last executing test programs: 14.261494033s ago: executing program 1 (id=2419): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f00000004c0)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @random="08a503576a7f"}, 0x6, {0x2, 0x0, @loopback}, 'syz_tun\x00'}) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x84, &(0x7f0000000180)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 13.240595555s ago: executing program 1 (id=2420): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)=@generic={&(0x7f0000000100)='./file0\x00', 0x0, 0x8}, 0x18) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000280)={r1, &(0x7f0000000300)="8b8844f90fbd353b33d2044f867110a35248b47d96d8c6740f30c26d8fe011c57850b06bcc91e74d9b2cd20c1f90981fd9959ae724105b7cd61f24b52239f8bf35476647017e66b6aa8edbcd8928babfc2b0c1b83e83516990eaa9f2f3874c7030071129b1d492d271bebb4310523dabf765bd2f15cda0a71cae38e0423e4a650e5134a768e5ab6eae707786eea66c4328190de6fa40e3b63ab94d7c29638a0d5e6602dfed7cb50c759f23f525cdfdb33a79daefe42b0edc6571d1610af6697e89da166ab6b0e79d18202c18526109569f"}, 0x20) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) clock_gettime(0xfffffffffffffff1, &(0x7f0000000000)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800c7490000000000fe0000000000000040000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x10) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0x5) 12.731778566s ago: executing program 1 (id=2422): connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 12.535931928s ago: executing program 1 (id=2424): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$usbfs(0x0, 0xf, 0x8100) r3 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc}) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) 10.82378379s ago: executing program 4 (id=2429): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00'}) mbind(&(0x7f0000bdf000/0x4000)=nil, 0x4000, 0x1, &(0x7f0000000040)=0x1, 0x2, 0x0) mbind(&(0x7f0000be0000/0x2000)=nil, 0x2000, 0x4001, &(0x7f0000000080)=0x1000000000000085, 0x4, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() socket$vsock_stream(0x28, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) syz_open_dev$usbfs(0x0, 0xf, 0x8100) r4 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280)=0x0, &(0x7f0000000200)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r6 = syz_io_uring_setup(0x7540, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000200)=0x0) r8 = syz_io_uring_setup(0x34ef, &(0x7f0000000400)={0x0, 0x0, 0x1}, &(0x7f00000003c0)=0x0, &(0x7f0000001480)) syz_io_uring_submit(r9, r7, &(0x7f00000001c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r8, 0x0, 0x0}) io_uring_enter(r6, 0x2003, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) 9.549782929s ago: executing program 4 (id=2432): openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB]) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(0xffffffffffffffff) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f000057a000/0x1000)=nil, 0x1000, 0x0, 0x3, 0x1c0000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x5, 0x12, 0xffffffffffffffff, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) write$binfmt_format(0xffffffffffffffff, &(0x7f0000000140)='-1\x00', 0x3) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r3, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r3, 0x0, 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter\x00') sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x7c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x38, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x14, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc4}}, 0x20050800) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 9.518632858s ago: executing program 3 (id=2433): landlock_create_ruleset(&(0x7f0000000240)={0xfdf}, 0x18, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019640)=""/102400, 0x19000) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, r1, &(0x7f00000000c0)={0xffffffffffffffff, r1, 0x9f}) syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r3 = syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)={{0x12, 0x1, 0x0, 0x3a, 0x98, 0x2a, 0x8, 0xccd, 0x10a3, 0x23a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x57, 0x33, 0x19}}]}}]}}, 0x0) syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000a00)={0x2c, &(0x7f0000000840)={0x0, 0x0, 0x6, "4f982237ba41"}, 0x0, 0x0, 0x0, 0x0}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) 7.861089447s ago: executing program 2 (id=2434): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_procfs$namespace(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x38, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x38, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14, 0x10}}, 0xb8}}, 0x0) 7.772365741s ago: executing program 4 (id=2435): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000b, 0x4031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) bind$rds(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) r4 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) symlinkat(0x0, r5, &(0x7f0000000140)='./file0\x00') ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f00000000c0)={0x8, 0x10001}) sendmsg$rds(r3, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10, 0x0, 0x0, &(0x7f0000000240)}, 0x0) 7.16163034s ago: executing program 3 (id=2436): r0 = syz_io_uring_setup(0x237, &(0x7f0000000240)={0x0, 0x9399, 0x0, 0x0, 0x24f}, &(0x7f0000000040), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() semop(0x0, &(0x7f0000000240)=[{0x2, 0x7fff, 0x1000}], 0x1) semop(0x0, &(0x7f0000000100)=[{0x2, 0xd5db}], 0x1) semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x9, 0x1000}, {0x2, 0x800, 0x1800}], 0x2, 0x0) timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000000)={{}, {0x77359400}}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = userfaultfd(0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000000)) socket$xdp(0x2c, 0x3, 0x0) r5 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000480), &(0x7f00000004c0)=0x8) r6 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) tgkill(r6, r6, 0x21) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, 0x0, 0x1) 6.79326708s ago: executing program 4 (id=2437): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x0, 0x9, 0x6b4, @vifc_lcl_addr=@broadcast, @multicast2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r2, 0x5453, 0x0) socket(0x10, 0x400000000080803, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x40, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x4044004) 6.58061409s ago: executing program 0 (id=2438): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 6.332947581s ago: executing program 2 (id=2439): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f00000004c0)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @random="08a503576a7f"}, 0x6, {0x2, 0x0, @loopback}, 'syz_tun\x00'}) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x54) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x84, &(0x7f0000000180)={r7, @in={{0x2, 0x0, @empty}}}, 0x90) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 6.24801444s ago: executing program 1 (id=2440): io_uring_setup(0x1a79, &(0x7f00000010c0)={0x0, 0xe533, 0x20000, 0x4}) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000640)=0x8000) 6.195441305s ago: executing program 0 (id=2441): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xf1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 5.550245377s ago: executing program 4 (id=2442): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f00000004c0)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @random="08a503576a7f"}, 0x6, {0x2, 0x0, @loopback}, 'syz_tun\x00'}) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x84, &(0x7f0000000180)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 5.008787613s ago: executing program 2 (id=2443): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) syz_open_dev$hidraw(&(0x7f0000000240), 0x4, 0x800) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x30, 0x3d, 0x9, 0x0, 0x0, {0x4}, [@typed={0x4, 0x200}, @typed={0x15, 0x9, 0x0, 0x0, @binary="f463163c2a66215fe66ba731a18dbddcba"}]}, 0x30}}, 0x0) syz_emit_ethernet(0x7e, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@lsrr={0x83, 0xb, 0x0, [@dev, @empty]}, @cipso={0x86, 0x32, 0x0, [{0x0, 0x5, "df6116"}, {0x0, 0x12, "ffd11634eea26b0faffa0dea2e903528"}, {0x0, 0x8, "02a20948fd74"}, {0x7, 0xd, "ccf0294e2a3bdb4aa40b24"}]}]}}}}}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000021801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000009e8685000000040000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000cbd520850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000180)={0x1c, 0x2c, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@nested={0x8, 0xc}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 4.697751157s ago: executing program 0 (id=2444): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x9, 0x1000088}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) r2 = open(0x0, 0x0, 0x0) fcntl$notify(r2, 0x402, 0x11) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r3, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') read$FUSE(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x17) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000040)={0xd, 0x7, 0x2, {{}, 0xffffffc0}}, 0xd) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 4.034093354s ago: executing program 4 (id=2445): socket$inet6_udp(0xa, 0x2, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x401, 0x1, 0x3, 0x1, 0x1}, 0x8) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4b4, 0x7b1, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x1, 0x0, 0x0, 0x2}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) shutdown(r2, 0x45882e38ee51989f) syz_usb_control_io(r1, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x5, {0xfffffe24, 0x23, "b1a748"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 3.852011088s ago: executing program 2 (id=2446): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00 ', @ANYRES16=0x0, @ANYBLOB="0100fdffffff000000000100000008000100", @ANYRES32], 0x5c}, 0x1, 0xf000, 0x0, 0x8c1}, 0x20040) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="180100002d000100000000000000000007"], 0x118}], 0x1}, 0x0) 3.094234522s ago: executing program 3 (id=2447): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_emit_ethernet(0x5e, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x22) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000240)={0x48}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="ae29ace5bffbc200dcef2baf5bbc28ac204007cc4c0784e23101dc35cce21e5a5715d965b5a69a59cb035e5c23e652aadca701e62946a0674a7656ae3a6b4405dc1bed87d00942fe0b2a51a2ccf301cc8535a94dd879801de36f7d241b90f38b5e1d807b220645", @ANYRESHEX=r1], 0x70}, 0x1, 0x0, 0x0, 0x20008010}, 0x4) sendmsg$nl_route(r1, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000680)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(0xffffffffffffffff, 0x3ba0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000440)={0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x48801}, 0x4) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000800000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000a0000000bf09000000"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sk_reuseport, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000140)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3}, 0x18) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r4, 0x40186f40, 0x20000502) socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"}) 2.562914545s ago: executing program 0 (id=2448): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) io_uring_setup(0x3846, &(0x7f0000000100)={0x0, 0x40000, 0x8, 0x6, 0x64}) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) getsockopt$inet_mptcp_buf(0xffffffffffffffff, 0x11c, 0x2, &(0x7f0000000300)=""/4096, &(0x7f0000000040)=0x1000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) 2.464818896s ago: executing program 2 (id=2449): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000240)=0x7a, 0x4) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x5) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x66) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0xb, 0xfffffffffffffff8}, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) semget$private(0x0, 0x4000000009, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 2.019191724s ago: executing program 0 (id=2450): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000240)=0x7a, 0x4) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x5) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x66) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0xb, 0xfffffffffffffff8}, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) semget$private(0x0, 0x4000000009, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) move_pages(0x0, 0x1, &(0x7f0000006580)=[&(0x7f0000ffa000/0x4000)=nil], 0x0, &(0x7f0000000080), 0x0) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00') pread64(r3, &(0x7f0000000180)=""/15, 0xfffffe9c, 0x358) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) 1.140807035s ago: executing program 3 (id=2451): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 1.014590846s ago: executing program 2 (id=2452): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="180000002400010300000000"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) r1 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) r3 = syz_open_dev$evdev(0x0, 0x0, 0x101000) ioctl$EVIOCGUNIQ(r3, 0x80404508, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40080d0}, 0x24000100) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, 0x0, 0x4000) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000180)={0x0, 0x0, r2, 0x0}) r7 = socket(0x1e, 0x4, 0x0) getsockname$packet(r7, 0x0, &(0x7f00000000c0)) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000280)={r6, 0x0, 0x9, 0x8, 0x0, [], [0x4], [0x0, 0x0, 0x100, 0xd], [0x4, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff]}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000004, 0x13, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0) recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000003fc0)=""/4102, 0x1006}, {0x0}], 0x3}, 0x6}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000340)=""/213, 0xd5}, {&(0x7f00000006c0)=""/236, 0xec}, {&(0x7f00000002c0)=""/35, 0x23}, {0x0}, {&(0x7f0000000640)=""/68, 0x44}, {&(0x7f0000000840)=""/253, 0xfd}], 0x6}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x27}], 0x4, 0x2020, 0x0) 929.620521ms ago: executing program 0 (id=2453): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f00000004c0)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @random="08a503576a7f"}, 0x6, {0x2, 0x0, @loopback}, 'syz_tun\x00'}) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 902.408824ms ago: executing program 3 (id=2454): syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) socket(0x1, 0x2, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000006900000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000000c0)) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x8f3}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r4, &(0x7f0000000000), 0xd) 202.892952ms ago: executing program 3 (id=2455): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_emit_ethernet(0x5e, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x22) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000240)={0x48}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="ae29ace5bffbc200dcef2baf5bbc28ac204007cc4c0784e23101dc35cce21e5a5715d965b5a69a59cb035e5c23e652aadca701e62946a0674a7656ae3a6b4405dc1bed87d00942fe0b2a51a2ccf301cc8535a94dd879801de36f7d241b90f38b5e1d807b220645", @ANYRESHEX=r1], 0x70}, 0x1, 0x0, 0x0, 0x20008010}, 0x4) sendmsg$nl_route(r1, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000680)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(0xffffffffffffffff, 0x3ba0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000440)={0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x48801}, 0x4) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000800000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000a0000000bf09000000"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sk_reuseport, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000140)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3}, 0x18) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r4, 0x40186f40, 0x20000502) 0s ago: executing program 1 (id=2456): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_emit_ethernet(0x5e, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x22) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000240)={0x48}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="ae29ace5bffbc200dcef2baf5bbc28ac204007cc4c0784e23101dc35cce21e5a5715d965b5a69a59cb035e5c23e652aadca701e62946a0674a7656ae3a6b4405dc1bed87d00942fe0b2a51a2ccf301cc8535a94dd879801de36f7d241b90f38b5e1d807b220645", @ANYRESHEX=r1], 0x70}, 0x1, 0x0, 0x0, 0x20008010}, 0x4) sendmsg$nl_route(r1, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000680)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(0xffffffffffffffff, 0x3ba0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000440)={0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x48801}, 0x4) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000800000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000a0000000bf09000000"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sk_reuseport, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000140)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3}, 0x18) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r4, 0x40186f40, 0x20000502) socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"}) kernel console output (not intermixed with test programs): 095057.850:291): avc: denied { mount } for pid=7160 comm="syz.3.351" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 190.365187][ T29] audit: type=1804 audit(1738095060.250:292): pid=7205 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.362" name="/newroot/70/file1" dev="fuse" ino=1 res=1 errno=0 [ 190.431300][ T29] audit: type=1800 audit(1738095060.250:293): pid=7205 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.362" name="/" dev="fuse" ino=1 res=0 errno=0 [ 190.501933][ T29] audit: type=1804 audit(1738095060.260:294): pid=7205 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.362" name="/newroot/70/file1" dev="fuse" ino=1 res=1 errno=0 [ 190.664543][ T29] audit: type=1804 audit(1738095060.260:295): pid=7205 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.362" name="/newroot/70/file1" dev="fuse" ino=1 res=1 errno=0 [ 191.004133][ T29] audit: type=1800 audit(1738095060.260:296): pid=7205 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.362" name="/" dev="fuse" ino=1 res=0 errno=0 [ 192.868111][ T7229] netlink: 'syz.2.369': attribute type 4 has an invalid length. [ 192.933966][ T7229] mkiss: ax0: crc mode is auto. [ 193.926917][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.933330][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.007955][ T7254] netlink: 'syz.4.378': attribute type 1 has an invalid length. [ 195.990538][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 195.990552][ T29] audit: type=1400 audit(1738095065.850:298): avc: denied { name_bind } for pid=7249 comm="syz.1.376" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 197.006447][ T29] audit: type=1400 audit(1738095065.890:299): avc: denied { nlmsg_write } for pid=7249 comm="syz.1.376" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 197.031253][ T7254] 8021q: adding VLAN 0 to HW filter on device bond1 [ 197.289698][ T7265] bond1: (slave ip6erspan0): making interface the new active one [ 197.308371][ T7265] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 197.365939][ T7261] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 197.371956][ T7261] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 197.377982][ T7261] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 197.384049][ T7261] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 197.390031][ T7261] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 199.760390][ T5818] Bluetooth: hci4: command 0x0c1a tx timeout [ 199.760421][ T5820] Bluetooth: hci2: command 0x0c1a tx timeout [ 199.766465][ T5818] Bluetooth: hci0: command 0x0c1a tx timeout [ 199.778514][ T5818] Bluetooth: hci1: command 0x0c1a tx timeout [ 199.795117][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 199.994489][ T29] audit: type=1400 audit(1738095070.280:300): avc: denied { bind } for pid=7299 comm="syz.0.387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 200.014272][ T7300] Bluetooth: MGMT ver 1.23 [ 200.064276][ T29] audit: type=1400 audit(1738095070.300:301): avc: denied { write } for pid=7299 comm="syz.0.387" path="socket:[12497]" dev="sockfs" ino=12497 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 200.171237][ T7304] netlink: 'syz.1.388': attribute type 4 has an invalid length. [ 200.312316][ T7306] netlink: 'syz.0.389': attribute type 1 has an invalid length. [ 200.465845][ T7306] 8021q: adding VLAN 0 to HW filter on device bond1 [ 200.503114][ T7303] mkiss: ax0: crc mode is auto. [ 200.546331][ T29] audit: type=1400 audit(1738095070.830:302): avc: denied { search } for pid=5485 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 200.563857][ T7306] bond1: (slave ip6erspan0): making interface the new active one [ 200.604690][ T29] audit: type=1400 audit(1738095070.830:303): avc: denied { read } for pid=5485 comm="dhcpcd" name="n103" dev="tmpfs" ino=3336 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 200.626993][ T29] audit: type=1400 audit(1738095070.830:304): avc: denied { open } for pid=5485 comm="dhcpcd" path="/run/udev/data/n103" dev="tmpfs" ino=3336 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 200.651228][ T29] audit: type=1400 audit(1738095070.830:305): avc: denied { getattr } for pid=5485 comm="dhcpcd" path="/run/udev/data/n103" dev="tmpfs" ino=3336 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 200.675333][ T7306] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 204.792888][ T29] audit: type=1400 audit(1738095074.850:306): avc: denied { create } for pid=7338 comm="syz.1.398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 205.089178][ T29] audit: type=1400 audit(1738095074.850:307): avc: denied { getopt } for pid=7338 comm="syz.1.398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 209.671187][ T29] audit: type=1800 audit(1738095079.950:308): pid=7400 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.416" name="file1" dev="tmpfs" ino=454 res=0 errno=0 [ 211.065131][ T7419] netlink: 164 bytes leftover after parsing attributes in process `syz.1.419'. [ 212.981029][ T7419] team0 (unregistering): Port device team_slave_0 removed [ 212.996485][ T7419] team0 (unregistering): Port device team_slave_1 removed [ 214.415024][ T29] audit: type=1800 audit(1738095084.650:309): pid=7447 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.430" name="file1" dev="tmpfs" ino=436 res=0 errno=0 [ 217.607996][ T7478] netlink: 'syz.4.437': attribute type 1 has an invalid length. [ 217.716504][ T7478] 8021q: adding VLAN 0 to HW filter on device bond2 [ 225.730008][ T7537] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 225.736081][ T7537] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 225.742169][ T7537] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 225.748373][ T7537] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 225.755466][ T7537] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 226.084418][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 226.917913][ T29] audit: type=1400 audit(1738095096.980:310): avc: denied { nlmsg_read } for pid=7550 comm="syz.3.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 228.188712][ T5820] Bluetooth: hci4: command 0x0c1a tx timeout [ 228.194885][ T5820] Bluetooth: hci3: command 0x0c1a tx timeout [ 228.200999][ T5820] Bluetooth: hci2: command 0x0c1a tx timeout [ 228.208526][ T5820] Bluetooth: hci0: command 0x0c1a tx timeout [ 233.837832][ T7637] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 233.843936][ T7637] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 233.849933][ T7637] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 233.855964][ T7637] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 233.862040][ T7637] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 234.719167][ T7653] netlink: 'syz.4.477': attribute type 1 has an invalid length. [ 234.878749][ T7653] 8021q: adding VLAN 0 to HW filter on device bond3 [ 235.525834][ T5820] Bluetooth: hci1: command 0x0c1a tx timeout [ 236.001225][ T5820] Bluetooth: hci4: command 0x0c1a tx timeout [ 236.007310][ T5820] Bluetooth: hci3: command 0x0c1a tx timeout [ 236.013320][ T5820] Bluetooth: hci2: command 0x0c1a tx timeout [ 236.019400][ T5820] Bluetooth: hci0: command 0x0c1a tx timeout [ 241.591377][ T7723] netlink: 'syz.3.494': attribute type 1 has an invalid length. [ 241.712430][ T7723] 8021q: adding VLAN 0 to HW filter on device bond1 [ 241.841312][ T7723] bond1: (slave ip6erspan0): making interface the new active one [ 241.850099][ T7723] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 245.924871][ T5818] Bluetooth: hci1: command 0x0c1a tx timeout [ 245.931063][ T7743] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 246.070576][ T7743] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 246.076681][ T7743] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 246.082695][ T7743] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 246.089438][ T7743] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 246.845192][ T29] audit: type=1804 audit(1738095117.040:311): pid=7781 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.508" name="/newroot/95/file1" dev="fuse" ino=1 res=1 errno=0 [ 247.238363][ T29] audit: type=1800 audit(1738095117.040:312): pid=7781 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.508" name="/" dev="fuse" ino=1 res=0 errno=0 [ 247.238400][ T29] audit: type=1804 audit(1738095117.060:313): pid=7781 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.508" name="/newroot/95/file1" dev="fuse" ino=1 res=1 errno=0 [ 247.238429][ T29] audit: type=1804 audit(1738095117.060:314): pid=7781 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.508" name="/newroot/95/file1" dev="fuse" ino=1 res=1 errno=0 [ 247.238458][ T29] audit: type=1800 audit(1738095117.070:315): pid=7781 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.508" name="/" dev="fuse" ino=1 res=0 errno=0 [ 248.004231][ T5818] Bluetooth: hci0: command 0x0c1a tx timeout [ 248.188117][ T5818] Bluetooth: hci3: command 0x0c1a tx timeout [ 248.188156][ T5818] Bluetooth: hci2: command 0x0c1a tx timeout [ 248.188182][ T5818] Bluetooth: hci4: command 0x0c1a tx timeout [ 249.015270][ T7798] fuse: Bad value for 'fd' [ 250.730760][ T29] audit: type=1804 audit(1738095120.980:316): pid=7811 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.0.516" name="/newroot/113/file1" dev="fuse" ino=1 res=1 errno=0 [ 250.730874][ T29] audit: type=1800 audit(1738095120.980:317): pid=7811 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.516" name="/" dev="fuse" ino=1 res=0 errno=0 [ 250.730968][ T29] audit: type=1804 audit(1738095120.980:318): pid=7811 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.0.516" name="/newroot/113/file1" dev="fuse" ino=1 res=1 errno=0 [ 250.731057][ T29] audit: type=1804 audit(1738095120.980:319): pid=7811 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.0.516" name="/newroot/113/file1" dev="fuse" ino=1 res=1 errno=0 [ 250.731130][ T29] audit: type=1800 audit(1738095120.980:320): pid=7811 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.516" name="/" dev="fuse" ino=1 res=0 errno=0 [ 251.907017][ T29] audit: type=1400 audit(1738095122.160:321): avc: denied { remount } for pid=7816 comm="syz.0.518" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 255.366433][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.372741][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.154045][ T5914] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 256.435447][ T5914] usb 3-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 256.734142][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.748434][ T5914] usb 3-1: config 0 descriptor?? [ 257.810277][ T5914] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 257.826913][ T5914] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 257.968411][ T5914] asix 3-1:0.0: probe with driver asix failed with error -71 [ 258.143191][ T5914] usb 3-1: USB disconnect, device number 5 [ 258.668694][ T7899] fuse: Bad value for 'fd' [ 259.694891][ T7881] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 259.701188][ T5820] Bluetooth: hci1: command 0x0c1a tx timeout [ 260.450395][ T7881] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 260.456572][ T7881] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 260.462547][ T7881] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 260.468502][ T7881] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 260.793609][ T7921] netlink: 164 bytes leftover after parsing attributes in process `syz.4.544'. [ 261.957955][ T5818] Bluetooth: hci0: command 0x0c1a tx timeout [ 262.219899][ T7932] fuse: Bad value for 'user_id' [ 262.244217][ T7932] fuse: Bad value for 'user_id' [ 262.273348][ T29] audit: type=1800 audit(1738095132.550:322): pid=7932 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.547" name="file1" dev="tmpfs" ino=565 res=0 errno=0 [ 262.578837][ T5818] Bluetooth: hci4: command 0x0c1a tx timeout [ 262.584926][ T5818] Bluetooth: hci3: command 0x0c1a tx timeout [ 262.591134][ T5818] Bluetooth: hci2: command 0x0c1a tx timeout [ 263.909600][ T29] audit: type=1400 audit(1738095134.190:323): avc: denied { bind } for pid=7953 comm="syz.2.553" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 264.124966][ T29] audit: type=1400 audit(1738095134.330:324): avc: denied { write } for pid=7953 comm="syz.2.553" path="socket:[14100]" dev="sockfs" ino=14100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 264.198150][ T29] audit: type=1400 audit(1738095134.430:325): avc: denied { read } for pid=7953 comm="syz.2.553" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 267.415667][ T29] audit: type=1400 audit(1738095137.670:326): avc: denied { set_context_mgr } for pid=7985 comm="syz.1.562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 268.109144][ T5861] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 268.333965][ T5861] usb 3-1: Using ep0 maxpacket: 16 [ 268.356971][ T5861] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 268.371149][ T5861] usb 3-1: config 0 has no interfaces? [ 268.394286][ T5861] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 268.414945][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.783996][ T5861] usb 3-1: Product: syz [ 268.798644][ T5861] usb 3-1: Manufacturer: syz [ 268.803256][ T5861] usb 3-1: SerialNumber: syz [ 268.830375][ T5861] usb 3-1: config 0 descriptor?? [ 269.059325][ T5898] usb 3-1: USB disconnect, device number 6 [ 269.738897][ T8013] netlink: 164 bytes leftover after parsing attributes in process `syz.3.568'. [ 270.411773][ T8013] team0 (unregistering): Port device team_slave_0 removed [ 270.426484][ T8013] team0 (unregistering): Port device team_slave_1 removed [ 271.633320][ T8022] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 273.896378][ T8052] netlink: 8 bytes leftover after parsing attributes in process `syz.0.579'. [ 273.914032][ T29] audit: type=1400 audit(1738095144.170:327): avc: denied { write } for pid=8051 comm="syz.0.579" name="001" dev="devtmpfs" ino=741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 273.938253][ T8052] netlink: 4 bytes leftover after parsing attributes in process `syz.0.579'. [ 273.979187][ T8052] nbd: socks must be embedded in a SOCK_ITEM attr [ 275.044117][ T8033] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 275.051321][ T5820] Bluetooth: hci1: command 0x0c1a tx timeout [ 275.242126][ T8033] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 275.248210][ T8033] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 275.254187][ T8033] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 275.260105][ T8033] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 276.955495][ T8083] netlink: 194488 bytes leftover after parsing attributes in process `syz.3.587'. [ 277.147929][ T5818] Bluetooth: hci0: command 0x0c1a tx timeout [ 277.284601][ T5818] Bluetooth: hci2: command 0x0c1a tx timeout [ 277.290595][ T5818] Bluetooth: hci4: command 0x0c1a tx timeout [ 277.296606][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 277.473047][ T8087] rdma_op ffff88805f5dd1f0 conn xmit_rdma 0000000000000000 [ 277.975439][ T29] audit: type=1400 audit(1738095147.730:328): avc: denied { bind } for pid=8081 comm="syz.1.589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 278.078547][ T29] audit: type=1400 audit(1738095147.740:329): avc: denied { mount } for pid=8081 comm="syz.1.589" name="/" dev="ramfs" ino=14290 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 278.100617][ C0] vkms_vblank_simulate: vblank timer overrun [ 278.211505][ T29] audit: type=1400 audit(1738095147.750:330): avc: denied { write } for pid=8081 comm="syz.1.589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 280.268445][ T8115] netlink: 194488 bytes leftover after parsing attributes in process `syz.1.597'. [ 281.241248][ T29] audit: type=1400 audit(1738095151.510:331): avc: denied { connect } for pid=8121 comm="syz.4.600" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 281.581088][ T29] audit: type=1400 audit(1738095151.520:332): avc: denied { write } for pid=8121 comm="syz.4.600" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 281.600205][ C0] vkms_vblank_simulate: vblank timer overrun [ 281.783938][ T5861] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 281.961803][ T5861] usb 1-1: Using ep0 maxpacket: 16 [ 282.000596][ T5861] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 282.042076][ T5861] usb 1-1: config 0 has no interfaces? [ 282.085680][ T5861] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 282.110469][ T5861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.128657][ T5861] usb 1-1: Product: syz [ 282.145394][ T5861] usb 1-1: Manufacturer: syz [ 282.155392][ T5861] usb 1-1: SerialNumber: syz [ 282.180286][ T5861] usb 1-1: config 0 descriptor?? [ 282.297688][ T8137] rdma_op ffff8880776891f0 conn xmit_rdma 0000000000000000 [ 283.283220][ T5861] usb 1-1: USB disconnect, device number 5 [ 283.286472][ T8143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.606'. [ 283.313134][ T8143] netlink: 4 bytes leftover after parsing attributes in process `syz.1.606'. [ 283.339946][ T8143] nbd: socks must be embedded in a SOCK_ITEM attr [ 283.750035][ T8149] IPv6: NLM_F_CREATE should be specified when creating new route [ 285.085121][ T29] audit: type=1400 audit(1738095155.360:333): avc: denied { watch watch_reads } for pid=8155 comm="syz.0.611" path="/proc/470/syscall" dev="proc" ino=15495 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 286.204848][ T8169] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 287.925633][ T8186] netlink: 194488 bytes leftover after parsing attributes in process `syz.0.618'. [ 288.477782][ T8194] fuse: Bad value for 'fd' [ 288.488969][ T29] audit: type=1800 audit(1738095158.770:334): pid=8194 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.621" name="file1" dev="tmpfs" ino=671 res=0 errno=0 [ 290.422369][ T29] audit: type=1400 audit(1738095160.700:335): avc: denied { read } for pid=8206 comm="syz.4.625" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 290.740929][ T29] audit: type=1400 audit(1738095160.700:336): avc: denied { open } for pid=8206 comm="syz.4.625" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 290.834128][ T29] audit: type=1400 audit(1738095160.790:337): avc: denied { setopt } for pid=8206 comm="syz.4.625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 290.895724][ T29] audit: type=1400 audit(1738095160.790:338): avc: denied { ioctl } for pid=8206 comm="syz.4.625" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 291.650954][ T8221] netlink: 194488 bytes leftover after parsing attributes in process `syz.4.628'. [ 292.657865][ T8238] Cannot find set identified by id 0 to match [ 295.034423][ T8255] rdma_op ffff88807bbbf9f0 conn xmit_rdma 0000000000000000 [ 295.385374][ T8256] rdma_op ffff888029ed81f0 conn xmit_rdma 0000000000000000 [ 296.435218][ T8270] netlink: 194488 bytes leftover after parsing attributes in process `syz.0.640'. [ 296.926417][ T8275] netlink: 'syz.0.644': attribute type 5 has an invalid length. [ 299.170196][ T29] audit: type=1400 audit(1738095169.450:339): avc: denied { getopt } for pid=8302 comm="syz.0.652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 299.474219][ T29] audit: type=1400 audit(1738095169.750:340): avc: denied { setopt } for pid=8302 comm="syz.0.652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 300.754571][ T8310] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 300.761275][ T8310] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 300.768761][ T8310] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 300.776073][ T8310] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 300.782061][ T8310] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 302.983956][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 302.990201][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 302.996471][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 303.011597][ T5142] Bluetooth: hci0: command 0x0c1a tx timeout [ 303.018033][ T5818] Bluetooth: hci1: command 0x0c1a tx timeout [ 303.860889][ T8344] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 305.080481][ T8354] fuse: Bad value for 'fd' [ 306.702268][ T8372] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 306.708477][ T8372] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 306.714591][ T8372] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 306.720573][ T8372] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 306.727312][ T8372] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 308.309376][ T8399] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 308.328381][ T5818] Bluetooth: hci1: command 0x0c1a tx timeout [ 308.884049][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 308.884229][ T5821] Bluetooth: hci3: command 0x0c1a tx timeout [ 308.890134][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 308.951080][ T5818] Bluetooth: hci0: command 0x0c1a tx timeout [ 311.215325][ T8428] rdma_op ffff88807ce8d9f0 conn xmit_rdma 0000000000000000 [ 312.570991][ T8439] rdma_op ffff88805e6ff9f0 conn xmit_rdma 0000000000000000 [ 313.142848][ T29] audit: type=1400 audit(1738095183.410:341): avc: denied { write } for pid=8440 comm="syz.2.687" name="event2" dev="devtmpfs" ino=928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 313.204036][ T29] audit: type=1400 audit(1738095183.460:342): avc: denied { ioctl } for pid=8440 comm="syz.2.687" path="/dev/input/event2" dev="devtmpfs" ino=928 ioctlcmd=0x4518 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 313.623953][ T5815] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 313.837395][ T5815] usb 5-1: Using ep0 maxpacket: 16 [ 315.094248][ T5815] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 315.108218][ T5815] usb 5-1: config 0 has no interfaces? [ 315.117115][ T5815] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 315.154327][ T5815] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.170993][ T5815] usb 5-1: Product: syz [ 315.180186][ T5815] usb 5-1: Manufacturer: syz [ 315.202268][ T5815] usb 5-1: SerialNumber: syz [ 315.202726][ T8464] fuse: Bad value for 'rootmode' [ 315.213132][ T5815] usb 5-1: config 0 descriptor?? [ 315.398686][ T29] audit: type=1800 audit(1738095185.680:343): pid=8464 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.694" name="file1" dev="tmpfs" ino=745 res=0 errno=0 [ 316.459262][ T8474] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 316.468836][ T8474] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 317.076893][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.088428][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.297572][ T117] usb 5-1: USB disconnect, device number 3 [ 320.438078][ T8511] fuse: Bad value for 'rootmode' [ 320.529709][ T29] audit: type=1800 audit(1738095190.810:344): pid=8511 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.708" name="file1" dev="tmpfs" ino=707 res=0 errno=0 [ 323.516397][ T8540] rdma_op ffff888034a4a9f0 conn xmit_rdma 0000000000000000 [ 324.079073][ T117] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 324.264083][ T117] usb 4-1: Using ep0 maxpacket: 8 [ 324.434959][ T117] usb 4-1: config 1 interface 0 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 32 [ 324.558627][ T117] usb 4-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 324.599916][ T117] usb 4-1: config 1 interface 0 has no altsetting 0 [ 324.630147][ T117] usb 4-1: string descriptor 0 read error: -22 [ 325.096297][ T117] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 325.154838][ T117] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.295467][ T117] usb 4-1: can't set config #1, error -71 [ 325.312818][ T117] usb 4-1: USB disconnect, device number 3 [ 333.637730][ T8645] openvswitch: netlink: Mixed IPv4 and IPv6 tunnel attributes [ 334.992527][ T8659] erofs (device nullb0): cannot find valid erofs superblock [ 335.704541][ T8654] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 335.710496][ T8654] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 335.718129][ T8654] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 335.724164][ T8654] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 335.730070][ T8654] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 336.528245][ T8677] rdma_op ffff8880606e29f0 conn xmit_rdma 0000000000000000 [ 337.285924][ T8676] openvswitch: netlink: Mixed IPv4 and IPv6 tunnel attributes [ 337.844510][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 337.850620][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 337.861402][ T5818] Bluetooth: hci2: command 0x0c1a tx timeout [ 337.867462][ T5818] Bluetooth: hci0: command 0x0c1a tx timeout [ 337.873470][ T5818] Bluetooth: hci1: command 0x0c1a tx timeout [ 338.170591][ T8690] rdma_op ffff8880361c01f0 conn xmit_rdma 0000000000000000 [ 338.182770][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 338.813939][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 338.820601][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 338.843907][ T9] usb 5-1: config 0 has no interfaces? [ 338.851254][ T9] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 338.880643][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.899610][ T9] usb 5-1: Product: syz [ 338.917578][ T9] usb 5-1: Manufacturer: syz [ 338.922179][ T9] usb 5-1: SerialNumber: syz [ 339.008873][ T9] usb 5-1: config 0 descriptor?? [ 339.466044][ T117] usb 5-1: USB disconnect, device number 4 [ 339.523263][ T8708] netlink: 'syz.4.763': attribute type 1 has an invalid length. [ 339.585480][ T8711] fuse: Bad value for 'fd' [ 339.614409][ T29] audit: type=1800 audit(1738095209.880:345): pid=8711 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.762" name="file1" dev="tmpfs" ino=733 res=0 errno=0 [ 339.677047][ T8708] 8021q: adding VLAN 0 to HW filter on device bond4 [ 339.711586][ T8713] bond4: (slave veth5): Enslaving as an active interface with a down link [ 341.533971][ T8703] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 341.534158][ T5821] Bluetooth: hci1: command 0x0c1a tx timeout [ 341.887314][ T8703] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 341.929487][ T8703] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 341.963404][ T8703] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 342.000739][ T8703] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 342.512312][ T29] audit: type=1400 audit(1738095212.790:346): avc: denied { setopt } for pid=8741 comm="syz.3.772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 343.604576][ T5821] Bluetooth: hci0: command 0x0c1a tx timeout [ 344.633634][ T5821] Bluetooth: hci4: command 0x0c1a tx timeout [ 344.639701][ T5821] Bluetooth: hci3: command 0x0c1a tx timeout [ 344.645819][ T5821] Bluetooth: hci2: command 0x0c1a tx timeout [ 344.694246][ T8753] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 344.703753][ T8753] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 345.354247][ T5914] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 345.392489][ T8767] fuse: Unknown parameter 'user_i00000000000000000000' [ 345.606036][ T29] audit: type=1800 audit(1738095215.680:347): pid=8767 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.780" name="file1" dev="tmpfs" ino=744 res=0 errno=0 [ 346.443937][ T5914] usb 1-1: Using ep0 maxpacket: 16 [ 346.514224][ T8777] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 346.520673][ T8777] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 346.526782][ T8777] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 346.532745][ T8777] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 346.538797][ T8777] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 346.963127][ T5914] usb 1-1: device descriptor read/all, error -71 [ 347.588845][ T8798] 9pnet_fd: Insufficient options for proto=fd [ 349.530025][ T5142] Bluetooth: hci0: command 0x0c1a tx timeout [ 349.536124][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 349.542132][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 349.545127][ T5821] Bluetooth: hci4: command 0x0c1a tx timeout [ 350.210280][ T8801] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 350.235584][ T8801] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 350.241626][ T8801] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 350.249300][ T8801] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 350.258723][ T8801] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 350.340920][ T29] audit: type=1804 audit(1738095220.620:348): pid=8828 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.794" name="/newroot/143/file1" dev="fuse" ino=1 res=1 errno=0 [ 350.367498][ T29] audit: type=1800 audit(1738095220.620:349): pid=8828 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.794" name="/" dev="fuse" ino=1 res=0 errno=0 [ 350.388768][ T29] audit: type=1804 audit(1738095220.640:350): pid=8828 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.794" name="/newroot/143/file1" dev="fuse" ino=1 res=1 errno=0 [ 350.472866][ T29] audit: type=1804 audit(1738095220.640:351): pid=8828 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.794" name="/newroot/143/file1" dev="fuse" ino=1 res=1 errno=0 [ 350.503007][ T29] audit: type=1800 audit(1738095220.640:352): pid=8828 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.794" name="/" dev="fuse" ino=1 res=0 errno=0 [ 350.744007][ T117] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 350.944197][ T117] usb 4-1: Using ep0 maxpacket: 16 [ 350.957897][ T117] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 350.977765][ T117] usb 4-1: config 0 has no interfaces? [ 350.985322][ T117] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 350.994446][ T117] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.002433][ T117] usb 4-1: Product: syz [ 351.008296][ T117] usb 4-1: Manufacturer: syz [ 351.012900][ T117] usb 4-1: SerialNumber: syz [ 351.020665][ T117] usb 4-1: config 0 descriptor?? [ 351.365394][ T9] usb 4-1: USB disconnect, device number 4 [ 351.509735][ T8857] netlink: 244 bytes leftover after parsing attributes in process `syz.1.805'. [ 351.520676][ T8857] unsupported nlmsg_type 40 [ 351.603991][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 352.244054][ T5821] Bluetooth: hci0: command 0x0c1a tx timeout [ 352.250111][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 352.334225][ T5821] Bluetooth: hci3: command 0x0c1a tx timeout [ 352.340431][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 353.900363][ T29] audit: type=1400 audit(1738095224.180:353): avc: denied { create } for pid=8885 comm="syz.0.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 355.932456][ T8868] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 355.955541][ T8868] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 355.965986][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 355.972053][ T8868] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 356.117598][ T8868] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 356.135405][ T8868] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 356.438957][ T8897] netlink: 'syz.1.816': attribute type 1 has an invalid length. [ 357.188139][ T8897] 8021q: adding VLAN 0 to HW filter on device bond1 [ 357.299121][ T8902] bond1: (slave veth3): Enslaving as an active interface with a down link [ 357.394685][ T8909] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 357.400867][ T8909] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 357.407253][ T8909] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 357.414240][ T8909] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 357.420376][ T8909] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 358.328715][ T972] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 359.703939][ T5821] Bluetooth: hci4: command 0x0c1a tx timeout [ 359.711060][ T5821] Bluetooth: hci3: command 0x0c1a tx timeout [ 359.893772][ T5820] Bluetooth: hci0: command 0x0c1a tx timeout [ 359.900145][ T5818] Bluetooth: hci1: command 0x0c1a tx timeout [ 359.906394][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 360.299026][ T972] usb 5-1: Using ep0 maxpacket: 16 [ 360.386376][ T972] usb 5-1: device descriptor read/all, error -71 [ 364.394295][ T8963] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 364.401162][ T8963] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 364.408514][ T8963] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 364.414478][ T8963] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 364.420431][ T8963] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 365.056759][ T8980] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 365.066348][ T8980] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 365.661226][ T8983] 9pnet_fd: Insufficient options for proto=fd [ 366.404010][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 366.488689][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 366.494763][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 366.495668][ T5821] Bluetooth: hci2: command 0x0c1a tx timeout [ 366.501551][ T8931] Bluetooth: hci0: command 0x0c1a tx timeout [ 370.319206][ T9028] 9pnet_fd: Insufficient options for proto=fd [ 372.324775][ T5815] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 372.834171][ T9052] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 372.834277][ T9052] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 372.834362][ T9052] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 372.834440][ T9052] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 372.834537][ T9052] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 373.423994][ T5815] usb 5-1: Using ep0 maxpacket: 16 [ 373.539468][ T9065] netlink: 164 bytes leftover after parsing attributes in process `syz.2.863'. [ 373.993609][ T5815] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 374.160281][ T5815] usb 5-1: config 0 has no interfaces? [ 374.210337][ T5815] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 374.227746][ T5815] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.240088][ T5815] usb 5-1: Product: syz [ 374.244621][ T5815] usb 5-1: Manufacturer: syz [ 374.249284][ T5815] usb 5-1: SerialNumber: syz [ 374.260020][ T5815] usb 5-1: config 0 descriptor?? [ 374.375117][ T9065] team0 (unregistering): Port device team_slave_0 removed [ 374.386376][ T9065] team0 (unregistering): Port device team_slave_1 removed [ 374.983911][ T5821] Bluetooth: hci4: command 0x0c1a tx timeout [ 374.990200][ T5821] Bluetooth: hci3: command 0x0c1a tx timeout [ 374.996497][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 375.002639][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 375.002749][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 375.159104][ T5815] usb 5-1: can't set config #0, error -71 [ 375.224118][ T5815] usb 5-1: USB disconnect, device number 7 [ 375.619485][ T9080] rdma_op ffff888077e5d9f0 conn xmit_rdma 0000000000000000 [ 376.388044][ T9083] fuse: Bad value for 'fd' [ 376.415814][ T29] audit: type=1800 audit(1738095246.690:354): pid=9083 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.871" name="file1" dev="tmpfs" ino=861 res=0 errno=0 [ 378.425228][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.431660][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.054045][ T9137] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 383.060130][ T9137] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 383.066212][ T9137] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 383.072178][ T9137] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 383.078128][ T9137] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 385.080933][ T9158] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 385.087040][ T9158] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 385.093031][ T9158] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 385.099037][ T9158] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 385.105046][ T9158] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 386.808800][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 387.124101][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 387.130403][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 387.136688][ T5142] Bluetooth: hci0: command 0x0c1a tx timeout [ 387.142862][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 387.329912][ T9176] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 387.336006][ T9176] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 387.341946][ T9176] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 387.347906][ T9176] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 387.353909][ T9176] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 387.896659][ T9186] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 388.836106][ T29] audit: type=1400 audit(1738095259.110:355): avc: denied { connect } for pid=9189 comm="syz.4.903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 389.456255][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 389.462359][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 389.468799][ T8931] Bluetooth: hci3: command 0x0c1a tx timeout [ 389.475027][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 389.481248][ T8931] Bluetooth: hci0: command 0x0c1a tx timeout [ 389.569043][ T29] audit: type=1400 audit(1738095259.110:356): avc: denied { setopt } for pid=9189 comm="syz.4.903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 389.948089][ T29] audit: type=1400 audit(1738095260.190:357): avc: denied { read } for pid=9178 comm="syz.0.899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 391.810599][ T9222] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 391.816752][ T9222] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 391.823179][ T9222] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 391.829216][ T9222] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 391.835270][ T9222] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 393.843793][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 393.851153][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 393.857258][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 393.863308][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 393.869828][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 396.375844][ T9269] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 396.381827][ T9269] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 396.387787][ T9269] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 396.393905][ T9269] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 396.399835][ T9269] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 398.433987][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 398.485035][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 398.485060][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 398.491042][ T5142] Bluetooth: hci0: command 0x0c1a tx timeout [ 398.503154][ T8931] Bluetooth: hci3: command 0x0c1a tx timeout [ 399.757153][ T972] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 399.975815][ T972] usb 2-1: Using ep0 maxpacket: 32 [ 400.093286][ T972] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 400.246679][ T972] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 400.316800][ T972] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 400.367749][ T972] usb 2-1: Product: syz [ 400.374748][ T972] usb 2-1: Manufacturer: syz [ 400.379360][ T972] usb 2-1: SerialNumber: syz [ 400.717832][ T972] usb 2-1: config 0 descriptor?? [ 400.723427][ T9297] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 400.959257][ T9297] openvswitch: netlink: Actions may not be safe on all matching packets [ 400.968097][ T9297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.933'. [ 401.047648][ T972] usb 2-1: USB disconnect, device number 7 [ 403.346059][ T9326] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.940'. [ 403.912180][ T9334] netlink: 194488 bytes leftover after parsing attributes in process `syz.1.943'. [ 404.345651][ T9343] fuse: Unknown parameter '0x0000000000000004' [ 404.353004][ T29] audit: type=1800 audit(1738095274.630:358): pid=9343 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.946" name="file1" dev="tmpfs" ino=947 res=0 errno=0 [ 404.680429][ T5898] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 404.954695][ T5898] usb 1-1: Using ep0 maxpacket: 16 [ 404.956687][ T9358] veth1_macvtap: left promiscuous mode [ 404.969649][ T9358] macsec0: entered promiscuous mode [ 405.024362][ T5898] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 405.035173][ T5898] usb 1-1: config 0 has no interfaces? [ 405.270160][ T5898] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 405.298357][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.309470][ T5898] usb 1-1: Product: syz [ 405.313715][ T5898] usb 1-1: Manufacturer: syz [ 405.319764][ T5898] usb 1-1: SerialNumber: syz [ 405.345196][ T5898] usb 1-1: config 0 descriptor?? [ 405.394319][ T9363] Cannot find set identified by id 0 to match [ 405.638062][ T5815] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 405.877657][ T9] usb 1-1: USB disconnect, device number 8 [ 405.893935][ T5815] usb 5-1: Using ep0 maxpacket: 32 [ 405.905058][ T5815] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 405.916911][ T5815] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 405.928234][ T5815] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 405.948458][ T5815] usb 5-1: Product: syz [ 405.967072][ T5815] usb 5-1: Manufacturer: syz [ 405.988950][ T5815] usb 5-1: SerialNumber: syz [ 406.008338][ T5815] usb 5-1: config 0 descriptor?? [ 406.022556][ T9362] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 406.249530][ T9362] openvswitch: netlink: Actions may not be safe on all matching packets [ 406.258558][ T9362] netlink: 4 bytes leftover after parsing attributes in process `syz.4.953'. [ 407.017309][ T5898] usb 5-1: USB disconnect, device number 8 [ 413.893166][ T9437] netlink: 20 bytes leftover after parsing attributes in process `syz.2.972'. [ 414.497029][ T9448] netlink: 164 bytes leftover after parsing attributes in process `syz.2.973'. [ 415.044393][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 415.050479][ T9426] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 415.854575][ T9426] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 415.860669][ T9426] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 415.866760][ T9426] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 415.872807][ T9426] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 417.168208][ T8931] Bluetooth: hci0: command 0x0c1a tx timeout [ 417.590266][ T9484] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 417.892309][ T9487] 9pnet_fd: Insufficient options for proto=fd [ 417.924059][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 417.930297][ T5821] Bluetooth: hci2: command 0x0c1a tx timeout [ 417.936493][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 419.714063][ T5861] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 420.338662][ T9513] fuse: Unknown parameter 'fd0x0000000000000004' [ 420.343893][ T5861] usb 4-1: Using ep0 maxpacket: 16 [ 420.351677][ T5861] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 420.370271][ T5861] usb 4-1: config 0 has no interfaces? [ 420.432438][ T29] audit: type=1800 audit(1738095290.670:359): pid=9513 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.992" name="file1" dev="tmpfs" ino=1056 res=0 errno=0 [ 420.462647][ T5861] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 420.472358][ T5861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.482944][ T5861] usb 4-1: Product: syz [ 420.487607][ T5861] usb 4-1: Manufacturer: syz [ 420.492379][ T5861] usb 4-1: SerialNumber: syz [ 420.537103][ T5861] usb 4-1: config 0 descriptor?? [ 422.077108][ T972] usb 4-1: USB disconnect, device number 5 [ 423.245445][ T9532] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 423.892597][ T9538] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 423.902137][ T9538] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 425.632861][ T9563] veth1_macvtap: left promiscuous mode [ 425.638547][ T9563] macsec0: entered promiscuous mode [ 427.308641][ T9581] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 428.055217][ T9582] netlink: 'syz.0.1011': attribute type 4 has an invalid length. [ 428.063092][ T9582] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1011'. [ 428.609848][ T9579] mkiss: ax0: crc mode is auto. [ 429.233145][ T5861] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 429.485805][ T5861] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 429.541830][ T5861] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.596191][ T5861] usb 3-1: config 0 descriptor?? [ 431.402289][ T5861] usb 3-1: Cannot set autoneg [ 431.777918][ T5861] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61 [ 432.805225][ T5861] usb 3-1: USB disconnect, device number 7 [ 434.583912][ T5898] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 435.243877][ T5898] usb 2-1: Using ep0 maxpacket: 32 [ 435.254772][ T5898] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 435.317186][ T5898] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 435.361289][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 435.399761][ T5898] usb 2-1: Product: syz [ 435.406619][ T5898] usb 2-1: Manufacturer: syz [ 435.418672][ T5898] usb 2-1: SerialNumber: syz [ 435.501638][ T5898] usb 2-1: config 0 descriptor?? [ 435.510728][ T9645] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 435.751420][ T9645] openvswitch: netlink: Actions may not be safe on all matching packets [ 435.802423][ T9668] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1029'. [ 435.826419][ T5861] usb 2-1: USB disconnect, device number 8 [ 437.695459][ T9690] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1042'. [ 437.894411][ T5861] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 438.390516][ T5861] usb 4-1: Using ep0 maxpacket: 16 [ 438.673430][ T5861] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 439.003984][ T5861] usb 4-1: config 0 has no interfaces? [ 439.015502][ T5861] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 439.033921][ T5861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.048533][ T5861] usb 4-1: Product: syz [ 439.053477][ T5861] usb 4-1: Manufacturer: syz [ 439.058985][ T5861] usb 4-1: SerialNumber: syz [ 439.065922][ T5861] usb 4-1: config 0 descriptor?? [ 439.173914][ T5815] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 439.299937][ T9] usb 4-1: USB disconnect, device number 6 [ 439.324039][ T5815] usb 3-1: Using ep0 maxpacket: 16 [ 439.329525][ T5861] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 439.351110][ T5815] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 439.376318][ T5815] usb 3-1: config 0 has no interfaces? [ 439.392693][ T5815] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 439.404085][ T5815] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.412876][ T5815] usb 3-1: Product: syz [ 439.418549][ T5815] usb 3-1: Manufacturer: syz [ 439.424910][ T5815] usb 3-1: SerialNumber: syz [ 439.435406][ T5815] usb 3-1: config 0 descriptor?? [ 439.594089][ T5861] usb 1-1: Using ep0 maxpacket: 32 [ 439.600690][ T5861] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 439.613395][ T5861] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 439.623201][ T5861] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 439.631811][ T5861] usb 1-1: Product: syz [ 439.637420][ T5861] usb 1-1: Manufacturer: syz [ 439.642241][ T5861] usb 1-1: SerialNumber: syz [ 439.657610][ T5861] usb 1-1: config 0 descriptor?? [ 439.666203][ T9713] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 440.174039][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.180474][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.259380][ T9713] openvswitch: netlink: Actions may not be safe on all matching packets [ 440.344572][ T9713] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1050'. [ 440.359080][ T5898] usb 3-1: USB disconnect, device number 8 [ 440.503568][ T9421] usb 1-1: USB disconnect, device number 9 [ 441.684651][ T9730] netlink: 'syz.4.1055': attribute type 4 has an invalid length. [ 441.693003][ T9730] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1055'. [ 441.800618][ T9729] mkiss: ax0: crc mode is auto. [ 446.724166][ T9789] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 446.730180][ T9789] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 446.736256][ T9789] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 446.742168][ T9789] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 446.748099][ T9789] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 447.116097][ T9805] netlink: 'syz.0.1072': attribute type 4 has an invalid length. [ 447.124157][ T9805] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1072'. [ 447.237819][ T9809] mkiss: ax0: crc mode is auto. [ 448.025196][ T9824] IPv6: NLM_F_CREATE should be specified when creating new route [ 448.803980][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 448.810148][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 448.817290][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 448.823437][ T5821] Bluetooth: hci0: command 0x0c1a tx timeout [ 448.823493][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 458.206490][ T9923] openvswitch: netlink: Mixed IPv4 and IPv6 tunnel attributes [ 459.808890][ T9904] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 459.815255][ T9904] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 459.824900][ T9904] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 459.830846][ T9904] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 459.846361][ T9904] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 459.853970][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 460.040026][ T9940] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 461.843942][ T8931] Bluetooth: hci3: command 0x0c1a tx timeout [ 461.854642][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 461.860933][ T8931] Bluetooth: hci0: command 0x0c1a tx timeout [ 461.923893][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 471.293290][T10041] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 471.303046][T10041] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 473.127227][ T972] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 473.632343][ T972] usb 3-1: Using ep0 maxpacket: 32 [ 473.714843][ T972] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 473.747997][ T29] audit: type=1400 audit(1738095344.020:360): avc: denied { watch watch_reads } for pid=10061 comm="syz.0.1147" path="/232" dev="tmpfs" ino=1215 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 473.766579][ T972] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 473.904092][ T972] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 474.042029][ T972] usb 3-1: Product: syz [ 474.069730][ T972] usb 3-1: Manufacturer: syz [ 474.087070][ T972] usb 3-1: SerialNumber: syz [ 474.132389][ T972] usb 3-1: config 0 descriptor?? [ 474.193599][T10055] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 474.431363][T10055] openvswitch: netlink: Actions may not be safe on all matching packets [ 474.459494][T10055] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1145'. [ 474.543436][ T5815] usb 3-1: USB disconnect, device number 9 [ 475.750673][T10091] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.1156'. [ 485.293906][T10208] netlink: 'syz.1.1186': attribute type 4 has an invalid length. [ 485.301898][T10208] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 485.610328][T10196] mkiss: ax0: crc mode is auto. [ 492.515707][T10281] No control pipe specified [ 494.750095][T10301] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1217'. [ 495.624115][T10294] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 495.630167][T10294] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 495.637009][T10294] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 495.645247][T10294] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 495.651864][T10294] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 496.166833][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 497.693100][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 497.699302][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 497.705652][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 497.711798][ T8931] Bluetooth: hci0: command 0x0c1a tx timeout [ 498.613201][T10350] netlink: 'syz.4.1230': attribute type 4 has an invalid length. [ 498.686526][T10350] mkiss: ax0: crc mode is auto. [ 500.985568][T10374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1236'. [ 501.078975][T10351] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 501.207398][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.215338][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.264112][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 501.565838][T10351] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 501.571943][T10351] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 501.578199][T10351] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 501.584598][T10351] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 502.940672][ T29] audit: type=1400 audit(1738095373.220:361): avc: denied { name_bind } for pid=10397 comm="syz.4.1244" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 503.297111][ T5142] Bluetooth: hci0: command 0x0c1a tx timeout [ 503.354990][ T29] audit: type=1400 audit(1738095373.640:362): avc: denied { read write } for pid=10402 comm="syz.3.1246" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 503.941020][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 503.947269][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 503.954217][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 504.034203][ T29] audit: type=1400 audit(1738095373.640:363): avc: denied { open } for pid=10402 comm="syz.3.1246" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 504.072057][ T29] audit: type=1400 audit(1738095373.640:364): avc: denied { ioctl } for pid=10402 comm="syz.3.1246" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 504.114761][ T972] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 504.273841][ T972] usb 4-1: Using ep0 maxpacket: 32 [ 504.301390][ T972] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 504.356841][ T972] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 504.389403][ T972] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 504.421355][ T972] usb 4-1: Product: syz [ 504.437651][ T972] usb 4-1: Manufacturer: syz [ 504.451332][ T972] usb 4-1: SerialNumber: syz [ 504.506711][ T972] usb 4-1: config 0 descriptor?? [ 504.517052][T10403] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 504.746664][T10403] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1246'. [ 505.135411][ T9994] usb 4-1: USB disconnect, device number 7 [ 506.521563][T10440] netlink: 194488 bytes leftover after parsing attributes in process `syz.3.1257'. [ 507.683962][T10423] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 507.690756][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 508.382492][T10423] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 508.388597][T10423] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 508.394678][T10423] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 508.400663][T10423] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 509.486857][ T9421] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 510.006964][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 510.084056][T10476] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 510.090166][T10476] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 510.096309][T10476] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 510.102304][T10476] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 510.108468][T10476] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 512.164225][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 512.170344][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 512.176464][ T8931] Bluetooth: hci0: command 0x0c1a tx timeout [ 512.183843][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 514.033878][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 514.076565][T10504] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 514.676232][T10504] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 514.682230][T10504] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 514.688820][T10504] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 514.694871][T10504] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 514.857264][T10532] rdma_op ffff88803497f1f0 conn xmit_rdma 0000000000000000 [ 515.484588][ T5898] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 515.764134][ T5898] usb 1-1: Using ep0 maxpacket: 16 [ 515.787169][ T5898] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 515.849922][ T5898] usb 1-1: config 0 has no interfaces? [ 516.074212][ T5898] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 516.093922][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.115864][ T5898] usb 1-1: Product: syz [ 516.126122][ T5898] usb 1-1: Manufacturer: syz [ 516.139654][ T5898] usb 1-1: SerialNumber: syz [ 516.161769][ T5898] usb 1-1: config 0 descriptor?? [ 516.167096][ T8931] Bluetooth: hci0: command 0x0c1a tx timeout [ 516.427512][ T5898] usb 1-1: USB disconnect, device number 11 [ 516.773969][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 516.780107][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 516.786327][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 520.474518][T10596] 9pnet_fd: Insufficient options for proto=fd [ 523.727327][T10644] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 526.183916][ T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 526.235278][T10662] 9pnet_fd: Insufficient options for proto=fd [ 526.403858][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 526.413713][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 526.424207][ T9] usb 1-1: config 0 has no interfaces? [ 526.441085][ T9] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 526.461363][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.495034][ T9] usb 1-1: Product: syz [ 526.499210][ T9] usb 1-1: Manufacturer: syz [ 526.544168][ T9] usb 1-1: SerialNumber: syz [ 526.563264][ T9] usb 1-1: config 0 descriptor?? [ 527.487352][ T9421] usb 1-1: USB disconnect, device number 12 [ 529.636387][T10690] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 531.247736][T10702] Cannot find set identified by id 0 to match [ 531.909676][T10711] 9pnet_fd: Insufficient options for proto=fd [ 532.787007][T10720] netlink: 194488 bytes leftover after parsing attributes in process `syz.0.1333'. [ 535.193997][T10740] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 536.112971][T10751] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1343'. [ 540.082306][T10778] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 543.326718][ T29] audit: type=1400 audit(1738095413.600:365): avc: denied { write } for pid=10813 comm="syz.0.1363" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 550.871953][ T29] audit: type=1800 audit(1738095421.150:366): pid=10897 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.1381" name="/" dev="fuse" ino=0 res=0 errno=0 [ 551.243906][ T25] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 551.413847][ T25] usb 1-1: Using ep0 maxpacket: 32 [ 551.497415][ T25] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 551.694265][ T25] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 551.703328][ T25] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 551.733846][ T25] usb 1-1: Product: syz [ 551.738071][ T25] usb 1-1: Manufacturer: syz [ 551.742744][ T25] usb 1-1: SerialNumber: syz [ 552.274555][ T25] usb 1-1: config 0 descriptor?? [ 552.321047][T10911] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 552.650421][T10911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1387'. [ 552.907624][ T972] usb 1-1: USB disconnect, device number 13 [ 559.745193][ T9421] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 560.113941][ T9421] usb 4-1: Using ep0 maxpacket: 32 [ 560.140431][ T9421] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 560.179431][ T9421] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 560.268790][ T9421] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 560.569738][ T9421] usb 4-1: Product: syz [ 560.577010][ T9421] usb 4-1: Manufacturer: syz [ 560.590651][ T9421] usb 4-1: SerialNumber: syz [ 560.607552][ T9421] usb 4-1: config 0 descriptor?? [ 560.624721][T10994] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 561.597025][T10993] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1410'. [ 561.738874][ T5861] usb 4-1: USB disconnect, device number 8 [ 562.597312][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.604833][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.241514][T11036] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 563.247749][T11036] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 563.253743][T11036] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 563.259755][T11036] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 563.265915][T11036] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 565.282860][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 565.289625][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 565.295970][ T5821] Bluetooth: hci0: command 0x0c1a tx timeout [ 565.302022][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 565.308110][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 566.468227][T11069] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.1431'. [ 567.463174][ T29] audit: type=1400 audit(1738095437.540:367): avc: denied { write } for pid=11080 comm="syz.2.1435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 569.383127][T11104] openvswitch: netlink: Mixed IPv4 and IPv6 tunnel attributes [ 569.781948][T11107] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1442'. [ 570.354633][ T5914] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 570.635390][T11117] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1445'. [ 570.755932][T11117] usb usb8: usbfs: process 11117 (syz.3.1445) did not claim interface 8 before use [ 570.791711][T11117] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1445'. [ 570.793921][ T5914] usb 1-1: Using ep0 maxpacket: 8 [ 570.843619][ T5914] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 570.892235][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.942147][ T5914] usb 1-1: Product: syz [ 570.958447][ T5914] usb 1-1: Manufacturer: syz [ 570.972005][ T5914] usb 1-1: SerialNumber: syz [ 571.001174][ T5914] usb 1-1: config 0 descriptor?? [ 571.123664][ T5914] gspca_main: se401-2.14.0 probing 047d:5003 [ 572.225225][ T5914] usb 1-1: reset high-speed USB device number 14 using dummy_hcd [ 573.560451][ T5914] usb 1-1: device descriptor read/all, error -71 [ 573.585415][T11151] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1455'. [ 573.608382][T11148] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 573.614690][T11148] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 573.620616][T11148] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 573.626586][T11148] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 573.632491][T11148] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 574.756138][ T5914] gspca_se401: read req failed req 0x06 error -19 [ 574.773400][ T5914] usb 1-1: USB disconnect, device number 14 [ 575.343729][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 575.971877][ T8931] Bluetooth: hci3: command 0x0c1a tx timeout [ 575.978078][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 575.984178][ T8931] Bluetooth: hci0: command 0x0c1a tx timeout [ 575.991034][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 578.866092][T11199] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 578.872144][T11199] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 578.878245][T11199] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 578.884374][T11199] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 578.890382][T11199] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 579.688682][T11211] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 579.698213][T11211] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 580.552016][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 580.903924][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 580.909957][ T8931] Bluetooth: hci0: command 0x0c1a tx timeout [ 581.027582][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 581.033672][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 581.497812][T11231] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 581.504479][T11231] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 581.525254][T11231] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 581.546490][T11231] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 581.557808][T11231] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 581.924433][ T29] audit: type=1400 audit(1738095452.200:368): avc: denied { unlink } for pid=11246 comm="syz.0.1480" name="#1" dev="tmpfs" ino=1568 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 582.652987][ T29] audit: type=1400 audit(1738095452.930:369): avc: denied { mount } for pid=11246 comm="syz.0.1480" name="/" dev="overlay" ino=1564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 583.123880][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 583.526579][ T8931] Bluetooth: hci0: command 0x0c1a tx timeout [ 583.604146][ T5821] Bluetooth: hci2: command 0x0c1a tx timeout [ 583.610308][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 583.616416][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 584.809522][T11268] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1489'. [ 586.471619][T11292] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 586.547966][T11292] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 587.887241][T11309] openvswitch: netlink: Mixed IPv4 and IPv6 tunnel attributes [ 592.329710][ T29] audit: type=1800 audit(1738095462.610:370): pid=11361 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.1504" name="/" dev="fuse" ino=0 res=0 errno=0 [ 592.701058][T11364] openvswitch: netlink: Mixed IPv4 and IPv6 tunnel attributes [ 593.871125][T11382] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 595.057194][T11397] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 595.066824][T11397] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 598.328020][T11428] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1526'. [ 600.936816][T11453] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 600.942886][T11453] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 600.949063][T11453] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 600.955453][T11453] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 600.961931][T11453] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 602.734049][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 602.843935][ T5861] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 602.964033][ T8931] Bluetooth: hci0: command 0x0c1a tx timeout [ 602.971522][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 603.033842][ T5861] usb 2-1: Using ep0 maxpacket: 16 [ 603.051406][ T5861] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 603.070353][ T5861] usb 2-1: config 0 has no interfaces? [ 603.078089][ T5861] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 603.103881][ T5861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.111996][ T5861] usb 2-1: Product: syz [ 603.116318][ T5861] usb 2-1: Manufacturer: syz [ 603.120927][ T5861] usb 2-1: SerialNumber: syz [ 603.137986][ T5861] usb 2-1: config 0 descriptor?? [ 603.463840][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 603.472121][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 603.571572][ T972] usb 2-1: USB disconnect, device number 9 [ 603.609486][T11493] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1544'. [ 604.988652][T11513] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 604.998257][T11513] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 613.171270][T11599] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 613.203911][T11599] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 613.213957][T11599] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 613.220299][T11599] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 613.226710][T11599] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 614.832560][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 615.645932][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 615.652069][ T5821] Bluetooth: hci2: command 0x0c1a tx timeout [ 615.658207][ T5142] Bluetooth: hci0: command 0x0c1a tx timeout [ 615.664468][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 617.416715][ T29] audit: type=1400 audit(1738095487.700:371): avc: denied { mount } for pid=11644 comm="syz.1.1584" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 617.763050][ T29] audit: type=1400 audit(1738095488.040:372): avc: denied { unmount } for pid=5814 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 621.043826][T11663] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 621.822416][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 621.830195][T11663] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 621.836375][T11663] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 621.842597][T11663] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 621.848653][T11663] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 623.407021][T11715] netlink: 194488 bytes leftover after parsing attributes in process `syz.4.1603'. [ 623.853689][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 623.941838][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 623.947902][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 623.954006][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 624.281005][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.287430][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.605735][ T972] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 627.384987][ T972] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 627.411174][ T972] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 627.444273][ T972] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 627.614825][ T972] usb 4-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.00 [ 627.623934][ T972] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 627.636626][ T972] usb 4-1: config 0 descriptor?? [ 627.717330][T11761] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1615'. [ 628.115293][ T972] usbhid 4-1:0.0: can't add hid device: -71 [ 628.338440][ T972] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 628.404036][ T972] usb 4-1: USB disconnect, device number 9 [ 629.791535][T11794] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 631.988950][T11824] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1632'. [ 634.788899][T11853] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1644'. [ 634.842053][T11853] usb usb8: usbfs: process 11853 (syz.3.1644) did not claim interface 8 before use [ 634.913316][T11853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1644'. [ 635.599237][T11864] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.1645'. [ 636.632799][T11881] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1650'. [ 639.838045][T11929] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1664'. [ 639.871201][T11929] usb usb8: usbfs: process 11929 (syz.4.1664) did not claim interface 8 before use [ 639.879257][T11933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1665'. [ 640.059149][T11929] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1664'. [ 648.483076][T12018] openvswitch: netlink: Flow actions attr not present in new flow. [ 649.006830][T12024] netlink: 194488 bytes leftover after parsing attributes in process `syz.1.1689'. [ 649.415880][T12030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1692'. [ 650.766355][ T25] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 651.738699][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 651.783929][ T25] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 651.823845][ T25] usb 5-1: config 0 has no interfaces? [ 652.531289][ T29] audit: type=1800 audit(1738095522.810:373): pid=12047 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.1690" name="/" dev="fuse" ino=0 res=0 errno=0 [ 652.698506][ T25] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 652.707613][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 652.802899][ T25] usb 5-1: Product: syz [ 652.943465][ T25] usb 5-1: Manufacturer: syz [ 652.961139][ T25] usb 5-1: SerialNumber: syz [ 652.986882][ T25] usb 5-1: config 0 descriptor?? [ 653.755903][ T25] usb 5-1: can't set config #0, error -71 [ 653.771365][ T25] usb 5-1: USB disconnect, device number 9 [ 653.899613][T12076] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 653.909197][T12076] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 655.131697][T12095] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 655.141269][T12095] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 658.170566][ T29] audit: type=1804 audit(1738095528.440:374): pid=12127 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.1717" name="/newroot/348/file1" dev="fuse" ino=1 res=1 errno=0 [ 658.218175][ T29] audit: type=1800 audit(1738095528.440:375): pid=12127 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.1717" name="/" dev="fuse" ino=1 res=0 errno=0 [ 658.240199][ T29] audit: type=1804 audit(1738095528.450:376): pid=12127 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.1717" name="/newroot/348/file1" dev="fuse" ino=1 res=1 errno=0 [ 658.271439][ T29] audit: type=1804 audit(1738095528.450:377): pid=12127 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.1717" name="/newroot/348/file1" dev="fuse" ino=1 res=1 errno=0 [ 658.443826][ T29] audit: type=1800 audit(1738095528.450:378): pid=12127 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.1717" name="/" dev="fuse" ino=1 res=0 errno=0 [ 664.210875][T12201] openvswitch: netlink: IPv4 tunnel dst address is zero [ 670.390622][T12269] x_tables: unsorted underflow at hook 3 [ 673.103633][T12305] openvswitch: netlink: IPv4 tunnel dst address is zero [ 675.722645][T12351] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.1783'. [ 676.663970][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 677.131778][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 677.159703][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 677.178131][ T9] usb 2-1: config 0 has no interfaces? [ 677.313570][ T9] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 677.330402][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.969461][ T9] usb 2-1: Product: syz [ 677.987313][ T9] usb 2-1: Manufacturer: syz [ 677.999812][ T9] usb 2-1: SerialNumber: syz [ 678.108227][ T9] usb 2-1: config 0 descriptor?? [ 678.296325][T12382] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.1792'. [ 679.662240][ T9421] usb 2-1: USB disconnect, device number 10 [ 679.810803][T12394] openvswitch: netlink: IPv4 tunnel dst address is zero [ 680.097187][T12397] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.1796'. [ 683.729896][T12449] Bluetooth: hci0: service_discovery: too big uuid_count value 65535 [ 683.823898][ T29] audit: type=1800 audit(1738095553.980:379): pid=12448 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.1804" name="/" dev="fuse" ino=0 res=0 errno=0 [ 684.048914][T12455] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1815'. [ 684.432825][T12460] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1815'. [ 685.551898][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.562525][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.457537][T12485] netlink: 194488 bytes leftover after parsing attributes in process `syz.1.1821'. [ 686.787369][T12477] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 686.869810][T12477] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 686.924649][T12477] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 686.947006][T12477] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 687.188785][T12477] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 687.559323][T12504] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1829'. [ 688.164438][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 688.803847][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 689.029670][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 689.035757][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 689.857544][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 690.442119][T12524] Bluetooth: hci0: service_discovery: too big uuid_count value 65535 [ 691.871241][T12547] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1841'. [ 692.730419][T12546] Bluetooth: hci0: service_discovery: too big uuid_count value 65535 [ 694.029539][T12550] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 694.051905][T12550] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 694.071897][T12550] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 694.088572][T12550] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 694.104448][T12550] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 694.803881][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 695.554089][ T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 695.703809][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 695.710603][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 695.723221][ T9] usb 4-1: config 0 has no interfaces? [ 695.740709][ T9] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 695.753853][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.774099][ T9] usb 4-1: Product: syz [ 695.779030][ T9] usb 4-1: Manufacturer: syz [ 695.784486][ T9] usb 4-1: SerialNumber: syz [ 695.798642][ T9] usb 4-1: config 0 descriptor?? [ 695.823990][ T9994] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 695.924144][T12601] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1856'. [ 696.182229][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 696.182247][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 696.188381][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 696.194617][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 696.588138][ T9994] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 696.630061][ T9994] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 696.684407][ T9994] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 696.732627][ T25] usb 4-1: USB disconnect, device number 10 [ 696.758644][ T9994] usb 2-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.00 [ 696.793021][ T9994] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 696.848771][ T9994] usb 2-1: config 0 descriptor?? [ 697.295143][ T9994] usbhid 2-1:0.0: can't add hid device: -71 [ 697.507698][ T9994] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 697.539475][ T9994] usb 2-1: USB disconnect, device number 11 [ 699.282264][T12631] x_tables: unsorted underflow at hook 3 [ 701.390165][T12663] fuse: Bad value for 'fd' [ 701.924708][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 701.924879][T12638] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 702.561657][T12638] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 702.568711][T12638] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 702.574944][T12638] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 702.581152][T12638] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 702.933328][ T9421] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 704.054060][ T5142] Bluetooth: hci0: command 0x0c1a tx timeout [ 704.644016][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 704.644186][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 705.413042][ T8931] Bluetooth: hci3: command 0x0c1a tx timeout [ 705.528779][T12700] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.1885'. [ 705.922787][T12708] x_tables: unsorted underflow at hook 3 [ 708.438581][T12739] netlink: 194488 bytes leftover after parsing attributes in process `syz.1.1898'. [ 708.714582][T12741] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 708.724189][T12741] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 710.426247][T12752] rdma_op ffff88807bab19f0 conn xmit_rdma 0000000000000000 [ 710.747485][ T51] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 710.755681][ T5896] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 711.463876][ T5896] usb 5-1: Using ep0 maxpacket: 16 [ 711.484545][ T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 711.497029][ T5896] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 711.541893][ T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 711.551709][ T5896] usb 5-1: config 0 has no interfaces? [ 711.565847][ T5896] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 711.591627][ T51] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 711.604591][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 711.612580][ T5896] usb 5-1: Product: syz [ 711.621419][ T51] usb 2-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.00 [ 711.632167][ T5896] usb 5-1: Manufacturer: syz [ 711.637037][ T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 711.645303][ T5896] usb 5-1: SerialNumber: syz [ 711.651470][ T5896] usb 5-1: config 0 descriptor?? [ 711.659169][ T51] usb 2-1: config 0 descriptor?? [ 711.937752][T12772] netlink: 194488 bytes leftover after parsing attributes in process `syz.3.1907'. [ 712.259869][ T9] usb 5-1: USB disconnect, device number 10 [ 712.504943][ C1] raw-gadget.1 gadget.1: ignoring, device is not running [ 712.509915][T12776] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1908'. [ 712.513216][ T51] usbhid 2-1:0.0: can't add hid device: -71 [ 712.529844][ T51] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 712.533475][T12776] usb usb8: usbfs: process 12776 (syz.2.1908) did not claim interface 8 before use [ 712.544870][ T51] usb 2-1: USB disconnect, device number 12 [ 712.581069][T12776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1908'. [ 714.515893][ T29] audit: type=1400 audit(1738095584.800:380): avc: denied { create } for pid=12800 comm="syz.3.1917" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 716.033837][ T9] IPVS: starting estimator thread 0... [ 716.293889][T12820] IPVS: using max 29 ests per chain, 69600 per kthread [ 716.406653][T12802] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 716.459370][T12802] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 716.468414][T12802] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 716.474655][T12802] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 716.480754][T12802] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 717.177784][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 717.408107][T12841] mmap: syz.2.1927 (12841) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 718.983842][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 718.990044][ T8931] Bluetooth: hci3: command 0x0c1a tx timeout [ 718.996170][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 719.002179][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 719.876320][ T29] audit: type=1800 audit(1738095590.140:381): pid=12855 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.1931" name="file1" dev="tmpfs" ino=2024 res=0 errno=0 [ 724.563828][T12878] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 724.570082][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 725.586224][T12878] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 725.592293][T12878] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 725.599470][T12878] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 725.605754][T12878] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 726.653774][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 727.775660][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 727.785022][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 727.792535][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 729.493993][ T9994] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 729.797440][ T9994] usb 5-1: Using ep0 maxpacket: 16 [ 729.979740][ T9994] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 729.998506][ T9994] usb 5-1: config 0 has no interfaces? [ 730.126797][ T9994] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 730.153780][ T9994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 730.737310][ T9994] usb 5-1: Product: syz [ 730.748255][ T9994] usb 5-1: Manufacturer: syz [ 730.764282][ T9994] usb 5-1: SerialNumber: syz [ 730.970602][ T9994] usb 5-1: config 0 descriptor?? [ 731.603910][T12943] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 731.610789][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 731.682105][ T9994] usb 5-1: can't set config #0, error -71 [ 731.723435][ T9994] usb 5-1: USB disconnect, device number 11 [ 732.361735][T12943] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 732.507982][T12943] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 732.514461][T12943] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 732.520830][T12943] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 734.009637][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 735.059828][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 735.067433][ T5821] Bluetooth: hci2: command 0x0c1a tx timeout [ 735.073415][ T8931] Bluetooth: hci3: command 0x0c1a tx timeout [ 739.443896][T13037] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 739.474011][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 740.213793][T13037] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 740.219829][T13037] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 740.225912][T13037] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 740.231899][T13037] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 741.524025][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 742.324989][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 742.325119][ T5821] Bluetooth: hci3: command 0x0c1a tx timeout [ 742.331217][ T5821] Bluetooth: hci4: command 0x0c1a tx timeout [ 743.682203][T13101] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 743.704232][T13101] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 743.712147][T13101] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 743.731852][T13101] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 744.405733][T13101] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 745.723941][ T5821] Bluetooth: hci1: command 0x0c1a tx timeout [ 745.779064][ T5821] Bluetooth: hci2: command 0x0c1a tx timeout [ 745.785128][ T5821] Bluetooth: hci3: command 0x0c1a tx timeout [ 745.791129][ T5821] Bluetooth: hci0: command 0x0c1a tx timeout [ 746.159370][T13129] openvswitch: netlink: Flow key attr not present in new flow. [ 746.594919][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 746.895189][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.901578][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.450833][T13156] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.2020'. [ 748.820945][T13161] netlink: 194488 bytes leftover after parsing attributes in process `syz.3.2019'. [ 748.901290][T13164] openvswitch: netlink: Flow key attr not present in new flow. [ 749.760373][T13175] fuse: Bad value for 'fd' [ 749.852253][ T29] audit: type=1800 audit(1738095620.060:382): pid=13175 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2025" name="file1" dev="tmpfs" ino=2146 res=0 errno=0 [ 753.043761][T13196] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 753.054208][T13196] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 753.092513][T13196] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 753.101316][T13196] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 753.114640][T13196] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 753.176210][T13208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2034'. [ 753.233927][T13208] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2034'. [ 753.272845][T13208] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2034'. [ 753.584523][T13218] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2035'. [ 754.803912][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 755.180462][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 755.180511][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 755.186506][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 755.202803][ T5821] Bluetooth: hci3: command 0x0c1a tx timeout [ 755.214127][T13225] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 755.222662][T13225] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 755.228848][T13225] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 755.234957][T13225] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 755.241148][T13225] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 756.583049][ T8931] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 757.373848][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 757.379915][ T5821] Bluetooth: hci3: command 0x0c1a tx timeout [ 757.386280][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 757.388835][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 757.392302][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 757.453749][ T29] audit: type=1800 audit(1738095627.720:383): pid=13250 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.2038" name="/" dev="fuse" ino=0 res=0 errno=0 [ 760.399763][ T29] audit: type=1400 audit(1738095630.680:384): avc: denied { create } for pid=13281 comm="syz.2.2054" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 760.723997][ T9421] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 761.217124][ T9421] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 761.416831][ T9421] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 761.426836][ T9421] usb 1-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 761.435947][ T9421] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 761.461836][ T9421] usb 1-1: config 0 descriptor?? [ 761.963486][ T9421] usbhid 1-1:0.0: can't add hid device: -71 [ 761.995455][ T9421] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 762.065323][ T9421] usb 1-1: USB disconnect, device number 15 [ 764.730366][T13321] netlink: 260 bytes leftover after parsing attributes in process `syz.2.2063'. [ 766.835595][ T5142] Bluetooth: hci2: ACL packet for unknown connection handle 168 [ 766.870120][T13348] openvswitch: netlink: Flow key attr not present in new flow. [ 768.113901][T13357] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 770.540653][T13365] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 773.635093][T13393] openvswitch: netlink: Flow key attr not present in new flow. [ 775.276326][T11669] IPVS: starting estimator thread 0... [ 776.247271][T13415] IPVS: using max 26 ests per chain, 62400 per kthread [ 776.617312][T13411] netlink: 194488 bytes leftover after parsing attributes in process `syz.4.2092'. [ 776.743146][ T9994] IPVS: starting estimator thread 0... [ 776.893974][T13423] IPVS: using max 26 ests per chain, 62400 per kthread [ 777.852577][T13433] netlink: 194488 bytes leftover after parsing attributes in process `syz.0.2096'. [ 779.543818][ T9] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 780.453915][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 780.660558][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 781.241823][ T9] usb 5-1: config 0 has no interfaces? [ 781.277304][ T9] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 781.319621][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 781.351023][ T9] usb 5-1: Product: syz [ 781.362055][ T9] usb 5-1: Manufacturer: syz [ 781.372339][ T9] usb 5-1: SerialNumber: syz [ 781.382989][ T9] usb 5-1: config 0 descriptor?? [ 782.291279][ T9] usb 5-1: USB disconnect, device number 12 [ 783.149203][T11669] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 783.974706][T11669] usb 2-1: Using ep0 maxpacket: 16 [ 783.983621][T11669] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 784.004955][T11669] usb 2-1: config 0 has no interfaces? [ 784.199546][T11669] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 784.803595][T11669] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 784.815075][T11669] usb 2-1: Product: syz [ 784.819247][T11669] usb 2-1: Manufacturer: syz [ 784.833900][T11669] usb 2-1: SerialNumber: syz [ 784.844518][T11669] usb 2-1: config 0 descriptor?? [ 785.766378][ T29] audit: type=1800 audit(1738095655.590:385): pid=13526 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2121" name="file1" dev="tmpfs" ino=2286 res=0 errno=0 [ 785.788100][ C1] vkms_vblank_simulate: vblank timer overrun [ 786.029681][T11669] usb 2-1: USB disconnect, device number 13 [ 787.294728][ T5896] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 787.357362][T13540] rdma_op ffff88807b6231f0 conn xmit_rdma 0000000000000000 [ 787.481877][ T5896] usb 4-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 787.864238][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 787.882505][ T5896] usb 4-1: Product: syz [ 787.889954][ T5896] usb 4-1: Manufacturer: syz [ 787.894908][ T5896] usb 4-1: SerialNumber: syz [ 787.905298][ T5896] usb 4-1: config 0 descriptor?? [ 788.403817][ T9421] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 788.435115][ T29] audit: type=1400 audit(1738095658.660:386): avc: denied { ioctl } for pid=13535 comm="syz.3.2123" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 788.460492][ C1] vkms_vblank_simulate: vblank timer overrun [ 788.608987][ T9421] usb 1-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 788.621685][ T9421] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.643722][ T9421] usb 1-1: Product: syz [ 788.647948][ T9421] usb 1-1: Manufacturer: syz [ 788.652558][ T9421] usb 1-1: SerialNumber: syz [ 788.967683][ T5896] int51x1 4-1:0.0: probe with driver int51x1 failed with error -22 [ 789.078217][ T9421] usb 1-1: config 0 descriptor?? [ 789.352662][T13557] netlink: 184 bytes leftover after parsing attributes in process `syz.4.2128'. [ 790.058396][ T9421] int51x1 1-1:0.0: probe with driver int51x1 failed with error -22 [ 790.746518][ T9] usb 1-1: USB disconnect, device number 16 [ 791.424622][ T9] usb 4-1: USB disconnect, device number 11 [ 792.105690][ T9421] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 792.150518][T13577] netlink: 194488 bytes leftover after parsing attributes in process `syz.3.2133'. [ 792.283946][ T9421] usb 2-1: Using ep0 maxpacket: 16 [ 792.370980][ T9421] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 792.624391][ T9421] usb 2-1: config 0 has no interfaces? [ 792.666741][T13583] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 792.676324][T13583] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 792.703478][ T9421] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 792.723452][ T9421] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 792.738322][ T9421] usb 2-1: Product: syz [ 792.742783][ T9421] usb 2-1: Manufacturer: syz [ 792.747564][ T9421] usb 2-1: SerialNumber: syz [ 793.520929][T13588] rdma_op ffff88805d5fa9f0 conn xmit_rdma 0000000000000000 [ 794.230710][ T9421] usb 2-1: config 0 descriptor?? [ 794.309894][ T9421] usb 2-1: can't set config #0, error -71 [ 794.464030][ T9421] usb 2-1: USB disconnect, device number 14 [ 794.470507][ T29] audit: type=1400 audit(1738095664.750:387): avc: denied { bind } for pid=13595 comm="syz.3.2139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 794.530662][ T29] audit: type=1400 audit(1738095664.750:388): avc: denied { name_bind } for pid=13595 comm="syz.3.2139" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 794.646242][ T29] audit: type=1400 audit(1738095664.750:389): avc: denied { node_bind } for pid=13595 comm="syz.3.2139" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 794.995992][T13599] x_tables: unsorted underflow at hook 3 [ 795.584809][T13608] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2145'. [ 795.742109][T13619] netlink: 184 bytes leftover after parsing attributes in process `syz.0.2143'. [ 796.595044][T13608] netlink: 'syz.2.2145': attribute type 1 has an invalid length. [ 798.690378][T13647] pimreg: entered allmulticast mode [ 799.162653][ T5142] Bluetooth: hci3: unknown advertising packet type: 0x32 [ 799.163551][ T5142] Bluetooth: hci3: Malformed LE Event: 0x02 [ 800.196905][ T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 801.279379][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 801.294815][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 801.314445][ T9] usb 5-1: config 0 has no interfaces? [ 801.337673][ T9] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 801.372444][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 801.665005][ T9] usb 5-1: Product: syz [ 801.673949][ T9] usb 5-1: Manufacturer: syz [ 801.683895][ T9] usb 5-1: SerialNumber: syz [ 801.813504][ T9] usb 5-1: config 0 descriptor?? [ 802.629004][T13679] netlink: 184 bytes leftover after parsing attributes in process `syz.1.2160'. [ 803.793571][ T9994] usb 5-1: USB disconnect, device number 13 [ 804.004095][ T5898] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 804.108465][T13696] x_tables: unsorted underflow at hook 3 [ 804.174922][ T5898] usb 1-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 804.324509][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 804.333200][ T5898] usb 1-1: Product: syz [ 804.337612][ T5898] usb 1-1: Manufacturer: syz [ 804.342219][ T5898] usb 1-1: SerialNumber: syz [ 804.357339][ T5898] usb 1-1: config 0 descriptor?? [ 805.065620][ T5898] int51x1 1-1:0.0: probe with driver int51x1 failed with error -22 [ 806.061572][ T25] usb 1-1: USB disconnect, device number 17 [ 807.299319][T13723] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 807.324317][T13723] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 807.435091][T13723] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 807.452744][T13723] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 808.026764][T13734] rdma_op ffff888036cf71f0 conn xmit_rdma 0000000000000000 [ 808.523988][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.530292][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.863497][ T29] audit: type=1400 audit(1738095679.140:390): avc: denied { bind } for pid=13726 comm="syz.4.2173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 809.682439][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 809.693778][ T8931] Bluetooth: hci3: command 0x0c1a tx timeout [ 809.702321][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 809.712616][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 810.643769][T13756] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 810.653259][T13756] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 812.719240][T13762] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.2181'. [ 816.773518][T13800] rdma_op ffff88805cabe1f0 conn xmit_rdma 0000000000000000 [ 825.774253][T13864] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 825.781202][T13864] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 825.976148][T13864] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 825.982252][T13864] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 826.441444][ T5896] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 826.673769][ T5896] usb 1-1: device descriptor read/64, error -71 [ 827.614375][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 827.866687][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 828.009346][ T8931] Bluetooth: hci3: command 0x0c1a tx timeout [ 828.015633][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 835.059310][ T9] IPVS: starting estimator thread 0... [ 835.174193][T13978] IPVS: using max 57 ests per chain, 136800 per kthread [ 835.583783][ T9421] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 835.611871][T13985] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 836.303811][ T9421] usb 5-1: Using ep0 maxpacket: 16 [ 836.314007][ T9421] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 836.460484][ T9421] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 836.593437][ T9421] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 836.720946][ T9421] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 836.730550][ T9421] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 836.739128][ T9421] usb 5-1: SerialNumber: syz [ 836.770154][T13977] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 837.528067][ T9421] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 837.791183][ T9421] usb 5-1: USB disconnect, device number 14 [ 838.194032][T14017] netlink: 194488 bytes leftover after parsing attributes in process `syz.1.2251'. [ 839.993501][T14034] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 839.999669][T14034] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 840.005645][T14034] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 840.011567][T14034] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 840.519063][T14055] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 841.532850][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 842.015826][T14065] usb usb8: usbfs: process 14065 (syz.2.2266) did not claim interface 8 before use [ 842.046302][T14065] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2266'. [ 842.083887][ T5821] Bluetooth: hci4: command 0x0c1a tx timeout [ 842.090185][ T8931] Bluetooth: hci3: command 0x0c1a tx timeout [ 843.067927][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 846.263811][ T5898] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 846.480670][ T5898] usb 5-1: device descriptor read/64, error -71 [ 849.612636][ T29] audit: type=1400 audit(1738095719.880:391): avc: denied { listen } for pid=14140 comm="syz.2.2285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 849.947456][ T29] audit: type=1400 audit(1738095719.890:392): avc: denied { accept } for pid=14140 comm="syz.2.2285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 850.001332][T14146] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2285'. [ 850.012954][T14146] dummy0: entered promiscuous mode [ 850.018631][T14146] macvtap1: entered promiscuous mode [ 850.024112][T14146] macvtap1: entered allmulticast mode [ 850.029459][T14146] dummy0: entered allmulticast mode [ 850.248822][T14151] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 850.444394][T14153] netlink: 260 bytes leftover after parsing attributes in process `syz.0.2288'. [ 851.306430][T14168] x_tables: unsorted underflow at hook 3 [ 853.431286][ T29] audit: type=1400 audit(1738095723.650:393): avc: denied { ioctl } for pid=14187 comm="syz.4.2299" path="socket:[34325]" dev="sockfs" ino=34325 ioctlcmd=0x8917 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 853.546483][T14182] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 853.552550][T14182] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 853.558561][T14182] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 853.564511][T14182] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 855.111742][T14209] netlink: 194488 bytes leftover after parsing attributes in process `syz.3.2305'. [ 855.298377][ T8931] Bluetooth: hci1: command 0x0c1a tx timeout [ 856.438470][ T8931] Bluetooth: hci4: command 0x0c1a tx timeout [ 856.444573][ T8931] Bluetooth: hci3: command 0x0c1a tx timeout [ 856.450605][ T8931] Bluetooth: hci2: command 0x0c1a tx timeout [ 856.490604][T14218] netlink: 184 bytes leftover after parsing attributes in process `syz.3.2307'. [ 858.621272][T14237] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 858.627391][T14237] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 858.633304][T14237] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 858.639296][T14237] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 860.892344][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 860.898503][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 860.901164][ T5821] Bluetooth: hci2: command 0x0c1a tx timeout [ 860.904583][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 864.723750][ T972] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 864.933754][T11669] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 865.569292][ T972] usb 5-1: Using ep0 maxpacket: 16 [ 865.589628][ T972] usb 5-1: no configurations [ 865.620278][ T972] usb 5-1: can't read configurations, error -22 [ 865.737988][T11669] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 865.880655][T11669] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 866.457522][ T972] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 866.476144][T11669] usb 3-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 866.486296][T11669] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 866.497679][T11669] usb 3-1: config 0 descriptor?? [ 867.741553][T11669] usbhid 3-1:0.0: can't add hid device: -71 [ 867.747557][T11669] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 867.764316][T11669] usb 3-1: USB disconnect, device number 11 [ 868.833797][T13820] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 869.063570][T13820] usb 2-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 869.646899][T13820] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 869.698094][T13820] usb 2-1: Product: syz [ 869.764741][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 869.771072][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 869.863953][T13820] usb 2-1: Manufacturer: syz [ 869.868574][T13820] usb 2-1: SerialNumber: syz [ 869.914308][T13820] usb 2-1: config 0 descriptor?? [ 871.116413][T14361] x_tables: unsorted underflow at hook 3 [ 871.223616][T13820] int51x1 2-1:0.0: probe with driver int51x1 failed with error -71 [ 871.793457][T13820] usb 2-1: USB disconnect, device number 15 [ 874.283975][ T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 874.391006][T14391] trusted_key: syz.4.2353 sent an empty control message without MSG_MORE. [ 874.585838][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 874.672922][ T9] usb 2-1: no configurations [ 874.689080][ T9] usb 2-1: can't read configurations, error -22 [ 874.699195][ T9421] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 874.964410][ T9] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 875.165371][ T9421] usb 4-1: Using ep0 maxpacket: 16 [ 875.173989][ T9421] usb 4-1: no configurations [ 875.199468][ T9421] usb 4-1: can't read configurations, error -22 [ 876.033793][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 876.044566][ T9] usb 2-1: no configurations [ 876.049147][ T9] usb 2-1: can't read configurations, error -22 [ 876.059147][ T9] usb usb2-port1: attempt power cycle [ 876.223751][ T9421] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 877.003752][ T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 877.111107][ T9] usb 2-1: device descriptor read/8, error -71 [ 878.007155][ T9421] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 879.203973][ T9421] usb 4-1: Using ep0 maxpacket: 16 [ 879.334734][ T9421] usb 4-1: no configurations [ 879.522218][ T9421] usb 4-1: can't read configurations, error -22 [ 879.564144][ T29] audit: type=1400 audit(1738095749.820:394): avc: denied { recv } for pid=13820 comm="kworker/1:3" saddr=::1 src=20001 daddr=::1 dest=20002 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 879.743567][ T9421] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 879.925904][T14449] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 879.935442][T14449] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 880.782424][ T5142] Bluetooth: hci3: unknown advertising packet type: 0x32 [ 880.782458][ T5142] Bluetooth: hci3: Malformed LE Event: 0x02 [ 881.160361][T14460] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2373'. [ 881.171356][T14460] dummy0: entered promiscuous mode [ 881.176622][T14460] macvtap1: entered promiscuous mode [ 881.181981][T14460] macvtap1: entered allmulticast mode [ 881.189795][T14460] dummy0: entered allmulticast mode [ 881.336140][T14466] netlink: 260 bytes leftover after parsing attributes in process `syz.4.2375'. [ 884.216067][ T29] audit: type=1400 audit(1738095754.490:395): avc: denied { mount } for pid=14484 comm="syz.4.2381" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 884.315494][ T5142] Bluetooth: hci2: unknown advertising packet type: 0x32 [ 884.325865][ T5142] Bluetooth: hci2: Malformed LE Event: 0x02 [ 884.777017][ T29] audit: type=1400 audit(1738095754.520:396): avc: denied { mounton } for pid=14484 comm="syz.4.2381" path="/464/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 884.820936][ T29] audit: type=1400 audit(1738095754.600:397): avc: denied { search } for pid=5173 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 885.281213][ T29] audit: type=1400 audit(1738095755.560:398): avc: denied { unmount } for pid=5825 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 885.668802][T14510] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 885.678384][T14510] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 886.348304][T14515] netlink: 260 bytes leftover after parsing attributes in process `syz.0.2390'. [ 887.173686][T14522] netlink: 194488 bytes leftover after parsing attributes in process `syz.4.2392'. [ 888.563969][ T9994] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 888.871937][T14547] netlink: 184 bytes leftover after parsing attributes in process `syz.0.2397'. [ 889.613732][ T9994] usb 2-1: Using ep0 maxpacket: 16 [ 889.691772][ T9994] usb 2-1: no configurations [ 889.717803][ T9994] usb 2-1: can't read configurations, error -22 [ 889.802623][T14557] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 889.810829][T14557] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 890.423878][ T9994] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 891.271360][T14563] usb usb8: usbfs: process 14563 (syz.0.2403) did not claim interface 8 before use [ 891.315677][T14563] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2403'. [ 891.971010][ T9994] usb 2-1: device descriptor read/64, error -71 [ 892.138794][ T9994] usb usb2-port1: attempt power cycle [ 892.819796][ T9994] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 892.844177][ T9994] usb 2-1: Using ep0 maxpacket: 16 [ 892.849854][ T9994] usb 2-1: no configurations [ 892.854655][ T9994] usb 2-1: can't read configurations, error -22 [ 893.043968][ T9994] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 893.774669][ T9994] usb 2-1: Using ep0 maxpacket: 16 [ 893.782109][ T9994] usb 2-1: no configurations [ 893.807944][ T9994] usb 2-1: can't read configurations, error -22 [ 893.918231][ T9994] usb usb2-port1: unable to enumerate USB device [ 894.192371][T14599] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 894.793981][T14601] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2414'. [ 894.933843][T14601] dummy0: entered promiscuous mode [ 894.956849][T14601] macvtap1: entered promiscuous mode [ 895.022922][T14601] macvtap1: entered allmulticast mode [ 895.043560][T14601] dummy0: entered allmulticast mode [ 896.594937][T14619] mkiss: ax0: crc mode is auto. [ 899.514810][T13820] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 900.294546][T13820] usb 1-1: Using ep0 maxpacket: 16 [ 900.703738][ T9421] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 901.050970][T13820] usb 1-1: config 0 has no interfaces? [ 901.077014][T13820] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 901.157604][T13820] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 901.185842][T13820] usb 1-1: Product: syz [ 901.200223][T13820] usb 1-1: Manufacturer: syz [ 901.233585][T13820] usb 1-1: SerialNumber: syz [ 901.238278][ T9421] usb 4-1: Using ep0 maxpacket: 8 [ 901.252399][ T9421] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 901.263770][ T9421] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 901.276277][T13820] usb 1-1: config 0 descriptor?? [ 901.294915][ T9421] usb 4-1: Product: syz [ 901.299141][ T9421] usb 4-1: Manufacturer: syz [ 901.304027][ T9421] usb 4-1: SerialNumber: syz [ 901.357256][ T9421] usb 4-1: config 0 descriptor?? [ 901.593323][ T9421] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 901.772513][T13820] usb 1-1: USB disconnect, device number 20 [ 901.795223][ T29] audit: type=1400 audit(1738095772.070:399): avc: denied { create } for pid=14664 comm="syz.3.2433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 901.843433][ T9421] usb write operation failed. (-71) [ 901.881375][ T9421] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 901.919845][ T9421] dvbdev: DVB: registering new adapter (Terratec H7) [ 901.943550][ T9421] usb 4-1: media controller created [ 901.961805][ T9421] usb read operation failed. (-71) [ 901.974286][ T9421] usb write operation failed. (-71) [ 902.090476][ T9421] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 902.124136][ T9421] usb 4-1: USB disconnect, device number 16 [ 904.994364][T14706] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 905.003569][T14706] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 906.637266][ T29] audit: type=1400 audit(1738095776.920:400): avc: denied { read } for pid=14721 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 906.781228][T14718] netlink: 252 bytes leftover after parsing attributes in process `syz.2.2446'. [ 906.801679][T14722] ubi0: attaching mtd0 [ 906.816522][T14722] ubi0: scanning is finished [ 906.821208][T14722] ubi0: empty MTD device detected [ 907.023745][ T29] audit: type=1400 audit(1738095776.920:401): avc: denied { open } for pid=14721 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 907.133850][ T9421] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 907.144814][ T29] audit: type=1400 audit(1738095776.920:402): avc: denied { getattr } for pid=14721 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 907.383440][ T9421] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 907.524097][T14720] warning: `syz.3.2447' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 907.552946][ T9421] usb 5-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00 [ 907.574305][ T9421] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 907.622078][ T9421] usb 5-1: config 0 descriptor?? [ 907.631504][T14722] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 908.147196][ T29] audit: type=1400 audit(1738095778.400:403): avc: denied { write } for pid=14714 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1705 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 908.503698][ T29] audit: type=1400 audit(1738095778.400:404): avc: denied { add_name } for pid=14714 comm="dhcpcd-run-hook" name="resolv.conf.lapb4.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 908.540494][ T9421] cypress 0003:04B4:07B1.0001: item fetching failed at offset 1/5 [ 908.561823][ T9421] cypress 0003:04B4:07B1.0001: parse failed [ 908.570504][ T9421] cypress 0003:04B4:07B1.0001: probe with driver cypress failed with error -22 [ 908.581495][ T29] audit: type=1400 audit(1738095778.400:405): avc: denied { create } for pid=14714 comm="dhcpcd-run-hook" name="resolv.conf.lapb4.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 908.643708][ T29] audit: type=1400 audit(1738095778.420:406): avc: denied { write } for pid=14714 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.lapb4.link" dev="tmpfs" ino=7863 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 908.742038][ T29] audit: type=1400 audit(1738095778.430:407): avc: denied { append } for pid=14714 comm="dhcpcd-run-hook" name="resolv.conf.lapb4.link" dev="tmpfs" ino=7863 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 909.457702][ T29] audit: type=1400 audit(1738095778.790:408): avc: denied { shutdown } for pid=14710 comm="syz.4.2445" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 909.580570][T14762] ubi0: attaching mtd0 [ 909.602829][T14762] ubi0: scanning is finished [ 909.616400][T14762] ================================================================== [ 909.624472][T14762] BUG: KASAN: slab-use-after-free in notifier_chain_register+0x3ac/0x420 [ 909.632889][T14762] Read of size 4 at addr ffff8880580ed8d8 by task syz.3.2455/14762 [ 909.640778][T14762] [ 909.643098][T14762] CPU: 0 UID: 0 PID: 14762 Comm: syz.3.2455 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0 [ 909.643121][T14762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 909.643132][T14762] Call Trace: [ 909.643137][T14762] [ 909.643144][T14762] dump_stack_lvl+0x116/0x1f0 [ 909.643176][T14762] print_report+0xc3/0x620 [ 909.643194][T14762] ? __virt_addr_valid+0x5e/0x590 [ 909.643213][T14762] ? __phys_addr+0xc6/0x150 [ 909.643232][T14762] kasan_report+0xd9/0x110 [ 909.643252][T14762] ? notifier_chain_register+0x3ac/0x420 [ 909.643272][T14762] ? notifier_chain_register+0x3ac/0x420 [ 909.643293][T14762] notifier_chain_register+0x3ac/0x420 [ 909.643314][T14762] blocking_notifier_chain_register+0x76/0xd0 [ 909.643337][T14762] ubi_wl_init+0x1018/0x17b0 [ 909.643366][T14762] ubi_attach+0x1b92/0x4c00 [ 909.643397][T14762] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 909.643425][T14762] ? lockdep_init_map_type+0x16d/0x7d0 [ 909.643450][T14762] ? __pfx_ubi_attach+0x10/0x10 [ 909.643477][T14762] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 909.643506][T14762] ubi_attach_mtd_dev+0x158f/0x3590 [ 909.643538][T14762] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 909.643566][T14762] ? __pfx_get_mtd_device+0x10/0x10 [ 909.643597][T14762] ctrl_cdev_ioctl+0x339/0x3d0 [ 909.643613][T14762] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 909.643630][T14762] ? selinux_file_ioctl+0x180/0x270 [ 909.643652][T14762] ? selinux_file_ioctl+0xb4/0x270 [ 909.643674][T14762] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 909.643690][T14762] __x64_sys_ioctl+0x190/0x200 [ 909.643712][T14762] do_syscall_64+0xcd/0x250 [ 909.643729][T14762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 909.643753][T14762] RIP: 0033:0x7f3a80f8cda9 [ 909.643768][T14762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 909.643786][T14762] RSP: 002b:00007f3a81d5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 909.643803][T14762] RAX: ffffffffffffffda RBX: 00007f3a811a6080 RCX: 00007f3a80f8cda9 [ 909.643814][T14762] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000006 [ 909.643825][T14762] RBP: 00007f3a8100e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 909.643836][T14762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 909.643847][T14762] R13: 0000000000000000 R14: 00007f3a811a6080 R15: 00007ffeb5f14338 [ 909.643864][T14762] [ 909.643870][T14762] [ 909.655663][ T29] audit: type=1400 audit(1738095778.930:409): avc: denied { remove_name } for pid=14745 comm="rm" name="resolv.conf.lapb4.link" dev="tmpfs" ino=7863 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 909.664287][T14762] Allocated by task 14722: [ 909.664298][T14762] kasan_save_stack+0x33/0x60 [ 909.664319][T14762] kasan_save_track+0x14/0x30 [ 909.917703][T14762] __kasan_kmalloc+0xaa/0xb0 [ 909.922279][T14762] ubi_attach_mtd_dev+0x3ce/0x3590 [ 909.927379][T14762] ctrl_cdev_ioctl+0x339/0x3d0 [ 909.932131][T14762] __x64_sys_ioctl+0x190/0x200 [ 909.936879][T14762] do_syscall_64+0xcd/0x250 [ 909.941363][T14762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 909.947241][T14762] [ 909.949556][T14762] Freed by task 14722: [ 909.953599][T14762] kasan_save_stack+0x33/0x60 [ 909.958256][T14762] kasan_save_track+0x14/0x30 [ 909.962912][T14762] kasan_save_free_info+0x3b/0x60 [ 909.967920][T14762] __kasan_slab_free+0x51/0x70 [ 909.972663][T14762] kfree+0x2c4/0x4d0 [ 909.976545][T14762] device_release+0xa1/0x240 [ 909.981121][T14762] kobject_put+0x1e4/0x5a0 [ 909.985515][T14762] put_device+0x1f/0x30 [ 909.989651][T14762] ubi_attach_mtd_dev+0xe25/0x3590 [ 909.994747][T14762] ctrl_cdev_ioctl+0x339/0x3d0 [ 909.999486][T14762] __x64_sys_ioctl+0x190/0x200 [ 910.004232][T14762] do_syscall_64+0xcd/0x250 [ 910.008712][T14762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.014593][T14762] [ 910.016899][T14762] The buggy address belongs to the object at ffff8880580ec000 [ 910.016899][T14762] which belongs to the cache kmalloc-8k of size 8192 [ 910.030930][T14762] The buggy address is located 6360 bytes inside of [ 910.030930][T14762] freed 8192-byte region [ffff8880580ec000, ffff8880580ee000) [ 910.044877][T14762] [ 910.047180][T14762] The buggy address belongs to the physical page: [ 910.053568][T14762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x580e8 [ 910.062310][T14762] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 910.070787][T14762] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 910.078314][T14762] page_type: f5(slab) [ 910.082276][T14762] raw: 00fff00000000040 ffff88801b042280 dead000000000122 0000000000000000 [ 910.090841][T14762] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 910.099404][T14762] head: 00fff00000000040 ffff88801b042280 dead000000000122 0000000000000000 [ 910.108058][T14762] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 910.116710][T14762] head: 00fff00000000003 ffffea0001603a01 ffffffffffffffff 0000000000000000 [ 910.125362][T14762] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 910.134020][T14762] page dumped because: kasan: bad access detected [ 910.140408][T14762] page_owner tracks the page as allocated [ 910.146097][T14762] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 14721, tgid 14721 (dhcpcd-run-hook), ts 906637544285, free_ts 906620807188 [ 910.165958][T14762] post_alloc_hook+0x181/0x1b0 [ 910.170711][T14762] get_page_from_freelist+0xfce/0x2f80 [ 910.176149][T14762] __alloc_frozen_pages_noprof+0x221/0x2470 [ 910.182021][T14762] alloc_pages_mpol+0x1fc/0x540 [ 910.186861][T14762] new_slab+0x23d/0x330 [ 910.191002][T14762] ___slab_alloc+0xc5d/0x1720 [ 910.195664][T14762] __slab_alloc.constprop.0+0x56/0xb0 [ 910.201022][T14762] __kmalloc_cache_noprof+0xfa/0x410 [ 910.206294][T14762] audit_log_d_path+0xce/0x1e0 [ 910.211042][T14762] common_lsm_audit+0xd45/0x2290 [ 910.215975][T14762] slow_avc_audit+0x17d/0x210 [ 910.220655][T14762] avc_has_perm+0x18d/0x1c0 [ 910.225144][T14762] inode_has_perm+0x168/0x1d0 [ 910.229808][T14762] selinux_inode_getattr+0x161/0x1f0 [ 910.235079][T14762] security_inode_getattr+0x138/0x290 [ 910.240440][T14762] vfs_fstat+0x4b/0xd0 [ 910.244492][T14762] page last free pid 14714 tgid 14714 stack trace: [ 910.250968][T14762] free_frozen_pages+0x6db/0xfb0 [ 910.255925][T14762] __put_partials+0x14c/0x170 [ 910.260589][T14762] qlist_free_all+0x4e/0x120 [ 910.265166][T14762] kasan_quarantine_reduce+0x195/0x1e0 [ 910.270612][T14762] __kasan_slab_alloc+0x69/0x90 [ 910.275459][T14762] kmem_cache_alloc_noprof+0x226/0x3d0 [ 910.280896][T14762] getname_flags.part.0+0x4c/0x550 [ 910.285990][T14762] getname+0x8d/0xe0 [ 910.289872][T14762] do_sys_openat2+0x104/0x1e0 [ 910.294530][T14762] __x64_sys_openat+0x175/0x210 [ 910.299361][T14762] do_syscall_64+0xcd/0x250 [ 910.303843][T14762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.309720][T14762] [ 910.312023][T14762] Memory state around the buggy address: [ 910.317631][T14762] ffff8880580ed780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 910.325671][T14762] ffff8880580ed800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 910.333711][T14762] >ffff8880580ed880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 910.341760][T14762] ^ [ 910.348669][T14762] ffff8880580ed900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 910.356708][T14762] ffff8880580ed980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 910.364759][T14762] ================================================================== [ 910.382948][T14762] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 910.390153][T14762] CPU: 0 UID: 0 PID: 14762 Comm: syz.3.2455 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0 [ 910.400540][T14762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 910.410575][T14762] Call Trace: [ 910.413830][T14762] [ 910.416739][T14762] dump_stack_lvl+0x3d/0x1f0 [ 910.421328][T14762] panic+0x71d/0x800 [ 910.425198][T14762] ? __pfx_panic+0x10/0x10 [ 910.429589][T14762] ? irqentry_exit+0x3b/0x90 [ 910.434167][T14762] ? lockdep_hardirqs_on+0x7c/0x110 [ 910.439373][T14762] ? preempt_schedule_thunk+0x1a/0x30 [ 910.444755][T14762] ? preempt_schedule_common+0x44/0xc0 [ 910.450231][T14762] check_panic_on_warn+0xab/0xb0 [ 910.455172][T14762] end_report+0x117/0x180 [ 910.459500][T14762] kasan_report+0xe9/0x110 [ 910.463916][T14762] ? notifier_chain_register+0x3ac/0x420 [ 910.469555][T14762] ? notifier_chain_register+0x3ac/0x420 [ 910.475201][T14762] notifier_chain_register+0x3ac/0x420 [ 910.480672][T14762] blocking_notifier_chain_register+0x76/0xd0 [ 910.486753][T14762] ubi_wl_init+0x1018/0x17b0 [ 910.491363][T14762] ubi_attach+0x1b92/0x4c00 [ 910.495879][T14762] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 910.502215][T14762] ? lockdep_init_map_type+0x16d/0x7d0 [ 910.507688][T14762] ? __pfx_ubi_attach+0x10/0x10 [ 910.512553][T14762] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 910.517948][T14762] ubi_attach_mtd_dev+0x158f/0x3590 [ 910.523156][T14762] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 910.528681][T14762] ? __pfx_get_mtd_device+0x10/0x10 [ 910.533869][T14762] ctrl_cdev_ioctl+0x339/0x3d0 [ 910.538630][T14762] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 910.543909][T14762] ? selinux_file_ioctl+0x180/0x270 [ 910.549097][T14762] ? selinux_file_ioctl+0xb4/0x270 [ 910.554198][T14762] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 910.559461][T14762] __x64_sys_ioctl+0x190/0x200 [ 910.564206][T14762] do_syscall_64+0xcd/0x250 [ 910.568695][T14762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.574589][T14762] RIP: 0033:0x7f3a80f8cda9 [ 910.578985][T14762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 910.598577][T14762] RSP: 002b:00007f3a81d5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 910.606975][T14762] RAX: ffffffffffffffda RBX: 00007f3a811a6080 RCX: 00007f3a80f8cda9 [ 910.614941][T14762] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000006 [ 910.622901][T14762] RBP: 00007f3a8100e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 910.630848][T14762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 910.638797][T14762] R13: 0000000000000000 R14: 00007f3a811a6080 R15: 00007ffeb5f14338 [ 910.646752][T14762] [ 910.649958][T14762] Kernel Offset: disabled [ 910.654258][T14762] Rebooting in 86400 seconds..