last executing test programs: 7.790246359s ago: executing program 0 (id=1307): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/timer_list\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0f00030000b6cd31d4696a00"/26, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x50) readahead(0xffffffffffffffff, 0x7, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) fsopen(&(0x7f0000000000)='gfs2meta\x00', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) symlinkat(&(0x7f0000001040)='./cgroup\x00', 0xffffffffffffffff, &(0x7f0000000340)='./file0/file0\x00') r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOCTL_START_ACCEL_DEV(r3, 0x40096102, &(0x7f0000000180)={{}, 0x6}) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendfile(r1, r0, 0x0, 0x20000023893) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100), 0xa000, 0x0) r4 = semget$private(0x0, 0x6, 0x0) semtimedop(r4, &(0x7f0000000180)=[{0x0, 0xffe}], 0x1, 0x0) semtimedop(r4, &(0x7f0000000040)=[{}], 0x1, 0x0) semop(r4, &(0x7f0000000080)=[{0x0, 0x4, 0x800}, {0x2}], 0x2) llistxattr(&(0x7f00000001c0)='./file2\x00', &(0x7f00000003c0)=""/92, 0xffffffffffffffcb) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r5, 0x400448e1, &(0x7f0000000240)={0x0, 0x0, "be5eec", 0x0, 0xff}) mount(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='erofs\x00', 0x200000, 0x0) 6.842119806s ago: executing program 0 (id=1311): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000500)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x200f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) 3.532751394s ago: executing program 0 (id=1330): bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x2, 0x3, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x18, 0x2d, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x4, 0x18, 0x0, 0x0, @binary}]}, 0x18}}, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) 3.487034053s ago: executing program 1 (id=1331): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x31008003, 0xfffe}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000009, 0x12, r4, 0x0) 3.353941662s ago: executing program 1 (id=1332): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00') r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x10e, &(0x7f00000003c0)={0x0, 0x8380, 0x0, 0x0, 0x805}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0xa8}) io_uring_enter(r1, 0x3516, 0xdbaa, 0x0, 0x0, 0x0) 2.678507781s ago: executing program 3 (id=1336): socket$kcm(0x10, 0x100000000002, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x281c2, 0x0) fcntl$setlease(r0, 0x400, 0x1) openat$dir(0xffffffffffffff9c, 0x0, 0x101000, 0x59) r1 = fsopen(&(0x7f0000000000)='bpf\x00', 0x0) r2 = fsmount(r1, 0x1, 0x2) fchdir(r2) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0) 2.672774998s ago: executing program 1 (id=1337): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/timer_list\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0f00030000b6cd31d4696a00"/26, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x50) readahead(0xffffffffffffffff, 0x7, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) fsopen(&(0x7f0000000000)='gfs2meta\x00', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) read$msr(0xffffffffffffffff, 0x0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) symlinkat(&(0x7f0000001040)='./cgroup\x00', 0xffffffffffffffff, &(0x7f0000000340)='./file0/file0\x00') r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOCTL_START_ACCEL_DEV(r2, 0x40096102, &(0x7f0000000180)={{}, 0x6}) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendfile(r1, r0, 0x0, 0x20000023893) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100), 0xa000, 0x0) r3 = semget$private(0x0, 0x6, 0x0) semtimedop(r3, &(0x7f0000000180)=[{0x0, 0xffe}], 0x1, 0x0) semtimedop(r3, &(0x7f0000000040)=[{}], 0x1, 0x0) semop(r3, &(0x7f0000000080)=[{0x0, 0x4, 0x800}, {0x2}], 0x2) llistxattr(&(0x7f00000001c0)='./file2\x00', &(0x7f00000003c0)=""/92, 0xffffffffffffffcb) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r4, 0x400448e1, &(0x7f0000000240)={0x0, 0x0, "be5eec", 0x0, 0xff}) mount(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='erofs\x00', 0x200000, 0x0) 2.142056421s ago: executing program 3 (id=1339): gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r1, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 2.044934558s ago: executing program 2 (id=1341): r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendto$inet(r0, &(0x7f00000016c0)="ab", 0x1, 0x18844, &(0x7f0000001440)={0x2, 0x4e22, @local}, 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000280)='\x00', 0x1}, {0x0}], 0x2, &(0x7f0000001680)=ANY=[@ANYBLOB="200000000000000084000000020000000000410000000000000000", @ANYRES32=0x0, @ANYBLOB='0\x00\x00'], 0x50}, 0x0) 1.888203132s ago: executing program 0 (id=1342): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() syz_pidfd_open(r0, 0x0) io_setup(0x5, &(0x7f00000002c0)) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000000580)=""/102400, 0x19000) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r3, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x800}) ioctl$IOMMU_IOAS_COPY(r2, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r3, r3, 0x3, 0xfffffffffffffffa, 0x3fff}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000280)={0x48, 0x2, r3}) ptrace$getenv(0x4201, r0, 0xcc0, 0x0) 1.545927569s ago: executing program 4 (id=1344): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="80000000000205000000000000000000020000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000240003801400018008000100ac1414aa08000200ac1414fb0c000280050001000000000024"], 0x80}}, 0x0) 1.526479949s ago: executing program 2 (id=1345): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200000008000300ac1414aa0800060001"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x4040004) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1], 0x14}}, 0x0) 1.499151443s ago: executing program 4 (id=1346): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket$inet6(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x1d9}, &(0x7f0000000240)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_setup(0x0, &(0x7f0000000300)={0x0, 0x0, 0x8000, 0x0, 0x6, 0x0, r0}, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000300)=ANY=[@ANYBLOB='\a'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE) io_uring_enter(r0, 0x2d3c, 0x0, 0x0, 0x0, 0x0) 1.467213971s ago: executing program 2 (id=1347): socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0xa0000, 0x0) r0 = epoll_create1(0x80000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0xa0000004}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0xa0000001}) poll(&(0x7f00000000c0)=[{r2, 0x1009}], 0x1, 0x8000007) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6}]}) socket$inet(0x2, 0x3, 0x2) close_range(r3, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) 1.450960905s ago: executing program 0 (id=1348): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) accept4(r0, 0x0, 0x0, 0x800) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_io_uring_submit(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="24000000021401006abd700002dcdf2508000100000000000900020073797a32000000007f9f108cffca6623b74202a42fc9acd30a4974b7cc30501aeb4f", @ANYBLOB="3e8829a2ef3805450119be0487ac516d1db5b3885045b39e75de3700b6720ab22154a65e7d4b80ac53283d241622950076d234ee", @ANYRES32=r2], 0x29}, 0x1, 0x0, 0x0, 0x14000801}, 0x40810) iopl(0x3) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) process_vm_writev(0x0, &(0x7f0000000000)=[{0x0}], 0x1, &(0x7f0000121000), 0x0, 0x0) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x4000, 0x4, &(0x7f0000b22000/0x4000)=nil) socket$tipc(0x1e, 0x2, 0x0) syz_clone3(&(0x7f0000000300)={0x120100200, &(0x7f0000000040), 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58) pselect6(0x40, &(0x7f0000000100)={0x2, 0x0, 0xfffffffffffffff8, 0x0, 0x1, 0x10}, 0x0, &(0x7f0000000240)={0x1f, 0xc, 0x715, 0x8000000000000000, 0x0, 0x80000000000003, 0x800, 0x20000}, 0x0, 0x0) 1.397802179s ago: executing program 4 (id=1349): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x89}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xd4}, 0x1, 0x0, 0x0, 0x88}, 0x0) 1.094506965s ago: executing program 4 (id=1350): socket$kcm(0x10, 0x100000000002, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x281c2, 0x0) fcntl$setlease(r0, 0x400, 0x1) openat$dir(0xffffffffffffff9c, 0x0, 0x101000, 0x59) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(0xffffffffffffffff, 0x1, 0x2) fchdir(r1) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0) 1.093404714s ago: executing program 3 (id=1351): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000480)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a00"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{}, 0x0, &(0x7f0000000080)}, 0x20) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 1.08846606s ago: executing program 1 (id=1352): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10000008, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getgroups(0x0, 0x0) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c00000013000100000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="28150000020000000c001aab0600058004c601"], 0x2c}, 0x1, 0x0, 0x0, 0x4048904}, 0x4) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 1.014879918s ago: executing program 4 (id=1353): syz_emit_ethernet(0x3a, &(0x7f00000000c0)={@local, @remote, @val={@void, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @multicast1}, {{0xfffc, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 1.003179954s ago: executing program 0 (id=1354): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) 688.081686ms ago: executing program 3 (id=1355): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x989, 0x0, 0x10}, 0x9c) sendmmsg$inet6(r0, &(0x7f0000003f00)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000140)="06", 0x1}, {&(0x7f0000000400)="365c3cf89c8b1f68368086c98765cb87e41f397688501a17c5ada71ef70477382d5822bafd1493f049b38b7e99815a99ec773279c8040af533ff0e796950fe3372d37ec5293443787e68d258ff48f0b5f4ed0889bab7bdef79c560fd50296ae3556ea77e143c7abade86e78f643cf6d0edce8cb26c14cf865cfa8c097ef6ee34f6", 0x81}, {&(0x7f00000004c0)="34e760bc5bc952b5d8d7c1c627b13c5fcfec0819e651ec17d8c33e9edc5c3c78b21c1b6d281e1718c491d8a06eeae011a4f7786215409fcd633d2b96fad4544e8030fd31b09fa0189be131e1ca536db30b428196ce21bae3c8eb81bcf4ee9c7c2fa368f53ffa7729d86718fe615315aebee7eac3a02eb2a8324a1f9b59f61f146f6f7e6c663a8fbf47d3bffe3a8026bbde59feef4a9d5f90c2ae73f03407b0bb8f85567ef0204eb9da485c7e400b9bc829f44e6761e6362214b0bc9ca9d516f696cf313b49a976e5d22caff53ed4c11d59a5798861293b10d281092f117ab092", 0xe0}, {&(0x7f00000005c0)="ccaf250bd6294995881741623bee95178cca70185ec0daf503fa55d79d8ae6480f1f5d4d23ad0fa4a17d62b0c057827999fc0b9e085ea5d92a71", 0x3a}], 0x4}}], 0x1, 0x0) 668.393631ms ago: executing program 4 (id=1356): syz_usb_connect$uac1(0x69a90eab3db9c902, 0x88, &(0x7f0000000280)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x3, 0x1, 0x4, 0xa0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xfff7, 0x7}, [@selector_unit={0x5, 0x24, 0x5, 0x6, 0x2}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0xff, 0xc8, 0x3, {0x7, 0x25, 0x1, 0x0, 0x4, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x6, 0x1, 0x8, 0x1, "3a3882"}, @as_header={0x7, 0x24, 0x1, 0x1, 0xc0, 0x5}]}, {{0x9, 0x5, 0x82, 0x9, 0x50, 0x5, 0x8, 0x41, {0x7, 0x25, 0x1, 0x82, 0xfe, 0x7}}}}}}}]}}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) 567.404284ms ago: executing program 3 (id=1357): r0 = getpid() syz_pidfd_open(r0, 0x0) io_setup(0x5, &(0x7f00000002c0)=0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r1, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r3, &(0x7f0000000580)=""/102400, 0x19000) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r5, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x800}) ioctl$IOMMU_IOAS_COPY(r4, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r5, r5, 0x3, 0xfffffffffffffffa, 0x3fff}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000280)={0x48, 0x2, r5}) ptrace$getenv(0x4201, r0, 0xcc0, 0x0) 488.908743ms ago: executing program 2 (id=1358): syz_emit_ethernet(0x86, 0x0, 0x0) r0 = socket$inet(0x2, 0x800, 0x6) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) setsockopt$TIPC_GROUP_LEAVE(0xffffffffffffffff, 0x10f, 0x88) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setattr(0x0, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) fsopen(&(0x7f00000000c0)='devpts\x00', 0x1) ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0xfffff001, 0x6, 0x18, "5cadf0fa59ebc3cef90ac43c5c135252e5d962"}) ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000040)={0x5, 0xf7af, 0x8000, 0x8, 0x0, "4cb8b210acdc716f64cf76062d59a56f2584c4"}) setsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f0000000100)={@dev={0xac, 0x14, 0x14, 0x44}, @remote, @remote}, 0xc) 137.831031ms ago: executing program 1 (id=1359): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) 69.225693ms ago: executing program 2 (id=1360): r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a0018000000007f000000001c005a"], 0x4c}}, 0x0) 46.964175ms ago: executing program 1 (id=1361): timer_create(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r2, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c) connect$rose(r2, &(0x7f0000000240)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x1, @null}, 0x1c) 6.243879ms ago: executing program 3 (id=1362): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) recvmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0) 0s ago: executing program 2 (id=1363): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x3f}, @NFTA_SET_EXPRESSIONS={0x4}, @NFTA_SET_USERDATA={0x5, 0xd, 0x1, 0x0, '\r'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x90}, 0x1, 0x0, 0x0, 0x8000}, 0x20050800) kernel console output (not intermixed with test programs): type=1400 audit(1746369967.597:187): avc: denied { setopt } for pid=5943 comm="syz.4.16" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 69.191723][ T5961] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 69.546998][ T5968] lo speed is unknown, defaulting to 1000 [ 69.553586][ T5968] lo speed is unknown, defaulting to 1000 [ 69.567927][ T5968] lo speed is unknown, defaulting to 1000 [ 69.618592][ T5968] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 69.745380][ T5968] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 69.907025][ T5976] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 69.914486][ T5976] IPv6: NLM_F_CREATE should be set when creating new route [ 69.921735][ T5976] IPv6: NLM_F_CREATE should be set when creating new route [ 70.409774][ T5968] lo speed is unknown, defaulting to 1000 [ 70.419176][ T5968] lo speed is unknown, defaulting to 1000 [ 70.436203][ T5968] lo speed is unknown, defaulting to 1000 [ 70.527027][ T5968] lo speed is unknown, defaulting to 1000 [ 70.529213][ T5814] IPVS: starting estimator thread 0... [ 70.542305][ T5968] lo speed is unknown, defaulting to 1000 [ 70.578298][ T5982] lo speed is unknown, defaulting to 1000 [ 70.703127][ T5814] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 70.753025][ T5983] IPVS: using max 45 ests per chain, 108000 per kthread [ 70.935502][ T5814] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 70.946735][ T5814] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 70.997466][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.002811][ T5814] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 71.004009][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.087843][ T5814] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.163405][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 71.163418][ T30] audit: type=1400 audit(1746370199.555:205): avc: denied { connect } for pid=5966 comm="syz.4.23" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 71.219178][ T5814] usb 2-1: config 0 descriptor?? [ 71.235154][ T30] audit: type=1400 audit(1746370199.595:206): avc: denied { create } for pid=5991 comm="syz.2.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 71.280210][ T30] audit: type=1400 audit(1746370199.655:207): avc: denied { map } for pid=5991 comm="syz.2.30" path="socket:[7800]" dev="sockfs" ino=7800 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 71.318152][ T30] audit: type=1400 audit(1746370199.655:208): avc: denied { read } for pid=5991 comm="syz.2.30" path="socket:[7800]" dev="sockfs" ino=7800 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 71.352815][ T5997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 71.437726][ T5999] netlink: 5 bytes leftover after parsing attributes in process `syz.0.31'. [ 71.725583][ T5981] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.734471][ T5981] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.750963][ T5989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 71.765090][ T5814] Bluetooth: Can't get state to change to load ram patch err [ 71.796196][ T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 71.814137][ T5814] Bluetooth: Loading patch file failed [ 71.828383][ T5814] ath3k 2-1:0.0: probe with driver ath3k failed with error -71 [ 71.865378][ T30] audit: type=1400 audit(1746370199.825:209): avc: denied { connect } for pid=5994 comm="syz.0.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 71.885497][ T5989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 71.897512][ T5814] usb 2-1: USB disconnect, device number 3 [ 72.222243][ T24] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 72.358461][ T30] audit: type=1400 audit(1746370200.115:210): avc: denied { create } for pid=5980 comm="syz.1.27" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 72.412189][ T30] audit: type=1400 audit(1746370200.125:211): avc: denied { write } for pid=5980 comm="syz.1.27" path="socket:[8472]" dev="sockfs" ino=8472 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 72.438412][ T30] audit: type=1400 audit(1746370200.125:212): avc: denied { nlmsg_read } for pid=5980 comm="syz.1.27" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 72.873558][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 72.873703][ T30] audit: type=1400 audit(1746370200.675:213): avc: denied { write } for pid=5966 comm="syz.4.23" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 72.884703][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 72.930097][ T24] usb 3-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 72.939410][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.990612][ T24] usb 3-1: Product: syz [ 72.999613][ T24] usb 3-1: Manufacturer: syz [ 73.005912][ T24] usb 3-1: SerialNumber: syz [ 73.019823][ T24] usb 3-1: config 0 descriptor?? [ 73.088267][ T6008] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 73.292983][ T5814] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 73.307402][ T30] audit: type=1400 audit(1746370201.705:214): avc: denied { write } for pid=5991 comm="syz.2.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 73.430342][ T6018] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 73.468985][ T6016] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 73.490623][ T6016] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 73.497891][ T5814] usb 2-1: config 1 interface 0 has no altsetting 0 [ 73.519370][ T5814] usb 2-1: New USB device found, idVendor=05ac, idProduct=0236, bcdDevice= 0.40 [ 73.535707][ T5814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.541819][ T5814] usb 2-1: Product: syz [ 74.562567][ T5814] usb 2-1: Manufacturer: syz [ 74.581410][ T5814] usb 2-1: SerialNumber: syz [ 75.180422][ T5814] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input6 [ 75.189268][ T6039] FAULT_INJECTION: forcing a failure. [ 75.189268][ T6039] name failslab, interval 1, probability 0, space 0, times 1 [ 75.226333][ T6039] CPU: 1 UID: 0 PID: 6039 Comm: syz.0.44 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) [ 75.226363][ T6039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 75.226372][ T6039] Call Trace: [ 75.226378][ T6039] [ 75.226383][ T6039] dump_stack_lvl+0x16c/0x1f0 [ 75.226408][ T6039] should_fail_ex+0x512/0x640 [ 75.226430][ T6039] should_failslab+0xc2/0x120 [ 75.226447][ T6039] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 75.226472][ T6039] ? skb_clone+0x190/0x3f0 [ 75.226492][ T6039] skb_clone+0x190/0x3f0 [ 75.226508][ T6039] netlink_deliver_tap+0xabd/0xd30 [ 75.226531][ T6039] netlink_unicast+0x6b2/0x7f0 [ 75.226552][ T6039] ? __pfx_netlink_unicast+0x10/0x10 [ 75.226569][ T6039] ? genl_rcv_msg+0x4bb/0x800 [ 75.226596][ T6039] netlink_ack+0x696/0xb80 [ 75.226621][ T6039] netlink_rcv_skb+0x347/0x440 [ 75.226638][ T6039] ? __pfx_genl_rcv_msg+0x10/0x10 [ 75.226658][ T6039] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 75.226687][ T6039] ? __pfx_down_read+0x10/0x10 [ 75.226710][ T6039] ? netlink_deliver_tap+0x1ae/0xd30 [ 75.226730][ T6039] genl_rcv+0x28/0x40 [ 75.226747][ T6039] netlink_unicast+0x53a/0x7f0 [ 75.226772][ T6039] ? __pfx_netlink_unicast+0x10/0x10 [ 75.226796][ T6039] netlink_sendmsg+0x8d1/0xdd0 [ 75.226817][ T6039] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.226843][ T6039] ____sys_sendmsg+0xa95/0xc70 [ 75.226864][ T6039] ? copy_msghdr_from_user+0x10a/0x160 [ 75.226880][ T6039] ? __pfx_____sys_sendmsg+0x10/0x10 [ 75.226910][ T6039] ___sys_sendmsg+0x134/0x1d0 [ 75.226927][ T6039] ? __pfx____sys_sendmsg+0x10/0x10 [ 75.226971][ T6039] __sys_sendmsg+0x16d/0x220 [ 75.226986][ T6039] ? __pfx___sys_sendmsg+0x10/0x10 [ 75.227017][ T6039] do_syscall_64+0xcd/0x260 [ 75.227039][ T6039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.227054][ T6039] RIP: 0033:0x7f0ace98e969 [ 75.227066][ T6039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.227079][ T6039] RSP: 002b:00007f0acf811038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.227095][ T6039] RAX: ffffffffffffffda RBX: 00007f0acebb6160 RCX: 00007f0ace98e969 [ 75.227104][ T6039] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 75.227113][ T6039] RBP: 00007f0acf811090 R08: 0000000000000000 R09: 0000000000000000 [ 75.227121][ T6039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 75.227129][ T6039] R13: 0000000000000001 R14: 00007f0acebb6160 R15: 00007ffd04d34ac8 [ 75.227150][ T6039] [ 76.586066][ T80] cfg80211: failed to load regulatory.db [ 76.893101][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 76.893119][ T30] audit: type=1400 audit(1746370204.395:223): avc: denied { ioctl } for pid=6004 comm="syz.1.33" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=8554 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 76.924769][ C0] vkms_vblank_simulate: vblank timer overrun [ 77.019106][ T30] audit: type=1400 audit(1746370204.415:224): avc: denied { ioctl } for pid=5169 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=2732 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 77.044009][ C0] vkms_vblank_simulate: vblank timer overrun [ 77.303879][ T6065] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 77.353918][ T3072] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 77.845989][ T6065] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 77.972856][ T5169] bcm5974 2-1:1.0: could not read from device [ 78.153080][ T5814] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 78.282481][ T3072] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 78.371410][ T5814] usb 5-1: config 0 has no interfaces? [ 78.379741][ T3072] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 78.400622][ T5827] bcm5974 2-1:1.0: could not read from device [ 78.422267][ T3072] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 78.448980][ T3072] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 78.469511][ T5169] bcm5974 2-1:1.0: could not read from device [ 78.476341][ T5814] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 78.593626][ T5814] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.602408][ T5814] usb 5-1: Product: syz [ 78.662114][ T5814] usb 5-1: Manufacturer: syz [ 78.667402][ T3072] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 78.687898][ T80] usb 2-1: USB disconnect, device number 4 [ 78.698804][ T5814] usb 5-1: SerialNumber: syz [ 78.699149][ T5169] bcm5974 2-1:1.0: could not read from device [ 78.829919][ T5814] usb 5-1: config 0 descriptor?? [ 78.905289][ T3072] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.943187][ T5827] bcm5974 2-1:1.0: could not read from device [ 78.954999][ T3072] usb 1-1: config 0 descriptor?? [ 79.176558][ T6087] veth1_to_bond: entered allmulticast mode [ 79.188042][ T6087] veth1_to_bond: left allmulticast mode [ 79.471523][ T30] audit: type=1400 audit(1746370207.565:225): avc: denied { ioctl } for pid=6083 comm="syz.3.57" path="socket:[8604]" dev="sockfs" ino=8604 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 79.580983][ T6075] Zero length message leads to an empty skb [ 79.622683][ T5827] udevd[5827]: Error opening device "/dev/input/event4": Input/output error [ 79.626954][ T30] audit: type=1400 audit(1746370207.985:226): avc: denied { read write } for pid=6067 comm="syz.4.54" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 79.694626][ T5827] udevd[5827]: Unable to EVIOCGABS device "/dev/input/event4" [ 79.764873][ T30] audit: type=1400 audit(1746370207.985:227): avc: denied { open } for pid=6067 comm="syz.4.54" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 79.781814][ T5827] udevd[5827]: Unable to EVIOCGABS device "/dev/input/event4" [ 79.829529][ T5827] udevd[5827]: Unable to EVIOCGABS device "/dev/input/event4" [ 79.853698][ T5827] udevd[5827]: Unable to EVIOCGABS device "/dev/input/event4" [ 80.511902][ T3072] plantronics 0003:047F:FFFF.0001: ignoring exceeding usage max [ 80.524411][ T30] audit: type=1400 audit(1746370208.595:228): avc: denied { write } for pid=6059 comm="syz.0.51" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 80.603525][ T3072] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 80.830552][ T3072] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 82.008837][ T5858] usb 5-1: USB disconnect, device number 2 [ 82.021013][ T5814] usb 1-1: USB disconnect, device number 2 [ 82.162682][ T30] audit: type=1400 audit(1746370210.555:229): avc: denied { setopt } for pid=6101 comm="syz.3.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 83.258963][ T6122] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 83.331897][ T6122] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 83.492934][ T5125] block nbd0: Receive control failed (result -32) [ 83.793170][ T24] iguanair 3-1:0.0: failed to get version [ 83.801844][ T24] iguanair 3-1:0.0: probe with driver iguanair failed with error -110 [ 83.967020][ T24] usb 3-1: USB disconnect, device number 2 [ 84.969892][ T30] audit: type=1400 audit(1746370213.365:230): avc: denied { sys_module } for pid=6140 comm="syz.1.74" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 85.749431][ T6160] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 85.771628][ T6151] bridge_slave_0: left allmulticast mode [ 85.916704][ T6151] bridge_slave_0: left promiscuous mode [ 86.286702][ T6151] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.358215][ T30] audit: type=1400 audit(1746370214.755:231): avc: denied { create } for pid=6156 comm="syz.4.77" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 86.553770][ T6169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.75'. [ 86.590539][ T30] audit: type=1400 audit(1746370214.805:232): avc: denied { write } for pid=6156 comm="syz.4.77" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 86.626966][ T6151] bridge_slave_1: left allmulticast mode [ 86.632656][ T6151] bridge_slave_1: left promiscuous mode [ 86.683018][ T6151] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.727346][ T6151] bond0: (slave bond_slave_0): Releasing backup interface [ 86.755841][ T30] audit: type=1400 audit(1746370214.805:233): avc: denied { nlmsg_write } for pid=6156 comm="syz.4.77" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 86.813469][ T6151] bond0: (slave bond_slave_1): Releasing backup interface [ 86.992888][ T6151] team0: Port device team_slave_0 removed [ 87.091592][ T6151] team0: Port device team_slave_1 removed [ 87.151290][ T6151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 87.176453][ T6151] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 87.235851][ T6151] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 87.293284][ T6151] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 87.350688][ T3072] lo speed is unknown, defaulting to 1000 [ 87.358249][ T6158] team0: Mode changed to "loadbalance" [ 87.676838][ T30] audit: type=1400 audit(1746370216.075:234): avc: denied { create } for pid=6172 comm="syz.3.80" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 87.942916][ T5858] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 88.404355][ T5858] usb 4-1: config index 0 descriptor too short (expected 58148, got 36) [ 88.477463][ T5858] usb 4-1: config 134 has too many interfaces: 192, using maximum allowed: 32 [ 88.519306][ T5858] usb 4-1: config 134 has an invalid descriptor of length 1, skipping remainder of the config [ 88.613214][ T5858] usb 4-1: config 134 has 0 interfaces, different from the descriptor's value: 192 [ 88.623905][ T5858] usb 4-1: New USB device found, idVendor=056a, idProduct=0064, bcdDevice= 0.00 [ 88.680517][ T6181] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 88.691806][ T6181] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 88.728707][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=4 [ 88.783803][ T5858] usb 4-1: SerialNumber: syz [ 88.802201][ T30] audit: type=1400 audit(1746370217.195:235): avc: denied { read write } for pid=6185 comm="syz.4.84" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 88.907444][ T30] audit: type=1400 audit(1746370217.195:236): avc: denied { open } for pid=6185 comm="syz.4.84" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 88.943452][ T30] audit: type=1400 audit(1746370217.235:237): avc: denied { ioctl } for pid=6185 comm="syz.4.84" path="/dev/uinput" dev="devtmpfs" ino=920 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 88.980000][ T30] audit: type=1400 audit(1746370217.375:238): avc: denied { unmount } for pid=5807 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 89.108543][ T30] audit: type=1400 audit(1746370217.395:239): avc: denied { create } for pid=6185 comm="syz.4.84" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 89.898462][ T6200] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 90.701828][ T30] audit: type=1400 audit(1746370217.395:240): avc: denied { bind } for pid=6185 comm="syz.4.84" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 90.847239][ T30] audit: type=1400 audit(1746370217.395:241): avc: denied { listen } for pid=6185 comm="syz.4.84" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 91.081940][ T30] audit: type=1400 audit(1746370217.425:242): avc: denied { rename } for pid=6172 comm="syz.3.80" name="file0" dev="tmpfs" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 91.290200][ T30] audit: type=1400 audit(1746370217.675:243): avc: denied { create } for pid=6188 comm="syz.2.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 91.329162][ T6207] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 91.749275][ T6215] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 92.759761][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 92.759777][ T30] audit: type=1400 audit(1746370221.155:246): avc: denied { wake_alarm } for pid=6224 comm="syz.4.94" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 92.927868][ T5858] usb 4-1: USB disconnect, device number 3 [ 92.939986][ T30] audit: type=1400 audit(1746370221.335:247): avc: denied { ioctl } for pid=6229 comm="syz.2.96" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 93.063040][ T6235] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 93.073787][ T30] audit: type=1400 audit(1746370221.455:248): avc: denied { mount } for pid=6231 comm="syz.0.97" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 93.076707][ T6235] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 93.130472][ T30] audit: type=1400 audit(1746370221.525:249): avc: denied { unlink } for pid=5812 comm="syz-executor" name="file1" dev="tmpfs" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 94.483877][ T6248] tmpfs: Unknown parameter 'smackfstransmute' [ 94.507772][ T30] audit: type=1400 audit(1746370222.895:250): avc: denied { read } for pid=6245 comm="syz.1.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 94.565956][ T30] audit: type=1400 audit(1746370222.955:251): avc: denied { mount } for pid=6243 comm="syz.2.103" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 94.603848][ T6253] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 95.121791][ T30] audit: type=1400 audit(1746370223.145:252): avc: denied { unmount } for pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 95.599011][ T6267] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 116.170063][ T6288] netlink: 40 bytes leftover after parsing attributes in process `syz.4.112'. [ 116.285370][ T6282] 9pnet_fd: Insufficient options for proto=fd [ 116.625449][ T6293] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 116.675595][ T6293] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 116.678486][ T6287] bridge_slave_0: left allmulticast mode [ 116.845493][ T6287] bridge_slave_0: left promiscuous mode [ 116.891820][ T6287] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.527356][ T6287] bridge_slave_1: left allmulticast mode [ 117.590806][ T6302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.109'. [ 117.602406][ T30] audit: type=1400 audit(1746370475.003:253): avc: denied { read } for pid=6304 comm="syz.4.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 117.626990][ T6287] bridge_slave_1: left promiscuous mode [ 117.639651][ T6287] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.656369][ T30] audit: type=1400 audit(1746370475.063:254): avc: denied { getopt } for pid=6304 comm="syz.4.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 117.685675][ T6287] bond0: (slave bond_slave_0): Releasing backup interface [ 117.725275][ T6287] bond0: (slave bond_slave_1): Releasing backup interface [ 117.773745][ T6287] team0: Port device team_slave_0 removed [ 117.795823][ T6287] team0: Port device team_slave_1 removed [ 117.807135][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.815213][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 117.826031][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.834169][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.868442][ T6299] team0: Mode changed to "loadbalance" [ 118.201352][ T6295] lo speed is unknown, defaulting to 1000 [ 119.070227][ T6325] netlink: 156 bytes leftover after parsing attributes in process `syz.3.119'. [ 119.582857][ T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 120.122622][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 120.186860][ T24] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 120.195847][ T24] usb 1-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 120.211858][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.222614][ T24] usb 1-1: config 0 descriptor?? [ 120.287333][ T6335] netlink: 40 bytes leftover after parsing attributes in process `syz.1.123'. [ 120.463400][ T6329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.472141][ T6329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.490378][ T24] Bluetooth: Can't get state to change to load ram patch err [ 120.652834][ T24] Bluetooth: Loading patch file failed [ 120.658357][ T24] ath3k 1-1:0.0: probe with driver ath3k failed with error -71 [ 120.682832][ T24] usb 1-1: USB disconnect, device number 3 [ 120.944054][ T30] audit: type=1400 audit(1746370478.343:255): avc: denied { create } for pid=6348 comm="syz.1.129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 120.998138][ T6349] overlayfs: failed to resolve './file0': -2 [ 121.230349][ T30] audit: type=1400 audit(1746370478.623:256): avc: denied { write } for pid=6348 comm="syz.1.129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 121.686921][ T6356] 9pnet_fd: Insufficient options for proto=fd [ 122.389918][ T6360] lo speed is unknown, defaulting to 1000 [ 123.008242][ T6370] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.257104][ T30] audit: type=1400 audit(1746370709.616:257): avc: denied { ioctl } for pid=6367 comm="syz.4.134" path="socket:[10417]" dev="sockfs" ino=10417 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 123.310102][ T6373] netlink: 16 bytes leftover after parsing attributes in process `syz.1.136'. [ 124.469428][ T6385] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 124.499290][ T6389] netlink: 156 bytes leftover after parsing attributes in process `syz.4.138'. [ 124.951935][ T6398] netlink: 8 bytes leftover after parsing attributes in process `syz.0.143'. [ 124.971547][ T6398] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 124.985064][ T6398] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 125.072859][ T30] audit: type=1400 audit(1746370711.386:258): avc: denied { firmware_load } for pid=6392 comm="syz.0.143" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 129.122935][ T3072] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 129.124507][ T6458] netlink: 16 bytes leftover after parsing attributes in process `syz.3.162'. [ 129.545210][ T3072] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 129.572873][ T3072] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 129.598328][ T3072] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 129.621971][ T3072] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 129.929269][ T3072] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 129.959110][ T3072] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.004709][ T3072] usb 3-1: config 0 descriptor?? [ 130.593745][ T30] audit: type=1400 audit(1746370716.966:259): avc: denied { relabelfrom } for pid=6475 comm="syz.4.167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 131.126339][ T30] audit: type=1400 audit(1746370716.976:260): avc: denied { relabelto } for pid=6475 comm="syz.4.167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 131.170585][ T30] audit: type=1400 audit(1746370717.566:261): avc: denied { setopt } for pid=6483 comm="syz.0.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 131.226658][ T30] audit: type=1400 audit(1746370717.626:262): avc: denied { write } for pid=6485 comm="syz.0.170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 131.505529][ T30] audit: type=1400 audit(1746370717.906:263): avc: denied { shutdown } for pid=6499 comm="syz.3.176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 131.804588][ T30] audit: type=1400 audit(1746370718.206:264): avc: denied { bind } for pid=6513 comm="syz.4.181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 132.243707][ T3072] usbhid 3-1:0.0: can't add hid device: -71 [ 132.250810][ T3072] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 132.283618][ T3072] usb 3-1: USB disconnect, device number 3 [ 132.427406][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.441326][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.078646][ T30] audit: type=1400 audit(1746370719.476:265): avc: denied { create } for pid=6581 comm="syz.3.214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 133.560327][ T30] audit: type=1400 audit(1746370719.956:266): avc: denied { create } for pid=6615 comm="syz.3.231" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 134.217939][ T30] audit: type=1400 audit(1746370720.616:267): avc: denied { setattr } for pid=6656 comm="syz.1.252" name="" dev="pipefs" ino=11393 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 134.435792][ T6673] netlink: 24 bytes leftover after parsing attributes in process `syz.3.258'. [ 134.553266][ T30] audit: type=1400 audit(1746370720.946:268): avc: denied { read } for pid=6678 comm="syz.0.262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 134.639690][ T6682] netlink: 28 bytes leftover after parsing attributes in process `syz.4.261'. [ 134.648955][ T6682] netlink: 28 bytes leftover after parsing attributes in process `syz.4.261'. [ 135.238750][ T6687] syzkaller0: entered allmulticast mode [ 135.747561][ T6712] lo speed is unknown, defaulting to 1000 [ 136.293597][ T6695] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 137.436953][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 137.436971][ T30] audit: type=1400 audit(1746370723.826:273): avc: denied { bind } for pid=6748 comm="syz.2.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 138.226934][ T30] audit: type=1400 audit(1746370724.626:274): avc: denied { bind } for pid=6757 comm="syz.4.285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 138.937190][ T30] audit: type=1400 audit(1746370724.686:275): avc: denied { setopt } for pid=6757 comm="syz.4.285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 138.956414][ C0] vkms_vblank_simulate: vblank timer overrun [ 139.054246][ T30] audit: type=1400 audit(1746370724.686:276): avc: denied { accept } for pid=6757 comm="syz.4.285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 139.073463][ C0] vkms_vblank_simulate: vblank timer overrun [ 139.113388][ T30] audit: type=1400 audit(1746370724.896:277): avc: denied { create } for pid=6755 comm="syz.3.284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 139.189367][ T30] audit: type=1400 audit(1746370724.996:278): avc: denied { ioctl } for pid=6755 comm="syz.3.284" path="socket:[11520]" dev="sockfs" ino=11520 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 139.215382][ T6772] siw: device registration error -23 [ 139.380511][ T30] audit: type=1400 audit(1746370725.306:279): avc: denied { bind } for pid=6755 comm="syz.3.284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 139.469030][ T30] audit: type=1400 audit(1746370725.636:280): avc: denied { setopt } for pid=6770 comm="syz.3.288" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 139.488854][ C0] vkms_vblank_simulate: vblank timer overrun [ 139.497279][ T30] audit: type=1400 audit(1746370725.656:281): avc: denied { setopt } for pid=6766 comm="syz.2.287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 139.525749][ T30] audit: type=1400 audit(1746370725.736:282): avc: denied { bind } for pid=6774 comm="syz.4.290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 139.864815][ T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 140.852799][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 140.923119][ T10] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 140.931202][ T10] usb 3-1: config 0 has no interface number 0 [ 141.000712][ T10] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 141.010157][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.018719][ T10] usb 3-1: Product: syz [ 141.023117][ T10] usb 3-1: Manufacturer: syz [ 141.027689][ T10] usb 3-1: SerialNumber: syz [ 141.065798][ T10] usb 3-1: config 0 descriptor?? [ 141.094088][ T10] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 142.423059][ T10] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 142.467624][ T10] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 142.595205][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 142.595574][ T5814] usb 3-1: USB disconnect, device number 4 [ 142.666864][ T5814] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 142.726284][ T5814] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 142.744144][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 142.744161][ T30] audit: type=1400 audit(1746370729.136:285): avc: denied { execute } for pid=6815 comm="syz.3.306" path="/70/file0" dev="tmpfs" ino=398 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 142.772552][ C0] vkms_vblank_simulate: vblank timer overrun [ 142.775426][ T5814] quatech2 3-1:0.51: device disconnected [ 142.785987][ T80] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 142.863064][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 142.896710][ T30] audit: type=1804 audit(1746370729.136:286): pid=6820 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.306" name="/newroot/70/file0" dev="tmpfs" ino=398 res=1 errno=0 [ 142.920633][ T6824] warning: `syz.4.308' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 142.971147][ T80] usb 2-1: Using ep0 maxpacket: 8 [ 142.983862][ T80] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 143.019604][ T80] usb 2-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b [ 143.034226][ T10] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 143.047091][ T80] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.050556][ T10] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 143.056184][ T80] usb 2-1: Product: syz [ 143.074033][ T80] usb 2-1: Manufacturer: syz [ 143.078644][ T80] usb 2-1: SerialNumber: syz [ 143.121632][ T30] audit: type=1804 audit(1746370729.496:287): pid=6826 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.309" name="/newroot/71/file1" dev="fuse" ino=1 res=1 errno=0 [ 143.133904][ T80] usb 2-1: config 0 descriptor?? [ 143.142927][ C0] vkms_vblank_simulate: vblank timer overrun [ 143.148608][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 143.203931][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 143.227893][ T30] audit: type=1800 audit(1746370729.496:288): pid=6826 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.309" name="/" dev="fuse" ino=1 res=0 errno=0 [ 143.228579][ T80] gspca_main: stk014-2.14.0 probing 05e1:0893 [ 143.255862][ T5814] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 143.262790][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 143.287585][ T10] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 143.312579][ T10] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 143.319135][ T80] usb 2-1: selecting invalid altsetting 1 [ 143.329512][ T30] audit: type=1400 audit(1746370729.516:289): avc: denied { write } for pid=6827 comm="syz.4.310" laddr=fe80::13 lport=60 faddr=fe80:: scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 143.352513][ T10] usb 1-1: Product: syz [ 143.356794][ T10] usb 1-1: Manufacturer: syz [ 143.369394][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 143.374789][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 143.423956][ T10] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 143.434738][ T80] gspca_stk014: init reg: 0x00 [ 143.442839][ T80] stk014 2-1:0.0: probe with driver stk014 failed with error -5 [ 143.443318][ T10] cdc_wdm 1-1:1.0: Unknown control protocol [ 143.463153][ T5814] usb 3-1: Using ep0 maxpacket: 32 [ 143.482879][ T5814] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 143.501650][ T5814] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 143.552746][ T5814] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 143.592892][ T5814] usb 3-1: config 1 has no interface number 0 [ 143.599039][ T5814] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 143.642759][ T5814] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 143.673304][ T30] audit: type=1400 audit(1746370730.056:290): avc: denied { ioctl } for pid=6833 comm="syz.3.312" path="socket:[11727]" dev="sockfs" ino=11727 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 143.716230][ T5814] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 143.762823][ T5814] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.797111][ T10] usb 2-1: USB disconnect, device number 5 [ 143.806093][ T30] audit: type=1400 audit(1746370730.056:291): avc: denied { ioctl } for pid=6833 comm="syz.3.312" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 143.817125][ T5814] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 144.030649][ T5814] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 144.363362][ T30] audit: type=1400 audit(1746370730.746:292): avc: denied { ioctl } for pid=6840 comm="syz.3.315" path="socket:[12344]" dev="sockfs" ino=12344 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 144.519574][ T3072] usb 3-1: USB disconnect, device number 5 [ 144.531954][ T3072] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 144.542019][ T30] audit: type=1400 audit(1746370730.946:293): avc: denied { rename } for pid=5166 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 144.573569][ T30] audit: type=1400 audit(1746370730.946:294): avc: denied { unlink } for pid=5166 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 145.122218][ T6858] Bluetooth: MGMT ver 1.23 [ 145.826142][ T5814] usb 1-1: USB disconnect, device number 4 [ 147.562868][ T5863] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 148.952865][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 148.952882][ T30] audit: type=1400 audit(1746370735.336:304): avc: denied { ioctl } for pid=6892 comm="syz.0.333" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf02 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 149.025572][ T5863] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 149.034885][ T5863] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 149.046532][ T5863] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 149.060620][ T5863] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 149.079810][ T5863] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 149.559798][ T5863] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 149.584609][ T5863] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 149.594547][ T5863] usb 5-1: Product: syz [ 149.599029][ T5863] usb 5-1: Manufacturer: syz [ 149.619967][ T5863] cdc_wdm 5-1:1.0: skipping garbage [ 149.626829][ T5863] cdc_wdm 5-1:1.0: skipping garbage [ 149.637475][ T5863] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 149.646574][ T5863] cdc_wdm 5-1:1.0: Unknown control protocol [ 149.852119][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 149.858853][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 149.865567][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 149.872524][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 149.880450][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 149.887049][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 149.894387][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 149.900992][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 149.907354][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 149.913957][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 149.920847][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 149.927451][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 149.933881][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 149.940478][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 149.947232][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 149.953834][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 149.960112][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 149.966717][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 149.973416][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 149.980016][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 149.987405][ T3072] usb 5-1: USB disconnect, device number 3 [ 149.993265][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 150.020055][ T30] audit: type=1326 audit(1746370736.416:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6901 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce778e969 code=0x7ffc0000 [ 150.054175][ T30] audit: type=1326 audit(1746370736.416:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6901 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce778e969 code=0x7ffc0000 [ 150.077523][ T5858] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 150.250410][ T5858] usb 4-1: Using ep0 maxpacket: 32 [ 150.264728][ T5858] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 150.293141][ T5858] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 150.320794][ T5858] usb 4-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 150.334928][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.408858][ T5858] usb 4-1: config 0 descriptor?? [ 150.459074][ T5858] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 150.826153][ T6900] netlink: 40 bytes leftover after parsing attributes in process `syz.3.335'. [ 154.622547][ T5858] usb 4-1: USB disconnect, device number 4 [ 154.663602][ T30] audit: type=1400 audit(1746370741.026:307): avc: denied { setopt } for pid=6956 comm="syz.4.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 155.276313][ T6971] xt_CT: You must specify a L4 protocol and not use inversions on it [ 155.887350][ T30] audit: type=1400 audit(1746370742.286:308): avc: denied { setopt } for pid=6956 comm="syz.4.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 155.917225][ T5858] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 155.951544][ T30] audit: type=1400 audit(1746370742.326:309): avc: denied { connect } for pid=6956 comm="syz.4.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 156.068924][ T30] audit: type=1400 audit(1746370742.466:310): avc: denied { shutdown } for pid=6956 comm="syz.4.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 156.127682][ T5858] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 156.143255][ T30] audit: type=1400 audit(1746370742.516:311): avc: denied { block_suspend } for pid=6979 comm="syz.2.362" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 156.175459][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.282149][ T5858] usb 4-1: config 0 descriptor?? [ 156.327764][ T30] audit: type=1326 audit(1746370742.566:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6979 comm="syz.2.362" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f11ba38e969 code=0x0 [ 156.373923][ T5858] cp210x 4-1:0.0: cp210x converter detected [ 156.632375][ T6975] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 156.776781][ T5858] usb 4-1: cp210x converter now attached to ttyUSB0 [ 157.030746][ T5863] usb 4-1: USB disconnect, device number 5 [ 157.049143][ T5863] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 157.228317][ T5863] cp210x 4-1:0.0: device disconnected [ 157.314221][ T7009] netlink: 68 bytes leftover after parsing attributes in process `syz.1.369'. [ 157.705312][ T30] audit: type=1400 audit(1746370743.736:313): avc: denied { setopt } for pid=6999 comm="syz.1.369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 157.862837][ T5125] Bluetooth: hci0: command 0x080f tx timeout [ 158.176176][ T7028] CUSE: unknown device info "ÿ" [ 158.181180][ T7028] CUSE: unknown device info "€" [ 158.186123][ T7028] CUSE: DEVNAME unspecified [ 158.813227][ T30] audit: type=1804 audit(1746370745.206:314): pid=7042 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.385" name="/" dev="pidfs" ino=7042 res=1 errno=0 [ 159.380244][ T7047] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 159.674551][ T30] audit: type=1400 audit(1746370746.076:315): avc: denied { create } for pid=7052 comm="syz.0.389" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 159.681085][ T7049] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 159.865467][ T30] audit: type=1400 audit(1746370746.266:316): avc: denied { bind } for pid=7058 comm="syz.0.391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 159.887735][ T7059] netlink: 4 bytes leftover after parsing attributes in process `syz.0.391'. [ 159.944695][ T30] audit: type=1400 audit(1746370746.286:317): avc: denied { write } for pid=7058 comm="syz.0.391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 160.042369][ T30] audit: type=1400 audit(1746370746.436:318): avc: denied { bind } for pid=7060 comm="syz.2.392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 160.927851][ T7072] netlink: 108 bytes leftover after parsing attributes in process `syz.4.397'. [ 160.957543][ T30] audit: type=1400 audit(1746370747.326:319): avc: denied { nlmsg_read } for pid=7071 comm="syz.4.397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 161.300849][ T7084] xt_CT: You must specify a L4 protocol and not use inversions on it [ 161.507973][ T7083] random: crng reseeded on system resumption [ 161.587880][ T30] audit: type=1400 audit(1746370747.906:320): avc: denied { append } for pid=7081 comm="syz.0.401" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 161.719528][ T5125] Bluetooth: hci0: command tx timeout [ 161.723674][ T30] audit: type=1400 audit(1746370747.906:321): avc: denied { open } for pid=7081 comm="syz.0.401" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 161.980827][ T7091] syzkaller0: entered promiscuous mode [ 161.986495][ T7091] syzkaller0: entered allmulticast mode [ 163.430084][ T30] audit: type=1326 audit(1746370749.826:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7115 comm="syz.1.414" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3ce778e969 code=0x0 [ 163.736345][ T7127] netlink: 12 bytes leftover after parsing attributes in process `syz.1.419'. [ 164.140917][ T30] audit: type=1400 audit(1746370750.536:323): avc: denied { write } for pid=7124 comm="syz.1.419" name="ip6_mr_cache" dev="proc" ino=4026533351 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 164.233042][ T3072] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 164.416087][ T3072] usb 1-1: Using ep0 maxpacket: 32 [ 164.436672][ T3072] usb 1-1: unable to get BOS descriptor or descriptor too short [ 164.454256][ T3072] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 164.501721][ T3072] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 164.553398][ T3072] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.637406][ T3072] usb 1-1: Product: syz [ 164.684069][ T3072] usb 1-1: Manufacturer: syz [ 164.688699][ T3072] usb 1-1: SerialNumber: syz [ 165.069435][ T3072] usb 1-1: Not enough endpoints found in device, aborting! [ 165.359273][ T3072] usb 1-1: USB disconnect, device number 5 [ 168.099691][ T30] audit: type=1400 audit(1746370754.496:324): avc: denied { lock } for pid=7173 comm="syz.1.434" path="socket:[13399]" dev="sockfs" ino=13399 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 168.390400][ T7182] syz.0.431: attempt to access beyond end of device [ 168.390400][ T7182] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 168.405023][ T7182] syz.0.431: attempt to access beyond end of device [ 168.405023][ T7182] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 168.418084][ T7182] Mount JFS Failure: -5 [ 168.422295][ T7182] jfs_mount failed w/return code = -5 [ 169.238630][ T30] audit: type=1804 audit(1746370755.566:325): pid=7186 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.437" name="/" dev="pidfs" ino=7184 res=1 errno=0 [ 169.572857][ T7196] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 169.876654][ T7205] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 169.906219][ T7205] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 170.746025][ T30] audit: type=1400 audit(1746370757.146:326): avc: denied { create } for pid=7219 comm="syz.4.448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 170.812291][ T30] audit: type=1400 audit(1746370757.176:327): avc: denied { read write } for pid=7222 comm="syz.2.450" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 170.901877][ T30] audit: type=1400 audit(1746370757.176:328): avc: denied { open } for pid=7222 comm="syz.2.450" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 171.051731][ T30] audit: type=1400 audit(1746370757.176:329): avc: denied { ioctl } for pid=7222 comm="syz.2.450" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 171.095788][ T5861] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 171.208802][ T30] audit: type=1400 audit(1746370757.176:330): avc: denied { read } for pid=7219 comm="syz.4.448" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 171.272513][ T30] audit: type=1400 audit(1746370757.176:331): avc: denied { open } for pid=7219 comm="syz.4.448" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 171.404877][ T5861] usb 3-1: config 0 has an invalid interface number: 235 but max is 0 [ 171.448115][ T5861] usb 3-1: config 0 has no interface number 0 [ 171.476163][ T5861] usb 3-1: config 0 interface 235 altsetting 16 endpoint 0x5 has invalid wMaxPacketSize 0 [ 171.525381][ T5861] usb 3-1: config 0 interface 235 has no altsetting 0 [ 171.652075][ T5861] usb 3-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=3e.18 [ 171.663846][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.671955][ T5861] usb 3-1: Product: syz [ 171.678123][ T5861] usb 3-1: Manufacturer: syz [ 171.682870][ T5861] usb 3-1: SerialNumber: syz [ 171.692832][ T5861] usb 3-1: config 0 descriptor?? [ 171.702421][ T5861] keyspan 3-1:0.235: Keyspan 1 port adapter converter detected [ 171.713788][ T5861] keyspan 3-1:0.235: found no endpoint descriptor for endpoint 87 [ 171.721774][ T5861] keyspan 3-1:0.235: found no endpoint descriptor for endpoint 7 [ 171.889408][ T5861] keyspan 3-1:0.235: found no endpoint descriptor for endpoint 81 [ 171.912814][ T5861] keyspan 3-1:0.235: found no endpoint descriptor for endpoint 1 [ 171.986526][ T7234] lo speed is unknown, defaulting to 1000 [ 172.003058][ T7234] lo speed is unknown, defaulting to 1000 [ 172.013231][ T7234] lo speed is unknown, defaulting to 1000 [ 172.349557][ T5861] keyspan 3-1:0.235: found no endpoint descriptor for endpoint 85 [ 172.379599][ T5861] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 172.398054][ T5861] usb 3-1: USB disconnect, device number 6 [ 172.484595][ T5861] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 172.507408][ T5861] keyspan 3-1:0.235: device disconnected [ 173.112648][ T7247] Bluetooth: MGMT ver 1.23 [ 173.468071][ T5863] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 173.554357][ T7234] infiniband sz1: set active [ 173.559150][ T7234] infiniband sz1: added lo [ 173.570094][ T80] lo speed is unknown, defaulting to 1000 [ 173.610279][ T7234] RDS/IB: sz1: added [ 173.614926][ T7234] smc: adding ib device sz1 with port count 1 [ 173.621365][ T7234] smc: ib device sz1 port 1 has pnetid [ 173.629404][ T7234] lo speed is unknown, defaulting to 1000 [ 173.752734][ T7234] lo speed is unknown, defaulting to 1000 [ 173.834185][ T7234] lo speed is unknown, defaulting to 1000 [ 173.916310][ T7234] lo speed is unknown, defaulting to 1000 [ 173.997099][ T7234] lo speed is unknown, defaulting to 1000 [ 174.079144][ T80] lo speed is unknown, defaulting to 1000 [ 174.106695][ T5863] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 174.135472][ T5863] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 174.247085][ T5863] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 174.367981][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.602929][ T5863] usb 1-1: can't set config #27, error -71 [ 174.631984][ T5863] usb 1-1: USB disconnect, device number 6 [ 174.888098][ T7285] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 174.958407][ T7285] netlink: 68 bytes leftover after parsing attributes in process `syz.2.471'. [ 176.326900][ T30] audit: type=1400 audit(1746370762.726:332): avc: denied { read write } for pid=7293 comm="syz.1.474" dev="sockfs" ino=13747 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 177.145133][ T7294] syz.1.474 (7294): drop_caches: 2 [ 177.596054][ T5861] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 178.535713][ T5861] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 178.643099][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.598853][ T5861] usb 2-1: config 0 descriptor?? [ 179.670559][ T5861] cp210x 2-1:0.0: cp210x converter detected [ 179.816924][ T30] audit: type=1400 audit(1746370766.216:333): avc: denied { write } for pid=7340 comm="syz.4.491" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 179.874028][ T5861] usb 2-1: cp210x converter now attached to ttyUSB0 [ 180.074681][ T5861] usb 2-1: USB disconnect, device number 6 [ 180.105574][ T5861] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 180.132460][ T5861] cp210x 2-1:0.0: device disconnected [ 180.195287][ T7352] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.495'. [ 180.204766][ T7352] netlink: zone id is out of range [ 180.209952][ T7352] netlink: zone id is out of range [ 180.215198][ T7352] netlink: get zone limit has 8 unknown bytes [ 180.283824][ T5863] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 180.589678][ T5823] Bluetooth: hci2: command 0x0406 tx timeout [ 180.589740][ T5820] Bluetooth: hci1: command 0x0406 tx timeout [ 180.603030][ T5820] Bluetooth: hci3: command 0x0406 tx timeout [ 180.804362][ T5863] usb 1-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1 [ 180.816250][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.969607][ T5863] usb 1-1: config 0 descriptor?? [ 180.982063][ T5863] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 180.995537][ T5863] dvb_usb_af9015 1-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 181.494491][ T7348] gtp0: entered promiscuous mode [ 181.499563][ T7348] gtp0: entered allmulticast mode [ 181.606727][ T80] usb 1-1: USB disconnect, device number 7 [ 182.550477][ T7383] xt_CT: You must specify a L4 protocol and not use inversions on it [ 184.737119][ T7412] netlink: 180 bytes leftover after parsing attributes in process `syz.2.517'. [ 185.315293][ T30] audit: type=1804 audit(1746370771.686:334): pid=7426 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.519" name="/newroot/104/file1" dev="fuse" ino=1 res=1 errno=0 [ 185.558135][ T7431] overlayfs: missing 'lowerdir' [ 185.705453][ T30] audit: type=1800 audit(1746370772.106:335): pid=7426 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.519" name="/" dev="fuse" ino=1 res=0 errno=0 [ 186.358731][ T7458] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 186.411484][ T7458] netlink: 68 bytes leftover after parsing attributes in process `syz.1.533'. [ 188.649395][ T30] audit: type=1804 audit(1746370775.046:336): pid=7475 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.4.539" name="/newroot/95/file1" dev="fuse" ino=1 res=1 errno=0 [ 188.922814][ T5815] Bluetooth: hci4: Malformed Event: 0x2f [ 189.342769][ T3072] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 190.412549][ T30] audit: type=1800 audit(1746370776.776:337): pid=7475 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.539" name="/" dev="fuse" ino=1 res=0 errno=0 [ 190.725657][ T3072] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 190.744033][ T3072] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.825291][ T3072] usb 1-1: config 0 descriptor?? [ 190.852142][ T30] audit: type=1400 audit(1746370777.246:338): avc: denied { append } for pid=7517 comm="syz.4.555" name="ocfs2_control" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 191.253830][ T3072] cp210x 1-1:0.0: cp210x converter detected [ 191.624110][ T3072] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 191.693275][ T30] audit: type=1400 audit(1746370778.086:339): avc: denied { getopt } for pid=7532 comm="syz.2.562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 191.893991][ T3072] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 191.896322][ T3072] usb 1-1: cp210x converter now attached to ttyUSB0 [ 191.898627][ T3072] usb 1-1: USB disconnect, device number 8 [ 191.901106][ T3072] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 191.901527][ T3072] cp210x 1-1:0.0: device disconnected [ 192.019165][ T7542] netlink: 56 bytes leftover after parsing attributes in process `syz.1.564'. [ 192.133691][ T7539] 9pnet_fd: Insufficient options for proto=fd [ 192.142836][ T30] audit: type=1400 audit(1746370778.496:340): avc: denied { create } for pid=7543 comm="syz.4.565" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 193.869486][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.875959][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.441597][ T7583] lo speed is unknown, defaulting to 1000 [ 194.842361][ T5861] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 194.994372][ T5861] usb 5-1: config 0 has no interfaces? [ 195.006443][ T5861] usb 5-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.00 [ 195.022603][ T5861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.060229][ T5861] usb 5-1: config 0 descriptor?? [ 195.477330][ T7617] syz.2.587: attempt to access beyond end of device [ 195.477330][ T7617] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 195.491698][ T7617] syz.2.587: attempt to access beyond end of device [ 195.491698][ T7617] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 195.505055][ T7617] Mount JFS Failure: -5 [ 195.509250][ T7617] jfs_mount failed w/return code = -5 [ 197.107582][ T30] audit: type=1804 audit(1746370783.506:341): pid=7634 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.595" name="/" dev="pidfs" ino=7631 res=1 errno=0 [ 197.493702][ T80] usb 5-1: USB disconnect, device number 4 [ 198.815640][ T30] audit: type=1804 audit(1746370785.196:342): pid=7669 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.604" name="/newroot/133/file1" dev="fuse" ino=1 res=1 errno=0 [ 198.837035][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.850202][ T30] audit: type=1804 audit(1746370785.216:343): pid=7671 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.609" name="/" dev="pidfs" ino=7671 res=1 errno=0 [ 198.870972][ C1] vkms_vblank_simulate: vblank timer overrun [ 199.107604][ T30] audit: type=1400 audit(1746370785.506:344): avc: denied { read write } for pid=7665 comm="syz.0.606" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 199.448740][ T30] audit: type=1400 audit(1746370785.506:345): avc: denied { open } for pid=7665 comm="syz.0.606" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 199.472009][ C1] vkms_vblank_simulate: vblank timer overrun [ 199.570252][ T30] audit: type=1800 audit(1746370785.966:346): pid=7669 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.604" name="/" dev="fuse" ino=1 res=0 errno=0 [ 199.856786][ T7689] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 200.068273][ T30] audit: type=1804 audit(1746370786.116:347): pid=7688 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.611" name="/" dev="pidfs" ino=7688 res=1 errno=0 [ 200.325259][ T30] audit: type=1326 audit(1746370786.706:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7690 comm="syz.4.614" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74e3b8e969 code=0x0 [ 201.574362][ T7734] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 201.581273][ T30] audit: type=1804 audit(1746370787.976:349): pid=7735 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.626" name="/newroot/136/file1" dev="fuse" ino=1 res=1 errno=0 [ 201.965162][ T7746] xt_CT: You must specify a L4 protocol and not use inversions on it [ 202.204177][ T30] audit: type=1326 audit(1746370788.606:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7749 comm="syz.1.634" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3ce778e969 code=0x0 [ 202.358279][ T30] audit: type=1800 audit(1746370788.746:351): pid=7735 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.626" name="/" dev="fuse" ino=1 res=0 errno=0 [ 202.450609][ T7767] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 203.705176][ T30] audit: type=1400 audit(1746370789.826:352): avc: denied { mount } for pid=7768 comm="syz.0.640" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 205.925318][ T30] audit: type=1400 audit(1746370790.286:353): avc: denied { mounton } for pid=7768 comm="syz.0.640" path="/128/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 206.172809][ T30] audit: type=1400 audit(1746370792.566:354): avc: denied { unmount } for pid=5810 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 206.270026][ T7794] netlink: 161716 bytes leftover after parsing attributes in process `syz.1.648'. [ 206.275079][ T30] audit: type=1400 audit(1746370792.666:355): avc: denied { bind } for pid=7788 comm="syz.3.645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 206.500658][ T30] audit: type=1400 audit(1746370792.696:356): avc: denied { node_bind } for pid=7788 comm="syz.3.645" saddr=224.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 208.209157][ T30] audit: type=1326 audit(1746370794.606:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7820 comm="syz.1.659" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3ce778e969 code=0x0 [ 211.172886][ T30] audit: type=1400 audit(1746370797.566:358): avc: denied { connect } for pid=7876 comm="syz.4.679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 211.406796][ T7885] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 211.447857][ T7885] netlink: 68 bytes leftover after parsing attributes in process `syz.3.683'. [ 213.240418][ T30] audit: type=1400 audit(1746370799.636:359): avc: denied { bind } for pid=7897 comm="syz.3.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 215.140352][ T30] audit: type=1326 audit(1746370801.516:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7917 comm="syz.2.697" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f11ba38e969 code=0x0 [ 215.615085][ T7944] netlink: 36 bytes leftover after parsing attributes in process `syz.3.702'. [ 216.047553][ T30] audit: type=1400 audit(1746370801.916:361): avc: denied { read write } for pid=7939 comm="syz.1.704" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 216.087466][ T5861] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 216.293804][ T6906] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 216.323671][ T30] audit: type=1400 audit(1746370801.916:362): avc: denied { open } for pid=7939 comm="syz.1.704" path="/dev/binderfs/binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 216.644630][ T5861] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 216.669811][ T5861] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 216.680829][ T6906] usb 3-1: device descriptor read/64, error -71 [ 216.706862][ T5861] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 216.720626][ T5861] usb 1-1: New USB device found, idVendor=1e71, idProduct=200f, bcdDevice= 0.00 [ 216.732300][ T5861] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.744171][ T5861] usb 1-1: config 0 descriptor?? [ 216.749928][ T7935] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 216.922784][ T6906] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 216.952793][ T3072] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 217.661432][ T5861] nzxt-smart2 0003:1E71:200F.0002: unknown main item tag 0x0 [ 217.685246][ T5861] nzxt-smart2 0003:1E71:200F.0002: item fetching failed at offset 4/5 [ 217.694344][ T5861] nzxt-smart2 0003:1E71:200F.0002: probe with driver nzxt-smart2 failed with error -22 [ 217.711024][ T5861] usb 1-1: USB disconnect, device number 9 [ 217.863141][ T6906] usb 3-1: device descriptor read/64, error -71 [ 217.892925][ T3072] usb 2-1: Using ep0 maxpacket: 16 [ 217.903209][ T3072] usb 2-1: config 0 has an invalid interface number: 162 but max is 0 [ 217.912263][ T3072] usb 2-1: config 0 has no interface number 0 [ 217.919441][ T3072] usb 2-1: config 0 interface 162 has no altsetting 0 [ 218.381663][ T6906] usb usb3-port1: attempt power cycle [ 218.391168][ T3072] usb 2-1: New USB device found, idVendor=0803, idProduct=3095, bcdDevice=fc.d4 [ 218.400706][ T3072] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.408956][ T3072] usb 2-1: Product: syz [ 218.413934][ T3072] usb 2-1: Manufacturer: syz [ 218.418541][ T3072] usb 2-1: SerialNumber: syz [ 218.434166][ T3072] usb 2-1: config 0 descriptor?? [ 218.786509][ T7976] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 219.580958][ T5863] usb 2-1: USB disconnect, device number 7 [ 219.699288][ T7973] netlink: 'syz.0.715': attribute type 14 has an invalid length. [ 220.687796][ T30] audit: type=1400 audit(1746370806.866:363): avc: denied { ioctl } for pid=7983 comm="syz.2.719" path="socket:[16667]" dev="sockfs" ino=16667 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 220.712255][ C1] vkms_vblank_simulate: vblank timer overrun [ 220.846829][ T5815] Bluetooth: hci0: command tx timeout [ 221.074427][ T30] audit: type=1804 audit(1746370807.466:364): pid=8000 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.725" name="/" dev="pidfs" ino=8000 res=1 errno=0 [ 221.095248][ C1] vkms_vblank_simulate: vblank timer overrun [ 222.069261][ T8005] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 222.354082][ T80] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 222.442285][ T8016] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 223.322833][ T80] usb 3-1: device descriptor read/64, error -71 [ 223.570086][ T80] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 223.792788][ T80] usb 3-1: device descriptor read/64, error -71 [ 223.924729][ T80] usb usb3-port1: attempt power cycle [ 224.032468][ T30] audit: type=1804 audit(1746370810.396:365): pid=8033 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.737" name="/newroot/142/file0" dev="tmpfs" ino=760 res=1 errno=0 [ 224.302764][ T80] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 224.323452][ T80] usb 3-1: device descriptor read/8, error -71 [ 224.503864][ T5815] Bluetooth: hci0: command tx timeout [ 224.562849][ T80] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 224.663469][ T80] usb 3-1: device descriptor read/8, error -71 [ 224.824406][ T80] usb usb3-port1: unable to enumerate USB device [ 225.442381][ T8050] netlink: 161716 bytes leftover after parsing attributes in process `syz.1.742'. [ 226.022956][ T8071] hfs: unable to load iocharset "io#harset" [ 226.817463][ T30] audit: type=1400 audit(1746370813.216:366): avc: denied { connect } for pid=8078 comm="syz.3.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 226.885517][ T30] audit: type=1400 audit(1746370813.216:367): avc: denied { write } for pid=8078 comm="syz.3.753" path="socket:[16104]" dev="sockfs" ino=16104 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 226.908909][ C1] vkms_vblank_simulate: vblank timer overrun [ 228.147499][ T30] audit: type=1400 audit(1746370814.536:368): avc: denied { ioctl } for pid=8098 comm="syz.1.758" path="socket:[16136]" dev="sockfs" ino=16136 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 228.231204][ T30] audit: type=1400 audit(1746370814.536:369): avc: denied { connect } for pid=8098 comm="syz.1.758" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 228.726340][ T30] audit: type=1326 audit(1746370815.126:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8119 comm="syz.2.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11ba38e969 code=0x7ffc0000 [ 228.750335][ T30] audit: type=1326 audit(1746370815.126:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8119 comm="syz.2.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11ba38e969 code=0x7ffc0000 [ 228.788473][ T30] audit: type=1326 audit(1746370815.126:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8119 comm="syz.2.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f11ba38e969 code=0x7ffc0000 [ 228.811651][ C1] vkms_vblank_simulate: vblank timer overrun [ 228.819310][ T30] audit: type=1326 audit(1746370815.126:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8119 comm="syz.2.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11ba38e969 code=0x7ffc0000 [ 228.842561][ C1] vkms_vblank_simulate: vblank timer overrun [ 228.849282][ T30] audit: type=1326 audit(1746370815.126:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8119 comm="syz.2.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11ba38e969 code=0x7ffc0000 [ 228.902165][ T5858] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 229.562767][ T5858] usb 5-1: Using ep0 maxpacket: 32 [ 229.888254][ T30] audit: type=1400 audit(1746370815.876:375): avc: denied { create } for pid=8124 comm="syz.1.768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 229.960816][ T5858] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.982800][ T5858] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 229.991966][ T5858] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.010312][ T5858] usb 5-1: config 0 descriptor?? [ 230.996755][ T8135] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 231.014562][ T8135] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 231.214515][ T5858] ntrig 0003:1B96:000A.0003: unknown main item tag 0x0 [ 231.221437][ T5858] ntrig 0003:1B96:000A.0003: unknown main item tag 0x0 [ 231.555812][ T5858] ntrig 0003:1B96:000A.0003: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.4-1/input0 [ 231.649537][ T5858] usb 5-1: USB disconnect, device number 5 [ 231.765971][ T8151] 9pnet_fd: Insufficient options for proto=fd [ 232.062864][ T3072] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 232.854406][ T3072] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 233.408924][ T3072] usb 4-1: config 0 has no interface number 0 [ 233.442905][ T3072] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 233.451978][ T3072] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.479608][ T3072] usb 4-1: config 0 descriptor?? [ 233.499869][ T3072] usb 4-1: selecting invalid altsetting 1 [ 233.507505][ T3072] dvb_ttusb_budget: ttusb_init_controller: error [ 233.515593][ T3072] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 233.730143][ T3072] DVB: Unable to find symbol cx22700_attach() [ 234.634989][ T3072] DVB: Unable to find symbol tda10046_attach() [ 234.641165][ T3072] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 234.868994][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 234.869018][ T30] audit: type=1804 audit(1746370821.266:377): pid=8203 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.791" name="/" dev="pidfs" ino=8203 res=1 errno=0 [ 235.159434][ T8204] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 235.280478][ T5814] usb 4-1: USB disconnect, device number 6 [ 236.854756][ T5863] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 237.072751][ T5863] usb 5-1: Using ep0 maxpacket: 32 [ 237.086407][ T5863] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 237.100756][ T5863] usb 5-1: config 0 has no interface number 0 [ 237.122753][ T5863] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 237.157041][ T5863] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.183019][ T5815] Bluetooth: hci2: Malformed Event: 0x2f [ 237.300198][ T5863] usb 5-1: Product: syz [ 237.334619][ T5863] usb 5-1: Manufacturer: syz [ 237.364240][ T5863] usb 5-1: SerialNumber: syz [ 237.422025][ T5863] usb 5-1: config 0 descriptor?? [ 237.481449][ T5863] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 237.578690][ T30] audit: type=1804 audit(1746370823.976:378): pid=8248 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.806" name="/" dev="pidfs" ino=8248 res=1 errno=0 [ 237.663259][ T8249] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 237.937077][ T5863] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 237.979367][ T5863] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 238.127321][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 95 [ 238.328911][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 238.329129][ T9] usb 5-1: USB disconnect, device number 6 [ 238.362601][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 238.391793][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 238.418847][ T9] quatech2 5-1:0.51: device disconnected [ 238.439567][ T8266] netlink: 8 bytes leftover after parsing attributes in process `syz.1.814'. [ 238.576578][ T8274] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 238.583336][ T8274] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 238.594121][ T8274] vhci_hcd vhci_hcd.0: Device attached [ 238.605574][ T8274] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(12) [ 238.612210][ T8274] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 238.619926][ T8274] vhci_hcd vhci_hcd.0: Device attached [ 238.622846][ T5814] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 238.636053][ T8274] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(14) [ 238.642666][ T8274] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 238.662424][ T8274] vhci_hcd vhci_hcd.0: Device attached [ 238.685997][ T8274] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(16) [ 238.692625][ T8274] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 238.704745][ T8274] vhci_hcd vhci_hcd.0: Device attached [ 238.721937][ T30] audit: type=1804 audit(1746370825.116:379): pid=8284 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.819" name="/" dev="pidfs" ino=8284 res=1 errno=0 [ 238.725619][ T8279] vhci_hcd: connection closed [ 238.744323][ T8277] vhci_hcd: connection closed [ 238.749556][ T8275] vhci_hcd: connection closed [ 238.756491][ T1008] vhci_hcd: stop threads [ 238.787325][ T1008] vhci_hcd: release socket [ 238.788381][ T5858] vhci_hcd: vhci_device speed not set [ 238.791980][ T8281] vhci_hcd: connection closed [ 238.797618][ T5814] usb 1-1: Using ep0 maxpacket: 32 [ 238.812492][ T1008] vhci_hcd: disconnect device [ 238.826078][ T8285] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 238.847860][ T5814] usb 1-1: config 0 has an invalid interface number: 143 but max is 0 [ 238.874569][ T5814] usb 1-1: config 0 has no interface number 0 [ 238.881144][ T5814] usb 1-1: config 0 interface 143 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 238.892920][ T5858] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 238.973493][ T5814] usb 1-1: New USB device found, idVendor=0bb4, idProduct=0a20, bcdDevice=f6.ab [ 238.982623][ T1008] vhci_hcd: stop threads [ 238.995803][ T1008] vhci_hcd: release socket [ 239.024321][ T1008] vhci_hcd: disconnect device [ 239.050918][ T5814] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.073344][ T1008] vhci_hcd: stop threads [ 239.103136][ T1008] vhci_hcd: release socket [ 239.139544][ T5814] usb 1-1: Product: syz [ 239.150467][ T1008] vhci_hcd: disconnect device [ 239.165122][ T5814] usb 1-1: Manufacturer: syz [ 239.172925][ T1008] vhci_hcd: stop threads [ 239.177180][ T1008] vhci_hcd: release socket [ 239.181646][ T5814] usb 1-1: SerialNumber: syz [ 239.209124][ T5814] usb 1-1: config 0 descriptor?? [ 239.217762][ T1008] vhci_hcd: disconnect device [ 239.235475][ T8264] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 239.249259][ T8287] 9pnet_fd: Insufficient options for proto=fd [ 239.278570][ T30] audit: type=1400 audit(1746370825.676:380): avc: denied { read } for pid=8288 comm="syz.4.821" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 239.509676][ T5814] usb 1-1: USB disconnect, device number 10 [ 240.784021][ T5814] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 240.826247][ T30] audit: type=1400 audit(1746370827.226:381): avc: denied { search } for pid=5166 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 240.972824][ T5814] usb 1-1: Using ep0 maxpacket: 8 [ 241.018361][ T5814] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 241.090968][ T5814] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 241.203479][ T5814] usb 1-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 241.221424][ T5814] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.252782][ T5814] usb 1-1: Product: syz [ 241.265731][ T5814] usb 1-1: Manufacturer: syz [ 241.278102][ T5814] usb 1-1: SerialNumber: syz [ 241.302838][ T5814] usb 1-1: config 0 descriptor?? [ 241.579786][ T30] audit: type=1400 audit(1746370827.966:382): avc: denied { watch watch_reads } for pid=8342 comm="syz.1.841" path="/proc/477/map_files" dev="proc" ino=17851 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 244.463017][ T5858] vhci_hcd: vhci_device speed not set [ 244.683043][ T9] usb 1-1: USB disconnect, device number 11 [ 244.805552][ T8390] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 244.865275][ T8390] netlink: 68 bytes leftover after parsing attributes in process `syz.4.858'. [ 246.283917][ T30] audit: type=1400 audit(1746370832.676:383): avc: denied { create } for pid=8401 comm="syz.0.864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 246.305456][ T8405] netlink: 16 bytes leftover after parsing attributes in process `syz.0.864'. [ 246.342168][ T30] audit: type=1400 audit(1746370832.706:384): avc: denied { write } for pid=8401 comm="syz.0.864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 246.444562][ T8410] CIFS: iocharset name too long [ 246.462635][ T30] audit: type=1400 audit(1746370832.846:385): avc: denied { connect } for pid=8408 comm="syz.1.866" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 246.710306][ T30] audit: type=1400 audit(1746370832.846:386): avc: denied { write } for pid=8408 comm="syz.1.866" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 246.824160][ T8415] netlink: 161716 bytes leftover after parsing attributes in process `syz.4.868'. [ 247.712950][ T5814] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 248.687016][ T8435] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 248.797038][ T5814] usb 1-1: Using ep0 maxpacket: 16 [ 248.917381][ T5814] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 249.082245][ T5814] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 249.258151][ T5814] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 249.380154][ T5814] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.456973][ T5814] usb 1-1: Product: syz [ 249.495469][ T5814] usb 1-1: Manufacturer: syz [ 249.533562][ T5814] usb 1-1: SerialNumber: syz [ 249.577696][ T5814] usb 1-1: config 0 descriptor?? [ 249.627611][ T5814] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 249.636955][ T30] audit: type=1400 audit(1746370836.016:387): avc: denied { mount } for pid=8446 comm="syz.4.879" name="/" dev="rpc_pipefs" ino=18003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 249.700910][ T5814] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 249.843099][ T5861] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 250.369479][ T5814] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 250.402784][ T5861] usb 2-1: Using ep0 maxpacket: 16 [ 250.413849][ T5861] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 250.427124][ T5814] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 250.435863][ T5814] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 250.443154][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 250.452431][ T5814] em28xx 1-1:0.0: No AC97 audio processor [ 250.471019][ T5814] usb 1-1: USB disconnect, device number 12 [ 250.483247][ T5814] em28xx 1-1:0.0: Disconnecting em28xx [ 250.492898][ T5861] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 250.501974][ T5861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.516346][ T5814] em28xx 1-1:0.0: Freeing device [ 250.530983][ T5861] usb 2-1: Product: syz [ 250.538539][ T5861] usb 2-1: Manufacturer: syz [ 250.691005][ T5861] usb 2-1: SerialNumber: syz [ 250.890818][ T5861] usb 2-1: config 0 descriptor?? [ 250.915213][ T8473] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 250.980903][ T5861] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 251.094709][ T5861] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 253.173278][ T5861] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 253.180728][ T5861] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 253.200593][ T5861] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 253.251623][ T8481] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 253.282166][ T5861] em28xx 2-1:0.0: No AC97 audio processor [ 253.511837][ T5861] usb 2-1: USB disconnect, device number 8 [ 253.619997][ T8487] fuse: Bad value for 'fd' [ 253.688952][ T5861] em28xx 2-1:0.0: Disconnecting em28xx [ 253.921675][ T5861] em28xx 2-1:0.0: Freeing device [ 254.296379][ T8492] netlink: 'syz.3.895': attribute type 3 has an invalid length. [ 254.304257][ T8492] netlink: 'syz.3.895': attribute type 3 has an invalid length. [ 254.311948][ T8492] netlink: 'syz.3.895': attribute type 3 has an invalid length. [ 254.319756][ T8492] netlink: 'syz.3.895': attribute type 3 has an invalid length. [ 254.327621][ T8492] netlink: 'syz.3.895': attribute type 3 has an invalid length. [ 254.335427][ T8492] netlink: 'syz.3.895': attribute type 3 has an invalid length. [ 254.347107][ T8492] netlink: 'syz.3.895': attribute type 3 has an invalid length. [ 254.359464][ T8492] netlink: 'syz.3.895': attribute type 3 has an invalid length. [ 254.367754][ T8492] netlink: 'syz.3.895': attribute type 3 has an invalid length. [ 254.377090][ T8492] netlink: 'syz.3.895': attribute type 3 has an invalid length. [ 255.304699][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.569369][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.786298][ T3072] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 256.952858][ T3072] usb 1-1: Using ep0 maxpacket: 16 [ 256.962306][ T3072] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 256.980939][ T3072] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 256.997331][ T3072] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 257.008664][ T3072] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.068902][ T30] audit: type=1326 audit(1746370843.466:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8523 comm="syz.4.906" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74e3b8e969 code=0x0 [ 257.096177][ T3072] usb 1-1: Product: syz [ 257.106151][ T3072] usb 1-1: Manufacturer: syz [ 257.119669][ T3072] usb 1-1: SerialNumber: syz [ 257.169659][ T8531] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 257.249206][ T3072] usb 1-1: config 0 descriptor?? [ 257.540507][ T3072] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 257.617730][ T3072] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 258.126911][ T3072] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 258.174219][ T3072] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 258.189212][ T3072] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 258.204258][ T3072] em28xx 1-1:0.0: No AC97 audio processor [ 258.336403][ T8541] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 258.380648][ T3072] usb 1-1: USB disconnect, device number 13 [ 258.550207][ T3072] em28xx 1-1:0.0: Disconnecting em28xx [ 258.703100][ T3072] em28xx 1-1:0.0: Freeing device [ 259.265348][ T30] audit: type=1400 audit(1746370845.666:389): avc: denied { ioctl } for pid=8544 comm="syz.2.913" path="/dev/binderfs/binder0" dev="binder" ino=13 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 259.265371][ T8549] binder: 8544:8549 ioctl c0306201 0 returned -14 [ 259.576819][ T30] audit: type=1400 audit(1746370845.906:390): avc: denied { getopt } for pid=8555 comm="syz.0.918" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 259.995785][ T30] audit: type=1400 audit(1746370846.396:391): avc: denied { getopt } for pid=8556 comm="syz.1.916" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 260.322020][ T8575] lo speed is unknown, defaulting to 1000 [ 260.328899][ T8575] lo speed is unknown, defaulting to 1000 [ 260.340132][ T8575] lo speed is unknown, defaulting to 1000 [ 260.460034][ T5815] Bluetooth: hci0: command tx timeout [ 261.109106][ T8575] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 261.355250][ T8575] lo speed is unknown, defaulting to 1000 [ 261.386010][ T8575] lo speed is unknown, defaulting to 1000 [ 261.406620][ T8575] lo speed is unknown, defaulting to 1000 [ 261.492761][ T5890] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 261.536911][ T8575] lo speed is unknown, defaulting to 1000 [ 261.544217][ T8575] lo speed is unknown, defaulting to 1000 [ 261.736695][ T5890] usb 1-1: Using ep0 maxpacket: 16 [ 261.751372][ T8585] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 261.786214][ T5890] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 261.883705][ T5890] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 262.104811][ T5890] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 262.198103][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.311497][ T5890] usb 1-1: Product: syz [ 262.357198][ T5890] usb 1-1: Manufacturer: syz [ 262.361868][ T5890] usb 1-1: SerialNumber: syz [ 262.409841][ T5890] usb 1-1: config 0 descriptor?? [ 262.446895][ T5890] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 262.493393][ T5890] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 263.496963][ T5890] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 263.516518][ T5890] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 263.524531][ T5890] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 263.531692][ T5890] em28xx 1-1:0.0: No AC97 audio processor [ 263.549431][ T5890] usb 1-1: USB disconnect, device number 14 [ 263.559441][ T5890] em28xx 1-1:0.0: Disconnecting em28xx [ 263.570786][ T5890] em28xx 1-1:0.0: Freeing device [ 263.782889][ T5815] Bluetooth: hci0: command tx timeout [ 264.205854][ T80] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 264.404780][ T80] usb 5-1: Using ep0 maxpacket: 32 [ 264.418642][ T80] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 264.430665][ T80] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 264.458227][ T80] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 264.493911][ T80] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.553867][ T80] usb 5-1: config 0 descriptor?? [ 264.571411][ T80] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 264.769590][ T8615] netlink: 40 bytes leftover after parsing attributes in process `syz.4.934'. [ 267.346362][ T5814] usb 5-1: USB disconnect, device number 7 [ 268.992891][ T3072] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 269.144258][ T3072] usb 4-1: config 0 has an invalid interface number: 142 but max is 0 [ 269.152654][ T3072] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 269.163019][ T3072] usb 4-1: config 0 has no interface number 0 [ 269.169141][ T3072] usb 4-1: config 0 interface 142 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 15 [ 269.184292][ T3072] usb 4-1: Dual-Role OTG device on HNP port [ 269.191308][ T3072] usb 4-1: New USB device found, idVendor=045e, idProduct=046a, bcdDevice=50.20 [ 269.200516][ T3072] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.208617][ T3072] usb 4-1: Product: syz [ 269.212858][ T3072] usb 4-1: Manufacturer: syz [ 269.217771][ T3072] usb 4-1: SerialNumber: syz [ 269.224205][ T3072] usb 4-1: config 0 descriptor?? [ 269.571183][ T9] usb 4-1: USB disconnect, device number 7 [ 271.292229][ T30] audit: type=1804 audit(1746370857.686:392): pid=8720 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.972" name="/" dev="pidfs" ino=8719 res=1 errno=0 [ 271.482720][ T8726] syz.4.974: attempt to access beyond end of device [ 271.482720][ T8726] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 271.496150][ T8726] syz.4.974: attempt to access beyond end of device [ 271.496150][ T8726] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 271.509196][ T8726] Mount JFS Failure: -5 [ 271.513446][ T8726] jfs_mount failed w/return code = -5 [ 272.532589][ T8720] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 277.209106][ T8774] 9pnet_fd: Insufficient options for proto=fd [ 277.473965][ T8780] siw: device registration error -23 [ 277.555861][ T30] audit: type=1804 audit(1746370863.956:393): pid=8781 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.993" name="/" dev="pidfs" ino=8780 res=1 errno=0 [ 277.627533][ T8782] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 279.921335][ T8825] siw: device registration error -23 [ 281.609873][ T8840] syz.1.1014 (8840): drop_caches: 2 [ 281.707080][ T30] audit: type=1804 audit(1746370868.086:394): pid=8850 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1017" name="/" dev="pidfs" ino=8850 res=1 errno=0 [ 281.799993][ T8850] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 283.990287][ T5861] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 284.143124][ T5861] usb 3-1: Using ep0 maxpacket: 16 [ 284.155211][ T5861] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 284.170091][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 284.190255][ T5861] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 284.201310][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.211004][ T5861] usb 3-1: Product: syz [ 284.215581][ T5861] usb 3-1: Manufacturer: syz [ 284.220194][ T5861] usb 3-1: SerialNumber: syz [ 284.227529][ T5861] usb 3-1: config 0 descriptor?? [ 284.305809][ T5861] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 284.315831][ T5861] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 285.119157][ T5861] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 285.135432][ T5861] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 285.218160][ T5861] em28xx 3-1:0.0: AC97 chip type couldn't be determined [ 285.225306][ T5861] em28xx 3-1:0.0: No AC97 audio processor [ 285.236211][ T5861] usb 3-1: USB disconnect, device number 14 [ 285.264725][ T5861] em28xx 3-1:0.0: Disconnecting em28xx [ 285.307166][ T5861] em28xx 3-1:0.0: Freeing device [ 285.962204][ T30] audit: type=1804 audit(1746370872.356:395): pid=8939 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.1049" name="/" dev="pidfs" ino=8938 res=1 errno=0 [ 286.108926][ T8941] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 286.503904][ T8953] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 287.352707][ T30] audit: type=1804 audit(1746370873.746:396): pid=8958 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.1055" name="/" dev="pidfs" ino=8958 res=1 errno=0 [ 287.381602][ T8958] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 287.506315][ T30] audit: type=1400 audit(1746370873.906:397): avc: denied { mount } for pid=8961 comm="syz.4.1056" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 287.608937][ T30] audit: type=1400 audit(1746370874.006:398): avc: denied { accept } for pid=8961 comm="syz.4.1056" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 287.762846][ T5814] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 288.092787][ T5814] usb 1-1: Using ep0 maxpacket: 16 [ 288.099556][ T5814] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 288.116417][ T5814] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 288.130006][ T5814] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 288.142339][ T5814] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.151911][ T5814] usb 1-1: Product: syz [ 288.158212][ T5814] usb 1-1: Manufacturer: syz [ 288.164091][ T5814] usb 1-1: SerialNumber: syz [ 288.203952][ T5814] usb 1-1: config 0 descriptor?? [ 288.261779][ T5814] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 288.359566][ T5814] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 288.484952][ T8980] bridge0: port 3(gretap0) entered blocking state [ 288.492011][ T8980] bridge0: port 3(gretap0) entered disabled state [ 288.499585][ T8980] gretap0: entered allmulticast mode [ 288.514236][ T8980] gretap0: entered promiscuous mode [ 288.522077][ T8980] bridge0: port 3(gretap0) entered blocking state [ 288.528715][ T8980] bridge0: port 3(gretap0) entered forwarding state [ 288.555021][ T8980] gretap0: left allmulticast mode [ 288.560143][ T8980] gretap0: left promiscuous mode [ 288.566089][ T8980] bridge0: port 3(gretap0) entered disabled state [ 288.767057][ T5815] Bluetooth: hci0: command tx timeout [ 288.788427][ T30] audit: type=1804 audit(1746370875.186:399): pid=8981 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1063" name="/" dev="pidfs" ino=8980 res=1 errno=0 [ 288.884229][ T8982] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 289.339016][ T5814] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 289.417434][ T8992] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 290.143366][ T5814] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 290.190266][ T5814] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 290.270513][ T5814] em28xx 1-1:0.0: No AC97 audio processor [ 290.445156][ T5814] usb 1-1: USB disconnect, device number 15 [ 290.687882][ T5814] em28xx 1-1:0.0: Disconnecting em28xx [ 290.698900][ T9004] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 291.486031][ T5814] em28xx 1-1:0.0: Freeing device [ 291.492719][ T5815] Bluetooth: hci0: command tx timeout [ 292.078949][ T9027] hub 2-0:1.0: USB hub found [ 292.086192][ T9027] hub 2-0:1.0: 1 port detected [ 292.864906][ T9041] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 292.903472][ T9041] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1083'. [ 294.166468][ T9038] syz.0.1082: vmalloc error: size 16777216, failed to allocated page array size 32768, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 294.184984][ T9038] CPU: 0 UID: 0 PID: 9038 Comm: syz.0.1082 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) [ 294.185007][ T9038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 294.185014][ T9038] Call Trace: [ 294.185018][ T9038] [ 294.185022][ T9038] dump_stack_lvl+0x16c/0x1f0 [ 294.185042][ T9038] warn_alloc+0x248/0x3a0 [ 294.185062][ T9038] ? __pfx_warn_alloc+0x10/0x10 [ 294.185084][ T9038] ? __get_vm_area_node+0x1b9/0x300 [ 294.185098][ T9038] ? __get_vm_area_node+0x1e5/0x300 [ 294.185114][ T9038] __vmalloc_node_range_noprof+0x1110/0x1540 [ 294.185129][ T9038] ? lockdep_hardirqs_on+0x7c/0x110 [ 294.185165][ T9038] ? packet_set_ring+0xb07/0x18d0 [ 294.185183][ T9038] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 294.185198][ T9038] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 294.185210][ T9038] ? rcu_is_watching+0x12/0xc0 [ 294.185223][ T9038] ? trace_kmalloc+0x2b/0xd0 [ 294.185234][ T9038] ? __kmalloc_noprof+0x242/0x510 [ 294.185251][ T9038] ? packet_set_ring+0xb07/0x18d0 [ 294.185265][ T9038] vzalloc_noprof+0x6b/0x90 [ 294.185279][ T9038] ? packet_set_ring+0xb07/0x18d0 [ 294.185292][ T9038] packet_set_ring+0xb07/0x18d0 [ 294.185310][ T9038] packet_setsockopt+0x121b/0x3360 [ 294.185328][ T9038] ? __pfx_packet_setsockopt+0x10/0x10 [ 294.185342][ T9038] ? selinux_netlbl_socket_setsockopt+0x183/0x470 [ 294.185359][ T9038] ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10 [ 294.185376][ T9038] ? __lock_acquire+0x5ca/0x1ba0 [ 294.185396][ T9038] ? selinux_socket_setsockopt+0x6a/0x80 [ 294.185410][ T9038] ? __pfx_packet_setsockopt+0x10/0x10 [ 294.185424][ T9038] do_sock_setsockopt+0x221/0x470 [ 294.185438][ T9038] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 294.185461][ T9038] __sys_setsockopt+0x1a0/0x230 [ 294.185481][ T9038] __x64_sys_setsockopt+0xbd/0x160 [ 294.185490][ T9038] ? do_syscall_64+0x91/0x260 [ 294.185503][ T9038] ? lockdep_hardirqs_on+0x7c/0x110 [ 294.185516][ T9038] do_syscall_64+0xcd/0x260 [ 294.185531][ T9038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.185542][ T9038] RIP: 0033:0x7f0ace98e969 [ 294.185551][ T9038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.185562][ T9038] RSP: 002b:00007f0acf853038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 294.185573][ T9038] RAX: ffffffffffffffda RBX: 00007f0acebb5fa0 RCX: 00007f0ace98e969 [ 294.185580][ T9038] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000004 [ 294.185586][ T9038] RBP: 00007f0acea10ab1 R08: 000000000000001c R09: 0000000000000000 [ 294.185592][ T9038] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 294.185598][ T9038] R13: 0000000000000000 R14: 00007f0acebb5fa0 R15: 00007ffd04d34ac8 [ 294.185611][ T9038] [ 294.185615][ T9038] Mem-Info: [ 294.482809][ T9038] active_anon:8284 inactive_anon:0 isolated_anon:0 [ 294.482809][ T9038] active_file:1949 inactive_file:38647 isolated_file:0 [ 294.482809][ T9038] unevictable:768 dirty:298 writeback:0 [ 294.482809][ T9038] slab_reclaimable:11500 slab_unreclaimable:100762 [ 294.482809][ T9038] mapped:32662 shmem:4270 pagetables:953 [ 294.482809][ T9038] sec_pagetables:0 bounce:0 [ 294.482809][ T9038] kernel_misc_reclaimable:0 [ 294.482809][ T9038] free:1313655 free_pcp:14322 free_cma:0 [ 294.566024][ T9038] Node 0 active_anon:33236kB inactive_anon:0kB active_file:7716kB inactive_file:154516kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130668kB dirty:1176kB writeback:0kB shmem:15544kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11088kB pagetables:3612kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 294.731347][ T9073] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 294.945077][ T9038] Node 1 active_anon:0kB inactive_anon:0kB active_file:80kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:20kB dirty:16kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 295.110335][ T9038] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 295.303251][ T9038] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 295.326882][ T9038] Node 0 DMA32 free:1398340kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:33400kB inactive_anon:0kB active_file:7716kB inactive_file:152688kB unevictable:1536kB writepending:1236kB present:3129332kB managed:2543932kB mlocked:0kB bounce:0kB free_pcp:1072kB local_pcp:632kB free_cma:0kB [ 295.443271][ T9038] lowmem_reserve[]: 0 0 1 1 1 [ 295.461391][ T9038] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1828kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB [ 295.567651][ T9038] lowmem_reserve[]: 0 0 0 0 0 [ 295.572374][ T9038] Node 1 Normal free:3855804kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:80kB inactive_file:72kB unevictable:1536kB writepending:16kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:41596kB local_pcp:28992kB free_cma:0kB [ 295.682765][ T9038] lowmem_reserve[]: 0 0 0 0 0 [ 295.697834][ T9038] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 295.818349][ T9038] Node 0 DMA32: 3*4kB (ME) 31*8kB (UME) 65*16kB (UME) 425*32kB (UME) 153*64kB (UME) 92*128kB (UM) 46*256kB (UM) 31*512kB (UM) 12*1024kB (UME) 4*2048kB (UME) 320*4096kB (M) = 1395316kB [ 295.881659][ T9038] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 295.984656][ T9038] Node 1 Normal: 3*4kB (ME) 6*8kB (UME) 10*16kB (ME) 11*32kB (UME) 8*64kB (UME) 5*128kB (UME) 7*256kB (UME) 4*512kB (UME) 2*1024kB (UM) 1*2048kB (E) 939*4096kB (M) = 3855804kB [ 296.004830][ T9038] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 296.030952][ T9038] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 296.443915][ T9038] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 296.464702][ T9038] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 296.474312][ T9038] 47761 total pagecache pages [ 296.479439][ T9038] 0 pages in swap cache [ 296.485471][ T9038] Free swap = 124996kB [ 296.489681][ T9038] Total swap = 124996kB [ 296.494285][ T9038] 2097051 pages RAM [ 296.498139][ T9038] 0 pages HighMem/MovableOnly [ 296.503238][ T9038] 428962 pages reserved [ 296.507474][ T9038] 0 pages cma reserved [ 296.524382][ T30] audit: type=1326 audit(1746370882.926:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9085 comm="syz.1.1100" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3ce778e969 code=0x0 [ 296.752893][ T5815] Bluetooth: hci0: command tx timeout [ 297.529191][ T9109] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 302.245294][ T9192] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1139'. [ 306.058631][ T9251] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 306.142305][ T30] audit: type=1400 audit(1746370892.536:401): avc: denied { watch watch_reads } for pid=9252 comm="syz.3.1160" path="/250" dev="tmpfs" ino=1328 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 306.874407][ T9276] syz.1.1163: attempt to access beyond end of device [ 306.874407][ T9276] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 306.894204][ T9276] syz.1.1163: attempt to access beyond end of device [ 306.894204][ T9276] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 306.912701][ T9276] Mount JFS Failure: -5 [ 306.960757][ T9276] jfs_mount failed w/return code = -5 [ 308.104642][ T5815] Bluetooth: hci0: command tx timeout [ 309.613966][ T9331] overlayfs: failed to resolve './file0': -2 [ 311.984743][ T30] audit: type=1400 audit(1746370898.386:402): avc: denied { name_connect } for pid=9360 comm="syz.1.1197" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 312.019653][ T30] audit: type=1400 audit(1746370898.416:403): avc: denied { listen } for pid=9360 comm="syz.1.1197" lport=48558 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 312.252793][ T30] audit: type=1400 audit(1746370898.626:404): avc: denied { accept } for pid=9360 comm="syz.1.1197" lport=48558 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 312.330435][ T30] audit: type=1400 audit(1746370898.726:405): avc: denied { map } for pid=9360 comm="syz.1.1197" path="/dev/sg0" dev="devtmpfs" ino=738 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 312.361065][ T30] audit: type=1400 audit(1746370898.726:406): avc: denied { execute } for pid=9360 comm="syz.1.1197" path="/dev/sg0" dev="devtmpfs" ino=738 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 312.564993][ T9373] overlayfs: failed to resolve './file0': -2 [ 312.854078][ T9386] netlink: 161716 bytes leftover after parsing attributes in process `syz.4.1203'. [ 313.905090][ T9408] validate_nla: 43 callbacks suppressed [ 313.905114][ T9408] netlink: 'syz.2.1211': attribute type 10 has an invalid length. [ 313.918803][ T9408] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1211'. [ 313.952786][ T9408] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 314.796299][ T9417] overlayfs: failed to resolve './file0': -2 [ 315.133048][ T3072] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 315.756243][ T3072] usb 1-1: not running at top speed; connect to a high speed hub [ 315.786154][ T3072] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 315.798103][ T3072] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 315.930676][ T30] audit: type=1400 audit(1746370902.276:407): avc: denied { setattr } for pid=9446 comm="syz.1.1225" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 315.953191][ T3072] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 315.966338][ T3072] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 315.975636][ T3072] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.983959][ T3072] usb 1-1: Product: syz [ 315.988211][ T3072] usb 1-1: Manufacturer: syz [ 315.998191][ T30] audit: type=1400 audit(1746370902.396:408): avc: denied { write } for pid=9446 comm="syz.1.1225" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 316.022202][ T30] audit: type=1400 audit(1746370902.396:409): avc: denied { open } for pid=9446 comm="syz.1.1225" path="/240/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 316.044525][ T3072] usb 1-1: SerialNumber: syz [ 316.103935][ T30] audit: type=1400 audit(1746370902.496:410): avc: denied { unmount } for pid=5807 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 316.145778][ T9454] overlayfs: failed to resolve './file1': -2 [ 316.268628][ T3072] usb 1-1: 0:2 : does not exist [ 316.333725][ T3072] usb 1-1: USB disconnect, device number 16 [ 316.400901][ T6822] udevd[6822]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 316.755144][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.781781][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.525385][ T9486] overlayfs: failed to resolve './file1': -2 [ 317.777571][ T30] audit: type=1400 audit(1746370904.176:411): avc: denied { nlmsg_read } for pid=9472 comm="syz.3.1235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 317.893969][ T30] audit: type=1400 audit(1746370904.286:412): avc: denied { read } for pid=9488 comm="syz.0.1240" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 318.139232][ T9507] fuse: Unknown parameter 'grou00000000000000000000' [ 318.579719][ T30] audit: type=1326 audit(1746370904.976:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9511 comm="syz.2.1250" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f11ba38e969 code=0x0 [ 318.836413][ T9520] siw: device registration error -23 [ 320.064625][ T9524] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 320.950696][ T9542] fuse: Unknown parameter 'grou00000000000000000000' [ 321.655943][ T9556] fuse: Unknown parameter 'group_id00000000000000000000' [ 321.978437][ T9563] Cannot find add_set index 0 as target [ 322.132690][ T9566] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 323.389077][ T9579] syz.2.1268: attempt to access beyond end of device [ 323.389077][ T9579] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 323.410741][ T9579] syz.2.1268: attempt to access beyond end of device [ 323.410741][ T9579] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 323.426700][ T9579] Mount JFS Failure: -5 [ 323.430910][ T9579] jfs_mount failed w/return code = -5 [ 323.613309][ T9583] fuse: Unknown parameter 'grou00000000000000000000' [ 323.810565][ T9591] fuse: Bad value for 'user_id' [ 323.815743][ T9591] fuse: Bad value for 'user_id' [ 323.922920][ T6906] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 323.970088][ T9599] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 325.016627][ T6906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 325.205816][ T9606] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 325.234670][ T6906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 325.264804][ T6906] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 325.282166][ T9611] Cannot find add_set index 0 as target [ 325.298596][ T6906] usb 1-1: New USB device found, idVendor=1e71, idProduct=200f, bcdDevice= 0.00 [ 325.317623][ T6906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.361624][ T6906] usb 1-1: config 0 descriptor?? [ 325.375915][ T9585] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 325.893415][ T9621] fuse: Unknown parameter 'group_i00000000000000000000' [ 326.301915][ T9629] syz.1.1287: attempt to access beyond end of device [ 326.301915][ T9629] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 326.315635][ T9629] syz.1.1287: attempt to access beyond end of device [ 326.315635][ T9629] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 326.328886][ T9629] Mount JFS Failure: -5 [ 326.333117][ T9629] jfs_mount failed w/return code = -5 [ 326.877458][ T6906] usbhid 1-1:0.0: can't add hid device: -71 [ 326.878768][ T9634] fuse: Bad value for 'user_id' [ 326.889246][ T9634] fuse: Bad value for 'user_id' [ 326.910549][ T6906] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 326.944246][ T6906] usb 1-1: USB disconnect, device number 17 [ 327.096714][ T9639] netlink: 161716 bytes leftover after parsing attributes in process `syz.4.1292'. [ 327.225921][ T9641] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 328.453785][ T9666] syz.0.1301: attempt to access beyond end of device [ 328.453785][ T9666] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 328.467674][ T9666] syz.0.1301: attempt to access beyond end of device [ 328.467674][ T9666] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 328.481084][ T9666] Mount JFS Failure: -5 [ 328.485495][ T9666] jfs_mount failed w/return code = -5 [ 329.908728][ T9681] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 330.185521][ T9683] netlink: 161716 bytes leftover after parsing attributes in process `syz.1.1308'. [ 330.870277][ T30] audit: type=1326 audit(1746370917.266:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9696 comm="syz.4.1313" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74e3b8e969 code=0x0 [ 330.953012][ T5814] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 331.172316][ T5814] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 331.186082][ T5814] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 331.197384][ T5814] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 331.215039][ T5814] usb 1-1: New USB device found, idVendor=1e71, idProduct=200f, bcdDevice= 0.00 [ 331.231248][ T5814] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.253652][ T5814] usb 1-1: config 0 descriptor?? [ 331.262584][ T9695] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 332.116485][ T5815] Bluetooth: hci0: command tx timeout [ 332.165713][ T9714] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1317'. [ 332.222023][ T9718] fuse: Bad value for 'fd' [ 332.316172][ T9720] netlink: 161716 bytes leftover after parsing attributes in process `syz.2.1320'. [ 332.355601][ T5814] usbhid 1-1:0.0: can't add hid device: -71 [ 332.361645][ T5814] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 332.403567][ T5814] usb 1-1: USB disconnect, device number 18 [ 333.645348][ T9751] fuse: Bad value for 'fd' [ 333.755103][ T30] audit: type=1326 audit(1746370920.126:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9743 comm="syz.3.1328" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6c8d98e969 code=0x0 [ 334.973311][ T9774] fuse: Unknown parameter 'group_id00000000000000000000' [ 335.255950][ T30] audit: type=1804 audit(1746370921.656:416): pid=9789 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.1342" name="/" dev="pidfs" ino=9788 res=1 errno=0 [ 335.330265][ T9788] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 335.335299][ T9790] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 335.760100][ T9801] siw: device registration error -23 [ 336.027451][ T30] audit: type=1326 audit(1746370922.426:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9797 comm="syz.2.1347" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f11ba38e969 code=0x0 [ 336.359180][ T9814] netlink: 161716 bytes leftover after parsing attributes in process `syz.1.1352'. [ 336.547606][ T30] audit: type=1804 audit(1746370922.946:418): pid=9828 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.1357" name="/" dev="pidfs" ino=9828 res=1 errno=0 [ 336.628528][ T9830] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 336.854570][ T5861] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 337.108506][ T9841] ================================================================== [ 337.116601][ T9841] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x549/0x640 [ 337.124229][ T9841] Read of size 1 at addr ffff888034a9f030 by task syz.1.1361/9841 [ 337.132013][ T9841] [ 337.134325][ T9841] CPU: 1 UID: 0 PID: 9841 Comm: syz.1.1361 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) [ 337.134343][ T9841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 337.134351][ T9841] Call Trace: [ 337.134356][ T9841] [ 337.134362][ T9841] dump_stack_lvl+0x116/0x1f0 [ 337.134383][ T9841] print_report+0xc3/0x670 [ 337.134398][ T9841] ? __virt_addr_valid+0x5e/0x590 [ 337.134418][ T9841] ? __phys_addr+0xc6/0x150 [ 337.134438][ T9841] ? rose_get_neigh+0x549/0x640 [ 337.134454][ T9841] kasan_report+0xe0/0x110 [ 337.134467][ T9841] ? rose_get_neigh+0x549/0x640 [ 337.134485][ T9841] rose_get_neigh+0x549/0x640 [ 337.134510][ T9841] rose_connect+0x2d4/0x1540 [ 337.134525][ T9841] ? __pfx_rose_connect+0x10/0x10 [ 337.134538][ T9841] ? selinux_netlbl_socket_connect+0x30/0x40 [ 337.134557][ T9841] ? rcu_is_watching+0x12/0xc0 [ 337.134572][ T9841] ? __local_bh_enable_ip+0xa4/0x120 [ 337.134589][ T9841] ? lockdep_hardirqs_on+0x7c/0x110 [ 337.134607][ T9841] ? selinux_netlbl_socket_connect+0x30/0x40 [ 337.134626][ T9841] ? __local_bh_enable_ip+0xa4/0x120 [ 337.134642][ T9841] ? selinux_netlbl_socket_connect+0x30/0x40 [ 337.134660][ T9841] ? selinux_socket_connect+0x6b/0x80 [ 337.134677][ T9841] ? __pfx_rose_connect+0x10/0x10 [ 337.134689][ T9841] __sys_connect_file+0x13e/0x1a0 [ 337.134711][ T9841] __sys_connect+0x14d/0x170 [ 337.134728][ T9841] ? __pfx___sys_connect+0x10/0x10 [ 337.134751][ T9841] ? rcu_is_watching+0x12/0xc0 [ 337.134768][ T9841] __x64_sys_connect+0x72/0xb0 [ 337.134786][ T9841] ? lockdep_hardirqs_on+0x7c/0x110 [ 337.134801][ T9841] do_syscall_64+0xcd/0x260 [ 337.134819][ T9841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.134833][ T9841] RIP: 0033:0x7f3ce778e969 [ 337.134843][ T9841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 337.134857][ T9841] RSP: 002b:00007f3ce8573038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 337.134871][ T9841] RAX: ffffffffffffffda RBX: 00007f3ce79b5fa0 RCX: 00007f3ce778e969 [ 337.134879][ T9841] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000008 [ 337.134888][ T9841] RBP: 00007f3ce7810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 337.134895][ T9841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 337.134903][ T9841] R13: 0000000000000000 R14: 00007f3ce79b5fa0 R15: 00007ffdb425d1b8 [ 337.134916][ T9841] [ 337.134921][ T9841] [ 337.375364][ T9841] Allocated by task 8100: [ 337.379675][ T9841] kasan_save_stack+0x33/0x60 [ 337.384437][ T9841] kasan_save_track+0x14/0x30 [ 337.389101][ T9841] __kasan_kmalloc+0xaa/0xb0 [ 337.393679][ T9841] rose_rt_ioctl+0x87e/0x1d40 [ 337.398342][ T9841] rose_ioctl+0x64d/0x7d0 [ 337.402653][ T9841] sock_do_ioctl+0x115/0x280 [ 337.407228][ T9841] sock_ioctl+0x227/0x6b0 [ 337.411541][ T9841] __x64_sys_ioctl+0x190/0x200 [ 337.416291][ T9841] do_syscall_64+0xcd/0x260 [ 337.420779][ T9841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.426653][ T9841] [ 337.428960][ T9841] Freed by task 9841: [ 337.432916][ T9841] kasan_save_stack+0x33/0x60 [ 337.437606][ T9841] kasan_save_track+0x14/0x30 [ 337.442270][ T9841] kasan_save_free_info+0x3b/0x60 [ 337.447279][ T9841] __kasan_slab_free+0x51/0x70 [ 337.452021][ T9841] kfree+0x2b6/0x4d0 [ 337.455903][ T9841] rose_remove_neigh+0x25e/0x370 [ 337.460822][ T9841] rose_rt_device_down+0x2aa/0x390 [ 337.465918][ T9841] rose_device_event+0xfc/0x120 [ 337.470746][ T9841] notifier_call_chain+0xb9/0x410 [ 337.475756][ T9841] call_netdevice_notifiers_info+0xbe/0x140 [ 337.481634][ T9841] __dev_notify_flags+0x1f7/0x2e0 [ 337.486644][ T9841] netif_change_flags+0x108/0x160 [ 337.491648][ T9841] dev_change_flags+0xba/0x250 [ 337.496407][ T9841] dev_ifsioc+0x1498/0x1f70 [ 337.500919][ T9841] dev_ioctl+0x223/0x10e0 [ 337.505238][ T9841] sock_do_ioctl+0x19d/0x280 [ 337.509812][ T9841] sock_ioctl+0x227/0x6b0 [ 337.514141][ T9841] __x64_sys_ioctl+0x190/0x200 [ 337.518910][ T9841] do_syscall_64+0xcd/0x260 [ 337.523411][ T9841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.529311][ T9841] [ 337.531620][ T9841] The buggy address belongs to the object at ffff888034a9f000 [ 337.531620][ T9841] which belongs to the cache kmalloc-512 of size 512 [ 337.545766][ T9841] The buggy address is located 48 bytes inside of [ 337.545766][ T9841] freed 512-byte region [ffff888034a9f000, ffff888034a9f200) [ 337.559482][ T9841] [ 337.561802][ T9841] The buggy address belongs to the physical page: [ 337.568194][ T9841] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34a9c [ 337.576948][ T9841] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 337.585442][ T9841] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 337.592999][ T9841] page_type: f5(slab) [ 337.596972][ T9841] raw: 00fff00000000040 ffff88801b441c80 dead000000000100 dead000000000122 [ 337.605563][ T9841] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 337.614144][ T9841] head: 00fff00000000040 ffff88801b441c80 dead000000000100 dead000000000122 [ 337.622832][ T9841] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 337.631488][ T9841] head: 00fff00000000002 ffffea0000d2a701 00000000ffffffff 00000000ffffffff [ 337.640138][ T9841] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 337.648787][ T9841] page dumped because: kasan: bad access detected [ 337.655177][ T9841] page_owner tracks the page as allocated [ 337.660892][ T9841] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 13045045600, free_ts 0 [ 337.680776][ T9841] post_alloc_hook+0x181/0x1b0 [ 337.685530][ T9841] get_page_from_freelist+0x135c/0x3920 [ 337.691073][ T9841] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 337.696953][ T9841] alloc_pages_mpol+0x1fb/0x550 [ 337.701783][ T9841] new_slab+0x244/0x340 [ 337.705945][ T9841] ___slab_alloc+0xd9c/0x1940 [ 337.710607][ T9841] __slab_alloc.constprop.0+0x56/0xb0 [ 337.715964][ T9841] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 337.722361][ T9841] krealloc_noprof+0x157/0x380 [ 337.727106][ T9841] add_sysfs_param+0xd3/0xa00 [ 337.731768][ T9841] param_sysfs_builtin_init+0x307/0x4c0 [ 337.737294][ T9841] do_one_initcall+0x120/0x6e0 [ 337.742043][ T9841] kernel_init_freeable+0x5c2/0x900 [ 337.747226][ T9841] kernel_init+0x1c/0x2b0 [ 337.751544][ T9841] ret_from_fork+0x45/0x80 [ 337.755953][ T9841] ret_from_fork_asm+0x1a/0x30 [ 337.760702][ T9841] page_owner free stack trace missing [ 337.766052][ T9841] [ 337.768387][ T9841] Memory state around the buggy address: [ 337.774010][ T9841] ffff888034a9ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 337.782078][ T9841] ffff888034a9ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 337.790132][ T9841] >ffff888034a9f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 337.798176][ T9841] ^ [ 337.803790][ T9841] ffff888034a9f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 337.811835][ T9841] ffff888034a9f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 337.819873][ T9841] ================================================================== [ 337.827991][ T9841] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 337.835187][ T9841] CPU: 1 UID: 0 PID: 9841 Comm: syz.1.1361 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) [ 337.847170][ T9841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 337.857239][ T9841] Call Trace: [ 337.860502][ T9841] [ 337.863419][ T9841] dump_stack_lvl+0x3d/0x1f0 [ 337.868005][ T9841] panic+0x71c/0x800 [ 337.871892][ T9841] ? __pfx_panic+0x10/0x10 [ 337.876297][ T9841] ? irqentry_exit+0x3b/0x90 [ 337.880872][ T9841] ? lockdep_hardirqs_on+0x7c/0x110 [ 337.886056][ T9841] ? rose_get_neigh+0x549/0x640 [ 337.890895][ T9841] ? rose_get_neigh+0x549/0x640 [ 337.895746][ T9841] check_panic_on_warn+0xab/0xb0 [ 337.900701][ T9841] end_report+0x107/0x170 [ 337.905026][ T9841] kasan_report+0xee/0x110 [ 337.909431][ T9841] ? rose_get_neigh+0x549/0x640 [ 337.914273][ T9841] rose_get_neigh+0x549/0x640 [ 337.918947][ T9841] rose_connect+0x2d4/0x1540 [ 337.923524][ T9841] ? __pfx_rose_connect+0x10/0x10 [ 337.928539][ T9841] ? selinux_netlbl_socket_connect+0x30/0x40 [ 337.934506][ T9841] ? rcu_is_watching+0x12/0xc0 [ 337.939281][ T9841] ? __local_bh_enable_ip+0xa4/0x120 [ 337.944553][ T9841] ? lockdep_hardirqs_on+0x7c/0x110 [ 337.949734][ T9841] ? selinux_netlbl_socket_connect+0x30/0x40 [ 337.955703][ T9841] ? __local_bh_enable_ip+0xa4/0x120 [ 337.960985][ T9841] ? selinux_netlbl_socket_connect+0x30/0x40 [ 337.966951][ T9841] ? selinux_socket_connect+0x6b/0x80 [ 337.972308][ T9841] ? __pfx_rose_connect+0x10/0x10 [ 337.977317][ T9841] __sys_connect_file+0x13e/0x1a0 [ 337.982332][ T9841] __sys_connect+0x14d/0x170 [ 337.986912][ T9841] ? __pfx___sys_connect+0x10/0x10 [ 337.992014][ T9841] ? rcu_is_watching+0x12/0xc0 [ 337.996763][ T9841] __x64_sys_connect+0x72/0xb0 [ 338.001514][ T9841] ? lockdep_hardirqs_on+0x7c/0x110 [ 338.006702][ T9841] do_syscall_64+0xcd/0x260 [ 338.011196][ T9841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.017073][ T9841] RIP: 0033:0x7f3ce778e969 [ 338.021472][ T9841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 338.041066][ T9841] RSP: 002b:00007f3ce8573038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 338.049464][ T9841] RAX: ffffffffffffffda RBX: 00007f3ce79b5fa0 RCX: 00007f3ce778e969 [ 338.057417][ T9841] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000008 [ 338.065369][ T9841] RBP: 00007f3ce7810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 338.073319][ T9841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 338.081269][ T9841] R13: 0000000000000000 R14: 00007f3ce79b5fa0 R15: 00007ffdb425d1b8 [ 338.089227][ T9841] [ 338.092424][ T9841] Kernel Offset: disabled [ 338.096723][ T9841] Rebooting in 86400 seconds..