last executing test programs: 4m30.851189562s ago: executing program 0 (id=1499): ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x61}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x0, 0x5, 0x9fd, 0x84}, 0x48) socket(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="850000022ee40a998159501ffc0000002500000000000000950000100000aa242dc17994c6271c26bd0765fe87e92c65edda8180eec7e48599c099f20dd92e141cc7281972f0a462e57aac81720a411264c1ccb1774c06f1e0d872320fa853f56105d53925"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x8000000, 0x10, 0x0, 0xfffffffffffffed8}, 0x3f) socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000030c0)=ANY=[@ANYBLOB="180000001600050200e616566e25b8ab660008"], 0x18}}, 0x0) r5 = openat$ttyS3(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000780)=0x3) 4m26.119617252s ago: executing program 0 (id=1514): r0 = socket$pptp(0x18, 0x1, 0x2) connect$pppoe(r0, &(0x7f0000006000)={0x18, 0x0, {0x0, @dev, 'ip6gretap0\x00'}}, 0x1e) 3m36.77769165s ago: executing program 0 (id=1514): r0 = socket$pptp(0x18, 0x1, 0x2) connect$pppoe(r0, &(0x7f0000006000)={0x18, 0x0, {0x0, @dev, 'ip6gretap0\x00'}}, 0x1e) 3m7.753238949s ago: executing program 0 (id=1514): r0 = socket$pptp(0x18, 0x1, 0x2) connect$pppoe(r0, &(0x7f0000006000)={0x18, 0x0, {0x0, @dev, 'ip6gretap0\x00'}}, 0x1e) 3m3.143027341s ago: executing program 4 (id=1655): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) r4 = getpid() sched_setscheduler(r4, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800007b010000"]) 2m59.015867803s ago: executing program 4 (id=1664): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r0, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r1, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) 2m57.060062479s ago: executing program 4 (id=1666): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) unshare(0x20040600) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) unshare(0x40000200) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5}, 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x6f, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f00000010c0)='cpu.weight\x00', 0x2, 0x0) write$cgroup_int(r3, &(0x7f00000001c0)=0x2, 0x12) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f00000001c0), r0) 1m10.128488221s ago: executing program 0 (id=1514): r0 = socket$pptp(0x18, 0x1, 0x2) connect$pppoe(r0, &(0x7f0000006000)={0x18, 0x0, {0x0, @dev, 'ip6gretap0\x00'}}, 0x1e) 1m2.282491492s ago: executing program 4 (id=1678): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000008080)={0x0, 0x0, &(0x7f00000002c0)=[{0x0, 0x2198}], 0x1}, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000007e40), 0x4000000000000aa, 0x0) 59.088574194s ago: executing program 4 (id=1811): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, &(0x7f0000000380)='GPL\x00'}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x10e, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x13}) io_uring_enter(r3, 0x47f9, 0x0, 0x0, 0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f0000001500)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) linkat(r6, &(0x7f0000000100)='./file1\x00', r6, 0x0, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 53.986252419s ago: executing program 4 (id=1818): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newlink={0x5c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x600}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR={0x18, 0x4, @remote}, @IFLA_MACVLAN_MACADDR_DATA={0x1c, 0x5, 0x0, 0x1, [{0xa, 0x4, @remote}, {0xa}]}]}}}]}, 0x5c}}, 0x0) 36.346955985s ago: executing program 0 (id=1514): r0 = socket$pptp(0x18, 0x1, 0x2) connect$pppoe(r0, &(0x7f0000006000)={0x18, 0x0, {0x0, @dev, 'ip6gretap0\x00'}}, 0x1e) 20.390676193s ago: executing program 2 (id=1869): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x402243) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x800, 0x800}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x8000000000000001, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) r1 = getpgid(0xffffffffffffffff) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(r1, 0x1, &(0x7f0000000080)=0x7) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) futex(0x0, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000080)=0x6) futex(&(0x7f000000cffc), 0x6, 0x3d, 0x0, 0x0, 0x2) futex(0x0, 0x100, 0x0, &(0x7f0000000040), 0x0, 0x400005) unshare(0x22020600) r4 = fsopen(&(0x7f00000000c0)='fuseblk\x00', 0x0) r5 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x0) madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x18) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0x0) fstat(r5, &(0x7f00000002c0)) socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000001340)=[{0x0, 0x0, 0x0, 0x1ff}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000007, 0x10010, r0, 0xe5050000) syz_clone(0x0, 0x0, 0xffffffffffffff6f, 0x0, 0x0, 0x0) ptrace(0x8, r1) 17.668325672s ago: executing program 2 (id=1871): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a050600000000000000000100000008000a40000000000900020073797a31000000000900010073797a30000010000800054000000014080003400000000114000000110001"], 0x6c}}, 0x0) 13.513521687s ago: executing program 2 (id=1877): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_hsr\x00'}]}]}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x18, 0xa, 0x0, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_hsr\x00'}]}]}]}], {0x14, 0x10}}, 0xe8}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x24, 0x0, 0x0) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000200), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000)) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) syz_io_uring_setup(0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) read$msr(r3, &(0x7f00000005c0)=""/102384, 0x18ff0) r4 = socket$kcm(0x23, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000140)={&(0x7f0000000000)=@phonet, 0x80, 0x0}, 0x0) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CHANNEL(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x0) 9.582791151s ago: executing program 1 (id=1881): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[], 0x7c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) chdir(&(0x7f0000002340)='./bus\x00') open(&(0x7f0000007f80)='./bus\x00', 0x141142, 0x0) mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x0, 0x0, 0x0) open(&(0x7f0000000400)='./bus\x00', 0x0, 0x0) 8.36066015s ago: executing program 1 (id=1882): syz_io_uring_setup(0x0, &(0x7f0000000200), 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000180)={@in={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x3, 0x0, 0x17, 0x0, "5e3b86774ed89ec669fabcaff49c2eeb8c1c0685564614c85bcf859a08695e2f3f309e196a0c67a7768e058e3008931c0870b2780eb77cbbee013423d43101cb8242bc42b8e0662749302c9ffcd1d119"}, 0xd8) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY(r3, 0x0, 0x1, &(0x7f0000000440)=0x2, 0x4) sendmsg$802154_dgram(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x24, @long}, 0x14, &(0x7f0000000140)={0x0}}, 0x0) mkdir(0x0, 0x0) mount(0x0, 0x0, &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') wait4(r0, 0x0, 0x80000000, &(0x7f0000000380)) 8.199627383s ago: executing program 3 (id=1883): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_GETSTATE(r0, 0x4008af24, &(0x7f0000000080)) 7.962625531s ago: executing program 3 (id=1884): socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) io_setup(0x7, &(0x7f00000000c0)=0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x1000}, 0x48) newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2000) io_pgetevents(r0, 0x1, 0x3, &(0x7f0000001480)=[{}, {}, {}], 0x0, 0x0) setresgid(r3, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000020000000181100", @ANYRES32=r1, @ANYRES16=r2], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mknodat$null(0xffffffffffffff9c, &(0x7f0000001580)='./file0/file0\x00', 0x1000, 0x103) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000300)='devlink_health_reporter_state_update\x00'}, 0x10) io_destroy(r0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, 0x0, 0x0) getsockname$packet(r5, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee8625b2a0a00000010000000", @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000100)={@local}) socket(0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) r8 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r8}}) socket$pppl2tp(0x18, 0x1, 0x1) 7.569285768s ago: executing program 2 (id=1885): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @local}, 0x2}}, 0x26) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2, 0xfffffffd}}, 0x2e) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d}, 0x90) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r2, 0x111, 0x3, 0x20000000, 0x4) 6.803461512s ago: executing program 1 (id=1886): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) ioctl$RTC_AIE_ON(r0, 0x7001) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x17, 0x0, 0xa9}) 6.598480473s ago: executing program 1 (id=1887): socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-simd\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendmmsg$alg(r2, 0x0, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = semget$private(0x0, 0x0, 0x54c) semtimedop(r3, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x989680}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto={0x0, 0x0, 0x0, 0xd, 0x4}, @ptr={0x0, 0x0, 0x0, 0x10, 0x4}, @func={0x4, 0x0, 0x0, 0x8, 0x3}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x52}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x2, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r5, 0x0, 0x3}, 0x48) r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000407d1eb42d000000090001090224000100000000090400000103000000092100000001220b0009058103"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$hid(r6, &(0x7f0000000500)={0x24, &(0x7f0000000580)=ANY=[@ANYBLOB="40004f0000004f0ed1"], 0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r0, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) 6.541369559s ago: executing program 2 (id=1888): epoll_create1(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r1, 0x0, 0xb0) r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) r3 = dup3(r2, r1, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) r4 = syz_io_uring_setup(0x690b, &(0x7f00000006c0)={0x0, 0x0, 0x10100, 0x4, 0x3, 0x0, r3}, &(0x7f0000000200), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1866, &(0x7f0000000140)={0x0, 0x7fb2, 0x200, 0x0, 0xfffffffc}, &(0x7f0000000500)=0x0, &(0x7f0000000280)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r4, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$binfmt_aout(r7, &(0x7f0000000400)=ANY=[], 0xff2e) ppoll(&(0x7f00000013c0)=[{r8}], 0x1, 0x0, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r9, 0x541b, &(0x7f0000000200)={0xffffffffffffffff}) close_range(r10, 0xffffffffffffffff, 0x0) 6.455740482s ago: executing program 3 (id=1889): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff) socket$inet6(0xa, 0x800000000000002, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="7ffbe1ffffff0000000005"], 0x14}, 0x1, 0xf00000000000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000019c0)=@bloom_filter={0x21, 0x0, 0x7}, 0x48) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000280), r0) 3.09039504s ago: executing program 2 (id=1890): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001580)=""/102400, 0x19000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r4 = eventfd(0x0) r5 = eventfd(0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x48080}, 0x20) prctl$PR_GET_PDEATHSIG(0x1c, &(0x7f00000000c0)) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000001c0)={r4, 0x100000, 0x1, r5}) 3.076360114s ago: executing program 3 (id=1891): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x3, @pix_mp={0x0, 0x0, 0x34324152}}) sched_setscheduler(0x0, 0x6, &(0x7f00000002c0)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x18000000000002a0, 0x38, 0x0, &(0x7f0000000140)="b9ff0300600d698cff9e14f086dd", 0x0, 0x63, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x3df4ff3ed9780f7a) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000077ceb5d48500000084000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ppoll(&(0x7f0000000900)=[{r4}], 0x1, &(0x7f0000000940)={0x77359400}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000003c0)='rxrpc_peer\x00', r3}, 0x2b) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$TIPC_CMD_SHOW_STATS(r6, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, 0x0, 0x200, 0x70bd2c, 0x25dfdbff, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x20084894) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r5, 0x84, 0x16, &(0x7f0000000000)={0x2, [0x2, 0x9]}, 0x8) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) 2.704651897s ago: executing program 1 (id=1892): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000016c0)=@raw={'raw\x00', 0x8, 0x3, 0x400, 0x1c8, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x330, 0xffffffff, 0xffffffff, 0x330, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c8, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0x120, 0x168, 0x0, {}, [@common=@dst={{0x48}}, @common=@ah={{0x30}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x460) 2.264619975s ago: executing program 1 (id=1893): bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@bloom_filter={0x1e, 0x2, 0x4, 0x800, 0x14, 0xffffffffffffffff, 0x1e0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x2, 0x3}, 0x48) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) timer_create(0x2, &(0x7f00000006c0)={0x0, 0x11, 0x2, @thr={&(0x7f0000000380)="a1961d2c7b0f2aa33466ce1204fe75ed0ed21f619aa6546f63104857520b1bb6", &(0x7f00000005c0)="a6ae9a7dc7ed2171bc81649516ba64b1f1a836c5b827e47b3d65e0eaf30aa56599687e897bee5f2cded735665e938d7a29c0416817108b00dfd55b9dfefad7871c35c285b218de81bf748b1ddc7a268ea70644951d82cc8f13034f479c07998c06dc09fcee0a63253d83bc3a15a325e17807c2543b2ec6e35326b00e0c0dc1c0b0c99d5ef0e1c02e5b6108d5f8e0e7c94b5193a593904a9ff9667b56708a52e8cd46f714d4aa1b591f363fcc53136ed97909a6f89aa2d44bfe1b4bee8731f3e7644136457b25b8fc77602f787188aa3fe9c0e73efd1e6857e86dae"}}, &(0x7f0000000540)=0x0) timer_settime(0x0, 0x1, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) unshare(0x22020000) mkdir(&(0x7f0000000000)='./file0\x00', 0x129) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0) unshare(0x40020000) rmdir(&(0x7f0000000740)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x75) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='cgroup2\x00', 0x4002, 0x0) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='./file0\x00') getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000280)={0x6589}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000a000/0x18000)=nil, &(0x7f0000000c80)=[@text64={0x40, &(0x7f0000000c00)="c4417e6fe3400f790bb9410800000f32b9801600c00f3235004000000f300f01cf66baf80c450f01cbef66bafc0ced440f0dc666b834000f00d066baa100ed", 0x3f}], 0x1, 0x8, &(0x7f0000000480), 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000300)=0x40) timer_gettime(r2, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000580)=[@text32={0x20, &(0x7f0000000900)="0f1f00f7bdcb1700000f3566ba2000b051fbfb670f32c4e3857be4070fc7b4a8720000000f080f32b9a40900000f7432d8", 0x31}], 0x1, 0xd, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000500)=[@textreal={0x8, &(0x7f0000000480)="baf80c66b808aacc8466efbafc0cb00dee6428f0660fc20b6fd84600f30f017a0066b9800100000f320f38f03f0fc77c86660f38825b260f20c06635020000000f22c0", 0x43}], 0x1, 0x20, &(0x7f0000000580), 0x0) mount$9p_fd(0x0, 0xffffffffffffffff, &(0x7f00000003c0), 0x80040, &(0x7f0000001000)=ANY=[@ANYRES8=r1, @ANYRESHEX, @ANYBLOB="4b774c646e6f3de50799c55e1a288d5faa3576267d3a3c15c5c1240f6f72db774648b0335d6b8a7f548215f96a9113d71e292a4187c5c28e626cd7c2c8a381d63d575ce2d1bd576dec4162abd756ddd3b1bf1b060809b09c91cf49fe8a6422420c8e2e070000143ef4e698bba82e62c7150fb722b7823a6d65edc69de3d89a4bca12f0b19e3549c765b6049d79da71f8b05eb7d551ae9ce727c10408d56d2feb06014a6c208510ccfebb837e6205463647d3b4d01b17dc3aa83cc1e919f46433262abe7ee8ba3a64ce3555478f253f379550de4bf097507f9b39e40162543718df87cbc37c19372facab32a0d1ec6b4185dd", @ANYRESHEX=r1, @ANYRESOCT=0x0, @ANYBLOB="35e954454f077540c05eb1557b746bf70c42c0e64da212c292e504c54e0f2970e199fe142247979fbd3d568bc5eb4b9e8e0b5e4c35d7e053a0237d943cfba0a33d71f7f66482b9e4f1233f60781bcc92000072ead990eec0fa56f3da07651a2663a9f4d7c36ad1ba2636f8e8501c44e54434a747f9f1a8343c7972311f85d80fdc09fa4b45380aa51edddfbf948e460ccf4345d3a3b506461cd7a75a79d832c705aa28f686045df0b4e6ba0d32bc127c18337c514d99aba485d0aed373b5fdef13bd08b3dd3c5a8caa0cacc7aa4b21f32fc89229a0cae98f373a01441b9da20b050a7f87c3b10dca4da7c17598444e338b653d82d3b88606e5e5f382c300020000939389aca64cc00d10b52c57a4e6d5ba132cb3cb82a31eaf2c91df814723409ebc070b6ae066883a965824dd2085dd031b73839e45eaeefb38189fbb7fc03f93acaec88ea711f40dbd9a9d7417d7572498ea44ccce7aa392ed94b8f1b0f7d8cf87ec9877fd27a049126564be7db2e15341ee27c09a99a35826b9d2cc89bb66f09f9fbbabf8c0bdee402d46e003e435bb1738f23c29aea32ba5aeeb5cfcf8293bdfa73786f64ce6d5d1169f47daf7631c91964a1284eec42f7fe5e9a51cc85a7f3d281ca36bb4f80a04a1ad3424fc860c4f069ec5637078755907658a0b5e1ffb12d5e056854752b0f08c321f19fb916d117f072a2d7aa8f073138c6d6dc451525938060cea9261758ce67db51a0c4fddbc913eaf4120ddd61b925f7d44afae9358b6280777e5aec31028c5d2c32fdf00f290f588c5618c8c0c8cfa777b838eb38bbdf8", @ANYRES8]) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000040)="650f01c2660f3a62d53a0fc7760066ba210066ed0f019ae534189db9800000c00f3235001000000f30650fc77800652e0ff56b4cb98d0b00000f32c4c2fd222f", 0x40}], 0x1, 0x60, &(0x7f0000000780), 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000780)=ANY=[@ANYBLOB="0000f1ff3dc41da9bc9f3a428f7affff84000000553be354ed4cd54c0000000000000000000000000000233b8097f0c3c05829cb6b36cb27528f61067cff72309d3d4e235dc4e3dc5831b8c00d4818692c40d9d15d2774eb04627d828147a9d7285eee60dcf021cd80958b58484af401a4db15cf485374f223"], &(0x7f0000000000)='syzkaller\x00'}, 0x80) ioctl$KVM_RUN(r3, 0xae80, 0x0) 193.227247ms ago: executing program 3 (id=1894): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a010200000000000000000100000009000300739c7a320000000014000480080002400000000008000140000000050900010073797a310000000044000000050a01020000000000000000010000000c00024000000000000000010900010073797a310000000018000480140003"], 0xcc}}, 0x0) 0s ago: executing program 3 (id=1895): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x4e22, 0x7, @dev={0xfe, 0x80, '\x00', 0x2d}, 0xfffffff8}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e23, 0xeae, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xc5a}, @in={0x2, 0x4e20, @multicast2}, @in6={0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8001}, @in6={0xa, 0x4e24, 0x0, @private1, 0x6}, @in={0x2, 0x4e24, @rand_addr=0x64010102}], 0xa0) pipe2$9p(&(0x7f0000000040), 0x80080) io_submit(0x0, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket(0x28, 0x5, 0x0) r3 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r3, 0x0) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) sendmmsg(r2, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0) r5 = accept4$unix(r3, 0x0, 0x0, 0x0) recvfrom$unix(r5, &(0x7f0000000140)=""/232, 0xe8, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000100)={0x3, 0x0, 0x80000001, 0x88, 0xcd34, 0x1fd, 0x1}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0100d41f215c0000883795c04a31ba377a1b2cc32b38d3440c6942cb76cab3000000", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0) kernel console output (not intermixed with test programs): aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.487374][T10130] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 707.499893][T10948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.527029][T10948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.541959][T10948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.555643][T10948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.581474][T10948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.592684][T10948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.604434][T10948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.626846][T10948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 707.708113][T10130] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 707.728614][T10948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.757309][T10130] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 707.777971][T10948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.790320][T10130] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 707.809169][T10948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.881196][T10130] usb 4-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00 [ 707.891530][T10948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.949231][T10130] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 708.025383][T10948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.113804][T10130] usb 4-1: config 0 descriptor?? [ 708.119218][T10948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.141808][T10948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.154722][T10948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.166710][T10948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.178995][T10948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.198217][T10948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 708.456065][T10948] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.481283][T10948] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.495440][T10948] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.512748][T10948] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.716007][T10130] playstation 0003:054C:0BA0.0015: hidraw0: USB HID v0.00 Device [HID 054c:0ba0] on usb-dummy_hcd.3-1/input0 [ 708.865748][T11225] bridge0: port 1(bridge_slave_0) entered blocking state [ 708.890992][T11225] bridge0: port 1(bridge_slave_0) entered disabled state [ 708.936674][T11225] bridge_slave_0: entered allmulticast mode [ 708.965659][T10130] playstation 0003:054C:0BA0.0015: Failed to retrieve feature with reportID 18: -71 [ 708.988257][T11225] bridge_slave_0: entered promiscuous mode [ 709.038608][T11225] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.064478][T10130] playstation 0003:054C:0BA0.0015: Failed to retrieve DualShock4 pairing info: -71 [ 709.080160][T10130] playstation 0003:054C:0BA0.0015: Failed to get MAC address from DualShock4 [ 709.107813][T10130] playstation 0003:054C:0BA0.0015: Failed to create dualshock4. [ 709.108168][T11225] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.140596][T10130] playstation 0003:054C:0BA0.0015: probe with driver playstation failed with error -71 [ 709.223640][T10130] usb 4-1: USB disconnect, device number 25 [ 709.229442][T11225] bridge_slave_1: entered allmulticast mode [ 709.307046][T11225] bridge_slave_1: entered promiscuous mode [ 709.313114][ T5231] Bluetooth: hci5: command tx timeout [ 709.860550][T11225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 709.900127][T11225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 710.021103][ T7281] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 710.072746][ T7281] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 710.280146][T11225] team0: Port device team_slave_0 added [ 710.722459][T11225] team0: Port device team_slave_1 added [ 710.965840][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 711.026094][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 711.054751][ T7281] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 711.093051][ T7281] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 711.122440][T11225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 711.142635][T11225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 711.341798][T11225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 711.951920][ T5231] Bluetooth: hci5: command tx timeout [ 712.289109][ T29] audit: type=1400 audit(1723099393.596:1046): avc: denied { mount } for pid=10858 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 712.406475][T11225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 712.429499][T11225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 712.566005][T11225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 713.745405][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 713.770058][T11225] hsr_slave_0: entered promiscuous mode [ 713.832167][T11323] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1585'. [ 713.842509][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 713.911643][T11225] hsr_slave_1: entered promiscuous mode [ 713.948849][T11225] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 714.029092][ T29] audit: type=1326 audit(1723099395.202:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11314 comm="syz.3.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6775d779f9 code=0x7fc00000 [ 714.076181][T11225] Cannot create hsr debugfs directory [ 714.166194][ T5231] Bluetooth: hci5: command tx timeout [ 714.460189][ T29] audit: type=1326 audit(1723099395.202:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11314 comm="syz.3.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f6775d779f9 code=0x7fc00000 [ 715.536192][ T29] audit: type=1326 audit(1723099396.596:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11314 comm="syz.3.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6775d779f9 code=0x7fc00000 [ 715.745247][ T29] audit: type=1400 audit(1723099396.799:1050): avc: denied { setopt } for pid=11342 comm="syz.4.1587" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 715.941756][ T29] audit: type=1400 audit(1723099396.965:1051): avc: denied { name_bind } for pid=11342 comm="syz.4.1587" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 717.345514][ T7260] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.071373][T11225] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.492732][ T7260] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.750960][ T7260] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.229126][T11225] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.597795][ T5224] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 719.611280][ T5224] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 719.621084][ T5224] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 719.630928][ T5224] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 719.639509][ T5224] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 719.648460][ T5224] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 720.113838][ T7260] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 720.489032][T11225] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 720.796220][T11225] : (slave netdevsim0): Releasing backup interface [ 720.841158][T11225] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 720.970461][T11390] ip6gretap0 speed is unknown, defaulting to 1000 [ 721.444679][ T29] audit: type=1326 audit(1723099402.014:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11419 comm="syz.4.1596" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe2e4d779f9 code=0x0 [ 721.645052][T11225] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 721.928263][T11225] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 721.961523][T11225] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 721.969454][ T5224] Bluetooth: hci3: command tx timeout [ 722.056591][ T7260] bridge_slave_1: left allmulticast mode [ 722.076946][ T7260] bridge_slave_1: left promiscuous mode [ 722.087884][ T7260] bridge0: port 2(bridge_slave_1) entered disabled state [ 722.124503][ T7260] bridge_slave_0: left allmulticast mode [ 722.142172][ T7260] bridge_slave_0: left promiscuous mode [ 722.159814][ T7260] bridge0: port 1(bridge_slave_0) entered disabled state [ 722.593166][T11427] random: crng reseeded on system resumption [ 724.217545][ T5224] Bluetooth: hci3: command tx timeout [ 724.233684][ T7260] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 724.286638][ T7260] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 724.336021][ T7260] bond0 (unregistering): Released all slaves [ 724.355709][T11390] chnl_net:caif_netlink_parms(): no params data found [ 724.391421][T11225] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 725.108548][ T5274] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 725.152603][ T7260] hsr_slave_0: left promiscuous mode [ 725.174148][ T7260] hsr_slave_1: left promiscuous mode [ 725.180404][ T7260] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 725.195762][ T7260] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 725.207428][ T7260] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 725.220201][ T7260] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 725.281160][ T7260] veth1_macvtap: left promiscuous mode [ 725.289670][ T7260] veth0_macvtap: left promiscuous mode [ 725.298381][ T7260] veth1_vlan: left promiscuous mode [ 725.305804][ T7260] veth0_vlan: left promiscuous mode [ 725.314087][ T5274] usb 4-1: New USB device found, idVendor=0545, idProduct=808b, bcdDevice=31.ad [ 725.328194][ T5274] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 725.357833][ T5274] usb 4-1: config 0 descriptor?? [ 725.377947][ T5274] gspca_main: tv8532-2.14.0 probing 0545:808b [ 725.831992][ T5274] usb 4-1: USB disconnect, device number 26 [ 726.483897][ T5231] Bluetooth: hci3: command tx timeout [ 727.510891][ T5231] Bluetooth: hci6: command 0x0406 tx timeout [ 728.232671][ T7260] team0 (unregistering): Port device team_slave_1 removed [ 728.360080][ T7260] team0 (unregistering): Port device team_slave_0 removed [ 728.725837][ T5224] Bluetooth: hci3: command tx timeout [ 730.037243][T11390] bridge0: port 1(bridge_slave_0) entered blocking state [ 730.066753][T11390] bridge0: port 1(bridge_slave_0) entered disabled state [ 730.101499][T11390] bridge_slave_0: entered allmulticast mode [ 730.108553][T11390] bridge_slave_0: entered promiscuous mode [ 730.148286][T11486] tipc: Started in network mode [ 730.153217][T11486] tipc: Node identity 1, cluster identity 4711 [ 730.166051][T11486] tipc: Node number set to 1 [ 730.282137][T11390] bridge0: port 2(bridge_slave_1) entered blocking state [ 730.314449][T11390] bridge0: port 2(bridge_slave_1) entered disabled state [ 730.361309][T11390] bridge_slave_1: entered allmulticast mode [ 730.395831][T11390] bridge_slave_1: entered promiscuous mode [ 730.653767][T11390] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 730.701114][T11390] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 730.964759][T11390] team0: Port device team_slave_0 added [ 730.995169][T11390] team0: Port device team_slave_1 added [ 731.129361][T11225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 731.149782][T11390] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 731.174192][T11390] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.208104][T11390] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 731.261499][T11390] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 731.276328][T11390] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.308818][T11390] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 731.378236][ T5236] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 731.387946][T11225] 8021q: adding VLAN 0 to HW filter on device team0 [ 731.436660][ T5274] bridge0: port 1(bridge_slave_0) entered blocking state [ 731.443842][ T5274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 731.528370][ T5303] bridge0: port 2(bridge_slave_1) entered blocking state [ 731.535565][ T5303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 731.573819][ T5236] usb 4-1: Using ep0 maxpacket: 32 [ 731.582220][ T5236] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 731.620491][ T5236] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 731.646198][ T5236] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 731.684216][T11390] hsr_slave_0: entered promiscuous mode [ 731.691896][ T5236] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 731.726164][ T5236] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 731.756160][T11390] hsr_slave_1: entered promiscuous mode [ 731.774553][ T5236] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 731.810435][T11390] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 731.835941][ T5236] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 731.861372][T11390] Cannot create hsr debugfs directory [ 731.867343][ T5236] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 731.917988][ T5236] usb 4-1: Product: syz [ 732.092217][ T5236] usb 4-1: Manufacturer: syz [ 732.097538][ T5236] usb 4-1: SerialNumber: syz [ 732.149659][ T29] audit: type=1400 audit(1723099411.927:1053): avc: denied { getopt } for pid=11505 comm="syz.4.1616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 732.503913][ T5236] cdc_ncm 4-1:1.0: bind() failure [ 732.524277][ T5236] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 732.549673][ T5236] cdc_ncm 4-1:1.1: bind() failure [ 732.592408][ T5236] usb 4-1: USB disconnect, device number 27 [ 733.273823][T11225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 733.804698][T11225] veth0_vlan: entered promiscuous mode [ 733.812620][ T29] audit: type=1400 audit(1723099413.459:1054): avc: denied { ioctl } for pid=11528 comm="syz.1.1619" path="socket:[33910]" dev="sockfs" ino=33910 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 733.895664][T11225] veth1_vlan: entered promiscuous mode [ 734.133661][T11225] veth0_macvtap: entered promiscuous mode [ 734.199079][T11225] veth1_macvtap: entered promiscuous mode [ 734.207844][T11534] ieee802154 phy0 wpan0: encryption failed: -22 [ 734.711042][T11225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 734.794012][T11225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.855871][T11225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 734.933455][ T29] audit: type=1400 audit(1723099414.493:1055): avc: denied { bind } for pid=11548 comm="syz.3.1624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 734.958660][T11225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.035169][T11225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.135348][T11225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.241514][T11225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.282224][T11225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.316862][T11225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.445281][T11225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.544647][T11225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 735.670799][T11558] Non-string source [ 735.705127][T11225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.775294][T11225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.878756][T11225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.905107][T11225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.979153][T11225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.999910][T11225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.054053][T11225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.095253][T11225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.186741][T11225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.200012][T11225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.213803][T11225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 736.422293][T11560] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1626'. [ 736.501098][T11225] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.596845][T11225] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.630692][T11225] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.640614][T11225] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.794852][T11390] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 736.894970][T11390] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 736.917355][T11390] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 736.959626][T11390] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 737.132242][T11570] ubi: mtd0 is already attached to ubi0 [ 737.220851][T11574] syz.1.1630[11574] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 737.220972][T11574] syz.1.1630[11574] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 737.363919][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 737.364637][ T7260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 737.435006][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 737.563918][ T7260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 737.630644][T11390] 8021q: adding VLAN 0 to HW filter on device bond0 [ 737.690469][T11390] 8021q: adding VLAN 0 to HW filter on device team0 [ 737.762222][ T5236] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.769371][ T5236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 737.860445][ T5236] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.867594][ T5236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 739.333232][T11390] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 739.461604][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 739.709702][T11390] veth0_vlan: entered promiscuous mode [ 739.813040][T11390] veth1_vlan: entered promiscuous mode [ 739.998650][T11390] veth0_macvtap: entered promiscuous mode [ 740.157951][ T5272] IPVS: starting estimator thread 0... [ 740.157963][T11626] IPVS: sync thread started: state = MASTER, mcast_ifn = team_slave_1, syncid = 3, id = 0 [ 740.187071][T11390] veth1_macvtap: entered promiscuous mode [ 740.274972][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.326873][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.431847][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.446444][T11627] IPVS: using max 19 ests per chain, 45600 per kthread [ 740.481100][ T5224] Bluetooth: hci6: unknown advertising packet type: 0x65 [ 740.481237][ T5224] Bluetooth: hci6: unknown advertising packet type: 0x0b [ 740.489031][ T5224] Bluetooth: hci6: Malformed LE Event: 0x02 [ 740.503850][ T5224] Bluetooth: hci6: SCO packet for unknown connection handle 201 [ 740.507240][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.633453][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.678600][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.725426][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.757354][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.791762][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.832976][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.858058][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.890049][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.938892][T11390] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 741.094345][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.183026][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.192895][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.245944][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.260214][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.271753][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.286038][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.298602][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.321470][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.367044][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.403017][T11390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 741.468806][T11390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 741.618837][T11390] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 741.682920][T11390] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.691636][T11390] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.775544][T11390] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.799074][T11390] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 742.024503][ T7268] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 742.076850][ T7268] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 742.162292][ T7260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 742.260174][ T7260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 745.022599][T11664] afs: Bad value for 'source' [ 745.590414][T11659] netem: incorrect gi model size [ 745.596960][T11659] netem: change failed [ 745.732665][T11650] syz.1.1639 (11650): drop_caches: 1 [ 746.413039][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.098870][ T5282] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 747.140510][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.313893][ T5231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 747.335584][ T5231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 747.361016][ T5282] usb 4-1: New USB device found, idVendor=14cd, idProduct=6116, bcdDevice= 1.60 [ 747.375789][ T5282] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.396856][ T5231] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 747.418264][ T5282] usb 4-1: config 0 descriptor?? [ 747.435668][ T5282] ums-cypress 4-1:0.0: USB Mass Storage device detected [ 747.566958][ T5231] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 747.587273][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 747.629555][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 748.841901][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 748.920966][ T5282] usb 4-1: USB disconnect, device number 28 [ 749.122002][T11681] ip6gretap0 speed is unknown, defaulting to 1000 [ 749.248544][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.730051][ T29] audit: type=1400 audit(1723099428.117:1056): avc: denied { relabelfrom } for pid=11690 comm="syz.1.1651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 749.859604][ T29] audit: type=1400 audit(1723099428.153:1057): avc: denied { relabelto } for pid=11690 comm="syz.1.1651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 750.051276][T11703] 9pnet_fd: Insufficient options for proto=fd [ 750.132369][ T5274] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 750.333984][T11703] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 750.341807][ T5274] usb 3-1: Using ep0 maxpacket: 8 [ 750.385246][ T5274] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 750.403226][ T5274] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 750.450215][ T5274] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 750.517980][ T5274] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 750.578270][ T35] bridge_slave_1: left allmulticast mode [ 750.583945][ T35] bridge_slave_1: left promiscuous mode [ 750.608138][ T5274] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 750.631203][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.653674][ T5274] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 750.662733][ T5274] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 750.696680][ T35] bridge_slave_0: left allmulticast mode [ 750.709744][ T35] bridge_slave_0: left promiscuous mode [ 750.761637][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.053923][ T5274] usb 3-1: usb_control_msg returned -32 [ 751.059517][ T5274] usbtmc 3-1:16.0: can't read capabilities [ 751.085886][ T5231] Bluetooth: hci3: command tx timeout [ 751.685895][T11723] fuse: Bad value for 'fd' [ 751.896437][ T5302] usb 3-1: USB disconnect, device number 27 [ 753.347794][ T5231] Bluetooth: hci3: command 0x041b tx timeout [ 753.924368][ T5271] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 754.298967][ T5271] usb 3-1: Using ep0 maxpacket: 16 [ 754.311599][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 754.342431][ T5271] usb 3-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25 [ 754.390059][ T5271] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.390646][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 754.402073][ T5271] usb 3-1: Product: syz [ 754.438213][ T5271] usb 3-1: Manufacturer: syz [ 754.442877][ T5271] usb 3-1: SerialNumber: syz [ 754.451841][ T35] bond0 (unregistering): Released all slaves [ 754.578118][T11681] chnl_net:caif_netlink_parms(): no params data found [ 754.626515][ T5271] usb 3-1: config 0 descriptor?? [ 754.668342][ T5271] usb 3-1: Found UVC 0.00 device syz (046d:0721) [ 754.747834][ T5271] usb 3-1: No valid video chain found. [ 756.215678][ T5224] Bluetooth: hci3: command 0x041b tx timeout [ 757.631983][T11761] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 757.741840][ T5236] usb 3-1: USB disconnect, device number 28 [ 758.378503][ T5236] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 758.464911][ T5224] Bluetooth: hci3: command 0x041b tx timeout [ 758.510627][T11681] bridge0: port 1(bridge_slave_0) entered blocking state [ 758.567051][T11681] bridge0: port 1(bridge_slave_0) entered disabled state [ 758.575443][T11681] bridge_slave_0: entered allmulticast mode [ 758.585737][T11681] bridge_slave_0: entered promiscuous mode [ 758.606446][ T5236] usb 3-1: Using ep0 maxpacket: 8 [ 758.631173][ T5236] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 758.648079][ T5236] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 758.686377][ T5236] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 758.701800][ T5236] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 758.714914][ T5236] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 758.733166][ T5236] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 758.745615][ T5236] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 758.796892][ T5236] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 758.829216][ T5236] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 758.841265][ T5236] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 758.859544][ T5236] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 758.868362][ T5236] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 758.909024][T11681] bridge0: port 2(bridge_slave_1) entered blocking state [ 758.918356][ T5236] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 758.940623][T11681] bridge0: port 2(bridge_slave_1) entered disabled state [ 758.940993][ T5236] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 758.960247][ T5236] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 758.973121][T11681] bridge_slave_1: entered allmulticast mode [ 758.986105][T11681] bridge_slave_1: entered promiscuous mode [ 760.195740][ T5236] usb 3-1: string descriptor 0 read error: -22 [ 760.211524][ T5236] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 760.221868][ T5236] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 760.255700][ T35] hsr_slave_0: left promiscuous mode [ 760.272700][ T35] hsr_slave_1: left promiscuous mode [ 760.354105][ T5236] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 760.500813][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 760.512278][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 760.639459][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 760.676320][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 760.710220][ T5224] Bluetooth: hci3: command 0x041b tx timeout [ 760.773268][ T35] veth1_macvtap: left promiscuous mode [ 760.778791][ T35] veth0_macvtap: left promiscuous mode [ 760.789087][ T35] veth1_vlan: left promiscuous mode [ 760.794583][ T35] veth0_vlan: left promiscuous mode [ 761.493266][ T5302] usb 3-1: USB disconnect, device number 29 [ 761.568373][T11813] adutux: No device or device unplugged -19 [ 762.116144][ T5302] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 762.320792][ T5302] usb 2-1: Using ep0 maxpacket: 8 [ 762.350699][ T5302] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 762.385099][ T5302] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 762.402162][ T5302] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 762.428258][ T5302] usb 2-1: SerialNumber: syz [ 762.436987][ T35] team0 (unregistering): Port device team_slave_1 removed [ 762.459482][ T5302] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 762.600230][ T35] team0 (unregistering): Port device team_slave_0 removed [ 763.116124][ T29] audit: type=1326 audit(1723099440.503:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11821 comm="syz.2.1674" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9c82f779f9 code=0x0 [ 763.359917][T11819] raw-gadget.0 gadget.1: fail, usb_ep_set_halt returned -11 [ 763.475312][ T5271] usb 2-1: USB disconnect, device number 31 [ 764.429123][ T29] audit: type=1326 audit(1723099441.722:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11827 comm="syz.1.1676" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x0 [ 764.862719][T11814] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1672'. [ 764.983460][T11833] netlink: 'syz.1.1676': attribute type 4 has an invalid length. [ 769.005760][ T5224] Bluetooth: hci6: ACL packet for unknown connection handle 200 [ 769.643031][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 770.230503][T11681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 770.250736][T11681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 770.669841][T11681] team0: Port device team_slave_0 added [ 770.741890][ T5224] Bluetooth: hci6: ACL packet for unknown connection handle 201 [ 770.756352][ T5224] Bluetooth: hci6: SCO packet for unknown connection handle 200 [ 770.771846][T11681] team0: Port device team_slave_1 added [ 771.254082][ T5274] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 771.284053][T11681] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 771.324724][T11681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 771.436111][T11681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 771.498770][T11681] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 771.517921][ T5274] usb 2-1: Using ep0 maxpacket: 32 [ 771.535415][T11681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 771.591425][ T5274] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 771.626961][ T5274] usb 2-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=d2.a2 [ 771.641818][T11681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 771.684049][ T5274] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 771.709005][ T5274] usb 2-1: Product: syz [ 771.713201][ T5274] usb 2-1: Manufacturer: syz [ 771.873444][ T5274] usb 2-1: SerialNumber: syz [ 771.890518][ T5274] usb 2-1: config 0 descriptor?? [ 771.910986][ T5274] keyspan 2-1:0.0: Keyspan 1 port adapter converter detected [ 771.937136][ T5274] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 87 [ 772.666625][ T5274] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 7 [ 772.679944][ T5274] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 81 [ 772.687693][ T5274] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 1 [ 772.696940][ T5274] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 2 [ 772.704880][ T5274] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 85 [ 772.730405][ T5274] keyspan 2-1:0.0: unsupported endpoint type 0 [ 772.778011][ T5274] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 772.842164][ T5274] usb 2-1: USB disconnect, device number 32 [ 772.877248][ T5274] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 772.923847][ T5274] keyspan 2-1:0.0: device disconnected [ 772.971037][ T5231] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 772.982516][ T5231] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 772.993180][ T5231] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 773.001503][ T5231] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 773.015916][ T5231] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 773.023593][ T5231] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 773.371617][ T5282] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 773.436382][T11681] hsr_slave_0: entered promiscuous mode [ 773.453096][T11681] hsr_slave_1: entered promiscuous mode [ 773.461877][T11681] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 773.485369][T11681] Cannot create hsr debugfs directory [ 773.515133][T11873] ip6gretap0 speed is unknown, defaulting to 1000 [ 774.043487][ T5282] usb 4-1: Using ep0 maxpacket: 32 [ 774.060295][ T5282] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 774.105555][ T5282] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 774.166836][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 774.209041][ T5282] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 774.239200][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 774.258793][ T5282] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 774.326026][ T5282] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 774.426703][ T5282] usb 4-1: New USB device found, idVendor=072f, idProduct=2200, bcdDevice=3f.bf [ 774.598649][ T5282] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 774.654504][ T5282] usb 4-1: Product: syz [ 774.658726][ T5282] usb 4-1: Manufacturer: syz [ 774.763546][ T5282] usb 4-1: SerialNumber: syz [ 774.813934][ T5282] usb 4-1: config 0 descriptor?? [ 774.825988][T11874] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 774.858404][ T5282] usb 4-1: NFC: Reader power on cmd error -90 [ 774.930457][ T5282] pn533_usb 4-1:0.0: NFC: Couldn't poweron the reader (error -90) [ 774.939826][ T5282] pn533_usb 4-1:0.0: probe with driver pn533_usb failed with error -90 [ 775.184300][ T5303] usb 4-1: USB disconnect, device number 29 [ 775.270935][ T5224] Bluetooth: hci7: command tx timeout [ 776.088823][ T29] audit: type=1400 audit(1723099452.484:1060): avc: denied { sys_chroot } for pid=11908 comm="dhcpcd" capability=18 scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1 [ 776.173367][T11873] chnl_net:caif_netlink_parms(): no params data found [ 776.229944][ T29] audit: type=1400 audit(1723099452.484:1061): avc: denied { setgid } for pid=11908 comm="dhcpcd" capability=6 scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1 [ 776.288584][ T29] audit: type=1400 audit(1723099452.484:1062): avc: denied { setrlimit } for pid=11908 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1 [ 777.521830][ T5224] Bluetooth: hci7: command tx timeout [ 778.048815][T11873] bridge0: port 1(bridge_slave_0) entered blocking state [ 778.095590][T11873] bridge0: port 1(bridge_slave_0) entered disabled state [ 778.126968][T11873] bridge_slave_0: entered allmulticast mode [ 778.140028][T11873] bridge_slave_0: entered promiscuous mode [ 778.162213][T11873] bridge0: port 2(bridge_slave_1) entered blocking state [ 778.170998][T11873] bridge0: port 2(bridge_slave_1) entered disabled state [ 778.182997][T11873] bridge_slave_1: entered allmulticast mode [ 778.198382][T11873] bridge_slave_1: entered promiscuous mode [ 778.337095][T11873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 778.419498][T11873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 778.649941][T11873] team0: Port device team_slave_0 added [ 778.711746][T11681] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 779.000869][T11873] team0: Port device team_slave_1 added [ 779.045718][T11681] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 779.802421][ T5224] Bluetooth: hci7: command tx timeout [ 780.195235][T11681] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 780.630611][ T5302] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 780.663295][T11681] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 780.726201][T11873] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 780.746929][T11873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 780.998968][ T5302] usb 3-1: Using ep0 maxpacket: 32 [ 781.006444][ T5302] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 781.914853][ T5302] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 781.930731][T11873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 781.952311][ T5302] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 781.984578][ T5302] usb 3-1: Product: syz [ 782.013369][ T5302] usb 3-1: Manufacturer: syz [ 782.031188][ T5224] Bluetooth: hci7: command tx timeout [ 782.032462][ T5302] usb 3-1: SerialNumber: syz [ 782.068657][ T5302] usb 3-1: config 0 descriptor?? [ 782.159397][ T5302] hub 3-1:0.0: bad descriptor, ignoring hub [ 782.165338][ T5302] hub 3-1:0.0: probe with driver hub failed with error -5 [ 782.254795][ T5302] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input27 [ 782.362854][ T5302] usbtouchscreen 3-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -8 [ 782.529253][ T5302] usbtouchscreen 3-1:0.0: probe with driver usbtouchscreen failed with error -8 [ 782.595241][ T5302] usb 3-1: USB disconnect, device number 30 [ 782.664841][ T7260] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 782.791925][T11873] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 782.833057][T11873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 783.087653][T11873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 785.568668][ T7260] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 787.975435][ T29] audit: type=1400 audit(1723099463.458:1063): avc: denied { setopt } for pid=12024 comm="syz.2.1704" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 790.904386][ T7260] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.093769][ T7260] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.243925][T11873] hsr_slave_0: entered promiscuous mode [ 792.301064][T11873] hsr_slave_1: entered promiscuous mode [ 792.320496][T11873] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 792.363594][T11873] Cannot create hsr debugfs directory [ 792.537809][T12035] ip6gretap0 speed is unknown, defaulting to 1000 [ 793.274433][ T5274] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 793.519541][ T5274] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 793.598770][ T5274] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 793.655888][ T5274] usb 2-1: too many endpoints for config 1 interface 1 altsetting 255: 255, using maximum allowed: 30 [ 793.707526][ T5274] usb 2-1: config 1 interface 1 altsetting 255 endpoint 0x3 has invalid wMaxPacketSize 0 [ 793.765757][ T5274] usb 2-1: config 1 interface 1 altsetting 255 bulk endpoint 0x3 has invalid maxpacket 0 [ 793.796490][ T7260] bridge_slave_0: left allmulticast mode [ 793.831274][ T7260] bridge_slave_0: left promiscuous mode [ 793.837077][ T7260] bridge0: port 1(bridge_slave_0) entered disabled state [ 793.849397][ T5274] usb 2-1: config 1 interface 1 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 255 [ 793.883021][ T5274] usb 2-1: config 1 interface 1 has no altsetting 1 [ 793.936846][ T5274] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 794.673752][ T5274] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 794.693377][ T5274] usb 2-1: Product: syz [ 794.704252][ T5274] usb 2-1: Manufacturer: syz [ 794.729325][ T5274] usb 2-1: SerialNumber: syz [ 794.759176][ T5274] usb 2-1: selecting invalid altsetting 1 [ 795.635334][ T5274] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS [ 795.645356][ T5274] cdc_ncm 2-1:1.0: bind() failure [ 795.679094][ T5274] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 795.697399][ T5274] cdc_ncm 2-1:1.1: bind() failure [ 796.025804][ T7260] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 796.046525][ T7260] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 796.060753][ T7260] bond0 (unregistering): Released all slaves [ 796.077330][ T7260] bond1 (unregistering): Released all slaves [ 796.141347][T11681] 8021q: adding VLAN 0 to HW filter on device bond0 [ 796.309330][ T7260] IPVS: stopping master sync thread 11626 ... [ 796.899266][T11681] 8021q: adding VLAN 0 to HW filter on device team0 [ 797.015834][ T941] bridge0: port 1(bridge_slave_0) entered blocking state [ 797.023028][ T941] bridge0: port 1(bridge_slave_0) entered forwarding state [ 797.122755][T10130] bridge0: port 2(bridge_slave_1) entered blocking state [ 797.129962][T10130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 797.246156][ T7260] hsr_slave_0: left promiscuous mode [ 797.307589][ T7260] hsr_slave_1: left promiscuous mode [ 797.340238][ T7260] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 797.479131][ T7260] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 797.504775][ T7260] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 797.540315][ T7260] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 797.572932][ T7260] batman_adv: batadv0: Removing interface: ipvlan0 [ 797.700663][ T7260] veth1_macvtap: left promiscuous mode [ 797.720558][ T7260] veth0_macvtap: left promiscuous mode [ 797.732387][ T7260] veth1_vlan: left promiscuous mode [ 798.528984][ T7260] veth0_vlan: left promiscuous mode [ 798.947573][ T5274] usb 2-1: USB disconnect, device number 33 [ 799.649087][ T5231] Bluetooth: hci4: command 0x0406 tx timeout [ 800.189045][T12139] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 800.720785][T12143] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 800.901797][ T29] audit: type=1326 audit(1723099475.393:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12144 comm="syz.1.1717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x7ff00000 [ 800.986885][ T29] audit: type=1326 audit(1723099475.420:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12144 comm="syz.1.1717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x7ff00000 [ 801.132759][ T29] audit: type=1326 audit(1723099475.420:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12144 comm="syz.1.1717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x7ff00000 [ 801.178588][ T29] audit: type=1326 audit(1723099475.420:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12144 comm="syz.1.1717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x7ff00000 [ 801.212819][ T29] audit: type=1326 audit(1723099475.420:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12144 comm="syz.1.1717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x7ff00000 [ 801.257751][ T29] audit: type=1326 audit(1723099475.420:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12144 comm="syz.1.1717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x7ff00000 [ 801.415123][ T29] audit: type=1326 audit(1723099475.420:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12144 comm="syz.1.1717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x7ff00000 [ 801.538020][ T29] audit: type=1326 audit(1723099475.420:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12144 comm="syz.1.1717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x7ff00000 [ 801.582987][ T29] audit: type=1326 audit(1723099475.420:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12144 comm="syz.1.1717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x7ff00000 [ 801.653543][ T29] audit: type=1326 audit(1723099475.420:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12144 comm="syz.1.1717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x7ff00000 [ 801.914564][ T5231] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 801.926448][ T5231] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 801.977358][ T5231] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 801.994234][ T5231] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 802.005554][ T5231] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 802.038540][ T5231] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 802.657863][ T7260] team0 (unregistering): Port device team_slave_1 removed [ 802.752901][ T7260] team0 (unregistering): Port device team_slave_0 removed [ 804.308893][ T5224] Bluetooth: hci2: command tx timeout [ 805.442368][T12157] ip6gretap0 speed is unknown, defaulting to 1000 [ 806.526347][T12157] chnl_net:caif_netlink_parms(): no params data found [ 806.559378][ T5224] Bluetooth: hci2: command tx timeout [ 806.836084][T11873] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 806.876069][T12196] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1725'. [ 807.020655][T12198] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1726'. [ 807.196787][T11873] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 807.784199][T12209] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 807.834755][T11873] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 808.025338][T11873] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 808.108103][T12157] bridge0: port 1(bridge_slave_0) entered blocking state [ 808.122276][T12157] bridge0: port 1(bridge_slave_0) entered disabled state [ 808.147548][T12157] bridge_slave_0: entered allmulticast mode [ 808.166951][T12157] bridge_slave_0: entered promiscuous mode [ 808.206792][T12157] bridge0: port 2(bridge_slave_1) entered blocking state [ 808.229411][T12157] bridge0: port 2(bridge_slave_1) entered disabled state [ 808.258160][T12157] bridge_slave_1: entered allmulticast mode [ 808.291890][T12157] bridge_slave_1: entered promiscuous mode [ 808.420079][T11681] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 808.686548][ T7260] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.811835][ T5224] Bluetooth: hci2: command tx timeout [ 810.251075][ T7260] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 810.510922][T12237] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1733'. [ 811.000089][T12237] Falling back ldisc for ttyprintk. [ 811.113418][ T5224] Bluetooth: hci2: command tx timeout [ 811.200553][T12157] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 811.247243][T12157] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 811.416418][ T7260] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 811.615836][T12157] team0: Port device team_slave_0 added [ 811.842619][ T7260] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 811.987628][T12157] team0: Port device team_slave_1 added [ 812.492824][T12157] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 812.537609][T12157] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 812.682887][T12157] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 812.844956][T12157] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 813.176128][T12157] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 813.524152][T12157] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 813.781507][T11873] 8021q: adding VLAN 0 to HW filter on device bond0 [ 813.846714][ T5231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 813.858750][ T5231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 813.873139][ T5231] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 813.901193][ T5231] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 813.911136][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 813.947780][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 814.254236][ T7260] bridge_slave_1: left allmulticast mode [ 814.279490][ T7260] bridge_slave_1: left promiscuous mode [ 814.308080][ T7260] bridge0: port 2(bridge_slave_1) entered disabled state [ 814.347657][ T7260] bridge_slave_0: left allmulticast mode [ 814.353515][ T7260] bridge_slave_0: left promiscuous mode [ 814.361694][ T7260] bridge0: port 1(bridge_slave_0) entered disabled state [ 814.769192][ T4995] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 815.919592][T12273] xt_connbytes: Forcing CT accounting to be enabled [ 815.927392][ T4995] usb 4-1: language id specifier not provided by device, defaulting to English [ 815.930850][T12273] Cannot find add_set index 0 as target [ 816.179064][ T5224] Bluetooth: hci3: command tx timeout [ 816.224088][ T4995] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 816.304966][ T4995] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 816.389052][ T4995] usb 4-1: config 0 descriptor?? [ 816.423106][ T4995] usb 4-1: Found UVC 0.00 device (18ec:3288) [ 816.446723][ T4995] usb 4-1: No valid video chain found. [ 816.578533][ T5274] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 816.826220][ T5274] usb 2-1: Using ep0 maxpacket: 16 [ 816.859297][ T5274] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 816.871799][ T5274] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 816.891801][ T5274] usb 2-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 816.950242][ T5274] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 816.993090][ T5274] usb 2-1: config 0 descriptor?? [ 817.642901][ T5274] waltop 0003:172F:0037.0016: item fetching failed at offset 4/6 [ 817.671645][ T5274] waltop 0003:172F:0037.0016: probe with driver waltop failed with error -22 [ 817.839217][ T7260] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 817.905741][ T7260] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 817.939690][ T7260] bond0 (unregistering): Released all slaves [ 818.150343][T12263] netlink: 'syz.3.1739': attribute type 12 has an invalid length. [ 818.212239][ T4995] usb 2-1: USB disconnect, device number 34 [ 818.431310][ T5224] Bluetooth: hci3: command tx timeout [ 818.684681][T12157] hsr_slave_0: entered promiscuous mode [ 818.708102][T12157] hsr_slave_1: entered promiscuous mode [ 818.729371][T12157] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 818.762799][T12157] Cannot create hsr debugfs directory [ 818.784897][T12257] ip6gretap0 speed is unknown, defaulting to 1000 [ 818.836374][T11873] 8021q: adding VLAN 0 to HW filter on device team0 [ 819.356630][ T5274] bridge0: port 1(bridge_slave_0) entered blocking state [ 819.363879][ T5274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 819.460293][ T941] usb 4-1: USB disconnect, device number 30 [ 819.614426][T12286] netlink: 'syz.1.1742': attribute type 21 has an invalid length. [ 819.629220][T12286] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1742'. [ 819.774710][ T5274] bridge0: port 2(bridge_slave_1) entered blocking state [ 819.781823][ T5274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 820.430100][ T7260] hsr_slave_0: left promiscuous mode [ 820.461254][ T7260] hsr_slave_1: left promiscuous mode [ 820.474488][ T7260] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 820.497223][ T7260] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 820.525930][ T7260] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 820.538566][ T7260] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 820.590246][ T7260] veth1_macvtap: left promiscuous mode [ 820.613211][ T7260] veth0_macvtap: left promiscuous mode [ 820.633195][ T7260] veth1_vlan: left promiscuous mode [ 820.638527][ T7260] veth0_vlan: left promiscuous mode [ 820.684927][ T5224] Bluetooth: hci3: command tx timeout [ 821.796614][T12304] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1745'. [ 822.091002][ T7260] team0 (unregistering): Port device team_slave_1 removed [ 822.207163][ T7260] team0 (unregistering): Port device team_slave_0 removed [ 822.844818][T12308] input: syz1 as /devices/virtual/input/input28 [ 822.940311][ T5224] Bluetooth: hci3: command tx timeout [ 823.523285][ T5282] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 823.603518][T12296] netlink: 'syz.3.1743': attribute type 30 has an invalid length. [ 823.876273][ T5282] usb 2-1: Using ep0 maxpacket: 32 [ 823.962232][T12316] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1750'. [ 824.099414][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 7 [ 824.118504][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 824.128959][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 824.179277][ T5282] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 824.224542][ T5282] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 824.316052][ T5282] usb 2-1: Product: syz [ 824.320251][ T5282] usb 2-1: Manufacturer: syz [ 824.396585][ T5282] usb 2-1: SerialNumber: syz [ 824.457643][ T5282] usb 2-1: config 0 descriptor?? [ 825.041865][T12257] chnl_net:caif_netlink_parms(): no params data found [ 825.053104][ T7260] IPVS: stop unused estimator thread 0... [ 825.344245][ T941] usb 2-1: USB disconnect, device number 35 [ 825.469449][ T4995] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 825.791994][ T4995] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 825.849688][ T4995] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 825.885285][ T4995] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 825.895016][ T4995] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 825.987214][ T4995] usb 4-1: config 0 descriptor?? [ 826.212256][T12257] bridge0: port 1(bridge_slave_0) entered blocking state [ 826.219438][T12257] bridge0: port 1(bridge_slave_0) entered disabled state [ 826.264938][T12257] bridge_slave_0: entered allmulticast mode [ 826.282795][T12257] bridge_slave_0: entered promiscuous mode [ 826.295481][T12257] bridge0: port 2(bridge_slave_1) entered blocking state [ 826.312891][T12257] bridge0: port 2(bridge_slave_1) entered disabled state [ 826.322834][T12257] bridge_slave_1: entered allmulticast mode [ 826.335097][T12257] bridge_slave_1: entered promiscuous mode [ 826.486252][T11873] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 826.533747][T12324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 826.569337][T12324] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 826.652282][ T4995] cm6533_jd 0003:0D8C:0022.0017: unknown main item tag 0x0 [ 826.723281][ T4995] cm6533_jd 0003:0D8C:0022.0017: unknown main item tag 0x0 [ 826.830414][ T4995] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0017/input/input29 [ 826.972922][ T4995] cm6533_jd 0003:0D8C:0022.0017: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 827.110893][ T4995] usb 4-1: USB disconnect, device number 31 [ 827.166844][T12257] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 827.254322][T12257] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 827.553081][T12257] team0: Port device team_slave_0 added [ 827.581045][T12257] team0: Port device team_slave_1 added [ 827.812583][T12257] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 827.850517][T12257] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 827.903956][T12257] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 827.931662][T12257] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 827.938885][T12257] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 827.967901][T12257] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 828.045158][T12257] hsr_slave_0: entered promiscuous mode [ 828.073276][T12257] hsr_slave_1: entered promiscuous mode [ 828.106263][T12257] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 828.136994][T12257] Cannot create hsr debugfs directory [ 828.653275][ T7260] bridge_slave_1: left allmulticast mode [ 828.661084][ T941] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 828.679272][ T7260] bridge_slave_1: left promiscuous mode [ 828.689654][ T7260] bridge0: port 2(bridge_slave_1) entered disabled state [ 828.710438][ T7260] bridge_slave_0: left allmulticast mode [ 828.729226][ T7260] bridge_slave_0: left promiscuous mode [ 828.740679][ T7260] bridge0: port 1(bridge_slave_0) entered disabled state [ 828.882522][ T941] usb 4-1: Using ep0 maxpacket: 32 [ 828.922878][ T941] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 828.967569][ T941] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 829.004121][ T941] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 829.045273][ T941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 829.083302][ T941] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 829.143469][ T29] kauditd_printk_skb: 100 callbacks suppressed [ 829.143490][ T29] audit: type=1400 audit(1723099501.458:1174): avc: denied { name_bind } for pid=12366 comm="syz.1.1756" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 829.175033][ T941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 829.203894][ T941] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 829.214285][ T941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 829.228096][ T29] audit: type=1400 audit(1723099501.504:1175): avc: denied { name_connect } for pid=12366 comm="syz.1.1756" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 829.254174][ T941] usb 4-1: config 0 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 829.295131][ T941] usb 4-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01 [ 829.306221][ T941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 829.332042][ T941] usb 4-1: Product: syz [ 829.357092][ T941] usb 4-1: Manufacturer: syz [ 829.369026][ T941] usb 4-1: SerialNumber: syz [ 829.382823][ T941] usb 4-1: config 0 descriptor?? [ 829.410828][T12363] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 829.649569][ T941] cxacru 4-1:0.0: submit of read urb for cm 0x90 failed (-8) [ 829.676587][ T941] cxacru 4-1:0.0: usbatm_usb_probe: invalid endpoint 02! [ 829.703775][ T941] cxacru 4-1:0.0: probe with driver cxacru failed with error -22 [ 829.786293][ T941] usb 4-1: USB disconnect, device number 32 [ 831.346808][ T941] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 831.554990][ T941] usb 4-1: Using ep0 maxpacket: 8 [ 831.598702][ T941] usb 4-1: New USB device found, idVendor=041e, idProduct=401d, bcdDevice=76.81 [ 831.623063][ T941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 831.653894][ T941] usb 4-1: Product: syz [ 831.658078][ T941] usb 4-1: Manufacturer: syz [ 831.667550][ T941] usb 4-1: SerialNumber: syz [ 831.698511][ T941] usb 4-1: config 0 descriptor?? [ 831.724062][ T941] gspca_main: spca505-2.14.0 probing 041e:401d [ 831.907534][ T7260] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 831.937780][ T7260] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 832.268384][ T7260] bond0 (unregistering): Released all slaves [ 832.313833][ T941] gspca_spca505: reg write: error -110 [ 832.319377][ T941] spca505 4-1:0.0: probe with driver spca505 failed with error -5 [ 832.402660][ T941] usb 4-1: USB disconnect, device number 33 [ 832.502319][T12157] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 832.578472][T12157] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 832.769505][ T7260] hsr_slave_0: left promiscuous mode [ 832.777571][ T7260] hsr_slave_1: left promiscuous mode [ 832.798609][ T7260] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 832.838549][ T7260] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 833.435212][ T5224] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 833.449259][ T5224] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 833.460251][ T5224] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 833.475341][ T5224] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 833.491648][ T5224] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 833.499330][ T5224] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 834.769249][ T5231] Bluetooth: hci4: command 0x0406 tx timeout [ 835.285230][ T7260] team0 (unregistering): Port device team_slave_1 removed [ 835.365174][ T5271] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 835.382477][ T7260] team0 (unregistering): Port device team_slave_0 removed [ 835.620271][ T5271] usb 4-1: Using ep0 maxpacket: 8 [ 835.627891][ T5271] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 835.656942][ T5271] usb 4-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=63.1d [ 835.720735][ T5271] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 835.733541][ T5271] usb 4-1: Product: syz [ 835.740210][ T5271] usb 4-1: Manufacturer: syz [ 835.772007][ T5231] Bluetooth: hci5: command tx timeout [ 835.796295][ T5271] usb 4-1: SerialNumber: syz [ 835.860346][ T5271] usb 4-1: config 0 descriptor?? [ 836.203983][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 836.294807][ T5236] usb 4-1: USB disconnect, device number 34 [ 837.225497][T12157] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 837.250960][T11873] veth0_vlan: entered promiscuous mode [ 837.321677][T12157] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 838.019831][ T5231] Bluetooth: hci5: command tx timeout [ 838.069437][T12412] ip6gretap0 speed is unknown, defaulting to 1000 [ 840.273290][ T5231] Bluetooth: hci5: command tx timeout [ 840.309592][T12157] 8021q: adding VLAN 0 to HW filter on device bond0 [ 840.631798][T12157] 8021q: adding VLAN 0 to HW filter on device team0 [ 840.713190][T12412] chnl_net:caif_netlink_parms(): no params data found [ 840.733035][ T5303] bridge0: port 1(bridge_slave_0) entered blocking state [ 840.740197][ T5303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 841.008409][T10130] bridge0: port 2(bridge_slave_1) entered blocking state [ 841.015664][T10130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 841.094803][T12412] bridge0: port 1(bridge_slave_0) entered blocking state [ 841.112674][T12412] bridge0: port 1(bridge_slave_0) entered disabled state [ 841.120949][T12412] bridge_slave_0: entered allmulticast mode [ 841.143428][T12412] bridge_slave_0: entered promiscuous mode [ 841.273145][T12412] bridge0: port 2(bridge_slave_1) entered blocking state [ 841.280267][T12412] bridge0: port 2(bridge_slave_1) entered disabled state [ 841.521550][T12412] bridge_slave_1: entered allmulticast mode [ 841.552747][T12412] bridge_slave_1: entered promiscuous mode [ 842.526575][ T5231] Bluetooth: hci5: command tx timeout [ 843.658958][T12412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 843.679449][T12412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 843.758457][T12412] team0: Port device team_slave_0 added [ 843.825986][T12412] team0: Port device team_slave_1 added [ 844.250065][T12412] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 844.257023][T12412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 844.294211][T12412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 844.312827][T12257] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 844.354293][T12494] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1773'. [ 844.395042][T12257] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 844.439432][T12257] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 844.487283][ T7260] bridge_slave_1: left allmulticast mode [ 844.535242][ T7260] bridge_slave_1: left promiscuous mode [ 844.581892][ T7260] bridge0: port 2(bridge_slave_1) entered disabled state [ 844.622569][ T7260] bridge_slave_0: left allmulticast mode [ 844.631367][ T7260] bridge_slave_0: left promiscuous mode [ 844.637239][ T7260] bridge0: port 1(bridge_slave_0) entered disabled state [ 845.500999][ T7260] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 845.523575][ T7260] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 845.554519][ T7260] bond0 (unregistering): Released all slaves [ 845.583099][T12257] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 845.606032][T12494] batman_adv: batadv1: Adding interface: netdevsim0 [ 845.620945][T12494] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 845.696478][T12494] batman_adv: batadv1: Interface activated: netdevsim0 [ 845.737978][T12412] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 845.750471][T12412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 845.803937][T12412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 845.957976][ T7260] hsr_slave_0: left promiscuous mode [ 845.971231][ T7260] hsr_slave_1: left promiscuous mode [ 845.981117][ T7260] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 846.006252][ T7260] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 846.057363][ T7260] veth0_vlan: left promiscuous mode [ 847.435012][ T7260] team0 (unregistering): Port device team_slave_1 removed [ 847.658945][ T7260] team0 (unregistering): Port device team_slave_0 removed [ 849.664961][T12157] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 849.992840][T12412] hsr_slave_0: entered promiscuous mode [ 850.059661][T12412] hsr_slave_1: entered promiscuous mode [ 850.098936][T12412] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 850.135628][T12412] Cannot create hsr debugfs directory [ 850.640707][T12157] veth0_vlan: entered promiscuous mode [ 850.834610][T12537] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1784'. [ 851.328990][T12157] veth1_vlan: entered promiscuous mode [ 851.548313][T12257] 8021q: adding VLAN 0 to HW filter on device bond0 [ 851.692303][ T5271] usb 4-1: new low-speed USB device number 35 using dummy_hcd [ 851.828606][T12157] veth0_macvtap: entered promiscuous mode [ 851.889729][T12157] veth1_macvtap: entered promiscuous mode [ 851.988651][ T5271] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 200, setting to 8 [ 852.127028][ T5271] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt [ 852.170187][T12257] 8021q: adding VLAN 0 to HW filter on device team0 [ 852.198229][ T5271] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 852.266437][ T5271] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 852.316108][ T4995] bridge0: port 1(bridge_slave_0) entered blocking state [ 852.323380][ T4995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 852.382160][ T5271] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 852.431899][ T4995] bridge0: port 2(bridge_slave_1) entered blocking state [ 852.439157][ T4995] bridge0: port 2(bridge_slave_1) entered forwarding state [ 852.448314][ T5271] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 852.508249][ T5271] usb 4-1: config 0 descriptor?? [ 852.544845][T12537] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 852.577694][T12157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 852.619457][T12157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.671554][T12157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 852.720980][T12157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.743171][T12157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 852.753754][T12157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.814419][T12157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 852.873054][T12157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 852.945763][T12157] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 853.180355][T12157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 853.209826][T12157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 853.228482][T12157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 853.285035][T12157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 853.318379][T12157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 853.337721][ T5282] usb 4-1: USB disconnect, device number 35 [ 853.371287][T12157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 853.420036][T12157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 853.432424][T12157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 853.453694][T12157] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 853.528235][T12157] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 853.549983][T12157] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 853.567797][T12157] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 853.577767][T12157] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 854.064647][ T7250] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 854.096918][ T7250] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 854.391714][T12412] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 854.447242][T12412] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 854.494822][ T7250] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 854.526270][T12412] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 854.565124][T12412] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 854.614571][ T7250] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 855.953629][T12257] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 856.673772][T12588] input: syz0 as /devices/virtual/input/input30 [ 856.811845][T12588] input: failed to attach handler leds to device input30, error: -6 [ 856.939382][T12257] veth0_vlan: entered promiscuous mode [ 857.042820][T12257] veth1_vlan: entered promiscuous mode [ 857.178912][T12257] veth0_macvtap: entered promiscuous mode [ 859.052192][T12257] veth1_macvtap: entered promiscuous mode [ 859.059670][ T29] audit: type=1400 audit(1723099527.717:1176): avc: denied { read } for pid=12597 comm="syz.3.1790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 860.139922][T12257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 860.171889][T12257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 860.182614][T12257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 861.291501][T12257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.359890][T12257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 861.411920][T12257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.461884][T12257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 861.487801][T12602] input: syz0 as /devices/virtual/input/input31 [ 861.529812][T12257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.558448][T12257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 861.581283][T12257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.602104][T12257] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 861.626062][T12609] x_tables: ip_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT/POSTROUTING [ 861.643708][T12257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 861.665561][T12257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.693613][T12257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 861.714485][T12602] input: failed to attach handler leds to device input31, error: -6 [ 861.723371][T12257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.750183][T12257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 861.802087][T12257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.821526][T12257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 861.833102][T12257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.842954][T12257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 861.886973][T12257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 861.913779][T12257] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 861.972550][T12412] 8021q: adding VLAN 0 to HW filter on device bond0 [ 862.030621][T12257] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.058852][T12257] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.080131][T12257] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.104017][T12257] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.124186][T12412] 8021q: adding VLAN 0 to HW filter on device team0 [ 862.398193][ T5274] bridge0: port 1(bridge_slave_0) entered blocking state [ 862.405316][ T5274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 862.437902][ T5274] bridge0: port 2(bridge_slave_1) entered blocking state [ 862.445065][ T5274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 862.614711][ T7260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 862.622553][ T7260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 862.777606][ T2583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 862.802585][ T2583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 863.305764][T12412] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 863.336977][T12620] xt_cgroup: xt_cgroup: no path or classid specified [ 863.913091][ T2583] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 864.385981][ T2583] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 864.614937][T12412] veth0_vlan: entered promiscuous mode [ 864.665109][T12412] veth1_vlan: entered promiscuous mode [ 864.725057][T12412] veth0_macvtap: entered promiscuous mode [ 864.753710][T12412] veth1_macvtap: entered promiscuous mode [ 864.789943][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 864.821571][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.868211][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 864.896981][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.921014][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 864.950037][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.996879][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 865.018511][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.035733][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 865.073122][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.082973][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 865.116961][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.131331][T12412] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 865.338872][ T29] audit: type=1400 audit(1723099534.861:1177): avc: denied { map } for pid=12648 comm="syz.2.1799" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 865.381329][ T2583] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 865.424469][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 865.457047][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.496209][T12657] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 865.502750][T12657] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 865.513953][T12657] vhci_hcd vhci_hcd.0: Device attached [ 865.605071][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 865.624574][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.699197][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 865.744367][ T5271] vhci_hcd: vhci_device speed not set [ 865.755697][ T5274] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 865.806068][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.842488][ T5271] usb 13-1: new full-speed USB device number 2 using vhci_hcd [ 865.851804][T12661] netlink: 210596 bytes leftover after parsing attributes in process `syz.3.1802'. [ 865.944809][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 866.072690][ T5274] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 866.128188][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 866.150604][ T5274] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 866.166267][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 866.221043][ T5274] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 866.267992][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 866.304395][ T5274] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 866.319428][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 866.337467][T12413] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 866.349803][T12413] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 866.360631][T12413] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 866.398876][T12413] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 866.420560][ T5274] usb 2-1: config 0 descriptor?? [ 866.455498][T12413] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 866.470700][T12413] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 866.552394][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 866.673203][T12412] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 866.993518][ T2583] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 867.010541][T12412] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.034639][T12412] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.070207][T12412] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.072473][T12659] vhci_hcd: connection reset by peer [ 867.083335][T12412] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.131360][ T7260] vhci_hcd: stop threads [ 867.142193][ T7260] vhci_hcd: release socket [ 867.184712][ T7260] vhci_hcd: disconnect device [ 867.291303][ T5274] appleir 0003:05AC:8241.0018: item fetching failed at offset 5/7 [ 867.322335][ T5274] appleir 0003:05AC:8241.0018: parse failed [ 867.330139][ T5274] appleir 0003:05AC:8241.0018: probe with driver appleir failed with error -22 [ 867.391115][ T5282] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 867.437428][T12663] ip6gretap0 speed is unknown, defaulting to 1000 [ 867.576478][ T2583] bridge_slave_1: left allmulticast mode [ 867.582637][ T2583] bridge_slave_1: left promiscuous mode [ 867.591126][ T2583] bridge0: port 2(bridge_slave_1) entered disabled state [ 867.604005][ T2583] bridge_slave_0: left allmulticast mode [ 867.610197][ T2583] bridge_slave_0: left promiscuous mode [ 867.616136][ T2583] bridge0: port 1(bridge_slave_0) entered disabled state [ 867.661954][ T5282] usb 4-1: Using ep0 maxpacket: 8 [ 867.667111][ T5224] Bluetooth: hci5: command 0x0405 tx timeout [ 867.700032][ T5282] usb 4-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01 [ 867.734680][ T5282] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 867.810649][ T5282] usb 4-1: config 0 descriptor?? [ 867.883938][ T941] usb 2-1: USB disconnect, device number 36 [ 867.915355][ T5282] ums-jumpshot 4-1:0.0: USB Mass Storage device detected [ 868.103179][ T5282] ums-jumpshot 4-1:0.0: Quirks match for vid 05dc pid 0001: 2 [ 868.353901][ T5282] usb 4-1: USB disconnect, device number 36 [ 868.772773][ T2583] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 868.787093][ T2583] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 868.801860][T12413] Bluetooth: hci3: command tx timeout [ 868.824620][ T2583] bond0 (unregistering): Released all slaves [ 869.239552][T12677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 869.304846][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 869.320383][T12677] mac80211_hwsim hwsim24 wlan1: entered allmulticast mode [ 869.431367][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 869.796447][ T25] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 869.926404][ T5224] Bluetooth: hci5: command 0x0405 tx timeout [ 870.124016][ C0] vkms_vblank_simulate: vblank timer overrun [ 870.262340][ C0] vkms_vblank_simulate: vblank timer overrun [ 870.299253][ C0] vkms_vblank_simulate: vblank timer overrun [ 870.337186][ C0] vkms_vblank_simulate: vblank timer overrun [ 870.375056][ C0] vkms_vblank_simulate: vblank timer overrun [ 870.468045][ C0] vkms_vblank_simulate: vblank timer overrun [ 870.904023][ T25] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 871.013128][ T7270] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 871.037423][ T7270] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 871.045237][ T5231] Bluetooth: hci3: command tx timeout [ 871.051437][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 871.170882][ T25] usb 4-1: config 0 descriptor?? [ 871.431383][ T5231] Bluetooth: unknown link type 16 [ 871.436798][ T5231] Bluetooth: hci4: connection err: -111 [ 871.478598][T12693] bridge0: port 2(bridge_slave_1) entered disabled state [ 871.486192][T12693] bridge0: port 1(bridge_slave_0) entered disabled state [ 871.590446][T12693] bridge0: port 2(bridge_slave_1) entered blocking state [ 871.598129][T12693] bridge0: port 2(bridge_slave_1) entered forwarding state [ 871.607728][T12693] bridge0: port 1(bridge_slave_0) entered blocking state [ 871.614911][T12693] bridge0: port 1(bridge_slave_0) entered forwarding state [ 871.641236][ T5271] vhci_hcd: vhci_device speed not set [ 871.671739][ T5231] Bluetooth: hci4: unexpected event 0x01 length: 17 > 1 [ 871.724182][T12693] team0: Port device bridge0 added [ 871.845496][ T2583] hsr_slave_0: left promiscuous mode [ 871.873738][ T2583] hsr_slave_1: left promiscuous mode [ 871.896827][ T2583] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 871.909756][ T2583] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 871.937125][ T2583] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 871.951879][ T2583] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 872.024684][ T2583] veth1_macvtap: left promiscuous mode [ 872.037711][ T2583] veth0_macvtap: left promiscuous mode [ 872.053674][ T2583] veth1_vlan: left promiscuous mode [ 872.083613][ T2583] veth0_vlan: left promiscuous mode [ 872.311124][ T25] [drm] vendor descriptor length:c3 data:2e 0f bd 00 00 00 00 00 00 00 80 [ 872.348651][ T25] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 872.833544][ T5231] Bluetooth: hci6: unexpected event for opcode 0x2012 [ 872.892212][ T25] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 872.934620][ T25] [drm] Initialized udl on minor 2 [ 872.992211][ T25] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 873.041431][ T25] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 873.093515][ T5271] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 873.304436][ T5231] Bluetooth: hci3: command tx timeout [ 873.382481][ T25] usb 4-1: USB disconnect, device number 37 [ 873.411342][ T5271] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 873.845170][ T2583] team0 (unregistering): Port device team_slave_1 removed [ 873.922671][ T2583] team0 (unregistering): Port device team_slave_0 removed [ 875.160508][T12663] chnl_net:caif_netlink_parms(): no params data found [ 875.552266][ T5231] Bluetooth: hci3: command tx timeout [ 876.089727][ T29] audit: type=1326 audit(1723099544.784:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12720 comm="syz.1.1813" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd7df779f9 code=0x0 [ 876.112716][ C0] vkms_vblank_simulate: vblank timer overrun [ 876.149330][T12663] bridge0: port 1(bridge_slave_0) entered blocking state [ 876.205086][T12663] bridge0: port 1(bridge_slave_0) entered disabled state [ 876.315359][T12663] bridge_slave_0: entered allmulticast mode [ 876.438956][T12663] bridge_slave_0: entered promiscuous mode [ 876.480344][T12663] bridge0: port 2(bridge_slave_1) entered blocking state [ 876.519662][T12663] bridge0: port 2(bridge_slave_1) entered disabled state [ 876.527468][T12663] bridge_slave_1: entered allmulticast mode [ 876.553312][T12663] bridge_slave_1: entered promiscuous mode [ 876.585909][T12730] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1814'. [ 876.711261][T12663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 876.744370][T12663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 876.876789][ T29] audit: type=1326 audit(1723099545.513:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12734 comm="syz.3.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6775d779f9 code=0x7ffc0000 [ 877.019836][T12663] team0: Port device team_slave_0 added [ 877.036528][ T29] audit: type=1326 audit(1723099545.513:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12734 comm="syz.3.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6775d779f9 code=0x7ffc0000 [ 877.127449][ T29] audit: type=1400 audit(1723099545.522:1181): avc: denied { ioctl } for pid=12736 comm="syz.2.1816" path="socket:[41693]" dev="sockfs" ino=41693 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 877.189254][T12663] team0: Port device team_slave_1 added [ 877.196890][ T5231] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 877.205943][ T5231] Bluetooth: hci6: Injecting HCI hardware error event [ 877.215500][ T5224] Bluetooth: hci6: hardware error 0x00 [ 877.289483][T12663] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 877.300459][T12663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 877.326342][ C0] vkms_vblank_simulate: vblank timer overrun [ 877.332782][T12663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 877.347039][T12663] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 877.354186][T12663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 877.380101][ C0] vkms_vblank_simulate: vblank timer overrun [ 877.386311][T12663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 877.403363][ T29] audit: type=1326 audit(1723099545.541:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12734 comm="syz.3.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f6775d779f9 code=0x7ffc0000 [ 877.452317][ T29] audit: type=1326 audit(1723099545.541:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12734 comm="syz.3.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6775d779f9 code=0x7ffc0000 [ 877.502258][T12663] hsr_slave_0: entered promiscuous mode [ 877.519772][ T29] audit: type=1326 audit(1723099545.541:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12734 comm="syz.3.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6775d779f9 code=0x7ffc0000 [ 877.543247][ C0] vkms_vblank_simulate: vblank timer overrun [ 877.567804][T12663] hsr_slave_1: entered promiscuous mode [ 877.578559][T12663] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 877.599750][T12663] Cannot create hsr debugfs directory [ 877.609136][ T29] audit: type=1326 audit(1723099545.541:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12734 comm="syz.3.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6775d779f9 code=0x7ffc0000 [ 877.632589][ C0] vkms_vblank_simulate: vblank timer overrun [ 877.719606][ T29] audit: type=1326 audit(1723099545.541:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12734 comm="syz.3.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6775d779f9 code=0x7ffc0000 [ 877.793867][ T29] audit: type=1326 audit(1723099545.541:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12734 comm="syz.3.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f6775d779f9 code=0x7ffc0000 [ 879.455439][ T5224] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 880.990220][T12663] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 881.022238][T12663] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 881.193054][T12663] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 881.241055][T12663] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 881.753624][T12663] 8021q: adding VLAN 0 to HW filter on device bond0 [ 881.855304][T12663] 8021q: adding VLAN 0 to HW filter on device team0 [ 884.489720][ T5302] bridge0: port 1(bridge_slave_0) entered blocking state [ 884.496899][ T5302] bridge0: port 1(bridge_slave_0) entered forwarding state [ 884.632939][ T5302] bridge0: port 2(bridge_slave_1) entered blocking state [ 884.640166][ T5302] bridge0: port 2(bridge_slave_1) entered forwarding state [ 884.745118][T12663] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 886.484043][ T29] kauditd_printk_skb: 49 callbacks suppressed [ 886.484061][ T29] audit: type=1400 audit(1723099554.383:1237): avc: denied { search } for pid=12813 comm="syz.3.1828" name="/" dev="configfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 886.701406][T12663] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 886.708512][ T29] audit: type=1400 audit(1723099554.411:1238): avc: denied { read } for pid=12813 comm="syz.3.1828" name="/" dev="configfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 886.799112][ T29] audit: type=1400 audit(1723099554.411:1239): avc: denied { open } for pid=12813 comm="syz.3.1828" path="/166/file0" dev="configfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 887.024312][ T29] audit: type=1326 audit(1723099554.752:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.3.1828" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6775d779f9 code=0x0 [ 887.090250][T12663] veth0_vlan: entered promiscuous mode [ 887.152648][ T29] audit: type=1400 audit(1723099554.844:1241): avc: granted { setsecparam } for pid=12813 comm="syz.3.1828" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 887.200621][T12663] veth1_vlan: entered promiscuous mode [ 887.255092][ T29] audit: type=1400 audit(1723099554.872:1242): avc: denied { write } for pid=12813 comm="syz.3.1828" name="/" dev="configfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 887.387094][T12663] veth0_macvtap: entered promiscuous mode [ 887.439790][T12663] veth1_macvtap: entered promiscuous mode [ 887.706696][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 888.411382][T12836] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 888.526874][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 888.550496][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 888.611393][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 888.669762][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 888.696602][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 888.727756][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 888.967565][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 889.415001][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 889.751164][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 889.837617][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 889.872540][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 890.026234][T12663] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 890.135911][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 890.254900][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 890.267694][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 890.316282][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 890.326418][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 890.413763][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 890.423634][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.198537][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.342066][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.462032][T12863] slcan: can't register candev [ 891.470942][T12863] Falling back ldisc for ptm0. [ 891.545441][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.568324][T12663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.613520][T12663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.642312][T12663] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 891.805735][T12663] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.850557][T12663] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.881918][T12663] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.899222][T12663] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 892.218092][ T5231] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 892.240109][ T5231] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 892.271053][ T5231] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 892.286075][ T5231] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 892.300350][ T5231] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 892.309577][ T5231] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 892.705701][T12876] ip6gretap0 speed is unknown, defaulting to 1000 [ 892.875979][ T2583] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 892.913598][ T2583] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 893.018825][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 893.130465][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 893.510460][T12889] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1836'. [ 893.530139][T12889] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1836'. [ 893.704936][T12897] xt_cgroup: invalid path, errno=-2 [ 893.832193][T12876] chnl_net:caif_netlink_parms(): no params data found [ 894.541810][ T5224] Bluetooth: hci7: command tx timeout [ 896.795676][ T5224] Bluetooth: hci7: command tx timeout [ 896.970519][ T29] audit: type=1326 audit(1723099564.065:1243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12936 comm="syz.3.1844" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6775d779f9 code=0x0 [ 897.215796][T12940] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1844'. [ 898.176018][T12876] bridge0: port 1(bridge_slave_0) entered blocking state [ 898.194691][T12876] bridge0: port 1(bridge_slave_0) entered disabled state [ 898.203935][T12876] bridge_slave_0: entered allmulticast mode [ 898.210965][T12876] bridge_slave_0: entered promiscuous mode [ 898.227719][T12876] bridge0: port 2(bridge_slave_1) entered blocking state [ 898.235004][T12876] bridge0: port 2(bridge_slave_1) entered disabled state [ 898.250960][T12876] bridge_slave_1: entered allmulticast mode [ 898.278073][T12876] bridge_slave_1: entered promiscuous mode [ 898.340149][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 898.575570][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 898.656248][T12876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 898.684550][T12876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 898.785153][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 899.038489][ T5224] Bluetooth: hci7: command tx timeout [ 899.088689][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 899.261561][T12940] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 899.284286][T12940] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 899.429710][T12876] team0: Port device team_slave_0 added [ 899.528802][T12876] team0: Port device team_slave_1 added [ 899.791828][T12876] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 899.803001][T12940] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 899.828388][T12940] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 899.838733][T12876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 899.864810][ C0] vkms_vblank_simulate: vblank timer overrun [ 899.887453][T12876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 899.916777][T12876] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 899.969087][T12876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 900.036831][T12876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 900.596430][T12876] hsr_slave_0: entered promiscuous mode [ 900.653175][T12876] hsr_slave_1: entered promiscuous mode [ 900.676800][T12876] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 900.700771][T12876] Cannot create hsr debugfs directory [ 900.778964][T12940] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 900.815720][T12940] Bluetooth: hci7: Error when powering off device on rfkill (-4) [ 901.886467][ T35] bridge_slave_1: left allmulticast mode [ 901.919878][ T35] bridge_slave_1: left promiscuous mode [ 901.925754][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 902.009341][ T35] bridge_slave_0: left allmulticast mode [ 902.015037][ T35] bridge_slave_0: left promiscuous mode [ 902.075127][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 902.416039][ T5231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 902.432637][ T5231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 902.442245][ T5231] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 902.454072][ T5231] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 902.505542][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 902.513099][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 902.546462][ T5224] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 902.568961][ T5224] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 902.591820][ T5224] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 902.616405][ T5224] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 902.626309][ T5224] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 902.638412][ T5224] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 902.781080][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 904.758780][ T25] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 904.931938][ T5224] Bluetooth: hci3: command tx timeout [ 905.156839][ T25] usb 2-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08 [ 905.166796][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 905.191558][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 905.221306][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 905.229121][ T25] usb 2-1: Product: syz [ 905.234277][ T25] usb 2-1: Manufacturer: syz [ 905.253603][ T25] usb 2-1: SerialNumber: syz [ 905.261526][ T35] bond0 (unregistering): Released all slaves [ 905.297240][ T25] usb 2-1: config 0 descriptor?? [ 905.331617][ T25] gm12u320 2-1:0.0: [drm:gm12u320_misc_request.constprop.0] *ERROR* Misc. req. error -22 [ 905.390160][ T25] gm12u320 2-1:0.0: probe with driver gm12u320 failed with error -5 [ 905.487888][ T25] usb-storage 2-1:0.0: USB Mass Storage device detected [ 905.534714][ T25] usb-storage 2-1:0.0: device ignored [ 905.666238][T13035] CIFS mount error: No usable UNC path provided in device string! [ 905.666238][T13035] [ 905.682530][T13035] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 905.795565][T13014] netlink: 'syz.3.1855': attribute type 2 has an invalid length. [ 906.522410][ T25] usb 2-1: USB disconnect, device number 37 [ 907.159192][T12976] ip6gretap0 speed is unknown, defaulting to 1000 [ 907.185763][ T5224] Bluetooth: hci3: command tx timeout [ 907.464616][T12876] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 907.837416][T12876] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 907.895675][T13073] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13073 comm=syz.2.1863 [ 908.027996][T13072] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1863'. [ 908.077063][T13073] bridge0: entered allmulticast mode [ 908.120796][T13074] bridge_slave_1: left allmulticast mode [ 908.126461][T13074] bridge_slave_1: left promiscuous mode [ 908.177372][T13074] bridge0: port 2(bridge_slave_1) entered disabled state [ 908.212456][T13074] bridge_slave_0: left allmulticast mode [ 908.222697][T13074] bridge_slave_0: left promiscuous mode [ 908.231526][T13074] bridge0: port 1(bridge_slave_0) entered disabled state [ 908.350088][T13074] bridge0 (unregistering): left allmulticast mode [ 908.395190][ T29] audit: type=1400 audit(1723099574.606:1244): avc: denied { getopt } for pid=13075 comm="syz.3.1864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 908.733654][T12876] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 908.898005][ T35] hsr_slave_0: left promiscuous mode [ 908.913857][ T35] hsr_slave_1: left promiscuous mode [ 908.923382][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 908.951462][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 908.967307][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 908.990732][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 909.127282][ T35] veth1_macvtap: left promiscuous mode [ 909.164480][ T35] veth0_macvtap: left promiscuous mode [ 909.190647][ T35] veth1_vlan: left promiscuous mode [ 909.202076][ T35] veth0_vlan: left promiscuous mode [ 909.449730][ T5224] Bluetooth: hci3: command tx timeout [ 912.412917][ T5224] Bluetooth: hci3: command tx timeout [ 913.394677][T13105] xt_CT: You must specify a L4 protocol and not use inversions on it [ 913.892246][ C0] vkms_vblank_simulate: vblank timer overrun [ 913.929489][ C0] vkms_vblank_simulate: vblank timer overrun [ 913.997898][ C0] vkms_vblank_simulate: vblank timer overrun [ 914.130336][ C0] vkms_vblank_simulate: vblank timer overrun [ 914.169636][ C0] vkms_vblank_simulate: vblank timer overrun [ 914.274406][ C0] vkms_vblank_simulate: vblank timer overrun [ 914.312811][ C0] vkms_vblank_simulate: vblank timer overrun [ 914.384683][ C0] vkms_vblank_simulate: vblank timer overrun [ 914.486387][ C0] vkms_vblank_simulate: vblank timer overrun [ 914.523496][ C0] vkms_vblank_simulate: vblank timer overrun [ 914.563079][ C0] vkms_vblank_simulate: vblank timer overrun [ 919.959316][T13134] nftables ruleset with unbound set [ 920.066350][T13135] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1876'. [ 920.121070][T13135] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1876'. [ 920.133590][T13135] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1876'. [ 920.964386][ T35] team0 (unregistering): Port device team_slave_1 removed [ 921.161107][ T35] team0 (unregistering): Port device team_slave_0 removed [ 921.567489][ T29] audit: type=1400 audit(1723099586.753:1245): avc: denied { write } for pid=13145 comm="syz.1.1879" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 921.567826][T13147] random: crng reseeded on system resumption [ 924.374327][ T29] audit: type=1804 audit(1723099589.346:1246): pid=13155 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.1881" name="/newroot/104/bus/bus" dev="overlay" ino=581 res=1 errno=0 [ 925.199311][T12876] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 925.535973][T12876] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 925.596450][T12976] chnl_net:caif_netlink_parms(): no params data found [ 925.668044][T12876] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 925.794111][T12876] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 926.577243][T12876] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 926.780885][T13169] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1884'. [ 926.900926][T13182] 9pnet_fd: Insufficient options for proto=fd [ 927.181091][T12976] bridge0: port 1(bridge_slave_0) entered blocking state [ 927.218315][T12976] bridge0: port 1(bridge_slave_0) entered disabled state [ 927.225579][T12976] bridge_slave_0: entered allmulticast mode [ 927.256762][T12976] bridge_slave_0: entered promiscuous mode [ 927.275764][T12976] bridge0: port 2(bridge_slave_1) entered blocking state [ 927.289388][T12976] bridge0: port 2(bridge_slave_1) entered disabled state [ 927.297695][T12976] bridge_slave_1: entered allmulticast mode [ 927.306544][T12976] bridge_slave_1: entered promiscuous mode [ 927.590082][T12976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 927.611089][T13194] ALSA: mixer_oss: invalid OSS volume '' [ 927.666862][T12976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 928.019092][ T35] bridge_slave_1: left allmulticast mode [ 928.272209][ T35] bridge_slave_1: left promiscuous mode [ 928.280105][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 928.291250][ T35] bridge_slave_0: left allmulticast mode [ 928.296897][ T35] bridge_slave_0: left promiscuous mode [ 928.348966][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 928.648570][ T941] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 928.868399][ T941] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 928.888274][ T941] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 928.917360][ T941] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 928.926943][ T941] usb 2-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 928.974903][ T941] usb 2-1: Product: syz [ 928.989986][ T941] usb 2-1: config 0 descriptor?? [ 929.580488][ T941] konepure 0003:1E7D:2DB4.0019: unknown main item tag 0x0 [ 929.618266][ T941] konepure 0003:1E7D:2DB4.0019: unknown main item tag 0x0 [ 929.640961][ T941] konepure 0003:1E7D:2DB4.0019: unknown main item tag 0x0 [ 929.677751][ T941] konepure 0003:1E7D:2DB4.0019: unknown main item tag 0x0 [ 929.713701][ T941] konepure 0003:1E7D:2DB4.0019: unknown main item tag 0x0 [ 929.757847][ T941] konepure 0003:1E7D:2DB4.0019: unknown main item tag 0x0 [ 929.836414][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 929.851546][ T941] konepure 0003:1E7D:2DB4.0019: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 929.881274][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 929.920165][ T941] usb 2-1: USB disconnect, device number 38 [ 929.940779][ T35] bond0 (unregistering): Released all slaves [ 930.098375][T12976] team0: Port device team_slave_0 added [ 930.338704][T12976] team0: Port device team_slave_1 added [ 930.777920][T12976] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 930.797895][T12976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 930.808042][ T29] audit: type=1400 audit(1723099595.281:1247): avc: denied { execheap } for pid=13211 comm="syz.2.1890" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 930.964357][T12976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 931.016652][T12976] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 931.107162][T12976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 931.133228][ C0] vkms_vblank_simulate: vblank timer overrun [ 931.223902][T12976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 931.676797][ T35] hsr_slave_0: left promiscuous mode [ 931.739324][ T35] hsr_slave_1: left promiscuous mode [ 931.770576][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 931.802295][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 931.875625][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 931.892642][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 932.020660][ T35] veth1_macvtap: left promiscuous mode [ 932.037684][ T35] veth0_macvtap: left promiscuous mode [ 932.053627][ T35] veth1_vlan: left promiscuous mode [ 932.086019][ T35] veth0_vlan: left promiscuous mode [ 932.099711][ T29] audit: type=1400 audit(1723099596.481:1248): avc: denied { mounton } for pid=13226 comm="syz.1.1893" path="/109/file0" dev="rpc_pipefs" ino=43662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=dir permissive=1 [ 932.410210][T13215] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13215 comm=syz.3.1891 [ 934.013102][T13256] ================================================================== [ 934.021236][T13256] BUG: KASAN: slab-use-after-free in filter_chain+0xf6/0x110 [ 934.028667][T13256] Read of size 8 at addr ffff88801fae6c30 by task syz.3.1895/13256 [ 934.036565][T13256] [ 934.038900][T13256] CPU: 1 UID: 0 PID: 13256 Comm: syz.3.1895 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 934.049664][T13256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 934.059904][T13256] Call Trace: [ 934.063183][T13256] [ 934.066110][T13256] dump_stack_lvl+0x116/0x1f0 [ 934.070890][T13256] print_report+0xc3/0x620 [ 934.075337][T13256] ? __virt_addr_valid+0x5e/0x590 [ 934.080389][T13256] ? __phys_addr+0xc6/0x150 [ 934.084895][T13256] kasan_report+0xd9/0x110 [ 934.089318][T13256] ? filter_chain+0xf6/0x110 [ 934.093916][T13256] ? filter_chain+0xf6/0x110 [ 934.098515][T13256] filter_chain+0xf6/0x110 [ 934.102937][T13256] uprobe_mmap+0x46b/0x1240 [ 934.107450][T13256] ? __pfx_uprobe_mmap+0x10/0x10 [ 934.112394][T13256] mmap_region+0x1228/0x2760 [ 934.117010][T13256] ? __pfx_mmap_region+0x10/0x10 [ 934.121953][T13256] ? security_mmap_addr+0x8e/0xb0 [ 934.127044][T13256] ? __get_unmapped_area+0x271/0x3a0 [ 934.132334][T13256] do_mmap+0xbfb/0xfb0 [ 934.136427][T13256] ? security_mmap_file+0x192/0x1d0 [ 934.141624][T13256] vm_mmap_pgoff+0x1ba/0x360 [ 934.146220][T13256] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 934.151336][T13256] ksys_mmap_pgoff+0x332/0x5d0 [ 934.156105][T13256] __x64_sys_mmap+0x125/0x190 [ 934.160804][T13256] do_syscall_64+0xcd/0x250 [ 934.165382][T13256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.171344][T13256] RIP: 0033:0x7f6775d779f9 [ 934.175770][T13256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 934.195383][T13256] RSP: 002b:00007f6776a90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 934.203884][T13256] RAX: ffffffffffffffda RBX: 00007f6775f06058 RCX: 00007f6775d779f9 [ 934.211853][T13256] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020000000 [ 934.219823][T13256] RBP: 00007f6775de58ee R08: 000000000000000d R09: 0000000000000000 [ 934.227791][T13256] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 934.235759][T13256] R13: 0000000000000000 R14: 00007f6775f06058 R15: 00007ffd5866c388 [ 934.243732][T13256] [ 934.246743][T13256] [ 934.249056][T13256] Allocated by task 10087: [ 934.253459][T13256] kasan_save_stack+0x33/0x60 [ 934.258142][T13256] kasan_save_track+0x14/0x30 [ 934.262817][T13256] __kasan_kmalloc+0xaa/0xb0 [ 934.267402][T13256] selinux_netlbl_sock_genattr+0xb0/0x4b0 [ 934.273211][T13256] selinux_netlbl_socket_post_create+0x79/0x150 [ 934.279456][T13256] selinux_socket_post_create+0x2f0/0x7e0 [ 934.285204][T13256] security_socket_post_create+0x8b/0xd0 [ 934.290842][T13256] __sock_create+0x68d/0x800 [ 934.295483][T13256] __sys_socket+0x14f/0x260 [ 934.299995][T13256] __x64_sys_socket+0x72/0xb0 [ 934.304672][T13256] do_syscall_64+0xcd/0x250 [ 934.309174][T13256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.315083][T13256] [ 934.317399][T13256] Freed by task 10087: [ 934.321452][T13256] kasan_save_stack+0x33/0x60 [ 934.326220][T13256] kasan_save_track+0x14/0x30 [ 934.330893][T13256] kasan_save_free_info+0x3b/0x60 [ 934.335921][T13256] poison_slab_object+0xf7/0x160 [ 934.340856][T13256] __kasan_slab_free+0x32/0x50 [ 934.345619][T13256] kfree+0x12a/0x3b0 [ 934.349533][T13256] selinux_netlbl_sk_security_free+0x12c/0x400 [ 934.355693][T13256] selinux_sk_free_security+0x46/0x60 [ 934.361116][T13256] security_sk_free+0x45/0x80 [ 934.365794][T13256] __sk_destruct+0x461/0x730 [ 934.370419][T13256] sk_destruct+0xc2/0xf0 [ 934.374663][T13256] __sk_free+0xf4/0x3e0 [ 934.378819][T13256] sk_free+0x7c/0xa0 [ 934.382716][T13256] tcp_close+0xe1/0x130 [ 934.386916][T13256] inet_release+0x13c/0x280 [ 934.391437][T13256] __sock_release+0xb0/0x270 [ 934.396026][T13256] sock_close+0x1c/0x30 [ 934.400180][T13256] __fput+0x408/0xbb0 [ 934.404188][T13256] __fput_sync+0x47/0x50 [ 934.408434][T13256] __x64_sys_close+0x86/0x100 [ 934.413119][T13256] do_syscall_64+0xcd/0x250 [ 934.417625][T13256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.423537][T13256] [ 934.425850][T13256] The buggy address belongs to the object at ffff88801fae6c00 [ 934.425850][T13256] which belongs to the cache kmalloc-64 of size 64 [ 934.439725][T13256] The buggy address is located 48 bytes inside of [ 934.439725][T13256] freed 64-byte region [ffff88801fae6c00, ffff88801fae6c40) [ 934.453343][T13256] [ 934.455660][T13256] The buggy address belongs to the physical page: [ 934.462064][T13256] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1fae6 [ 934.470823][T13256] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 934.478367][T13256] page_type: 0xfdffffff(slab) [ 934.483039][T13256] raw: 00fff00000000000 ffff8880158418c0 0000000000000000 dead000000000001 [ 934.491623][T13256] raw: 0000000000000000 0000000000200020 00000001fdffffff 0000000000000000 [ 934.500196][T13256] page dumped because: kasan: bad access detected [ 934.506611][T13256] page_owner tracks the page as allocated [ 934.512317][T13256] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4675, tgid 4675 (udevd), ts 45210668707, free_ts 45206726848 [ 934.530812][T13256] post_alloc_hook+0x2d1/0x350 [ 934.535580][T13256] get_page_from_freelist+0x1351/0x2e50 [ 934.541128][T13256] __alloc_pages_noprof+0x22b/0x2460 [ 934.546417][T13256] alloc_slab_page+0x4e/0xf0 [ 934.551012][T13256] new_slab+0x84/0x260 [ 934.555078][T13256] ___slab_alloc+0xdac/0x1870 [ 934.559756][T13256] __slab_alloc.constprop.0+0x56/0xb0 [ 934.565128][T13256] __kmalloc_noprof+0x367/0x400 [ 934.569978][T13256] tomoyo_encode2+0x100/0x3e0 [ 934.574719][T13256] tomoyo_encode+0x29/0x50 [ 934.579151][T13256] tomoyo_realpath_from_path+0x19d/0x720 [ 934.584789][T13256] tomoyo_check_open_permission+0x2a7/0x3b0 [ 934.590689][T13256] tomoyo_file_open+0x71/0x90 [ 934.595364][T13256] security_file_open+0x78/0x8b0 [ 934.600303][T13256] do_dentry_open+0x5c7/0x15f0 [ 934.605066][T13256] vfs_open+0x82/0x3f0 [ 934.609139][T13256] page last free pid 4675 tgid 4675 stack trace: [ 934.615457][T13256] free_unref_page+0x64a/0xe40 [ 934.620221][T13256] rcu_core+0x828/0x16b0 [ 934.624491][T13256] handle_softirqs+0x216/0x8f0 [ 934.629272][T13256] irq_exit_rcu+0xbb/0x120 [ 934.633693][T13256] sysvec_apic_timer_interrupt+0x95/0xb0 [ 934.639328][T13256] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 934.645407][T13256] [ 934.647721][T13256] Memory state around the buggy address: [ 934.653343][T13256] ffff88801fae6b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 934.661399][T13256] ffff88801fae6b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 934.669454][T13256] >ffff88801fae6c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 934.677505][T13256] ^ [ 934.683127][T13256] ffff88801fae6c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 934.691184][T13256] ffff88801fae6d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 934.699237][T13256] ================================================================== [ 934.866778][T13256] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 934.874023][T13256] CPU: 0 UID: 0 PID: 13256 Comm: syz.3.1895 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 934.884816][T13256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 934.894884][T13256] Call Trace: [ 934.898162][T13256] [ 934.901087][T13256] dump_stack_lvl+0x3d/0x1f0 [ 934.905780][T13256] panic+0x6f5/0x7a0 [ 934.909678][T13256] ? __pfx_panic+0x10/0x10 [ 934.914098][T13256] ? preempt_schedule_thunk+0x1a/0x30 [ 934.919503][T13256] ? preempt_schedule_common+0x44/0xc0 [ 934.925014][T13256] check_panic_on_warn+0xab/0xb0 [ 934.929962][T13256] end_report+0x117/0x180 [ 934.934303][T13256] kasan_report+0xe9/0x110 [ 934.938734][T13256] ? filter_chain+0xf6/0x110 [ 934.943328][T13256] ? filter_chain+0xf6/0x110 [ 934.947935][T13256] filter_chain+0xf6/0x110 [ 934.952358][T13256] uprobe_mmap+0x46b/0x1240 [ 934.956872][T13256] ? __pfx_uprobe_mmap+0x10/0x10 [ 934.961818][T13256] mmap_region+0x1228/0x2760 [ 934.966417][T13256] ? __pfx_mmap_region+0x10/0x10 [ 934.971358][T13256] ? security_mmap_addr+0x8e/0xb0 [ 934.976402][T13256] ? __get_unmapped_area+0x271/0x3a0 [ 934.981724][T13256] do_mmap+0xbfb/0xfb0 [ 934.985814][T13256] ? security_mmap_file+0x192/0x1d0 [ 934.991021][T13256] vm_mmap_pgoff+0x1ba/0x360 [ 934.995710][T13256] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 935.000831][T13256] ksys_mmap_pgoff+0x332/0x5d0 [ 935.005602][T13256] __x64_sys_mmap+0x125/0x190 [ 935.010280][T13256] do_syscall_64+0xcd/0x250 [ 935.014877][T13256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 935.020779][T13256] RIP: 0033:0x7f6775d779f9 [ 935.025191][T13256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 935.044819][T13256] RSP: 002b:00007f6776a90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 935.053239][T13256] RAX: ffffffffffffffda RBX: 00007f6775f06058 RCX: 00007f6775d779f9 [ 935.061212][T13256] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020000000 [ 935.069211][T13256] RBP: 00007f6775de58ee R08: 000000000000000d R09: 0000000000000000 [ 935.077181][T13256] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 935.085150][T13256] R13: 0000000000000000 R14: 00007f6775f06058 R15: 00007ffd5866c388 [ 935.093136][T13256] [ 935.096427][T13256] Kernel Offset: disabled [ 935.100738][T13256] Rebooting in 86400 seconds..