last executing test programs: 1.686275147s ago: executing program 2 (id=166): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000240)=0x6a, 0x4) bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) sendmmsg(r0, &(0x7f0000004fc0)=[{{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f0000000400)="f2", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000004e80)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1}}], 0x2, 0x4000) sendto$inet(r0, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa4677d2eae3bc831e748000000", 0xfffffffffffffe88, 0x5e, 0x0, 0x0) 1.636107629s ago: executing program 2 (id=170): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x3}, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x801, 0xf84, 0x3}, 0x1c) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x3, 0x2, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x80) 1.623174529s ago: executing program 2 (id=171): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xa27}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) shutdown(0xffffffffffffffff, 0x0) 1.531437312s ago: executing program 0 (id=173): r0 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0) ftruncate(r2, 0x8008976) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r2, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0) ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"}) 1.531172612s ago: executing program 4 (id=174): socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000100)=0x5) ioctl$KVM_RUN(r2, 0xae80, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) 1.521191283s ago: executing program 3 (id=175): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001ac0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000080)="f8", 0x1}], 0x1}}], 0x1, 0x8000) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x3, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1.498117744s ago: executing program 1 (id=176): timer_create(0x0, 0x0, &(0x7f0000000300)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) clock_settime(0x5, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x2, 0x300) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0x0, 0x404c8c6, &(0x7f0000000180)={0x2, 0x4e20, @remote}, 0x10) sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 1.404489747s ago: executing program 1 (id=177): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)={0xf4, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x10}, [@CTA_EXPECT_NAT={0xe0, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x9c, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0xfffd}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x3e}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x42}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x10}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @rand_addr=0x64010101}}}]}, @CTA_EXPECT_NAT_TUPLE={0x4}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000c40)="120000001200e7ef007b0000000000faffa0", 0x12, 0x8800, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) 1.404352247s ago: executing program 1 (id=178): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) 1.348243998s ago: executing program 1 (id=179): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000002b40)={0x0, 0x0, {}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) 1.300852799s ago: executing program 1 (id=180): socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x1000) r3 = socket(0x1e, 0x4, 0x0) r4 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)}], 0x1}}], 0x1, 0x9200000000000000) r5 = dup3(r4, r3, 0x0) recvmmsg(r5, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000480)=""/4088, 0xff8}], 0x1}, 0x1}], 0x1, 0x40000001, 0x0) 1.241941422s ago: executing program 4 (id=181): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x402, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd0903"], 0xfdef) 1.136555944s ago: executing program 0 (id=182): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGSKNS(r0, 0x894c, 0x0) 1.126264915s ago: executing program 4 (id=183): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35}, 0x28) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180005000000ffff000077b9080000009500000000d3a07e"], &(0x7f0000000080)='GPL\x00', 0x7, 0x4fa, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x1, 0x0, 0x0, 0xff3e, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000240)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.082749207s ago: executing program 0 (id=184): r0 = fsopen(&(0x7f00000000c0)='binfmt_misc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 915.569062ms ago: executing program 4 (id=185): bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000380)={@cgroup, 0xffffffffffffffff, 0x3, 0x20}, 0x20) 808.944485ms ago: executing program 0 (id=186): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x2, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x2, 0x0, 0x4, 0xe5ce}, 0x1}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8100}, @TCA_MPLS_TTL={0x5, 0x7, 0x7}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x10000800) 731.651437ms ago: executing program 2 (id=187): r0 = getpgid(0x0) wait4(r0, 0x0, 0x8, 0x0) 616.490041ms ago: executing program 4 (id=188): r0 = io_uring_setup(0x3c91, &(0x7f0000000300)={0x0, 0x80d6e9, 0x100, 0x2, 0x62}) syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 608.644192ms ago: executing program 2 (id=189): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)=ANY=[@ANYBLOB="84010000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b8008000a0090ee0000080009000000000008000a00afc3000008"], 0x184}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) 604.733722ms ago: executing program 0 (id=190): sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x50, 0x2, 0x1, 0x3, 0x0, 0x0, {0x5, 0x0, 0x5}, [@CTA_SEQ_ADJ_ORIG={0x14, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x5}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x81}]}, @CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast2}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x10040000}, 0x10) mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='\x04\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}h\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x000x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 496.419465ms ago: executing program 4 (id=191): socket$nl_route(0x10, 0x3, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu\x00', 0x275a, 0x0) fcntl$lock(r1, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r1, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x73f0, 0x9}) fcntl$lock(r1, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x5}) fcntl$lock(r1, 0x26, &(0x7f00000000c0)={0x1, 0x2, 0x2, 0x73e9}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 469.648196ms ago: executing program 2 (id=192): r0 = syz_usb_connect(0x5, 0x58, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x8e, 0x3a, 0xc6, 0x20, 0x694, 0x1, 0x7813, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x46, 0x2, 0xe, 0x6, 0x10, 0x3, "", [{{0x9, 0x4, 0x39, 0xd8, 0x1, 0x1a, 0xda, 0xa8, 0x8, [], [{{0x9, 0x5, 0x8, 0x10, 0x20, 0x7, 0x9, 0x80}}]}}, {{0x9, 0x4, 0xe4, 0x5, 0x3, 0xb9, 0x56, 0xda, 0x2, [], [{{0x9, 0x5, 0x8, 0x0, 0x400, 0x1, 0x12, 0xfc}}, {{0x9, 0x5, 0xb, 0x0, 0x20, 0x7, 0x3, 0x9a, [@generic={0x7, 0x5, "d15b89f26d"}]}}, {{0x9, 0x5, 0x9, 0x3, 0x40, 0x7a, 0xa, 0x84}}]}}]}}]}}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, &(0x7f0000000bc0)={0x24, 0x0, &(0x7f0000000b00)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1c01}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000011c0)={0x24, 0x0, &(0x7f0000001040)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001600)={0x24, 0x0, &(0x7f0000001540)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44a}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x2c, &(0x7f00000001c0)={0x40, 0x0, 0x8, "fde61e0ee4a63b9e"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000002280)={0x84, &(0x7f0000001e00)={0x20, 0x10, 0x4, "3c8b35e5"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 380.525189ms ago: executing program 0 (id=193): r0 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0xcc84}, 0x200088c2) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) 304.493021ms ago: executing program 1 (id=194): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120110010000004058040350"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_connect$uac1(0x3, 0x7d, &(0x7f0000000640)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x499, 0x1025, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6b, 0x3, 0x1, 0x1, 0x10, 0x2, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4, 0x15}, [@feature_unit={0xb, 0x24, 0x6, 0x6, 0x1, 0x2, [0x1, 0x9], 0x3}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x7, 0x6, 0x7, {0x7, 0x25, 0x1, 0x4, 0xf7, 0x40}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x3, 0x1, 0x77, {0x7, 0x25, 0x1, 0xc, 0x8, 0x5}}}}}}}}]}}, 0x0) syz_usb_ep_write(r0, 0x81, 0xffffffffffffff6d, &(0x7f0000000100)="019a18370cfb661ba08c228ce6ca19b6a99a071ca34c72c891f8a260fa00000080977dae8d64a30e92cd51117c4a71e26518e804c00058e6c7c0c363027251668bb650d90000000000") 177.729965ms ago: executing program 3 (id=195): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180005000000ffff000077b9080000009500000000"], &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 138.981256ms ago: executing program 3 (id=196): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x34, 0x8, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040035}, 0x200480c4) 20.50846ms ago: executing program 3 (id=197): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = inotify_init1(0x80000) inotify_add_watch(r0, &(0x7f0000000240)='.\x00', 0x60000726) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) pwritev2(r1, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x5405, 0x0, 0x2) 18.78594ms ago: executing program 3 (id=198): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r0, &(0x7f0000000000)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0202}}}, 0x14) 0s ago: executing program 3 (id=199): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f00000000c0)="0b690563") kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.121' (ED25519) to the list of known hosts. [ 30.176157][ T28] audit: type=1400 audit(1781893970.904:64): avc: denied { mounton } for pid=279 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 30.180012][ T279] cgroup: Unknown subsys name 'net' [ 30.198975][ T28] audit: type=1400 audit(1781893970.914:65): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 30.226191][ T28] audit: type=1400 audit(1781893970.934:66): avc: denied { unmount } for pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 30.228161][ T279] cgroup: Unknown subsys name 'devices' [ 30.368878][ T279] cgroup: Unknown subsys name 'hugetlb' [ 30.374527][ T279] cgroup: Unknown subsys name 'rlimit' [ 30.513398][ T28] audit: type=1400 audit(1781893971.244:67): avc: denied { setattr } for pid=279 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 30.536656][ T28] audit: type=1400 audit(1781893971.244:68): avc: denied { mounton } for pid=279 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 30.561608][ T28] audit: type=1400 audit(1781893971.244:69): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 30.587029][ T281] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 30.595911][ T28] audit: type=1400 audit(1781893971.324:70): avc: denied { relabelto } for pid=281 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 30.621420][ T28] audit: type=1400 audit(1781893971.324:71): avc: denied { write } for pid=281 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 30.650686][ T28] audit: type=1400 audit(1781893971.384:72): avc: denied { read } for pid=279 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 30.651881][ T279] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 30.677858][ T28] audit: type=1400 audit(1781893971.384:73): avc: denied { open } for pid=279 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 32.325136][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.332338][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.340027][ T287] device bridge_slave_0 entered promiscuous mode [ 32.347972][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.355083][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.362757][ T287] device bridge_slave_1 entered promiscuous mode [ 32.440460][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.447611][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.455083][ T288] device bridge_slave_0 entered promiscuous mode [ 32.486700][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.494056][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.501649][ T288] device bridge_slave_1 entered promiscuous mode [ 32.580354][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.587572][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.595209][ T291] device bridge_slave_0 entered promiscuous mode [ 32.605473][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.612614][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.620213][ T291] device bridge_slave_1 entered promiscuous mode [ 32.657472][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.664571][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.672239][ T289] device bridge_slave_0 entered promiscuous mode [ 32.681713][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.689039][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.696672][ T289] device bridge_slave_1 entered promiscuous mode [ 32.714138][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.721299][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.728826][ T290] device bridge_slave_0 entered promiscuous mode [ 32.736099][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.743226][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.750817][ T290] device bridge_slave_1 entered promiscuous mode [ 32.865949][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.873063][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.880442][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.887502][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.981530][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.988654][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.995965][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.003031][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.014102][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.021212][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.028530][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.035582][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.048942][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.056031][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.063387][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.070474][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.089949][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.097572][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.104830][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.112180][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.120078][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.127591][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.134792][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.142119][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.149910][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.157531][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.183589][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.191946][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.199045][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.206712][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.214946][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.222029][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.268412][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.278067][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.286182][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.294159][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.306745][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 33.315242][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.323974][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.331046][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.339006][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 33.347389][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.355557][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.363462][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.380768][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.388497][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.395979][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 33.404803][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.413276][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.420399][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.427975][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 33.436813][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.445086][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.452178][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.459770][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 33.468376][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.476861][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 33.485320][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.493034][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.517525][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.525167][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.532753][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 33.541189][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.549733][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 33.558437][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.566775][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.573841][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.581343][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 33.589468][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.597658][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 33.605677][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.613868][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 33.622018][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.630444][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.638050][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.650398][ T287] device veth0_vlan entered promiscuous mode [ 33.662942][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 33.671531][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.680204][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.687329][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.695708][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 33.704205][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.712884][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.720000][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.728159][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 33.736346][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.744438][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 33.753150][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.761472][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.768525][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.779680][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 33.788023][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.804282][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 33.813099][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.828031][ T287] device veth1_macvtap entered promiscuous mode [ 33.842535][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 33.850367][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 33.858805][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.868969][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.888559][ T291] device veth0_vlan entered promiscuous mode [ 33.895699][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.904048][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.911870][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.919564][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.928607][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 33.937292][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.948510][ T290] device veth0_vlan entered promiscuous mode [ 33.979508][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.991902][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 34.007230][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.017513][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.027280][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.035962][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.045798][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.056225][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.088552][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.100272][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.165740][ T288] device veth0_vlan entered promiscuous mode [ 34.179096][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.189893][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.199114][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.209281][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 34.290927][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 34.304637][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.352496][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 34.369054][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.398560][ T290] device veth1_macvtap entered promiscuous mode [ 34.411860][ T287] request_module fs-gadgetfs succeeded, but still no fs? [ 34.437538][ T291] device veth1_macvtap entered promiscuous mode [ 34.463656][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 34.477711][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 34.485734][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 34.494545][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.505242][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 34.513731][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.527728][ T288] device veth1_macvtap entered promiscuous mode [ 34.547198][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 34.555303][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.564264][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.575610][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.585280][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.594304][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.603150][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.620537][ T289] device veth0_vlan entered promiscuous mode [ 34.640632][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.642581][ T315] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.6' sets config #0 [ 34.664682][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.673900][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 34.682055][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.716979][ T289] device veth1_macvtap entered promiscuous mode [ 34.728452][ T318] process 'syz.0.7' launched './file0' with NULL argv: empty string added [ 34.737500][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.755719][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.776206][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.787534][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.792947][ T325] loop3: detected capacity change from 0 to 128 [ 34.809191][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.817901][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.824167][ T325] ======================================================= [ 34.824167][ T325] WARNING: The mand mount option has been deprecated and [ 34.824167][ T325] and is ignored by this kernel. Remove the mand [ 34.824167][ T325] option from the mount to silence this warning. [ 34.824167][ T325] ======================================================= [ 34.840286][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 34.875462][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.884943][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 34.903323][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.912726][ T325] EXT4-fs (loop3): Test dummy encryption mode enabled [ 34.932934][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.953402][ T325] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 34.965554][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.973711][ T325] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 34.975254][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.139375][ T313] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 35.178323][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 35.178338][ T28] audit: type=1400 audit(1781893975.914:112): avc: denied { create } for pid=317 comm="syz.0.7" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 35.352075][ T340] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8'. [ 35.613111][ T341] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 35.993275][ T28] audit: type=1400 audit(1781893975.994:114): avc: denied { write } for pid=324 comm="syz.3.8" name="001" dev="devtmpfs" ino=179 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 36.038641][ T28] audit: type=1400 audit(1781893975.974:113): avc: denied { ioctl } for pid=337 comm="syz.4.5" path="socket:[16068]" dev="sockfs" ino=16068 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 36.066349][ T313] usb 3-1: Using ep0 maxpacket: 16 [ 36.072716][ T313] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 36.100312][ T291] EXT4-fs (loop3): unmounting filesystem. [ 36.113503][ T313] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 36.141153][ T28] audit: type=1400 audit(1781893976.124:115): avc: denied { create } for pid=324 comm="syz.3.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 36.166372][ T28] audit: type=1400 audit(1781893976.184:116): avc: denied { ioctl } for pid=317 comm="syz.0.7" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=16067 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 36.193599][ T313] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 36.216308][ T344] syz.0.7 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 36.220238][ T313] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.234600][ T313] usb 3-1: Product: syz [ 36.238881][ T313] usb 3-1: Manufacturer: syz [ 36.243509][ T313] usb 3-1: SerialNumber: syz [ 36.248165][ T28] audit: type=1400 audit(1781893976.264:117): avc: denied { read } for pid=337 comm="syz.4.5" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 36.248196][ T28] audit: type=1400 audit(1781893976.274:118): avc: denied { open } for pid=337 comm="syz.4.5" path="/dev/kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 36.248221][ T28] audit: type=1400 audit(1781893976.314:119): avc: denied { create } for pid=317 comm="syz.0.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 36.248244][ T28] audit: type=1400 audit(1781893976.334:120): avc: denied { ioctl } for pid=337 comm="syz.4.5" path="/dev/kvm" dev="devtmpfs" ino=83 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 36.248272][ T28] audit: type=1400 audit(1781893976.764:121): avc: denied { read } for pid=337 comm="syz.4.5" name="loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 36.296421][ T295] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 36.371698][ T346] device syzkaller0 entered promiscuous mode [ 36.547398][ T313] usb 3-1: 0:2 : does not exist [ 36.559342][ T313] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 36.579090][ T365] loop3: detected capacity change from 0 to 128 [ 36.600265][ T365] EXT4-fs (loop3): Test dummy encryption mode enabled [ 36.612874][ T313] usb 3-1: USB disconnect, device number 2 [ 36.616637][ T295] usb 2-1: Using ep0 maxpacket: 8 [ 36.631940][ T295] usb 2-1: unable to get BOS descriptor or descriptor too short [ 36.636575][ T329] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 36.652742][ T295] usb 2-1: config 3 has an invalid interface number: 45 but max is 0 [ 36.663204][ T295] usb 2-1: config 3 has no interface number 0 [ 36.684639][ T365] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 36.692419][ T295] usb 2-1: New USB device found, idVendor=152d, idProduct=0567, bcdDevice=19.ad [ 36.693999][ T365] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 36.703479][ T295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.778082][ T295] usb 2-1: Product: syz [ 36.782608][ T295] usb 2-1: Manufacturer: syz [ 36.787529][ T295] usb 2-1: SerialNumber: syz [ 36.826167][ T372] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 36.856454][ T329] usb 5-1: Using ep0 maxpacket: 8 [ 36.862965][ T329] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 36.873349][ T329] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 36.956197][ T374] netlink: 20 bytes leftover after parsing attributes in process `syz.3.17'. [ 37.008055][ T295] usb-storage 2-1:3.45: USB Mass Storage device detected [ 37.052095][ T295] usb-storage 2-1:3.45: Quirks match for vid 152d pid 0567: 5000000 [ 37.121280][ T378] usb usb9: usbfs: interface 0 claimed by hub while 'syz.0.19' sets config #131074 [ 37.195179][ T329] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.220646][ T363] udevd[363]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 37.245207][ T295] usb 2-1: USB disconnect, device number 2 [ 37.259124][ T329] usb 5-1: config 0 descriptor?? [ 38.045669][ T291] EXT4-fs (loop3): unmounting filesystem. [ 38.086759][ T392] syz.3.24 (392) used greatest stack depth: 21984 bytes left [ 38.106326][ T329] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 38.307823][ T329] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 38.318726][ T329] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 38.332002][ T329] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 38.351887][ T329] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 38.363393][ T329] usb 3-1: SerialNumber: syz [ 38.396415][ T6] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 38.483336][ T414] hub 8-0:1.0: USB hub found [ 38.488417][ T414] hub 8-0:1.0: 1 port detected [ 38.701111][ T329] usb 3-1: 0:2 : does not exist [ 38.710296][ T329] usb 3-1: USB disconnect, device number 3 [ 38.796367][ T6] usb 4-1: Using ep0 maxpacket: 16 [ 38.802834][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.813852][ T6] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 38.827036][ T6] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 38.836103][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.844925][ T6] usb 4-1: config 0 descriptor?? [ 38.849996][ T313] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 38.926804][ T363] udevd[363]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 39.036313][ T313] usb 2-1: Using ep0 maxpacket: 16 [ 39.042534][ T313] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 39.053558][ T313] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 39.064668][ T313] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 39.074642][ T313] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 39.084393][ T313] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 39.094138][ T313] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 39.108736][ T313] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 39.117906][ T313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 39.125991][ T313] usb 2-1: SerialNumber: syz [ 39.132870][ T411] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 39.268634][ T6] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 39.290586][ T6] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 39.303857][ T6] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 39.318439][ T6] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 39.332692][ T6] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 39.340922][ T6] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 39.349981][ T313] cdc_acm: probe of 2-1:1.0 failed with error -12 [ 39.359846][ T313] usb 2-1: USB disconnect, device number 3 [ 39.368219][ T6] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 39.375495][ T6] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 39.385380][ T6] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 39.394793][ T6] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 39.403774][ T6] HID 045e:07da: Invalid code 65791 type 1 [ 39.411040][ T6] HID 045e:07da: Invalid code 768 type 1 [ 39.417398][ T6] HID 045e:07da: Invalid code 769 type 1 [ 39.423119][ T6] HID 045e:07da: Invalid code 770 type 1 [ 39.429424][ T6] HID 045e:07da: Invalid code 771 type 1 [ 39.435113][ T6] HID 045e:07da: Invalid code 772 type 1 [ 39.441193][ T6] HID 045e:07da: Invalid code 773 type 1 [ 39.447157][ T6] HID 045e:07da: Invalid code 774 type 1 [ 39.453024][ T6] HID 045e:07da: Invalid code 775 type 1 [ 39.459473][ T6] HID 045e:07da: Invalid code 776 type 1 [ 39.480406][ T6] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0001/input/input4 [ 39.538031][ T201] usb 5-1: USB disconnect, device number 2 [ 39.557750][ T6] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 39.575955][ T6] usb 4-1: USB disconnect, device number 2 [ 39.606322][ T379] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 39.657287][ T428] fido_id[428]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 39.816414][ T379] usb 1-1: Using ep0 maxpacket: 32 [ 39.822909][ T379] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 39.835101][ T379] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 39.844618][ T379] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 39.853133][ T379] usb 1-1: Product: syz [ 39.857703][ T379] usb 1-1: Manufacturer: syz [ 39.862390][ T379] usb 1-1: SerialNumber: syz [ 39.868899][ T379] usb 1-1: config 0 descriptor?? [ 39.885713][ T425] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 39.894347][ T379] hub 1-1:0.0: bad descriptor, ignoring hub [ 39.900840][ T379] hub: probe of 1-1:0.0 failed with error -5 [ 40.111584][ T425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 40.135377][ T425] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 40.210801][ T28] kauditd_printk_skb: 26 callbacks suppressed [ 40.210817][ T28] audit: type=1400 audit(1781893980.944:148): avc: denied { create } for pid=449 comm="syz.2.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 40.237144][ T28] audit: type=1400 audit(1781893980.944:149): avc: denied { setopt } for pid=449 comm="syz.2.45" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 40.262862][ T28] audit: type=1400 audit(1781893980.994:150): avc: denied { read } for pid=451 comm="syz.2.46" dev="nsfs" ino=4026532563 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 40.293993][ T28] audit: type=1400 audit(1781893980.994:151): avc: denied { open } for pid=451 comm="syz.2.46" path="net:[4026532563]" dev="nsfs" ino=4026532563 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 40.323868][ T28] audit: type=1400 audit(1781893980.994:152): avc: denied { create } for pid=451 comm="syz.2.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 40.343995][ T28] audit: type=1400 audit(1781893980.994:153): avc: denied { bind } for pid=451 comm="syz.2.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 40.370304][ T28] audit: type=1400 audit(1781893981.074:154): avc: denied { read } for pid=455 comm="syz.3.48" name="usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 40.401182][ T28] audit: type=1400 audit(1781893981.074:155): avc: denied { open } for pid=455 comm="syz.3.48" path="/dev/usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 40.424967][ T28] audit: type=1400 audit(1781893981.094:156): avc: denied { ioctl } for pid=455 comm="syz.3.48" path="/dev/usbmon0" dev="devtmpfs" ino=159 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 40.570501][ T425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 40.579192][ T425] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 40.666355][ T379] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 40.666355][ T6] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 40.706452][ T41] usb 1-1: USB disconnect, device number 2 [ 40.847509][ T6] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 40.856429][ T379] usb 3-1: Using ep0 maxpacket: 32 [ 40.857845][ T6] usb 4-1: config 0 interface 0 has no altsetting 0 [ 40.864996][ T379] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 40.872533][ T6] usb 4-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 40.877941][ T379] usb 3-1: config 0 has no interface number 0 [ 40.887389][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.895247][ T379] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 40.901416][ T6] usb 4-1: Product: syz [ 40.910465][ T379] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.914688][ T6] usb 4-1: Manufacturer: syz [ 40.922462][ T379] usb 3-1: Product: syz [ 40.927285][ T6] usb 4-1: SerialNumber: syz [ 40.930977][ T379] usb 3-1: Manufacturer: syz [ 40.940494][ T379] usb 3-1: SerialNumber: syz [ 40.945920][ T6] usb 4-1: config 0 descriptor?? [ 40.947308][ T379] usb 3-1: config 0 descriptor?? [ 40.956966][ T379] smsc95xx v2.0.0 [ 41.086401][ T295] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 41.094064][ T41] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 41.276327][ T295] usb 2-1: Using ep0 maxpacket: 8 [ 41.276327][ T6] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 41.289046][ T41] usb 1-1: Using ep0 maxpacket: 32 [ 41.295329][ T41] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 41.305462][ T295] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 41.315646][ T295] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 3 [ 41.326005][ T41] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 41.335215][ T41] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 41.343544][ T41] usb 1-1: Product: syz [ 41.347867][ T295] usb 2-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40 [ 41.356993][ T41] usb 1-1: Manufacturer: syz [ 41.361714][ T379] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 41.372461][ T295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.380514][ T41] usb 1-1: SerialNumber: syz [ 41.385458][ T379] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 41.394825][ T41] usb 1-1: config 0 descriptor?? [ 41.399855][ T295] usb 2-1: Product: syz [ 41.404035][ T295] usb 2-1: Manufacturer: syz [ 41.408834][ T295] usb 2-1: SerialNumber: syz [ 41.413557][ T425] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22 [ 41.422041][ T41] hub 1-1:0.0: bad descriptor, ignoring hub [ 41.428002][ T41] hub: probe of 1-1:0.0 failed with error -5 [ 41.466390][ T6] usb 5-1: Using ep0 maxpacket: 32 [ 41.472806][ T6] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 41.484713][ T6] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 41.493851][ T6] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 41.502276][ T6] usb 5-1: Product: syz [ 41.506497][ T6] usb 5-1: Manufacturer: syz [ 41.511154][ T6] usb 5-1: SerialNumber: syz [ 41.517017][ T6] usb 5-1: config 0 descriptor?? [ 41.522289][ T466] raw-gadget.6 gadget.4: fail, usb_ep_enable returned -22 [ 41.530317][ T6] hub 5-1:0.0: bad descriptor, ignoring hub [ 41.536280][ T6] hub: probe of 5-1:0.0 failed with error -5 [ 41.639712][ T295] usb 2-1: USB disconnect, device number 4 [ 41.746498][ T41] usb 1-1: USB disconnect, device number 3 [ 41.846423][ T308] usb 5-1: USB disconnect, device number 3 [ 42.307564][ T295] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 43.302827][ T28] audit: type=1400 audit(1781893983.154:157): avc: denied { name_bind } for pid=478 comm="syz.0.58" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 43.407807][ T201] usb 4-1: USB disconnect, device number 3 [ 43.506379][ T295] usb 5-1: Using ep0 maxpacket: 32 [ 43.512844][ T295] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 43.525248][ T295] usb 5-1: string descriptor 0 read error: -22 [ 43.531561][ T295] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 43.636478][ T295] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 43.646944][ T295] usb 5-1: config 0 descriptor?? [ 43.652307][ T466] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 43.660374][ T295] hub 5-1:0.0: bad descriptor, ignoring hub [ 43.671185][ T295] hub: probe of 5-1:0.0 failed with error -5 [ 43.706314][ T41] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 43.887652][ T41] usb 2-1: unable to get BOS descriptor or descriptor too short [ 43.896459][ T41] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 43.906774][ T41] usb 2-1: config 1 interface 0 altsetting 13 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 43.920037][ T41] usb 2-1: config 1 interface 0 has no altsetting 0 [ 43.928165][ T41] usb 2-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= 0.40 [ 43.937345][ T41] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.945433][ T41] usb 2-1: Product: syz [ 43.949672][ T41] usb 2-1: Manufacturer: syz [ 43.954326][ T41] usb 2-1: SerialNumber: syz [ 43.986443][ T295] usb 5-1: USB disconnect, device number 4 [ 44.166012][ T41] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 44.177216][ T41] usb 2-1: USB disconnect, device number 5 [ 44.509020][ T379] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 44.516469][ T201] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 44.536389][ T379] smsc95xx: probe of 3-1:0.67 failed with error -71 [ 44.558528][ T379] usb 3-1: USB disconnect, device number 4 [ 44.706301][ T201] usb 1-1: Using ep0 maxpacket: 16 [ 44.712688][ T201] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 44.733147][ T201] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 44.759980][ T201] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 44.770534][ T201] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 44.780034][ T201] usb 1-1: Product: syz [ 44.784411][ T201] usb 1-1: Manufacturer: syz [ 44.789207][ T516] netlink: 12 bytes leftover after parsing attributes in process `syz.1.69'. [ 44.798458][ T201] usb 1-1: SerialNumber: syz [ 45.756254][ C1] sched: RT throttling activated [ 47.730004][ T201] usb 1-1: 0:2 : does not exist [ 47.742886][ T201] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 47.776831][ T201] usb 1-1: USB disconnect, device number 4 [ 48.017119][ T363] udevd[363]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 48.056206][ T540] capability: warning: `syz.2.75' uses deprecated v2 capabilities in a way that may be insecure [ 48.068354][ T540] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 48.078307][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 48.078323][ T28] audit: type=1400 audit(1781893988.804:161): avc: denied { mount } for pid=526 comm="syz.2.75" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 48.110839][ T28] audit: type=1400 audit(1781893988.804:162): avc: denied { mounton } for pid=526 comm="syz.2.75" path="/10/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 48.133480][ T28] audit: type=1400 audit(1781893988.814:163): avc: denied { read } for pid=526 comm="syz.2.75" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 48.155384][ T28] audit: type=1400 audit(1781893988.814:164): avc: denied { open } for pid=526 comm="syz.2.75" path="/10/file0" dev="overlay" ino=4611686018427387905 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 48.179500][ T28] audit: type=1400 audit(1781893988.814:165): avc: denied { search } for pid=526 comm="syz.2.75" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 48.528692][ T542] loop8: detected capacity change from 0 to 7 [ 48.586859][ T28] audit: type=1400 audit(1781893989.324:166): avc: denied { read } for pid=547 comm="syz.0.83" name="msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 48.645365][ T28] audit: type=1400 audit(1781893989.324:167): avc: denied { open } for pid=547 comm="syz.0.83" path="/dev/cpu/0/msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 48.717570][ T28] audit: type=1400 audit(1781893989.454:168): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 48.770034][ T28] audit: type=1400 audit(1781893989.464:169): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 48.805546][ T28] audit: type=1400 audit(1781893989.474:170): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 49.026713][ T201] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 49.156386][ T415] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 49.203107][ T579] netlink: 4 bytes leftover after parsing attributes in process `syz.1.96'. [ 49.213098][ T201] usb 3-1: config 0 has an invalid interface number: 214 but max is 0 [ 49.223783][ T201] usb 3-1: config 0 has no interface number 0 [ 49.229996][ T201] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 49.252119][ T201] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 49.274281][ T201] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 49.289355][ T201] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 49.297792][ T201] usb 3-1: Manufacturer: syz [ 49.302433][ T201] usb 3-1: SerialNumber: syz [ 49.316542][ T201] usb 3-1: config 0 descriptor?? [ 49.346355][ T415] usb 4-1: Using ep0 maxpacket: 16 [ 49.357452][ T415] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 49.365919][ T415] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 49.374615][ T415] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 49.382905][ T415] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 49.391145][ T415] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 49.400270][ T415] usb 4-1: config 0 has no interface number 0 [ 49.406461][ T415] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 49.417652][ T415] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 49.427578][ T415] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 49.437546][ T415] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 49.450721][ T415] usb 4-1: config 0 interface 125 has no altsetting 0 [ 49.457666][ T415] usb 4-1: config 0 interface 125 has no altsetting 2 [ 49.466463][ T379] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 49.475896][ T415] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 49.485110][ T415] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.493194][ T415] usb 4-1: Product: syz [ 49.497490][ T415] usb 4-1: Manufacturer: syz [ 49.502121][ T415] usb 4-1: SerialNumber: syz [ 49.510951][ T415] usb 4-1: config 0 descriptor?? [ 49.647434][ T379] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 49.658325][ T379] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 49.669394][ T379] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 49.680313][ T379] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 49.698021][ T379] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 49.716107][ T379] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.724425][ T379] usb 1-1: Product: syz [ 49.736321][ T379] usb 1-1: Manufacturer: syz [ 49.741038][ T379] usb 1-1: SerialNumber: syz [ 49.747222][ T577] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 49.755329][ T379] cdc_mbim 1-1:1.0: skipping garbage [ 49.906226][ T611] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.913739][ T611] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.483592][ T615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.492796][ T615] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.565656][ T379] cdc_mbim 1-1:1.0: SET_CRC_MODE failed [ 50.573894][ T379] cdc_mbim 1-1:1.0: SET_NTB_FORMAT failed [ 50.599856][ T379] cdc_mbim 1-1:1.0: bind() failure [ 50.608541][ T379] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 50.615623][ T379] cdc_ncm 1-1:1.1: bind() failure [ 50.635049][ T379] usb 1-1: USB disconnect, device number 5 [ 50.901044][ T619] Invalid argument reading file caps for ./file0 [ 51.128903][ T627] bridge0: adding interface bridge_slave_0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 51.161420][ T627] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 51.771126][ T379] usb 3-1: USB disconnect, device number 5 [ 51.825526][ T662] device veth0 entered promiscuous mode [ 51.831630][ T662] device veth0 left promiscuous mode [ 51.891105][ T468] usb 4-1: USB disconnect, device number 4 [ 51.931112][ T668] netlink: 12 bytes leftover after parsing attributes in process `syz.3.132'. [ 52.012945][ T673] Zero length message leads to an empty skb [ 52.020155][ T676] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=676 comm=syz.2.136 [ 52.033281][ T676] netlink: 8 bytes leftover after parsing attributes in process `syz.2.136'. [ 52.337545][ T705] Illegal XDP return value 4294967262 on prog (id 13) dev N/A, expect packet loss! [ 53.147357][ T28] kauditd_printk_skb: 34 callbacks suppressed [ 53.155881][ T28] audit: type=1400 audit(1781893993.354:205): avc: denied { connect } for pid=714 comm="syz.0.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 53.325678][ T28] audit: type=1400 audit(1781893994.054:206): avc: denied { watch } for pid=726 comm="syz.1.154" path="/41" dev="tmpfs" ino=223 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 53.389038][ T684] syz.2.141 (684) used greatest stack depth: 20768 bytes left [ 53.418209][ T28] audit: type=1400 audit(1781893994.154:207): avc: denied { read write } for pid=730 comm="syz.3.157" name="uinput" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 53.441719][ T28] audit: type=1400 audit(1781893994.154:208): avc: denied { open } for pid=730 comm="syz.3.157" path="/dev/uinput" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 53.463056][ T731] input: syz0 as /devices/virtual/input/input5 [ 53.465240][ T28] audit: type=1400 audit(1781893994.164:209): avc: denied { ioctl } for pid=730 comm="syz.3.157" path="/dev/uinput" dev="devtmpfs" ino=262 ioctlcmd=0x5564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 53.520123][ T28] audit: type=1400 audit(1781893994.234:210): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=636 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 53.551959][ T28] audit: type=1400 audit(1781893994.234:211): avc: denied { open } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=636 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 53.611771][ T28] audit: type=1400 audit(1781893994.234:212): avc: denied { ioctl } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=636 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 55.927030][ T764] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=515 sclass=netlink_route_socket pid=764 comm=syz.2.170 [ 55.943438][ T28] audit: type=1400 audit(1781893996.674:213): avc: denied { read write } for pid=765 comm="syz.0.167" name="vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 56.035812][ T28] audit: type=1400 audit(1781893996.704:214): avc: denied { open } for pid=765 comm="syz.0.167" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 57.109771][ T820] netlink: 8 bytes leftover after parsing attributes in process `syz.0.190'. [ 57.436361][ T814] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 57.526538][ T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 57.601207][ T839] ================================================================== [ 57.609347][ T839] BUG: KASAN: use-after-free in pppol2tp_sock_to_session+0x1a0/0x1b0 [ 57.617509][ T839] Read of size 4 at addr ffff888139ea0800 by task syz.3.199/839 [ 57.625177][ T839] [ 57.627535][ T839] CPU: 0 PID: 839 Comm: syz.3.199 Not tainted syzkaller #0 [ 57.634771][ T839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 57.644883][ T839] Call Trace: [ 57.648198][ T839] [ 57.651172][ T839] __dump_stack+0x21/0x24 [ 57.655579][ T839] dump_stack_lvl+0x110/0x170 [ 57.656887][ T814] usb 3-1: Using ep0 maxpacket: 32 [ 57.660304][ T839] ? __cfi_dump_stack_lvl+0x8/0x8 [ 57.660336][ T839] ? _raw_spin_lock_bh+0x94/0xf0 [ 57.675478][ T839] ? pppol2tp_sock_to_session+0x1a0/0x1b0 [ 57.681251][ T839] print_address_description+0x71/0x200 [ 57.686882][ T839] print_report+0x4a/0x60 [ 57.691261][ T839] kasan_report+0x122/0x150 [ 57.695812][ T839] ? pppol2tp_sock_to_session+0x1a0/0x1b0 [ 57.701585][ T839] __asan_report_load4_noabort+0x14/0x20 [ 57.707266][ T839] pppol2tp_sock_to_session+0x1a0/0x1b0 [ 57.712862][ T839] pppol2tp_release+0x150/0x2b0 [ 57.717765][ T839] sock_close+0xc9/0x220 [ 57.722083][ T839] ? __cfi_sock_close+0x10/0x10 [ 57.727021][ T839] __fput+0x1fd/0x8f0 [ 57.731140][ T839] ____fput+0x15/0x20 [ 57.735164][ T839] task_work_run+0x1e1/0x250 [ 57.739802][ T839] ? __cfi_task_work_run+0x10/0x10 [ 57.744961][ T839] ? __cfi___close_range+0x10/0x10 [ 57.750158][ T839] exit_to_user_mode_loop+0x9b/0xb0 [ 57.755399][ T839] exit_to_user_mode_prepare+0x87/0xd0 [ 57.760907][ T839] syscall_exit_to_user_mode+0x1a/0x30 [ 57.766411][ T839] do_syscall_64+0x58/0xa0 [ 57.770878][ T839] ? clear_bhb_loop+0x30/0x80 [ 57.775675][ T839] ? clear_bhb_loop+0x30/0x80 [ 57.780396][ T839] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 57.786340][ T839] RIP: 0033:0x7fabd219ce59 [ 57.790803][ T839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 57.808672][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 57.810479][ T839] RSP: 002b:00007ffd933e6048 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 57.829873][ T839] RAX: 0000000000000000 RBX: 00007ffd933e6130 RCX: 00007fabd219ce59 [ 57.832962][ T24] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 57.837888][ T839] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 57.837905][ T839] RBP: 000000000000e0e5 R08: 0000000000000001 R09: 0000000000000000 [ 57.837917][ T839] R10: 0000001b2dd20000 R11: 0000000000000246 R12: 00007ffd933e6170 [ 57.837931][ T839] R13: 00007fabd2415fac R14: 000000000000e118 R15: 00007fabd2415fa0 [ 57.837951][ T839] [ 57.872824][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 57.878958][ T839] [ 57.878965][ T839] Allocated by task 840: [ 57.879000][ T839] kasan_set_track+0x4b/0x70 [ 57.901301][ T839] kasan_save_alloc_info+0x1f/0x30 [ 57.906455][ T839] __kasan_kmalloc+0x95/0xb0 [ 57.911083][ T839] __kmalloc+0xb4/0x1e0 [ 57.915270][ T839] l2tp_session_create+0x38/0xbd0 [ 57.920336][ T839] pppol2tp_connect+0xbf5/0x1640 [ 57.925315][ T839] __sys_connect+0x3da/0x460 [ 57.929944][ T839] __x64_sys_connect+0x7a/0x90 [ 57.934741][ T839] x64_sys_call+0x88d/0x9a0 [ 57.939289][ T839] do_syscall_64+0x4c/0xa0 [ 57.943744][ T839] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 57.949684][ T839] [ 57.952067][ T839] Freed by task 8: [ 57.955807][ T839] kasan_set_track+0x4b/0x70 [ 57.960442][ T839] kasan_save_free_info+0x2b/0x40 [ 57.965523][ T839] ____kasan_slab_free+0x132/0x180 [ 57.970677][ T839] __kasan_slab_free+0x11/0x20 [ 57.975480][ T839] slab_free_freelist_hook+0xc2/0x190 [ 57.980889][ T839] __kmem_cache_free+0xb7/0x1b0 [ 57.985781][ T839] kfree+0x6f/0xf0 [ 57.989530][ T839] l2tp_session_put+0xaf/0x1a0 [ 57.994329][ T839] l2tp_session_delete+0x3df/0x4d0 [ 57.999483][ T839] l2tp_tunnel_del_work+0x199/0x410 [ 58.004714][ T839] process_one_work+0x717/0xc30 [ 58.009609][ T839] worker_thread+0xa4d/0x11d0 [ 58.014326][ T839] kthread+0x281/0x320 [ 58.018435][ T839] ret_from_fork+0x1f/0x30 [ 58.022890][ T839] [ 58.025235][ T839] The buggy address belongs to the object at ffff888139ea0800 [ 58.025235][ T839] which belongs to the cache kmalloc-512 of size 512 [ 58.039333][ T839] The buggy address is located 0 bytes inside of [ 58.039333][ T839] 512-byte region [ffff888139ea0800, ffff888139ea0a00) [ 58.052479][ T839] [ 58.054830][ T839] The buggy address belongs to the physical page: [ 58.058100][ T24] usb 2-1: config 0 descriptor?? [ 58.061283][ T839] page:ffffea0004e7a800 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888139ea2400 pfn:0x139ea0 [ 58.077838][ T839] head:ffffea0004e7a800 order:2 compound_mapcount:0 compound_pincount:0 [ 58.077951][ T814] usb 3-1: unable to get BOS descriptor or descriptor too short [ 58.086193][ T839] flags: 0x4000000000010200(slab|head|zone=1) [ 58.086231][ T839] raw: 4000000000010200 ffffea0004e7a700 dead000000000002 ffff888100042f00 [ 58.086249][ T839] raw: ffff888139ea2400 0000000080100002 00000001ffffffff 0000000000000000 [ 58.086260][ T839] page dumped because: kasan: bad access detected [ 58.123593][ T839] page_owner tracks the page as allocated [ 58.129331][ T839] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 507, tgid 506 (syz.3.66), ts 45780783441, free_ts 0 [ 58.132673][ T814] usb 3-1: config 14 has an invalid interface number: 57 but max is 1 [ 58.150138][ T839] post_alloc_hook+0x1f5/0x210 [ 58.150175][ T839] prep_new_page+0x1c/0x110 [ 58.150199][ T839] get_page_from_freelist+0x2ca9/0x2d20 [ 58.173233][ T839] __alloc_pages+0x1fa/0x610 [ 58.177958][ T839] alloc_slab_page+0x6e/0xf0 [ 58.182753][ T839] new_slab+0x98/0x3e0 [ 58.186860][ T839] ___slab_alloc+0x70f/0xb70 [ 58.191497][ T839] __slab_alloc+0x5e/0xa0 [ 58.195873][ T839] __kmem_cache_alloc_node+0x204/0x2d0 [ 58.201378][ T839] __kmalloc_node_track_caller+0xa1/0x1e0 [ 58.207137][ T839] pskb_expand_head+0x1c2/0x12b0 [ 58.212120][ T839] skb_ensure_writable+0x2f5/0x490 [ 58.217271][ T839] bpf_clone_redirect+0x1d7/0x4a0 [ 58.222332][ T839] 0xffffffffa00009a2 [ 58.226339][ T839] bpf_test_run+0x35f/0x940 [ 58.229984][ T814] usb 3-1: config 14 has an invalid interface number: 228 but max is 1 [ 58.231329][ T839] bpf_prog_test_run_skb+0xafb/0x12f0 [ 58.244989][ T839] page_owner free stack trace missing [ 58.250384][ T839] [ 58.252726][ T839] Memory state around the buggy address: [ 58.257731][ T814] usb 3-1: config 14 has no interface number 0 [ 58.258375][ T839] ffff888139ea0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.258390][ T839] ffff888139ea0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.278163][ T814] usb 3-1: config 14 has no interface number 1 [ 58.280707][ T839] >ffff888139ea0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.280720][ T839] ^ [ 58.280731][ T839] ffff888139ea0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.301600][ T814] usb 3-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 58.307149][ T839] ffff888139ea0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.307162][ T839] ================================================================== [ 58.310910][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 58.310950][ T28] audit: type=1400 audit(1781893998.844:222): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 58.326812][ T24] usbhid 2-1:0.0: can't add hid device: -71 [ 58.342450][ T28] audit: type=1400 audit(1781893998.844:223): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.368307][ T814] usb 3-1: config 14 interface 228 altsetting 5 has an invalid endpoint with address 0xD1, skipping [ 58.400905][ T839] Disabling lock debugging due to kernel taint [ 58.407472][ T24] usbhid: probe of 2-1:0.0 failed with error -71 [ 58.414341][ T839] ------------[ cut here ]------------ [ 58.419948][ T839] WARNING: CPU: 1 PID: 839 at net/l2tp/l2tp_ppp.c:156 pppol2tp_sock_to_session+0x167/0x1b0 [ 58.430022][ T839] Modules linked in: [ 58.433950][ T839] CPU: 1 PID: 839 Comm: syz.3.199 Tainted: G B syzkaller #0 [ 58.437529][ T28] audit: type=1400 audit(1781893998.844:224): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.442688][ T839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 58.473997][ T839] RIP: 0010:pppol2tp_sock_to_session+0x167/0x1b0 [ 58.480449][ T839] Code: 5d c3 e8 3c c2 d5 fc be 02 00 00 00 eb 0a e8 30 c2 d5 fc be 01 00 00 00 4c 89 f7 e8 03 21 cd fd e9 0f ff ff ff e8 19 c2 d5 fc <0f> 0b 48 89 df e8 ff 00 00 00 eb bd e8 08 c2 d5 fc 4c 89 f7 be 03 [ 58.496924][ T28] audit: type=1400 audit(1781893998.844:225): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 58.500106][ T839] RSP: 0018:ffffc90011337cb0 EFLAGS: 00010293 [ 58.526739][ T839] RAX: ffffffff849b9307 RBX: ffff8881117d4000 RCX: ffff888112fe0000 [ 58.534752][ T839] RDX: 0000000000000000 RSI: 000000001a2a38c0 RDI: 000000000c04eb7d [ 58.542796][ T839] RBP: ffffc90011337cd0 R08: ffffffff87b747e7 R09: 1ffffffff0f6e8fc [ 58.545513][ T28] audit: type=1400 audit(1781893998.844:226): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.550828][ T839] R10: dffffc0000000000 R11: fffffbfff0f6e8fd R12: dffffc0000000000 [ 58.550847][ T839] R13: dffffc0000000000 R14: 000000001a2a38c0 R15: ffff888139ea0800 [ 58.550861][ T839] FS: 0000555566f27500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 58.596527][ T839] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.600979][ T28] audit: type=1400 audit(1781893998.844:227): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.603145][ T839] CR2: 0000001b2eb23ffc CR3: 0000000139ece000 CR4: 00000000003506a0 [ 58.603167][ T839] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.642128][ T839] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.650177][ T839] Call Trace: [ 58.653489][ T839] [ 58.655469][ T28] audit: type=1400 audit(1781893998.844:228): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.656478][ T839] pppol2tp_release+0x150/0x2b0 [ 58.683885][ T839] sock_close+0xc9/0x220 [ 58.688265][ T839] ? __cfi_sock_close+0x10/0x10 [ 58.693161][ T839] __fput+0x1fd/0x8f0 [ 58.697224][ T839] ____fput+0x15/0x20 [ 58.701328][ T839] task_work_run+0x1e1/0x250 [ 58.705967][ T839] ? __cfi_task_work_run+0x10/0x10 [ 58.711153][ T839] ? __cfi___close_range+0x10/0x10 [ 58.716335][ T839] exit_to_user_mode_loop+0x9b/0xb0 [ 58.721579][ T839] exit_to_user_mode_prepare+0x87/0xd0 [ 58.727116][ T839] syscall_exit_to_user_mode+0x1a/0x30 [ 58.732614][ T839] do_syscall_64+0x58/0xa0 [ 58.737108][ T839] ? clear_bhb_loop+0x30/0x80 [ 58.741813][ T839] ? clear_bhb_loop+0x30/0x80 [ 58.746563][ T839] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 58.752498][ T839] RIP: 0033:0x7fabd219ce59 [ 58.756981][ T839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 58.776672][ T839] RSP: 002b:00007ffd933e6048 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 58.785141][ T839] RAX: 0000000000000000 RBX: 00007ffd933e6130 RCX: 00007fabd219ce59 [ 58.793196][ T839] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 58.801260][ T839] RBP: 000000000000e0e5 R08: 0000000000000001 R09: 0000000000000000 [ 58.809457][ T839] R10: 0000001b2dd20000 R11: 0000000000000246 R12: 00007ffd933e6170 [ 58.817486][ T839] R13: 00007fabd2415fac R14: 000000000000e118 R15: 00007fabd2415fa0 [ 58.825473][ T839] [ 58.828541][ T839] ---[ end trace 0000000000000000 ]--- [ 58.842773][ T24] usb 2-1: USB disconnect, device number 6 [ 58.848908][ T814] usb 3-1: config 14 interface 228 altsetting 5 endpoint 0x9 has an invalid bInterval 122, changing to 10 [ 58.860556][ T814] usb 3-1: config 14 interface 228 altsetting 5 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 58.875309][ T814] usb 3-1: config 14 interface 57 has no altsetting 0 [ 58.882333][ T814] usb 3-1: config 14 interface 228 has no altsetting 0 [ 58.891180][ T814] usb 3-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 58.900332][ T814] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.908398][ T814] usb 3-1: Product: syz [ 58.912572][ T814] usb 3-1: Manufacturer: syz [ 58.917322][ T814] usb 3-1: SerialNumber: syz [ 59.216314][ T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 59.407517][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 59.418576][ T24] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40 [ 59.427671][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.436767][ T24] usb 2-1: config 0 descriptor?? [ 60.257087][ T830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 60.265574][ T24] aiptek 2-1:0.0: Aiptek using 400 ms programming speed [ 60.265927][ T830] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 60.274637][ T24] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input6 [ 60.317784][ C1] ================================================================================ [ 60.327104][ C1] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:741:31 [ 60.335725][ C1] index 261 is out of range for type 'const int[34]' [ 60.342398][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B W syzkaller #0 [ 60.350899][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 60.360965][ C1] Call Trace: [ 60.364262][ C1] [ 60.367116][ C1] __dump_stack+0x21/0x24 [ 60.371472][ C1] dump_stack_lvl+0x110/0x170 [ 60.376173][ C1] ? __cfi_dump_stack_lvl+0x8/0x8 [ 60.381244][ C1] dump_stack+0x15/0x24 [ 60.385445][ C1] ubsan_epilogue+0xe/0x40 [ 60.389976][ C1] __ubsan_handle_out_of_bounds+0xdf/0xf0 [ 60.395737][ C1] aiptek_irq+0x2045/0x29b0 [ 60.400261][ C1] ? kcov_remote_start+0x2c4/0x370 [ 60.405432][ C1] __usb_hcd_giveback_urb+0x360/0x520 [ 60.410958][ C1] usb_hcd_giveback_urb+0x11f/0x3e0 [ 60.416195][ C1] dummy_timer+0xa25/0x3270 [ 60.420795][ C1] ? __cfi_dummy_timer+0x10/0x10 [ 60.425757][ C1] ? timerqueue_del+0xd3/0x120 [ 60.430559][ C1] ? __cfi_dummy_timer+0x10/0x10 [ 60.435534][ C1] __hrtimer_run_queues+0x398/0x890 [ 60.440763][ C1] ? hrtimer_interrupt+0x8c0/0x8c0 [ 60.445902][ C1] hrtimer_run_softirq+0x19b/0x260 [ 60.451024][ C1] handle_softirqs+0x1d7/0x600 [ 60.455824][ C1] __irq_exit_rcu+0x52/0xf0 [ 60.460332][ C1] irq_exit_rcu+0x9/0x10 [ 60.464587][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 60.470247][ C1] [ 60.473187][ C1] [ 60.476119][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 60.482126][ C1] RIP: 0010:default_idle+0xf/0x20 [ 60.487163][ C1] Code: cc 00 00 cc cc 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 63 7b 65 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90 [ 60.506792][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257 [ 60.512899][ C1] RAX: ffff8881f6f00000 RBX: ffff888100335100 RCX: fca7c187021a2c00 [ 60.520879][ C1] RDX: 0000000000000001 RSI: ffffffff85ca6000 RDI: ffffffff85ca5fc0 [ 60.528865][ C1] RBP: ffffc90000147dd8 R08: ffff8881f6f348b3 R09: 1ffff1103ede6916 [ 60.536848][ C1] R10: 0000000000000000 R11: ffffffff8500b370 R12: dffffc0000000000 [ 60.544845][ C1] R13: 0000000000000001 R14: ffff888100335100 R15: dffffc0000000000 [ 60.552938][ C1] ? __cfi_default_idle+0x10/0x10 [ 60.558760][ C1] arch_cpu_idle+0x1c/0x20 [ 60.563196][ C1] default_idle_call+0x71/0x1d0 [ 60.568062][ C1] do_idle+0x354/0x640 [ 60.572160][ C1] ? irqentry_exit+0x30/0x40 [ 60.576854][ C1] ? sysvec_apic_timer_interrupt+0x64/0xc0 [ 60.582693][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 60.588876][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 60.594089][ C1] ? do_idle+0x6/0x640 [ 60.598175][ C1] cpu_startup_entry+0x43/0x60 [ 60.602946][ C1] start_secondary+0x119/0x120 [ 60.607716][ C1] secondary_startup_64_no_verify+0xce/0xdb [ 60.613614][ C1] [ 60.616631][ C1] ================================================================================ [ 60.625909][ C1] ================================================================================ [ 60.635179][ C1] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:763:30 [ 60.643767][ C1] index 262 is out of range for type 'const int[34]' [ 60.650441][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B W syzkaller #0 [ 60.658941][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 60.668996][ C1] Call Trace: [ 60.672282][ C1] [ 60.675129][ C1] __dump_stack+0x21/0x24 [ 60.679472][ C1] dump_stack_lvl+0x110/0x170 [ 60.684160][ C1] ? __cfi_dump_stack_lvl+0x8/0x8 [ 60.689244][ C1] dump_stack+0x15/0x24 [ 60.693431][ C1] ubsan_epilogue+0xe/0x40 [ 60.697869][ C1] __ubsan_handle_out_of_bounds+0xdf/0xf0 [ 60.703605][ C1] aiptek_irq+0x1f14/0x29b0 [ 60.708118][ C1] ? kcov_remote_start+0x2c4/0x370 [ 60.713244][ C1] __usb_hcd_giveback_urb+0x360/0x520 [ 60.718658][ C1] usb_hcd_giveback_urb+0x11f/0x3e0 [ 60.723897][ C1] dummy_timer+0xa25/0x3270 [ 60.728421][ C1] ? __cfi_dummy_timer+0x10/0x10 [ 60.733377][ C1] ? timerqueue_del+0xd3/0x120 [ 60.738159][ C1] ? __cfi_dummy_timer+0x10/0x10 [ 60.743106][ C1] __hrtimer_run_queues+0x398/0x890 [ 60.748325][ C1] ? hrtimer_interrupt+0x8c0/0x8c0 [ 60.753480][ C1] hrtimer_run_softirq+0x19b/0x260 [ 60.758608][ C1] handle_softirqs+0x1d7/0x600 [ 60.763382][ C1] __irq_exit_rcu+0x52/0xf0 [ 60.767926][ C1] irq_exit_rcu+0x9/0x10 [ 60.772196][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 60.777848][ C1] [ 60.780782][ C1] [ 60.783714][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 60.789709][ C1] RIP: 0010:default_idle+0xf/0x20 [ 60.794747][ C1] Code: cc 00 00 cc cc 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 63 7b 65 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90 [ 60.814362][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257 [ 60.820446][ C1] RAX: ffff8881f6f00000 RBX: ffff888100335100 RCX: fca7c187021a2c00 [ 60.828449][ C1] RDX: 0000000000000001 RSI: ffffffff85ca6000 RDI: ffffffff85ca5fc0 [ 60.836428][ C1] RBP: ffffc90000147dd8 R08: ffff8881f6f348b3 R09: 1ffff1103ede6916 [ 60.844435][ C1] R10: 0000000000000000 R11: ffffffff8500b370 R12: dffffc0000000000 [ 60.852452][ C1] R13: 0000000000000001 R14: ffff888100335100 R15: dffffc0000000000 [ 60.860644][ C1] ? __cfi_default_idle+0x10/0x10 [ 60.865687][ C1] arch_cpu_idle+0x1c/0x20 [ 60.870105][ C1] default_idle_call+0x71/0x1d0 [ 60.874965][ C1] do_idle+0x354/0x640 [ 60.879058][ C1] ? irqentry_exit+0x30/0x40 [ 60.883649][ C1] ? sysvec_apic_timer_interrupt+0x64/0xc0 [ 60.889469][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 60.895640][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 60.900845][ C1] ? do_idle+0x6/0x640 [ 60.904934][ C1] cpu_startup_entry+0x43/0x60 [ 60.909728][ C1] start_secondary+0x119/0x120 [ 60.914501][ C1] secondary_startup_64_no_verify+0xce/0xdb [ 60.920490][ C1] [ 60.923520][ C1] ================================================================================ [ 60.940965][ T201] usb 3-1: USB disconnect, device number 6 [ 61.191818][ T201] usb 2-1: USB disconnect, device number 7 [ 61.191921][ C1] aiptek 2-1:0.0: aiptek_irq - usb_submit_urb failed with result -19 [ 64.617216][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)