last executing test programs: 40.242720222s ago: executing program 4 (id=1628): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00'}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000004e80), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f0000000000)) 39.956337098s ago: executing program 2 (id=1630): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)={0x48, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @loopback}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @private}, @NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @local}, @NLBL_MGMT_A_DOMAIN={0x7, 0x1, ':-\x00'}]}, 0x48}}, 0x0) 39.92555207s ago: executing program 4 (id=1631): socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x200000005c831, 0xffffffffffffffff, 0x0) 37.937426023s ago: executing program 2 (id=1635): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) map_shadow_stack(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) 37.436700859s ago: executing program 4 (id=1639): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$pppl2tp(0x18, 0x1, 0x1) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000180)={'veth1_vlan\x00', 0x44}) 36.953635287s ago: executing program 4 (id=1640): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8801) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00', &(0x7f00000003c0)='./file0\x00') 36.649339903s ago: executing program 4 (id=1641): r0 = syz_open_dev$I2C(&(0x7f0000000140), 0x0, 0x0) ioctl$I2C_PEC(r0, 0x708, 0x1) ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000100)={0x0, 0x0, 0x3, &(0x7f0000000080)={0x0, "b8849546f9b75393e3e2dc864c6a9af09e006bb3ce563ba2735c8648dc9abc8527"}}) 34.582262691s ago: executing program 4 (id=1645): syz_emit_ethernet(0x5e, &(0x7f0000000240)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x28, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x4}, @timestamp={0x8, 0xa}, @sack={0x5, 0x6, [0x0]}]}}}}}}}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001840)={0x24, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00030400000004"], 0x0, 0x0}, 0x0) 7.964901277s ago: executing program 0 (id=1712): r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00') fchdir(r0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/211, 0xd3) 7.926560732s ago: executing program 1 (id=1713): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x8, &(0x7f0000000100)=@framed={{0x18, 0x3}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f00000001c0)='GPL\x00'}, 0x90) 7.797652066s ago: executing program 0 (id=1714): r0 = socket$kcm(0x10, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xffffffffffffff16) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newtaction={0x90, 0x30, 0x1, 0x0, 0x0, {}, [{0x7c, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x90}}, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r4, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b404000000000000611030000000000005000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8}, 0x90) r5 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@local, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000140)) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000100)=0x300000000) write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000600)={0x2, 0x0, {&(0x7f0000000580)=""/68, 0xfffffffffffffea9, 0x0, 0x1, 0x2}}, 0x48) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)="d80000001c0081044e81f782db44b904021d080207600000810000a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d6e08000a0e408e83c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d430dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a502500000040fad95667e00600001700000000c0bb9a8455c853d809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a0800000000000000000000ebc356383c12cdf0000e49ba000000000000", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x20040040) 7.603597252s ago: executing program 1 (id=1715): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000080)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f0000000280)={0x1, r2}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r3}, 0x38) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r6 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) ioctl$SG_IO(r6, 0x2285, &(0x7f0000000740)={0x0, 0xfffffffffffffffc, 0x2e, 0xa4, @scatter={0x5, 0x0, &(0x7f0000000480)=[{&(0x7f0000000540)=""/251, 0xfb}, {&(0x7f0000000200)=""/31, 0x1f}, {&(0x7f0000000300)=""/56, 0x38}, {&(0x7f00000007c0)=""/214, 0xd6}, {&(0x7f0000000680)=""/158, 0x9e}]}, &(0x7f0000000240)="a1dc426422c5661cebf8a81b133d04a0f99a9e4480903ae10e0eb0c2bd4a609d857eaccfbb59293486fdb38e114b", 0x0, 0x3, 0x24, 0x3, 0x0}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000006840)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000000f20000000000a01010000000000000000050000000900010073797a31000000002c0000000c0a0103000000000000100005000000040003800900010073797a3100000000080004"], 0xd0}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, &(0x7f00000002c0)=""/17, 0x2b, 0x11, 0x0, 0x100}, 0x20) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup.net/syz1\x00', 0x1ff) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, &(0x7f0000000100)={0x0, 0x6}) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r11, 0xc008ae88, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000000"]) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x14, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000180)=@req3={0x6, 0x4000, 0x20000000, 0x72, 0x3, 0x7fff, 0x6}, 0x1c) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000407d1e2e2c00000000000109023d2551a10000000704"], 0x0) 6.703707973s ago: executing program 0 (id=1716): fsopen(0x0, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x8299ac36dcf3ec35) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x0, 0x0) ptrace$getregset(0x4204, 0x0, 0x6, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r4, 0xffffffff80000800, 0xee01, &(0x7f00000000c0)={0x0, 0x4, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x7f}) 5.429395281s ago: executing program 0 (id=1717): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x2c, 0x0, 0x2, 0x0, 0x0, 0x0, {}, [@CTA_EXPECT_MASTER={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x4}]}, 0x2c}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000008"], 0x24d8}], 0x1}, 0x0) 4.845804574s ago: executing program 0 (id=1718): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000000c0)='./file1\x00') mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0x810c9365, 0x0) 4.516875358s ago: executing program 0 (id=1719): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x5, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x4) sendmsg$inet(r1, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10, &(0x7f0000000000)=[{&(0x7f00000000c0)="9f", 0x1}], 0x1}, 0x3e8) 4.293491309s ago: executing program 3 (id=1624): r0 = memfd_secret(0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0) ftruncate(r0, 0x51a9497) r1 = syz_io_uring_setup(0x82e, &(0x7f0000000300), &(0x7f0000000100), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) 4.038410515s ago: executing program 3 (id=1720): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000080)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) preadv(r0, &(0x7f0000003780)=[{&(0x7f0000001300)=""/170, 0xaa}], 0x1, 0xffff, 0x0) 3.962303707s ago: executing program 1 (id=1721): socket$vsock_stream(0x28, 0x1, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0}, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="74000000180001000000000000000000020000000000ff0000000000080008802353fcba3d0008803683f04ebc926969c5d307e3e3d294754f3aafaa63db1a5c82a8b5caade8449366df5b7a58c0fbc86eeaf705ac71b664044e488dd012b40c6400000008001e00ff"], 0x74}}, 0x0) 3.736275737s ago: executing program 3 (id=1722): madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x15) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44}) 3.565302949s ago: executing program 1 (id=1723): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000000000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c061c6207005d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4286322a4908a0d411a9872971c7c56f0979bd10b97163c066d0e196bf02f46c7953ab1abdaf9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000200000000b0c2c125080963f63223b7b80197aa3161f45346b100000000000000000089e399f6609876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be06000000000000005064caec04a367c23d9fb6a6991ddb737d527d6acb15426406991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54fc5b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9ba5d80efd7da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000349a028044ed6af70cf6a524e6ab46c3b2f60000fc4deb91da1368b0960b8d69bd99c64893d44f962524429dc058528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7073be648b12bb1fee58958d6a6f31bfe5682159fbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc348ef2ac3781b847611fcb0a26acafdd6d9a1b17dcb9f7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a9384f531bb0200000000000000cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d94462d2d8f7e1d24cabe17ad4135d8872935ceac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef82948dd1fa7afb77d951fe4abf618121b7894c106beb49a71c62df554401221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f481112ab8a82247e927fb6f256830dab3671f00500d36a17790bab7d0e89e6c15314f2b963bfc867953476b0505c7d728326d666f39e82cfcf7e7a85df288d75df24c5e4d529c349923f9a4fb882310391dd58b4cbd8def239a227724d39c3e6c40e20e07e68a22888a5c3941b7a765b92bcb37f302487bcbd93ccf3a104021ff34ddf7ffcca1a04eae963e25516a114573779b24a341dfb2e80f1f345c6d96493ffc2a18478b5bf3aab2ea59c51cf0678e1a57d0ea042d911548ff612002ddb2d54d42fbdde42b5662586c216a3473ff6c72835d51eb48887003d27468225b2594a05044baf314113e8894689e4c5f47222b2692db6b56557a5adad95cb9a69d4de50642b4b9d6d3ba7eb534b00d0fea62f0a61535dfc4da06e7e8695be614c557caed7eb0120516e1351fed7d8ffa31c8f4be364185469cfc5f25c90d71bce745dd2f58a30e0844f12c4cbbdd7a08465e665c2620d78673dfb6d9263ed7def8924cfcd48a8a3534f1a3eac9ee9f18a18106ba3d7c7a62330f5c0e98cb7982dd7bad02c8dba9c13894185bfc4bd2520b6e2043fcb3fc5eb55ecf9e6e363ea2ac40a14a6f00f0ffffa0fdb6487c51ef12c27b30255bc4f8813be88beeb5aa6f6a4151cfb90644e50630ed474df7d1635afcb1ea3f6c6ab5acbba2ce5099a9387c7acb9bbd1da497611ceda25049e48ddacccbb58dddaf9a3510d65383829a51e0f41e661fa80ca1eaaa6cf0824305ba4ec80400c50ffe83ccb0e6fef321190c58aca8c7c8c6d26ff5cbc2cadebda8e1219e04f8dacffd33db1a0a2e74c9eb978d80a12d0b5327bfd053000000000000000000be0d02a14708504412fa93d335992b2983c5addc191b4a21c7b340d0536b01958e15315eb5f3f9f4992c18f666359f40295fa73284c4b607649bae75bd68c3e2b770c324a0ab26b6065d7e95a7bd80052db57506ec7cc861bf3998d07484c66630ca8173fea3f06ed1dfc70a8b90418e2dc76137e0f68cb1c8a908aef9f0f85647dba54e05028c33d94d463fb20d2e7547184b8d3611e45dff02144387f342ef9b9bf650e9d049bf65258a7bc094a6965e24611c077e1ca0891362a9d68f3ec7610c0449acf18459500f024f9b75885cd79ba32776e4a511c8a4ad922b00000000000000a9241220dfbf7d02ef507ec6fc7f5d37d835f7bed71283c431b9d8cbd9003972bf1dc6a71bedad8e19efc3edd2a7a7e555d5f3176af69920471e6e5bcb8966c813c132d65e2b99d3015e06b372e1aefaae14ee3fbc6349af362cdff99c214de66912d1a9a98d92dc197a51c29443de62caca334c46d110e50896fe50d0477771d387f40c8ef05750ca651e6e69a237dcf78666d6ab2bda1f853525494e4efdd93be38bb5fc671f8794002d7a951fd336aaf4ed1166cb459df70218c571ba1c40b028234505e5477e268326af8812c2fbb8785a223fce0a0601c2a3b58bea8c6216eadabcabe86ab46e4cd3d58ef7ce8d3c4b0bc5952e81dfc0a490d8568db6f9c51fe703c6864fae0053d2f91f49e977cdc1962dbc28c29471a72199862bc8fc6e211d13d8579cab4fba94b2b613c9b8148d05e0690a4c4ab35aabc45801d2b82081e62b23a01b58b1ffb624f63ad2246796796160cd3682374364edac52f1becb7c6eff50823b75fb2ef516ec4ec1cb20a2535b504502d744f2099674e58f2c117c981cf0d041c8ea5c4f166bab4aa5ed200ef4dcff96f7c9c1ab8c22db0f439b23b04bcd41ffc3a0e01976ca1cf43e12d7d72f3faa4979faabd62e2dc54a980eae4d5e8c6498de331c3aba1144ef1190ea6cda641d9416c4560cab2d819eac7b04c70f141754c3ffd79da363fe8859afee531710caf1b2bf5a51142f4755cbb700c28083525a9093790096cb93417f1216000000000000000000000000000040ceb244e4cae2b65a76d41793aabccd3d0c50486eae6793e1f54814a8ee2779c14ca94759266200229b58c12279817869e831cade7b09ddffffff9d93e2ad25eed43c0b9ee4fd209b5b919a42f676b9d7236fc8dd5040899d0676291407ce9ac8101dd3512f5b3ac8cf8179d1749de324000030d0f942ec4604c28d5c287d1435956784003a53eb5fe500ead8857acf0166dbd9f30a9b9c8a9b9faf1356fa0269cded935b07863e4fdad8aab52686c81babd1c08f6700a2fadd413443022ea5c774ffefdd426abed08d437a4db48611fc82a18ab9f54758a1aad86d95cd186ceb55fafa3930090467b8b7bb8adef4de2076dc538bb97502b4b4350e633dc0a53c2fc9a01bc5cfae0245f1fab843c6737ba8b1672ae9677bb5970cf3e84be433446f5f3a43226109b7dafe7815773bd6969f04cbe15236b90000000000000000000000000000000000000000000000000000ff0779b9c005da21073c6d9680d4e547cb727addb2efe11b8b3a706569f1522b57d71bb0beccab7c8fe9e1330b2f501b2ac3cf4eba7ceda6ff8a0c8b18c5e9e2f505e833217557abb257d61af8e8c473a7585436730db75da167481ab8921fe051b250f8d8ef9c8481bb28a137d15040b0181c28dfad7c17b30c452a64c43a117cb948247c33abc765a6ba695c3cea5e32a4d1ae2dcbec2ff4268e03aad15efc6004e6b3d7f0edf8b5d4ae7846a6d43c16c90b7c5dc13ac2ff0439ab693498964cad2bb533bcd240778b7e49145c48efde42b44c01517f1a7c7707b4c4fc0900e7086ec40354504590696282286db9030f0320e2fcba8723939005347b3f744ff1973431000000000100000000000000000000000000003495d69aaf9a1d83e83511a3bf44fe753b8ad83bc34ea4d46b397e000ff267c50122aa5aaf8474ec2e57d960d963900bef84a4b3c7dd01ae4d6b5522aa8a35ae7996e298bcfe3f31a34e3e12c58cf172a4d3677a67b52041ec21ae8003aa1c9969178b1b00e4d12ac9745b3cabc908e623403c013907523c77f8acc20b9e2fd224ca8f21fab2b10991881e2112f4e1c4f54b9ca7c9a0c8298d60b8b6eaa023418992d6d62b0e9faca4a3b3a805e859137cd933ef5eb8db16f159f32505725da51414562d064b551246dacd586f42d06c790000087bb52ae4bc09f3846c785d1b278e661ed01fbc2415288bc9c808c4aef648d431b3029da0dec8886c3ee9cad996843d00a3b5eb54e270dd2e96c8f2fdb4c27c2d1bd467f2a14867dec6d8a68356cef8646f3815eb4daf46c5c76b29839d9feff688dfbe25c73f936338e7b057980da58a6303d95f17712d667d5a1066ae457ae32925ce518b559c1182a74e267da57fe25b19153f1cdebaddf3f7a3479c09f2303dff449c0513b552a75ed48215cc02004a6ff648a95daa0d599dbce303b3b5307572df30429a3b4b115cab0a018f2501272048dd9e69877535e20078e7c28a98f26ace2fa90c68166396a2398d7a266bdc15ce904f25ec7fb2434ee7b5b69bed702ba1e7ed72942f452f1a98a2d949450091075efa823b11f5f5eccd921c04c7c15a5a05750cd85b1300fc00ce275de7559e117f87cb6c3c9a4b9f96149e3fcffa44d7258e9fc818ab3d76ab660a254d998592c31017f816e01a21c08a17acdb8ada5bc901934e40608563f14698feafac57b2b48cb89e10c85463a386be0f7fb1d1cfd621f8e2b51d2b7c15be3999ffa42bd57408fe168d840c45a15317b21cf4c2278a04000000000000001c33e2ad66fd156dcbf12d9e0e85dc9705d0ce24a4694c8ecd2493e1ed561a425d6045eb68c80d1dc57defb4abe86c9f2c37652d98b0c415bf246642062bd3b58a1ec57acdc2b6be53eaffaafd10ba82c82957fe38ef705b4b9c0342a9b267db42fdda35e41afd619fb6bb14b910346544d83f462635f0738fe4a8db56364fd28540ac55be7fff8aa77009f12e2c1e7098a27b0bc549f3a6f68c11d786e498bffc37c297185efdb868a16ae1323c7d40fd22551560e0c24d9d28206b3b9e103dad25f1211d071453b3a7765d4c94d455dc9c7d44167902ddeefeb8c0932c04f830823da0d51dd21f6067e4bacab3261f392fa5ea17f4fa60b24f4e267560e987cc0d585cf3582a12e16004dd3b46d33e04"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000000c0)="3635b13128585e55e4928b0896d1", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000000000107d1ece310000000000010902"], 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, &(0x7f0000000440)={0xbc, "119b870320c20a7b3f75303d340202c5e6ee8c03da5baf8efccc11c73b47c097da4e394426350163ab1d836796ad1b11f005a4ef2064e9297106506932688248ed3870f248e9035baeff52450264b9d5b2ccc65606b0d00a8cfe2cea2042d277e7ae7a3e6d45483eb86eebc116f9575d4df48a6ddb751c889aae54b1891b62affacb9e8b2cfa30d6ef24c1ed3bb679cce8c1b1bce8c46d34ffe6034f4af02eb2a9714a856919fc8d8ed94442e9a902dcfb4b21463ac448bdf3596001"}) syz_usb_disconnect(r1) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)=ANY=[], 0x0) ioctl$EVIOCRMFF(r1, 0x41015500, &(0x7f0000000400)) 3.41267177s ago: executing program 3 (id=1724): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) 3.197556642s ago: executing program 3 (id=1725): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB='\x00h'], 0x9) iopl(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) mknod$loop(&(0x7f0000000240)='\x00', 0x20, 0x1) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rt_sigaction(0x1a, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=ANY=[], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) removexattr(&(0x7f0000000280)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000002c0)=@known='system.posix_acl_access\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x2) mount$9p_fd(0x0, &(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000180), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX]) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r6, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r6, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r7, 0x0, 0x0, 0x0, 0x0, 0x8}) 2.879018216s ago: executing program 2 (id=1636): r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) close(r0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f000000c400)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LK(r1, &(0x7f0000000040)={0x28, 0x0, r2, {{0x7}}}, 0x28) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 1.934291883s ago: executing program 3 (id=1726): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='memory.numa_stat\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000340), 0x0, 0x5}}, 0x20) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x24}}, 0x0) sync() syz_open_dev$sndpcmc(&(0x7f0000000480), 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mount(0x0, &(0x7f0000000280)='./file3/file0\x00', &(0x7f0000000240)='aufs\x00', 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x5) ioctl$UI_DEV_CREATE(r3, 0x5501) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) connect$pppl2tp(r4, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e) connect$pppl2tp(0xffffffffffffffff, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x2, 0x2}}, 0x26) socket$packet(0x11, 0x0, 0x300) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) 1.837450506s ago: executing program 2 (id=1727): sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957eff13d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b0000000000000000100000001"], 0x208}, 0x0) socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0) recvmmsg(r1, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0) close(r0) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000240)='*', 0x1}], 0x1) 546.059428ms ago: executing program 1 (id=1728): socket$netlink(0x10, 0x3, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000500)) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000003c0)=""/75, 0x0}) r2 = dup(r1) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001a00)=ANY=[@ANYBLOB], 0x64}}, 0x0) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x19}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 325.885717ms ago: executing program 2 (id=1729): r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000002000000000000000002000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70300000000000085000000ad000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$P9_RMKNOD(r0, &(0x7f0000000040)={0x14}, 0x14) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={r2, 0xffffffffffffffff, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)=[0x0, 0x1], 0x0, 0x0, 0x2}}, 0x40) 216.273218ms ago: executing program 1 (id=1730): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r2, 0x80045017, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r3, 0xc0884113, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x4}) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2d}, 0x90) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r4, r6, 0x25, 0x0, @val=@kprobe_multi=@syms={0x0, 0x0, 0x0}}, 0x40) syz_emit_ethernet(0xfdef, &(0x7f0000000200)=ANY=[], 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}], {0x14}}, 0x80}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f000001f8c0)={@local, @broadcast, @void, {@ipv4={0x8864, @tipc={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x21, 0x0, 0x6, 0x0, @rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}}, @name_distributor={{0x28, 0x0, 0x0, 0x0, 0x0, 0xa}}}}}}, 0x0) 0s ago: executing program 2 (id=1731): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) r0 = syz_usb_connect$hid(0x0, 0x3b, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5543, 0x522, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000440)={0x24, &(0x7f0000000040)={0x0, 0x0, 0x5, {0x5, 0x0, "b53a25"}}, 0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): 118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 450.752173][ T9118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 450.813129][ T9118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 450.819777][ T29] audit: type=1400 audit(1722145972.286:781): avc: denied { create } for pid=9124 comm="syz.3.965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 450.852171][ T9118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 450.863121][ T9118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 450.899561][ T9118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 450.946705][ T9118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 450.992330][ T9118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 451.012200][ T9118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 451.099125][ T9118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 451.152141][ T9118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 451.192168][ T9118] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 451.844256][ T9143] netlink: 12 bytes leftover after parsing attributes in process `syz.0.970'. [ 451.931069][ T9143] netlink: 12 bytes leftover after parsing attributes in process `syz.0.970'. [ 452.640855][ T9155] netlink: 'syz.1.976': attribute type 2 has an invalid length. [ 452.854622][ T9155] netlink: 'syz.1.976': attribute type 4 has an invalid length. [ 453.738647][ T9158] netlink: 'syz.2.975': attribute type 10 has an invalid length. [ 453.749444][ T9158] netlink: 2 bytes leftover after parsing attributes in process `syz.2.975'. [ 455.639623][ C1] sched: RT throttling activated [ 458.459387][ T9194] netlink: 8 bytes leftover after parsing attributes in process `syz.0.989'. [ 458.550639][ T5278] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 458.569510][ T29] audit: type=1400 audit(1722145980.056:782): avc: denied { create } for pid=9198 comm="syz.3.990" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 458.898479][ T9206] netlink: 4 bytes leftover after parsing attributes in process `syz.4.993'. [ 458.914723][ T9206] veth0_to_bridge: entered promiscuous mode [ 458.935684][ T9206] veth0_to_bridge: entered allmulticast mode [ 458.951685][ T9208] netlink: 4 bytes leftover after parsing attributes in process `syz.4.993'. [ 458.976427][ T9208] veth0_to_bridge: left promiscuous mode [ 458.992202][ T5278] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 458.997805][ T9208] veth0_to_bridge: left allmulticast mode [ 459.010179][ T5278] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 459.023830][ T5278] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 459.066073][ T5278] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 459.238347][ T9210] bio_check_eod: 2 callbacks suppressed [ 459.238396][ T9210] syz.3.990: attempt to access beyond end of device [ 459.238396][ T9210] loop7: rw=0, sector=0, nr_sectors = 1 limit=0 [ 459.258662][ T9210] FAT-fs (loop7): unable to read boot sector [ 459.360029][ T29] audit: type=1400 audit(1722145980.686:783): avc: denied { setopt } for pid=9198 comm="syz.3.990" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 459.444650][ T5278] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.653539][ T5278] usb 2-1: config 0 descriptor?? [ 459.689838][ T9185] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 459.719736][ T29] audit: type=1400 audit(1722145980.706:784): avc: denied { mounton } for pid=9198 comm="syz.3.990" path="/249/file0" dev="tmpfs" ino=1356 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 459.807334][ T29] audit: type=1400 audit(1722145981.296:785): avc: denied { unlink } for pid=5222 comm="syz-executor" name="file0" dev="tmpfs" ino=1356 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 459.836855][ T5280] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.277404][ T5278] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 460.570917][ T5278] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 460.861618][ T5278] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 461.020588][ T5278] usb 2-1: USB disconnect, device number 18 [ 462.178006][ T9238] autofs: Unknown parameter 'f' [ 462.210550][ T29] audit: type=1400 audit(1722145983.686:786): avc: denied { connect } for pid=9233 comm="syz.0.1001" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 463.009395][ T29] audit: type=1400 audit(1722145984.476:787): avc: denied { accept } for pid=9240 comm="syz.1.1004" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 463.101691][ T29] audit: type=1400 audit(1722145984.476:788): avc: denied { read } for pid=9240 comm="syz.1.1004" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 463.126709][ T9245] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 464.677058][ T9268] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1012'. [ 464.736408][ T9267] netlink: 'syz.1.1010': attribute type 10 has an invalid length. [ 464.765533][ T9267] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1010'. [ 464.775093][ T9267] team0: entered promiscuous mode [ 464.780416][ T9267] team_slave_0: entered promiscuous mode [ 464.803385][ T9267] team_slave_1: entered promiscuous mode [ 464.834697][ T9267] bridge0: port 3(team0) entered blocking state [ 464.868821][ T9267] bridge0: port 3(team0) entered disabled state [ 464.910891][ T9267] team0: entered allmulticast mode [ 464.938484][ T9267] team_slave_0: entered allmulticast mode [ 464.969565][ T9267] team_slave_1: entered allmulticast mode [ 465.056334][ T9267] bridge0: port 3(team0) entered blocking state [ 465.063125][ T9267] bridge0: port 3(team0) entered forwarding state [ 465.085495][ T9275] netlink: 'syz.4.1016': attribute type 14 has an invalid length. [ 465.101023][ T9275] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1016'. [ 466.088565][ T29] audit: type=1400 audit(1722145987.576:789): avc: denied { bind } for pid=9283 comm="syz.1.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 466.171792][ T9293] 9pnet_fd: Insufficient options for proto=fd [ 466.179911][ T29] audit: type=1400 audit(1722145987.656:790): avc: denied { write } for pid=9294 comm="syz.3.1024" name="rtc0" dev="devtmpfs" ino=838 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 466.192558][ T9296] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1024'. [ 466.336307][ T29] audit: type=1400 audit(1722145987.676:791): avc: denied { ioctl } for pid=9294 comm="syz.3.1024" path="socket:[26796]" dev="sockfs" ino=26796 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 466.361140][ C1] vkms_vblank_simulate: vblank timer overrun [ 467.068819][ T9315] IPv6: addrconf: prefix option has invalid lifetime [ 467.109173][ T9310] input: syz1 as /devices/virtual/input/input13 [ 468.240003][ T54] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 468.250434][ T54] Bluetooth: hci0: Injecting HCI hardware error event [ 468.261358][ T5229] Bluetooth: hci0: hardware error 0x00 [ 468.418171][ T9339] netlink: 'syz.4.1036': attribute type 7 has an invalid length. [ 468.437164][ T9339] netlink: 'syz.4.1036': attribute type 39 has an invalid length. [ 468.789818][ T29] audit: type=1400 audit(1722145990.276:792): avc: denied { write } for pid=9340 comm="syz.1.1039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 468.944615][ T9351] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1038'. [ 469.172732][ T9350] 9pnet_fd: Insufficient options for proto=fd [ 469.253323][ T9355] netlink: 'syz.0.1041': attribute type 14 has an invalid length. [ 469.310727][ T9355] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1041'. [ 470.479886][ T5229] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 471.057195][ T9375] capability: warning: `syz.2.1050' uses 32-bit capabilities (legacy support in use) [ 471.242809][ T9380] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1052'. [ 471.270998][ T29] audit: type=1400 audit(1722145992.746:793): avc: denied { bind } for pid=9377 comm="syz.1.1051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 471.272542][ T9379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 471.317050][ T9383] netlink: 'syz.2.1054': attribute type 14 has an invalid length. [ 471.328149][ T9383] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1054'. [ 471.398765][ T29] audit: type=1400 audit(1722145992.886:794): avc: denied { connect } for pid=9377 comm="syz.1.1051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 471.459890][ T29] audit: type=1400 audit(1722145992.946:795): avc: denied { shutdown } for pid=9377 comm="syz.1.1051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 471.519730][ T1131] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 471.580298][ T29] audit: type=1400 audit(1722145993.076:796): avc: denied { ioctl } for pid=9377 comm="syz.1.1051" path="socket:[26481]" dev="sockfs" ino=26481 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 471.661759][ T9390] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.723956][ T1131] usb 1-1: Using ep0 maxpacket: 16 [ 471.739234][ T1131] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 471.776237][ T1131] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 471.806982][ T1131] usb 1-1: Product: syz [ 471.825143][ T1131] usb 1-1: Manufacturer: syz [ 471.843839][ T1131] usb 1-1: SerialNumber: syz [ 471.864928][ T1131] usb 1-1: config 0 descriptor?? [ 471.876942][ T9393] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1058'. [ 471.886721][ T9393] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1058'. [ 471.945945][ T1131] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 472.986688][ T170] usb 1-1: Failed to submit usb control message: -110 [ 473.154417][ T170] usb 1-1: unable to send the bmi data to the device: -110 [ 473.195449][ T170] usb 1-1: unable to get target info from device [ 473.262589][ T170] usb 1-1: could not get target info (-110) [ 473.268890][ T170] usb 1-1: could not probe fw (-110) [ 473.555538][ T9406] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1059'. [ 473.622900][ T1131] usb 1-1: USB disconnect, device number 6 [ 473.636238][ T9408] netlink: 'syz.2.1061': attribute type 11 has an invalid length. [ 474.755901][ T29] audit: type=1400 audit(1722145996.246:797): avc: denied { bind } for pid=9411 comm="syz.2.1063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 474.841668][ T29] audit: type=1400 audit(1722145996.276:798): avc: denied { name_bind } for pid=9411 comm="syz.2.1063" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 474.926979][ T29] audit: type=1400 audit(1722145996.276:799): avc: denied { node_bind } for pid=9411 comm="syz.2.1063" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 475.013560][ T29] audit: type=1400 audit(1722145996.386:800): avc: denied { write } for pid=9411 comm="syz.2.1063" laddr=127.0.0.1 lport=49930 faddr=127.0.0.1 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 475.220002][ T29] audit: type=1400 audit(1722145996.696:801): avc: denied { mount } for pid=9429 comm="syz.1.1070" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 475.378533][ T29] audit: type=1400 audit(1722145996.746:802): avc: denied { mounton } for pid=9429 comm="syz.1.1070" path="/106/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 475.861293][ T9438] netlink: 'syz.0.1073': attribute type 11 has an invalid length. [ 477.175321][ T9446] veth0_vlan: entered allmulticast mode [ 478.323418][ T9462] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1082'. [ 478.329863][ T1131] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 478.605000][ T1131] usb 2-1: Using ep0 maxpacket: 16 [ 479.459771][ T5278] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 479.486504][ T1131] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 479.510056][ T1131] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.519760][ T1131] usb 2-1: Product: syz [ 479.523956][ T1131] usb 2-1: Manufacturer: syz [ 479.530161][ T1131] usb 2-1: SerialNumber: syz [ 479.538591][ T1131] usb 2-1: config 0 descriptor?? [ 479.577668][ T1131] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 479.690151][ T5278] usb 1-1: Using ep0 maxpacket: 32 [ 479.735454][ T5278] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 479.771142][ T5278] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 479.785923][ T5278] usb 1-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00 [ 479.796703][ T5278] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.812549][ T5278] usb 1-1: config 0 descriptor?? [ 480.031632][ T8] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 480.055796][ T2500] usb 2-1: Failed to submit usb control message: -71 [ 480.056360][ T1131] usb 2-1: USB disconnect, device number 19 [ 480.066297][ T2500] usb 2-1: unable to send the bmi data to the device: -71 [ 480.116150][ T2500] usb 2-1: unable to get target info from device [ 480.154534][ T2500] usb 2-1: could not get target info (-71) [ 480.188459][ T2500] usb 2-1: could not probe fw (-71) [ 480.263070][ T8] usb 4-1: config 0 has an invalid interface number: 217 but max is 1 [ 480.288048][ T8] usb 4-1: config 0 has no interface number 1 [ 480.304871][ T8] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 480.322792][ T8] usb 4-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice=1f.44 [ 480.326654][ T5278] logitech 0003:046D:C298.000D: unknown main item tag 0x0 [ 480.370816][ T5278] logitech 0003:046D:C298.000D: hidraw0: USB HID v0.00 Device [HID 046d:c298] on usb-dummy_hcd.0-1/input0 [ 480.378695][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.407193][ T5278] logitech 0003:046D:C298.000D: no inputs found [ 480.408388][ T8] usb 4-1: config 0 descriptor?? [ 480.435000][ T8] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f [ 480.520857][ T9484] sock: sock_timestamping_bind_phc: sock not bind to device [ 480.679994][ T8] gspca_sn9c20x: Write register 1000 failed -71 [ 480.708761][ T8] gspca_sn9c20x: Device initialization failed [ 480.742721][ T8] gspca_sn9c20x 4-1:0.0: probe with driver gspca_sn9c20x failed with error -71 [ 480.779308][ T5278] usb 1-1: USB disconnect, device number 7 [ 480.810152][ T8] usb 4-1: USB disconnect, device number 21 [ 481.172621][ T9485] dccp_xmit_packet: Payload too large (65475) for featneg. [ 481.933319][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 481.933338][ T29] audit: type=1400 audit(1722146259.432:804): avc: denied { getopt } for pid=9505 comm="syz.3.1099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 482.077947][ T29] audit: type=1400 audit(1722146259.492:805): avc: denied { sqpoll } for pid=9505 comm="syz.3.1099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 488.470150][ T9520] netlink: 'syz.1.1101': attribute type 10 has an invalid length. [ 488.646367][ T9520] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 488.680060][ T9520] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 488.708324][ T9520] team0: Failed to send options change via netlink (err -105) [ 490.616886][ T9520] team0: Port device netdevsim0 added [ 490.701352][ T5278] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 490.760902][ T9522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1102'. [ 491.103468][ T9524] netlink: 'syz.1.1101': attribute type 10 has an invalid length. [ 491.207435][ T9540] affs: No valid root block on device nullb0 [ 491.972696][ T9524] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 492.012820][ T9524] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 492.094952][ T9524] team0: Port device netdevsim0 removed [ 492.141630][ T9524] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 498.908299][ T9567] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 498.925363][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 499.033216][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 499.041641][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 499.051771][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 499.060091][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 499.067710][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 500.084002][ T9567] usb usb9: usbfs: interface 0 claimed by hub while 'syz.1.1113' sets config #0 [ 500.286791][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.689140][ T9583] affs: No valid root block on device nullb0 [ 501.209834][ T54] Bluetooth: hci0: command tx timeout [ 501.389886][ T29] audit: type=1400 audit(1722146278.882:806): avc: denied { map } for pid=9584 comm="syz.1.1117" path="pipe:[27808]" dev="pipefs" ino=27808 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 501.633073][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.118844][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.165045][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 503.390297][ T54] Bluetooth: hci0: command tx timeout [ 505.750028][ T54] Bluetooth: hci0: command tx timeout [ 505.765137][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 506.329988][ T11] bridge_slave_1: left allmulticast mode [ 506.375008][ T11] bridge_slave_1: left promiscuous mode [ 506.439151][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.484575][ T11] bridge_slave_0: left allmulticast mode [ 506.496872][ T11] bridge_slave_0: left promiscuous mode [ 506.515327][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.590227][ T5279] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 506.798858][ T5279] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 506.823808][ T5279] usb 3-1: Dual-Role OTG device on HNP port [ 506.847361][ T5279] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=7a.b1 [ 506.887939][ T5279] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.937214][ T5279] usb 3-1: Product: syz [ 506.998538][ T5279] usb 3-1: Manufacturer: syz [ 507.011515][ T5279] usb 3-1: SerialNumber: syz [ 507.036619][ T5279] usb 3-1: config 0 descriptor?? [ 507.055236][ T5279] usb_ehset_test 3-1:0.0: probe with driver usb_ehset_test failed with error -32 [ 507.101996][ T29] audit: type=1400 audit(1722146284.602:807): avc: denied { setopt } for pid=9623 comm="syz.0.1128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 507.545868][ T5279] usb 3-1: USB disconnect, device number 16 [ 507.831114][ T54] Bluetooth: hci0: command tx timeout [ 507.837531][ T29] audit: type=1400 audit(1722146285.332:808): avc: denied { create } for pid=9628 comm="syz.3.1131" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 508.343445][ T5229] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 508.362121][ T5229] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 508.382289][ T5229] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 508.406198][ T5229] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 508.415603][ T5229] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 508.422907][ T5279] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 508.431299][ T5229] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 508.651332][ T5279] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 508.662573][ T5279] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 508.680970][ T5279] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 508.692742][ T29] audit: type=1400 audit(1722146286.192:809): avc: denied { read } for pid=9642 comm="syz.2.1135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 508.713908][ T5279] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 508.724372][ T5279] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 508.735123][ T5279] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 508.762093][ T5279] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 508.780380][ T5279] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.788553][ T5279] usb 4-1: Product: syz [ 508.794347][ T5279] usb 4-1: Manufacturer: syz [ 508.799163][ T5279] usb 4-1: SerialNumber: syz [ 508.842235][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 508.858069][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 508.877397][ T11] bond0 (unregistering): Released all slaves [ 509.141745][ T9569] chnl_net:caif_netlink_parms(): no params data found [ 509.923504][ T5279] cdc_ncm 4-1:1.0: bind() failure [ 509.966253][ T5279] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 509.973434][ T11] hsr_slave_0: left promiscuous mode [ 509.979015][ T5279] cdc_ncm 4-1:1.1: bind() failure [ 510.014287][ T11] hsr_slave_1: left promiscuous mode [ 510.031672][ T5279] usb 4-1: USB disconnect, device number 23 [ 510.066651][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 510.105126][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 510.183286][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 510.220431][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 510.324747][ T11] veth1_macvtap: left promiscuous mode [ 510.340504][ T11] veth0_macvtap: left promiscuous mode [ 510.346767][ T11] veth1_vlan: left promiscuous mode [ 510.370423][ T11] veth0_vlan: left promiscuous mode [ 510.469869][ T54] Bluetooth: hci5: command tx timeout [ 511.061446][ T29] audit: type=1400 audit(1722146288.562:810): avc: denied { append } for pid=9673 comm="syz.2.1140" name="nvme-fabrics" dev="devtmpfs" ino=688 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 511.280870][ T9676] nvme_fabrics: missing parameter 'transport=%s' [ 511.328197][ T9676] nvme_fabrics: missing parameter 'nqn=%s' [ 512.558978][ T5229] Bluetooth: hci5: command tx timeout [ 512.805684][ T11] team0 (unregistering): Port device team_slave_1 removed [ 512.881249][ T5273] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 512.913606][ T11] team0 (unregistering): Port device team_slave_0 removed [ 513.106061][ T5273] usb 1-1: Using ep0 maxpacket: 16 [ 513.116287][ T5273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 513.137843][ T5273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 513.169544][ T5273] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 513.191181][ T5273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.212494][ T5273] usb 1-1: config 0 descriptor?? [ 513.234550][ T9688] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 514.505063][ T5229] Bluetooth: hci3: command 0x0406 tx timeout [ 514.652915][ T5229] Bluetooth: hci5: command tx timeout [ 514.790224][ T9569] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.825480][ T9569] bridge0: port 1(bridge_slave_0) entered disabled state [ 514.861715][ T9569] bridge_slave_0: entered allmulticast mode [ 514.902361][ T9569] bridge_slave_0: entered promiscuous mode [ 514.935955][ T9569] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.977441][ T9569] bridge0: port 2(bridge_slave_1) entered disabled state [ 514.999077][ T5273] usbhid 1-1:0.0: can't add hid device: -71 [ 515.007172][ T9569] bridge_slave_1: entered allmulticast mode [ 515.011826][ T5273] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 515.039866][ T5273] usb 1-1: USB disconnect, device number 8 [ 515.052277][ T9569] bridge_slave_1: entered promiscuous mode [ 515.480474][ T9569] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 515.533343][ T9569] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 515.841441][ T9569] team0: Port device team_slave_0 added [ 515.865119][ T9569] team0: Port device team_slave_1 added [ 516.300635][ T9569] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 516.328256][ T9569] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 516.426698][ T9569] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 516.517582][ T9569] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 516.552190][ T9569] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 516.706838][ T9569] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 516.718231][ T54] Bluetooth: hci5: command tx timeout [ 517.377244][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 517.494362][ T9569] hsr_slave_0: entered promiscuous mode [ 517.552656][ T9569] hsr_slave_1: entered promiscuous mode [ 517.602752][ T9569] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 517.621195][ T9569] Cannot create hsr debugfs directory [ 517.785658][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 517.936135][ T9638] chnl_net:caif_netlink_parms(): no params data found [ 518.112850][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 518.330371][ T11] bond0: (slave netdevsim0): Releasing backup interface [ 518.371810][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 519.502258][ T9638] bridge0: port 1(bridge_slave_0) entered blocking state [ 519.509452][ T9638] bridge0: port 1(bridge_slave_0) entered disabled state [ 519.540580][ T9638] bridge_slave_0: entered allmulticast mode [ 519.561808][ T9638] bridge_slave_0: entered promiscuous mode [ 519.600325][ T9638] bridge0: port 2(bridge_slave_1) entered blocking state [ 519.617955][ T9638] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.636575][ T9638] bridge_slave_1: entered allmulticast mode [ 519.659906][ T9638] bridge_slave_1: entered promiscuous mode [ 520.056645][ T9638] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 520.113909][ T9638] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 520.286234][ C0] eth0: bad gso: type: 1, size: 1408 [ 520.414125][ T11] team0: left allmulticast mode [ 520.429361][ T11] team_slave_0: left allmulticast mode [ 520.585827][ T11] team_slave_1: left allmulticast mode [ 520.910356][ T11] bridge0: port 3(team0) entered disabled state [ 521.188626][ T11] bridge_slave_1: left allmulticast mode [ 521.222863][ T11] bridge_slave_1: left promiscuous mode [ 521.228699][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 521.294120][ T11] bridge_slave_0: left allmulticast mode [ 521.321809][ T11] bridge_slave_0: left promiscuous mode [ 521.327637][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 521.833259][ T9806] affs: No valid root block on device nullb0 [ 521.864140][ T8] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 522.092100][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 522.276402][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 522.317289][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 522.372153][ T8] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 522.398343][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.432255][ T8] usb 4-1: config 0 descriptor?? [ 522.500497][ T9808] netlink: 'syz.2.1169': attribute type 1 has an invalid length. [ 522.972677][ T8] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 523.019880][ T8] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving [ 523.192418][ T8] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 524.300492][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 524.352479][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 524.376572][ T11] bond0 (unregistering): Released all slaves [ 524.441917][ T941] usb 4-1: reset high-speed USB device number 24 using dummy_hcd [ 524.499230][ T9638] team0: Port device team_slave_0 added [ 524.653757][ T941] usb 4-1: device descriptor read/64, error -32 [ 524.766274][ T9638] team0: Port device team_slave_1 added [ 525.263650][ T9832] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1174'. [ 525.852701][ T8] usb 4-1: USB disconnect, device number 24 [ 525.918944][ T9638] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 525.979684][ T9638] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 526.078982][ T9638] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 526.124584][ T29] audit: type=1400 audit(1722146303.612:811): avc: denied { create } for pid=9833 comm="syz.0.1175" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=key permissive=1 [ 526.224330][ T29] audit: type=1400 audit(1722146303.642:812): avc: denied { write } for pid=9833 comm="syz.0.1175" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=key permissive=1 [ 526.548245][ T9844] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1179'. [ 526.592976][ T9638] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 526.615827][ T9638] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 526.672687][ T9638] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 526.715765][ T11] hsr_slave_0: left promiscuous mode [ 527.485295][ T11] hsr_slave_1: left promiscuous mode [ 527.511830][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 527.524625][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 527.574293][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 527.590536][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 527.644593][ T11] veth1_macvtap: left promiscuous mode [ 527.650551][ T11] veth0_macvtap: left promiscuous mode [ 527.657490][ T11] veth1_vlan: left promiscuous mode [ 527.664471][ T11] veth0_vlan: left promiscuous mode [ 528.502307][ T11] team_slave_1 (unregistering): left promiscuous mode [ 528.536371][ T11] team0 (unregistering): Port device team_slave_1 removed [ 528.596461][ T11] team_slave_0 (unregistering): left promiscuous mode [ 528.605040][ T11] team0 (unregistering): Port device team_slave_0 removed [ 529.619836][ T29] audit: type=1400 audit(1722146307.102:813): avc: denied { listen } for pid=9864 comm="syz.3.1184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 529.945140][ T9638] hsr_slave_0: entered promiscuous mode [ 530.004228][ T9638] hsr_slave_1: entered promiscuous mode [ 530.035911][ T9638] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 530.053638][ T9638] Cannot create hsr debugfs directory [ 532.097347][ T9569] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 532.126329][ T9569] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 532.286812][ T9569] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 532.341828][ T9569] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 533.664319][ T9569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 533.683174][ T29] audit: type=1400 audit(1722146311.172:814): avc: denied { getopt } for pid=9928 comm="syz.2.1202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 533.694738][ T9931] Bluetooth: MGMT ver 1.23 [ 533.817328][ T9569] 8021q: adding VLAN 0 to HW filter on device team0 [ 533.867950][ T9638] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 533.914526][ T9638] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 534.043248][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 534.050676][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 534.087982][ T9638] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 534.142501][ T5274] bridge0: port 2(bridge_slave_1) entered blocking state [ 534.149749][ T5274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 534.191100][ T9638] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 534.903754][ T9945] netlink: 'syz.0.1205': attribute type 1 has an invalid length. [ 535.111037][ T9638] 8021q: adding VLAN 0 to HW filter on device bond0 [ 535.392220][ T9638] 8021q: adding VLAN 0 to HW filter on device team0 [ 535.444579][ T9961] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1208'. [ 535.660689][ T5274] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.667904][ T5274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 535.688184][ T5274] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.695371][ T5274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 536.723063][ T9961] : entered promiscuous mode [ 536.930195][ T9569] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 536.953480][ T29] audit: type=1400 audit(1722146314.452:815): avc: denied { read } for pid=9972 comm="syz.2.1210" path="socket:[29835]" dev="sockfs" ino=29835 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 538.245157][ T9638] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 538.513737][ T9569] veth0_vlan: entered promiscuous mode [ 538.584945][ T9569] veth1_vlan: entered promiscuous mode [ 538.653791][ T9638] veth0_vlan: entered promiscuous mode [ 538.723789][ T9638] veth1_vlan: entered promiscuous mode [ 539.350928][T10013] vivid-000: disconnect [ 539.363112][T10013] vivid-000: reconnect [ 540.083512][ T9569] veth0_macvtap: entered promiscuous mode [ 540.248670][ T9569] veth1_macvtap: entered promiscuous mode [ 540.398036][ T9638] veth0_macvtap: entered promiscuous mode [ 540.442241][ T9638] veth1_macvtap: entered promiscuous mode [ 540.468232][ T9569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.490386][ T9569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.547522][ T9569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.597184][ T9569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.637768][ T9569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.681634][ T9569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.712780][ T29] audit: type=1400 audit(1722146318.212:816): avc: denied { listen } for pid=10029 comm="syz.2.1221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 540.722610][ T9569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.774471][ T9569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.788305][ T9569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.835448][ T9569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.882762][ T9569] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 540.944362][ T9569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 540.996769][ T9569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.036679][ T9569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.080074][ T9569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.112266][ T9569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.127898][ T9569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.150361][ T9569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.199754][ T9569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.238314][ T9569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.271463][ T9569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.359485][ T9569] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 541.503700][ T9569] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.550850][ T9569] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.600967][ T9569] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.653196][ T9569] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.761723][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 541.796020][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.824677][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 541.879856][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.958163][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 541.994216][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.009336][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.060217][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.098419][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.118915][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.138392][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.210229][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.248255][ T9638] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 542.274144][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.339770][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.360459][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.402043][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.423765][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.485795][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.519875][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.545541][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.562662][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.606529][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.643244][ T9638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.671965][ T9638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.716287][ T9638] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 542.776039][ T9638] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.798882][ T9638] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.816730][ T9638] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.870218][ T9638] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.373807][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.413136][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.602062][ T9560] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.646257][ T9560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.798175][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.836661][T10097] netlink: 'syz.0.1235': attribute type 1 has an invalid length. [ 543.849858][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.863906][T10097] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1235'. [ 544.058808][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 544.108631][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 544.437642][ T29] audit: type=1400 audit(1722146321.932:817): avc: denied { bind } for pid=10109 comm="syz.1.1129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 545.665163][T10147] pim6reg1: entered allmulticast mode [ 547.167111][T10165] wireguard0: entered promiscuous mode [ 547.429930][ T29] audit: type=1400 audit(1722146324.782:818): avc: denied { compute_member } for pid=10166 comm="syz.1.1249" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 548.001471][T10165] wireguard0: entered allmulticast mode [ 548.454532][T10178] vivid-004: disconnect [ 548.462047][T10178] vivid-004: reconnect [ 549.612351][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 551.233437][T10190] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1253'. [ 551.243381][T10190] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1253'. [ 551.294922][ T5280] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 551.543209][ T5280] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 551.600089][ T5280] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 551.665095][ T5280] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 551.696681][ T5280] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.981153][ T29] audit: type=1400 audit(1722146329.852:819): avc: denied { append } for pid=10191 comm="syz.4.1254" name="001" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 553.004091][ C1] vkms_vblank_simulate: vblank timer overrun [ 553.118643][ T5280] usb 5-1: string descriptor 0 read error: -71 [ 553.189008][ T5280] usb 5-1: USB disconnect, device number 11 [ 554.599883][T10252] wireguard0: entered promiscuous mode [ 554.671362][T10252] wireguard0: entered allmulticast mode [ 555.190229][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 556.490934][T10268] serio: Serial port ptm0 [ 556.559816][ T54] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 556.575209][ T5229] Bluetooth: hci7: command 0x1003 tx timeout [ 557.391504][ T29] audit: type=1400 audit(1722146334.892:820): avc: denied { map } for pid=10271 comm="syz.0.1271" path="/dev/sg0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 557.516650][ T29] audit: type=1400 audit(1722146334.922:821): avc: denied { execute } for pid=10271 comm="syz.0.1271" path="/dev/sg0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 557.540843][ C1] vkms_vblank_simulate: vblank timer overrun [ 560.210000][T10290] netlink: 'syz.4.1272': attribute type 11 has an invalid length. [ 560.219285][T10290] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1272'. [ 560.960184][T10290] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 561.801296][ T8741] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 563.764524][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.995978][T10318] syz.1.1281: attempt to access beyond end of device [ 563.995978][T10318] loop3: rw=0, sector=0, nr_sectors = 8 limit=0 [ 564.032326][T10318] F2FS-fs (loop3): Unable to read 1th superblock [ 564.062896][T10318] syz.1.1281: attempt to access beyond end of device [ 564.062896][T10318] loop3: rw=0, sector=8, nr_sectors = 8 limit=0 [ 564.115777][T10318] F2FS-fs (loop3): Unable to read 2th superblock [ 564.186427][T10323] syz.1.1281: attempt to access beyond end of device [ 564.186427][T10323] loop3: rw=0, sector=0, nr_sectors = 8 limit=0 [ 564.239152][T10323] F2FS-fs (loop3): Unable to read 1th superblock [ 564.267871][T10323] syz.1.1281: attempt to access beyond end of device [ 564.267871][T10323] loop3: rw=0, sector=8, nr_sectors = 8 limit=0 [ 564.329903][T10323] F2FS-fs (loop3): Unable to read 2th superblock [ 564.689419][T10340] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 564.716882][ T29] audit: type=1400 audit(1722146342.212:822): avc: denied { read } for pid=10336 comm="syz.1.1289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 564.787521][ T29] audit: type=1400 audit(1722146342.242:823): avc: denied { ioctl } for pid=10336 comm="syz.1.1289" path="socket:[30632]" dev="sockfs" ino=30632 ioctlcmd=0x89a1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 565.751434][T10361] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1294'. [ 565.767007][T10361] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1294'. [ 566.117656][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 566.807724][T10380] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 566.834130][ T54] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 567.123923][ T54] Bluetooth: hci0: unexpected event 0x12 length: 140 > 8 [ 567.140068][ T29] audit: type=1400 audit(1722146344.532:824): avc: denied { accept } for pid=10379 comm="syz.3.1301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 567.409835][T10390] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 568.652590][ T29] audit: type=1400 audit(1722146346.152:825): avc: denied { remount } for pid=10398 comm="syz.3.1304" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 568.699284][T10399] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 568.724755][ T5274] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 568.949840][ T5274] usb 3-1: Using ep0 maxpacket: 16 [ 569.097854][ T5274] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 569.955256][ T5274] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 569.977509][ T5274] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 570.202250][ T5274] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 570.232038][ T5274] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.256018][ T5274] usb 3-1: config 0 descriptor?? [ 570.378930][T10414] raw_sendmsg: syz.3.1309 forgot to set AF_INET. Fix it! [ 572.503736][ T5274] usbhid 3-1:0.0: can't add hid device: -71 [ 572.695820][ T5274] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 572.737137][T10429] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1311'. [ 572.755532][T10435] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 572.836336][ T5274] usb 3-1: USB disconnect, device number 17 [ 572.960361][ T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 573.290344][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 573.553897][ T9] usb 4-1: New USB device found, idVendor=17ef, idProduct=720c, bcdDevice= 0.90 [ 573.660629][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.777208][ T9] r8152-cfgselector 4-1: Unknown version 0x0000 [ 573.801938][ T9] r8152-cfgselector 4-1: config 0 descriptor?? [ 573.869996][ T9] r8152 4-1:0.0: Expected endpoints are not found [ 573.943932][ T29] audit: type=1400 audit(1722146351.442:826): avc: denied { ioctl } for pid=10443 comm="syz.2.1318" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 574.358486][T10447] vivid-004: disconnect [ 574.365497][T10447] vivid-004: reconnect [ 575.015688][T10449] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 575.277185][ T5228] r8152-cfgselector 4-1: USB disconnect, device number 25 [ 576.826973][T10475] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 577.007744][T10477] IPv6: Can't replace route, no match found [ 577.086559][ T29] audit: type=1400 audit(1722146354.582:827): avc: denied { write } for pid=10476 comm="syz.2.1328" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 577.108418][T10485] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(9) [ 577.114974][T10485] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 577.155324][T10485] vhci_hcd vhci_hcd.0: Device attached [ 577.176435][T10477] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1328'. [ 577.361024][ T5228] vhci_hcd: vhci_device speed not set [ 577.449785][ T5228] usb 17-2: new full-speed USB device number 2 using vhci_hcd [ 577.475217][ T29] audit: type=1400 audit(1722146354.972:828): avc: denied { create } for pid=10471 comm="syz.4.1327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 578.902659][T10486] vhci_hcd: connection reset by peer [ 578.908662][ T2500] vhci_hcd: stop threads [ 578.919925][ T2500] vhci_hcd: release socket [ 578.944434][ T2500] vhci_hcd: disconnect device [ 579.306813][T10519] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 580.368192][ T29] audit: type=1400 audit(1722146357.862:829): avc: denied { create } for pid=10525 comm="syz.3.1342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 580.643935][ T54] Bluetooth: hci3: unexpected event 0x08 length: 78 > 4 [ 580.942832][ T29] audit: type=1400 audit(1722146358.442:830): avc: denied { write } for pid=10523 comm="syz.0.1341" name="usbmon4" dev="devtmpfs" ino=719 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 581.057268][T10543] vivid-002: disconnect [ 581.064328][T10543] vivid-002: reconnect [ 582.264432][ T29] audit: type=1400 audit(1722146359.762:831): avc: denied { getopt } for pid=10542 comm="syz.1.1347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 582.642366][ T29] audit: type=1400 audit(1722146359.852:832): avc: denied { getopt } for pid=10542 comm="syz.1.1347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 582.714359][ T5228] vhci_hcd: vhci_device speed not set [ 583.037925][ T29] audit: type=1400 audit(1722146360.042:833): avc: denied { unmount } for pid=5222 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 583.261727][T10564] netlink: 2060 bytes leftover after parsing attributes in process `syz.4.1354'. [ 583.283896][T10564] netlink: 'syz.4.1354': attribute type 1 has an invalid length. [ 583.451869][T10564] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.1354'. [ 584.776638][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 584.950985][ T29] audit: type=1326 audit(1722146362.432:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10571 comm="syz.4.1356" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f81a6177299 code=0x0 [ 585.041534][T10585] netlink: 'syz.3.1360': attribute type 29 has an invalid length. [ 585.120614][T10586] netlink: 'syz.3.1360': attribute type 29 has an invalid length. [ 585.159520][T10585] netlink: 'syz.3.1360': attribute type 29 has an invalid length. [ 585.174020][T10585] netlink: 'syz.3.1360': attribute type 29 has an invalid length. [ 586.969498][T10602] netlink: 2060 bytes leftover after parsing attributes in process `syz.4.1366'. [ 587.080581][T10602] netlink: 'syz.4.1366': attribute type 1 has an invalid length. [ 587.088625][T10602] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.1366'. [ 589.254289][T10617] dlm: non-version read from control device 2147479552 [ 589.645565][T10640] netlink: 'syz.4.1379': attribute type 1 has an invalid length. [ 589.674479][T10640] netlink: 112860 bytes leftover after parsing attributes in process `syz.4.1379'. [ 589.746879][T10640] netlink: 'syz.4.1379': attribute type 1 has an invalid length. [ 589.909039][T10644] netlink: 'syz.3.1378': attribute type 12 has an invalid length. [ 589.920471][ T29] audit: type=1400 audit(1722146367.402:835): avc: denied { read write } for pid=10639 comm="syz.4.1379" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 589.975564][T10644] netlink: 'syz.3.1378': attribute type 11 has an invalid length. [ 589.995968][T10644] netlink: 190580 bytes leftover after parsing attributes in process `syz.3.1378'. [ 590.081622][ T29] audit: type=1400 audit(1722146367.402:836): avc: denied { open } for pid=10639 comm="syz.4.1379" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 590.240025][ T29] audit: type=1400 audit(1722146367.562:837): avc: denied { write } for pid=10639 comm="syz.4.1379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 592.833459][T10654] sp0: Synchronizing with TNC [ 592.890231][ T29] audit: type=1400 audit(1722146370.352:838): avc: denied { connect } for pid=10671 comm="syz.4.1390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 592.939972][T10670] sctp: [Deprecated]: syz.0.1386 (pid 10670) Use of int in maxseg socket option. [ 592.939972][T10670] Use struct sctp_assoc_value instead [ 592.997799][T10675] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1387'. [ 593.149264][T10678] binder: 10674:10678 ioctl 4004f50d 20000380 returned -22 [ 593.760536][T10692] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 594.557375][T10659] delete_channel: no stack [ 595.089054][T10701] netlink: 'syz.4.1395': attribute type 12 has an invalid length. [ 595.170086][T10701] netlink: 'syz.4.1395': attribute type 11 has an invalid length. [ 595.191649][T10701] netlink: 190580 bytes leftover after parsing attributes in process `syz.4.1395'. [ 595.479746][ T5280] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 595.710454][ T5280] usb 3-1: Using ep0 maxpacket: 8 [ 595.733043][ T5280] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 595.761878][ T5280] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 595.786293][ T5280] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 595.799996][ T5280] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 595.818911][ T5280] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 595.890049][ T5280] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.270689][ T54] Bluetooth: hci6: unexpected event 0x06 length: 23 > 3 [ 596.297670][ T5280] usb 3-1: usb_control_msg returned -71 [ 596.384390][ T5280] usbtmc 3-1:16.0: can't read capabilities [ 596.454210][ T5280] usb 3-1: USB disconnect, device number 18 [ 596.740253][ T29] audit: type=1400 audit(1722146374.242:839): avc: denied { read } for pid=10711 comm="syz.4.1401" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 596.862116][ T29] audit: type=1400 audit(1722146374.282:840): avc: denied { open } for pid=10711 comm="syz.4.1401" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 597.312470][T10724] sp0: Synchronizing with TNC [ 597.999871][T10738] sctp: [Deprecated]: syz.3.1410 (pid 10738) Use of int in maxseg socket option. [ 597.999871][T10738] Use struct sctp_assoc_value instead [ 598.059934][ T5279] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 598.290240][ T5279] usb 1-1: Using ep0 maxpacket: 32 [ 598.309927][ T54] Bluetooth: hci6: Opcode 0x206c failed: -110 [ 598.309942][ T5229] Bluetooth: hci6: command 0x0406 tx timeout [ 598.332855][ T5279] usb 1-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 598.352221][ T5279] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 598.372476][ T5279] usb 1-1: Product: syz [ 598.377862][ T5279] usb 1-1: Manufacturer: syz [ 598.385163][ T5279] usb 1-1: SerialNumber: syz [ 598.404506][ T5279] usb 1-1: config 0 descriptor?? [ 598.422074][ T5279] radioshark 1-1:0.0: Invalid radioSHARK device [ 598.431006][ T5279] radioshark 1-1:0.0: probe with driver radioshark failed with error -22 [ 598.449130][ T5279] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 598.673525][ T9] usb 1-1: USB disconnect, device number 10 [ 598.869579][ T5229] Bluetooth: hci5: unexpected event 0x09 length: 17 > 3 [ 598.950358][T10732] delete_channel: no stack [ 599.086077][T10763] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 599.096134][T10763] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 599.214566][T10771] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1421'. [ 599.345758][ T29] audit: type=1400 audit(1722146376.842:841): avc: denied { lock } for pid=10765 comm="syz.2.1420" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 599.469579][ T29] audit: type=1400 audit(1722146376.962:842): avc: denied { ioctl } for pid=10775 comm="syz.0.1422" path="socket:[33305]" dev="sockfs" ino=33305 ioctlcmd=0x8907 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 599.543809][ T29] audit: type=1400 audit(1722146376.992:843): avc: denied { read } for pid=10775 comm="syz.0.1422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 600.391657][ T54] Bluetooth: hci6: Opcode 0x2046 failed: -110 [ 600.579482][T10796] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1432'. [ 600.899833][ T9] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 601.120294][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 601.150553][ T9] usb 5-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 601.186823][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 601.227688][ T9] usb 5-1: Product: syz [ 601.237819][ T9] usb 5-1: Manufacturer: syz [ 601.244893][ T9] usb 5-1: SerialNumber: syz [ 601.548006][ T9] usb 5-1: config 0 descriptor?? [ 601.558060][ T9] radioshark 5-1:0.0: Invalid radioSHARK device [ 601.564581][ T9] radioshark 5-1:0.0: probe with driver radioshark failed with error -22 [ 601.575141][ T9] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 602.046751][ T5280] usb 5-1: USB disconnect, device number 12 [ 602.858067][T10831] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1447'. [ 602.927057][T10831] bridge0: port 3(team0) entered disabled state [ 602.933952][T10831] bridge0: port 2(bridge_slave_1) entered disabled state [ 602.941539][T10831] bridge0: port 1(bridge_slave_0) entered disabled state [ 604.309795][ T54] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 604.319010][ T54] Bluetooth: hci6: Injecting HCI hardware error event [ 604.330119][ T54] Bluetooth: hci6: hardware error 0x00 [ 604.679370][ T29] audit: type=1400 audit(1722146382.172:844): avc: denied { mounton } for pid=10855 comm="syz.0.1456" path="/113/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 605.022201][ T29] audit: type=1400 audit(1722146382.202:845): avc: denied { read } for pid=10855 comm="syz.0.1456" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 605.548736][ T29] audit: type=1400 audit(1722146382.202:846): avc: denied { open } for pid=10855 comm="syz.0.1456" path="/113/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 605.908360][ T29] audit: type=1400 audit(1722146383.402:847): avc: denied { unmount } for pid=8431 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 606.727816][ T54] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 606.777377][ T941] IPVS: starting estimator thread 0... [ 606.871964][ T29] audit: type=1400 audit(1722146384.372:848): avc: denied { mount } for pid=10859 comm="syz.1.1457" name="/" dev="rpc_pipefs" ino=33900 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 606.908157][T10871] IPVS: using max 18 ests per chain, 43200 per kthread [ 607.403369][T10881] vivid-002: disconnect [ 607.411882][T10881] vivid-002: reconnect [ 609.465679][ T29] audit: type=1804 audit(1722146386.962:849): pid=10896 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.1.1468" name="/newroot/61/bus/file0" dev="overlay" ino=337 res=1 errno=0 [ 612.482630][ T29] audit: type=1400 audit(1722146389.982:850): avc: denied { read } for pid=10927 comm="syz.0.1480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 612.621250][T10939] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1480'. [ 612.736940][ T29] audit: type=1804 audit(1722146390.232:851): pid=10942 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.1.1482" name="/newroot/64/bus/file0" dev="overlay" ino=364 res=1 errno=0 [ 612.795033][T10950] sctp: [Deprecated]: syz.4.1484 (pid 10950) Use of int in maxseg socket option. [ 612.795033][T10950] Use struct sctp_assoc_value instead [ 614.744312][T10944] delete_channel: no stack [ 614.949841][ T29] audit: type=1400 audit(1722146392.442:852): avc: denied { append } for pid=10968 comm="syz.0.1491" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 615.406819][T10986] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1498'. [ 615.428666][T10986] openvswitch: netlink: Geneve opt len 13 is not a multiple of 4. [ 615.495807][ T54] Bluetooth: hci5: unexpected event 0x08 length: 78 > 4 [ 615.925703][T10993] netlink: 'syz.4.1499': attribute type 4 has an invalid length. [ 616.896159][ T29] audit: type=1400 audit(1722146394.382:853): avc: denied { connect } for pid=10996 comm="syz.2.1500" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 618.630252][ T9] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 619.604360][ T8741] IPVS: starting estimator thread 0... [ 619.645601][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 619.700841][ T9] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 619.751774][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 619.766911][ T9] usb 4-1: Product: syz [ 619.771271][T11018] IPVS: using max 30 ests per chain, 72000 per kthread [ 619.786059][ T9] usb 4-1: Manufacturer: syz [ 619.794984][ T9] usb 4-1: SerialNumber: syz [ 619.830425][ T9] usb 4-1: config 0 descriptor?? [ 619.852939][ T9] visor 4-1:0.0: Sony Clie 3.5 converter detected [ 620.076063][ T9] usb 4-1: clie_3_5_startup: get config number failed: -71 [ 620.128022][ T9] visor 4-1:0.0: probe with driver visor failed with error -71 [ 620.226914][ T9] usb 4-1: USB disconnect, device number 26 [ 620.316916][T11025] binder: 11023:11025 ioctl c018620c 20000140 returned -1 [ 620.883473][ T29] audit: type=1400 audit(1722146398.382:854): avc: denied { write } for pid=11032 comm="syz.4.1514" name="uinput" dev="devtmpfs" ino=837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 620.986661][T11038] input: syz0 as /devices/virtual/input/input14 [ 622.371233][T11061] xt_l2tp: v2 doesn't support IP mode [ 623.334792][T11058] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1522'. [ 623.398348][T11058] openvswitch: netlink: Geneve opt len 13 is not a multiple of 4. [ 623.564470][T11066] binder: 11063:11066 ioctl c018620c 20000140 returned -1 [ 624.185654][ T8741] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 624.196728][ T29] audit: type=1400 audit(1722146401.672:855): avc: denied { getopt } for pid=11074 comm="syz.1.1528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 624.217169][ C1] vkms_vblank_simulate: vblank timer overrun [ 625.172963][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.185025][ T8741] usb 1-1: Using ep0 maxpacket: 16 [ 625.220947][ T8741] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 625.245945][ T8741] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.271932][ T8741] usb 1-1: Product: syz [ 625.287512][ T8741] usb 1-1: Manufacturer: syz [ 625.298811][ T8741] usb 1-1: SerialNumber: syz [ 625.340581][ T8741] usb 1-1: config 0 descriptor?? [ 625.393065][ T8741] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 626.026188][T11092] syz.4.1533: attempt to access beyond end of device [ 626.026188][T11092] loop4: rw=0, sector=64, nr_sectors = 1 limit=0 [ 626.043392][T11092] syz.4.1533: attempt to access beyond end of device [ 626.043392][T11092] loop4: rw=0, sector=256, nr_sectors = 1 limit=0 [ 626.056586][T11092] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 626.068442][T11092] syz.4.1533: attempt to access beyond end of device [ 626.068442][T11092] loop4: rw=0, sector=512, nr_sectors = 1 limit=0 [ 626.082095][T11092] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 626.091765][T11092] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 626.099473][T11092] UDF-fs: Scanning with blocksize 512 failed [ 626.110795][T11092] syz.4.1533: attempt to access beyond end of device [ 626.110795][T11092] loop4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 626.124796][T11092] syz.4.1533: attempt to access beyond end of device [ 626.124796][T11092] loop4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 626.138244][T11092] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 626.149710][T11092] syz.4.1533: attempt to access beyond end of device [ 626.149710][T11092] loop4: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 626.162984][T11092] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 626.173159][T11092] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 626.181748][T11092] UDF-fs: Scanning with blocksize 1024 failed [ 626.191552][T11092] syz.4.1533: attempt to access beyond end of device [ 626.191552][T11092] loop4: rw=0, sector=64, nr_sectors = 4 limit=0 [ 626.206861][T11092] syz.4.1533: attempt to access beyond end of device [ 626.206861][T11092] loop4: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 626.220165][T11092] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 626.230885][T11092] syz.4.1533: attempt to access beyond end of device [ 626.230885][T11092] loop4: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 626.244588][T11092] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 626.254438][T11092] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 626.262303][T11092] UDF-fs: Scanning with blocksize 2048 failed [ 626.271960][T11092] syz.4.1533: attempt to access beyond end of device [ 626.271960][T11092] loop4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 626.285656][T11092] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 626.296078][T11092] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 626.305838][T11092] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 626.313702][T11092] UDF-fs: Scanning with blocksize 4096 failed [ 626.319912][T11092] UDF-fs: warning (device loop4): udf_fill_super: No partition found (1) [ 626.550400][ T8741] usb 1-1: clie_3_5_startup: get config number failed: -71 [ 626.557842][ T8741] visor 1-1:0.0: probe with driver visor failed with error -71 [ 626.622099][ T8741] usb 1-1: USB disconnect, device number 11 [ 626.668662][T11096] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1536'. [ 626.729899][T11096] openvswitch: netlink: Geneve opt len 13 is not a multiple of 4. [ 627.212185][ T29] audit: type=1400 audit(1722146404.692:856): avc: denied { listen } for pid=11101 comm="syz.2.1539" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 627.231660][ C1] vkms_vblank_simulate: vblank timer overrun [ 627.663188][T11121] sctp: [Deprecated]: syz.1.1542 (pid 11121) Use of int in maxseg socket option. [ 627.663188][T11121] Use struct sctp_assoc_value instead [ 627.713797][T11103] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11103 comm=syz.2.1539 [ 627.821473][ T29] audit: type=1400 audit(1722146405.312:857): avc: denied { getopt } for pid=11125 comm="syz.4.1543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 628.292195][ T29] audit: type=1400 audit(1722146405.792:858): avc: denied { mounton } for pid=11135 comm="syz.2.1547" path="/325/file0" dev="tmpfs" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 628.292787][T11136] UBIFS error (pid: 11136): cannot open "./file0", error -22 [ 628.315240][ C1] vkms_vblank_simulate: vblank timer overrun [ 628.361435][T11138] netlink: 'syz.3.1548': attribute type 39 has an invalid length. [ 628.682474][T11142] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 629.512094][T11115] delete_channel: no stack [ 630.100026][ T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 630.972878][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 630.982665][ T9] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 630.994588][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 631.004824][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 631.014887][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 631.025171][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 631.045890][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 631.079507][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 631.429004][ T9] usb 5-1: usb_control_msg returned -32 [ 631.435427][ T9] usbtmc 5-1:16.0: can't read capabilities [ 632.147645][T11181] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 632.262542][ T5229] Bluetooth: hci5: command 0x0406 tx timeout [ 633.101466][ T54] Bluetooth: hci3: unexpected event for opcode 0xebf3 [ 634.119995][ T941] usb 5-1: USB disconnect, device number 13 [ 634.801627][ T5279] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 634.951004][ T941] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 635.191974][ T941] usb 2-1: Using ep0 maxpacket: 8 [ 635.331257][ T5279] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 635.371202][ T5279] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 635.382110][ T941] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 635.392604][ T5279] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 635.401769][ T941] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 635.419657][ T5279] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.434567][ T941] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 635.484266][ T5279] usb 3-1: config 0 descriptor?? [ 635.509677][ T941] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 635.723038][ T941] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 635.847887][T11222] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 636.460820][ T941] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 636.480171][ T941] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.516276][ T941] usbtmc 2-1:16.0: probe with driver usbtmc failed with error -22 [ 636.833050][ T5279] holtek 0003:1241:5015.000F: collection stack underflow [ 636.860354][ T5279] holtek 0003:1241:5015.000F: item 0 1 0 12 parsing failed [ 636.887740][ T5279] holtek 0003:1241:5015.000F: parse failed [ 636.912048][ T5279] holtek 0003:1241:5015.000F: probe with driver holtek failed with error -22 [ 636.999899][ T29] audit: type=1326 audit(1722146414.482:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11230 comm="syz.3.1580" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3e77f77299 code=0x0 [ 637.104364][ T29] audit: type=1400 audit(1722146414.572:860): avc: denied { ioctl } for pid=11211 comm="syz.1.1574" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x3313 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 637.290580][ T5273] usb 3-1: USB disconnect, device number 19 [ 637.309096][ T9] usb 2-1: USB disconnect, device number 20 [ 637.783702][T11245] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1584'. [ 638.433941][T11245] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 638.440514][T11245] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 638.659748][ T29] audit: type=1400 audit(1722146416.142:861): avc: denied { connect } for pid=11243 comm="syz.4.1584" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 638.706604][T11245] vhci_hcd vhci_hcd.0: Device attached [ 639.020022][ T9] usb 17-1: new high-speed USB device number 3 using vhci_hcd [ 639.051923][T11266] fuse: Unknown parameter '0xffffffffffffffff' [ 639.156008][ T1131] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 639.280225][ T941] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 639.359844][ T1131] usb 5-1: Using ep0 maxpacket: 32 [ 639.414265][ T1131] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 639.439750][ T1131] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 639.465541][ T1131] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 639.489922][ T941] usb 4-1: Using ep0 maxpacket: 8 [ 639.495877][ T1131] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.500229][ T941] usb 4-1: config index 0 descriptor too short (expected 6427, got 27) [ 639.521789][ T1131] usb 5-1: config 0 descriptor?? [ 639.528804][T11245] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 639.548483][ T1131] hub 5-1:0.0: USB hub found [ 639.549416][ T941] usb 4-1: config 0 has an invalid interface number: 21 but max is 0 [ 639.580879][ T941] usb 4-1: config 0 has no interface number 0 [ 639.587677][ T941] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 639.617539][ T941] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 639.640004][ T5224] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 639.657051][ T941] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 639.707320][ T941] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 639.779430][ T941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.825473][ T941] usb 4-1: config 0 descriptor?? [ 639.840823][ T1131] hub 5-1:0.0: config failed, can't read hub descriptor (err -22) [ 639.847455][T11263] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 639.870049][ T5224] usb 3-1: Using ep0 maxpacket: 32 [ 639.884090][ T5224] usb 3-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=c3.4e [ 639.894918][ T5224] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.936719][ T5224] usb 3-1: Product: syz [ 639.957668][ T5224] usb 3-1: Manufacturer: syz [ 639.979050][ T5224] usb 3-1: SerialNumber: syz [ 640.021553][ T5224] usb 3-1: config 0 descriptor?? [ 640.053519][ T5224] usbtest 3-1:0.0: FX2 device [ 640.081418][ T5224] usbtest 3-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt) [ 640.203016][ T1131] hid-generic 0003:046D:C314.0010: hidraw0: USB HID v8.00 Device [HID 046d:c314] on usb-dummy_hcd.4-1/input0 [ 640.210232][ T941] usb 4-1: USB disconnect, device number 27 [ 640.536045][ T941] usb 3-1: USB disconnect, device number 20 [ 641.719836][T11247] vhci_hcd: connection reset by peer [ 641.750968][ T11] vhci_hcd: stop threads [ 641.755254][ T11] vhci_hcd: release socket [ 641.822976][ T11] vhci_hcd: disconnect device [ 641.836102][ T941] usb 5-1: USB disconnect, device number 14 [ 642.479983][ T5280] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 643.222650][ T5280] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 643.259410][ T5280] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 643.296067][ T5280] usb 4-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 643.323485][ T5280] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.384949][ T5280] usb 4-1: config 0 descriptor?? [ 647.638128][ T9] vhci_hcd: vhci_device speed not set [ 648.518159][ T5280] usb 4-1: can't set config #0, error -71 [ 648.571250][ T5280] usb 4-1: USB disconnect, device number 28 [ 648.632886][T11320] fuse: Unknown parameter '0xffffffffffffffff' [ 649.259679][ T29] audit: type=1326 audit(1722146426.752:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.1.1609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7ffc0000 [ 649.325560][ T29] audit: type=1326 audit(1722146426.762:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.1.1609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7ffc0000 [ 649.362809][ T29] audit: type=1326 audit(1722146426.762:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.1.1609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7fc5c2377299 code=0x7ffc0000 [ 649.407547][ T29] audit: type=1326 audit(1722146426.762:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.1.1609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7ffc0000 [ 650.444693][T11349] bio_check_eod: 2 callbacks suppressed [ 650.444743][T11349] syz.4.1611: attempt to access beyond end of device [ 650.444743][T11349] loop4: rw=0, sector=64, nr_sectors = 1 limit=0 [ 650.465192][T11349] syz.4.1611: attempt to access beyond end of device [ 650.465192][T11349] loop4: rw=0, sector=256, nr_sectors = 1 limit=0 [ 650.478412][T11349] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 650.490121][T11349] syz.4.1611: attempt to access beyond end of device [ 650.490121][T11349] loop4: rw=0, sector=512, nr_sectors = 1 limit=0 [ 650.503768][T11349] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 650.513888][T11349] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 650.521677][T11349] UDF-fs: Scanning with blocksize 512 failed [ 650.532821][T11349] syz.4.1611: attempt to access beyond end of device [ 650.532821][T11349] loop4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 650.549159][T11349] syz.4.1611: attempt to access beyond end of device [ 650.549159][T11349] loop4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 650.562377][T11349] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 650.573124][T11349] syz.4.1611: attempt to access beyond end of device [ 650.573124][T11349] loop4: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 650.586416][T11349] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 650.596132][T11349] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 650.604507][T11349] UDF-fs: Scanning with blocksize 1024 failed [ 650.614906][T11349] syz.4.1611: attempt to access beyond end of device [ 650.614906][T11349] loop4: rw=0, sector=64, nr_sectors = 4 limit=0 [ 650.628807][T11349] syz.4.1611: attempt to access beyond end of device [ 650.628807][T11349] loop4: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 650.645096][T11349] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 650.656769][T11349] syz.4.1611: attempt to access beyond end of device [ 650.656769][T11349] loop4: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 650.850407][T11349] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 650.860148][T11349] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 650.867861][T11349] UDF-fs: Scanning with blocksize 2048 failed [ 650.876821][T11349] syz.4.1611: attempt to access beyond end of device [ 650.876821][T11349] loop4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 650.892063][T11349] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 650.902552][T11349] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 650.912778][T11349] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 650.920904][T11349] UDF-fs: Scanning with blocksize 4096 failed [ 650.926988][T11349] UDF-fs: warning (device loop4): udf_fill_super: No partition found (1) [ 651.078232][ T29] audit: type=1326 audit(1722146426.822:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.1.1609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7ffc0000 [ 651.752023][T11369] netem: incorrect ge model size [ 651.766462][ T29] audit: type=1400 audit(1722146429.252:867): avc: denied { lock } for pid=11367 comm="syz.0.1619" path="socket:[34692]" dev="sockfs" ino=34692 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 651.801169][T11369] netem: change failed [ 651.852436][ T29] audit: type=1400 audit(1722146429.302:868): avc: denied { wake_alarm } for pid=11367 comm="syz.0.1619" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 651.934540][ C0] eth0: bad gso: type: 1, size: 1408 [ 652.084081][ T29] audit: type=1326 audit(1722146429.582:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11376 comm="syz.0.1623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f333d177299 code=0x7ffc0000 [ 652.118087][ T29] audit: type=1326 audit(1722146429.582:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11376 comm="syz.0.1623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f333d177299 code=0x7ffc0000 [ 652.214002][ T29] audit: type=1326 audit(1722146429.692:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11376 comm="syz.0.1623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7f333d177299 code=0x7ffc0000 [ 652.504883][T11385] netlink: 'syz.1.1626': attribute type 1 has an invalid length. [ 652.603890][T11390] bond1: entered promiscuous mode [ 652.608994][T11390] bond1: entered allmulticast mode [ 654.461151][T11398] tipc: Started in network mode [ 654.469811][T11398] tipc: Node identity f7, cluster identity 4711 [ 654.620646][ C0] eth0: bad gso: type: 1, size: 1408 [ 654.643248][T11398] tipc: Node number set to 247 [ 654.915061][ T5229] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 654.925615][ T5229] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 654.934052][ T5229] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 654.960455][ T5229] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 654.968937][ T5229] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 654.976902][ T5229] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 655.318732][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 655.318752][ T29] audit: type=1400 audit(1722146432.812:873): avc: denied { ioctl } for pid=11408 comm="syz.4.1639" path="socket:[35378]" dev="sockfs" ino=35378 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 655.559735][T11416] netem: incorrect ge model size [ 655.587215][T11416] netem: change failed [ 655.781598][ T54] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 655.797848][ T54] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 655.808946][T11404] chnl_net:caif_netlink_parms(): no params data found [ 655.848806][ T54] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 655.878707][ T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 655.904499][ T54] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 655.918690][ T54] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 656.273850][ T29] audit: type=1326 audit(1722146433.762:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11409 comm="syz.1.1638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7fc00000 [ 656.368337][ T29] audit: type=1326 audit(1722146433.762:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11409 comm="syz.1.1638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7fc00000 [ 656.557529][ T29] audit: type=1326 audit(1722146433.762:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11409 comm="syz.1.1638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7fc00000 [ 656.614758][T11404] bridge0: port 1(bridge_slave_0) entered blocking state [ 656.622432][ T29] audit: type=1326 audit(1722146433.762:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11409 comm="syz.1.1638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7fc00000 [ 656.680567][T11404] bridge0: port 1(bridge_slave_0) entered disabled state [ 656.687913][T11404] bridge_slave_0: entered allmulticast mode [ 657.529825][ T5229] Bluetooth: hci2: command tx timeout [ 657.813152][T11404] bridge_slave_0: entered promiscuous mode [ 657.990129][ T5229] Bluetooth: hci6: command tx timeout [ 658.031129][ T29] audit: type=1326 audit(1722146433.762:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11409 comm="syz.1.1638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7fc00000 [ 658.129110][ T29] audit: type=1326 audit(1722146433.762:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11409 comm="syz.1.1638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7fc00000 [ 658.182237][ T29] audit: type=1326 audit(1722146433.762:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11409 comm="syz.1.1638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7fc00000 [ 658.238829][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.240226][ T29] audit: type=1326 audit(1722146433.762:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11409 comm="syz.1.1638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7fc00000 [ 658.260157][ T29] audit: type=1326 audit(1722146433.762:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11409 comm="syz.1.1638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c2377299 code=0x7fc00000 [ 658.362086][T11404] bridge0: port 2(bridge_slave_1) entered blocking state [ 658.369262][T11404] bridge0: port 2(bridge_slave_1) entered disabled state [ 658.400221][T11404] bridge_slave_1: entered allmulticast mode [ 658.431531][T11404] bridge_slave_1: entered promiscuous mode [ 658.564918][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.804722][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.878599][T11404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 658.922659][ T5228] IPVS: starting estimator thread 0... [ 658.945658][T11443] IPVS: fo: FWM 4 0x00000004 - no destination available [ 658.954256][T11404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 659.030468][T11444] IPVS: using max 17 ests per chain, 40800 per kthread [ 659.260177][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.364933][T11404] team0: Port device team_slave_0 added [ 659.436789][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 659.527768][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 659.538153][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 659.557532][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 659.604797][ T54] Bluetooth: hci2: command tx timeout [ 659.617594][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 659.635159][ T5239] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 660.049361][T11404] team0: Port device team_slave_1 added [ 660.071398][ T5239] Bluetooth: hci6: command tx timeout [ 660.145928][T11454] netlink: 'syz.0.1650': attribute type 4 has an invalid length. [ 660.200659][T11404] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 660.211270][T11404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 660.270012][T11404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 660.379742][T11404] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 660.386723][T11404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 660.450574][T11404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 660.542069][T11459] tipc: Started in network mode [ 660.546980][T11459] tipc: Node identity f7, cluster identity 4711 [ 660.554801][T11459] tipc: Node number set to 247 [ 660.755238][T11404] hsr_slave_0: entered promiscuous mode [ 660.768030][T11404] hsr_slave_1: entered promiscuous mode [ 660.789875][T11404] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 660.799859][T11404] Cannot create hsr debugfs directory [ 661.097853][ T29] kauditd_printk_skb: 59 callbacks suppressed [ 661.097871][ T29] audit: type=1326 audit(1722146438.592:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11465 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f333d177299 code=0x7fc00000 [ 661.149027][ T12] bridge_slave_1: left allmulticast mode [ 661.168787][ T29] audit: type=1326 audit(1722146438.642:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11465 comm="syz.0.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f333d177299 code=0x7fc00000 [ 661.192923][ T12] bridge_slave_1: left promiscuous mode [ 661.202699][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.242974][ T12] bridge_slave_0: left allmulticast mode [ 661.248624][ T12] bridge_slave_0: left promiscuous mode [ 661.274378][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.670035][ T5239] Bluetooth: hci2: command tx timeout [ 661.755393][ T5239] Bluetooth: hci0: command tx timeout [ 662.037772][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 662.055601][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 662.066560][ T12] bond0 (unregistering): Released all slaves [ 662.150989][ T5239] Bluetooth: hci6: command tx timeout [ 662.388288][ T29] audit: type=1400 audit(1722146439.882:944): avc: denied { setopt } for pid=11476 comm="syz.1.1658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 662.463563][T11480] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1657'. [ 662.539936][T11422] chnl_net:caif_netlink_parms(): no params data found [ 662.849865][ T5228] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 663.066174][ T5228] usb 1-1: config index 0 descriptor too short (expected 9533, got 36) [ 663.114846][ T5228] usb 1-1: config 161 has too many interfaces: 81, using maximum allowed: 32 [ 663.161684][ T5228] usb 1-1: config 161 has an invalid interface descriptor of length 7, skipping [ 663.210046][ T12] hsr_slave_0: left promiscuous mode [ 663.210066][ T5228] usb 1-1: config 161 has an invalid descriptor of length 0, skipping remainder of the config [ 663.210120][ T5228] usb 1-1: config 161 has 0 interfaces, different from the descriptor's value: 81 [ 663.253994][ T12] hsr_slave_1: left promiscuous mode [ 663.275082][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 663.302157][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 663.309444][ T5228] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 663.346379][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 663.362124][ T5228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.369792][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 663.487630][ T12] veth1_macvtap: left promiscuous mode [ 663.500503][ T12] veth0_macvtap: left promiscuous mode [ 663.519644][ T12] veth1_vlan: left promiscuous mode [ 663.535236][ T12] veth0_vlan: left promiscuous mode [ 663.687556][ T5228] usb 1-1: USB disconnect, device number 12 [ 663.749782][ T5239] Bluetooth: hci2: command tx timeout [ 663.840314][ T5239] Bluetooth: hci0: command tx timeout [ 664.236303][ T5239] Bluetooth: hci6: command tx timeout [ 664.810648][T11506] affs: Unrecognized mount option "8]DKxp'di!欄" or missing value [ 664.820664][T11506] affs: Error parsing options [ 664.828465][ T29] audit: type=1400 audit(1722146442.292:945): avc: denied { accept } for pid=11503 comm="syz.0.1661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 665.910694][ T12] team0 (unregistering): Port device team_slave_1 removed [ 665.967246][ T5239] Bluetooth: hci0: command tx timeout [ 666.062598][ T12] team0 (unregistering): Port device team_slave_0 removed [ 666.706719][ T29] audit: type=1326 audit(1722146444.182:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11514 comm="syz.0.1665" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f333d177299 code=0x0 [ 666.729615][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.194179][T11528] syz.1.1668[11528] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 667.194388][T11528] syz.1.1668[11528] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 667.240399][ T29] audit: type=1400 audit(1722146444.732:947): avc: denied { mount } for pid=11524 comm="syz.1.1668" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 667.852101][T11530] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1669'. [ 668.000975][ T5239] Bluetooth: hci0: command tx timeout [ 668.006507][ C0] eth0: bad gso: type: 1, size: 1408 [ 668.182875][T11404] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.361418][T11404] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.468614][T11422] bridge0: port 1(bridge_slave_0) entered blocking state [ 668.496117][T11422] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.504959][T11422] bridge_slave_0: entered allmulticast mode [ 668.513267][T11422] bridge_slave_0: entered promiscuous mode [ 668.740807][T11545] ebtables: ebtables: counters copy to user failed while replacing table [ 668.876467][ T29] audit: type=1400 audit(1722146446.222:948): avc: denied { connect } for pid=11540 comm="syz.0.1674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 669.345888][T11404] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.440220][T11422] bridge0: port 2(bridge_slave_1) entered blocking state [ 669.447617][T11422] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.501661][T11422] bridge_slave_1: entered allmulticast mode [ 669.522688][T11422] bridge_slave_1: entered promiscuous mode [ 669.762865][T11404] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.815413][T11551] syz.0.1677[11551] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 669.815626][T11551] syz.0.1677[11551] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 669.885816][T11422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 669.964078][T11422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 670.796261][T11451] chnl_net:caif_netlink_parms(): no params data found [ 670.867912][T11422] team0: Port device team_slave_0 added [ 670.917812][T11422] team0: Port device team_slave_1 added [ 671.270851][T11422] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 671.367482][T11422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 671.611445][T11422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 671.874900][T11422] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 671.919737][T11422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 671.979641][T11422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 672.302929][T11404] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 672.422751][T11587] affs: Unrecognized mount option "8]DKxp'di!欄" or missing value [ 672.432732][T11587] affs: Error parsing options [ 672.666209][ T12] IPVS: stop unused estimator thread 0... [ 672.942198][T11451] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.949458][T11451] bridge0: port 1(bridge_slave_0) entered disabled state [ 673.044910][T11451] bridge_slave_0: entered allmulticast mode [ 673.082908][T11451] bridge_slave_0: entered promiscuous mode [ 673.168542][T11404] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 673.206562][T11404] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 673.288187][T11404] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 673.395888][T11451] bridge0: port 2(bridge_slave_1) entered blocking state [ 673.409927][T11451] bridge0: port 2(bridge_slave_1) entered disabled state [ 673.437960][T11451] bridge_slave_1: entered allmulticast mode [ 673.479829][T11451] bridge_slave_1: entered promiscuous mode [ 674.020528][T11422] hsr_slave_0: entered promiscuous mode [ 674.144572][T11422] hsr_slave_1: entered promiscuous mode [ 674.164310][T11422] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 674.189940][T11422] Cannot create hsr debugfs directory [ 674.601499][T11451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 674.662823][T11451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 674.936014][T11451] team0: Port device team_slave_0 added [ 675.001203][T11451] team0: Port device team_slave_1 added [ 675.010544][ T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 675.200931][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 675.219448][T11451] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 675.243990][ T9] usb 2-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 675.269425][T11451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.300074][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.341377][ T9] usb 2-1: config 0 descriptor?? [ 675.409759][T11451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 675.466754][ T9] as10x_usb: device has been detected [ 675.500049][ T9] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 675.547872][T11451] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 675.576916][T11451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.652077][ T9] usb 2-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 675.688759][T11451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 675.835745][ T9] as10x_usb: error during firmware upload part1 [ 675.880519][ T9] Registered device nBox DVB-T Dongle [ 675.983757][ T9] usb 2-1: USB disconnect, device number 21 [ 676.170182][ T9] Unregistered device nBox DVB-T Dongle [ 676.176898][ T9] as10x_usb: device has been disconnected [ 676.249300][T11451] hsr_slave_0: entered promiscuous mode [ 676.300360][T11451] hsr_slave_1: entered promiscuous mode [ 676.319979][T11451] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 676.351714][T11451] Cannot create hsr debugfs directory [ 676.574391][T11422] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.896529][T11422] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.366103][T11422] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.499773][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 679.489830][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 679.502840][ T9] usb 1-1: config 0 has no interfaces? [ 679.509685][ T9] usb 1-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 679.532746][T11422] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.549751][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.588304][ T9] usb 1-1: config 0 descriptor?? [ 679.663132][T11404] 8021q: adding VLAN 0 to HW filter on device bond0 [ 679.727288][T11659] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1697'. [ 679.977821][T11404] 8021q: adding VLAN 0 to HW filter on device team0 [ 680.034776][ T5273] bridge0: port 1(bridge_slave_0) entered blocking state [ 680.042059][ T5273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 680.099011][ T5273] bridge0: port 2(bridge_slave_1) entered blocking state [ 680.106318][ T5273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 680.186746][T11644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 680.198260][T11644] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 680.268383][ T5274] usb 1-1: USB disconnect, device number 13 [ 680.783330][T11422] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 680.822789][T11422] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 680.846093][T11422] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 681.024248][T11422] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 682.037253][ T29] audit: type=1400 audit(1722146459.532:949): avc: denied { write } for pid=11675 comm="syz.0.1702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 682.331630][T11680] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1703'. [ 682.704353][T11687] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1705'. [ 682.794534][T11422] 8021q: adding VLAN 0 to HW filter on device bond0 [ 682.910481][T11451] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 682.943464][T11451] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 682.977629][T11451] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 683.044995][T11422] 8021q: adding VLAN 0 to HW filter on device team0 [ 683.067233][T11451] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 683.188561][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 683.195754][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 683.492982][T11404] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 683.503276][ T8741] bridge0: port 2(bridge_slave_1) entered blocking state [ 683.510497][ T8741] bridge0: port 2(bridge_slave_1) entered forwarding state [ 684.539920][T11705] input: syz0 as /devices/virtual/input/input17 [ 684.595471][T11707] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1711'. [ 684.857422][T11404] veth0_vlan: entered promiscuous mode [ 684.949099][T11404] veth1_vlan: entered promiscuous mode [ 685.037082][T11451] 8021q: adding VLAN 0 to HW filter on device bond0 [ 685.099200][T11451] 8021q: adding VLAN 0 to HW filter on device team0 [ 685.225473][ T5228] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.232686][ T5228] bridge0: port 1(bridge_slave_0) entered forwarding state [ 685.242165][T11716] xt_hashlimit: invalid interval [ 685.330150][T11404] veth0_macvtap: entered promiscuous mode [ 685.357400][T11404] veth1_macvtap: entered promiscuous mode [ 685.378198][T11724] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1714'. [ 685.476327][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state [ 685.484954][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 685.524316][T11422] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 685.619683][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.679317][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.685199][T11723] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1715'. [ 685.698802][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.714566][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.749877][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.773973][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.784462][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.802544][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.813049][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.824080][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.836821][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 685.858316][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.904083][T11404] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 685.936635][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 685.960422][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.000247][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 686.019802][ T9] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 686.022425][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.050026][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 686.073479][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.090099][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 686.219745][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.230778][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 686.248703][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.292033][T11404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 686.345069][T11404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.420106][T11404] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 686.480758][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.664497][T11404] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.716355][T11404] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.762807][T11404] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.919849][T11404] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 687.232334][ T9] usb 2-1: config index 0 descriptor too short (expected 9533, got 36) [ 687.249706][ T9] usb 2-1: config 161 has too many interfaces: 81, using maximum allowed: 32 [ 687.258536][ T9] usb 2-1: config 161 has an invalid interface descriptor of length 7, skipping [ 687.289656][ T9] usb 2-1: config 161 has an invalid descriptor of length 0, skipping remainder of the config [ 687.320055][T11422] veth0_vlan: entered promiscuous mode [ 687.356062][ T9] usb 2-1: config 161 has 0 interfaces, different from the descriptor's value: 81 [ 687.404717][ T9] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 687.438996][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.441979][T11422] veth1_vlan: entered promiscuous mode [ 687.612416][T11751] netlink: 'syz.0.1717': attribute type 1 has an invalid length. [ 687.638218][T11751] netlink: 9388 bytes leftover after parsing attributes in process `syz.0.1717'. [ 687.659730][ T2558] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 687.690631][ T2558] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 687.883887][T11422] veth0_macvtap: entered promiscuous mode [ 687.900545][ T9] usb 2-1: USB disconnect, device number 22 [ 687.956676][T11422] veth1_macvtap: entered promiscuous mode [ 687.986051][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 687.995852][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 688.106088][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.128553][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.159705][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.179713][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.191108][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.201984][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.212342][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.227268][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.238726][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.255727][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.266078][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.276983][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.289322][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.300370][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.316629][T11422] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 688.343500][T11451] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 688.393652][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.414745][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.447443][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.468599][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.488870][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.519739][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.551077][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.569704][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.597415][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.618461][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.638323][T11773] input: syz0 as /devices/virtual/input/input18 [ 688.656544][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.680276][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.725924][T11422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 688.744731][T11422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.757822][T11422] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 688.843420][T11422] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 688.889388][T11422] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 688.910772][T11422] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 688.939687][T11422] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 688.974585][T11778] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1721'. [ 689.330936][ T9558] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 689.355723][ T9558] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 689.541504][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 689.560343][ T5228] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 689.577851][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 689.775139][T11451] veth0_vlan: entered promiscuous mode [ 689.882241][T11451] veth1_vlan: entered promiscuous mode [ 690.043455][T11804] 9pnet_fd: Insufficient options for proto=fd [ 690.078366][ T29] audit: type=1400 audit(1722146467.542:950): avc: denied { mounton } for pid=11797 comm="syz.3.1725" path="/syzcgroup/cpu/syz3/cgroup.procs" dev="cgroup" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1 [ 690.103500][ T5228] usb 2-1: Using ep0 maxpacket: 16 [ 690.156457][ T5228] usb 2-1: config 0 has no interfaces? [ 690.186373][ T5228] usb 2-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 690.390828][ T5228] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 690.611424][ T5228] usb 2-1: config 0 descriptor?? [ 690.633791][T11451] veth0_macvtap: entered promiscuous mode [ 690.722488][T11451] veth1_macvtap: entered promiscuous mode [ 690.823515][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 690.848479][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 690.888245][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 690.929895][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 690.959779][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 690.979159][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 690.999726][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.013876][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.024276][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.035362][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.063061][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.084066][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.110313][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.134279][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.153089][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.165371][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.193994][T11451] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 691.286768][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.319646][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.342564][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.355311][T11822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 691.384830][T11822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 691.395336][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.421188][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.449431][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.466685][ T5278] usb 2-1: USB disconnect, device number 23 [ 691.498707][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.535061][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.559206][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.604669][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.645261][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.669510][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.696242][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.729102][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.759580][T11451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.808357][T11451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.849951][T11451] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 691.938748][T11451] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.961922][T11451] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.999015][T11451] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.025752][T11451] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.592926][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 692.651487][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 692.652998][ C0] ================================================================== [ 692.666865][ C0] BUG: KASAN: stack-out-of-bounds in xdp_do_check_flushed+0x41c/0x4e0 [ 692.675055][ C0] Read of size 4 at addr ffffc9000367fa50 by task syz.1.1730/11842 [ 692.682964][ C0] [ 692.685309][ C0] CPU: 0 UID: 0 PID: 11842 Comm: syz.1.1730 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 692.695741][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 692.705819][ C0] Call Trace: [ 692.709115][ C0] [ 692.711966][ C0] dump_stack_lvl+0x116/0x1f0 [ 692.716677][ C0] print_report+0xc3/0x620 [ 692.721127][ C0] ? __virt_addr_valid+0x5e/0x590 [ 692.726188][ C0] kasan_report+0xd9/0x110 [ 692.730643][ C0] ? xdp_do_check_flushed+0x41c/0x4e0 [ 692.736106][ C0] ? xdp_do_check_flushed+0x41c/0x4e0 [ 692.741476][ C0] xdp_do_check_flushed+0x41c/0x4e0 [ 692.746676][ C0] __napi_poll.constprop.0+0xd1/0x550 [ 692.752045][ C0] net_rx_action+0xa92/0x1010 [ 692.756719][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 692.761823][ C0] ? __pfx_mark_lock+0x10/0x10 [ 692.766582][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 692.771781][ C0] ? sched_clock+0x38/0x60 [ 692.776198][ C0] ? sched_clock_cpu+0x6d/0x4d0 [ 692.781054][ C0] ? mark_held_locks+0x9f/0xe0 [ 692.785816][ C0] handle_softirqs+0x216/0x8f0 [ 692.790583][ C0] ? handle_edge_irq+0x40f/0xd10 [ 692.795519][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 692.800810][ C0] irq_exit_rcu+0xbb/0x120 [ 692.805232][ C0] common_interrupt+0xb0/0xd0 [ 692.809985][ C0] [ 692.812908][ C0] [ 692.815827][ C0] asm_common_interrupt+0x26/0x40 [ 692.820848][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x3f/0x60 [ 692.827007][ C0] Code: 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74 35 8b 82 1c 16 00 00 85 c0 74 2b 8b 82 f8 15 00 00 83 f8 02 75 20 48 8b 8a 00 16 00 00 <8b> 92 fc 15 00 00 48 8b 01 48 83 c0 01 48 39 d0 73 07 48 89 01 48 [ 692.846625][ C0] RSP: 0018:ffffc9000367ee98 EFLAGS: 00000246 [ 692.852780][ C0] RAX: 0000000000000002 RBX: ffffffff9083d188 RCX: ffffc900094c9000 [ 692.860746][ C0] RDX: ffff88807b68bc00 RSI: ffffffff813cd3c3 RDI: 0000000000000006 [ 692.868715][ C0] RBP: ffffffff9083d188 R08: 0000000000000006 R09: ffffffff89284037 [ 692.876778][ C0] R10: ffffffff89283cc2 R11: 0000000000000000 R12: ffffffff89284037 [ 692.884751][ C0] R13: ffffffff89283cc2 R14: dffffc0000000000 R15: ffffffff9083d188 [ 692.892731][ C0] ? netlink_sendmsg+0x542/0xd70 [ 692.897680][ C0] ? netlink_sendmsg+0x8b7/0xd70 [ 692.902624][ C0] ? netlink_sendmsg+0x542/0xd70 [ 692.907562][ C0] ? netlink_sendmsg+0x8b7/0xd70 [ 692.912502][ C0] ? __orc_find+0x63/0x130 [ 692.916912][ C0] ? unwind_next_frame+0x51/0x23a0 [ 692.922017][ C0] __orc_find+0x63/0x130 [ 692.926254][ C0] ? netlink_sendmsg+0x8b7/0xd70 [ 692.931200][ C0] unwind_next_frame+0x335/0x23a0 [ 692.936223][ C0] ? netlink_sendmsg+0x8b8/0xd70 [ 692.941163][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 692.947313][ C0] arch_stack_walk+0x100/0x170 [ 692.952078][ C0] ? netlink_sendmsg+0x8b8/0xd70 [ 692.957018][ C0] stack_trace_save+0x95/0xd0 [ 692.961690][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 692.967056][ C0] ? mark_lock+0xb5/0xc60 [ 692.971380][ C0] ? __pfx_mark_lock+0x10/0x10 [ 692.976138][ C0] kasan_save_stack+0x33/0x60 [ 692.980810][ C0] ? kasan_save_stack+0x33/0x60 [ 692.985654][ C0] ? kasan_save_track+0x14/0x30 [ 692.990499][ C0] ? __kasan_kmalloc+0xaa/0xb0 [ 692.995255][ C0] ? nf_tables_newflowtable+0x617/0x2260 [ 693.000892][ C0] ? nfnetlink_rcv_batch+0x1a19/0x24e0 [ 693.006355][ C0] ? nfnetlink_rcv+0x3c3/0x430 [ 693.011121][ C0] ? netlink_unicast+0x544/0x830 [ 693.016157][ C0] ? netlink_sendmsg+0x8b8/0xd70 [ 693.021107][ C0] kasan_save_track+0x14/0x30 [ 693.025782][ C0] __kasan_kmalloc+0xaa/0xb0 [ 693.030378][ C0] nf_tables_newflowtable+0x617/0x2260 [ 693.035842][ C0] ? __pfx_nf_tables_newflowtable+0x10/0x10 [ 693.041740][ C0] ? __pfx___nla_validate_parse+0x10/0x10 [ 693.047456][ C0] ? net_generic+0xea/0x2a0 [ 693.051960][ C0] ? __pfx_lock_release+0x10/0x10 [ 693.056980][ C0] ? __nla_parse+0x40/0x60 [ 693.061388][ C0] nfnetlink_rcv_batch+0x1a19/0x24e0 [ 693.066679][ C0] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 693.072312][ C0] ? find_held_lock+0x2d/0x110 [ 693.077078][ C0] ? avc_has_perm_noaudit+0x119/0x3a0 [ 693.082456][ C0] ? avc_has_perm_noaudit+0x143/0x3a0 [ 693.087836][ C0] ? __nla_parse+0x40/0x60 [ 693.092246][ C0] nfnetlink_rcv+0x3c3/0x430 [ 693.096840][ C0] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 693.101955][ C0] netlink_unicast+0x544/0x830 [ 693.106724][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 693.112015][ C0] netlink_sendmsg+0x8b8/0xd70 [ 693.116784][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 693.122072][ C0] ? __import_iovec+0x1fd/0x6e0 [ 693.126925][ C0] ____sys_sendmsg+0xab5/0xc90 [ 693.131684][ C0] ? copy_msghdr_from_user+0x10b/0x160 [ 693.137144][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 693.142428][ C0] ? __pfx___futex_wait+0x10/0x10 [ 693.147452][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 693.152657][ C0] ? try_to_wake_up+0x14b/0x13e0 [ 693.157597][ C0] ___sys_sendmsg+0x135/0x1e0 [ 693.162276][ C0] ? __pfx____sys_sendmsg+0x10/0x10 [ 693.167481][ C0] ? __fget_light+0x173/0x210 [ 693.172170][ C0] __sys_sendmsg+0x117/0x1f0 [ 693.176764][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 693.181879][ C0] ? __x64_sys_futex+0x1e1/0x4c0 [ 693.186828][ C0] do_syscall_64+0xcd/0x250 [ 693.191330][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 693.197224][ C0] RIP: 0033:0x7fc5c2377299 [ 693.201640][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 693.221251][ C0] RSP: 002b:00007fc5c305f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 693.229660][ C0] RAX: ffffffffffffffda RBX: 00007fc5c2505f80 RCX: 00007fc5c2377299 [ 693.237622][ C0] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 693.245622][ C0] RBP: 00007fc5c23e48e6 R08: 0000000000000000 R09: 0000000000000000 [ 693.253585][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 693.261545][ C0] R13: 000000000000000b R14: 00007fc5c2505f80 R15: 00007fffd33323e8 [ 693.269516][ C0] [ 693.272537][ C0] [ 693.274853][ C0] The buggy address belongs to stack of task syz.1.1730/11842 [ 693.282292][ C0] and is located at offset 16 in frame: [ 693.288000][ C0] netlink_sendmsg+0x0/0xd70 [ 693.292595][ C0] [ 693.294905][ C0] This frame has 1 object: [ 693.299309][ C0] [32, 64) 'scm' [ 693.299321][ C0] [ 693.305261][ C0] The buggy address belongs to the virtual mapping at [ 693.305261][ C0] [ffffc90003678000, ffffc90003681000) created by: [ 693.305261][ C0] kernel_clone+0xfd/0x980 [ 693.322708][ C0] [ 693.325022][ C0] The buggy address belongs to the physical page: [ 693.331425][ C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801fd423e0 pfn:0x1fd42 [ 693.341492][ C0] memcg:ffff8880293c1782 [ 693.345716][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 693.352838][ C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 693.361413][ C0] raw: ffff88801fd423e0 0000000000000000 00000001ffffffff ffff8880293c1782 [ 693.369982][ C0] page dumped because: kasan: bad access detected [ 693.376386][ C0] page_owner tracks the page as allocated [ 693.382258][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 9638, tgid 9638 (syz-executor), ts 684780635053, free_ts 682854754295 [ 693.400748][ C0] post_alloc_hook+0x2d1/0x350 [ 693.405517][ C0] get_page_from_freelist+0x1351/0x2e50 [ 693.411062][ C0] __alloc_pages_noprof+0x22b/0x2460 [ 693.416352][ C0] alloc_pages_mpol_noprof+0x275/0x610 [ 693.421809][ C0] __vmalloc_node_range_noprof+0xa6a/0x1520 [ 693.427702][ C0] copy_process+0x2f3b/0x8de0 [ 693.432369][ C0] kernel_clone+0xfd/0x980 [ 693.436776][ C0] __do_sys_clone+0xba/0x100 [ 693.441358][ C0] do_syscall_64+0xcd/0x250 [ 693.445852][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 693.451741][ C0] page last free pid 11690 tgid 11690 stack trace: [ 693.458224][ C0] free_unref_folios+0x9e9/0x1390 [ 693.463247][ C0] folios_put_refs+0x560/0x760 [ 693.468008][ C0] free_pages_and_swap_cache+0x45f/0x510 [ 693.473631][ C0] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 693.479616][ C0] tlb_finish_mmu+0x168/0x7b0 [ 693.484286][ C0] exit_mmap+0x3d1/0xb20 [ 693.488524][ C0] __mmput+0x12a/0x480 [ 693.492593][ C0] mmput+0x62/0x70 [ 693.496310][ C0] do_exit+0x9bf/0x2bb0 [ 693.500458][ C0] do_group_exit+0xd3/0x2a0 [ 693.504954][ C0] __x64_sys_exit_group+0x3e/0x50 [ 693.509978][ C0] x64_sys_call+0x14a9/0x16a0 [ 693.514668][ C0] do_syscall_64+0xcd/0x250 [ 693.519228][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 693.525123][ C0] [ 693.527522][ C0] Memory state around the buggy address: [ 693.533140][ C0] ffffc9000367f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 693.541192][ C0] ffffc9000367f980: f1 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 [ 693.549260][ C0] >ffffc9000367fa00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 [ 693.557324][ C0] ^ [ 693.563994][ C0] ffffc9000367fa80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 693.572051][ C0] ffffc9000367fb00: 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 04 f3 f3 [ 693.580106][ C0] ================================================================== [ 693.588323][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.594450][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 693.601651][ C0] CPU: 0 UID: 0 PID: 11842 Comm: syz.1.1730 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 693.612066][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 693.622136][ C0] Call Trace: [ 693.625428][ C0] [ 693.628276][ C0] dump_stack_lvl+0x3d/0x1f0 [ 693.632905][ C0] panic+0x6f5/0x7a0 [ 693.636909][ C0] ? __pfx_panic+0x10/0x10 [ 693.641347][ C0] ? check_panic_on_warn+0x1f/0xb0 [ 693.646483][ C0] check_panic_on_warn+0xab/0xb0 [ 693.651446][ C0] end_report+0x117/0x180 [ 693.655781][ C0] kasan_report+0xe9/0x110 [ 693.660203][ C0] ? xdp_do_check_flushed+0x41c/0x4e0 [ 693.665578][ C0] ? xdp_do_check_flushed+0x41c/0x4e0 [ 693.670952][ C0] xdp_do_check_flushed+0x41c/0x4e0 [ 693.676153][ C0] __napi_poll.constprop.0+0xd1/0x550 [ 693.681611][ C0] net_rx_action+0xa92/0x1010 [ 693.686287][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 693.691401][ C0] ? __pfx_mark_lock+0x10/0x10 [ 693.696161][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 693.701361][ C0] ? sched_clock+0x38/0x60 [ 693.705776][ C0] ? sched_clock_cpu+0x6d/0x4d0 [ 693.710632][ C0] ? mark_held_locks+0x9f/0xe0 [ 693.715393][ C0] handle_softirqs+0x216/0x8f0 [ 693.720167][ C0] ? handle_edge_irq+0x40f/0xd10 [ 693.725117][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 693.730404][ C0] irq_exit_rcu+0xbb/0x120 [ 693.734822][ C0] common_interrupt+0xb0/0xd0 [ 693.739502][ C0] [ 693.742423][ C0] [ 693.745342][ C0] asm_common_interrupt+0x26/0x40 [ 693.750369][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x3f/0x60 [ 693.756546][ C0] Code: 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74 35 8b 82 1c 16 00 00 85 c0 74 2b 8b 82 f8 15 00 00 83 f8 02 75 20 48 8b 8a 00 16 00 00 <8b> 92 fc 15 00 00 48 8b 01 48 83 c0 01 48 39 d0 73 07 48 89 01 48 [ 693.776153][ C0] RSP: 0018:ffffc9000367ee98 EFLAGS: 00000246 [ 693.782212][ C0] RAX: 0000000000000002 RBX: ffffffff9083d188 RCX: ffffc900094c9000 [ 693.790174][ C0] RDX: ffff88807b68bc00 RSI: ffffffff813cd3c3 RDI: 0000000000000006 [ 693.798135][ C0] RBP: ffffffff9083d188 R08: 0000000000000006 R09: ffffffff89284037 [ 693.806101][ C0] R10: ffffffff89283cc2 R11: 0000000000000000 R12: ffffffff89284037 [ 693.814079][ C0] R13: ffffffff89283cc2 R14: dffffc0000000000 R15: ffffffff9083d188 [ 693.822052][ C0] ? netlink_sendmsg+0x542/0xd70 [ 693.827008][ C0] ? netlink_sendmsg+0x8b7/0xd70 [ 693.832039][ C0] ? netlink_sendmsg+0x542/0xd70 [ 693.837072][ C0] ? netlink_sendmsg+0x8b7/0xd70 [ 693.842024][ C0] ? __orc_find+0x63/0x130 [ 693.846436][ C0] ? unwind_next_frame+0x51/0x23a0 [ 693.851549][ C0] __orc_find+0x63/0x130 [ 693.855783][ C0] ? netlink_sendmsg+0x8b7/0xd70 [ 693.860724][ C0] unwind_next_frame+0x335/0x23a0 [ 693.865832][ C0] ? netlink_sendmsg+0x8b8/0xd70 [ 693.870774][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 693.877016][ C0] arch_stack_walk+0x100/0x170 [ 693.881778][ C0] ? netlink_sendmsg+0x8b8/0xd70 [ 693.886724][ C0] stack_trace_save+0x95/0xd0 [ 693.891395][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 693.896757][ C0] ? mark_lock+0xb5/0xc60 [ 693.901086][ C0] ? __pfx_mark_lock+0x10/0x10 [ 693.905845][ C0] kasan_save_stack+0x33/0x60 [ 693.910522][ C0] ? kasan_save_stack+0x33/0x60 [ 693.915367][ C0] ? kasan_save_track+0x14/0x30 [ 693.920211][ C0] ? __kasan_kmalloc+0xaa/0xb0 [ 693.924969][ C0] ? nf_tables_newflowtable+0x617/0x2260 [ 693.930605][ C0] ? nfnetlink_rcv_batch+0x1a19/0x24e0 [ 693.936239][ C0] ? nfnetlink_rcv+0x3c3/0x430 [ 693.941000][ C0] ? netlink_unicast+0x544/0x830 [ 693.945937][ C0] ? netlink_sendmsg+0x8b8/0xd70 [ 693.950887][ C0] kasan_save_track+0x14/0x30 [ 693.955647][ C0] __kasan_kmalloc+0xaa/0xb0 [ 693.960243][ C0] nf_tables_newflowtable+0x617/0x2260 [ 693.965717][ C0] ? __pfx_nf_tables_newflowtable+0x10/0x10 [ 693.971615][ C0] ? __pfx___nla_validate_parse+0x10/0x10 [ 693.977330][ C0] ? net_generic+0xea/0x2a0 [ 693.981831][ C0] ? __pfx_lock_release+0x10/0x10 [ 693.986852][ C0] ? __nla_parse+0x40/0x60 [ 693.991265][ C0] nfnetlink_rcv_batch+0x1a19/0x24e0 [ 693.996555][ C0] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 694.002191][ C0] ? find_held_lock+0x2d/0x110 [ 694.006958][ C0] ? avc_has_perm_noaudit+0x119/0x3a0 [ 694.012334][ C0] ? avc_has_perm_noaudit+0x143/0x3a0 [ 694.017800][ C0] ? __nla_parse+0x40/0x60 [ 694.022215][ C0] nfnetlink_rcv+0x3c3/0x430 [ 694.026822][ C0] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 694.031936][ C0] netlink_unicast+0x544/0x830 [ 694.036706][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 694.041994][ C0] netlink_sendmsg+0x8b8/0xd70 [ 694.046761][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 694.052046][ C0] ? __import_iovec+0x1fd/0x6e0 [ 694.056904][ C0] ____sys_sendmsg+0xab5/0xc90 [ 694.061663][ C0] ? copy_msghdr_from_user+0x10b/0x160 [ 694.067123][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 694.072403][ C0] ? __pfx___futex_wait+0x10/0x10 [ 694.077427][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 694.082624][ C0] ? try_to_wake_up+0x14b/0x13e0 [ 694.087562][ C0] ___sys_sendmsg+0x135/0x1e0 [ 694.092237][ C0] ? __pfx____sys_sendmsg+0x10/0x10 [ 694.097440][ C0] ? __fget_light+0x173/0x210 [ 694.102125][ C0] __sys_sendmsg+0x117/0x1f0 [ 694.106715][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 694.111826][ C0] ? __x64_sys_futex+0x1e1/0x4c0 [ 694.116762][ C0] do_syscall_64+0xcd/0x250 [ 694.121261][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.127151][ C0] RIP: 0033:0x7fc5c2377299 [ 694.131559][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 694.151249][ C0] RSP: 002b:00007fc5c305f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 694.159666][ C0] RAX: ffffffffffffffda RBX: 00007fc5c2505f80 RCX: 00007fc5c2377299 [ 694.167638][ C0] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 694.175599][ C0] RBP: 00007fc5c23e48e6 R08: 0000000000000000 R09: 0000000000000000 [ 694.183564][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 694.191527][ C0] R13: 000000000000000b R14: 00007fc5c2505f80 R15: 00007fffd33323e8 [ 694.199497][ C0] [ 694.202729][ C0] Kernel Offset: disabled [ 694.207035][ C0] Rebooting in 86400 seconds..