last executing test programs: 18.384805494s ago: executing program 1 (id=1424): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0) ioperm(0x0, 0x40, 0x80) memfd_secret(0x0) 17.41124829s ago: executing program 1 (id=1428): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x378c13dc3083f88f, 0x0) read$FUSE(r2, 0x0, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000840)={0x1f, @fixed}, 0x8) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x202, 0x0) ioctl$VHOST_VDPA_GET_AS_NUM(0xffffffffffffffff, 0x8004af7a, &(0x7f0000000080)) read$FUSE(r4, &(0x7f0000002340)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000140)={0xffffffffffffffff, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="40010000100001000000000000000000fc0100"/64, @ANYRES32=0x0, @ANYRESHEX=r1, @ANYBLOB="ac1414aa000000000000000000000000000000006c0000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffed0000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800160000000000"], 0x140}}, 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='attr/current\x00') sendmsg$nl_xfrm(r7, &(0x7f0000000180)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4000094}, 0x0) ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, &(0x7f0000000040)=0xfffffffb) write$cgroup_pid(r4, &(0x7f00000001c0), 0x12) socket(0x22, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x1, 0x7, 0x0, 0x1}, 0x48) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000001740)={r8, 0x0, 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='thermal_power_allocator\x00', r4}, 0x10) inotify_init1(0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000002300)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(r4, &(0x7f0000000280)=r5, 0x3) write$UHID_CREATE2(r0, &(0x7f00000003c0)=ANY=[@ANYRES16, @ANYRES8=r0, @ANYRESHEX=r1, @ANYRES64=r4], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x12, r0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) 15.748431609s ago: executing program 0 (id=1432): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x34, 0x0, 0x0, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @loopback}, @NLBL_MGMT_A_DOMAIN={0xa, 0x1, 'wlan0\x00'}]}, 0x34}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001800000000000000000000000200000000000000000000000c0016800804040089"], 0x28}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00000000000000000000090000000c000180080001"], 0x20}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="d81400003d00010027bd82000000000002"], 0x14d8}}, 0x0) 15.647894381s ago: executing program 1 (id=1434): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) ptrace$ARCH_GET_FS(0x1e, 0x0, 0x0, 0x1003) inotify_add_watch(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000140)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x7, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}, 0xd8) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(&(0x7f0000000000)=@sg0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x11, 0x0, 0x0) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x12, &(0x7f0000000180)={&(0x7f00000001c0)={0x3c, r4, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0xffffffffffffff7c}}, {@pci, @DEVLINK_ATTR_NETNS_ID}]}, 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_SB_GET(r3, &(0x7f00000192c0)={&(0x7f0000019200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000019280)={&(0x7f0000019240)={0x38, r4, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x10}}]}, 0x38}, 0x1, 0x0, 0x0, 0x82}, 0x4) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000019080)='net/dev_mcast\x00') r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000190c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e746572006c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000400003803c000080080003400000000230000b802c0001800a0001006c696d69740000001c0002800c000240ca00000000000000000c0001400000000000000009140000001000010000000000000000000084000a"], 0x100}}, 0x0) pread64(r5, &(0x7f0000000080)=""/102356, 0x18fd4, 0x80) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$key(0xf, 0x3, 0x2) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0) ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xc5, 0x0, r7}) 15.621291149s ago: executing program 4 (id=1435): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="440000000a06010200000000000000000000000004000880080009400000000005000100070000000900020073797a3000000000100008"], 0x44}}, 0x0) 15.253014855s ago: executing program 0 (id=1436): r0 = getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000000400)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2db, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xe, 0x4, 0x8}, 0x48) r3 = socket$inet6(0xa, 0x3, 0xff) r4 = dup2(r3, r3) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000300)={{{@in=@broadcast, @in6=@mcast1}}, {{@in=@loopback}, 0x0, @in=@remote}}, 0x0) ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) 15.229244197s ago: executing program 4 (id=1437): syz_usbip_server_init(0x142efa27c63a9ee8) 13.541846684s ago: executing program 4 (id=1441): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150700000fff07003506000002000000170600000ee50000bf250000000000003d350000000000006507000002000000070700004c0001fa0f75000000000000bf54000000000000070400000400f9ff2d3501000000000095000000000000000500000000000000950007000000000001722fabb733a0c857c7c45402000000a2d23da04d1ffc187fa1a2ba7ba0e2d507b92de00435fd233cc0f0d9b2c3127c46b0f408398d09ee4dc258d72e690098804de235cf020e35245c9f5526d35df627a64ac7efde50fd7f1dd5b17ed764c33b06598bae66ea38541a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07f8a4b6e6155cecc13a5ddfab726eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a459db8e7ada8ee987cc0000f6"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1, 0x10, &(0x7f0000000000), 0x19f}, 0x48) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c000000030800000000000000000000000900010073797a31000000001c000480080003400000000008000540080000000800084000009d676d2b9f064629992641387e1a8d7d16602b0000000000"], 0x3c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffff75, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="6cc9cc3b39000900487e380800e3b000000000000100002fc991"], 0x78}, 0x1, 0x0, 0x0, 0x50}, 0x4000005) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000200), 0x77, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r2, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007"]) r3 = openat(0xffffffffffffffff, 0x0, 0x20002, 0x5) openat$cgroup_ro(r3, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000340)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfa69, 0x8001}, 0x48) 12.788353879s ago: executing program 0 (id=1445): socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) io_setup(0xff, &(0x7f0000000e40)) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) io_submit(0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r2, r1, &(0x7f0000002080)=0x9c, 0x23b) 7.394675347s ago: executing program 0 (id=1449): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x3c1, 0x3, 0x3e8, 0x1c0, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x318, 0x20a, 0x278, 0x318, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0x198, 0x1c0, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x2}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x28}}]}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xf0, 0x158, 0x0, {}, [@common=@unspec=@nfacct={{0x48}, {'syz1\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x448) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xeb) pread64(r1, 0x0, 0x0, 0x0) 6.887749386s ago: executing program 3 (id=1452): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x0, 0x16, &(0x7f00000001c0)=ANY=[], &(0x7f0000000100)='GPL\x00'}, 0x90) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x282480, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3) ioctl$TCSETSF2(r0, 0x402c542d, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f00000000c0)={0x7, 0x2, 0x0, 0x0, 0x0, "4102000000ff000000000006bbff0f00"}) r3 = syz_open_pts(r2, 0x48f00) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000004000140000000000900010073797a30"], 0xdc}}, 0x0) readv(r3, &(0x7f0000001500)=[{&(0x7f0000001380)=""/97, 0x61}], 0x1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x20000801) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) read$char_usb(r6, &(0x7f0000001840)=""/4090, 0xffa) preadv(r6, &(0x7f0000000040)=[{&(0x7f0000000180)=""/128, 0x80}], 0x1, 0x0, 0x0) read$char_usb(r6, &(0x7f0000000240)=""/34, 0x43) 6.694632267s ago: executing program 2 (id=1453): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000003b0007010000000000000000047c000004000000140001800600060080350000060020"], 0x2c}}, 0x0) 6.393340977s ago: executing program 2 (id=1454): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_io_uring_setup(0x80110, &(0x7f0000000140)={0x0, 0xafac}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x30, 0x0, 0xfc, 0x3ee7}, {0x20, 0x0, 0xfa, 0xff7ff038}, {0x6, 0x4}]}, 0x10) sendmmsg$unix(r3, &(0x7f0000002a00)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000100)="83b540a9", 0xb583}], 0x1}}], 0x1, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SET_MM_MAP_SIZE(0x42, 0xf, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x1}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) socket$inet(0x2, 0x0, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) sendmsg$nl_route(r6, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r7, 0x4b63, 0x3) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) getsockname$netlink(r5, &(0x7f0000000140), &(0x7f0000000180)=0xc) ioctl$IOMMU_VFIO_IOAS$SET(r8, 0x3b88, &(0x7f00000002c0)={0xc, r9}) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r8, 0x3b72, &(0x7f0000000300)={0x18, 0x2, 0x0, 0x1000}) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) 4.88238381s ago: executing program 1 (id=1455): r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet_sctp(r0, &(0x7f0000003cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@prinfo={0x18, 0x84, 0x5, {0x20}}], 0x18}], 0x1, 0x0) 4.60450449s ago: executing program 4 (id=1456): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f00000004c0)="084871e1f10606ce", 0x8}], 0x1}}], 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) nanosleep(&(0x7f00000003c0), 0x0) 4.540616095s ago: executing program 2 (id=1457): socket$inet_udplite(0x2, 0x2, 0x88) socket(0x10, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @val=@tcx}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @local, @val={@void, {0x806}}, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "534ead40a3537293"}}}}, 0x0) 4.483329156s ago: executing program 1 (id=1458): syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000f1d566201e043c40d7cc000000010902120001000000000904"], 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdir(0x0, 0x0) rmdir(0x0) fsopen(0x0, 0x0) userfaultfd(0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) lsetxattr$trusted_overlay_nlink(0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_nlink(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8983, 0x0) syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0) syz_emit_vhci(0x0, 0x70) fsmount(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) 4.164065181s ago: executing program 3 (id=1459): bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001240), 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6000, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8180, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40081271, &(0x7f0000001080)) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x2) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x6, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000380)=@usbdevfs_driver={0x0, 0x0, 0x0}) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = memfd_create(&(0x7f0000000180)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3', 0x0) r5 = dup(r4) fanotify_mark(r3, 0x1, 0x4800105a, r5, 0x0) writev(r5, &(0x7f0000000440)=[{&(0x7f00000001c0)="d0", 0x1}], 0x1) finit_module(r5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0004}]}) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r6, &(0x7f0000000200)=0x1, 0x12) 4.012150797s ago: executing program 4 (id=1460): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) capget(0x0, 0x0) r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000005c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write(r0, 0x1, 0x0, 0x0) 4.002860319s ago: executing program 2 (id=1461): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x6f, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303050007006000000002000020d3"]) 3.989198736s ago: executing program 3 (id=1462): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, 'J\x00i', 0x28, 0x6, 0x0, @remote, @mcast2, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "fb6b9acd8f4e1c92833a2f1e90339d18"}]}}}}}}}}, 0x0) 3.807094821s ago: executing program 3 (id=1463): pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r2 = syz_io_uring_setup(0x73fd, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_setup(0xa94, &(0x7f0000000140), &(0x7f0000000040)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r2, 0x48e9, 0x0, 0x0, 0x0, 0x0) r5 = memfd_create(&(0x7f0000000340)='D\xa3\xd5Wj\x00\x00x0\xc1\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b', 0x0) write(r5, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0x0) r6 = dup3(r1, r0, 0x0) fchdir(r6) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) 3.759720005s ago: executing program 2 (id=1464): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) r2 = socket(0x10, 0x3, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) write$UHID_GET_REPORT_REPLY(r4, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200), &(0x7f0000000940)=0x4) sendmsg$AUDIT_ADD_RULE(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000002c0)={0x450, 0x3f3, 0x4, 0x70bd2c, 0x25dfdbfb, {0x6, 0x1, 0x0, [0x200, 0x1, 0x1, 0x8, 0xe, 0x1, 0x1, 0x7d0d, 0x3, 0x5, 0x7, 0x0, 0x3, 0xb, 0x7, 0x3, 0x0, 0x8, 0x0, 0x4, 0x0, 0x7e0, 0x10000, 0x0, 0x800, 0x7fffffff, 0xcac, 0x0, 0x8, 0x1038, 0x1ff, 0xfffffffc, 0x6, 0xdfa0, 0x1, 0x9, 0x7, 0x2, 0x5, 0xc, 0x0, 0x0, 0x0, 0x6, 0xc, 0x62, 0x9f2, 0x10, 0x0, 0x5, 0xe, 0x5, 0x0, 0x8, 0x1, 0x2, 0x2, 0x4, 0x8144, 0x9, 0x339, 0x0, 0x0, 0x5], [0x7, 0x5, 0x1, 0x0, 0xde2, 0x7, 0x0, 0x6, 0x3, 0x7, 0x8f, 0xfffffff6, 0x9b8, 0x4, 0x53, 0x2, 0x9, 0x2, 0x80000001, 0x4b4, 0xbdad, 0x200, 0x0, 0x0, 0x0, 0x8000, 0xace4, 0xd594, 0x8, 0x5, 0x0, 0x0, 0x7fff, 0x7, 0x4, 0x2, 0x7, 0x9, 0x6, 0x0, 0x4, 0x7fff, 0x0, 0x7, 0x5, 0x2, 0x6, 0x0, 0x0, 0x787, 0x3, 0x3, 0xfff, 0x5, 0x0, 0x300000, 0x200, 0x7, 0x2, 0xfffe, 0x0, 0x0, 0x9, 0xed9], [0x9, 0xfffffeff, 0x3, 0x1, 0x0, 0x4, 0xfffffff7, 0x2, 0x5, 0x0, 0xfffffffa, 0x401, 0x0, 0xd32, 0x0, 0x1, 0x9, 0x7, 0x3, 0xb, 0x1b9, 0x3, 0x2, 0x7f, 0x8, 0x6, 0x1, 0x3, 0x1, 0x2c8, 0x4, 0x15fd, 0x5, 0x8, 0x4c7, 0x5, 0xb1, 0x3, 0xca, 0x400, 0x7, 0xcc, 0x0, 0x1, 0x0, 0x8, 0x1, 0x3e6f9426, 0x6, 0x1, 0x409, 0x954d, 0x9a, 0x401, 0xffffff1a, 0x5, 0x5, 0xe134, 0x5, 0x96fe, 0x101, 0x77, 0x6, 0x3ca], [0xa, 0x8, 0xff1, 0x7fff, 0x2, 0x2, 0x6, 0x4, 0x2, 0x7fffffff, 0x3ff, 0x40, 0x30b4, 0x7, 0x1, 0x1, 0xfffffffd, 0xf, 0xe2e, 0x63b, 0x6f, 0xd1d, 0x9, 0x5, 0x1, 0x0, 0x7, 0x0, 0x4, 0x3, 0xfffffff9, 0x1, 0x9, 0x4, 0x5117, 0x1, 0x5e74810d, 0x1000, 0xffffff01, 0x5, 0x9, 0x101, 0xffffff80, 0x200, 0x0, 0x6, 0x5, 0x9, 0x9, 0x50, 0x1, 0x5, 0x4, 0x0, 0x5, 0x1, 0x9, 0xf6, 0xfffffffc, 0xdc, 0x0, 0x80, 0xfffffffa, 0x5], 0x2e, ['!}\x00', '/dev/uhid\x00', '@],:\x00', '-{/\x00', '[*\\[\x00', '/dev/uhid\x00', '$]}%*[]\x00', '\x00']}, ["", "", "", ""]}, 0x450}, 0x1, 0x0, 0x0, 0x40150}, 0x4000041) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="02c90012000e00050018010a0000dd3c0d022a705f9e93"], 0x17) r5 = dup(0xffffffffffffffff) ioctl$VIDIOC_QUERYBUF_DMABUF(r5, 0xc0585609, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r2) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc9}}, 0x4) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300c713d530e3ffcec67cb7f06b90", @ANYRES32=r8, @ANYBLOB], 0x30}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 3.739925298s ago: executing program 0 (id=1465): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0xb173, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34325842}}) 3.494160706s ago: executing program 0 (id=1466): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150700000fff07003506000002000000170600000ee50000bf250000000000003d350000000000006507000002000000070700004c0001fa0f75000000000000bf54000000000000070400000400f9ff2d3501000000000095000000000000000500000000000000950007000000000001722fabb733a0c857c7c45402000000a2d23da04d1ffc187fa1a2ba7ba0e2d507b92de00435fd233cc0f0d9b2c3127c46b0f408398d09ee4dc258d72e690098804de235cf020e35245c9f5526d35df627a64ac7efde50fd7f1dd5b17ed764c33b06598bae66ea38541a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07f8a4b6e6155cecc13a5ddfab726eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a459db8e7ada8ee987cc0000f6"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1, 0x10, &(0x7f0000000000), 0x19f}, 0x48) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c000000030800000000000000000000000900010073797a31000000001c000480080003400000000008000540080000000800084000009d676d2b9f064629992641387e1a8d7d16602b0000000000"], 0x3c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffff75, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="6cc9cc3b39000900487e380800e3b000000000000100002fc991"], 0x78}, 0x1, 0x0, 0x0, 0x50}, 0x4000005) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000200), 0x77, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r2, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007"]) r3 = openat(0xffffffffffffffff, 0x0, 0x20002, 0x5) openat$cgroup_ro(r3, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000340)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfa69, 0x8001}, 0x48) 2.674874061s ago: executing program 3 (id=1467): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_io_uring_setup(0x80110, &(0x7f0000000140)={0x0, 0xafac}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x30, 0x0, 0xfc, 0x3ee7}, {0x20, 0x0, 0xfa, 0xff7ff038}, {0x6, 0x4}]}, 0x10) sendmmsg$unix(r3, &(0x7f0000002a00)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000100)="83b540a9", 0xb583}], 0x1}}], 0x1, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SET_MM_MAP_SIZE(0x42, 0xf, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x1}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) socket$inet(0x2, 0x0, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) sendmsg$nl_route(r6, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r7, 0x4b63, 0x3) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) getsockname$netlink(r5, &(0x7f0000000140), &(0x7f0000000180)=0xc) ioctl$IOMMU_VFIO_IOAS$SET(r8, 0x3b88, &(0x7f00000002c0)={0xc, r9}) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r8, 0x3b72, &(0x7f0000000300)={0x18, 0x2, 0x0, 0x1000}) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) 2.464547179s ago: executing program 2 (id=1468): socket$packet(0x11, 0x3, 0x300) openat$yama_ptrace_scope(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000a000000080000000200000fffffffff0e000000000000000380000007000000030000ca75ffffff00000000000000002e00"], &(0x7f0000000040)=""/249, 0x46, 0x8c, 0x6}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x3, &(0x7f0000000300)=[{0x200000000006}, {0x1, 0x20, 0x4, 0x200}, {0x6, 0x0, 0x15}]}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x90) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x16) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) getsockname(r1, &(0x7f00000003c0)=@rc, &(0x7f0000000500)=0x80) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) write$UHID_INPUT(r5, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b32373b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d106d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df0784c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d618e462071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af44863c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000510b00", 0x1000}}, 0x1006) socket$packet(0x11, 0x3, 0x300) 1.246580837s ago: executing program 1 (id=1469): r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r1 = socket(0x10, 0x3, 0x0) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x3f2, 0x0, 0x70bd2a, 0x25dfdbfc, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x881}, 0x28008881) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='ufs\x00', 0x18642, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) r8 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000540)}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r8, 0xc04064aa, &(0x7f0000000500)={&(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[{}], 0x0, 0x0, '\x00', 0x9, 0x1}) sendmsg$TIPC_NL_BEARER_ENABLE(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x60, r7, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0xa, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @mcast1}}}}]}]}, 0x60}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000001340)={0x3, &(0x7f0000000080)=[{0x2d, 0x0, 0x1}, {}, {0x6}]}) r9 = add_key$keyring(&(0x7f0000000280), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r9, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000480)) 1.087967892s ago: executing program 3 (id=1470): r0 = socket$inet_dccp(0x2, 0x6, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="2711a10ff674d9d64157cdabda3aa4727a72db53371fa1a41c7f90b15431a07ded3a93eb53ac44880a9938bdccff7fb86fd4f0dc0e91bed2561434776ee99e05e9bb6125d8aa1770e731e9cadc2f30706782117d2fd0f4a7ad157d1bbfc87325fc68173ac8fdfc8feebdd11e333afcfcf331a41a746144585978b81a391e3857995e614b4b2183d71b29f085108e70723ffe5492d08fe36be6819227e8414d13a7a4e29a0348dcc2c06e65aa14356d37ca386bc29d3a2a17d0f3489221", @ANYRESOCT=r4, @ANYRES64, @ANYRES16=r0], 0xac}, 0x1, 0x0, 0x0, 0x80}, 0x5) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000100}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x0, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x20, 0x8801}, [@IFLA_TARGET_NETNSID={0x8}, @IFLA_PHYS_PORT_ID={0x15, 0x22, "3305622b018ad98c463ac70c9c625d0309"}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x4000005) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = gettid() r7 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000001340), 0x0, 0x0) dup3(r8, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x0, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) r9 = socket$inet6_sctp(0xa, 0x801, 0x84) r10 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r10, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000240)=@keyring) sendto$inet6(r9, &(0x7f00000010c0)='\x00', 0x34000, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c) clock_gettime(0x3, &(0x7f00000010c0)) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r1, {0x2}}, './file0\x00'}) 0s ago: executing program 4 (id=1471): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f00000004c0)="084871e1f10606ce", 0x8}], 0x1}}], 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) nanosleep(&(0x7f00000003c0), 0x0) kernel console output (not intermixed with test programs): d=7997 comm="syz.3.701" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 348.209958][ T29] audit: type=1400 audit(1722138130.217:438): avc: denied { name_connect } for pid=7997 comm="syz.3.701" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 348.290845][ T5269] usb 1-1: Using ep0 maxpacket: 16 [ 348.304327][ T5269] usb 1-1: config 1 interface 0 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 1023 [ 348.315538][ T5269] usb 1-1: config 1 interface 0 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 348.356046][ T5269] usb 1-1: config 1 interface 0 has no altsetting 0 [ 348.362209][ T8001] delete_channel: no stack [ 348.384405][ T5269] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 348.402042][ T5269] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.424300][ T5269] usb 1-1: Product: syz [ 348.428674][ T5269] usb 1-1: Manufacturer: ᚜菇✖髤㜾釓엷樇큨앷⎞ꢔ栈ㅢ窂뫥ㅪ鵌ӄ鯔᧛㲠쉢題ꋾ엛溤啗 [ 348.443843][ T5269] usb 1-1: SerialNumber: syz [ 348.461248][ T7991] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 350.706488][ T5269] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 2 proto 1 vid 0x0525 pid 0xA4A8 [ 350.742659][ T5269] usb 1-1: USB disconnect, device number 12 [ 350.770261][ T5269] usblp0: removed [ 352.407250][ T8028] Illegal XDP return value 179131729 on prog (id 112) dev N/A, expect packet loss! [ 355.079567][ T8052] kernel read not supported for file /@%% (pid: 8052 comm: syz.4.716) [ 355.112565][ T29] audit: type=1800 audit(1722138137.167:439): pid=8052 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.716" name="@%%" dev="mqueue" ino=16096 res=0 errno=0 [ 355.128273][ T8032] kvm: kvm [8031]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3c00 [ 355.501734][ T29] audit: type=1400 audit(1722138137.547:440): avc: denied { read } for pid=8063 comm="syz.1.726" name="nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 355.730033][ T29] audit: type=1400 audit(1722138137.587:441): avc: denied { map } for pid=8063 comm="syz.1.726" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 355.840702][ T29] audit: type=1400 audit(1722138137.587:442): avc: denied { execute } for pid=8063 comm="syz.1.726" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 355.895953][ T29] audit: type=1400 audit(1722138137.767:443): avc: denied { create } for pid=8063 comm="syz.1.726" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 358.533529][ T8094] ieee802154 phy0 wpan0: encryption failed: -22 [ 359.016615][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.307553][ T5231] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 359.321932][ T5231] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 359.351324][ T5231] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 359.394246][ T5231] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 359.408303][ T5231] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 359.417264][ T5231] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 359.468952][ T29] audit: type=1400 audit(1722138141.517:444): avc: denied { mount } for pid=8104 comm="syz.1.735" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 359.513478][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.651328][ T29] audit: type=1400 audit(1722138141.677:445): avc: denied { remount } for pid=8104 comm="syz.1.735" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 359.739554][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.790607][ T8102] ip6gretap0 speed is unknown, defaulting to 1000 [ 359.791843][ T8116] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 359.851197][ T29] audit: type=1400 audit(1722138141.887:446): avc: denied { unmount } for pid=6687 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 359.884363][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.990804][ T29] audit: type=1400 audit(1722138142.037:447): avc: denied { read write } for pid=8118 comm="syz.1.741" name="nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 360.041182][ T46] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 360.077181][ T29] audit: type=1400 audit(1722138142.037:448): avc: denied { open } for pid=8118 comm="syz.1.741" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 360.158421][ T29] audit: type=1400 audit(1722138142.037:449): avc: denied { map } for pid=8118 comm="syz.1.741" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 360.199089][ T29] audit: type=1400 audit(1722138142.047:450): avc: denied { execute } for pid=8118 comm="syz.1.741" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 360.276123][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 360.298061][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 360.332924][ T46] usb 4-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00 [ 360.365362][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.411990][ T46] usb 4-1: config 0 descriptor?? [ 360.422793][ T11] bridge_slave_1: left allmulticast mode [ 360.432671][ T11] bridge_slave_1: left promiscuous mode [ 360.450695][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.474301][ T11] bridge_slave_0: left allmulticast mode [ 360.480080][ T11] bridge_slave_0: left promiscuous mode [ 360.488286][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.021363][ T46] dragonrise 0003:0079:0011.0007: hidraw0: USB HID v0.00 Device [HID 0079:0011] on usb-dummy_hcd.3-1/input0 [ 361.717217][ T5225] Bluetooth: hci2: command tx timeout [ 361.916545][ T46] usb 4-1: USB disconnect, device number 12 [ 362.417374][ T29] audit: type=1400 audit(1722138144.447:451): avc: denied { module_request } for pid=8140 comm="syz.2.747" kmod="net-pf-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 362.903268][ T944] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 363.260877][ T29] audit: type=1400 audit(1722138144.587:452): avc: denied { setopt } for pid=8140 comm="syz.2.747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 363.261977][ T944] usb 5-1: New USB device found, idVendor=59cc, idProduct=980d, bcdDevice=b4.8e [ 363.400884][ T944] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.466467][ T944] usb 5-1: config 0 descriptor?? [ 363.517264][ T944] usb-storage 5-1:0.0: USB Mass Storage device detected [ 363.773792][ T5225] Bluetooth: hci2: command 0x041b tx timeout [ 363.866241][ T8166] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 364.163005][ T5274] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 365.176480][ T5274] usb 2-1: Using ep0 maxpacket: 32 [ 365.195968][ T5274] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 365.216427][ T5274] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 365.258554][ T5274] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 365.272770][ T5274] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 365.286269][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 365.295161][ T5274] usb 2-1: Product: syz [ 365.309954][ T5274] usb 2-1: Manufacturer: syz [ 365.320291][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 365.345142][ T5274] hub 2-1:4.0: USB hub found [ 365.355450][ T11] bond0 (unregistering): Released all slaves [ 365.579795][ T944] usb 5-1: USB disconnect, device number 14 [ 365.825154][ T8177] syz.1.752 uses old SIOCAX25GETINFO [ 365.828180][ T29] audit: type=1400 audit(1722138147.887:453): avc: denied { ioctl } for pid=8163 comm="syz.1.752" path="socket:[17427]" dev="sockfs" ino=17427 ioctlcmd=0x89e9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 365.871429][ T5231] Bluetooth: hci2: command 0x041b tx timeout [ 365.909126][ T29] audit: type=1400 audit(1722138147.957:454): avc: denied { setopt } for pid=8163 comm="syz.1.752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 365.945089][ T5274] hub 2-1:4.0: 2 ports detected [ 366.653432][ T5274] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 366.704927][ T5274] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 366.743597][ T8189] netlink: 8 bytes leftover after parsing attributes in process `syz.4.756'. [ 366.902950][ T8189] futex_wake_op: syz.4.756 tries to shift op by -1; fix this program [ 366.959658][ T8189] cgroup: Invalid name [ 367.110900][ T5274] usb 2-1: USB disconnect, device number 13 [ 367.338437][ T11] hsr_slave_0: left promiscuous mode [ 367.385773][ T11] hsr_slave_1: left promiscuous mode [ 367.424548][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 367.461079][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 367.480112][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 367.496098][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 367.534426][ T11] veth1_macvtap: left promiscuous mode [ 367.545802][ T11] veth0_macvtap: left promiscuous mode [ 367.565520][ T11] veth1_vlan: left promiscuous mode [ 367.586652][ T11] veth0_vlan: left promiscuous mode [ 367.930992][ T5225] Bluetooth: hci2: command 0x041b tx timeout [ 368.290365][ T5231] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 369.133686][ T11] team0 (unregistering): Port device team_slave_1 removed [ 369.217824][ T11] team0 (unregistering): Port device team_slave_0 removed [ 369.656231][ T29] audit: type=1400 audit(1722138151.707:455): avc: denied { mounton } for pid=8222 comm="syz.4.763" path="/proc/490/task" dev="proc" ino=16571 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 369.967119][ T8199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.758'. [ 369.987221][ T8102] chnl_net:caif_netlink_parms(): no params data found [ 370.015126][ T5231] Bluetooth: hci2: command 0x041b tx timeout [ 370.273834][ T8219] netlink: 12 bytes leftover after parsing attributes in process `syz.3.761'. [ 371.093705][ T8219] netlink: 'syz.3.761': attribute type 30 has an invalid length. [ 371.135124][ T8219] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 371.354044][ T8228] kvm: kvm [8226]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3c00 [ 372.178264][ T5231] Bluetooth: hci2: command 0x041b tx timeout [ 372.326093][ T8102] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.386123][ T8102] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.393616][ T8102] bridge_slave_0: entered allmulticast mode [ 372.404407][ T8102] bridge_slave_0: entered promiscuous mode [ 372.422696][ T8102] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.430079][ T8102] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.469203][ T8102] bridge_slave_1: entered allmulticast mode [ 372.492896][ T8102] bridge_slave_1: entered promiscuous mode [ 372.692682][ T8102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 373.124864][ T944] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 373.419789][ T8102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 373.644855][ T944] usb 2-1: Using ep0 maxpacket: 8 [ 373.710382][ T944] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 373.767630][ T944] usb 2-1: config 1 has no interface number 1 [ 373.813754][ T944] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 373.840899][ T944] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 373.874905][ T944] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 373.906090][ T944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.927881][ T944] usb 2-1: Product: syz [ 373.952952][ T944] usb 2-1: Manufacturer: syz [ 373.957611][ T944] usb 2-1: SerialNumber: syz [ 374.063179][ T8102] team0: Port device team_slave_0 added [ 374.118508][ T8102] team0: Port device team_slave_1 added [ 374.178134][ T8267] netlink: 4 bytes leftover after parsing attributes in process `syz.4.775'. [ 374.344349][ T8272] netlink: 44 bytes leftover after parsing attributes in process `syz.4.775'. [ 375.018290][ T8102] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 375.055126][ T8102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 375.157320][ T5302] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 375.194169][ T8102] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 375.223736][ T944] usb 2-1: USB disconnect, device number 14 [ 375.418609][ T8102] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 375.497066][ T8102] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 375.557727][ T8102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 375.661292][ T5302] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 375.784782][ T29] audit: type=1400 audit(1722138157.787:456): avc: denied { setopt } for pid=8279 comm="syz.4.777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 375.840072][ T5302] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 375.908807][ T5302] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 375.964044][ T7184] udevd[7184]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 376.028616][ T5302] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.139555][ T5302] usb 3-1: config 0 descriptor?? [ 376.163335][ T8102] hsr_slave_0: entered promiscuous mode [ 376.242388][ T8102] hsr_slave_1: entered promiscuous mode [ 376.301309][ T8102] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 376.308939][ T8102] Cannot create hsr debugfs directory [ 379.307455][ T1263] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.323047][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.356012][ T5302] usbhid 3-1:0.0: can't add hid device: -71 [ 379.381386][ T5302] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 379.436465][ T5302] usb 3-1: USB disconnect, device number 16 [ 381.476203][ T8333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.787'. [ 381.580421][ T8327] netlink: 44 bytes leftover after parsing attributes in process `syz.3.787'. [ 381.681131][ T5269] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 381.932257][ T5269] usb 2-1: Using ep0 maxpacket: 16 [ 381.954369][ T5269] usb 2-1: config 1 has an invalid interface descriptor of length 7, skipping [ 381.989196][ T5269] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 381.993763][ T8337] serio: Serial port pts0 [ 382.026850][ T5269] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 382.082545][ T5269] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 382.126367][ T8345] overlayfs: failed to get inode (-116) [ 382.138876][ T5269] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 382.154383][ T5269] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.164529][ T8345] overlayfs: failed to get inode (-116) [ 382.176573][ T5269] usb 2-1: Product: syz [ 382.204767][ T5269] usb 2-1: Manufacturer: syz [ 382.236192][ T5269] usb 2-1: SerialNumber: syz [ 382.478871][ T29] audit: type=1400 audit(1722138164.527:457): avc: denied { read } for pid=8339 comm="syz.3.789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 382.493842][ T5269] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor [ 382.542032][ T5269] usb 2-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 382.566778][ T5269] usb 2-1: found format II with max.bitrate = 0, frame size=0 [ 382.621568][ T5269] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 382.729464][ T5269] usb 2-1: USB disconnect, device number 15 [ 382.773508][ T8102] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 382.870456][ T8102] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 382.955303][ T8102] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 383.001632][ T8102] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 383.051968][ T29] audit: type=1400 audit(1722138165.107:458): avc: denied { read } for pid=8347 comm="syz.4.790" name="btrfs-control" dev="devtmpfs" ino=1120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 383.105800][ T7184] udevd[7184]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 383.201226][ T29] audit: type=1400 audit(1722138165.107:459): avc: denied { open } for pid=8347 comm="syz.4.790" path="/dev/btrfs-control" dev="devtmpfs" ino=1120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 383.538882][ T29] audit: type=1326 audit(1722138165.517:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8365 comm="syz.1.792" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3be1377299 code=0x0 [ 383.567150][ T8369] autofs4:pid:8369:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(4294967071.1), cmd(0xc018937e) [ 383.581158][ T8369] autofs4:pid:8369:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 389.483178][ T8375] input: syz0 as /devices/virtual/input/input14 [ 390.041616][ T8102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 390.622421][ T8102] 8021q: adding VLAN 0 to HW filter on device team0 [ 390.699072][ T5303] bridge0: port 1(bridge_slave_0) entered blocking state [ 390.706606][ T5303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 390.766483][ T8383] netlink: 8 bytes leftover after parsing attributes in process `syz.2.795'. [ 390.804263][ T5303] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.815854][ T5303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 392.171854][ T29] audit: type=1400 audit(1722138174.167:461): avc: denied { mount } for pid=8401 comm="syz.4.799" name="/" dev="rpc_pipefs" ino=16988 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 392.833254][ T8405] ip6gretap0 speed is unknown, defaulting to 1000 [ 392.914653][ T8102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 393.307949][ T8102] veth0_vlan: entered promiscuous mode [ 393.811303][ T8102] veth1_vlan: entered promiscuous mode [ 394.088799][ T8102] veth0_macvtap: entered promiscuous mode [ 394.108578][ T8102] veth1_macvtap: entered promiscuous mode [ 394.215319][ T8102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.241176][ T8102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.256586][ T8434] No memory to map [ 394.260900][ T29] audit: type=1400 audit(1722138176.307:462): avc: denied { map } for pid=8427 comm="syz.4.803" path="/dev/video4" dev="devtmpfs" ino=855 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 394.312695][ T8102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.418663][ T8102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.516248][ T8102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.593193][ T8102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.667259][ T8102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.783402][ T8102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.858878][ T8102] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 394.877058][ T8102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.903361][ T8102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.929147][ T8102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.959812][ T8102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.996872][ T8102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.024741][ T8102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.064742][ T8102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.099666][ T8102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.134773][ T8102] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 395.199287][ T8102] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.230856][ T8102] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.239611][ T8102] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.273170][ T8102] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.811948][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.841059][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.933435][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 398.016694][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 398.418408][ T8475] netlink: 172 bytes leftover after parsing attributes in process `syz.4.812'. [ 398.475998][ T29] audit: type=1400 audit(1722138180.527:463): avc: denied { wake_alarm } for pid=8476 comm="syz.2.813" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 399.920058][ T29] audit: type=1400 audit(1722138181.947:464): avc: denied { ioctl } for pid=8474 comm="syz.4.812" path="socket:[18451]" dev="sockfs" ino=18451 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 399.969859][ T8477] 9pnet: Could not find request transport: xen [ 400.050850][ T29] audit: type=1400 audit(1722138181.957:465): avc: denied { read } for pid=8474 comm="syz.4.812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 400.551109][ T5302] usb 3-1: new low-speed USB device number 17 using dummy_hcd [ 403.604966][ T5225] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 403.616394][ T5225] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 403.627068][ T5225] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 403.637615][ T5225] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 403.646962][ T5225] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 403.658612][ T5225] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 403.897259][ T8522] ip6gretap0 speed is unknown, defaulting to 1000 [ 406.217395][ T5231] Bluetooth: hci0: command tx timeout [ 406.985644][ T29] audit: type=1400 audit(1722138188.757:466): avc: denied { setopt } for pid=8535 comm="syz.2.827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 408.555174][ T5231] Bluetooth: hci0: command tx timeout [ 409.507949][ T8566] lo speed is unknown, defaulting to 1000 [ 409.519690][ T8566] lo speed is unknown, defaulting to 1000 [ 409.547780][ T8566] lo speed is unknown, defaulting to 1000 [ 409.579021][ T29] audit: type=1400 audit(1722138191.627:467): avc: denied { read } for pid=8572 comm="syz.3.840" name="fb0" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 409.605731][ T8522] chnl_net:caif_netlink_parms(): no params data found [ 409.666061][ T29] audit: type=1400 audit(1722138191.627:468): avc: denied { open } for pid=8572 comm="syz.3.840" path="/dev/fb0" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 409.736732][ T29] audit: type=1400 audit(1722138191.627:469): avc: denied { ioctl } for pid=8572 comm="syz.3.840" path="/dev/fb0" dev="devtmpfs" ino=631 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 410.214633][ T8522] bridge0: port 1(bridge_slave_0) entered blocking state [ 410.225491][ T8522] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.233659][ T8522] bridge_slave_0: entered allmulticast mode [ 410.241156][ T8522] bridge_slave_0: entered promiscuous mode [ 410.252852][ T8522] bridge0: port 2(bridge_slave_1) entered blocking state [ 410.267361][ T8522] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.275123][ T8522] bridge_slave_1: entered allmulticast mode [ 410.282595][ T8522] bridge_slave_1: entered promiscuous mode [ 410.436311][ T8522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 410.509072][ T8566] infiniband syz1: set active [ 410.658926][ T5273] lo speed is unknown, defaulting to 1000 [ 410.669245][ T5231] Bluetooth: hci0: command tx timeout [ 410.722922][ T8522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 410.817307][ T5302] IPVS: starting estimator thread 0... [ 411.411149][ T8590] IPVS: using max 31 ests per chain, 74400 per kthread [ 411.429407][ T8566] infiniband syz1: added lo [ 411.492597][ T8566] syz1: rxe_create_cq: returned err = -12 [ 411.498563][ T8566] infiniband syz1: Couldn't create ib_mad CQ [ 411.505231][ T8566] infiniband syz1: Couldn't open port 1 [ 411.526454][ T8522] team0: Port device team_slave_0 added [ 411.568133][ T8566] RDS/IB: syz1: added [ 411.579251][ T8522] team0: Port device team_slave_1 added [ 411.590978][ T8566] smc: adding ib device syz1 with port count 1 [ 411.605882][ T8566] smc: ib device syz1 port 1 has pnetid [ 411.658794][ T5302] lo speed is unknown, defaulting to 1000 [ 411.673144][ T8566] lo speed is unknown, defaulting to 1000 [ 411.787195][ T8522] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 411.845957][ T8522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 412.062730][ T8522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 412.161452][ T8522] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 412.192103][ T8522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 412.256959][ T8522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 412.661354][ T8566] lo speed is unknown, defaulting to 1000 [ 412.891041][ T5231] Bluetooth: hci0: command tx timeout [ 413.061515][ T8522] hsr_slave_0: entered promiscuous mode [ 413.086839][ T8522] hsr_slave_1: entered promiscuous mode [ 413.124330][ T8522] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 413.162285][ T8522] Cannot create hsr debugfs directory [ 414.815573][ T8566] lo speed is unknown, defaulting to 1000 [ 415.588320][ T8522] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.648949][ T8566] lo speed is unknown, defaulting to 1000 [ 415.865789][ T8522] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.137316][ T8522] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.578680][ T8522] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.485858][ T8566] lo speed is unknown, defaulting to 1000 [ 418.002242][ T8522] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 418.044445][ T8522] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 418.084256][ T8522] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 418.139541][ T8566] lo speed is unknown, defaulting to 1000 [ 418.153887][ T8522] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 418.506204][ T8640] block nbd3: shutting down sockets [ 418.888000][ T8522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.025846][ T8522] 8021q: adding VLAN 0 to HW filter on device team0 [ 419.861547][ T5303] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.868769][ T5303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.950273][ T5303] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.957576][ T5303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 421.935537][ T29] audit: type=1400 audit(1722138203.957:470): avc: denied { create } for pid=8679 comm="syz.0.874" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 422.720975][ T29] audit: type=1400 audit(1722138204.287:471): avc: denied { write } for pid=8679 comm="syz.0.874" name="file0" dev="tmpfs" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 422.780980][ T29] audit: type=1400 audit(1722138204.287:472): avc: denied { open } for pid=8679 comm="syz.0.874" path="/22/file0" dev="tmpfs" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 422.891257][ T29] audit: type=1400 audit(1722138204.837:473): avc: denied { ioctl } for pid=8679 comm="syz.0.874" path="/22/file0" dev="tmpfs" ino=130 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 422.921299][ T8689] xt_l2tp: wrong L2TP version: 0 [ 423.137380][ T8686] 9pnet: Could not find request transport: xen [ 423.174999][ T8522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 423.414707][ T8522] veth0_vlan: entered promiscuous mode [ 423.460149][ T8522] veth1_vlan: entered promiscuous mode [ 424.062017][ T8522] veth0_macvtap: entered promiscuous mode [ 424.108887][ T8522] veth1_macvtap: entered promiscuous mode [ 424.140727][ T29] audit: type=1400 audit(1722138206.187:474): avc: denied { unlink } for pid=8102 comm="syz-executor" name="file0" dev="tmpfs" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 424.164649][ C0] vkms_vblank_simulate: vblank timer overrun [ 425.079734][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.121789][ T5273] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 425.123471][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x1 [ 425.142795][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.159515][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.172416][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.180913][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.183813][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.200466][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.200997][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.218752][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.223394][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.230714][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.247488][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.249454][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.280500][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.305880][ T8522] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 425.318085][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.329287][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.363868][ T5273] usb 5-1: New USB device found, idVendor=59cc, idProduct=980d, bcdDevice=b4.8e [ 425.378640][ T5273] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.388031][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.398408][ T5273] usb 5-1: config 0 descriptor?? [ 425.401626][ C0] eth0: bad gso: type: 1, size: 1408 [ 425.410651][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.412062][ T8713] serio: Serial port pts0 [ 425.419262][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.434114][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.446244][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.462043][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.464651][ T5273] usb-storage 5-1:0.0: USB Mass Storage device detected [ 425.469970][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.498584][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.498919][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.508785][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.538728][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.572157][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.582642][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.614190][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.625202][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.634826][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.640463][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.700147][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.700196][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.751747][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.756227][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.771647][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.788239][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.802925][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.852838][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.854415][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.891564][ T8522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.902844][ T8522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.947853][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 425.952814][ T8522] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 425.967223][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.004539][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.012380][ T8522] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.032025][ T5273] usb 5-1: USB disconnect, device number 15 [ 426.038738][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.045208][ T8522] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.051615][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.063220][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.066678][ T8522] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.070655][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.083146][ T8522] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.088603][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.159133][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.179456][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.189221][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.201366][ T46] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 426.222434][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.249647][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.273952][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.286526][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.302373][ T5227] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 426.335313][ T5227] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz0] on syz0 [ 426.405165][ T46] usb 4-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 426.434822][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.472164][ T7417] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.508141][ T7417] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.523859][ T46] usb 4-1: config 0 descriptor?? [ 426.569580][ T46] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input15 [ 426.686471][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.695246][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.176938][ T5335] usb 4-1: USB disconnect, device number 13 [ 427.381104][ T5273] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 427.583132][ T5273] usb 2-1: Using ep0 maxpacket: 16 [ 427.603967][ T5273] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 427.630937][ T5273] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 427.649340][ T5273] usb 2-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 427.658801][ T5273] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.661155][ T5303] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 427.679529][ T5273] usb 2-1: config 0 descriptor?? [ 427.699862][ T29] audit: type=1400 audit(1722138209.747:475): avc: denied { setopt } for pid=8731 comm="syz.2.886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 427.864686][ T5303] usb 1-1: Using ep0 maxpacket: 32 [ 427.884473][ T5303] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 427.926225][ T5303] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 427.956116][ T5303] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 427.976855][ T5303] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 428.001750][ T5303] usb 1-1: Product: syz [ 428.005995][ T5303] usb 1-1: Manufacturer: syz [ 428.056016][ T5303] hub 1-1:4.0: USB hub found [ 428.179203][ T5273] mcp2200 0003:04D8:00DF.0009: unknown main item tag 0x0 [ 428.202410][ T5273] mcp2200 0003:04D8:00DF.0009: USB HID v0.00 Device [HID 04d8:00df] on usb-dummy_hcd.1-1/input0 [ 428.558596][ T5273] usb 2-1: USB disconnect, device number 16 [ 428.569470][ T8748] netlink: 12 bytes leftover after parsing attributes in process `syz.3.890'. [ 428.666960][ T8748] netlink: 12 bytes leftover after parsing attributes in process `syz.3.890'. [ 428.685441][ T8748] netlink: 20 bytes leftover after parsing attributes in process `syz.3.890'. [ 429.304397][ T5303] hub 1-1:4.0: 2 ports detected [ 430.042604][ T8756] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 431.064951][ T5303] hub 1-1:4.0: hub_hub_status failed (err = -32) [ 431.081174][ T5303] hub 1-1:4.0: config failed, can't get hub status (err -32) [ 431.501298][ T5303] usb 1-1: USB disconnect, device number 13 [ 431.523819][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x1 [ 431.567760][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 431.595342][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 431.624122][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 431.655157][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 431.680090][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.429768][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.478074][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.498077][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.506846][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.516980][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.528694][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.599612][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.634130][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.664591][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.820973][ T5273] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 432.896568][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.921854][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 432.933252][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 433.147066][ T8790] 9pnet_fd: Insufficient options for proto=fd [ 434.093062][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.100505][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.110366][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.214894][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.222725][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.230241][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.237976][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.246816][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.267943][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.289835][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.317406][ T5273] usb 5-1: config index 0 descriptor too short (expected 256, got 18) [ 434.332664][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.353291][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.371927][ T5273] usb 5-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config [ 434.382552][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.403211][ T5273] usb 5-1: config 0 has no interfaces? [ 434.409186][ T5273] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 434.428996][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.432233][ T29] audit: type=1400 audit(1722138216.477:476): avc: denied { ioctl } for pid=8791 comm="syz.2.903" path="socket:[20214]" dev="sockfs" ino=20214 ioctlcmd=0x89e4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 434.449393][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.473777][ T5273] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.669502][ T5273] usb 5-1: config 0 descriptor?? [ 434.675174][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.692719][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.700217][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.716298][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 434.724237][ T5273] usb 5-1: can't set config #0, error -71 [ 435.563996][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 435.583218][ T5273] usb 5-1: USB disconnect, device number 16 [ 435.590498][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 435.620910][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 435.628537][ T5335] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 435.692591][ T5335] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz0] on syz0 [ 437.369903][ T8824] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 438.310648][ T8834] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 438.517060][ T8834] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 439.166846][ T8841] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 440.736035][ T1263] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.742574][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.161091][ T5303] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 448.380901][ T5303] usb 3-1: device descriptor read/64, error -110 [ 449.917180][ T29] audit: type=1400 audit(1722138231.967:477): avc: denied { bind } for pid=8870 comm="syz.3.929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 450.373481][ T8878] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 450.523678][ T5225] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 450.543363][ T5225] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 450.555172][ T5225] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 450.569015][ T5225] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 450.577117][ T5225] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 450.584493][ T5225] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 450.606922][ T5231] Bluetooth: hci3: unexpected event 0x09 length: 4 > 3 [ 450.736466][ T5231] Bluetooth: hci3: ACL packet for unknown connection handle 203 [ 450.764445][ T29] audit: type=1400 audit(1722138232.817:478): avc: denied { read } for pid=8875 comm="syz.2.931" name="usbmon0" dev="devtmpfs" ino=706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 450.764798][ T5231] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 450.972612][ T29] audit: type=1400 audit(1722138232.817:479): avc: denied { open } for pid=8875 comm="syz.2.931" path="/dev/usbmon0" dev="devtmpfs" ino=706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 451.182593][ T1050] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.240109][ T8883] ip6gretap0 speed is unknown, defaulting to 1000 [ 451.544755][ T8898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 451.649300][ T1050] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.623669][ T1050] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.669869][ T5231] Bluetooth: hci2: command tx timeout [ 452.731802][ T8883] lo speed is unknown, defaulting to 1000 [ 452.828248][ T5227] IPVS: starting estimator thread 0... [ 452.940885][ T8913] IPVS: using max 30 ests per chain, 72000 per kthread [ 452.965609][ T1050] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.841476][ T1050] bridge_slave_1: left allmulticast mode [ 453.848841][ T1050] bridge_slave_1: left promiscuous mode [ 453.854965][ T1050] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.956326][ T1050] bridge_slave_0: left allmulticast mode [ 453.982744][ T1050] bridge_slave_0: left promiscuous mode [ 453.988626][ T1050] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.872000][ T5231] Bluetooth: hci2: command tx timeout [ 456.336734][ T1050] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 456.364190][ T1050] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 456.394587][ T1050] bond0 (unregistering): Released all slaves [ 456.891629][ T5231] Bluetooth: hci2: command tx timeout [ 458.502907][ T8946] netlink: 'syz.2.948': attribute type 9 has an invalid length. [ 458.510597][ T8946] netlink: 8 bytes leftover after parsing attributes in process `syz.2.948'. [ 458.971391][ T5231] Bluetooth: hci2: command tx timeout [ 459.007075][ T8956] netlink: 172 bytes leftover after parsing attributes in process `syz.2.953'. [ 459.273673][ T5303] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 459.681938][ T5303] usb 2-1: Using ep0 maxpacket: 8 [ 459.689762][ T5303] usb 2-1: config 0 has an invalid interface number: 124 but max is 0 [ 459.706943][ T5303] usb 2-1: config 0 has no interface number 0 [ 459.736557][ T5303] usb 2-1: New USB device found, idVendor=0a5c, idProduct=2033, bcdDevice=72.01 [ 459.944176][ T5303] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.962461][ T5303] usb 2-1: Product: syz [ 459.966673][ T5303] usb 2-1: Manufacturer: syz [ 459.971896][ T5303] usb 2-1: SerialNumber: syz [ 459.988484][ T5303] usb 2-1: config 0 descriptor?? [ 460.157423][ T8883] chnl_net:caif_netlink_parms(): no params data found [ 461.104791][ T29] audit: type=1326 audit(1722138243.117:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8967 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff087b77299 code=0x7ffc0000 [ 461.194896][ T941] usb 2-1: USB disconnect, device number 17 [ 461.201358][ T29] audit: type=1326 audit(1722138243.127:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8967 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff087b77299 code=0x7ffc0000 [ 461.329524][ T29] audit: type=1326 audit(1722138243.137:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8967 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=313 compat=0 ip=0x7ff087b77299 code=0x7ffc0000 [ 461.461362][ T29] audit: type=1326 audit(1722138243.137:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8967 comm="syz.3.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff087b77299 code=0x7ffc0000 [ 461.640190][ T1050] hsr_slave_0: left promiscuous mode [ 461.686827][ T1050] hsr_slave_1: left promiscuous mode [ 461.722036][ T1050] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 461.754287][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 461.791792][ T1050] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 461.840288][ T1050] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 461.978965][ T1050] veth1_macvtap: left promiscuous mode [ 462.023579][ T29] audit: type=1400 audit(1722138244.077:484): avc: denied { setcurrent } for pid=8981 comm="syz.2.959" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 462.171576][ C0] eth0: bad gso: type: 1, size: 1408 [ 462.244521][ T1050] veth0_macvtap: left promiscuous mode [ 462.279741][ T1050] veth1_vlan: left promiscuous mode [ 462.351372][ T1050] veth0_vlan: left promiscuous mode [ 462.970242][ T29] audit: type=1401 audit(1722138244.097:485): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 462.987891][ T29] audit: type=1400 audit(1722138244.397:486): avc: denied { write } for pid=8985 comm="syz.1.961" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 465.849125][ T5273] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 466.216214][ T5273] usb 4-1: Using ep0 maxpacket: 8 [ 466.475099][ T5273] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 466.500618][ T5273] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 466.529551][ T5273] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.592579][ T5273] usb 4-1: config 0 descriptor?? [ 466.790335][ T1050] team0 (unregistering): Port device team_slave_1 removed [ 466.867734][ T46] usb 4-1: USB disconnect, device number 14 [ 466.916844][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 466.939582][ T1050] team0 (unregistering): Port device team_slave_0 removed [ 469.501173][ T29] audit: type=1400 audit(1722138251.277:487): avc: denied { audit_control } for pid=9037 comm="syz.4.973" capability=30 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 470.005693][ T8990] bridge0: port 3(syz_tun) entered blocking state [ 470.015793][ T8990] bridge0: port 3(syz_tun) entered disabled state [ 470.023773][ T8990] syz_tun: entered allmulticast mode [ 470.030266][ T8990] syz_tun: entered promiscuous mode [ 470.036497][ T8990] bridge0: port 3(syz_tun) entered blocking state [ 470.043389][ T8990] bridge0: port 3(syz_tun) entered forwarding state [ 470.531108][ T29] audit: type=1400 audit(1722138252.587:488): avc: denied { bind } for pid=9044 comm="syz.1.975" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 470.559878][ T29] audit: type=1400 audit(1722138252.607:489): avc: denied { listen } for pid=9044 comm="syz.1.975" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 470.580177][ T29] audit: type=1400 audit(1722138252.607:490): avc: denied { accept } for pid=9044 comm="syz.1.975" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 470.654054][ T9050] netlink: 4 bytes leftover after parsing attributes in process `syz.2.976'. [ 470.670032][ T9050] netlink: 152 bytes leftover after parsing attributes in process `syz.2.976'. [ 470.704091][ T9050] netlink: 152 bytes leftover after parsing attributes in process `syz.2.976'. [ 470.721289][ T8883] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.748428][ T8883] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.764590][ T8883] bridge_slave_0: entered allmulticast mode [ 470.810686][ T8883] bridge_slave_0: entered promiscuous mode [ 470.845866][ T8883] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.877291][ T8883] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.893558][ T8883] bridge_slave_1: entered allmulticast mode [ 470.918446][ T8883] bridge_slave_1: entered promiscuous mode [ 472.318325][ T8883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 472.349591][ T8883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 472.596506][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 472.616276][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 472.645981][ T8883] team0: Port device team_slave_0 added [ 472.646505][ T1050] IPVS: stop unused estimator thread 0... [ 472.675176][ T9052] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 472.706659][ T8883] team0: Port device team_slave_1 added [ 472.940427][ T8883] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 472.973719][ T8883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 473.022697][ T9075] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 473.051404][ T8883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 473.088556][ T8883] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 473.140990][ T8883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 473.179197][ T8883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 473.488500][ T8883] hsr_slave_0: entered promiscuous mode [ 473.517551][ T8883] hsr_slave_1: entered promiscuous mode [ 473.527982][ T8883] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 473.540553][ T8883] Cannot create hsr debugfs directory [ 474.224742][ T9094] netlink: 8 bytes leftover after parsing attributes in process `syz.2.990'. [ 474.389832][ T9081] ip6gretap0 speed is unknown, defaulting to 1000 [ 475.591023][ T944] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 475.801015][ T944] usb 5-1: Using ep0 maxpacket: 8 [ 475.809858][ T944] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 475.839819][ T944] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 476.045869][ T9081] lo speed is unknown, defaulting to 1000 [ 476.059376][ T944] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 476.219244][ T9113] netlink: 28 bytes leftover after parsing attributes in process `syz.2.995'. [ 476.246143][ T9113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=71 sclass=netlink_route_socket pid=9113 comm=syz.2.995 [ 477.580842][ T944] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 477.624159][ T944] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 477.710797][ T944] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.735339][ T944] usb 5-1: can't set config #16, error -71 [ 477.745307][ T944] usb 5-1: USB disconnect, device number 17 [ 478.256472][ T8883] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 478.342701][ T8883] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 478.396998][ T8883] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 479.099764][ T8883] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 479.380997][ T46] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 479.580984][ T46] usb 2-1: Using ep0 maxpacket: 8 [ 479.668931][ T46] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 480.584023][ T46] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 480.611047][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.623075][ T46] usb 2-1: config 0 descriptor?? [ 480.816635][ T9140] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1002'. [ 480.884188][ T8883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 481.058846][ T8883] 8021q: adding VLAN 0 to HW filter on device team0 [ 481.089287][ T46] usb 2-1: USB disconnect, device number 18 [ 481.114914][ T941] bridge0: port 1(bridge_slave_0) entered blocking state [ 481.122353][ T941] bridge0: port 1(bridge_slave_0) entered forwarding state [ 481.164804][ T941] bridge0: port 2(bridge_slave_1) entered blocking state [ 481.172289][ T941] bridge0: port 2(bridge_slave_1) entered forwarding state [ 481.381942][ T941] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 481.603806][ T941] usb 3-1: Using ep0 maxpacket: 16 [ 481.619400][ T941] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 481.652393][ T941] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 481.711220][ T941] usb 3-1: New USB device found, idVendor=487d, idProduct=2b2d, bcdDevice=5b.a8 [ 481.721707][ T941] usb 3-1: New USB device strings: Mfr=41, Product=169, SerialNumber=43 [ 481.730449][ T941] usb 3-1: Product: syz [ 481.735013][ T941] usb 3-1: Manufacturer: syz [ 481.739966][ T941] usb 3-1: SerialNumber: syz [ 481.755267][ T941] usb 3-1: config 0 descriptor?? [ 481.770329][ T12] bridge_slave_1: left allmulticast mode [ 481.802643][ T12] bridge_slave_1: left promiscuous mode [ 481.829867][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 481.856970][ T12] bridge_slave_0: left allmulticast mode [ 481.876130][ T12] bridge_slave_0: left promiscuous mode [ 481.896149][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.834844][ T29] audit: type=1400 audit(1722138264.867:491): avc: denied { setopt } for pid=9151 comm="syz.3.1005" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 484.483719][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 484.498268][ T29] audit: type=1400 audit(1722138266.547:492): avc: denied { ioctl } for pid=9167 comm="syz.4.1010" path="socket:[22583]" dev="sockfs" ino=22583 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 484.531587][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 484.556739][ T12] bond0 (unregistering): Released all slaves [ 484.629945][ T8] usb 3-1: USB disconnect, device number 20 [ 485.173701][ T8883] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 485.188717][ T29] audit: type=1401 audit(1722138267.237:493): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 486.500693][ T8883] veth0_vlan: entered promiscuous mode [ 486.591224][ T8883] veth1_vlan: entered promiscuous mode [ 486.853244][ T8883] veth0_macvtap: entered promiscuous mode [ 486.928324][ T8883] veth1_macvtap: entered promiscuous mode [ 487.068213][ T8883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.136727][ T8883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.159154][ T8883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.211242][ T8883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.241761][ T8883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.302431][ T8883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.334336][ T8883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.590824][ T8883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.607207][ T8883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 488.490808][ T8883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.552662][ T8883] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 488.742099][ T12] hsr_slave_0: left promiscuous mode [ 488.776678][ T12] hsr_slave_1: left promiscuous mode [ 488.812634][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 488.843788][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 488.883780][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 488.908051][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 489.840788][ T12] veth1_macvtap: left promiscuous mode [ 489.847839][ T12] veth0_macvtap: left promiscuous mode [ 489.854187][ T12] veth1_vlan: left promiscuous mode [ 489.859915][ T12] veth0_vlan: left promiscuous mode [ 490.230922][ T9216] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1024'. [ 491.286010][ T12] team0 (unregistering): Port device team_slave_1 removed [ 491.346881][ T12] team0 (unregistering): Port device team_slave_0 removed [ 491.892451][ T8883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.903430][ T8883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.914608][ T8883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.925874][ T8883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.961418][ T8883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 491.995455][ T8883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.006448][ T8883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 492.017940][ T8883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.030701][ T8883] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 492.177966][ T8883] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.225047][ T8883] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.245246][ T8883] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.263866][ T8883] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.341585][ T29] audit: type=1400 audit(1722138274.387:494): avc: denied { setopt } for pid=9225 comm="syz.3.1027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 492.597459][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 492.649029][ T9232] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 492.662701][ T29] audit: type=1400 audit(1722138274.677:495): avc: denied { append } for pid=9229 comm="syz.2.1028" name="nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 492.700803][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 492.842099][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 492.877416][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 493.412605][ T9237] ip6gretap0 speed is unknown, defaulting to 1000 [ 493.923517][ T5274] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 494.144685][ T5274] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 494.156722][ T9237] lo speed is unknown, defaulting to 1000 [ 494.203386][ T5274] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 494.248949][ T5274] usb 1-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 494.270654][ T5274] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.672062][ T5274] usb 1-1: config 0 descriptor?? [ 496.172588][ T9249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 496.201851][ T9249] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 496.276901][ T5274] hid (null): report_id 0 is invalid [ 496.290204][ T5274] uclogic 0003:5543:0003.000B: unknown main item tag 0x0 [ 496.300999][ T5274] uclogic 0003:5543:0003.000B: unknown main item tag 0x4 [ 496.308330][ T5274] uclogic 0003:5543:0003.000B: report_id 0 is invalid [ 496.317053][ T5274] uclogic 0003:5543:0003.000B: item 0 2 1 8 parsing failed [ 496.328359][ T5274] uclogic 0003:5543:0003.000B: parse failed [ 496.347196][ T5274] uclogic 0003:5543:0003.000B: probe with driver uclogic failed with error -22 [ 496.779799][ T944] usb 1-1: USB disconnect, device number 14 [ 498.402814][ T29] audit: type=1400 audit(1722138280.457:496): avc: denied { bind } for pid=9287 comm="syz.3.1045" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 501.440894][ T941] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 501.691052][ T9336] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 502.187887][ T1263] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.196949][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.230797][ C0] eth0: bad gso: type: 1, size: 1408 [ 502.470917][ T941] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 502.504431][ T941] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 502.514581][ T941] usb 1-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00 [ 502.523825][ T941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.542975][ T9339] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 502.551939][ T941] usb 1-1: config 0 descriptor?? [ 502.585273][ T9341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 502.782293][ T29] audit: type=1400 audit(1722138284.837:497): avc: denied { create } for pid=9344 comm="syz.2.1065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 503.039145][ T29] audit: type=1400 audit(1722138285.087:498): avc: denied { getopt } for pid=9349 comm="syz.3.1067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 503.058507][ C0] vkms_vblank_simulate: vblank timer overrun [ 503.078678][ T941] waltop 0003:172F:0500.000C: item fetching failed at offset 5/7 [ 503.118672][ T941] waltop 0003:172F:0500.000C: probe with driver waltop failed with error -22 [ 503.536465][ T941] usb 1-1: USB disconnect, device number 15 [ 504.838312][ T9374] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 507.663725][ T9403] virtio-fs: tag <(null)> not found [ 507.706235][ T29] audit: type=1400 audit(1722138289.757:499): avc: denied { ioctl } for pid=9401 comm="syz.4.1084" path="socket:[22520]" dev="sockfs" ino=22520 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 507.752473][ T9403] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 507.759110][ T9403] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 507.790603][ T9403] vhci_hcd vhci_hcd.0: Device attached [ 508.096849][ T5302] vhci_hcd: vhci_device speed not set [ 508.461108][ T5302] usb 17-1: new full-speed USB device number 2 using vhci_hcd [ 508.474783][ T29] audit: type=1400 audit(1722138290.517:500): avc: denied { create } for pid=9414 comm="syz.2.1089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 508.536471][ T9413] befs: (nullb0): No write support. Marking filesystem read-only [ 508.597523][ T9413] befs: (nullb0): invalid magic header [ 508.617504][ T9409] vhci_hcd: connection reset by peer [ 508.668562][ T12] vhci_hcd: stop threads [ 508.683226][ T12] vhci_hcd: release socket [ 508.695907][ T12] vhci_hcd: disconnect device [ 509.699256][ T9427] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1091'. [ 509.906265][ T9434] futex_wake_op: syz.3.1091 tries to shift op by -1; fix this program [ 509.964874][ T9434] cgroup: Invalid name [ 510.860991][ T29] audit: type=1400 audit(1722138292.217:501): avc: denied { mount } for pid=9436 comm="syz.1.1095" name="/" dev="hugetlbfs" ino=23257 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 511.638204][ T29] audit: type=1400 audit(1722138293.687:502): avc: denied { watch watch_reads } for pid=9443 comm="syz.0.1096" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=157 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 511.772915][ T29] audit: type=1400 audit(1722138293.807:503): avc: denied { unmount } for pid=8522 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 513.730560][ T5302] vhci_hcd: vhci_device speed not set [ 513.740459][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 515.069413][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 515.123798][ T9] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 515.132485][ T9] usb 5-1: can't read configurations, error -71 [ 516.449241][ T29] audit: type=1400 audit(1722138298.497:504): avc: denied { mount } for pid=9485 comm="syz.2.1109" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 516.526100][ T29] audit: type=1400 audit(1722138298.567:505): avc: denied { mounton } for pid=9485 comm="syz.2.1109" path="/235/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 516.619775][ T29] audit: type=1400 audit(1722138298.667:506): avc: denied { unmount } for pid=5230 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 518.713752][ T9501] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 518.725680][ T9501] cramfs: wrong magic [ 518.764751][ T9501] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1114'. [ 518.915535][ T29] audit: type=1400 audit(1722138300.757:507): avc: denied { map } for pid=9500 comm="syz.2.1114" path="/dev/bus/usb/005/001" dev="devtmpfs" ino=724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 519.041817][ T29] audit: type=1400 audit(1722138301.097:508): avc: denied { listen } for pid=9504 comm="syz.1.1115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 519.351372][ T29] audit: type=1400 audit(1722138301.137:509): avc: denied { accept } for pid=9504 comm="syz.1.1115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 520.764000][ T29] audit: type=1326 audit(1722138302.817:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9532 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9fd977299 code=0x7fc00000 [ 520.787322][ C0] vkms_vblank_simulate: vblank timer overrun [ 521.773676][ T29] audit: type=1326 audit(1722138303.827:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9532 comm="syz.1.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9fd977299 code=0x7fc00000 [ 524.178788][ T9564] MTD: Attempt to mount non-MTD device "/dev/nbd0" [ 524.186061][ T9564] cramfs: wrong magic [ 524.316381][ T9565] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1131'. [ 526.550863][ T8] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 526.588575][ T9571] befs: (nullb0): No write support. Marking filesystem read-only [ 526.599606][ T9571] befs: (nullb0): invalid magic header [ 526.620844][ T29] audit: type=1400 audit(1722138308.657:512): avc: denied { read } for pid=9573 comm="syz.0.1137" lport=42132 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 526.757627][ C0] eth0: bad gso: type: 1, size: 1408 [ 526.771040][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 526.783189][ T8] usb 2-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 526.809303][ T9581] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 526.810842][ T8] usb 2-1: config 6 has 1 interface, different from the descriptor's value: 4 [ 526.845724][ T9581] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 526.858732][ T29] audit: type=1400 audit(1722138308.887:513): avc: denied { create } for pid=9572 comm="syz.4.1135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 526.916450][ T8] usb 2-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=e9.aa [ 526.946350][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.963993][ T29] audit: type=1400 audit(1722138308.887:514): avc: denied { write } for pid=9572 comm="syz.4.1135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 527.024428][ T8] usb 2-1: Product: syz [ 527.028637][ T8] usb 2-1: Manufacturer: syz [ 527.072084][ T8] usb 2-1: SerialNumber: syz [ 527.919614][ T8] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 529.383834][ T944] usb 2-1: USB disconnect, device number 19 [ 529.632532][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 529.640584][ T8] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 529.656306][ T8] usb 1-1: config 179 has no interface number 0 [ 529.862348][ T9604] Bluetooth: hci0: command 0x0406 tx timeout [ 530.558302][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 530.602805][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 530.627875][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 530.665456][ T5231] Bluetooth: hci0: unexpected event for opcode 0x0c57 [ 530.710323][ T8] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 530.710398][ T8] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 530.710433][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.722751][ T8] usb 1-1: can't set config #179, error -71 [ 530.905415][ T9623] netlink: 'syz.4.1150': attribute type 1 has an invalid length. [ 530.905654][ T9623] netlink: 'syz.4.1150': attribute type 2 has an invalid length. [ 531.012772][ T8] usb 1-1: USB disconnect, device number 16 [ 531.292472][ T9628] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 531.301280][ T9628] cramfs: wrong magic [ 531.411095][ T9628] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1147'. [ 533.073553][ T9613] tty tty3: ldisc open failed (-12), clearing slot 2 [ 533.093222][ T5231] Bluetooth: hci3: SCO packet for unknown connection handle 48 [ 533.178516][ T9646] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 533.271008][ T9646] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 533.867385][ T9653] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 534.762584][ T5231] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 534.772343][ T5231] Bluetooth: hci0: Injecting HCI hardware error event [ 535.253852][ T5231] Bluetooth: hci3: command 0x0406 tx timeout [ 535.262197][ T5231] Bluetooth: hci0: hardware error 0x00 [ 535.938865][ T29] audit: type=1400 audit(1722138317.987:515): avc: denied { bind } for pid=9680 comm="syz.2.1164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 536.250946][ T5273] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 536.525955][ T5273] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 536.556930][ T5273] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 536.598658][ T5273] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 536.635452][ T5273] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 536.673961][ T5273] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 536.691356][ T5273] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 536.708940][ T5273] usb 3-1: SerialNumber: syz [ 536.725403][ T9681] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 536.736499][ T9681] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 536.842408][ T5273] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 537.858219][ T5231] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 538.430676][ T9681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 538.471482][ T9681] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 538.541953][ T29] audit: type=1800 audit(1722138320.587:516): pid=9681 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.1164" name="file2" dev="overlay" ino=1337 res=0 errno=0 [ 542.186820][ T9712] sched: RT throttling activated [ 542.234238][ T5273] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 542.536933][ T5273] usb 3-1: USB disconnect, device number 21 [ 542.555504][ T9726] random: crng reseeded on system resumption [ 542.769815][ T29] audit: type=1400 audit(1722138324.607:517): avc: denied { write } for pid=9721 comm="syz.0.1176" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 544.974934][ T9752] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1185'. [ 547.064864][ T9768] xt_hashlimit: overflow, try lower: 3/0 [ 547.267336][ T29] audit: type=1400 audit(1722138329.257:518): avc: denied { bind } for pid=9762 comm="syz.2.1189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 547.974969][ T29] audit: type=1400 audit(1722138329.257:519): avc: denied { name_bind } for pid=9762 comm="syz.2.1189" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 548.370075][ T29] audit: type=1400 audit(1722138329.257:520): avc: denied { node_bind } for pid=9762 comm="syz.2.1189" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 548.391521][ C1] vkms_vblank_simulate: vblank timer overrun [ 548.464181][ T29] audit: type=1400 audit(1722138329.287:521): avc: denied { listen } for pid=9762 comm="syz.2.1189" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 548.579184][ T9775] ax25_connect(): syz.0.1190 uses autobind, please contact jreuter@yaina.de [ 549.166162][ T9792] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1195'. [ 550.441358][ T9801] xt_bpf: check failed: parse error [ 550.907755][ T9817] syz.1.1203[9817] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 550.907971][ T9817] syz.1.1203[9817] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 550.971610][ T9805] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 550.990895][ T9805] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 551.039108][ T9805] vhci_hcd vhci_hcd.0: Device attached [ 551.068020][ T29] audit: type=1400 audit(1722138333.117:522): avc: denied { watch watch_reads } for pid=9810 comm="syz.3.1201" path="/proc/855/net/unix" dev="proc" ino=4026532886 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 551.193693][ T9818] vhci_hcd: connection closed [ 551.196297][ T80] vhci_hcd: stop threads [ 551.215612][ T80] vhci_hcd: release socket [ 551.217608][ T9824] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1205'. [ 551.233725][ T9824] netlink: 'syz.2.1205': attribute type 1 has an invalid length. [ 551.247771][ T80] vhci_hcd: disconnect device [ 551.391069][ T29] audit: type=1400 audit(1722138333.437:523): avc: denied { mounton } for pid=9825 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 551.467537][ T9604] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 551.626001][ T9604] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 551.650988][ T9604] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 551.664943][ T9604] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 551.695958][ T9604] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 551.707304][ T9604] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 551.818829][ T9834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1209'. [ 551.886374][ T9835] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 551.930300][ T9825] ip6gretap0 speed is unknown, defaulting to 1000 [ 552.141500][ T7398] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.635438][ T7398] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.561611][ T9825] lo speed is unknown, defaulting to 1000 [ 553.771734][ T5231] Bluetooth: hci5: command tx timeout [ 555.627947][ T7398] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.846814][ T7398] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.851562][ T5231] Bluetooth: hci5: command tx timeout [ 557.013340][ T9871] delete_channel: no stack [ 557.028643][ T9874] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1217'. [ 557.504900][ T5231] Bluetooth: hci2: SCO packet for unknown connection handle 48 [ 557.585246][ T7398] bridge_slave_1: left allmulticast mode [ 557.684049][ T7398] bridge_slave_1: left promiscuous mode [ 557.693569][ T7398] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.736068][ T7398] bridge_slave_0: left allmulticast mode [ 557.740612][ T9894] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 557.760718][ T7398] bridge_slave_0: left promiscuous mode [ 557.784964][ T7398] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.931764][ T5231] Bluetooth: hci5: command tx timeout [ 558.912392][ T7398] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 558.926281][ T7398] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 558.937561][ T7398] bond0 (unregistering): Released all slaves [ 558.956512][ T7398] bond1 (unregistering): Released all slaves [ 558.969611][ T9892] mac80211_hwsim hwsim10 Weth0_vlan: renamed from wlan1 (while UP) [ 559.077120][ T9878] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 559.125996][ T9878] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 559.295946][ T5231] Bluetooth: hci2: command 0x0405 tx timeout [ 559.372788][ T29] audit: type=1400 audit(1722138341.417:524): avc: denied { read write } for pid=9901 comm="syz.3.1226" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 559.427154][ T29] audit: type=1400 audit(1722138341.417:525): avc: denied { open } for pid=9901 comm="syz.3.1226" path="/269/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 559.529155][ T29] audit: type=1400 audit(1722138341.577:526): avc: denied { unmount } for pid=5218 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 559.656251][ T9825] chnl_net:caif_netlink_parms(): no params data found [ 559.790587][ T5231] Bluetooth: hci2: unexpected event for opcode 0x0c57 [ 560.010878][ T5231] Bluetooth: hci5: command tx timeout [ 561.525493][ T9925] delete_channel: no stack [ 561.570549][ T9929] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1230'. [ 562.154270][ T9936] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1231'. [ 562.217036][ T9825] bridge0: port 1(bridge_slave_0) entered blocking state [ 562.246902][ T9825] bridge0: port 1(bridge_slave_0) entered disabled state [ 562.277423][ T9825] bridge_slave_0: entered allmulticast mode [ 562.298614][ T9825] bridge_slave_0: entered promiscuous mode [ 562.332420][ T9825] bridge0: port 2(bridge_slave_1) entered blocking state [ 562.379480][ T9825] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.402195][ T9825] bridge_slave_1: entered allmulticast mode [ 562.437962][ T9825] bridge_slave_1: entered promiscuous mode [ 562.517753][ T29] audit: type=1400 audit(1722138344.567:527): avc: denied { mount } for pid=9944 comm="syz.0.1233" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 562.608170][ T29] audit: type=1400 audit(1722138344.657:528): avc: denied { unmount } for pid=8883 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 562.651335][ T7398] hsr_slave_0: left promiscuous mode [ 562.674407][ T7398] hsr_slave_1: left promiscuous mode [ 562.700301][ T7398] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 562.708562][ T7398] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 562.721638][ T7398] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 562.729184][ T7398] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 562.814619][ T7398] veth1_macvtap: left promiscuous mode [ 562.840274][ T7398] veth0_macvtap: left promiscuous mode [ 562.865469][ T9951] xt_bpf: check failed: parse error [ 562.880994][ T7398] veth1_vlan: left promiscuous mode [ 562.886378][ T7398] veth0_vlan: left promiscuous mode [ 563.152091][ T9953] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 563.158665][ T9953] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 563.250994][ T9954] vhci_hcd: connection closed [ 563.276537][ T9953] vhci_hcd vhci_hcd.0: Device attached [ 563.416271][ T1126] vhci_hcd: stop threads [ 563.421639][ T1126] vhci_hcd: release socket [ 563.445806][ T1126] vhci_hcd: disconnect device [ 563.624487][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.855206][ T5231] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 563.867194][ T5231] Bluetooth: hci2: Injecting HCI hardware error event [ 563.886702][ T9604] Bluetooth: hci2: hardware error 0x00 [ 563.925467][ T7398] team0 (unregistering): Port device team_slave_1 removed [ 563.976777][ T7398] team0 (unregistering): Port device team_slave_0 removed [ 564.840100][ T9825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 564.909886][ T9825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 564.991109][ T9962] ubi0: attaching mtd0 [ 565.047460][ T9962] ubi0: scanning is finished [ 565.058115][ T9962] ubi0: empty MTD device detected [ 565.124218][ T9825] team0: Port device team_slave_0 added [ 565.162081][ T9825] team0: Port device team_slave_1 added [ 565.315645][ T9962] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 565.324624][ T9962] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 565.331765][ T9825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 565.332369][ T9962] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 565.367061][ T9962] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 565.387020][ T9962] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 565.410825][ T9962] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 565.439770][ T9962] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3915793024 [ 565.455358][ T9825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 565.504353][ T9962] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 565.588988][ T9825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 565.603060][ T9825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 565.610100][ T9825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 565.636400][ T9825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 565.670880][ T9971] ubi0: background thread "ubi_bgt0d" started, PID 9971 [ 565.931091][ T9604] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 566.366024][ T29] audit: type=1400 audit(1722138348.417:529): avc: denied { watch watch_reads } for pid=9977 comm="syz.0.1243" path="/proc/142/fdinfo" dev="proc" ino=24519 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 566.596678][ T9825] hsr_slave_0: entered promiscuous mode [ 566.634508][ T9825] hsr_slave_1: entered promiscuous mode [ 566.731013][ T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 566.918774][ T9989] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1246'. [ 566.929650][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 566.998996][ T9] usb 1-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=8d.90 [ 567.029818][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.064050][ T9] usb 1-1: Product: syz [ 567.143020][ T9] usb 1-1: Manufacturer: syz [ 567.147905][ T9] usb 1-1: SerialNumber: syz [ 567.188532][ T9] usb 1-1: config 0 descriptor?? [ 567.217436][ T9] ums-freecom 1-1:0.0: USB Mass Storage device detected [ 567.262973][ T9991] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1247'. [ 567.541776][ T29] audit: type=1400 audit(1722138349.597:530): avc: denied { ioctl } for pid=9995 comm="syz.2.1248" path="socket:[24550]" dev="sockfs" ino=24550 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 567.677097][ T941] usb 1-1: USB disconnect, device number 17 [ 569.085670][ T9825] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 569.123873][ T9825] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 569.202683][ T9825] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 569.247062][ T9825] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 569.305942][T10008] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 570.514430][ T9825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 570.625507][ T9825] 8021q: adding VLAN 0 to HW filter on device team0 [ 570.665306][ T5302] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.672685][ T5302] bridge0: port 1(bridge_slave_0) entered forwarding state [ 570.745647][ T5302] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.752855][ T5302] bridge0: port 2(bridge_slave_1) entered forwarding state [ 571.078426][ T9825] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 573.025845][ T9825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 573.531804][ T941] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 573.981018][ T941] usb 3-1: Using ep0 maxpacket: 32 [ 574.135732][ T941] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 574.155051][ T941] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.177014][ T941] usb 3-1: Product: syz [ 574.190888][ T941] usb 3-1: Manufacturer: syz [ 574.222148][ T941] usb 3-1: SerialNumber: syz [ 574.245222][ T941] usb 3-1: config 0 descriptor?? [ 574.562349][ T941] snd-usb-6fire 3-1:0.0: unknown device firmware state received from device: [ 574.572924][ T941] eb 9a 3b 80 9b e4 7a f0 [ 574.577722][ T941] snd-usb-6fire 3-1:0.0: probe with driver snd-usb-6fire failed with error -5 [ 575.292523][ T5302] usb 3-1: USB disconnect, device number 22 [ 575.682116][T10065] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 575.808649][ T9825] veth0_vlan: entered promiscuous mode [ 575.825809][ T9825] veth1_vlan: entered promiscuous mode [ 575.869416][ T9825] veth0_macvtap: entered promiscuous mode [ 575.882122][ T9825] veth1_macvtap: entered promiscuous mode [ 576.100109][ T9825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 576.115279][ T9825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.125447][ T9825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 576.136220][ T9825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.153141][T10073] qrtr: Invalid version 17 [ 576.840847][ T9825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 576.891366][ T9825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.940812][ T9825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 576.964489][ T9825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.995979][ T9825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 577.057976][ T9825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 577.090587][ T9825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.120892][ T9825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 577.146322][ T9825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.164149][ T9825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 577.176287][T10078] input: syz0 as /devices/virtual/input/input17 [ 577.182916][T10078] input: failed to attach handler leds to device input17, error: -6 [ 577.190172][ T9825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.266039][ T9825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 577.278354][ T9825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.348537][ T9825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 577.419738][ T9825] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.473808][ T9825] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.490998][ T9825] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.499869][ T9825] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.618050][ T29] audit: type=1400 audit(1722138359.657:531): avc: denied { getopt } for pid=10082 comm="syz.0.1272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 578.163155][ T29] audit: type=1400 audit(1722138360.157:532): avc: denied { write } for pid=10087 comm="syz.3.1274" path="socket:[25885]" dev="sockfs" ino=25885 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 578.240522][ T29] audit: type=1400 audit(1722138360.157:533): avc: denied { nlmsg_write } for pid=10087 comm="syz.3.1274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 579.541316][ T1050] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.576283][ T1050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 579.831107][ T5302] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 580.385021][ T29] audit: type=1400 audit(1722138362.117:534): avc: denied { ioctl } for pid=10106 comm="syz.2.1280" path="/dev/loop-control" dev="devtmpfs" ino=648 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 580.850800][ T5302] usb 1-1: Using ep0 maxpacket: 8 [ 580.897688][ T5302] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 580.920152][ T5302] usb 1-1: config 179 has no interface number 0 [ 580.949595][ T5302] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 580.984539][ T5302] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 581.016524][ T5302] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 581.049220][ T5302] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 581.085566][ T5302] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 581.117951][ T5302] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.159566][ T1050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 581.191554][T10105] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 581.240951][ T1050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 581.605512][ T5302] usb 1-1: USB disconnect, device number 18 [ 581.605586][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 581.605643][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 583.497275][T10133] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 585.721000][ T46] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 585.943489][ T46] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 585.963127][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.042683][ T46] usb 4-1: config 0 descriptor?? [ 588.276095][ T46] pegasus 4-1:0.0: probe with driver pegasus failed with error -71 [ 588.388503][ T46] usb 4-1: USB disconnect, device number 15 [ 589.536220][ T29] audit: type=1400 audit(1722138371.587:535): avc: denied { getopt } for pid=10193 comm="syz.4.1306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 589.858778][T10199] random: crng reseeded on system resumption [ 593.201954][ T5302] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 593.559021][T10236] netlink: 'syz.2.1318': attribute type 1 has an invalid length. [ 593.578119][ T5302] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 593.590513][ T5302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.726423][T10241] 9pnet_fd: Insufficient options for proto=fd [ 594.358968][ T5302] usb 5-1: config 0 descriptor?? [ 595.220922][ T46] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 595.540964][ T46] usb 2-1: Using ep0 maxpacket: 32 [ 595.558345][ T46] usb 2-1: config 0 has an invalid interface number: 234 but max is 0 [ 595.570819][ T46] usb 2-1: config 0 has no interface number 0 [ 595.609748][ T46] usb 2-1: New USB device found, idVendor=0545, idProduct=8002, bcdDevice= 3.0a [ 595.627796][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 595.650831][ T46] usb 2-1: Product: syz [ 595.673781][ T5302] pegasus 5-1:0.0: can't reset MAC [ 595.679113][ T5302] pegasus 5-1:0.0: probe with driver pegasus failed with error -5 [ 595.704012][ T46] usb 2-1: Manufacturer: syz [ 595.708639][ T5302] usb 5-1: USB disconnect, device number 20 [ 595.714401][ T46] usb 2-1: SerialNumber: syz [ 595.761315][ T46] usb 2-1: config 0 descriptor?? [ 596.101723][ T29] audit: type=1326 audit(1722138378.157:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10255 comm="syz.0.1325" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5cab377299 code=0x0 [ 596.148802][ T5302] usb 2-1: USB disconnect, device number 20 [ 596.249485][T10261] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 597.895961][ T29] audit: type=1400 audit(1722138379.487:537): avc: denied { create } for pid=10279 comm="syz.0.1333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 597.922060][ C1] vkms_vblank_simulate: vblank timer overrun [ 598.256819][ T29] audit: type=1400 audit(1722138379.487:538): avc: denied { write } for pid=10279 comm="syz.0.1333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 599.023104][ T5302] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 599.076198][T10301] netlink: 'syz.4.1338': attribute type 11 has an invalid length. [ 599.221592][ T5302] usb 3-1: Using ep0 maxpacket: 16 [ 599.263210][ T5302] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 599.297574][ T29] audit: type=1400 audit(1722138381.347:539): avc: denied { write } for pid=10307 comm="syz.4.1340" path="socket:[26879]" dev="sockfs" ino=26879 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 599.324275][ T5302] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.331535][ T46] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 599.340134][ T5302] usb 3-1: Product: syz [ 599.349754][ T5302] usb 3-1: Manufacturer: syz [ 599.387966][ T5302] usb 3-1: SerialNumber: syz [ 599.418445][ T5302] r8152-cfgselector 3-1: Unknown version 0x0000 [ 599.425183][ T5302] r8152-cfgselector 3-1: config 0 descriptor?? [ 599.474809][ T29] audit: type=1400 audit(1722138381.527:540): avc: denied { read } for pid=10303 comm="syz.1.1337" laddr=127.0.0.1 lport=60614 faddr=127.0.0.1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 599.543618][ T46] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 599.558481][ T29] audit: type=1400 audit(1722138381.607:541): avc: denied { accept } for pid=10303 comm="syz.1.1337" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 599.586188][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.618010][ T46] usb 4-1: config 0 descriptor?? [ 599.825663][ C0] eth0: bad gso: type: 1, size: 1408 [ 599.941236][ T5302] r8152-cfgselector 3-1: USB disconnect, device number 23 [ 602.045509][ T46] pegasus 4-1:0.0: can't reset MAC [ 602.163472][ T46] pegasus 4-1:0.0: probe with driver pegasus failed with error -5 [ 602.253697][ T46] usb 4-1: USB disconnect, device number 16 [ 602.793602][T10344] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10344 comm=syz.0.1350 [ 603.173790][T10348] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1351'. [ 603.934440][T10361] xt_hashlimit: overflow, try lower: 3/0 [ 604.575978][ T9] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 604.839956][T10352] [U] v3f"S/4:XTzWtlW= [ 604.846681][T10352] [U] J"e:" [ 605.082914][ T29] audit: type=1400 audit(1722138387.107:542): avc: denied { bind } for pid=10351 comm="syz.1.1352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 605.112037][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 605.137601][ T9] usb 1-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 605.208490][ T9] usb 1-1: config 6 has 1 interface, different from the descriptor's value: 4 [ 605.229248][ T9] usb 1-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=e9.aa [ 605.249421][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.330973][ T29] audit: type=1400 audit(1722138387.177:543): avc: denied { setopt } for pid=10351 comm="syz.1.1352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 605.436157][ T9] usb 1-1: Product: syz [ 605.440388][ T9] usb 1-1: Manufacturer: syz [ 605.445203][ T9] usb 1-1: SerialNumber: syz [ 605.799765][ T5269] usb 1-1: USB disconnect, device number 19 [ 606.515620][T10351] [U] fBq38)bL(L{2-A"OU^paH()d-Ry^v+AI [ 606.690564][T10379] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1358'. [ 606.820872][ T46] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 607.040882][ T46] usb 1-1: Using ep0 maxpacket: 8 [ 607.048746][ T46] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 607.077854][ T46] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 607.166815][ T46] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 607.177785][ T46] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 607.244297][ T46] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 607.278022][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.203292][T10396] xt_nfacct: accounting object `syz1' does not exists [ 609.449561][ T46] usb 1-1: GET_CAPABILITIES returned 0 [ 610.444526][ T29] audit: type=1400 audit(1722138392.497:544): avc: denied { setopt } for pid=10401 comm="syz.2.1364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 610.488796][ T46] usbtmc 1-1:16.0: can't read capabilities [ 610.638894][ T46] usb 1-1: USB disconnect, device number 20 [ 610.658645][ T29] audit: type=1400 audit(1722138392.517:545): avc: denied { bind } for pid=10401 comm="syz.2.1364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 610.767003][ T29] audit: type=1400 audit(1722138392.517:546): avc: denied { name_bind } for pid=10401 comm="syz.2.1364" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 610.874348][ T29] audit: type=1400 audit(1722138392.517:547): avc: denied { node_bind } for pid=10401 comm="syz.2.1364" saddr=fe88::3 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 611.154672][T10413] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1368'. [ 611.723413][T10417] ptrace attach of "./syz-executor exec"[10414] was attempted by "./syz-executor exec"[10417] [ 612.896784][T10429] netlink: 'syz.4.1373': attribute type 1 has an invalid length. [ 612.904788][T10429] netlink: 244 bytes leftover after parsing attributes in process `syz.4.1373'. [ 614.268696][T10428] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 614.373219][ T29] audit: type=1400 audit(1722138396.417:548): avc: denied { connect } for pid=10431 comm="syz.0.1374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 614.425777][T10428] infiniband sy: RDMA CMA: cma_listen_on_dev, error -98 [ 614.481986][ T29] audit: type=1400 audit(1722138396.537:549): avc: denied { write } for pid=10431 comm="syz.0.1374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 614.630959][ T5227] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 614.828530][ T5227] usb 5-1: Using ep0 maxpacket: 8 [ 614.938223][ T5227] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 614.948290][ T5227] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 614.975657][ T5227] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 614.995320][ T5227] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 615.201687][ T5227] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 615.215480][ T5227] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.112454][ T5227] usb 5-1: GET_CAPABILITIES returned 0 [ 616.146311][ T5227] usbtmc 5-1:16.0: can't read capabilities [ 616.561499][T10447] tmpfs: Unknown parameter 'u' [ 616.863374][T10455] xt_nfacct: accounting object `syz1' does not exists [ 619.044487][T10472] netlink: 'syz.1.1386': attribute type 1 has an invalid length. [ 619.052641][T10472] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1386'. [ 619.654239][ T5269] usb 5-1: USB disconnect, device number 21 [ 621.665654][ T29] audit: type=1400 audit(1722138403.697:550): avc: denied { connect } for pid=10485 comm="syz.0.1390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 621.763957][ T29] audit: type=1400 audit(1722138403.697:551): avc: denied { write } for pid=10485 comm="syz.0.1390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 622.261993][ T29] audit: type=1326 audit(1722138404.317:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10476 comm="syz.1.1389" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe9fd977299 code=0x0 [ 622.346603][T10497] tmpfs: Unknown parameter 'u' [ 624.686740][ T5227] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 624.758214][T10519] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1397'. [ 624.921262][ T5227] usb 3-1: Using ep0 maxpacket: 8 [ 624.943887][ T5227] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 624.997991][ T5227] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 625.041105][ T5227] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 625.071272][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.090534][ T5227] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 625.118555][ T5227] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 625.133426][ T5227] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.220878][ T5269] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 625.381311][ T29] audit: type=1400 audit(1722138407.437:553): avc: denied { map } for pid=10524 comm="syz.4.1403" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 625.407650][ C1] vkms_vblank_simulate: vblank timer overrun [ 625.436874][ T5227] usb 3-1: GET_CAPABILITIES returned 0 [ 625.451118][ T5269] usb 4-1: Using ep0 maxpacket: 16 [ 625.467925][ T5227] usbtmc 3-1:16.0: can't read capabilities [ 625.468013][ T5269] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 625.599631][ T5269] usb 4-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=54.21 [ 625.611409][ T5269] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.625751][ T5269] usb 4-1: Product: syz [ 625.635594][ T5269] usb 4-1: Manufacturer: syz [ 625.644979][ T5269] usb 4-1: SerialNumber: syz [ 625.661556][ T5269] usb 4-1: config 0 descriptor?? [ 625.674747][ T5269] imon_raw 4-1:0.0: IR endpoint missing [ 626.810531][T10539] xt_nfacct: accounting object `syz1' does not exists [ 626.868749][ C0] eth0: bad gso: type: 1, size: 1408 [ 626.981181][T10542] netlink: 4272 bytes leftover after parsing attributes in process `syz.4.1407'. [ 627.024699][T10542] netlink: 'syz.4.1407': attribute type 1 has an invalid length. [ 627.048566][T10542] netlink: 121 bytes leftover after parsing attributes in process `syz.4.1407'. [ 628.062812][ T5227] usb 3-1: USB disconnect, device number 24 [ 628.594297][T10560] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1414'. [ 629.033334][T10567] netlink: 4272 bytes leftover after parsing attributes in process `syz.4.1418'. [ 629.551470][T10567] netlink: 'syz.4.1418': attribute type 1 has an invalid length. [ 629.824335][T10567] netlink: 121 bytes leftover after parsing attributes in process `syz.4.1418'. [ 630.229959][ T941] usb 4-1: USB disconnect, device number 17 [ 630.732703][ T9604] Bluetooth: hci3: command 0x0406 tx timeout [ 631.598266][T10590] netlink: 'syz.0.1427': attribute type 2 has an invalid length. [ 631.619046][T10590] : entered promiscuous mode [ 631.837878][T10579] netlink: 'syz.3.1421': attribute type 1 has an invalid length. [ 632.255186][T10598] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1427'. [ 632.264614][T10598] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1427'. [ 632.927375][T10599] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1428'. [ 632.935490][T10600] syz.4.1429 (10600): drop_caches: 4 [ 633.312491][T10607] netlink: 4272 bytes leftover after parsing attributes in process `syz.0.1432'. [ 633.328444][T10607] netlink: 'syz.0.1432': attribute type 1 has an invalid length. [ 633.336634][T10607] netlink: 121 bytes leftover after parsing attributes in process `syz.0.1432'. [ 635.745863][T10614] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1434'. [ 636.337357][T10644] netlink: 1212 bytes leftover after parsing attributes in process `syz.2.1443'. [ 641.669678][ T29] audit: type=1400 audit(1722138423.717:554): avc: denied { write } for pid=10656 comm="syz.2.1448" name="task" dev="proc" ino=28157 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 641.713713][ T29] audit: type=1400 audit(1722138423.747:555): avc: denied { add_name } for pid=10656 comm="syz.2.1448" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 641.746744][ T29] audit: type=1400 audit(1722138423.747:556): avc: denied { create } for pid=10656 comm="syz.2.1448" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1 [ 641.769417][ T29] audit: type=1400 audit(1722138423.747:557): avc: denied { associate } for pid=10656 comm="syz.2.1448" name="file0" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 641.910930][ T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 642.150995][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 642.170675][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 642.200170][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 642.260573][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 642.282214][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 642.321635][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 642.342442][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.460599][T10671] openvswitch: netlink: Missing key (keys=100000040, expected=2000) [ 642.527728][T10670] netlink: 'syz.3.1452': attribute type 1 has an invalid length. [ 642.608005][ T9] usb 1-1: GET_CAPABILITIES returned 0 [ 642.624539][ T9] usbtmc 1-1:16.0: can't read capabilities [ 643.319297][T10680] xt_nfacct: accounting object `syz1' does not exists [ 644.800434][ T29] audit: type=1400 audit(1722138426.847:558): avc: denied { read } for pid=10689 comm="syz.3.1459" name="file0" dev="tmpfs" ino=1711 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 644.814673][T10690] Invalid ELF header len 1 [ 644.875867][ T29] audit: type=1400 audit(1722138426.847:559): avc: denied { watch watch_reads } for pid=10689 comm="syz.3.1459" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=1152 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 644.949697][ T29] audit: type=1400 audit(1722138426.847:560): avc: denied { module_load } for pid=10689 comm="syz.3.1459" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=1152 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 645.011360][T10695] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 645.056120][ T5273] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 645.184667][ T9] usb 1-1: USB disconnect, device number 21 [ 645.284072][ T5273] usb 2-1: Using ep0 maxpacket: 32 [ 645.296562][ T941] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 645.318719][T10704] netlink: 'syz.2.1464': attribute type 10 has an invalid length. [ 645.377300][ T29] audit: type=1400 audit(1722138427.367:561): avc: denied { read } for pid=10699 comm="syz.2.1464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 645.513488][ T5273] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 645.544295][ T5273] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 645.593567][T10704] batman_adv: batadv0: Adding interface: team0 [ 645.600263][T10704] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 645.627031][T10704] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 645.640636][ T5273] usb 2-1: config 0 descriptor?? [ 645.651038][T10706] netlink: 'syz.2.1464': attribute type 10 has an invalid length. [ 645.659771][T10706] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1464'. [ 645.711205][T10706] team0: entered promiscuous mode [ 645.716432][T10706] team_slave_0: entered promiscuous mode [ 645.723095][T10706] team_slave_1: entered promiscuous mode [ 645.735533][T10706] 8021q: adding VLAN 0 to HW filter on device team0 [ 645.746887][T10706] batman_adv: batadv0: Interface activated: team0 [ 645.753607][T10706] batman_adv: batadv0: Interface deactivated: team0 [ 645.760379][T10706] batman_adv: batadv0: Removing interface: team0 [ 645.767406][T10711] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1464'. [ 645.870242][ T5273] gspca_main: sq930x-2.14.0 probing 041e:403c [ 645.885642][ T941] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 645.903328][T10706] bridge0: port 3(team0) entered blocking state [ 646.011048][T10706] bridge0: port 3(team0) entered disabled state [ 646.017781][T10706] team0: entered allmulticast mode [ 646.023140][T10706] team_slave_0: entered allmulticast mode [ 646.029014][T10706] team_slave_1: entered allmulticast mode [ 646.041557][T10706] bridge0: port 3(team0) entered blocking state [ 646.048141][T10706] bridge0: port 3(team0) entered forwarding state [ 646.135347][ T941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.190446][ T941] usb 5-1: Product: syz [ 646.201442][ T941] usb 5-1: Manufacturer: syz [ 646.216467][ T941] usb 5-1: SerialNumber: syz [ 646.272890][ T5273] gspca_sq930x: reg_r 001f failed -71 [ 646.282884][ T941] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 646.331097][ T5273] sq930x 2-1:0.0: probe with driver sq930x failed with error -71 [ 646.390499][ C0] eth0: bad gso: type: 1, size: 1408 [ 646.413175][ T5273] usb 2-1: USB disconnect, device number 21 [ 646.591932][ T46] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 646.628758][ T29] audit: type=1326 audit(1722138428.677:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10718 comm="syz.2.1468" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7eff04377299 code=0x0 [ 647.691254][ T46] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 647.692155][ T46] ath9k_htc: Failed to initialize the device [ 647.707603][ T9] usb 5-1: USB disconnect, device number 22 [ 647.755390][ T9] usb 5-1: ath9k_htc: USB layer deinitialized [ 648.732825][ T29] audit: type=1326 audit(1722138430.287:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10727 comm="syz.1.1469" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe9fd977299 code=0x0 [ 649.039116][T10730] tipc: Started in network mode [ 649.039188][T10730] tipc: Node identity , cluster identity 4711 [ 649.039200][T10730] tipc: Failed to set node id, please configure manually [ 649.039235][T10730] tipc: Enabling of bearer rejected, failed to enable media [ 649.190056][T10737] ================================================================== [ 649.190070][T10737] BUG: KASAN: slab-use-after-free in filter_chain+0xf6/0x110 [ 649.190108][T10737] Read of size 8 at addr ffff88802233a0b0 by task syz.4.1471/10737 [ 649.190123][T10737] [ 649.190136][T10737] CPU: 0 UID: 0 PID: 10737 Comm: syz.4.1471 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 649.190159][T10737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 649.190174][T10737] Call Trace: [ 649.190181][T10737] [ 649.190187][T10737] dump_stack_lvl+0x116/0x1f0 [ 649.190217][T10737] print_report+0xc3/0x620 [ 649.190243][T10737] ? __virt_addr_valid+0x5e/0x590 [ 649.190263][T10737] ? __phys_addr+0xc6/0x150 [ 649.190281][T10737] kasan_report+0xd9/0x110 [ 649.190303][T10737] ? filter_chain+0xf6/0x110 [ 649.190327][T10737] ? filter_chain+0xf6/0x110 [ 649.190351][T10737] filter_chain+0xf6/0x110 [ 649.190376][T10737] uprobe_mmap+0x46b/0x1240 [ 649.190404][T10737] ? __pfx_uprobe_mmap+0x10/0x10 [ 649.190432][T10737] mmap_region+0x1228/0x2760 [ 649.190458][T10737] ? __pfx_mmap_region+0x10/0x10 [ 649.190485][T10737] ? security_mmap_addr+0x8e/0xb0 [ 649.190510][T10737] ? __get_unmapped_area+0x271/0x3a0 [ 649.190542][T10737] do_mmap+0xbfb/0xfb0 [ 649.190571][T10737] ? security_mmap_file+0x192/0x1d0 [ 649.190600][T10737] vm_mmap_pgoff+0x1ba/0x360 [ 649.190630][T10737] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 649.190659][T10737] ksys_mmap_pgoff+0x332/0x5d0 [ 649.190686][T10737] __x64_sys_mmap+0x125/0x190 [ 649.190703][T10737] do_syscall_64+0xcd/0x250 [ 649.190719][T10737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.190756][T10737] RIP: 0033:0x7f19b5177299 [ 649.190783][T10737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 649.190814][T10737] RSP: 002b:00007f19b5f13048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 649.190842][T10737] RAX: ffffffffffffffda RBX: 00007f19b5305f80 RCX: 00007f19b5177299 [ 649.190864][T10737] RDX: 0000000000000001 RSI: 0000000000003000 RDI: 0000000020000000 [ 649.190883][T10737] RBP: 00007f19b51e48e6 R08: 0000000000000003 R09: 0000000000000000 [ 649.190902][T10737] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 649.190921][T10737] R13: 000000000000000b R14: 00007f19b5305f80 R15: 00007ffcc70f5118 [ 649.190944][T10737] [ 649.190954][T10737] [ 649.190960][T10737] Allocated by task 5230: [ 649.190973][T10737] kasan_save_stack+0x33/0x60 [ 649.191004][T10737] kasan_save_track+0x14/0x30 [ 649.191034][T10737] __kasan_kmalloc+0xaa/0xb0 [ 649.191063][T10737] __get_vm_area_node+0xe1/0x2d0 [ 649.191099][T10737] __vmalloc_node_range_noprof+0x276/0x1520 [ 649.191139][T10737] vzalloc_noprof+0x6b/0x90 [ 649.191176][T10737] do_arpt_get_ctl+0x67a/0x9a0 [ 649.191216][T10737] nf_getsockopt+0x79/0xe0 [ 649.191247][T10737] ip_getsockopt+0x18e/0x1e0 [ 649.191287][T10737] tcp_getsockopt+0x9e/0x100 [ 649.191312][T10737] do_sock_getsockopt+0x2e5/0x760 [ 649.191354][T10737] __sys_getsockopt+0x1a1/0x270 [ 649.191387][T10737] __x64_sys_getsockopt+0xbd/0x160 [ 649.191420][T10737] do_syscall_64+0xcd/0x250 [ 649.191443][T10737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.191473][T10737] [ 649.191477][T10737] Freed by task 5230: [ 649.191489][T10737] kasan_save_stack+0x33/0x60 [ 649.191522][T10737] kasan_save_track+0x14/0x30 [ 649.191555][T10737] kasan_save_free_info+0x3b/0x60 [ 649.191598][T10737] poison_slab_object+0xf7/0x160 [ 649.191628][T10737] __kasan_slab_free+0x32/0x50 [ 649.191659][T10737] kfree+0x12a/0x3b0 [ 649.191684][T10737] vfree+0x25a/0x7a0 [ 649.191718][T10737] do_arpt_get_ctl+0x846/0x9a0 [ 649.191757][T10737] nf_getsockopt+0x79/0xe0 [ 649.191788][T10737] ip_getsockopt+0x18e/0x1e0 [ 649.191824][T10737] tcp_getsockopt+0x9e/0x100 [ 649.191847][T10737] do_sock_getsockopt+0x2e5/0x760 [ 649.191888][T10737] __sys_getsockopt+0x1a1/0x270 [ 649.191920][T10737] __x64_sys_getsockopt+0xbd/0x160 [ 649.191953][T10737] do_syscall_64+0xcd/0x250 [ 649.191975][T10737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.192004][T10737] [ 649.192009][T10737] The buggy address belongs to the object at ffff88802233a080 [ 649.192009][T10737] which belongs to the cache kmalloc-64 of size 64 [ 649.192030][T10737] The buggy address is located 48 bytes inside of [ 649.192030][T10737] freed 64-byte region [ffff88802233a080, ffff88802233a0c0) [ 649.192057][T10737] [ 649.192062][T10737] The buggy address belongs to the physical page: [ 649.192078][T10737] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802233a680 pfn:0x2233a [ 649.192104][T10737] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff) [ 649.192133][T10737] page_type: 0xfdffffff(slab) [ 649.192161][T10737] raw: 00fff00000000200 ffff8880158418c0 ffffea00008d1e10 ffffea0000a4da90 [ 649.192187][T10737] raw: ffff88802233a680 0000000000200017 00000001fdffffff 0000000000000000 [ 649.192204][T10737] page dumped because: kasan: bad access detected [ 649.192219][T10737] page_owner tracks the page as allocated [ 649.192229][T10737] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 12, tgid 12 (kworker/u8:1), ts 10816394870, free_ts 10727983364 [ 649.192270][T10737] post_alloc_hook+0x2d1/0x350 [ 649.192295][T10737] get_page_from_freelist+0x1351/0x2e50 [ 649.192322][T10737] __alloc_pages_noprof+0x22b/0x2460 [ 649.192346][T10737] alloc_slab_page+0x4e/0xf0 [ 649.192372][T10737] new_slab+0x84/0x260 [ 649.192390][T10737] ___slab_alloc+0xdac/0x1870 [ 649.192408][T10737] __slab_alloc.constprop.0+0x56/0xb0 [ 649.192428][T10737] __kmalloc_cache_noprof+0x2b4/0x300 [ 649.192448][T10737] percpu_ref_init+0xd9/0x400 [ 649.192464][T10737] blk_alloc_queue+0x578/0x6b0 [ 649.192488][T10737] blk_mq_alloc_queue+0x1af/0x2f0 [ 649.192516][T10737] scsi_alloc_sdev+0x897/0xd90 [ 649.192539][T10737] scsi_probe_and_add_lun+0x789/0xda0 [ 649.192558][T10737] __scsi_scan_target+0x1ea/0x580 [ 649.192578][T10737] scsi_scan_channel+0x149/0x1e0 [ 649.192597][T10737] scsi_scan_host_selected+0x302/0x400 [ 649.192617][T10737] page last free pid 944 tgid 944 stack trace: [ 649.192628][T10737] free_unref_page+0x64a/0xe40 [ 649.192651][T10737] vfree+0x181/0x7a0 [ 649.192673][T10737] delayed_vfree_work+0x56/0x70 [ 649.192696][T10737] process_one_work+0x9c5/0x1b40 [ 649.192719][T10737] worker_thread+0x6c8/0xf20 [ 649.192740][T10737] kthread+0x2c1/0x3a0 [ 649.192754][T10737] ret_from_fork+0x45/0x80 [ 649.192781][T10737] ret_from_fork_asm+0x1a/0x30 [ 649.192807][T10737] [ 649.192810][T10737] Memory state around the buggy address: [ 649.192818][T10737] ffff888022339f80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 649.192830][T10737] ffff88802233a000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 649.192841][T10737] >ffff88802233a080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 649.192851][T10737] ^ [ 649.192859][T10737] ffff88802233a100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 649.192871][T10737] ffff88802233a180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 649.192880][T10737] ================================================================== [ 649.221326][T10737] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 649.221344][T10737] CPU: 0 UID: 0 PID: 10737 Comm: syz.4.1471 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 [ 649.221367][T10737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 649.221379][T10737] Call Trace: [ 649.221386][T10737] [ 649.221393][T10737] dump_stack_lvl+0x3d/0x1f0 [ 649.221423][T10737] panic+0x6f5/0x7a0 [ 649.221443][T10737] ? __pfx_panic+0x10/0x10 [ 649.221463][T10737] ? preempt_schedule_thunk+0x1a/0x30 [ 649.221480][T10737] ? preempt_schedule_common+0x44/0xc0 [ 649.221504][T10737] check_panic_on_warn+0xab/0xb0 [ 649.221522][T10737] end_report+0x117/0x180 [ 649.221542][T10737] kasan_report+0xe9/0x110 [ 649.221561][T10737] ? filter_chain+0xf6/0x110 [ 649.221583][T10737] ? filter_chain+0xf6/0x110 [ 649.221604][T10737] filter_chain+0xf6/0x110 [ 649.221626][T10737] uprobe_mmap+0x46b/0x1240 [ 649.221650][T10737] ? __pfx_uprobe_mmap+0x10/0x10 [ 649.221674][T10737] mmap_region+0x1228/0x2760 [ 649.221698][T10737] ? __pfx_mmap_region+0x10/0x10 [ 649.221720][T10737] ? security_mmap_addr+0x8e/0xb0 [ 649.221743][T10737] ? __get_unmapped_area+0x271/0x3a0 [ 649.221770][T10737] do_mmap+0xbfb/0xfb0 [ 649.221791][T10737] ? security_mmap_file+0x192/0x1d0 [ 649.221813][T10737] vm_mmap_pgoff+0x1ba/0x360 [ 649.221835][T10737] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 649.221857][T10737] ksys_mmap_pgoff+0x332/0x5d0 [ 649.221878][T10737] __x64_sys_mmap+0x125/0x190 [ 649.221893][T10737] do_syscall_64+0xcd/0x250 [ 649.221908][T10737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.221927][T10737] RIP: 0033:0x7f19b5177299 [ 649.221939][T10737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 649.221955][T10737] RSP: 002b:00007f19b5f13048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 649.221970][T10737] RAX: ffffffffffffffda RBX: 00007f19b5305f80 RCX: 00007f19b5177299 [ 649.221981][T10737] RDX: 0000000000000001 RSI: 0000000000003000 RDI: 0000000020000000 [ 649.221991][T10737] RBP: 00007f19b51e48e6 R08: 0000000000000003 R09: 0000000000000000 [ 649.222001][T10737] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 649.222011][T10737] R13: 000000000000000b R14: 00007f19b5305f80 R15: 00007ffcc70f5118 [ 649.222023][T10737] [ 649.222302][T10737] Kernel Offset: disabled