainted syzkaller #0 1976820a860199aae9d2abf4727fc3b97aa7bbea [ 55.956884][ T1283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 55.956896][ T1283] Call Trace: [ 55.956901][ T1283] [ 55.956907][ T1283] __dump_stack+0x21/0x30 [ 55.956933][ T1283] dump_stack_lvl+0x10c/0x190 [ 55.956954][ T1283] ? __cfi_dump_stack_lvl+0x10/0x10 [ 55.956977][ T1283] ? __kasan_check_write+0x18/0x20 [ 55.957000][ T1283] dump_stack+0x19/0x20 [ 55.957020][ T1283] should_fail_ex+0x3d9/0x530 [ 55.957036][ T1283] should_failslab+0xac/0x100 [ 55.957052][ T1283] kmem_cache_alloc_noprof+0x42/0x3a0 [ 55.957076][ T1283] ? skb_clone+0x229/0x460 [ 55.957091][ T1283] ? __cfi_mutex_lock+0x10/0x10 [ 55.957109][ T1283] skb_clone+0x229/0x460 [ 55.957124][ T1283] pfkey_sendmsg+0x459/0x1030 [ 55.957142][ T1283] ? __cfi_avc_has_perm+0x10/0x10 [ 55.957174][ T1283] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 55.957196][ T1283] ? selinux_socket_sendmsg+0x284/0x380 [ 55.957243][ T1283] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 55.957267][ T1283] ? security_socket_sendmsg+0x33/0xd0 [ 55.957281][ T1283] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 55.957299][ T1283] ____sys_sendmsg+0xa18/0xa70 [ 55.957317][ T1283] ? __sys_sendmsg_sock+0x50/0x50 [ 55.957335][ T1283] ? import_iovec+0x81/0xb0 [ 55.957355][ T1283] ___sys_sendmsg+0x220/0x2a0 [ 55.957372][ T1283] ? __sys_sendmsg+0x280/0x280 [ 55.957389][ T1283] ? proc_fail_nth_write+0x17e/0x210 [ 55.957410][ T1283] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 55.957437][ T1283] __x64_sys_sendmsg+0x1eb/0x2c0 [ 55.957453][ T1283] ? fput+0x1a5/0x240 [ 55.957471][ T1283] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 55.957488][ T1283] ? ksys_write+0x1ef/0x250 [ 55.957504][ T1283] ? __kasan_check_read+0x15/0x20 [ 55.957527][ T1283] x64_sys_call+0x2a4c/0x2ee0 [ 55.957550][ T1283] do_syscall_64+0x58/0xf0 [ 55.957574][ T1283] ? clear_bhb_loop+0x50/0xa0 [ 55.957594][ T1283] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 55.957613][ T1283] RIP: 0033:0x7efef518ebe9 [ 55.957633][ T1283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.957647][ T1283] RSP: 002b:00007efef6053038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.957665][ T1283] RAX: ffffffffffffffda RBX: 00007efef53c5fa0 RCX: 00007efef518ebe9 [ 55.957677][ T1283] RDX: 0000000000008010 RSI: 00002000000007c0 RDI: 0000000000000003 [ 55.957687][ T1283] RBP: 00007efef6053090 R08: 0000000000000000 R09: 0000000000000000 [ 55.957697][ T1283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.957707][ T1283] R13: 00007efef53c6038 R14: 00007efef53c5fa0 R15: 00007ffe0c082628 [ 55.957721][ T1283] [ 56.016539][ T663] usb 3-1: device descriptor read/8, error -71 [ 56.035386][ T376] usb 2-1: Using ep0 maxpacket: 32 [ 56.249956][ T376] usb 2-1: config 0 has an invalid interface number: 151 but max is 0 [ 56.258372][ T376] usb 2-1: config 0 has no interface number 0 [ 56.264492][ T376] usb 2-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2 [ 56.276164][ T376] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 56.286048][ T376] usb 2-1: config 0 interface 151 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 56.295435][ T663] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 56.297635][ T376] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 56.312680][ T376] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.316486][ T663] usb 3-1: device descriptor read/8, error -71 [ 56.321014][ T376] usb 2-1: Product: syz [ 56.331395][ T376] usb 2-1: Manufacturer: syz [ 56.336080][ T376] usb 2-1: SerialNumber: syz [ 56.345553][ T376] usb 2-1: config 0 descriptor?? [ 56.411384][ T1293] netlink: 'syz.3.243': attribute type 27 has an invalid length. [ 56.456887][ T663] usb 3-1: device descriptor read/8, error -71 [ 56.565433][ T663] usb usb3-port1: unable to enumerate USB device [ 56.596485][ T1276] support for cryptoloop has been removed. Use dm-crypt instead. [ 56.617630][ T1276] pim6reg1: entered promiscuous mode [ 56.623014][ T1276] pim6reg1: entered allmulticast mode [ 56.677637][ T376] usb 2-1: invalid MIDI in EP 0 [ 56.692235][ T376] snd-usb-audio 2-1:0.151: probe with driver snd-usb-audio failed with error -22 [ 56.703602][ T376] usb 2-1: USB disconnect, device number 11 [ 56.711873][ T339] udevd[339]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 56.850539][ T36] kauditd_printk_skb: 22 callbacks suppressed [ 56.850559][ T36] audit: type=1400 audit(1757390816.980:439): avc: denied { remount } for pid=1297 comm="syz.2.245" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 57.042390][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 57.046730][ T1306] netlink: 56 bytes leftover after parsing attributes in process `syz.2.248'. [ 57.203728][ T1309] FAULT_INJECTION: forcing a failure. [ 57.203728][ T1309] name failslab, interval 1, probability 0, space 0, times 0 [ 57.216565][ T1309] CPU: 1 UID: 0 PID: 1309 Comm: syz.3.249 Not tainted syzkaller #0 1976820a860199aae9d2abf4727fc3b97aa7bbea [ 57.216592][ T1309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 57.216602][ T1309] Call Trace: [ 57.216607][ T1309] [ 57.216614][ T1309] __dump_stack+0x21/0x30 [ 57.216639][ T1309] dump_stack_lvl+0x10c/0x190 [ 57.216660][ T1309] ? __cfi_dump_stack_lvl+0x10/0x10 [ 57.216682][ T1309] dump_stack+0x19/0x20 [ 57.216702][ T1309] should_fail_ex+0x3d9/0x530 [ 57.216718][ T1309] should_failslab+0xac/0x100 [ 57.216734][ T1309] kmem_cache_alloc_node_noprof+0x45/0x3b0 [ 57.216758][ T1309] ? __alloc_skb+0x10c/0x370 [ 57.216784][ T1309] __alloc_skb+0x10c/0x370 [ 57.216806][ T1309] unicast_flush_resp+0x2e/0x160 [ 57.216825][ T1309] pfkey_spdflush+0xbc/0x280 [ 57.216844][ T1309] ? __cfi_pfkey_spdflush+0x10/0x10 [ 57.216862][ T1309] ? pfkey_broadcast+0x2f2/0x320 [ 57.216877][ T1309] ? sk_skb_reason_drop+0xd8/0x310 [ 57.216893][ T1309] pfkey_sendmsg+0xbf7/0x1030 [ 57.216909][ T1309] ? __cfi_avc_has_perm+0x10/0x10 [ 57.216933][ T1309] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 57.216950][ T1309] ? selinux_socket_sendmsg+0x284/0x380 [ 57.216977][ T1309] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 57.216996][ T1309] ? security_socket_sendmsg+0x33/0xd0 [ 57.217011][ T1309] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 57.217028][ T1309] ____sys_sendmsg+0xa18/0xa70 [ 57.217046][ T1309] ? __sys_sendmsg_sock+0x50/0x50 [ 57.217064][ T1309] ? import_iovec+0x81/0xb0 [ 57.217084][ T1309] ___sys_sendmsg+0x220/0x2a0 [ 57.217101][ T1309] ? __sys_sendmsg+0x280/0x280 [ 57.217117][ T1309] ? proc_fail_nth_write+0x17e/0x210 [ 57.217138][ T1309] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 57.217164][ T1309] __x64_sys_sendmsg+0x1eb/0x2c0 [ 57.217187][ T1309] ? fput+0x1a5/0x240 [ 57.217210][ T1309] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 57.217233][ T1309] ? ksys_write+0x1ef/0x250 [ 57.217251][ T1309] ? __kasan_check_read+0x15/0x20 [ 57.217274][ T1309] x64_sys_call+0x2a4c/0x2ee0 [ 57.217297][ T1309] do_syscall_64+0x58/0xf0 [ 57.217320][ T1309] ? clear_bhb_loop+0x50/0xa0 [ 57.217340][ T1309] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 57.217359][ T1309] RIP: 0033:0x7efef518ebe9 [ 57.217372][ T1309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.217386][ T1309] RSP: 002b:00007efef6053038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.217403][ T1309] RAX: ffffffffffffffda RBX: 00007efef53c5fa0 RCX: 00007efef518ebe9 [ 57.217415][ T1309] RDX: 0000000000008010 RSI: 00002000000007c0 RDI: 0000000000000003 [ 57.217426][ T1309] RBP: 00007efef6053090 R08: 0000000000000000 R09: 0000000000000000 [ 57.217436][ T1309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 57.217446][ T1309] R13: 00007efef53c6038 R14: 00007efef53c5fa0 R15: 00007ffe0c082628 [ 57.217459][ T1309] [ 57.612624][ T1315] input: syz1 as /devices/virtual/input/input8 [ 57.621888][ T36] audit: type=1400 audit(1757390817.750:440): avc: denied { read } for pid=94 comm="acpid" name="event3" dev="devtmpfs" ino=534 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 57.645934][ T36] audit: type=1400 audit(1757390817.750:441): avc: denied { open } for pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=534 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 57.656139][ T1315] ip6gretap0: mtu less than device minimum [ 57.669801][ T36] audit: type=1400 audit(1757390817.750:442): avc: denied { ioctl } for pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=534 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 57.675830][ T1317] netlink: 'syz.1.253': attribute type 2 has an invalid length. [ 57.699860][ T36] audit: type=1400 audit(1757390817.770:443): avc: denied { bind } for pid=1316 comm="syz.1.253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 57.715406][ T1318] input: syz1 as /devices/virtual/input/input7 [ 57.727357][ T36] audit: type=1400 audit(1757390817.770:444): avc: denied { name_bind } for pid=1316 comm="syz.1.253" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 57.734366][ T351] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 57.754218][ T36] audit: type=1400 audit(1757390817.770:445): avc: denied { node_bind } for pid=1316 comm="syz.1.253" saddr=127.0.0.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 57.760782][ T371] Bluetooth: hci0: command 0x1003 tx timeout [ 57.797601][ T1315] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 57.797641][ T1315] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:153 [ 57.809846][ T36] audit: type=1400 audit(1757390817.920:446): avc: denied { read } for pid=1316 comm="syz.1.253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 57.945327][ T1330] netlink: 'syz.3.258': attribute type 27 has an invalid length. [ 58.002135][ T1333] FAULT_INJECTION: forcing a failure. [ 58.002135][ T1333] name failslab, interval 1, probability 0, space 0, times 0 [ 58.014879][ T1333] CPU: 1 UID: 0 PID: 1333 Comm: syz.1.259 Not tainted syzkaller #0 1976820a860199aae9d2abf4727fc3b97aa7bbea [ 58.014914][ T1333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 58.014928][ T1333] Call Trace: [ 58.014934][ T1333] [ 58.014941][ T1333] __dump_stack+0x21/0x30 [ 58.014967][ T1333] dump_stack_lvl+0x10c/0x190 [ 58.014987][ T1333] ? __cfi_dump_stack_lvl+0x10/0x10 [ 58.015010][ T1333] dump_stack+0x19/0x20 [ 58.015030][ T1333] should_fail_ex+0x3d9/0x530 [ 58.015045][ T1333] should_failslab+0xac/0x100 [ 58.015062][ T1333] kmem_cache_alloc_node_noprof+0x45/0x3b0 [ 58.015086][ T1333] ? __alloc_skb+0x10c/0x370 [ 58.015109][ T1333] __alloc_skb+0x10c/0x370 [ 58.015132][ T1333] unicast_flush_resp+0x2e/0x160 [ 58.015151][ T1333] pfkey_spdflush+0xbc/0x280 [ 58.015170][ T1333] ? __cfi_pfkey_spdflush+0x10/0x10 [ 58.015188][ T1333] ? pfkey_broadcast+0x2f2/0x320 [ 58.015204][ T1333] ? sk_skb_reason_drop+0xd8/0x310 [ 58.015219][ T1333] pfkey_sendmsg+0xbf7/0x1030 [ 58.015237][ T1333] ? __cfi_avc_has_perm+0x10/0x10 [ 58.015269][ T1333] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 58.015292][ T1333] ? selinux_socket_sendmsg+0x284/0x380 [ 58.015326][ T1333] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 58.015351][ T1333] ? security_socket_sendmsg+0x33/0xd0 [ 58.015371][ T1333] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 58.015392][ T1333] ____sys_sendmsg+0xa18/0xa70 [ 58.015414][ T1333] ? __sys_sendmsg_sock+0x50/0x50 [ 58.015455][ T1333] ? import_iovec+0x81/0xb0 [ 58.015480][ T1333] ___sys_sendmsg+0x220/0x2a0 [ 58.015501][ T1333] ? __sys_sendmsg+0x280/0x280 [ 58.015521][ T1333] ? proc_fail_nth_write+0x17e/0x210 [ 58.015545][ T1333] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 58.015575][ T1333] __x64_sys_sendmsg+0x1eb/0x2c0 [ 58.015594][ T1333] ? fput+0x1a5/0x240 [ 58.015616][ T1333] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 58.015635][ T1333] ? ksys_write+0x1ef/0x250 [ 58.015653][ T1333] ? __kasan_check_read+0x15/0x20 [ 58.015679][ T1333] x64_sys_call+0x2a4c/0x2ee0 [ 58.015706][ T1333] do_syscall_64+0x58/0xf0 [ 58.015733][ T1333] ? clear_bhb_loop+0x50/0xa0 [ 58.015765][ T1333] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 58.015788][ T1333] RIP: 0033:0x7ffb8c18ebe9 [ 58.015804][ T1333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.015820][ T1333] RSP: 002b:00007ffb8cfb2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.015841][ T1333] RAX: ffffffffffffffda RBX: 00007ffb8c3c5fa0 RCX: 00007ffb8c18ebe9 [ 58.015855][ T1333] RDX: 0000000000008010 RSI: 00002000000007c0 RDI: 0000000000000003 [ 58.015868][ T1333] RBP: 00007ffb8cfb2090 R08: 0000000000000000 R09: 0000000000000000 [ 58.015880][ T1333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 58.015892][ T1333] R13: 00007ffb8c3c6038 R14: 00007ffb8c3c5fa0 R15: 00007ffc44c0d458 [ 58.015908][ T1333] [ 58.355362][ T373] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 58.506478][ T373] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 58.516449][ T373] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.525498][ T373] usb 1-1: config 0 descriptor?? [ 58.546990][ T36] audit: type=1326 audit(1757390818.680:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1345 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb8c18ebe9 code=0x7ffc0000 [ 58.570531][ T36] audit: type=1326 audit(1757390818.680:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1345 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb8c18ebe9 code=0x7ffc0000 [ 59.069021][ T1367] FAULT_INJECTION: forcing a failure. [ 59.069021][ T1367] name failslab, interval 1, probability 0, space 0, times 0 [ 59.081773][ T1367] CPU: 1 UID: 0 PID: 1367 Comm: syz.3.272 Not tainted syzkaller #0 1976820a860199aae9d2abf4727fc3b97aa7bbea [ 59.081805][ T1367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 59.081818][ T1367] Call Trace: [ 59.081824][ T1367] [ 59.081832][ T1367] __dump_stack+0x21/0x30 [ 59.081869][ T1367] dump_stack_lvl+0x10c/0x190 [ 59.081895][ T1367] ? __cfi_dump_stack_lvl+0x10/0x10 [ 59.081925][ T1367] dump_stack+0x19/0x20 [ 59.081945][ T1367] should_fail_ex+0x3d9/0x530 [ 59.081961][ T1367] should_failslab+0xac/0x100 [ 59.081978][ T1367] kmem_cache_alloc_noprof+0x42/0x3a0 [ 59.082001][ T1367] ? skb_clone+0x229/0x460 [ 59.082017][ T1367] skb_clone+0x229/0x460 [ 59.082032][ T1367] pfkey_broadcast_one+0xa2/0x3b0 [ 59.082049][ T1367] pfkey_broadcast+0x2d9/0x320 [ 59.082066][ T1367] unicast_flush_resp+0xe9/0x160 [ 59.082085][ T1367] pfkey_spdflush+0xbc/0x280 [ 59.082104][ T1367] ? __cfi_pfkey_spdflush+0x10/0x10 [ 59.082122][ T1367] ? pfkey_broadcast+0x2f2/0x320 [ 59.082137][ T1367] ? sk_skb_reason_drop+0xd8/0x310 [ 59.082153][ T1367] pfkey_sendmsg+0xbf7/0x1030 [ 59.082170][ T1367] ? __cfi_avc_has_perm+0x10/0x10 [ 59.082193][ T1367] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 59.082210][ T1367] ? selinux_socket_sendmsg+0x284/0x380 [ 59.082238][ T1367] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 59.082257][ T1367] ? security_socket_sendmsg+0x33/0xd0 [ 59.082271][ T1367] ? __cfi_pfkey_sendmsg+0x10/0x10 [ 59.082288][ T1367] ____sys_sendmsg+0xa18/0xa70 [ 59.082307][ T1367] ? __sys_sendmsg_sock+0x50/0x50 [ 59.082324][ T1367] ? import_iovec+0x81/0xb0 [ 59.082344][ T1367] ___sys_sendmsg+0x220/0x2a0 [ 59.082363][ T1367] ? __sys_sendmsg+0x280/0x280 [ 59.082379][ T1367] ? proc_fail_nth_write+0x17e/0x210 [ 59.082400][ T1367] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 59.082426][ T1367] __x64_sys_sendmsg+0x1eb/0x2c0 [ 59.082442][ T1367] ? fput+0x1a5/0x240 [ 59.082460][ T1367] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 59.082477][ T1367] ? ksys_write+0x1ef/0x250 [ 59.082492][ T1367] ? __kasan_check_read+0x15/0x20 [ 59.082515][ T1367] x64_sys_call+0x2a4c/0x2ee0 [ 59.082538][ T1367] do_syscall_64+0x58/0xf0 [ 59.082562][ T1367] ? clear_bhb_loop+0x50/0xa0 [ 59.082582][ T1367] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 59.082609][ T1367] RIP: 0033:0x7efef518ebe9 [ 59.082622][ T1367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.082635][ T1367] RSP: 002b:00007efef6053038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.082653][ T1367] RAX: ffffffffffffffda RBX: 00007efef53c5fa0 RCX: 00007efef518ebe9 [ 59.082665][ T1367] RDX: 0000000000008010 RSI: 00002000000007c0 RDI: 0000000000000003 [ 59.082675][ T1367] RBP: 00007efef6053090 R08: 0000000000000000 R09: 0000000000000000 [ 59.082686][ T1367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 59.082695][ T1367] R13: 00007efef53c6038 R14: 00007efef53c5fa0 R15: 00007ffe0c082628 [ 59.082709][ T1367] [ 59.085377][ T53] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 59.117736][ T351] Bluetooth: hci1: command 0x1003 tx timeout [ 59.473287][ T1376] netlink: 'syz.3.275': attribute type 27 has an invalid length. [ 59.798051][ T373] usb 1-1: Cannot set autoneg [ 59.802927][ T373] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 59.815488][ T373] usb 1-1: USB disconnect, device number 15 [ 60.292180][ T1382] /dev/rnullb0: Can't open blockdev [ 60.363811][ T46] Bluetooth: hci1: Frame reassembly failed (-84) [ 60.366141][ T1395] netlink: 56 bytes leftover after parsing attributes in process `syz.3.284'. [ 60.370381][ T46] Bluetooth: hci1: Frame reassembly failed (-84) [ 60.497330][ T1398] FAULT_INJECTION: forcing a failure. [ 60.497330][ T1398] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 60.510531][ T1398] CPU: 1 UID: 0 PID: 1398 Comm: syz.2.285 Not tainted syzkaller #0 1976820a860199aae9d2abf4727fc3b97aa7bbea [ 60.510569][ T1398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 60.510581][ T1398] Call Trace: [ 60.510588][ T1398] [ 60.510594][ T1398] __dump_stack+0x21/0x30 [ 60.510620][ T1398] dump_stack_lvl+0x10c/0x190 [ 60.510641][ T1398] ? __cfi_dump_stack_lvl+0x10/0x10 [ 60.510663][ T1398] ? check_stack_object+0x12c/0x140 [ 60.510678][ T1398] dump_stack+0x19/0x20 [ 60.510698][ T1398] should_fail_ex+0x3d9/0x530 [ 60.510714][ T1398] should_fail+0xf/0x20 [ 60.510727][ T1398] should_fail_usercopy+0x1e/0x30 [ 60.510743][ T1398] _copy_to_user+0x24/0xa0 [ 60.510762][ T1398] simple_read_from_buffer+0xed/0x160 [ 60.510782][ T1398] proc_fail_nth_read+0x19e/0x210 [ 60.510804][ T1398] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 60.510825][ T1398] ? bpf_lsm_file_permission+0xd/0x20 [ 60.510846][ T1398] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 60.510867][ T1398] vfs_read+0x278/0xb60 [ 60.510881][ T1398] ? __cfi_vfs_read+0x10/0x10 [ 60.510894][ T1398] ? __kasan_check_write+0x18/0x20 [ 60.510917][ T1398] ? mutex_lock+0x92/0x1c0 [ 60.510934][ T1398] ? __cfi_mutex_lock+0x10/0x10 [ 60.510951][ T1398] ? __fget_files+0x2c5/0x340 [ 60.510969][ T1398] ksys_read+0x141/0x250 [ 60.510983][ T1398] ? __cfi_ksys_read+0x10/0x10 [ 60.510997][ T1398] ? __kasan_check_read+0x15/0x20 [ 60.511019][ T1398] __x64_sys_read+0x7f/0x90 [ 60.511033][ T1398] x64_sys_call+0x2638/0x2ee0 [ 60.511056][ T1398] do_syscall_64+0x58/0xf0 [ 60.511079][ T1398] ? clear_bhb_loop+0x50/0xa0 [ 60.511099][ T1398] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 60.511118][ T1398] RIP: 0033:0x7fb20df8d5fc [ 60.511132][ T1398] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 60.511145][ T1398] RSP: 002b:00007fb20ee2b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 60.511162][ T1398] RAX: ffffffffffffffda RBX: 00007fb20e1c5fa0 RCX: 00007fb20df8d5fc [ 60.511174][ T1398] RDX: 000000000000000f RSI: 00007fb20ee2b0a0 RDI: 0000000000000004 [ 60.511185][ T1398] RBP: 00007fb20ee2b090 R08: 0000000000000000 R09: 0000000000000000 [ 60.511194][ T1398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.511204][ T1398] R13: 00007fb20e1c6038 R14: 00007fb20e1c5fa0 R15: 00007ffee7f897a8 [ 60.511217][ T1398] [ 60.585370][ T377] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 60.595746][ T53] Bluetooth: hci0: command 0x1003 tx timeout [ 60.601361][ T371] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 60.833488][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 60.840612][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 60.926509][ T377] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 60.939047][ T377] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 60.948287][ T377] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.956387][ T377] usb 1-1: Product: syz [ 60.960636][ T377] usb 1-1: Manufacturer: syz [ 60.965304][ T377] usb 1-1: SerialNumber: syz [ 61.691389][ T1413] netlink: 'syz.1.291': attribute type 27 has an invalid length. [ 61.973602][ T377] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 61.980436][ T377] cdc_ncm 1-1:1.0: dwNtbInMaxSize=20 is too small. Using 2048 [ 61.988215][ T377] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 62.180387][ T377] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 62.194028][ T377] usb 1-1: USB disconnect, device number 16 [ 62.200456][ T377] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 62.210121][ T36] kauditd_printk_skb: 22 callbacks suppressed [ 62.210140][ T36] audit: type=1400 audit(1757390822.350:471): avc: denied { read } for pid=149 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 62.435454][ T53] Bluetooth: hci1: command 0x1003 tx timeout [ 62.437506][ T351] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 62.474959][ T36] audit: type=1400 audit(1757390822.600:472): avc: denied { remount } for pid=1416 comm="syz.3.293" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 62.710731][ T36] audit: type=1326 audit(1757390822.840:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1422 comm="syz.0.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 62.734299][ T36] audit: type=1326 audit(1757390822.840:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1422 comm="syz.0.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 62.758168][ T377] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 62.765636][ T36] audit: type=1326 audit(1757390822.860:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1422 comm="syz.0.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 62.765822][ T376] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 62.789323][ T36] audit: type=1326 audit(1757390822.860:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1422 comm="syz.0.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 62.820510][ T36] audit: type=1326 audit(1757390822.860:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1422 comm="syz.0.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 62.835667][ T53] Bluetooth: hci0: command 0x1003 tx timeout [ 62.844292][ T371] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 62.857971][ T36] audit: type=1326 audit(1757390822.890:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1422 comm="syz.0.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 62.881566][ T36] audit: type=1326 audit(1757390822.890:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1422 comm="syz.0.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 62.905442][ T36] audit: type=1326 audit(1757390822.890:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1422 comm="syz.0.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 62.955359][ T376] usb 4-1: device descriptor read/64, error -71 [ 62.965332][ T377] usb 2-1: Using ep0 maxpacket: 32 [ 62.971701][ T377] usb 2-1: config 0 has an invalid interface number: 151 but max is 0 [ 62.980048][ T377] usb 2-1: config 0 has no interface number 0 [ 62.986229][ T377] usb 2-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2 [ 62.997978][ T377] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 63.007905][ T377] usb 2-1: config 0 interface 151 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 63.019199][ T377] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 63.029020][ T377] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.037208][ T377] usb 2-1: Product: syz [ 63.041622][ T377] usb 2-1: Manufacturer: syz [ 63.046297][ T377] usb 2-1: SerialNumber: syz [ 63.051979][ T377] usb 2-1: config 0 descriptor?? [ 63.205382][ T376] usb 4-1: device descriptor read/64, error -71 [ 63.276602][ T1419] support for cryptoloop has been removed. Use dm-crypt instead. [ 63.291271][ T1419] pim6reg1: entered promiscuous mode [ 63.296781][ T1419] pim6reg1: entered allmulticast mode [ 63.336678][ T377] usb 2-1: invalid MIDI in EP 0 [ 63.358036][ T377] snd-usb-audio 2-1:0.151: probe with driver snd-usb-audio failed with error -22 [ 63.371396][ T377] usb 2-1: USB disconnect, device number 12 [ 63.380554][ T339] udevd[339]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 63.455364][ T376] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 63.585352][ T376] usb 4-1: device descriptor read/64, error -71 [ 63.802848][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 63.803809][ T1433] netlink: 56 bytes leftover after parsing attributes in process `syz.2.300'. [ 63.832098][ T376] usb 4-1: device descriptor read/64, error -71 [ 63.945533][ T376] usb usb4-port1: attempt power cycle [ 64.078359][ T1443] netlink: 'syz.1.304': attribute type 27 has an invalid length. [ 64.285357][ T376] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 64.306483][ T376] usb 4-1: device descriptor read/8, error -71 [ 64.436478][ T376] usb 4-1: device descriptor read/8, error -71 [ 64.675349][ T376] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 64.696798][ T376] usb 4-1: device descriptor read/8, error -71 [ 64.826439][ T376] usb 4-1: device descriptor read/8, error -71 [ 64.835492][ T351] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 64.836223][ T53] Bluetooth: hci1: command 0x1003 tx timeout [ 64.935519][ T376] usb usb4-port1: unable to enumerate USB device [ 64.942884][ T1453] loop2: detected capacity change from 0 to 7 [ 64.950979][ C0] blk_print_req_error: 3 callbacks suppressed [ 64.950997][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 64.966307][ C0] buffer_io_error: 3 callbacks suppressed [ 64.966326][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 64.980108][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 64.989357][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 64.997224][ T1453] loop2: unable to read partition table [ 65.003093][ T1453] loop_reread_partitions: partition scan of loop2 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 65.007449][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.025880][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 65.034156][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.043399][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 65.055866][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.065149][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 65.076716][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.085964][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 65.094123][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.103361][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 65.315404][ T373] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 65.465364][ T373] usb 1-1: Using ep0 maxpacket: 32 [ 65.471660][ T373] usb 1-1: config 0 has an invalid interface number: 151 but max is 0 [ 65.479892][ T373] usb 1-1: config 0 has no interface number 0 [ 65.486040][ T373] usb 1-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2 [ 65.497735][ T373] usb 1-1: config 0 interface 151 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 65.507678][ T373] usb 1-1: config 0 interface 151 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 65.519017][ T373] usb 1-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 65.528213][ T373] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.536313][ T373] usb 1-1: Product: syz [ 65.540558][ T373] usb 1-1: Manufacturer: syz [ 65.545225][ T373] usb 1-1: SerialNumber: syz [ 65.550552][ T373] usb 1-1: config 0 descriptor?? [ 65.753459][ T1286] Bluetooth: hci1: Frame reassembly failed (-84) [ 65.795760][ T1462] support for cryptoloop has been removed. Use dm-crypt instead. [ 65.807064][ T1462] pim6reg1: entered promiscuous mode [ 65.812427][ T1462] pim6reg1: entered allmulticast mode [ 65.858662][ T373] usb 1-1: invalid MIDI in EP 0 [ 65.868971][ T373] snd-usb-audio 1-1:0.151: probe with driver snd-usb-audio failed with error -22 [ 65.875462][ T371] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 65.883004][ T373] usb 1-1: USB disconnect, device number 17 [ 65.884672][ T53] Bluetooth: hci0: command 0x1003 tx timeout [ 65.900610][ T1463] udevd[1463]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 65.925334][ T377] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 65.992601][ T1472] netlink: 'syz.2.315': attribute type 27 has an invalid length. [ 66.086573][ T377] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 66.096998][ T377] usb 4-1: config 0 has no interfaces? [ 66.102764][ T377] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 66.112215][ T377] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.121757][ T377] usb 4-1: config 0 descriptor?? [ 66.329134][ T1465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 66.337777][ T1465] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 66.547323][ T1465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 66.556105][ T1465] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 66.567140][ T1465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 66.576236][ T1465] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 66.586008][ T1475] rust_binder: 1474 RLIMIT_NICE not set [ 66.586488][ T1474] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 66.592499][ T1474] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 [ 66.606964][ T1474] rust_binder: Read failure Err(EAGAIN) in pid:175 [ 66.607533][ T1476] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 66.618988][ T377] rust_binder: 1473: removing orphan mapping 0:4248 [ 66.701450][ T1485] rust_binder: Write failure EFAULT in pid:186 [ 67.243434][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 67.634565][ T46] Bluetooth: hci2: Frame reassembly failed (-84) [ 67.795313][ T1497] Bluetooth: hci1: command 0x1003 tx timeout [ 67.795313][ T351] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 68.075367][ T373] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 68.225325][ T373] usb 2-1: Using ep0 maxpacket: 32 [ 68.231903][ T373] usb 2-1: config 0 has an invalid interface number: 151 but max is 0 [ 68.240312][ T373] usb 2-1: config 0 has no interface number 0 [ 68.246462][ T373] usb 2-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2 [ 68.258087][ T373] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 68.267943][ T373] usb 2-1: config 0 interface 151 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 68.279571][ T373] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 68.288706][ T373] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.296890][ T373] usb 2-1: Product: syz [ 68.301095][ T373] usb 2-1: Manufacturer: syz [ 68.305770][ T373] usb 2-1: SerialNumber: syz [ 68.311037][ T373] usb 2-1: config 0 descriptor?? [ 68.535467][ T1502] support for cryptoloop has been removed. Use dm-crypt instead. [ 68.547100][ T1502] pim6reg1: entered promiscuous mode [ 68.552611][ T1502] pim6reg1: entered allmulticast mode [ 68.616905][ T373] usb 2-1: invalid MIDI in EP 0 [ 68.628819][ T373] snd-usb-audio 2-1:0.151: probe with driver snd-usb-audio failed with error -22 [ 68.644976][ T31] usb 4-1: USB disconnect, device number 15 [ 68.652104][ T373] usb 2-1: USB disconnect, device number 13 [ 68.674533][ T339] udevd[339]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 69.005366][ T31] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 69.156659][ T31] usb 4-1: config index 0 descriptor too short (expected 2075, got 27) [ 69.165085][ T31] usb 4-1: config 0 has an invalid interface number: 200 but max is 0 [ 69.173354][ T31] usb 4-1: config 0 has no interface number 0 [ 69.179566][ T31] usb 4-1: config 0 interface 200 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0 [ 69.189512][ T31] usb 4-1: config 0 interface 200 has no altsetting 0 [ 69.197846][ T31] usb 4-1: New USB device found, idVendor=0b57, idProduct=852a, bcdDevice=6d.39 [ 69.207148][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.215217][ T31] usb 4-1: Product: syz [ 69.219467][ T31] usb 4-1: Manufacturer: syz [ 69.224095][ T31] usb 4-1: SerialNumber: syz [ 69.229493][ T31] usb 4-1: config 0 descriptor?? [ 69.315317][ T351] Bluetooth: hci0: command 0x1003 tx timeout [ 69.322638][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 69.436572][ T1506] rust_binder: Failed to vm_insert_page(35184372101120): vma_addr:35184372097024 i:1 err:EFAULT [ 69.436613][ T1506] rust_binder: Error in use_page_slow: EFAULT [ 69.447628][ T1506] rust_binder: use_range failure EFAULT [ 69.453789][ T1506] rust_binder: Failed to allocate buffer. len:4144, is_oneway:false [ 69.459981][ T1506] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 69.468160][ T1506] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:208 [ 69.480851][ T31] input: Hanwang Art Master III 1308 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.200/input/input9 [ 69.503068][ T31] usb 4-1: USB disconnect, device number 16 [ 69.635454][ T53] Bluetooth: hci2: command 0x1003 tx timeout [ 69.635471][ T371] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 69.714486][ T36] kauditd_printk_skb: 47 callbacks suppressed [ 69.714506][ T36] audit: type=1326 audit(1757390829.840:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1517 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 69.746615][ T36] audit: type=1326 audit(1757390829.840:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1517 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 69.770052][ T36] audit: type=1326 audit(1757390829.840:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1517 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 69.793372][ T36] audit: type=1326 audit(1757390829.840:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1517 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 69.818201][ T36] audit: type=1326 audit(1757390829.840:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1517 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 69.841707][ T36] audit: type=1326 audit(1757390829.840:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1517 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 69.866745][ T36] audit: type=1326 audit(1757390829.850:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1517 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 69.890471][ T36] audit: type=1326 audit(1757390829.850:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1517 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 69.919118][ T36] audit: type=1326 audit(1757390829.850:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1517 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 69.944448][ T36] audit: type=1326 audit(1757390829.850:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1517 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb20df8ebe9 code=0x7ffc0000 [ 69.989624][ T1522] netlink: 'syz.0.333': attribute type 27 has an invalid length. [ 70.485355][ T377] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 70.550639][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 70.635345][ T377] usb 2-1: Using ep0 maxpacket: 32 [ 70.641697][ T377] usb 2-1: config 0 has an invalid interface number: 151 but max is 0 [ 70.650108][ T377] usb 2-1: config 0 has no interface number 0 [ 70.656266][ T377] usb 2-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2 [ 70.667873][ T377] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 70.678269][ T377] usb 2-1: config 0 interface 151 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 70.689568][ T377] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 70.698818][ T377] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.707039][ T377] usb 2-1: Product: syz [ 70.711461][ T377] usb 2-1: Manufacturer: syz [ 70.717659][ T377] usb 2-1: SerialNumber: syz [ 70.723003][ T377] usb 2-1: config 0 descriptor?? [ 70.776216][ T46] Bluetooth: hci2: Frame reassembly failed (-84) [ 70.955451][ T1535] support for cryptoloop has been removed. Use dm-crypt instead. [ 70.967667][ T1535] pim6reg1: entered promiscuous mode [ 70.973122][ T1535] pim6reg1: entered allmulticast mode [ 71.025466][ T377] usb 2-1: invalid MIDI in EP 0 [ 71.033062][ T377] snd-usb-audio 2-1:0.151: probe with driver snd-usb-audio failed with error -22 [ 71.043664][ T377] usb 2-1: USB disconnect, device number 14 [ 71.053218][ T1463] udevd[1463]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 71.633022][ T1548] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 71.795373][ T371] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 71.801550][ T1497] Bluetooth: hci0: command 0x1003 tx timeout [ 71.852942][ T1564] devpts: called with bogus options [ 71.932528][ T1572] netlink: 'syz.2.352': attribute type 27 has an invalid length. [ 72.095471][ T377] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 72.255353][ T377] usb 2-1: Using ep0 maxpacket: 32 [ 72.261815][ T377] usb 2-1: config 0 has an invalid interface number: 151 but max is 0 [ 72.270272][ T377] usb 2-1: config 0 has no interface number 0 [ 72.276763][ T377] usb 2-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2 [ 72.288410][ T377] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 72.298397][ T377] usb 2-1: config 0 interface 151 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 72.309934][ T377] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 72.319224][ T377] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.327281][ T377] usb 2-1: Product: syz [ 72.331656][ T377] usb 2-1: Manufacturer: syz [ 72.336356][ T377] usb 2-1: SerialNumber: syz [ 72.341641][ T377] usb 2-1: config 0 descriptor?? [ 72.585657][ T1566] support for cryptoloop has been removed. Use dm-crypt instead. [ 72.595877][ T53] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 72.605961][ T1566] pim6reg1: entered promiscuous mode [ 72.613808][ T1566] pim6reg1: entered allmulticast mode [ 72.656929][ T377] usb 2-1: invalid MIDI in EP 0 [ 72.669897][ T377] snd-usb-audio 2-1:0.151: probe with driver snd-usb-audio failed with error -22 [ 72.682207][ T377] usb 2-1: USB disconnect, device number 15 [ 72.694218][ T1463] udevd[1463]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 72.750389][ T1580] raw_sendmsg: syz.3.355 forgot to set AF_INET. Fix it! [ 72.758124][ T1583] af_packet: tpacket_rcv: packet too big, clamped from 3 to 4294967272. macoff=96 [ 72.802633][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 72.835433][ T351] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 73.405586][ T1610] netlink: 'syz.1.362': attribute type 27 has an invalid length. [ 73.490573][ T1617] 9pnet_fd: Insufficient options for proto=fd [ 73.705403][ T377] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 73.745389][ T10] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 73.855343][ T377] usb 1-1: Using ep0 maxpacket: 32 [ 73.861957][ T377] usb 1-1: config 0 has an invalid interface number: 151 but max is 0 [ 73.870330][ T377] usb 1-1: config 0 has no interface number 0 [ 73.876648][ T377] usb 1-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2 [ 73.888589][ T377] usb 1-1: config 0 interface 151 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 73.898595][ T377] usb 1-1: config 0 interface 151 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 73.910891][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 73.921198][ T10] usb 4-1: config 0 has no interfaces? [ 73.927049][ T377] usb 1-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 73.936191][ T10] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 73.945621][ T377] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.953645][ T377] usb 1-1: Product: syz [ 73.957981][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.966269][ T377] usb 1-1: Manufacturer: syz [ 73.970963][ T377] usb 1-1: SerialNumber: syz [ 73.976323][ T10] usb 4-1: config 0 descriptor?? [ 73.982966][ T377] usb 1-1: config 0 descriptor?? [ 74.182353][ T1619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.196962][ T1619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.211193][ T10] usb 4-1: USB disconnect, device number 17 [ 74.220216][ T1615] support for cryptoloop has been removed. Use dm-crypt instead. [ 74.242791][ T1615] pim6reg1: entered promiscuous mode [ 74.248195][ T1615] pim6reg1: entered allmulticast mode [ 74.338976][ T377] usb 1-1: invalid MIDI in EP 0 [ 74.350280][ T377] snd-usb-audio 1-1:0.151: probe with driver snd-usb-audio failed with error -22 [ 74.366011][ T377] usb 1-1: USB disconnect, device number 18 [ 74.381463][ T1463] udevd[1463]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 74.404860][ T1631] netlink: 'syz.3.375': attribute type 4 has an invalid length. [ 74.426653][ T1631] syzkaller0: entered promiscuous mode [ 74.432172][ T1631] syzkaller0: entered allmulticast mode [ 74.835346][ T371] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 74.835355][ T351] Bluetooth: hci0: command 0x1003 tx timeout [ 74.913241][ T1645] netlink: 'syz.2.381': attribute type 27 has an invalid length. [ 74.945359][ T31] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 75.106364][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.117876][ T31] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 75.129773][ T1286] syzkaller0: tun_net_xmit 76 [ 75.131224][ T31] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 75.137555][ T1658] syzkaller0: create flow: hash 3651188117 index 1 [ 75.144815][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.151322][ T1286] syzkaller0: tun_net_xmit 48 [ 75.164138][ T377] syzkaller0: tun_net_xmit 76 [ 75.169317][ T31] usb 4-1: config 0 descriptor?? [ 75.176407][ T1658] syzkaller0: delete flow: hash 3651188117 index 1 [ 75.371598][ T36] kauditd_printk_skb: 37 callbacks suppressed [ 75.371617][ T36] audit: type=1326 audit(1757390835.500:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1666 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 75.402565][ T36] audit: type=1326 audit(1757390835.500:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1666 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 75.408231][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 75.427358][ T36] audit: type=1326 audit(1757390835.530:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1666 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 75.456577][ T36] audit: type=1326 audit(1757390835.530:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1666 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 75.480460][ T36] audit: type=1326 audit(1757390835.530:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1666 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 75.504053][ T36] audit: type=1326 audit(1757390835.530:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1666 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 75.527662][ T36] audit: type=1326 audit(1757390835.530:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1666 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 75.551563][ T36] audit: type=1326 audit(1757390835.530:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1666 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 75.574967][ T36] audit: type=1326 audit(1757390835.530:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1666 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 75.598464][ T36] audit: type=1326 audit(1757390835.530:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1666 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa1b58ebe9 code=0x7ffc0000 [ 75.657662][ T31] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 75.676876][ T31] plantronics 0003:047F:FFFF.0003: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 75.700408][ T31] usb 4-1: USB disconnect, device number 18 [ 75.922575][ T1692] loop0: detected capacity change from 0 to 7 [ 75.929334][ C0] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.938599][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 75.946711][ C0] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.955971][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 75.963916][ T1692] loop0: unable to read partition table [ 75.969754][ T1692] loop_reread_partitions: partition scan of loop0 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 75.971332][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.983581][ T377] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 75.992463][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 75.992878][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 76.017367][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 76.025918][ C0] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 76.035292][ C0] Buffer I/O error on dev loop0, logical block 0, async page read [ 76.043395][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 76.052726][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 76.060868][ T1693] loop0: unable to read partition table [ 76.075564][ T1692] Invalid logical block size (7) [ 76.081421][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 76.090708][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 76.099055][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 76.108341][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 76.116685][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 76.125876][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 76.155318][ T377] usb 3-1: Using ep0 maxpacket: 32 [ 76.161753][ T377] usb 3-1: config 0 has an invalid interface number: 151 but max is 0 [ 76.170167][ T377] usb 3-1: config 0 has no interface number 0 [ 76.176440][ T377] usb 3-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2 [ 76.188087][ T377] usb 3-1: config 0 interface 151 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 76.198081][ T377] usb 3-1: config 0 interface 151 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 76.209619][ T377] usb 3-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 76.218867][ T377] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.227063][ T377] usb 3-1: Product: syz [ 76.231252][ T377] usb 3-1: Manufacturer: syz [ 76.235898][ T377] usb 3-1: SerialNumber: syz [ 76.241197][ T377] usb 3-1: config 0 descriptor?? [ 76.275365][ T351] Bluetooth: hci1: command 0x1003 tx timeout [ 76.275373][ T53] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 76.465693][ T1676] support for cryptoloop has been removed. Use dm-crypt instead. [ 76.477473][ T1676] pim6reg1: entered promiscuous mode [ 76.483261][ T1676] pim6reg1: entered allmulticast mode [ 76.547521][ T377] usb 3-1: invalid MIDI in EP 0 [ 76.557791][ T377] snd-usb-audio 3-1:0.151: probe with driver snd-usb-audio failed with error -22 [ 76.568522][ T377] usb 3-1: USB disconnect, device number 13 [ 76.578714][ T1463] udevd[1463]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 76.717622][ T1695] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 76.717651][ T1695] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:283 [ 76.861487][ T1703] netlink: 'syz.1.402': attribute type 27 has an invalid length. [ 77.114234][ T1717] netlink: 'syz.3.409': attribute type 4 has an invalid length. [ 77.122141][ T1717] netlink: 17 bytes leftover after parsing attributes in process `syz.3.409'. [ 77.365365][ T377] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 77.475369][ T351] Bluetooth: hci0: command 0x1003 tx timeout [ 77.475382][ T371] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 77.515464][ T377] usb 4-1: Using ep0 maxpacket: 32 [ 77.522120][ T377] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.534544][ T377] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 77.546435][ T377] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 77.556152][ T377] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.566168][ T377] usb 4-1: config 0 descriptor?? [ 77.660043][ T1726] SELinux: security_context_str_to_sid () failed with errno=-22 [ 77.670690][ T1728] SELinux: security_context_str_to_sid () failed with errno=-22 [ 77.792011][ T1286] Bluetooth: hci0: Frame reassembly failed (-84) [ 77.986502][ T377] usbhid 4-1:0.0: can't add hid device: -71 [ 77.992526][ T377] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 78.004064][ T377] usb 4-1: USB disconnect, device number 19 [ 78.225335][ T373] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 78.375304][ T373] usb 2-1: Using ep0 maxpacket: 32 [ 78.381547][ T373] usb 2-1: config 0 has an invalid interface number: 151 but max is 0 [ 78.389883][ T373] usb 2-1: config 0 has no interface number 0 [ 78.396043][ T373] usb 2-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2 [ 78.407653][ T373] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 78.417515][ T373] usb 2-1: config 0 interface 151 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 78.428901][ T373] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 78.438296][ T373] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.447383][ T373] usb 2-1: Product: syz [ 78.451585][ T373] usb 2-1: Manufacturer: syz [ 78.456248][ T373] usb 2-1: SerialNumber: syz [ 78.461679][ T373] usb 2-1: config 0 descriptor?? [ 78.685653][ T1750] support for cryptoloop has been removed. Use dm-crypt instead. [ 78.706079][ T1756] ------------[ cut here ]------------ [ 78.711609][ T1756] WARNING: CPU: 1 PID: 1756 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 78.721537][ T1756] Modules linked in: [ 78.725603][ T1756] CPU: 1 UID: 0 PID: 1756 Comm: syz.3.422 Not tainted syzkaller #0 1976820a860199aae9d2abf4727fc3b97aa7bbea [ 78.737216][ T1756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 78.747368][ T1756] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 78.753315][ T1756] Code: 00 48 8b 5d a0 74 08 48 89 df e8 c2 4e 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d e9 18 e0 20 04 cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 78.773021][ T1756] RSP: 0018:ffffc9001083fc88 EFLAGS: 00010202 [ 78.779214][ T1756] RAX: 1ffffd1ffff85d22 RBX: ffffc900108e48e8 RCX: ffffffff816dc9a9 [ 78.787290][ T1756] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc2e910 [ 78.795524][ T1756] RBP: ffffc9001083fcf0 R08: ffffe8ffffc2e917 R09: 1ffffd1ffff85d22 [ 78.803531][ T1756] R10: dffffc0000000000 R11: fffff91ffff85d23 R12: dffffc0000000000 [ 78.811562][ T1756] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc2e910 [ 78.819601][ T1756] FS: 0000555560e80500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 78.828658][ T1756] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.835322][ T1756] CR2: 0000200000002000 CR3: 00000001307be000 CR4: 00000000003526b0 [ 78.843335][ T1756] Call Trace: [ 78.846671][ T1756] [ 78.849699][ T1756] kvm_put_kvm+0x1100/0x12b0 [ 78.854335][ T1756] ? __cfi_kvm_vm_release+0x10/0x10 [ 78.859600][ T1756] kvm_vm_release+0x47/0x70 [ 78.864266][ T1756] __fput+0x1fe/0xa00 [ 78.868372][ T1756] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 78.873980][ T1756] ____fput+0x20/0x30 [ 78.878045][ T1756] task_work_run+0x1e3/0x250 [ 78.882689][ T1756] ? __cfi_task_work_run+0x10/0x10 [ 78.887902][ T1756] ? __kasan_check_read+0x15/0x20 [ 78.892987][ T1756] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 78.899237][ T1756] resume_user_mode_work+0x36/0x50 [ 78.904426][ T1756] syscall_exit_to_user_mode+0x64/0xb0 [ 78.909959][ T1756] do_syscall_64+0x64/0xf0 [ 78.914431][ T1756] ? clear_bhb_loop+0x50/0xa0 [ 78.919273][ T1756] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 78.925219][ T1756] RIP: 0033:0x7efef518ebe9 [ 78.929728][ T1756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.949555][ T1756] RSP: 002b:00007ffe0c082788 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 78.958133][ T1756] RAX: 0000000000000000 RBX: 000000000001334e RCX: 00007efef518ebe9 [ 78.966339][ T1756] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 78.974443][ T1756] RBP: 00007efef53c7da0 R08: 0000000000000001 R09: 000000080c082a7f [ 78.982613][ T1756] R10: 0000001b2e020000 R11: 0000000000000246 R12: 00007efef53c5fac [ 78.990738][ T1756] R13: 00007efef53c5fa0 R14: ffffffffffffffff R15: 00007ffe0c0828a0 [ 78.998782][ T1756] [ 79.001890][ T1756] ---[ end trace 0000000000000000 ]--- [ 79.027320][ T373] usb 2-1: invalid MIDI in EP 0 [ 79.039976][ T373] snd-usb-audio 2-1:0.151: probe with driver snd-usb-audio failed with error -22 [ 79.050331][ T373] usb 2-1: USB disconnect, device number 16 [ 79.058212][ T1463] udevd[1463]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 79.235336][ T351] Bluetooth: hci1: command 0x1003 tx timeout [ 79.235333][ T53] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 79.795318][ T53] Bluetooth: hci0: command 0x1003 tx timeout [ 79.795318][ T371] Bluetooth: hci0: Opcode 0x1003 failed: -110