last executing test programs: 21.000575044s ago: executing program 0 (id=1459): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0xe) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xe, 0x10, &(0x7f0000000740)=@framed={{}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x8, 0xfe00}, {0x7, 0x0, 0x8}, {}, {0x5}, {0x7, 0x0, 0x0, 0x0}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x1a}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) lsm_get_self_attr(0x65, 0x0, &(0x7f0000000080), 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x0) 19.845015014s ago: executing program 0 (id=1462): memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f00000004c0)=0x3, 0x4) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x36, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1800000007000000000000000700000018110000", @ANYRES32, @ANYRESDEC=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000b70400000100000085fcffff810c0000b7080000000000007b8af8ff00000000b7080000030000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000150a64680bad9f48b626bb39950614b2ff7c54f0f7441e4fc171ad95a53b1a0caad5cc081047f4e31f906a7d7965ef313bc017fd22b013aaa2ffdf322001691aedab65d61978f4f3029df2d286eca8c8a1b54d52ff61e306aba6cdfc9ce58daee4f0e561a6217c96475dcdde26054ec4e2d44a4f4756d21c14f05b991adda1ce65a96ecd055265f2aa146208003ac656544de137eb5c8d14dc612c29c1d599224a0552046bd73bfdb912aba4b60eeb2f9945b7c12c6e4362cef72268d8098784407a2bcd7decb6fa4b33d9eafa02622fb3d0e7a98e225836afe41333e6b2231c9125209e21da181c99ec159f3260224d571303182d8d41683e28d7c40b1912db00"/396, @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000018610000010000000000000004000000850000003700000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000083940000fcffffffbf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa, 0x95, &(0x7f00000003c0)=""/149, 0x0, 0x0, '\x00', 0x0, 0x17}, 0x90) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) io_setup(0x0, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e320d021b"], 0x35) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xf}, {0xfff1}, {0x0, 0x10}}}, 0x24}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f00000001c0)={0x48, 0x2, r5}) set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r6, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000000b600ca"]) syz_clone3(&(0x7f0000000780)={0x212028100, 0x0, 0x0, 0x0, {0xfffffffd}, 0x0, 0x0, 0x0, &(0x7f0000000740)=[0xffffffffffffffff], 0x1, {r1}}, 0x58) 18.528456615s ago: executing program 0 (id=1466): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r0, &(0x7f0000000380)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xeb6, 0x0, "85f94609000000000000000001000e00"}) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r4, 0xc1205531, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x24}}, 0x0) r6 = epoll_create1(0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000004a00210000000000000000000a008000", @ANYRES32=0x0, @ANYBLOB="00000000140001"], 0x30}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r1, &(0x7f0000000600)={0xa0000013}) ppoll(&(0x7f0000000180)=[{r6, 0x1011}], 0x1, 0x0, 0x0, 0x0) r8 = syz_open_pts(r0, 0x0) r9 = dup3(r8, r0, 0x0) r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r10]) syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x26002) ioctl$TCSETSW2(r8, 0x402c542c, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "23fcb273b504badcdb52587dbdfe7da40ef525"}) gettid() r11 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002d80), 0x2, 0x0) read$FUSE(r11, &(0x7f0000000380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r11, &(0x7f0000000000)={0x50, 0x0, r12}, 0x50) 12.812679211s ago: executing program 0 (id=1488): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCSFEATURE(r1, 0xc0404806, 0x0) 12.638419652s ago: executing program 2 (id=1489): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'vlan0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=r2, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e"], 0xb4}}, 0x0) getpeername(r3, &(0x7f00000001c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, &(0x7f00000000c0)=0x80) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6_mptcp(0xa, 0x1, 0x106) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000140)={@mcast2, @mcast1, @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0022}) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r6 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$selinux_user(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a70616d5f65786563ff003a733020756e636f6e66696e65675f7500"], 0x2d) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'veth0_to_batadv\x00', 0x0}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002a40)={0x58, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}, @NL80211_ATTR_IE={0x4}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x58}}, 0x0) r11 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r11, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x6, r7}) r12 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet_SIOCSIFFLAGS(r12, 0x8914, &(0x7f0000000100)={'veth1_to_bridge\x00'}) 11.433955246s ago: executing program 1 (id=1494): r0 = syz_open_dev$video(&(0x7f0000000040), 0x8000a7, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05640, &(0x7f0000000340)={0x1, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}) 11.373450416s ago: executing program 3 (id=1495): r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) r1 = syz_io_uring_setup(0x1911, &(0x7f00000003c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0xa3d, 0x0, 0x0, 0x0, 0xff39) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"fe403ca4", 0x0, 0x5, 0x81, 0x0, 0x7, "de6c0a5bcee099303c9842579a1c19", "dba0a737", "4da264d5", "e75aef41", ["4fdd51b5a333d64fd52f79de", "0c13895a26e4cb6b2f9782fc", "674a440d6cdaaf6be57cc8cd", "2d66d59cea6bb67af44fa6da"]}) 11.359634187s ago: executing program 2 (id=1497): socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0xda, 0x0, 0x1}, 0x48) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, &(0x7f0000000180), 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000ac2000/0x1000)=nil, 0x1000, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x0, &(0x7f0000000000/0x400000)=nil) madvise(&(0x7f000018e000/0x3000)=nil, 0x3000, 0x1) io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0xda89, 0x80, 0x0, 0x5b}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r3, 0x0) add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f00000002c0)="1d", 0x1, 0xfffffffffffffffe) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x4000) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$BLKZEROOUT(r4, 0x127f, 0x0) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0}, 0x10) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800}, 0x20) r5 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newneigh={0x30, 0x1c, 0x401, 0x0, 0x0, {0x2, 0x0, 0x0, r6, 0x2}, [@NDA_DST_IPV6={0x14, 0x1, @dev}]}, 0x30}}, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) 10.368172271s ago: executing program 2 (id=1498): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="f8000000160001000000000000000000fc0100"/32, @ANYRES32=r0], 0xf8}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001000ea0304000000cd8993b05b2f270000000053fe7cad", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e00010069703665727370616e000000180002800400120005001600020000000600180000000000"], 0x4c}}, 0x0) r2 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0x22, &(0x7f0000000080)={{0xa, 0x0, 0x101, @empty, 0xfffffffc}, {0xa, 0x0, 0x0, @dev}, 0x0, {[0x1]}}, 0x5c) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x3a, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bd2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) r6 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000540)={0x0, 0x801, 0x0, &(0x7f0000000480)=""/144, 0x0}) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000040), 0x0, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) r7 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r7, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='quota\x00\x00\x00') ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6) ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6}) 10.367768655s ago: executing program 3 (id=1499): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x800) openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000040)={0x0, 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@ipv4_newrule={0x2c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0xfffffffb}, @FRA_GENERIC_POLICY=@FRA_SUPPRESS_IFGROUP={0x8}]}, 0x2c}}, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) dup(0xffffffffffffffff) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r6 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000840), 0x1, 0x0) sendfile(r6, r5, 0x0, 0x5) ioctl$SNDCTL_DSP_SETTRIGGER(r4, 0x40045010, &(0x7f00000000c0)=0xfffffffd) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x5}}, 0x1c) connect$inet6(r7, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c) sendmsg(r7, &(0x7f0000004740)={0x0, 0x0, 0x0}, 0x0) 10.366310568s ago: executing program 1 (id=1508): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)={0x2, 0x6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, [@sadb_key={0x1, 0x8}]}, 0x18}}, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=ANY=[], 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0xbc) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000d00)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x5}}}, 0x24}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = userfaultfd(0x801) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) bind$inet(r7, &(0x7f0000000100)={0x2, 0x0, @dev}, 0x10) connect$inet(r7, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000440)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @dev, @local, {[@rr={0x7, 0x13, 0x0, [@private, @empty, @empty, @private]}, @timestamp_prespec={0x44, 0xc, 0x0, 0x3, 0x0, [{@loopback}]}, @ssrr={0x89, 0xf, 0x0, [@private, @broadcast, @broadcast]}, @timestamp_addr={0x44, 0x4c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@private}, {}, {@local}, {@loopback}, {@private}, {@multicast2}, {@broadcast}, {@broadcast}]}, @timestamp={0x44, 0x4}]}}}}}}}, 0x0) ioctl$SIOCSIFMTU(r6, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r5, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) 8.347590406s ago: executing program 0 (id=1502): r0 = syz_io_uring_setup(0x1428, &(0x7f00000035c0)={0x0, 0x0, 0x10100}, &(0x7f0000001280)=0x0, &(0x7f0000003580)=0x0) r3 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = dup(r5) pipe2$9p(&(0x7f00000001c0), 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYRESHEX, @ANYRESHEX]) write$P9_RLERRORu(r6, &(0x7f0000000040)=ANY=[], 0x53) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$binfmt_elf64(r6, &(0x7f0000000340)=ANY=[], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f00000007c0)=ANY=[@ANYRESHEX=r4, @ANYBLOB=',wfd', @ANYRESHEX=r6]) lchown(&(0x7f0000000680)='./file0\x00', 0x0, 0xee01) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)='./file0\x00'}) io_uring_enter(r0, 0x291c, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_mreqn(r3, 0x0, 0x20, &(0x7f00000010c0)={@empty, @initdev, 0x0}, &(0x7f0000001100)=0xc) sendmmsg$inet(r3, &(0x7f0000001140)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000440)}, {&(0x7f0000000540)}], 0x2}}, {{&(0x7f0000000600)={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f0000000cc0)=[{&(0x7f00000006c0)="e86948018f2c65c89cc8627ea714c8ef24b9ce0e2e949d78ecde14b095529ffaaae7bce334e1cc7d347e3e4ae0fa5419ff89c0bec6c8badeba49b9216dbcd8f5659e8db9c0da", 0x46}, {&(0x7f00000012c0)="6b37d85e065ef68da9d1b4db7de5a1204c6d6d72526ab81092f30751f0a763148e3457881849229121778e6a3d85c7aec1358cb135dff979b682ecbc0f380d32e4cc0fa013105cf0f5d1b38cef869cd3b09c756fcf8e5ed6fe6206e4f1774d28180eebd4eb98e2b371a9deee148f190a16d7a3498edd66e58c40fb29e57467590d9363e9c50eddf4837b23eb6b5a5608e38b9c0b9f2f0b4e95d00919422d69bece934df57350f2d7cff312cedcef0619230e5845dfd29dff72b2044cf6b8be9fa0a5650d1a731f889971eb74e6606a0f0adb668fa47d2fcd8370bb15e1df96cf6ecf6c334d07a0b692d3d21cf05f3beceb61345542e6c990531ce1ca74a83d5994b78b6033ea80b31d6a18a7c00e56d01c2c9b9c0fb63b5ee24814efd74ba9814c2a0d3bf15f6f17d365c0f9d1a9cc1175d362289da6a848182a1fe5b3da1096f5260e1d6a341760857ce7e5aedbc4bcacc28dc0ad019badb4e4d2ee8456644da26263bb745e430ba2d05dee24513a691e27d7126035e2f8fa2f709de4860d04733e787c1cd628745381c53ecc662fb605b579b2abd0201278067f4202956ec79123e82491245212fac0f69fc211c8b85294844aac4023219237951f9391ffb92c8fbd47999e29f50588e94f12af863591ed1d53460820b87295a136bb1deb41e92bce12bcf9c7a3303efde9f7cef5c04a4d1d1258c7c9e2cabc3fd9ceea80cfa122b0b76fd72f9805cb488fa4caa3f2b54bb283117ad2eafb1ffa440d88ab1f339ad4b065ffdaf42cf076a98d50378895fdbf5fdaeb0a56d4b69aa2c64ede4a50c0b35c7cb7a53209d6f1e8a0919459501693cbf5609ab5ee3e3dc2c47d8630f38521931fa48f447f69bf50d32576b0bb0fd5b6262d6ed5feaa214e968765c99e76b0f05c83c6046f8899ae23ac34ce3afff0ad5c1650dff7403dd477d999138214568cc308c016e42b926ec89f681e640693b8b3f0fb507500a4e716103ae1c63e686fe38ef394cb7125aaaeac9b1590d0d84c240083b63500b1cec47a0893c8f4d6e36224fda33395800c911125cecd86366e42c8475c7339583f16618cc353974290634b9e98d5dc8a1bc9d503a4ddf9688f890cd6a14b09173f48636a44971b58cdf630026c5be693e0a57798b6fa992a782e94cc5d65e80557892420a55802300c667ba29c29a6d38a01023bcaac8415f5434648f94eeba16590ddea2911db77c7b67614b72006e5fdd01a4ea25d8f21304a5a02718d9459979b7da7c3dbc84ac6169545413bbfa4f3f86399da9d009e4e9605cbde2f8e6d4c88334229f4491d5be27476d55bde25ecb03b9645d60fd5038e5eb674fab61a16c42dec0b81c8c20816f7fb9d21d2efc838517a59089d51c9a4c686eec43c0f0a30bbb10f54094cf5234c74d737fb3f7d35f3300e4942a781b4833675a9b2d883a1ffd9b7f1b5abc89394db421d6ad81a51df19df58d7e2eed1866d31cf6bfb1eacc88e30339b40022db302db2a35592aeece98fb31b56e9ed516e87501fc1d4efd90b982e1c9ace771f537fc9c62d2fd267ee46af3751589d42f5d6c596980a27582d1dded5c3c85cc72df4dc4977a462f34d0a075c35e8942886010d61a4bf2867b3a813d3140862f244f2f61033de6e7d3063dc09b2725b220ec1af8d5616a42d6ade99a505c1b053b37d4b520770ede1d8d9340881412bc7c2a651499a0e969366b8acaf7a2f5a71ea335deba07ee3c3bdea81a567fe83684cdfa48432186509d1a18cfb88dad4c6bcaf5765dea33b6648aeb0f44b7a90b732b6b1775cfb657ce07b2239fcf6b8a74991aa13c21a1220a1e3dbe856d5eb88ee55042c251ef2b8bc0df1ec147c57dc41b39a3f515aaca48de1f000ce76502b16a38dcdb031da4f76261f00799d1c3d3ba1b0a8209ae60235e86081737eeafb952ab36f5a2e95eb2423802360679d573c83349e48449777826aed655ebc691a3142b57dcd6c3a9997968bbcd9055b944f4bbf669fbf06a1f31341b67aa6e1bfc82b418675ac60b07785f40f0a88ea054bd15c0cb60636c7ea15a6eb046a0624d3586c0568507ebc9479e6fb750ca89d0344a6cfa977104b8d9c919ec27ec4fa99030c93752a26ce3feb970651d957e7bc608b9ec3619e9ea78b8196d0624b21749fa84e4aa7366f98e7f342ca0991d8249874a3d617ff2ed13ddc1f8a35dca40e994d1bb53e6ce0f159f06808d8356b32b0623328a8a40a5e5c97c6f8aec8b03b2df75b2ff45667c5732284d020ab17689a2331b593911d505aba398894d54f94864cee206aaae39db503bb4dfca838afb6f150f0ff3c977929b10e425d8ff42a5989f4502311206a85a4917571979947e3e60b006c5914295aa1d2a6c666ca2baf6b814b8f98023a112fec84f1b6352f81f17ea648145f0726cd5567a7cbefec1167f406dd5e53e5b8fb6aa351312419bf91d3b9cb53cbb6abc61ce409253e9e00a65b7ec1dec3f3a16fa597357119fd9f234071e3a757221be55988bcfb56a95bede1b5779f097d3120875880b5feaecff1afbf38891f48cce08493f5d1647e85d20eb27cab65e77ded564ee4a7c6e76c84fd8aa8f21acb730f68569c30823ae734a44b8db275bbeb4810a1dd65756f9293d60e5b5aaf1676677e0f60e7edde2a11703d2b1071887294b720314c2ee14eaa0f08328b5cc7799d6a913985968db3e3167fe3b7f8a56b15c58a9a29d1b7b488db4f0cd7af025a967317c59cbe4cc5b1a64ceabbcf4a485b2b7fb2f3926bec479c1c3181cdfa9aa2a36b6fed5b5fe2e14b9d4c333882974a3dccf4fef86320bfa048ae54e0cec32e4a270c7b6266cf2d6f4fe464fb523268af223fad748a5d77461a7573c1e74567ea4c78e539453f1598fcd2a42eed261affd272c247380568a3e7ec4f791f142c34f16ea599570ac55a003de52d893fb865814c82d4a925457b75c2c838f2791cbfd513df40c9e40ffa17b167320662896131ae73fce2c6860815da1c59f13d721872ed0eea1517d0ee7d44cae38719b93177a1491c7652dde7883c59f1bf64922eed0cd54ab82e6a5f3d75237cb6c7d1a632d694b856ffe70bcf13fe16453d321e64435a650fbf1fb8dfa5649d2234ef66a3b2ed05486ff76749ddf80c29f471d3c044f29828a8da77f6c7152f830e55e0a013a89d124143e24ac9d3ac6233959c8b4cf92941fd151fc359debf76736493cbcea5b3565cda3ddb99089e4604150f6588f9d913f5dec2c5a287ade31721ecdc02be14cb36bdcbe10121ab45aa7b72a79e52ae689ff97f81363025221a8ecf863282cf58f8ee8f2553f9abc95f4c9c6eb67b10e55f80b44d5496bbda622eb3e5463dccdfed3471edbf08995dfbcc121e2d051d58d0a83b7fa4e3999b21c4daa938ebadba06b79017065403b0779e5d275905c792486180543392316facbae10394c3bcb73d1bf4f83f8ffeffb62028427368cfaf9b9422997199b9f18d4de3ebd9b8c9f793851e043a447b0399a2eed78b90cb3f59d024925a4f708ecebba2050c73d3e6c2b7d2ba7223ec991078f71a25aa2640f567b3c5f2c2791777f91036b51ea0eddad8541cab08e11a0ce67c69687ce27907f31718876842d6912f84b2692b55c56b81faf45770824885ca8d5cc95e1df7bc724b081449a4329fd838679696c5df1840322dd6170ee84054b5dc0194f99e76582e638a5f5bde21fe7ecc1c2b057e6c959b39b1267df1424c6b3cca8f730bf576214481dde5bf68eb9e84e0743d22b1848017bf2e02bdb756c6395ed232a88f60c7ce0c23ed3368dd2f99aa2dbeece7c3d7432c6c94ba8c5c8ff4d2d58da0b73733a66f719661892761d6c6605b862593aa0ca5db8af773a5b0d0eac3ddd1d881f252df1ddb84cccb2a902098171e1d315850fc4c0ed510eda8beea472c025121e547edfedab46ac6abddbeedf126280126c7c41907a659866d63811a1e6ffd83a80971383b15f9738a3f567dc542707f4ce5009392475864efd9b501540e9fd388c21976f390ae766a90f566606f3b9ebd14dbc0bbe7d82c638560bfe8b2e428039bfc958d724ce4207481b4fb5668a423c77c18955ff33163f7c5e53efb4d2f6b4dc16f0995232f287deadf4aa9b9b16722762d23903aeb933ce79edcdd1c3105c657d4501d3c86ecf8cc1e2b3b970e862bc7a7fd3c80054bd614cb130e7d9c113bd9d846f6d93031d622afb57ae53914f2aef8cf822d9b459edbe3b93c3e51035ee04f66bcbc5e5ef9bc887dd49968a908b6e2de532319e273a5e83a6f7f9d958bf32dbbab9ff1e13d72a70e692e462a14d7dcee90e493092f368e8d8cca5a9aa8517e1a94f44d72471c5b11b1e51b97e25dfc3bc4b8e84b15d011bd1f229511972471125102fa79fc4d98f816b6729dfae5f61014099590804b2ba765c6ff64bfd754e833d0e853189401adc38b4844ae94ddaf9a68c95d98f1743df3597fccbb2fceef268f87f3dd232baaaa8d4813c2be53b79f5fa08bf1cbf8d7072c04c97b7c2a6fb378635329c3ad6df51d4e5eebed66cca071e262ee8dc5ac9183b562007b23861f3b0ed158011a397fa408d5c25257d98943446d0c55a5bbbaf1068da6c094a8287dbc20260319067ab0be78c27ce2fd2e037287adcbff30fd355136a52c9426372042a39ca154d5122356d0b1f887e847f81ff6c4130057c59061ec89867e4e77b84669df8f8204a31074574073ec658e4aa51e5d0aea2cfa43e76e76f02981089fe3887bbde73fca507af60de32356233eaba9644379ab4948abca7bf9b0ba7aeab5634f7e3c51df66edb728d8eefb31ca4e5bd432b2719b473351b5e6dff3a90df2f8a406b6b6ae729654cd4ec206379b7f51a8de772a4a7e060a3d39b1e45615ba4171583c681295e919a54c280237dfdbe8b3e9bc50521d20ea5b717ad919849266e4a3891c1545b78cee29007379409f06973d301586af0f56a7316becfca87bb257eba04f757c5838f3c3f434d31400e907b4dff612bbb674d0a6dcf029a4f07b53bbe73ad7fbcb7d0e5d19d0b64c6c28b857c46342be3482ba9a3f8eb17839f62973d88b3cfeb5548b7255f06c02fdd545b348be430423c3378fda9921ec99aedae578ceb652ece02559de7cb41282672e53e846bf57f606f93baedef6252fe92c0b41d2c98f62c0a258e8519f0df3d4a9cdfbb91c29f1861896e373ef7f3c95683f547456a6ef15afb21294bc915908c8c5c3d5e943843d894e51131932156baf41d69de0bd1c00f03359c5fdfba64a8cacffa22f01fa98f0fa245be32022f48cc5877feb9a51df8f39210531d2e23b5858e17c65951272bcad083702f1446c29c2e7da92cec2c204fae90b3c9d346d8e50c2a76b7a35c3a52e33a7ad46673abcb512c503610a926237637d621c07def9196888ce9d6dcbe821d3390bb51dc429d28134075b9406e50263b8c1f5e5364bcf2f837c437c5c25202a7e7e283313d86eb9b36ef18cf6401a7cf8aca474376ada2666041799921cb97015acf6b61f0873390a6a1638b7ff7113e6c7161be40c3c6307732b6bfc5710975009d577c3642bd2aed9807131fa050c71be949d9990525c4eb84e155615d9432b349019c4b6bff58e2654498220bca48451c4eb89af18ed1fd68c8797fab0edd4b0b35ef5b8b8fedf091cc91361dff56616317c07374f3722c71eec17b65f3cda0324db86320f1f8feefbe9dfb17eb34fd27252ed4a90e", 0xfd4}, {&(0x7f0000000640)="2258dde761a4be4f8a55c89aabbb50169e817e316a23b3850ef60613da84d21fc1e94ffc47c702", 0x27}, {&(0x7f0000000740)="d827f114ac8b854dc6f25765d9d1d0aa6ad9d1fc7e35204fe61cf8497ef268a2652192f7e76cce68bb8aea8f3422f0fc56f010c3557d4b79006388ff76ead11036307babd76acea15b30d53a8c1d4ae2", 0x50}, {0x0}, {&(0x7f00000008c0)="403caaf44d2425fe43fdb5563fe8b12e0e8c6f8fd2fa84dce06d577e9447ad6a5e8b726215c1bfd95ab369de4938a1f3598219e53b10243f9a9cdffeb8d683d79c7d885008a7cb2b57c18e15bdac38bcf8b7cc9c26f95eb6fed4950f800ede74ca58df5b5e7c1cb54475804876833d37284a517991b8f2b961b831c306049173ff393c33edd4ad2c28fae32a58f252a3b474af42ff9f2fdf3d61fbb51a960cb2ed45ab3c1b652a0c565aa43f7f87ee20b35944a98330c525a67fc2496635b9b6a4c9ce6b6c7027972ec574692ca6bdbef0c4a651cf428898520f44441940b5d1cf54a2fc2a6e3815d719d1b1c31055a671c947a0", 0xf4}, {&(0x7f00000009c0)="089acfa24418465e4905b5f54ca9a4f44f7b1b50b07ceb01ffb6bba19dc2ee5772b7a71ea64f3ed870cc0aa45ac3cf22a90bb5176651b9d13af95f47e15506d02ec4b50f146b9d0dea310a80ecebf488b7304ce4705507f9c78efebb5958d8c7135b1fe9b06d9b949a61b70656f1ee9309714eeb3390fe4049987edeee516590f73916944132c67f85ff2b4be6c96ae0e3ce0e44b710cdf7e9d8d80a0dde58ad7e29a72f037a3e0e4bed326718e564c1c1d724cdc91ed621f64221689b3972553bd0acd8f0b87fea761f2a4315b9b96140d07ee991ebc1658e", 0xd9}, {&(0x7f0000000ac0)="184e5156abcdb6b7067a57c110a29bc3ebb0421df80cd49934af68a27b84fb319bb5d50653f65068e06d2d04e97810d777c8e1cd2288260aea64c7d70877205a4a8af7f920bebf840bea59866448745830db59a41a4cfb677cf6dc750b07feeccd768aeea1892e", 0x67}, {&(0x7f0000000bc0)="fc4beb4f217dc717562799b050f54e74f6b713c071a4d5ceac73c3f90241ef967d3564c82d64d4edfb7e7ea6b1e10ff8cdfb758551ddc38adf225a59088ab4cabc1a8fc02f384d00e0e25dad9b8fe7675c4db843bcb95aa88d0674a14b70701f1e7e7bd2468cc7bbb28e27e63228b1b2a7187729efc5287264f2f729914080bcabae455faafa163cafa0c5ba5ae06a3aa9d522e41e2ca84389314d12e7bdf8ac41331541b9cc066771742a4ce49fd38f0065b3f5a5d6b4f7d4f08eb1", 0xbc}], 0x9, &(0x7f0000000d80)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x7}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x79}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1b}}], 0x48}}, {{&(0x7f0000000e00)={0x2, 0x4e22, @loopback}, 0x10, &(0x7f0000000f00)=[{0x0}, {&(0x7f0000000ec0)="928c31b1216dc72a2d891f5047a3cfdb638648a924b47b59", 0x18}], 0x2}}, {{&(0x7f0000000f40)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000001080)=[{&(0x7f0000003640)="5e796ab985412c387f227a7d9ef4729d95d64d969d9f79c4227ba8b4e8c187460e8397e6d97c23bee00223c722f11e269e6b4ccf04f1f551b96bd0073fcdfb602fd8bb12e675a10b74842f2188379e4c9d24eb8eb5324b0af03ce4e6b7a5974b3b2daf23093d0784fafbb0e247666a685db34951b271cf0d7212d28ddd7128e6283893d85073e07ed689ca526b418b8f0060f8bd6c6657491606238d3ed11cc309c7a05d34e9a9e885a4007d0925999e9f57d8c71ca48054e23af689f5b28c3d5a8f0e83b13b4d91c2d96e788afb6ac9f378997df045de442eb829a9503f8101e685491d2b8a8b7f38f41bbd7bbb9d973a8d50244e0f5279b8ed17a3d142798f82e9327b068adf821d875c50c56cc29bba48799252822e609311f5d2e17a070db8049992e84797519fb28dddd5d85229e51be6fc3f515f761d91144aea3160f18ba0c1455df81a3e1c0c70dfdaaa129440d493b1cc011d0a05f278b2e3a2878b7d2a99a38ef69eab52d28cb6ec140ee0b09240c3652f44efb7fd1fff44f1b4dea797811078515c3cdccc3fa86623a4027ac942560885c3c703b989332bfbb8dd143c0664560a29191b85c8a0906036f33bed5d2fa53e6222da37fd810fddea41ee55c830f242e4d6465570f6509b3ed67476a5b4672d437f8b75265df3bd53e5b4944a2100c739306f5060e52605146e2ee684d10859e018224ee5b8923b59794e2cdc3abd7a32313c8f9f503a57c53e95ecf396e469314262eb05318b1a1e787e17f7d2a827986803f0213516f925aafd1d8f4eab7bd4c802c0205507026172792cbeb5d7a2d7a720424690a4155b09db4b0a6bf08dcb035d250fa09c5a0d710eab8d18f2f9399c2d807016a7553f1d62cbc0364207bbc127fa877577735b1c6348791a3f89ee25f1dac441f063185249f36785016ea316a7add47f756283d4db36db29cca991374c32da116aca47560200cbbb97a1151956006b804528ab7220ea11666dadc35d1d8b1a45e7794647f438a77aa2c14f57e919e24e677982660e074ff52848ac190855c8919e7f4d5446ac52b68857104f3792dd9fb742c81d35cf43b8bab24265bc23cbeedd2cd9f8d026f3f8de3ece156b33199402c7941fcea46fa4d231fbf31bd164902df5e312f01894e817866cc6212c9a717598fb0b30473bbbd836fa0cbd1d7d9b10a59a9bffc9510dc5291c8f9437e517d21ea5ddf30dc711f6d010e98ab975d50d5ff6c7b9873edf9a2159cdae22535190ae63f821fc5da87ed9595a73b4d75c4dca9c40374944b96b9fff0bb70625af725155a3f30b39c47e1cacbf23188caf2a88f7c4a86ee7a72ae9b49629c4e5beb4f255c5809ba359b2354d67ece2b6589554085c0561ad7796b19c7a5a3d8a5f369c58eddf75491fccfefe2c2329c149720c7cfd30515e587beb0fafd29289f48d565c62914c10a9c1b1702cd500336effee36030b92fee9f61dd41c9db9a4dbccc86ec84d9957e63ac314146adc296930419d08967359d7d115b18669412e574e81db97a73a3994af51b7db178112c177890629f2b4184415b94e1d5ba2d510d6691ee9c8dc040e87f75b581f3487206f975c3ac9e6a4ab7a271273d590eb01ef2cd774dfb059e607338a5cbecf586a4bb6596016b14a082352a25b1b9309df5eae3c156cf6ff1c5c4347204dfd96c9c4cd5b30eefd762a524a1f0ae433b9280937f905703687daa06486e1179adb8d14f410b89040d2e5616df7746273572eccf0706ca47f7bed0084d68e551f7e7bc34eefa2e146fb4b8e6f15a5d9f8a836abf6e157330b7b2a010c235ce2ada4f4bed5ac5f625c07a84ad6cbc62c41807896ab6056ee1cf96b97b97af2a8b8fe8c55130f6201f414f9a88a1afe2d4d2a91e3b3a8ac10e669811f7e2fbadc31d3ccd69cd52143f9f1c2ecbfa0ee6ef421c9043fa73cf9366dd2f6571f0b402791b33db062ef0fbbd4e34d550cc78c39c98ae703b72ade398b76dd751a2e45392018f7d23ec78c7398716c73faab895941cd0246c289a7526c233e1e5f5f78992e1a85f94a3cdfbe03c44678d3dc57331569e769ab4e3db50e6cfa6333a9c45a08c687ffffb28cae1522fcfa3234046bec6c3c77ed32b4ede951bebac86a293ad0a5f86930a8b6e938e78c00908d947bcef0cd18f2e2ad1a0b7a673a2e38be66a7d2bfa2ba8ac61bb3a614b5a34d20c86b59e7149a2cfa06b5b9de983eb8a9e29916cc9f0866b79b938f1d3434d52f32173528ad00eed84a14e0f8a6b73e27ee969c9e5fb0d8fe6e3ee46d2f2e024d6625602333fe666d54a2b2735dec75eea16321b83a43b3cef72063efcb74bdc4e5025e7bab78b08867a10fa6616976a4b5a3facb850c4e9e37105d8b8ffc846f73916f9ad26ae502c60848c2234f112d9b1ab8570970b43ec09781dd8d3bbb014eaa0584a4e21218e4cd8abba1d1f310df54840144a47535e26189930dd6093aaf5bf7f25f74de63e6941d558657f1045cd5372295d703e3fef50ca36115e4fe321a2e53357f9d9fb505942bd320de8b2b4593be2848e1e023455ec48645126b778eb00ab8a72bc04df6540b9a97bae7fc557f4ef7cc2a6dcdeb1727d50ca12b011165063d0bace533889413f4c28af4aeaedb84174fe135d496a34f0d4c9036d02542927fb6e4e37a9940f0908b10aff15ae435d09261c375fced893f2418b76f1af9cd199031cfc763b71d6abe1c75c37158718a0d7aa59c614a9ac16097c4ce4786ad73321c3507b930dbbb49d8b54340670b6ff4addff388f4086312be064e651ef7ff4569ebab928ed9fc997be29301e7b5e693f2ceedc81ae0c8695d2dda693c88b86f83aec1583fffae3b1b425ac852ca31270052fc5701914f31e04a452ad87ee41f7f564f21342b03c08e7d2c4d9f289e725e5ba27a4b0dffaf7812a1942cfd69778696ef8f3fc1f830096c743e16af0a6b34d9d66ff24e3dcf9b25d36891f73b298018561eaad1ef4035dbfca609ce37e6c1951d1b1594a4825706c29e7cf376f9fdfc414ffddd7e460af6dda3e5e44d097cff9620aef693deacd81a4b41f8cffd8d67782fda85c7f7cdfb5085e698d57f48cd635781eb523fed4f8df899057178e6c5b97d5af051ff88865a6be5e55e4c318b74eb266009bd963edba3649b0ad6620181a6fc51f4d9005f69701e583bb214610b0f82594dba5e60e5f17d922e961c5a6ffd6f7b493f0d13d0d435c194070dbbbe1ee4cefb32ab8fd3ca6225341629c75a441a25e1615f7c64fe82e2ef995e3fedd1ffc266bec2dc2732d1440ab08b43282d36eddef3c05766259571a2dead68f878234c98016ab8c86b317623e9cf1a6ef3c579a52ed4f8fb0b8a27ce3e0c7f0d63c20ce7d33e68f62afa3f4dd585779bb246e8b5820e834b565ca43c57da20419f14842391b182858dae9d8c79cacaf6ea2b488d4ec5a92d9a9939c4fa6a5b538f56af926923cf0cb68c24a482647c55f76a76aedc339bfd687cb15553aebb5b5dcd673ce23559ab9dfe649c422fab25b4dcb7ec1a6c8899bfd9352e6b99d7fd6f2f3c760d906f7a633d37e96c82dcc5c32ced17693021d23d6207a0a83bb9bbba9830dce103dc5a5681a9f4b03d1574effa9f17d4e7eed03bd5d219e1f61d504f4d7e379f67aee282f5812759840ad27baafb5be2a155de0ee7b8d7fd7e790c420dfe563c209ac1a2ae4ee0258c6ec13878d188b344c5801a36629d243bcb726f8415ab86781a22d38a6f464e955ca1428ec6cc75516bb6965398b1ac3028f1e6bf46982d94af187753c61cc2eec9b081610cb42cfe25c09c3db809c152a03ae939691828749811bf91d4624512c079fe6146efc8441f761684c30a661782976a8c0ef805e2f63a7a5cf3aa5250ef0a583a4bad46d912fc91814c6e1942c6cbd3aa709599f287d3dbb8a932bcd31207d7f4f7334408e0f560fc12b6313ae63346ae7e2d05b9bd1a6b43d480866ef53615aaea2f64675e483f3ce0f5253cb1019a4f045dae13c39234d7e0a87be377c34da1415737ffd11e00da31343cba8f1955d4f8b6b94386475ba1164ff457ee777bbe573d6350f06ef7644256eee04b8da60674043342178fe33f6a79c7ec96108d9465770a03dd18a5b57908a58e822ea005f5848f52789d88da5d493df0595527d39e395885fbd5aee9f6a5c92be742d3cef90e1fe4c691f11261a1d8dbc1940062df97ec216fa49ce660136fc420243c0a481a2e303a4a7055d2998fddb334de53419107882d4d971e984b8573918f1edd5edd5fc95fa0aa2e0ec538e438b1f61c37bf5a4220226d147ca39c1727a15d878760571315978185a0941bae8fdd9ebc5c5b61a1b726971c98282e41c952047de6cc64be13fb46a4d92325d06165dd523b1ec936ad826b69054b4252e0e7f389174ee8a779355b38c49eb6197f524643ec61e6db16c3a96341bf8bad12a80fab9a38403faa47f0a059f39304553b87461e48ec21125365b5594c6fe53de65d0bcb05deb8e65f0e26ddd28caf61fed89c61d826e531878540b15ac7b6fc9c632629da59f3479d83fcc91b3238ed1fbaa556ad52e465e1c754af86dda44e3019150d65100744432e0b2dafa8cc6563b202d7be6b99e6d19d09077fc9b8cf99f424ec6f25b6a0a5a15e3b5b394e2313f12b918adb8589fbdd6338cf18d91e21eb60346033f353e0b44177c2b65d912503a4774fa4778a2c1c458f07ac9e45fa6aadb5623e57db31838ac7eb781e4b228d4f2b2da676baa47d9312f265ec9c350f4ee7d511510a883a149cc21f545ab8dbeabd5b57c99cda316deff6d89c4cc601c570f11ba4f581067ee3c82d81e42852fadbff9f9e87ea83d1967e2f4405ef8a8ca3cc5cafb3472a465ed42fe7a88a889e630304b0d7e73a3f5b198d1bc8b6d3d0521b1cac2c8c289b90a5b2b62e785aba638d2b49623e02c653b8fc7ec593262ea989f06a74492131cd777274b4dbc57e8c1869ed1fe9f8a713d23d2bfb0568a8876611e4366eabfb524470230df76d925d45f5208c4e8f970305872190f7e2ea39b06ea1177b0e3e0410abd96d1e84caf72182a297efc61455e686d682ce304bbea57fdfc1fa81eede1fe55fd2244eac3ebcea6ca573501bd54c5f0aad6affeb2d8af6051765d28b584ad69e9e9351470d41173273779cb7b839da46f6b840634a156f6d601e5fd2020aa4687aeb825e20d192d2cb8c9e9fa61209f6d4e8a539c73fbdb29ace8e5cf4bc4f91aae341c6aa6c0209321fb12f91a02710ce9b149fed4bab7de5321ffedd12320d6e0ffabf3238f6326fd6ef695b1b53c45e3d24f5f3a4cdd69053df5bb9e6bc51b94cd9447695ab03bddafe7a7e3d5caf5a11e791846bd14f4c2d10d67a9f829e29d3a1c980ad4c426bbcaf5c561afb6cbf711d976db6383cbe104b59b235", 0xefe}, {&(0x7f0000000f80)="812498009b7bc1d69e11aeb30208667845c288f6091da4109d35375669d5d005c1aa99f548afde6d0ec70129", 0x2c}, {&(0x7f0000000fc0)="dd586e1a0e76d55c5a57cedecce5ac6659a580108500daa1ddd491fe312b790089ce41e5aa27fb1033cd1b074a91144453eaa82ae3cd5ad93c0efa0044193a9c441b5d32cf4df41b6b420ebf0d7b0eb191d7f4abcbcee15369edb2ea29dfbf184e655b5d73cdde2aa3baeb26f8477e19013f6bb2ee31842f25eb87ccf8ea39080dd0e76bb37466b7e9a219981e2a6a55cef53c4420a8795216fbe63b7f712092ea", 0xa1}], 0x3, &(0x7f0000004640)=[@ip_retopts={{0x54, 0x0, 0x7, {[@lsrr={0x83, 0xb, 0xc1, [@private=0xa010100, @local]}, @lsrr={0x83, 0x23, 0x92, [@rand_addr=0x64010100, @broadcast, @multicast2, @broadcast, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @multicast2]}, @ssrr={0x89, 0x13, 0x37, [@initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @dev={0xac, 0x14, 0x14, 0x1f}]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_retopts={{0xac, 0x0, 0x7, {[@ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0x7, 0x92, [@empty]}, @cipso={0x86, 0x15, 0x2, [{0x6, 0xf, "1638215ad6b92d06cbcef8afd0"}]}, @cipso={0x86, 0x45, 0x0, [{0x5, 0x3, "e6"}, {0x0, 0x6, "6737dd15"}, {0x5, 0xb, "7d54a9c46e6bdd75c2"}, {0x0, 0xc, "d171a0aa7fa01d01593d"}, {0x6, 0x7, "95c0bfbf73"}, {0x0, 0x6, "c283810f"}, {0x6, 0x2}, {0x0, 0x10, "179198d35963516cf62c9df485f0"}]}, @timestamp_prespec={0x44, 0x24, 0x54, 0x3, 0x2, [{@dev={0xac, 0x14, 0x14, 0x3a}, 0x1}, {@local, 0xa}, {@empty, 0x1}, {@empty, 0x42}]}, @timestamp={0x44, 0x8, 0xa2, 0x0, 0xe, [0x1]}, @ra={0x94, 0x4, 0x1}, @generic={0x83, 0x5, "3c0096"}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}, @ip_tos_int={{0x14}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @remote, @private=0xa010100}}}, @ip_retopts={{0x7c, 0x0, 0x7, {[@generic={0x1, 0xb, "1e0a801de819a1a801"}, @timestamp={0x44, 0x18, 0xa6, 0x0, 0x4, [0xace, 0x7fffffff, 0x46c2, 0x2, 0x0]}, @timestamp_addr={0x44, 0x44, 0x9d, 0x1, 0x3, [{@multicast1, 0x3ff}, {@broadcast, 0x2000}, {@private=0xa010101, 0x9}, {@local}, {@rand_addr=0x64010101, 0x5}, {@multicast2, 0x1}, {@loopback, 0x1}, {@loopback, 0x16}]}, @ra={0x94, 0x4, 0x1}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x2}}], 0x208}}], 0x4, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xfe, 0x85, 0x71, 0x8, 0xb48, 0x3007, 0x4f64, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x23, 0x52, 0x26}}]}}]}}, 0x0) 6.759749126s ago: executing program 3 (id=1504): setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) syz_emit_ethernet(0x3a, 0x0, 0x0) r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000080)='syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_type(r2, &(0x7f0000000240), 0x2, 0x0) r4 = dup(r3) preadv(r4, &(0x7f0000000600)=[{&(0x7f00000000c0)=""/80, 0x50}], 0x1, 0x0, 0x0) 6.350080764s ago: executing program 3 (id=1505): syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xf7, 0x76, 0x4e, 0x8, 0x4ca, 0x3bfb, 0x6eb5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0x1, 0x1, 0x0, [], [{{0x9, 0x5, 0xb, 0x3}}]}}]}}]}}, 0x0) 5.775241605s ago: executing program 1 (id=1506): syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x8d, 0xc8, 0x31, 0x40, 0x830, 0x60, 0x132b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x15, 0xde, 0x7b}}]}}]}}, 0x0) 5.671735584s ago: executing program 4 (id=1507): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) getpid() r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0xffffffffffffff25}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x42, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x18, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000002c0), 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x80fe) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r5) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000300)="4c0000001200ff09ff3a150099a283ff07b8008000f0ffff000000060040150024001d0010c411a0b598bc593ab6821148a730cc33a49868c62b2ca654a6613b6aab", 0x42}, {&(0x7f0000000440)="0000e100000000000068", 0xa}], 0x2}, 0x0) recvmmsg(r6, &(0x7f00000035c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x64, 0x30, 0x9e54f29ff072a93b, 0x0, 0x0, {}, [{0x3d, 0x1, [@m_csum={0x4c, 0x0, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) r9 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r9, 0x800) 5.127031136s ago: executing program 2 (id=1509): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x30}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x2, 0x300}, {0x6e, 0x0, 0xd}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xc, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000005c0)={0x0, 0x43, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="1e003300a0f0ffff070211000001080211"], 0x3c}}, 0x0) 4.862146774s ago: executing program 0 (id=1510): ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x80) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r5 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153}, 0x15) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r5, 0x0, 0x11, 0x0, &(0x7f0000000600)="61df712bc884fef053a7a9a26e9b722780", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB], 0xfdef) 4.648561703s ago: executing program 2 (id=1511): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x60}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) chdir(0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r2) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r4, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000600)={r5, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, &(0x7f00000001c0)={r5, 0xae, 0x3, 0x34325241, 0x0, [r6, 0x0, 0x0, r7], [0x2b8], [], [0x0, 0x0, 0x0, 0x3ff]}) ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000100)={0x28, 0x2, 0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3}) socket$nl_route(0x10, 0x3, 0x0) r8 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r8, 0xab00, r9) r10 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x0) syz_usb_connect$hid(0xf63067478e218e8, 0x36, 0x0, 0x0) openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$NBD_SET_FLAGS(r10, 0xab0a, 0x1000001000104) ioctl$NBD_SET_SOCK(r10, 0xab00, r9) ioctl$NBD_DO_IT(r8, 0xab03) ioctl$NBD_CLEAR_SOCK(r10, 0xab04) fcntl$getownex(r3, 0x10, &(0x7f0000000180)={0x0, 0x0}) rt_sigqueueinfo(r11, 0x1c, &(0x7f0000000400)={0x24, 0x8, 0x7ff}) 4.623465771s ago: executing program 4 (id=1512): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) write(r0, &(0x7f0000000000)="240000001a005f0314f9f407000904000200000001000000000000000800040001000000", 0x24) recvmmsg(r0, &(0x7f0000006340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/9, 0x9}}], 0x1, 0x0, 0x0) 3.531036394s ago: executing program 4 (id=1513): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = dup(r0) pipe2$9p(&(0x7f00000001c0), 0x0) syz_emit_ethernet(0x176, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000907800006c3e4af6e95497a4e1f23137ae5d9ab0d6a6a3ff1ff52b15b109af0f93abe7bddfe72723968479f91c26bda6d7d589fb8cb68c4f8760051117d27ab8434eb2818254ab55"], 0x0) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) r4 = memfd_secret(0x0) r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ptrace$setopts(0xffffffffffffffff, 0x0, 0x80, 0x20002e) fcntl$dupfd(0xffffffffffffffff, 0x0, r4) ioctl$SCSI_IOCTL_GET_PCI(r5, 0x5393, &(0x7f0000000000)) ptrace$ARCH_MAP_VDSO_32(0x1e, 0x0, 0x0, 0x2002) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa07, &(0x7f0000000000)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}}) 3.476620538s ago: executing program 3 (id=1514): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) r2 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) close(r2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102376, 0x18fe8) socket$kcm(0x10, 0x0, 0x10) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) rename(&(0x7f0000000080)='./file0\x00', &(0x7f0000000540)='./file1\x00') execve(&(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000780)) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x0) ioctl$TUNSETOFFLOAD(r4, 0x80047456, 0x20000006) 3.410598216s ago: executing program 1 (id=1515): signalfd(0xffffffffffffffff, &(0x7f0000000c80)={[0xfffffffffffffffe]}, 0x8) r0 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000480), &(0x7f0000000000)=0x0) syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f0000000340)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r0, 0x48e9, 0x0, 0x0, 0x0, 0x0) rseq(&(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7ffffffff000}}, 0x20, 0x0, 0x0) 2.523283679s ago: executing program 4 (id=1516): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x6, @loopback, 0x0, 0x0, 'nq\x00'}, 0x2c) sendmmsg$sock(r0, &(0x7f0000000b00)=[{{&(0x7f0000000640)=@tipc=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x80, 0x0, 0x0, &(0x7f0000000a80)=[@mark={{0x14, 0x1, 0x24, 0x4}}], 0x18}}], 0x1, 0x0) 2.356583111s ago: executing program 1 (id=1517): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fsync(r0) 2.147774923s ago: executing program 4 (id=1518): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000040)="935645bc5256480c3d972b8f097c1b97e0a1d0394ea9e40a42ed84216668b87a4737edaa0c22f4d124bc8b5754ee351bab2d1df88a19fcad2f7ae9859129a609b7b211d353fd614b9cbba28d25d451c001", 0x51, 0x0, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_aout(r1, &(0x7f00000010c0)=ANY=[], 0x1a3) write$binfmt_misc(r1, &(0x7f0000000040)=ANY=[], 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 1.847069313s ago: executing program 1 (id=1519): r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mount_setattr(r0, &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000280)={0x100004, 0x0, 0x0, {r0}}, 0x20) r1 = syz_open_dev$vcsn(0x0, 0xfff, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r1) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = socket$inet6(0xa, 0x802, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffff", 0xc) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x5405, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r4, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, 0x0, 0x9) sendto$inet6(r4, &(0x7f0000000100)="ea", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000340)={0x0, 0x5}, 0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f0000000380)=ANY=[], 0x9) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 1.77971907s ago: executing program 4 (id=1520): syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0xffffffffffffffc0, &(0x7f0000000180)) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000, 0x20}, 0x48) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r4, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) write$binfmt_script(r4, &(0x7f0000000100), 0xfffffecd) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000400)=@gcm_256={{0x304}, "ca7ee2b1848ae337", "4b5b154869939154798f82be7dcae38bcdcab75bc2d1dcb3b28921cb75aab36d", "899d6e3a", "90167d3ae79ca2c5"}, 0x38) setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000b40), 0x4) socket$inet(0x2, 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) io_submit(0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 148.500437ms ago: executing program 2 (id=1521): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) prlimit64(0xffffffffffffffff, 0x13, &(0x7f0000000380)={0x9}, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x2d34075d}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in=@private=0xa010102, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x73}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x81, 0x0, 0x0, 0x3}, {}, 0x4974, 0x6e6bb4, 0x1}, {{@in=@remote}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x7, 0xfffffffe}}, 0xe8) keyctl$chown(0x4, 0x0, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x9, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) 0s ago: executing program 3 (id=1522): r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_int(r0, 0x0, 0x5, 0x0, &(0x7f00000001c0)) kernel console output (not intermixed with test programs): h1 [ 416.985336][ T8199] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 417.050362][ T8199] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 417.176298][ T8114] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.227014][ T8114] veth0_vlan: entered promiscuous mode [ 418.348722][ T8114] veth1_vlan: entered promiscuous mode [ 418.474266][ T29] audit: type=1326 audit(1723097861.548:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8470 comm="syz.3.705" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4df51779f9 code=0x0 [ 418.511652][ T8114] veth0_macvtap: entered promiscuous mode [ 418.557315][ T8199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 418.569817][ T8114] veth1_macvtap: entered promiscuous mode [ 418.638115][ T8199] 8021q: adding VLAN 0 to HW filter on device team0 [ 418.693648][ T8114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.708826][ T8114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.736392][ T8114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.749102][ T8114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.784674][ T8114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.806999][ T8114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.835523][ T8114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.853037][ T8114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.898555][ T8114] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 418.958593][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.965846][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.013271][ T8114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.059419][ T8114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.078063][ T8114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.093492][ T8114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.124977][ T8114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.143383][ T8114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.153950][ T8114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.177070][ T8114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.196654][ T8114] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 419.247029][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.254226][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 419.317396][ T8114] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.374571][ T8114] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.383321][ T8114] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.441330][ T8114] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.766463][ T8492] bridge0: port 3(erspan0) entered blocking state [ 419.769971][ T8499] netlink: 8 bytes leftover after parsing attributes in process `syz.4.710'. [ 419.773037][ T8492] bridge0: port 3(erspan0) entered disabled state [ 419.865855][ T8492] erspan0: entered allmulticast mode [ 419.884046][ T8492] erspan0: entered promiscuous mode [ 419.939079][ T8492] bridge0: port 3(erspan0) entered blocking state [ 419.939363][ T8492] bridge0: port 3(erspan0) entered forwarding state [ 420.107951][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 420.107976][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 420.281738][ T8510] netlink: 8 bytes leftover after parsing attributes in process `syz.3.713'. [ 420.340430][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 420.340456][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 420.844853][ T8199] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 421.090966][ T8199] veth0_vlan: entered promiscuous mode [ 421.141966][ T8199] veth1_vlan: entered promiscuous mode [ 421.284837][ T5264] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 421.543897][ T8537] usb usb8: usbfs: process 8537 (syz.3.717) did not claim interface 0 before use [ 422.296236][ T5264] usb 1-1: Using ep0 maxpacket: 8 [ 422.316504][ T8199] veth0_macvtap: entered promiscuous mode [ 422.329605][ T5264] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=18.37 [ 422.355010][ T5264] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.377218][ T5264] usb 1-1: Product: syz [ 422.381595][ T8199] veth1_macvtap: entered promiscuous mode [ 422.388614][ T5264] usb 1-1: Manufacturer: syz [ 422.404815][ T5264] usb 1-1: SerialNumber: syz [ 422.433516][ T5264] usb 1-1: config 0 descriptor?? [ 422.443814][ T8199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 422.477982][ T8199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 422.478214][ T5264] radio-si470x 1-1:0.0: could not find interrupt in endpoint [ 422.513097][ T5264] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -5 [ 422.553945][ T8199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 422.556589][ T29] audit: type=1400 audit(1723097865.618:560): avc: denied { setopt } for pid=8538 comm="syz.3.718" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 422.609254][ T8199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 422.660397][ T8199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 422.724115][ T8199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 422.754564][ T8199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 422.788245][ T5264] radio-raremono 1-1:0.0: Thanko's Raremono connected: (10C4:818A) [ 422.797307][ T8199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 422.823457][ T8199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 422.847773][ T8199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 422.871081][ T8199] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 423.070080][ T5264] radio-raremono 1-1:0.0: V4L2 device registered as radio32 [ 423.276686][ T8] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 423.399333][ T8199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 423.792615][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 423.877155][ T8199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.887732][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 423.946124][ T5264] usb 1-1: USB disconnect, device number 5 [ 423.952583][ T5264] radio-raremono 1-1:0.0: Thanko's Raremono disconnected [ 423.994638][ T8199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.015950][ T8] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 424.053695][ T8199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.072678][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.101159][ T8199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.121927][ T8] usb 2-1: Product: syz [ 424.142522][ T8] usb 2-1: Manufacturer: syz [ 424.157791][ T8] usb 2-1: SerialNumber: syz [ 424.173096][ T8199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.194613][ T8] usb 2-1: config 0 descriptor?? [ 424.214905][ T8199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.283016][ T8199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.333272][ T8199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.394551][ T8199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.436540][ T8199] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 424.497757][ T8199] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.538212][ T8199] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.549011][ T8] usb 2-1: Unknown endpoint type found, address 0x06 [ 424.569775][ T8199] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.578571][ T8] usb 2-1: Not enough endpoints found in device, aborting! [ 424.659746][ T8199] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.190106][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.020479][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.045176][ T29] audit: type=1400 audit(1723097869.128:561): avc: denied { write } for pid=8574 comm="syz.3.725" name="ppp" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 426.252393][ T5264] usb 2-1: USB disconnect, device number 14 [ 426.419608][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.469152][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.474017][ T8586] input: syz1 as /devices/virtual/input/input17 [ 426.605786][ T5297] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 426.854307][ T5297] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.914698][ T5297] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.930311][ T8586] netlink: 24 bytes leftover after parsing attributes in process `syz.4.727'. [ 426.987149][ T5297] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 427.175916][ T5297] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 427.228743][ T5297] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.282808][ T5297] usb 1-1: config 0 descriptor?? [ 427.761209][ T8618] netlink: 32 bytes leftover after parsing attributes in process `syz.2.735'. [ 428.411395][ T5297] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 428.421305][ T5297] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 428.481363][ T5297] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 428.620471][ T8625] netlink: 'syz.2.737': attribute type 9 has an invalid length. [ 428.621887][ T8] usb 1-1: USB disconnect, device number 6 [ 428.634737][ T8625] netlink: 'syz.2.737': attribute type 7 has an invalid length. [ 428.642450][ T8625] netlink: 'syz.2.737': attribute type 8 has an invalid length. [ 428.664394][ T8625] ax25_connect(): syz.2.737 uses autobind, please contact jreuter@yaina.de [ 433.619497][ T29] audit: type=1400 audit(1723097871.738:562): avc: denied { connect } for pid=8622 comm="syz.2.737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 434.408026][ T8643] netlink: 'syz.1.743': attribute type 32 has an invalid length. [ 434.431899][ T8643] netlink: 8 bytes leftover after parsing attributes in process `syz.1.743'. [ 434.469811][ T8643] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 435.364528][ T54] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 435.447975][ T29] audit: type=1400 audit(1723097878.528:563): avc: denied { map } for pid=8654 comm="syz.1.746" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 435.634246][ T54] usb 1-1: config 0 has no interfaces? [ 435.641122][ T54] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 435.677577][ T54] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.726748][ T54] usb 1-1: config 0 descriptor?? [ 436.447046][ T5263] usb 1-1: USB disconnect, device number 7 [ 436.985749][ T8652] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 437.051326][ T29] audit: type=1400 audit(1723098109.117:564): avc: denied { listen } for pid=8668 comm="syz.1.749" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 437.144615][ T8651] syz.3.745: attempt to access beyond end of device [ 437.144615][ T8651] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 437.187979][ T8651] SQUASHFS error: Failed to read block 0x0: -5 [ 437.201837][ T8651] unable to read squashfs_super_block [ 438.375805][ T8700] netlink: 60 bytes leftover after parsing attributes in process `syz.1.754'. [ 438.394647][ T8700] netlink: 60 bytes leftover after parsing attributes in process `syz.1.754'. [ 439.562003][ T29] audit: type=1400 audit(1723098110.967:565): avc: denied { bind } for pid=8705 comm="syz.4.757" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 440.539601][ T1263] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.546308][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.741809][ T8729] ptrace attach of "./syz-executor exec"[6204] was attempted by "./syz-executor exec"[8729] [ 440.789285][ T8729] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 440.887332][ T8732] netlink: 12 bytes leftover after parsing attributes in process `syz.2.761'. [ 440.943698][ T29] audit: type=1326 audit(1723098113.017:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8727 comm="syz.3.762" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4df51779f9 code=0x0 [ 441.037796][ T8735] xt_nfacct: accounting object `sy' does not exists [ 441.659995][ T29] audit: type=1400 audit(1723098113.697:567): avc: denied { accept } for pid=8743 comm="syz.1.765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 442.710508][ T8766] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8766 comm=syz.1.779 [ 442.740072][ T29] audit: type=1400 audit(1723098114.697:568): avc: denied { write } for pid=8758 comm="syz.1.779" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 443.221326][ T29] audit: type=1400 audit(1723098114.707:569): avc: denied { remove_name } for pid=8758 comm="syz.1.779" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 443.311540][ T29] audit: type=1400 audit(1723098114.707:570): avc: denied { unlink } for pid=8758 comm="syz.1.779" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 444.873043][ T8767] netlink: 20 bytes leftover after parsing attributes in process `syz.3.770'. [ 446.375301][ T8799] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.514800][ T29] audit: type=1400 audit(1723098118.587:571): avc: denied { name_bind } for pid=8800 comm="syz.0.777" src=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 446.688460][ T8804] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 446.702211][ T29] audit: type=1400 audit(1723098118.767:572): avc: denied { ioctl } for pid=8803 comm="syz.3.778" path="socket:[25180]" dev="sockfs" ino=25180 ioctlcmd=0x8995 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 447.024146][ T29] audit: type=1400 audit(1723098119.077:573): avc: denied { ioctl } for pid=8810 comm="syz.0.781" path="socket:[25187]" dev="sockfs" ino=25187 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 448.155840][ T8805] block nbd1: shutting down sockets [ 448.225034][ T29] audit: type=1400 audit(1723098120.287:574): avc: denied { create } for pid=8820 comm="syz.0.784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 448.319784][ T4609] Bluetooth: hci5: unexpected event for opcode 0x2011 [ 448.453223][ T29] audit: type=1326 audit(1723098120.477:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8822 comm="syz.3.783" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4df51779f9 code=0x0 [ 448.583228][ T29] audit: type=1400 audit(1723098120.527:576): avc: denied { ioctl } for pid=8820 comm="syz.0.784" path="socket:[26164]" dev="sockfs" ino=26164 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 448.611388][ T8837] capability: warning: `syz.3.783' uses 32-bit capabilities (legacy support in use) [ 449.285794][ T29] audit: type=1400 audit(1723098121.367:577): avc: denied { write } for pid=8852 comm="syz.4.791" name="file0" dev="tmpfs" ino=817 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 449.406147][ T8853] netlink: 32 bytes leftover after parsing attributes in process `syz.4.791'. [ 449.429834][ T29] audit: type=1400 audit(1723098121.457:578): avc: denied { setattr } for pid=8852 comm="syz.4.791" name="file0" dev="tmpfs" ino=817 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 452.378487][ T4609] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 452.391253][ T4609] Bluetooth: hci5: Injecting HCI hardware error event [ 452.405754][ T4609] Bluetooth: hci5: hardware error 0x00 [ 454.464723][ T4609] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 454.659276][ T8907] SELinux: Context +û^ is not valid (left unmapped). [ 454.710655][ T29] audit: type=1400 audit(1723098126.777:579): avc: denied { relabelto } for pid=8906 comm="syz.1.800" name="memory.events" dev="tmpfs" ino=527 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=2BFB5E [ 454.735133][ C0] vkms_vblank_simulate: vblank timer overrun [ 455.610252][ T29] audit: type=1400 audit(1723098126.797:580): avc: denied { associate } for pid=8906 comm="syz.1.800" name="memory.events" dev="tmpfs" ino=527 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon=2BFB5E [ 455.635520][ C0] vkms_vblank_simulate: vblank timer overrun [ 455.687955][ T8921] netlink: 'syz.0.803': attribute type 4 has an invalid length. [ 455.805415][ T29] audit: type=1400 audit(1723098127.637:581): avc: denied { unlink } for pid=6967 comm="syz-executor" name="memory.events" dev="tmpfs" ino=527 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=2BFB5E [ 456.080263][ T8898] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 457.010888][ T29] audit: type=1400 audit(1723098129.087:582): avc: denied { getopt } for pid=8930 comm="syz.1.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 457.946270][ T8943] vcan0: tx address claim with dest, not broadcast [ 462.029512][ T8979] usb usb8: usbfs: process 8979 (syz.3.820) did not claim interface 0 before use [ 462.432479][ T8993] netlink: 'syz.4.825': attribute type 9 has an invalid length. [ 462.440429][ T8993] netlink: 'syz.4.825': attribute type 7 has an invalid length. [ 462.464703][ T8993] netlink: 'syz.4.825': attribute type 8 has an invalid length. [ 462.984863][ T5263] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 463.319548][ T5263] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.427921][ T5263] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.690805][ T5263] usb 5-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 463.713145][ T5263] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.758127][ T5263] usb 5-1: config 0 descriptor?? [ 464.045844][ T5263] usbhid 5-1:0.0: can't add hid device: -71 [ 464.051942][ T5263] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 464.089294][ T5263] usb 5-1: USB disconnect, device number 10 [ 465.762091][ T29] audit: type=1400 audit(1723098137.837:583): avc: denied { map } for pid=9011 comm="syz.4.830" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 465.886956][ T9005] netlink: 'syz.3.828': attribute type 9 has an invalid length. [ 466.274541][ T29] audit: type=1400 audit(1723098138.347:584): avc: denied { execute } for pid=9019 comm="syz.1.834" path=2F6D656D66643A59FFFF202864656C6574656429 dev="hugetlbfs" ino=26438 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 468.104649][ T5297] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 468.415996][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 468.634573][ T5297] usb 5-1: Using ep0 maxpacket: 32 [ 468.644337][ T5297] usb 5-1: config 0 has no interfaces? [ 468.652388][ T9] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 468.652965][ T5297] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 468.676838][ T5297] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.692249][ T5297] usb 5-1: Product: syz [ 468.698061][ T5297] usb 5-1: Manufacturer: syz [ 468.702900][ T5297] usb 5-1: SerialNumber: syz [ 468.709766][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.719640][ T5297] usb 5-1: config 0 descriptor?? [ 468.829307][ T9] usb 4-1: config 0 descriptor?? [ 468.867963][ T9] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 469.174976][ T29] audit: type=1400 audit(1723098141.247:585): avc: denied { ioctl } for pid=9050 comm="syz.1.845" path="socket:[25537]" dev="sockfs" ino=25537 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 469.200245][ C1] vkms_vblank_simulate: vblank timer overrun [ 470.512188][ T9] gp8psk: usb out operation failed. [ 470.577893][ T9] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-22) [ 470.599680][ T9] dvb_usb_gp8psk 4-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22 [ 470.620300][ T29] audit: type=1400 audit(1723098142.697:586): avc: denied { lock } for pid=9057 comm="syz.1.846" path="socket:[25549]" dev="sockfs" ino=25549 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 470.648100][ T9] usb 4-1: USB disconnect, device number 8 [ 470.675149][ T6669] udevd[6669]: setting owner of /dev/bus/usb/004/008 to uid=0, gid=0 failed: No such file or directory [ 470.737731][ T29] audit: type=1400 audit(1723098142.817:587): avc: denied { create } for pid=9063 comm="syz.2.848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 470.738487][ T5297] usb 5-1: USB disconnect, device number 11 [ 470.835836][ T29] audit: type=1400 audit(1723098142.907:588): avc: denied { nlmsg_read } for pid=9060 comm="syz.0.847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 471.484405][ T29] audit: type=1400 audit(1723098143.267:589): avc: denied { write } for pid=9063 comm="syz.2.848" path="socket:[26491]" dev="sockfs" ino=26491 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 471.877715][ T29] audit: type=1400 audit(1723098143.307:590): avc: denied { ioctl } for pid=9063 comm="syz.2.848" path="socket:[26491]" dev="sockfs" ino=26491 ioctlcmd=0x89ed scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 473.323963][ T29] audit: type=1400 audit(1723098145.397:591): avc: denied { ioctl } for pid=9081 comm="syz.3.852" path="/dev/nullb0" dev="devtmpfs" ino=682 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 473.927587][ T9110] netlink: 1268 bytes leftover after parsing attributes in process `syz.4.856'. [ 474.394810][ T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 474.464591][ T8] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 474.604136][ T9] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 474.637160][ T9] usb 1-1: can't read configurations, error -61 [ 475.477125][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 475.491802][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 475.502613][ T8] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 475.660111][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.693797][ T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 475.768696][ T4609] Bluetooth: hci2: unknown advertising packet type: 0x6b [ 475.768894][ T4609] Bluetooth: hci2: Dropping invalid advertising data [ 475.783340][ T4609] Bluetooth: hci2: Malformed LE Event: 0x02 [ 476.425362][ T8] usb 2-1: config 0 descriptor?? [ 476.720861][ T29] audit: type=1400 audit(1723098148.797:592): avc: denied { write } for pid=9128 comm="syz.3.864" name="mouse0" dev="devtmpfs" ino=841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 476.886417][ T8] prodikeys 0003:041E:2801.0008: unknown main item tag 0x0 [ 476.940766][ T8] prodikeys 0003:041E:2801.0008: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.1-1/input0 [ 477.072745][ T8] kernel write not supported for file /input/mouse0 (pid: 8 comm: kworker/0:0) [ 477.106190][ T5297] usb 2-1: USB disconnect, device number 15 [ 477.513513][ T9143] netlink: 24 bytes leftover after parsing attributes in process `syz.3.870'. [ 478.690893][ T29] audit: type=1400 audit(1723098150.757:593): avc: denied { lock } for pid=9155 comm="syz.4.875" path="socket:[27666]" dev="sockfs" ino=27666 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 479.090401][ T9140] syz.0.869 (9140) used greatest stack depth: 20544 bytes left [ 479.108344][ T1057] Bluetooth: hci6: Frame reassembly failed (-84) [ 479.115148][ T25] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 479.337937][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 479.513200][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 479.544787][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 479.564772][ T25] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 479.580031][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.443582][ T25] usb 3-1: config 0 descriptor?? [ 480.459124][ T9149] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 480.892071][ T29] audit: type=1400 audit(1723098152.967:594): avc: denied { mount } for pid=9155 comm="syz.4.875" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 480.967630][ T9157] fuse: Bad value for 'fd' [ 481.360939][ T5217] Bluetooth: hci6: command 0x1003 tx timeout [ 481.367563][ T4609] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 481.479414][ T25] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 481.497829][ T25] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 481.515415][ T29] audit: type=1400 audit(1723098153.007:595): avc: denied { read } for pid=9155 comm="syz.4.875" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 481.563181][ T25] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 481.628104][ T29] audit: type=1400 audit(1723098153.007:596): avc: denied { open } for pid=9155 comm="syz.4.875" path="/174/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 481.675049][ T25] usb 3-1: USB disconnect, device number 7 [ 481.723393][ T29] audit: type=1400 audit(1723098153.027:597): avc: denied { remount } for pid=9155 comm="syz.4.875" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 481.825963][ T29] audit: type=1400 audit(1723098153.047:598): avc: denied { mounton } for pid=9155 comm="syz.4.875" path="/174/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 482.082898][ T29] audit: type=1400 audit(1723098154.157:599): avc: denied { unmount } for pid=6204 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 482.354989][ T9196] block nbd4: shutting down sockets [ 483.607714][ T9221] vxcan0: tx drop: invalid da for name 0x0000000000000003 [ 484.536460][ T25] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 484.764659][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 484.789353][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 484.833254][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 484.869932][ T25] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 484.919455][ T25] usb 5-1: New USB device found, idVendor=16c0, idProduct=05e1, bcdDevice= 0.40 [ 484.933843][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.955071][ T25] usb 5-1: Product: syz [ 484.959503][ T25] usb 5-1: Manufacturer: syz [ 484.964230][ T25] usb 5-1: SerialNumber: syz [ 485.161148][ T29] audit: type=1400 audit(1723098157.237:600): avc: denied { ioctl } for pid=9244 comm="syz.2.905" path="socket:[27898]" dev="sockfs" ino=27898 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 485.315195][ T25] usbhid 5-1:1.0: can't add hid device: -22 [ 485.352915][ T25] usbhid 5-1:1.0: probe with driver usbhid failed with error -22 [ 485.409853][ T25] usb 5-1: USB disconnect, device number 12 [ 486.571644][ T9271] Bluetooth: MGMT ver 1.23 [ 487.724700][ T9279] netlink: 188 bytes leftover after parsing attributes in process `syz.2.914'. [ 488.430883][ T29] audit: type=1326 audit(1723098160.507:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9280 comm="syz.2.915" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x0 [ 488.560880][ T29] audit: type=1326 audit(1723098160.637:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9280 comm="syz.2.915" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x0 [ 492.651843][ T1279] Bluetooth: hci6: Frame reassembly failed (-84) [ 493.885183][ T5264] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 494.094686][ T5264] usb 1-1: Using ep0 maxpacket: 8 [ 494.107791][ T5264] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 494.128606][ T5264] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 494.158809][ T5264] usb 1-1: config 0 has no interface number 0 [ 494.168998][ T5264] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 494.182950][ T5264] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 494.196726][ T5264] usb 1-1: config 0 interface 52 has no altsetting 0 [ 494.207924][ T5264] usb 1-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 494.217622][ T5264] usb 1-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 494.231786][ T5297] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 494.246050][ T5264] usb 1-1: Product: syz [ 494.263515][ T5264] usb 1-1: Manufacturer: syz [ 494.270137][ T5264] usb 1-1: SerialNumber: syz [ 494.291066][ T5264] usb 1-1: config 0 descriptor?? [ 494.436880][ T5297] usb 4-1: Using ep0 maxpacket: 32 [ 494.451699][ T5297] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 494.463456][ T5297] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 494.484277][ T29] audit: type=1400 audit(1723098166.547:603): avc: denied { write } for pid=9347 comm="syz.2.936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 494.489416][ T5297] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 494.516583][ T5297] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 494.530149][ T5297] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 494.543201][ T5297] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 494.554967][ T5297] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 494.641695][ T5297] usb 4-1: config 0 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 494.669106][ T5297] usb 4-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01 [ 494.678454][ T5297] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.694739][ T5217] Bluetooth: hci6: command 0x1003 tx timeout [ 494.698754][ T5297] usb 4-1: Product: syz [ 494.702001][ T56] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 494.793612][ T5297] usb 4-1: Manufacturer: syz [ 494.838202][ T5297] usb 4-1: SerialNumber: syz [ 494.866968][ T29] audit: type=1400 audit(1723098166.947:604): avc: denied { ioctl } for pid=9357 comm="syz.1.939" path="socket:[27326]" dev="sockfs" ino=27326 ioctlcmd=0x7436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 494.908623][ T5297] usb 4-1: config 0 descriptor?? [ 494.928870][ T9344] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 494.958022][ T945] usb 1-1: USB disconnect, device number 10 [ 495.256525][ T5297] cxacru 4-1:0.0: submit of read urb for cm 0x90 failed (-8) [ 495.266600][ T9360] tap0: tun_chr_ioctl cmd 1074025676 [ 495.289024][ T9363] cxacru 4-1:0.0: Direct firmware load for cxacru-fw.bin failed with error -2 [ 495.298624][ T9360] tap0: owner set to 0 [ 495.322468][ T5297] usb 4-1: USB disconnect, device number 9 [ 495.330390][ T9363] cxacru 4-1:0.0: Falling back to sysfs fallback for: cxacru-fw.bin [ 497.156219][ T29] audit: type=1400 audit(1723098169.227:605): avc: denied { getopt } for pid=9383 comm="syz.3.949" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 497.302574][ T9391] Cannot find add_set index 0 as target [ 500.293639][ T9406] netlink: 36 bytes leftover after parsing attributes in process `syz.3.953'. [ 503.056470][ T1263] ieee802154 phy0 wpan0: encryption failed: -22 [ 503.062816][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.154648][ T54] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 503.381869][ T9421] netlink: 4 bytes leftover after parsing attributes in process `syz.0.958'. [ 503.414368][ T9421] netlink: 152 bytes leftover after parsing attributes in process `syz.0.958'. [ 503.453344][ T9421] netlink: 152 bytes leftover after parsing attributes in process `syz.0.958'. [ 503.725270][ T54] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 503.741841][ T54] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 504.484697][ T54] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 504.554872][ T54] usb 2-1: config 0 interface 0 has no altsetting 0 [ 504.595735][ T54] usb 2-1: unable to read config index 1 descriptor/start: -71 [ 504.652052][ T54] usb 2-1: can't read configurations, error -71 [ 505.064661][ T54] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 505.133753][ T1057] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.207393][ T9449] netlink: 28 bytes leftover after parsing attributes in process `syz.4.970'. [ 505.254872][ T54] usb 2-1: Using ep0 maxpacket: 32 [ 505.279260][ T54] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 505.330722][ T54] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 505.354942][ T54] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 505.367263][ T1057] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.381348][ T54] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 505.402589][ T54] usb 2-1: Product: syz [ 505.416848][ T54] usb 2-1: Manufacturer: syz [ 505.432610][ T54] hub 2-1:4.0: USB hub found [ 505.448489][ T9452] netlink: 36 bytes leftover after parsing attributes in process `syz.4.970'. [ 505.586547][ T9450] syzkaller0: entered promiscuous mode [ 505.602486][ T9450] syzkaller0: entered allmulticast mode [ 505.678817][ T1057] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.696559][ T54] hub 2-1:4.0: 2 ports detected [ 506.083206][ T29] audit: type=1400 audit(1723098178.147:606): avc: denied { mounton } for pid=9457 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 506.124109][ T5217] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 506.137487][ T5217] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 506.173141][ T5217] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 506.185079][ T54] hub 2-1:4.0: set hub depth failed [ 506.194815][ T5217] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 506.213535][ T5217] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 506.229161][ T5217] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 506.239554][ T54] usb 2-1: USB disconnect, device number 17 [ 508.316362][ T56] Bluetooth: hci0: command tx timeout [ 509.095454][ T29] audit: type=1400 audit(1723098181.167:607): avc: denied { getopt } for pid=9478 comm="syz.3.977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 509.276026][ T9482] netlink: 'syz.1.976': attribute type 1 has an invalid length. [ 509.289475][ T9482] netlink: 224 bytes leftover after parsing attributes in process `syz.1.976'. [ 510.378240][ T56] Bluetooth: hci0: command tx timeout [ 511.064408][ T1057] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.307093][ T9489] /dev/nullb0: Can't open blockdev [ 511.343111][ T29] audit: type=1326 audit(1723098183.417:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9488 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 511.451695][ T29] audit: type=1326 audit(1723098183.417:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9488 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 511.531696][ T29] audit: type=1326 audit(1723098183.417:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9488 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 511.592029][ T29] audit: type=1326 audit(1723098183.417:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9488 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 511.697611][ T29] audit: type=1326 audit(1723098183.427:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9488 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 511.841004][ T29] audit: type=1326 audit(1723098183.427:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9488 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 511.942521][ T29] audit: type=1326 audit(1723098183.427:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9488 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 512.018377][ T29] audit: type=1326 audit(1723098183.427:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9488 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 512.108056][ T29] audit: type=1326 audit(1723098183.427:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9488 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 512.110918][ T1057] bridge_slave_1: left allmulticast mode [ 512.131625][ T29] audit: type=1326 audit(1723098183.427:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9488 comm="syz.2.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 512.204161][ T1057] bridge_slave_1: left promiscuous mode [ 512.210092][ T1057] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.353479][ T1057] bridge_slave_0: left allmulticast mode [ 512.383471][ T1057] bridge_slave_0: left promiscuous mode [ 512.395657][ T1057] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.462721][ T56] Bluetooth: hci0: command tx timeout [ 512.544818][ T25] kernel write not supported for file /snd/seq (pid: 25 comm: kworker/1:0) [ 513.649057][ T56] Bluetooth: hci4: ISO packet for unknown connection handle 0 [ 513.945051][ T1057] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 513.957169][ T1057] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 513.969193][ T1057] bond0 (unregistering): Released all slaves [ 514.561332][ T56] Bluetooth: hci0: command tx timeout [ 515.584835][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 515.709569][ T9565] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 515.774237][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 515.796757][ T9] usb 3-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 515.807472][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.815772][ T9] usb 3-1: Product: syz [ 515.821201][ T9] usb 3-1: Manufacturer: syz [ 515.828074][ T9] usb 3-1: SerialNumber: syz [ 515.856293][ T9] usb 3-1: config 0 descriptor?? [ 515.866525][ T9] gspca_main: vc032x-2.14.0 probing 046d:0896 [ 516.288553][ T9] gspca_vc032x: reg_w err -71 [ 516.296625][ T9] vc032x 3-1:0.0: probe with driver vc032x failed with error -71 [ 516.329606][ T9] usb 3-1: USB disconnect, device number 8 [ 516.979235][ T9570] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9570 comm=syz.2.1002 [ 517.136469][ T9571] input: syz1 as /devices/virtual/input/input19 [ 518.793031][ T9564] netlink: 'syz.1.1001': attribute type 11 has an invalid length. [ 519.414649][ T5217] Bluetooth: hci2: command 0x0405 tx timeout [ 519.649516][ T9578] vim2m vim2m.0: Fourcc format (0x47425247) invalid. [ 519.659997][ T1057] hsr_slave_0: left promiscuous mode [ 519.744768][ T1057] hsr_slave_1: left promiscuous mode [ 519.764940][ T29] kauditd_printk_skb: 40 callbacks suppressed [ 519.764957][ T29] audit: type=1400 audit(1723098191.837:658): avc: denied { sqpoll } for pid=9579 comm="syz.2.1005" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 519.790155][ C0] vkms_vblank_simulate: vblank timer overrun [ 519.797274][ T1057] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 519.825249][ T1057] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 519.850377][ T1057] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 519.898829][ T1057] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 519.913028][ T9586] use of bytesused == 0 is deprecated and will be removed in the future, [ 519.955297][ T9586] use the actual size instead. [ 519.974639][ T5263] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 520.176615][ T9593] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1005'. [ 520.181053][ T1057] veth1_macvtap: left promiscuous mode [ 520.237552][ T5263] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 520.251834][ T5263] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 520.273032][ T1057] veth0_macvtap: left promiscuous mode [ 520.273268][ T5263] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 520.315017][ T1057] veth1_vlan: left promiscuous mode [ 520.315144][ T5263] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 520.334792][ T1057] veth0_vlan: left promiscuous mode [ 520.335903][ T5263] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.388630][ T5263] usb 5-1: config 0 descriptor?? [ 520.925686][ T5263] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 520.934092][ T5263] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 520.987985][ T5263] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 521.477552][ T5263] usb 5-1: USB disconnect, device number 13 [ 522.053598][ T1057] team0 (unregistering): Port device team_slave_1 removed [ 522.275412][ T1057] team0 (unregistering): Port device team_slave_0 removed [ 524.258440][ T29] audit: type=1326 audit(1723098196.337:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.4.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 524.313036][ T29] audit: type=1326 audit(1723098196.367:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.4.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 524.368142][ T9630] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1018'. [ 524.377541][ T29] audit: type=1326 audit(1723098196.367:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.4.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 524.408683][ T29] audit: type=1326 audit(1723098196.367:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.4.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 524.433522][ T29] audit: type=1326 audit(1723098196.367:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.4.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 524.469971][ T29] audit: type=1326 audit(1723098196.367:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.4.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 524.493537][ T29] audit: type=1326 audit(1723098196.367:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.4.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 524.517142][ T29] audit: type=1326 audit(1723098196.367:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.4.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 524.544930][ T29] audit: type=1326 audit(1723098196.367:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.4.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 524.773876][ T9457] chnl_net:caif_netlink_parms(): no params data found [ 524.789041][ T9625] netlink: 'syz.3.1019': attribute type 12 has an invalid length. [ 524.953546][ T29] kauditd_printk_skb: 30 callbacks suppressed [ 524.953563][ T29] audit: type=1326 audit(1723098197.027:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.4.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 525.052320][ T29] audit: type=1326 audit(1723098197.027:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9626 comm="syz.4.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 525.230545][ T9642] Bluetooth: MGMT ver 1.23 [ 525.902345][ T9639] ªªªªªª: renamed from vlan0 (while UP) [ 526.067994][ T9457] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.105584][ T9639] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1023'. [ 526.169890][ T9457] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.179791][ T9457] bridge_slave_0: entered allmulticast mode [ 526.191799][ T9457] bridge_slave_0: entered promiscuous mode [ 526.217571][ T9457] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.259431][ T9457] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.288953][ T9457] bridge_slave_1: entered allmulticast mode [ 526.337202][ T9457] bridge_slave_1: entered promiscuous mode [ 526.778879][ T9457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 526.832467][ T9457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 526.904631][ T29] audit: type=1400 audit(1723098198.977:700): avc: denied { map } for pid=9661 comm="syz.4.1027" path="/dev/dri/card0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 527.047078][ T9663] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1027'. [ 527.056827][ T9663] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1027'. [ 527.177522][ T9663] netlink: 'syz.4.1027': attribute type 6 has an invalid length. [ 527.186023][ T9663] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1027'. [ 527.471356][ T9457] team0: Port device team_slave_0 added [ 527.515257][ T9457] team0: Port device team_slave_1 added [ 529.036324][ T9686] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 529.054804][ T9457] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 529.061780][ T9457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 529.122946][ T9686] x_tables: ip_tables: osf match: only valid for protocol 6 [ 529.141205][ T9689] openvswitch: netlink: Missing key (keys=40, expected=80) [ 529.151076][ T9457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 529.195906][ T9687] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1033'. [ 529.252461][ T9457] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 529.277020][ T9457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 529.323496][ T9457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 529.461409][ T5263] IPVS: starting estimator thread 0... [ 529.554912][ T9698] IPVS: using max 31 ests per chain, 74400 per kthread [ 530.867423][ T9457] hsr_slave_0: entered promiscuous mode [ 530.895353][ T9457] hsr_slave_1: entered promiscuous mode [ 531.940156][ T29] audit: type=1400 audit(1723098203.297:701): avc: denied { bind } for pid=9706 comm="syz.4.1040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 531.973382][ T29] audit: type=1400 audit(1723098203.307:702): avc: denied { listen } for pid=9706 comm="syz.4.1040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 532.011584][ T29] audit: type=1400 audit(1723098203.347:703): avc: denied { write } for pid=9706 comm="syz.4.1040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 532.654754][ T5215] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 532.779188][ T9457] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 533.574036][ T5215] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 533.574645][ T29] audit: type=1400 audit(1723098204.957:704): avc: denied { append } for pid=9724 comm="syz.4.1046" name="sg0" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 533.585736][ T9457] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 533.614725][ T5215] usb 3-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 533.631322][ T5215] usb 3-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84 [ 533.644643][ T5215] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 533.652949][ T5215] usb 3-1: Product: syz [ 533.671188][ T5215] usb 3-1: SerialNumber: syz [ 533.671720][ T9457] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 533.712096][ T5215] option 3-1:7.0: GSM modem (1-port) converter detected [ 533.762496][ T9457] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 534.203822][ T9457] 8021q: adding VLAN 0 to HW filter on device bond0 [ 534.302756][ T9457] 8021q: adding VLAN 0 to HW filter on device team0 [ 534.381174][ T5215] bridge0: port 1(bridge_slave_0) entered blocking state [ 534.388324][ T5215] bridge0: port 1(bridge_slave_0) entered forwarding state [ 534.472625][ T945] bridge0: port 2(bridge_slave_1) entered blocking state [ 534.479854][ T945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 535.739462][ T945] usb 3-1: USB disconnect, device number 9 [ 535.773488][ T945] option 3-1:7.0: device disconnected [ 535.879881][ T9457] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 535.948920][ T9762] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1055'. [ 536.253278][ T9457] veth0_vlan: entered promiscuous mode [ 536.461295][ T9457] veth1_vlan: entered promiscuous mode [ 537.287736][ T9457] veth0_macvtap: entered promiscuous mode [ 537.309386][ T9457] veth1_macvtap: entered promiscuous mode [ 537.412612][ T9457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.638677][ T9457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.658998][ T9457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 539.174401][ T9457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.225795][ T9457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 539.249707][ T9457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.270625][ T9457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 539.291950][ T9457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.301941][ T9457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 539.322601][ T9457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.337146][ T9457] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 539.408707][ T29] audit: type=1400 audit(1723098211.487:705): avc: denied { create } for pid=9801 comm="syz.1.1065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 539.587950][ T9457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.692987][ T9457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.728502][ T9457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.744329][ T9457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.754932][ T9457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.765900][ T9457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.775774][ T9457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.786904][ T9457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.796922][ T9457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.807514][ T9457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.987825][ T9457] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 540.111204][ T29] audit: type=1326 audit(1723098212.147:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.2.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 540.259067][ T29] audit: type=1326 audit(1723098212.147:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.2.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 540.747285][ T9457] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.860990][ T9457] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.870158][ T29] audit: type=1326 audit(1723098212.147:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.2.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 540.893636][ T9457] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.914608][ T9457] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.950905][ T29] audit: type=1326 audit(1723098212.147:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.2.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 541.062284][ T29] audit: type=1326 audit(1723098212.147:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.2.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 541.085575][ C1] vkms_vblank_simulate: vblank timer overrun [ 541.170791][ T29] audit: type=1326 audit(1723098212.157:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.2.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 541.209676][ T29] audit: type=1326 audit(1723098212.157:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.2.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 541.232960][ C1] vkms_vblank_simulate: vblank timer overrun [ 541.240338][ T29] audit: type=1326 audit(1723098212.157:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.2.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 541.263623][ C1] vkms_vblank_simulate: vblank timer overrun [ 541.302867][ T29] audit: type=1326 audit(1723098212.157:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.2.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 541.720768][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 541.768574][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.268614][ T1279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 542.313619][ T1279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.349273][ T9830] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1071'. [ 542.424683][ T9833] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=50 sclass=netlink_tcpdiag_socket pid=9833 comm=syz.3.1071 [ 542.925037][ T5215] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 543.172807][ T5215] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 543.296515][ T5215] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 543.435699][ T5215] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 13155, setting to 64 [ 543.488703][ T5215] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 543.578747][ T5215] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 543.600388][ T9843] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 543.623732][ T5215] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 543.631879][ T5215] usb 3-1: Product: syz [ 543.673907][ T5215] usb 3-1: Manufacturer: syz [ 543.679935][ T5215] usb 3-1: SerialNumber: syz [ 543.708164][ T5215] usb 3-1: config 0 descriptor?? [ 543.728539][ T9837] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 543.762516][ T5215] input: KB Gear Tablet as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input20 [ 544.166607][ T5215] usb 3-1: USB disconnect, device number 10 [ 544.370904][ T9854] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 544.672642][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 544.672661][ T29] audit: type=1400 audit(1723098216.747:718): avc: denied { getopt } for pid=9850 comm="syz.0.1077" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 544.721680][ T9851] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1077'. [ 544.913755][ T9862] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1079'. [ 545.794977][ T29] audit: type=1400 audit(1723098217.807:719): avc: denied { read } for pid=9870 comm="syz.4.1083" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 545.911933][ T29] audit: type=1400 audit(1723098217.807:720): avc: denied { open } for pid=9870 comm="syz.4.1083" path="/220/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 548.774655][ T5217] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 548.785831][ T5217] Bluetooth: hci4: Injecting HCI hardware error event [ 548.795317][ T56] Bluetooth: hci4: hardware error 0x00 [ 548.817161][ T9895] CIFS mount error: No usable UNC path provided in device string! [ 548.817161][ T9895] [ 548.887362][ T9895] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 548.964820][ T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 549.106932][ T9902] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1089'. [ 549.259484][ T29] audit: type=1400 audit(1723098221.157:721): avc: denied { write } for pid=9896 comm="syz.2.1089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 549.916679][ T9] usb 2-1: config index 0 descriptor too short (expected 106, got 36) [ 549.937626][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 549.948884][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 549.965767][ T9] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00 [ 549.982179][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.029866][ T9] usb 2-1: config 0 descriptor?? [ 550.393382][ T29] audit: type=1326 audit(1723098222.367:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9910 comm="syz.3.1095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4df51779f9 code=0x7ffc0000 [ 551.091589][ T56] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 551.102237][ T9] corsair 0003:1B1C:1B3E.000B: unknown main item tag 0x0 [ 551.157823][ T9] corsair 0003:1B1C:1B3E.000B: unknown main item tag 0x0 [ 551.165113][ T9] corsair 0003:1B1C:1B3E.000B: unknown main item tag 0x0 [ 551.172181][ T9] corsair 0003:1B1C:1B3E.000B: unknown main item tag 0x0 [ 551.181674][ T9] corsair 0003:1B1C:1B3E.000B: unknown main item tag 0x0 [ 551.192175][ T9] corsair 0003:1B1C:1B3E.000B: failed to start in urb: -90 [ 551.200145][ T29] audit: type=1326 audit(1723098222.367:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9910 comm="syz.3.1095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4df51779f9 code=0x7ffc0000 [ 551.203333][ T9] corsair 0003:1B1C:1B3E.000B: hidraw0: USB HID v0.00 Device [HID 1b1c:1b3e] on usb-dummy_hcd.1-1/input0 [ 551.238975][ T9918] /dev/sg0: Can't lookup blockdev [ 551.274843][ T29] audit: type=1326 audit(1723098222.377:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9910 comm="syz.3.1095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f4df51779f9 code=0x7ffc0000 [ 551.385278][ T29] audit: type=1326 audit(1723098222.377:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9910 comm="syz.3.1095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4df51779f9 code=0x7ffc0000 [ 551.412277][ T9925] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1098'. [ 551.450938][ T5215] usb 2-1: USB disconnect, device number 18 [ 551.461860][ T29] audit: type=1326 audit(1723098222.377:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9910 comm="syz.3.1095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4df51779f9 code=0x7ffc0000 [ 551.549918][ T29] audit: type=1326 audit(1723098222.377:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9910 comm="syz.3.1095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f4df51779f9 code=0x7ffc0000 [ 551.595084][ T29] audit: type=1326 audit(1723098222.377:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9910 comm="syz.3.1095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4df51779f9 code=0x7ffc0000 [ 551.669628][ T29] audit: type=1326 audit(1723098222.377:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9910 comm="syz.3.1095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4df51779f9 code=0x7ffc0000 [ 551.705282][ T29] audit: type=1326 audit(1723098222.387:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9910 comm="syz.3.1095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4df51779f9 code=0x7ffc0000 [ 551.760446][ T29] audit: type=1326 audit(1723098222.387:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9910 comm="syz.3.1095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4df51779f9 code=0x7ffc0000 [ 551.896453][ T5215] kernel write not supported for file /vbi7 (pid: 5215 comm: kworker/1:3) [ 556.114043][ T9970] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1116'. [ 556.174984][ T8500] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 556.367744][ T8500] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 556.386699][ T8500] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 556.406835][ T8500] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 556.422462][ T8500] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 556.432179][ T8500] usb 2-1: Manufacturer: syz [ 556.449214][ T8500] usb 2-1: config 0 descriptor?? [ 556.554743][ T8500] rc_core: IR keymap rc-hauppauge not found [ 556.576984][ T8500] Registered IR keymap rc-empty [ 556.600881][ T8500] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 556.632930][ T8500] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input23 [ 556.689583][ T9963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 556.699206][ T9963] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 557.099243][ T9985] sp0: Synchronizing with TNC [ 558.461346][ T9363] cxacru 4-1:0.0: firmware (cxacru-fw.bin) unavailable (system misconfigured?) [ 558.480280][ T7163] udevd[7163]: failed to send result of seq 16550 to main daemon: Connection refused [ 558.652714][T10006] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1124'. [ 558.854670][ T5297] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 558.899835][ T9963] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 559.047191][ T5215] usb 2-1: USB disconnect, device number 19 [ 559.065065][ T5297] usb 4-1: Using ep0 maxpacket: 16 [ 559.072711][ T5297] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 559.109535][ T5297] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 5.00 [ 559.129299][ T5297] usb 4-1: New USB device strings: Mfr=251, Product=1, SerialNumber=3 [ 559.154946][ T5297] usb 4-1: Product: syz [ 559.168067][ T5297] usb 4-1: Manufacturer: syz [ 559.183677][ T5297] usb 4-1: SerialNumber: syz [ 559.202680][ T5297] usb 4-1: config 0 descriptor?? [ 559.308273][ T5297] usb 4-1: can't set config #0, error -71 [ 559.329445][ T5297] usb 4-1: USB disconnect, device number 10 [ 560.610450][ T29] kauditd_printk_skb: 30 callbacks suppressed [ 560.610469][ T29] audit: type=1400 audit(1723098232.687:762): avc: denied { bind } for pid=10034 comm="syz.2.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 560.616437][T10035] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 560.914908][ T29] audit: type=1400 audit(1723098232.997:763): avc: denied { shutdown } for pid=10034 comm="syz.2.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 561.259650][T10042] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.869885][T10054] vxcan1: tx address claim with different name [ 563.113658][T10070] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1144'. [ 563.153336][T10070] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 563.173878][T10070] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 563.221075][T10067] ip6t_REJECT: ECHOREPLY is not supported [ 563.419138][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.848094][ T29] audit: type=1400 audit(1723098235.907:764): avc: denied { write } for pid=10081 comm="syz.0.1148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 565.335907][ T29] audit: type=1326 audit(1723098237.417:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10084 comm="syz.1.1150" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd635779f9 code=0x0 [ 566.278733][ T29] audit: type=1400 audit(1723098237.647:766): avc: denied { getopt } for pid=10102 comm="syz.4.1153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 566.334780][ T8500] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 566.435532][ T29] audit: type=1400 audit(1723098238.517:767): avc: denied { getopt } for pid=10106 comm="syz.4.1154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 566.605043][ T8500] usb 1-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 566.631117][ T29] audit: type=1400 audit(1723098238.707:768): avc: denied { mount } for pid=10108 comm="syz.4.1155" name="/" dev="ramfs" ino=31214 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 566.634590][ T8500] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.782987][ T8500] usb 1-1: config 0 descriptor?? [ 566.810308][ T8500] gspca_main: spca508-2.14.0 probing 8086:0110 [ 567.090147][ T8500] gspca_spca508: reg_read err -71 [ 567.106184][ T8500] gspca_spca508: reg_read err -71 [ 567.122220][ T8500] gspca_spca508: reg_read err -71 [ 567.145880][ T8500] gspca_spca508: reg_read err -71 [ 567.186628][ T8500] gspca_spca508: reg_read err -71 [ 567.234160][ T8500] gspca_spca508: reg write: error -71 [ 567.256407][ T8500] spca508 1-1:0.0: probe with driver spca508 failed with error -71 [ 567.274107][ T8500] usb 1-1: USB disconnect, device number 11 [ 567.434846][ T5297] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 567.462078][T10124] Bluetooth: (null): Invalid header checksum [ 572.795886][T10129] binder: 10127:10129 ioctl c0306201 200003c0 returned -14 [ 574.297749][ T8500] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 574.527639][ T8500] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 574.585009][T10154] block nbd3: shutting down sockets [ 574.593261][ T8500] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 574.614945][ T8500] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 574.645819][ T8500] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 574.660326][ T8500] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.690886][ T8500] usb 1-1: config 0 descriptor?? [ 574.701697][T10149] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 575.099492][T10165] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1173'. [ 575.404636][ T8500] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 575.453452][ T8500] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 575.482759][T10167] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1175'. [ 575.502971][ T8500] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 575.554450][T10167] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1175'. [ 577.173065][ T5297] usb 1-1: USB disconnect, device number 12 [ 577.273837][T10180] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 578.887989][ T29] audit: type=1326 audit(1723098250.907:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10206 comm="syz.2.1187" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x0 [ 579.153979][ T5297] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 579.851920][T10211] xt_socket: unknown flags 0x50 [ 580.692961][ T5297] usb 1-1: Using ep0 maxpacket: 16 [ 581.599286][ T5297] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 581.623483][ T5297] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.666431][ T5297] usb 1-1: Product: syz [ 581.675611][ T5297] usb 1-1: Manufacturer: syz [ 581.690459][ T5297] usb 1-1: SerialNumber: syz [ 581.701690][ T5297] usb 1-1: config 0 descriptor?? [ 581.854752][ T5297] usb 1-1: can't set config #0, error -71 [ 581.895084][ T5297] usb 1-1: USB disconnect, device number 13 [ 582.536975][T10233] block nbd4: shutting down sockets [ 583.904209][T10251] input: syz0 as /devices/virtual/input/input25 [ 584.957604][ T29] audit: type=1400 audit(1723098257.037:770): avc: denied { mounton } for pid=10249 comm="syz.2.1200" path="/79/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 585.106479][ T29] audit: type=1400 audit(1723098257.047:771): avc: denied { getattr } for pid=10249 comm="syz.2.1200" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 585.273493][T10262] ptrace attach of "./syz-executor exec"[7410] was attempted by "./syz-executor exec"[10262] [ 585.358469][T10262] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 586.415934][ T29] audit: type=1400 audit(1723098258.497:772): avc: denied { accept } for pid=10271 comm="syz.3.1208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 587.881270][T10295] block nbd0: shutting down sockets [ 590.194762][ T29] audit: type=1400 audit(1723098262.267:773): avc: denied { create } for pid=10317 comm="syz.3.1222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 590.617577][T10320] netlink: 1276 bytes leftover after parsing attributes in process `syz.2.1220'. [ 590.995945][ T5297] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 591.238504][T10335] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 592.044063][ T5297] usb 2-1: New USB device found, idVendor=2c7c, idProduct=0900, bcdDevice=38.c0 [ 592.104104][ T5297] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.147692][ T5297] usb 2-1: Product: syz [ 592.151984][ T5297] usb 2-1: Manufacturer: syz [ 592.169927][ T5297] usb 2-1: SerialNumber: syz [ 592.209136][ T5297] usb 2-1: config 0 descriptor?? [ 592.256843][ T5297] option 2-1:0.0: GSM modem (1-port) converter detected [ 592.880676][T10350] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1231'. [ 594.029640][ T8500] usb 2-1: USB disconnect, device number 21 [ 594.047894][ T8500] option 2-1:0.0: device disconnected [ 594.163541][T10360] netlink: 'syz.2.1234': attribute type 1 has an invalid length. [ 595.535778][ T29] audit: type=1400 audit(1723098267.587:774): avc: denied { execute } for pid=10364 comm="syz.4.1236" path="/dev/nullb0" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 596.600983][T10393] __find_get_block_slow() failed. block=144115188075855872, b_blocknr=0, b_state=0x00106019, b_size=4096, device sda1 blocksize: 4096 [ 596.615981][T10393] grow_buffers: requested out-of-range block 144115188075855872 for device sda1 [ 596.626170][T10393] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted [ 597.694700][ T5215] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 597.900859][ T5215] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 597.933638][ T5215] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 597.946823][ T5215] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 597.959170][ T5215] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.010272][ T5215] usb 2-1: config 0 descriptor?? [ 598.180995][T10411] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1251'. [ 598.614152][T10415] ERROR: device name not specified. [ 598.628793][ T5215] wacom 0003:056A:0331.000D: item fetching failed at offset 5/7 [ 598.651616][T10417] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1253'. [ 598.675269][ T5215] wacom 0003:056A:0331.000D: parse failed [ 598.684377][T10415] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1252'. [ 598.693778][ T5215] wacom 0003:056A:0331.000D: probe with driver wacom failed with error -22 [ 598.790122][T10415] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54833 sclass=netlink_route_socket pid=10415 comm=syz.0.1252 [ 599.707274][T10415] ALSA: seq fatal error: cannot create timer (-22) [ 599.879306][ T5215] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 599.954746][ T8] usb 2-1: USB disconnect, device number 22 [ 600.112040][ T5215] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 600.124358][ T5215] usb 3-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=71.94 [ 600.152337][ T5215] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.188157][ T5215] usb 3-1: config 0 descriptor?? [ 600.273056][ T5215] ttusbir 3-1:0.0: cannot find expected altsetting [ 600.903468][T10432] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 600.910093][ T9] usb 3-1: USB disconnect, device number 11 [ 602.557609][T10450] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 602.984976][T10448] xt_l2tp: v2 sid > 0xffff: 536870912 [ 604.351496][T10471] No such timeout policy "syz0" [ 604.669449][ T5260] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 604.876493][ T5260] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 604.893519][ T5260] usb 3-1: config 0 has no interfaces? [ 604.916682][ T5260] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 604.944644][ T5260] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 604.952675][ T5260] usb 3-1: Product: syz [ 604.981955][ T5260] usb 3-1: Manufacturer: syz [ 604.997451][ T5260] usb 3-1: SerialNumber: syz [ 605.025671][ T5260] usb 3-1: config 0 descriptor?? [ 605.064613][ T5215] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 605.774792][ T29] audit: type=1400 audit(1723098277.647:775): avc: denied { map } for pid=10485 comm="syz.4.1276" path="/dev/usbmon0" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 605.845479][ T5215] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 605.944679][ T5215] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 606.048618][ T5215] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 606.087351][ T29] audit: type=1400 audit(1723098277.647:776): avc: denied { execute } for pid=10485 comm="syz.4.1276" path="/dev/usbmon0" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 606.111730][ T5215] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 606.144817][ T5215] usb 2-1: SerialNumber: syz [ 606.206082][ T8500] usb 3-1: USB disconnect, device number 12 [ 606.432921][ T5215] usb 2-1: 0:2 : does not exist [ 606.449467][ T5215] usb 2-1: unit 255 not found! [ 606.516965][ T5215] usb 2-1: USB disconnect, device number 23 [ 606.534336][T10493] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 606.853483][T10499] serio: Serial port pts0 [ 608.246344][ T29] audit: type=1400 audit(1723098280.307:777): avc: denied { mounton } for pid=10503 comm="syz.4.1282" path="/273/file0" dev="tmpfs" ino=1447 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 609.246677][ T29] audit: type=1326 audit(1723098281.327:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10515 comm="syz.4.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 609.368267][ T29] audit: type=1326 audit(1723098281.377:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10515 comm="syz.4.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 609.480262][ T29] audit: type=1326 audit(1723098281.377:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10515 comm="syz.4.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 610.194761][ T29] audit: type=1326 audit(1723098281.377:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10515 comm="syz.4.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 610.235582][ T29] audit: type=1326 audit(1723098281.377:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10515 comm="syz.4.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2619b779f9 code=0x7ffc0000 [ 610.261985][ T5217] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 610.273309][ T5217] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 610.282293][ T5217] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 610.292192][ T5217] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 610.301090][ T5217] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 610.309276][ T5217] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 611.034707][ T5260] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 611.307793][T10525] chnl_net:caif_netlink_parms(): no params data found [ 611.404590][ T5260] usb 5-1: config 0 has no interfaces? [ 612.105700][ T5260] usb 5-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice=65.8c [ 612.124929][ T5260] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.167767][ T5260] usb 5-1: config 0 descriptor?? [ 612.374698][ T5217] Bluetooth: hci6: command tx timeout [ 612.765511][T10525] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.785990][T10525] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.828216][T10525] bridge_slave_0: entered allmulticast mode [ 612.877900][T10525] bridge_slave_0: entered promiscuous mode [ 612.918368][ T5260] usb 5-1: USB disconnect, device number 14 [ 612.941493][T10525] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.971210][T10525] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.984743][T10525] bridge_slave_1: entered allmulticast mode [ 613.026646][T10525] bridge_slave_1: entered promiscuous mode [ 613.499285][T10525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 613.549892][T10525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 613.643917][T10557] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1296'. [ 613.811441][ T2552] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.064778][T10525] team0: Port device team_slave_0 added [ 614.108029][T10525] team0: Port device team_slave_1 added [ 614.135217][T10571] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1300'. [ 614.241700][ T2552] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.296142][T10572] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1300'. [ 614.455120][ T5217] Bluetooth: hci6: command tx timeout [ 614.524233][ T2552] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.840959][T10525] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 614.883147][T10525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 614.912980][T10525] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 615.085049][ T2552] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.134700][T10525] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 615.149772][T10525] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 615.182233][T10525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 615.309631][T10525] hsr_slave_0: entered promiscuous mode [ 615.317465][T10525] hsr_slave_1: entered promiscuous mode [ 615.324423][T10525] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 615.332665][T10525] Cannot create hsr debugfs directory [ 615.500516][ T2552] bridge_slave_1: left allmulticast mode [ 615.507261][ T2552] bridge_slave_1: left promiscuous mode [ 615.513230][ T2552] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.526635][ T2552] bridge_slave_0: left allmulticast mode [ 615.540424][ T2552] bridge_slave_0: left promiscuous mode [ 615.547789][ T2552] bridge0: port 1(bridge_slave_0) entered disabled state [ 615.970659][ T29] audit: type=1400 audit(1723098288.047:783): avc: denied { getopt } for pid=10584 comm="syz.4.1307" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 616.534728][ T5217] Bluetooth: hci6: command tx timeout [ 617.161735][T10602] ieee802154 phy1 wpan1: encryption failed: -22 [ 617.177120][ T29] audit: type=1400 audit(1723098289.237:784): avc: denied { write } for pid=10589 comm="syz.2.1306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 617.387037][T10601] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1309'. [ 617.815348][ T29] audit: type=1400 audit(1723098289.457:785): avc: denied { create } for pid=10596 comm="syz.4.1309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 617.855860][ T29] audit: type=1400 audit(1723098289.467:786): avc: denied { write } for pid=10596 comm="syz.4.1309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 617.947073][ T29] audit: type=1400 audit(1723098289.467:787): avc: denied { nlmsg_write } for pid=10596 comm="syz.4.1309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 618.195396][T10608] syz.2.1311: attempt to access beyond end of device [ 618.195396][T10608] loop2: rw=0, sector=0, nr_sectors = 8 limit=0 [ 618.253263][T10608] F2FS-fs (loop2): Unable to read 1th superblock [ 618.272731][T10608] syz.2.1311: attempt to access beyond end of device [ 618.272731][T10608] loop2: rw=0, sector=8, nr_sectors = 8 limit=0 [ 618.292053][T10608] F2FS-fs (loop2): Unable to read 2th superblock [ 618.359937][T10609] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1310'. [ 618.615210][ T5217] Bluetooth: hci6: command tx timeout [ 618.676757][ T29] audit: type=1400 audit(1723098290.757:788): avc: denied { execmem } for pid=10618 comm="syz.4.1315" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 619.015287][T10621] netlink: 'syz.4.1315': attribute type 11 has an invalid length. [ 619.023189][T10621] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1315'. [ 619.108350][T10621] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 619.932784][ T2552] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 619.944403][ T2552] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 619.965843][ T2552] bond0 (unregistering): Released all slaves [ 620.124629][ T5260] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 620.337314][ T5260] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 620.404649][ T5260] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 620.449126][ T5260] usb 3-1: config 0 descriptor?? [ 621.804232][ T2552] hsr_slave_0: left promiscuous mode [ 621.833581][ T2552] hsr_slave_1: left promiscuous mode [ 621.850481][ T2552] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 621.860120][ T2552] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 621.909261][ T2552] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 621.924730][ T5297] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 621.963031][ T2552] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 622.124730][ T5297] usb 1-1: Using ep0 maxpacket: 8 [ 622.147674][ T5297] usb 1-1: New USB device found, idVendor=0547, idProduct=7303, bcdDevice=22.1b [ 622.168610][ T2552] veth1_vlan: left promiscuous mode [ 622.185635][ T5297] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.193816][ T5297] usb 1-1: Product: syz [ 622.198295][ T2552] veth0_vlan: left promiscuous mode [ 622.223676][ T5297] usb 1-1: Manufacturer: syz [ 622.228613][ T5297] usb 1-1: SerialNumber: syz [ 622.258629][ T5297] usb 1-1: config 0 descriptor?? [ 622.279805][ T5297] gspca_main: dtcs033-2.14.0 probing 0547:7303 [ 622.415458][ T5260] usb 3-1: Cannot set autoneg [ 622.420272][ T5260] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 622.473760][ T5260] usb 3-1: USB disconnect, device number 13 [ 622.857775][ T5263] usb 1-1: USB disconnect, device number 14 [ 625.114682][ T8] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 625.216060][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.227727][ T29] audit: type=1400 audit(1723098297.307:789): avc: denied { unmount } for pid=6204 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 625.330428][ T5263] IPVS: starting estimator thread 0... [ 625.339571][T10655] IPVS: wrr: SCTP 127.0.0.1:0 - no destination available [ 625.429630][T10656] IPVS: using max 17 ests per chain, 40800 per kthread [ 625.439180][ T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 625.454759][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64 [ 625.455524][T10658] netlink: 'syz.4.1325': attribute type 2 has an invalid length. [ 625.470408][ T8] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 625.511105][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 625.542610][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 625.558363][ T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 625.584514][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64 [ 625.598908][ T8] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 625.610843][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 625.636501][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 625.658914][ T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 625.689923][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64 [ 625.715218][ T8] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 625.716089][T10661] No control pipe specified [ 625.753027][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 625.777226][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 625.813959][ T8] usb 3-1: string descriptor 0 read error: -22 [ 625.836315][ T8] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 625.845781][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.928503][ T8] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 626.029932][ T2552] team0 (unregistering): Port device team_slave_1 removed [ 626.155540][ T2552] team0 (unregistering): Port device team_slave_0 removed [ 626.297205][ T5297] usb 3-1: USB disconnect, device number 14 [ 626.674000][T10667] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1328'. [ 626.769509][T10670] netlink: 'syz.4.1328': attribute type 1 has an invalid length. [ 626.799477][T10670] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1328'. [ 626.823090][T10667] dccp_invalid_packet: pskb_may_pull failed [ 627.327660][T10678] binder: 10677:10678 ioctl 4018620d 0 returned -22 [ 627.592916][T10525] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 627.630973][T10525] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 628.125412][T10525] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 628.211258][T10525] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 628.218765][T10686] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1334'. [ 628.409704][ T2552] IPVS: stop unused estimator thread 0... [ 628.584978][T10683] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 629.200418][T10525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 629.414033][T10525] 8021q: adding VLAN 0 to HW filter on device team0 [ 629.668573][T10705] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1339'. [ 632.054719][ T5217] Bluetooth: hci0: command 0x0406 tx timeout [ 634.493617][T10700] ªªªªªª: renamed from vlan0 (while UP) [ 634.581263][ T8500] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.588504][ T8500] bridge0: port 1(bridge_slave_0) entered forwarding state [ 634.600597][ T8500] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.607729][ T8500] bridge0: port 2(bridge_slave_1) entered forwarding state [ 635.806263][T10722] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1342'. [ 635.815575][T10722] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1342'. [ 635.826305][T10722] netlink: 'syz.2.1342': attribute type 6 has an invalid length. [ 635.834389][T10722] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1342'. [ 635.996484][ T5297] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 636.134458][T10525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 636.197670][ T5297] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 636.217949][ T5297] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 636.247399][ T5297] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.287133][ T5297] usb 2-1: config 0 descriptor?? [ 636.314058][ T5297] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 636.490258][T10525] veth0_vlan: entered promiscuous mode [ 636.568777][T10525] veth1_vlan: entered promiscuous mode [ 636.654615][ T5297] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 636.686720][T10525] veth0_macvtap: entered promiscuous mode [ 636.734162][T10525] veth1_macvtap: entered promiscuous mode [ 636.772131][T10525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 636.797759][T10525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.818003][T10525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 636.834572][T10525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.852089][T10525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 636.859298][ T5297] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 636.867718][T10525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.906558][T10525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 636.918399][ T5297] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 636.931728][T10525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.947595][ T5297] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 636.956871][T10525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 636.964554][ T5297] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.004363][T10525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.019741][ T5297] usb 3-1: config 0 descriptor?? [ 637.019767][T10525] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 637.038532][ T5260] usb 2-1: USB disconnect, device number 24 [ 637.094861][T10525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.106903][T10525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.125213][T10525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.142666][T10525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.154310][T10525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.165071][T10525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.188929][T10525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.207175][T10525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.222672][T10525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.247592][T10525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.267011][T10525] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 637.325892][T10525] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.356988][T10525] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.372613][T10525] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.384852][T10525] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.518621][ T5297] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 637.544996][ T5297] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 637.553966][ T5297] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving [ 637.571253][ T5297] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 637.605440][ T1129] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 637.643805][ T1129] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.036226][T10755] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1354'. [ 643.117008][ T1057] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 643.135002][ T9] usb 3-1: USB disconnect, device number 15 [ 643.168205][ T1057] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 643.662862][ T9] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 643.914610][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 644.203544][T10775] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1359'. [ 644.212688][T10775] netlink: 43 bytes leftover after parsing attributes in process `syz.0.1359'. [ 644.221735][T10775] netlink: 'syz.0.1359': attribute type 6 has an invalid length. [ 644.229621][T10775] netlink: 43 bytes leftover after parsing attributes in process `syz.0.1359'. [ 644.487222][ T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 644.526467][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.630941][ T9] usb 2-1: Product: syz [ 644.640584][ T9] usb 2-1: Manufacturer: syz [ 644.647858][ T9] usb 2-1: SerialNumber: syz [ 644.685794][ T9] usb 2-1: config 0 descriptor?? [ 644.706302][ T29] audit: type=1326 audit(1723098316.787:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10781 comm="syz.3.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e95b779f9 code=0x7ffc0000 [ 644.739699][ T29] audit: type=1326 audit(1723098316.807:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10781 comm="syz.3.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f9e95b779f9 code=0x7ffc0000 [ 644.871339][ T29] audit: type=1326 audit(1723098316.807:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10781 comm="syz.3.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e95b779f9 code=0x7ffc0000 [ 645.030822][ T9] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 645.042807][ T29] audit: type=1326 audit(1723098316.807:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10781 comm="syz.3.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e95b779f9 code=0x7ffc0000 [ 645.113835][ T29] audit: type=1326 audit(1723098316.847:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10781 comm="syz.3.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f9e95b779f9 code=0x7ffc0000 [ 645.250384][ T29] audit: type=1326 audit(1723098316.857:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10781 comm="syz.3.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e95b779f9 code=0x7ffc0000 [ 645.384712][ T29] audit: type=1326 audit(1723098316.857:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10781 comm="syz.3.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e95b779f9 code=0x7ffc0000 [ 648.161588][ T9] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 648.233669][ T9] usb 2-1: USB disconnect, device number 25 [ 648.440398][T10809] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1371'. [ 649.286080][T10811] pim6reg1: entered promiscuous mode [ 649.291420][T10811] pim6reg1: entered allmulticast mode [ 649.433733][T10813] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10813 comm=syz.4.1372 [ 650.087606][T10836] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1379'. [ 650.120756][T10838] 9pnet_fd: Insufficient options for proto=fd [ 650.174186][T10836] Bluetooth: MGMT ver 1.23 [ 650.278481][T10838] overlayfs: overlapping lowerdir path [ 650.374804][ T5260] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 650.579708][ T5260] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 650.616427][ T5260] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 650.652980][ T5260] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 650.705399][ T5260] usb 5-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00 [ 650.738982][ T5260] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.828286][ T5260] usb 5-1: config 0 descriptor?? [ 650.921767][ T29] audit: type=1400 audit(1723098322.997:797): avc: denied { nlmsg_read } for pid=10845 comm="syz.2.1382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 651.036861][ T29] audit: type=1400 audit(1723098322.997:798): avc: denied { getopt } for pid=10847 comm="syz.1.1383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 651.284603][ T5263] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 651.377826][ T5260] playstation 0003:054C:0BA0.000F: unknown main item tag 0x0 [ 651.392526][ T5260] playstation 0003:054C:0BA0.000F: unbalanced collection at end of report description [ 651.419326][ T5260] playstation 0003:054C:0BA0.000F: Parse failed [ 651.433411][ T5260] playstation 0003:054C:0BA0.000F: probe with driver playstation failed with error -22 [ 651.491197][ T5263] usb 3-1: Using ep0 maxpacket: 32 [ 651.520543][ T5263] usb 3-1: New USB device found, idVendor=0421, idProduct=04d8, bcdDevice=6a.33 [ 651.536478][ T5263] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 651.551379][ T5263] usb 3-1: config 0 descriptor?? [ 651.563574][ T5263] usb 3-1: bad CDC descriptors [ 651.569522][ T5263] cdc_acm 3-1:0.0: Zero length descriptor references [ 651.604231][ T5263] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22 [ 651.702077][ T5263] usb 5-1: USB disconnect, device number 15 [ 651.896871][ T9] usb 3-1: USB disconnect, device number 16 [ 653.489484][T10859] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1385'. [ 653.498370][ T29] audit: type=1400 audit(1723098325.567:799): avc: denied { write } for pid=10853 comm="syz.4.1388" name="binder-control" dev="binder" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 655.901591][ T56] Bluetooth: hci2: unexpected event for opcode 0x0c1c [ 656.289691][T10896] input: syz0 as /devices/virtual/input/input28 [ 657.051167][T10905] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 657.214744][ T5297] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 658.175685][ T5297] usb 2-1: Using ep0 maxpacket: 32 [ 658.183454][ T5297] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 658.209441][ T5297] usb 2-1: New USB device found, idVendor=0123, idProduct=0001, bcdDevice=4a.fe [ 658.219861][ T5297] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 658.262180][ T5297] usb 2-1: Product: syz [ 658.274528][ T5297] usb 2-1: Manufacturer: syz [ 658.279221][ T5297] usb 2-1: SerialNumber: syz [ 658.308667][ T5297] usb 2-1: config 0 descriptor?? [ 659.186176][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 659.237167][ T5297] usbtouchscreen 2-1:0.0: probe with driver usbtouchscreen failed with error -71 [ 659.249568][ T5297] usb 2-1: USB disconnect, device number 26 [ 659.394069][T10932] nbd: must specify a size in bytes for the device [ 662.424262][ T56] Bluetooth: hci0: unexpected event for opcode 0x041c [ 663.554933][ T8] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 664.546962][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 664.564700][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 664.584648][ T8] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 664.593755][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.645839][ T8] usb 3-1: config 0 descriptor?? [ 664.851228][ T5297] IPVS: starting estimator thread 0... [ 665.326897][T11011] IPVS: using max 16 ests per chain, 38400 per kthread [ 665.384403][T10988] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 665.676996][T10988] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 665.859409][T11009] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 665.872208][ T56] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 665.902340][T11009] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 667.928628][T11009] siw: device registration error -19 [ 668.142942][ T8] usbhid 3-1:0.0: can't add hid device: -71 [ 668.223591][ T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 668.262590][ T8] usb 3-1: USB disconnect, device number 17 [ 668.355092][T11017] nfs4: Unknown parameter 'dev/cpu/#/msr' [ 668.405404][T11032] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 668.493347][T11036] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1439'. [ 668.504984][ T29] audit: type=1400 audit(1723098340.567:800): avc: denied { setopt } for pid=11025 comm="syz.4.1435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 668.563331][T11034] syzkaller1: entered promiscuous mode [ 668.584368][T11034] syzkaller1: entered allmulticast mode [ 668.753067][ T29] audit: type=1400 audit(1723098340.827:801): avc: denied { read } for pid=11025 comm="syz.4.1435" name="nvram" dev="devtmpfs" ino=625 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 668.776185][ C0] vkms_vblank_simulate: vblank timer overrun [ 668.824724][ T29] audit: type=1400 audit(1723098340.877:802): avc: denied { open } for pid=11025 comm="syz.4.1435" path="/dev/nvram" dev="devtmpfs" ino=625 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 670.593595][T11073] netlink: 'syz.0.1449': attribute type 1 has an invalid length. [ 670.620999][T11073] netlink: 9344 bytes leftover after parsing attributes in process `syz.0.1449'. [ 670.636767][T11073] netlink: 'syz.0.1449': attribute type 1 has an invalid length. [ 671.052171][ T29] audit: type=1400 audit(1723098343.127:803): avc: denied { watch } for pid=11079 comm="syz.2.1453" path="/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 671.381773][ T29] audit: type=1400 audit(1723098343.397:804): avc: denied { read } for pid=11079 comm="syz.2.1453" path="socket:[35257]" dev="sockfs" ino=35257 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 672.889957][ T8] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 673.261605][ T8] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 673.275301][ T8] usb 3-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 673.338348][T11105] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1462'. [ 673.396264][ T8] usb 3-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84 [ 673.407574][ T8] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 673.422479][T11107] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 673.429424][ T8] usb 3-1: Product: syz [ 673.433588][ T8] usb 3-1: SerialNumber: syz [ 673.699877][ T8] usb 3-1: bad CDC descriptors [ 673.713378][ T8] option 3-1:7.0: GSM modem (1-port) converter detected [ 673.847066][T11107] program syz.0.1462 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 674.178213][ T5263] usb 3-1: USB disconnect, device number 18 [ 674.185717][ T5263] option 3-1:7.0: device disconnected [ 675.464570][ T29] audit: type=1326 audit(1723098347.537:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 675.557226][ T29] audit: type=1326 audit(1723098347.577:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 675.643336][ T29] audit: type=1326 audit(1723098347.577:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 675.690981][ T29] audit: type=1326 audit(1723098347.577:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 675.790227][ T29] audit: type=1326 audit(1723098347.577:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 675.892571][ T29] audit: type=1326 audit(1723098347.577:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 675.958285][ T29] audit: type=1326 audit(1723098347.577:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 676.040805][ T29] audit: type=1326 audit(1723098347.587:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4940776390 code=0x7ffc0000 [ 676.075870][ T29] audit: type=1326 audit(1723098347.597:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f4940779187 code=0x7ffc0000 [ 676.219896][T11142] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1473'. [ 676.377108][ T29] audit: type=1326 audit(1723098347.597:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f49407779f9 code=0x7ffc0000 [ 677.252830][T11149] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 677.681560][T11157] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1476'. [ 678.718197][T11146] delete_channel: no stack [ 679.105739][T11160] netlink: 'syz.1.1480': attribute type 5 has an invalid length. [ 679.244586][ T5260] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 679.466974][ T5260] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 39 [ 679.485336][ T5260] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 679.519699][ T5260] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.557225][ T5260] usb 5-1: config 0 descriptor?? [ 679.594120][T11156] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 680.094607][ T5263] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 680.196631][T11186] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1489'. [ 680.214744][T11186] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1489'. [ 680.259966][T11186] vlan0: entered allmulticast mode [ 680.292054][T11186] veth0_vlan: entered allmulticast mode [ 680.331653][ T5263] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 680.365933][ T5263] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 680.441681][ T5263] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 680.504995][ T5263] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 680.597599][ T29] kauditd_printk_skb: 38 callbacks suppressed [ 680.597617][ T29] audit: type=1400 audit(1723098352.677:853): avc: denied { ioctl } for pid=11185 comm="syz.2.1489" path="socket:[35441]" dev="sockfs" ino=35441 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 680.608552][ T5263] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 680.730440][ T5263] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 680.775708][ T5263] usb 1-1: Manufacturer: syz [ 680.805617][ T5263] usb 1-1: config 0 descriptor?? [ 680.904087][ T5297] bridge0: port 2(bridge_slave_1) entered disabled state [ 681.347943][ T5263] appleir 0003:05AC:8243.0010: unknown main item tag 0x0 [ 681.376000][ T5263] appleir 0003:05AC:8243.0010: No inputs registered, leaving [ 681.446464][ T5263] appleir 0003:05AC:8243.0010: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 682.031997][ T5297] usb 1-1: USB disconnect, device number 15 [ 682.546039][T11218] ptrace attach of "./syz-executor exec"[10525] was attempted by "./syz-executor exec"[11218] [ 685.635540][ T5263] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 685.864830][ T5263] usb 1-1: Using ep0 maxpacket: 8 [ 685.941714][ T5263] usb 1-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64 [ 685.956433][ T29] audit: type=1400 audit(1723098358.027:854): avc: denied { accept } for pid=11245 comm="syz.4.1503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 685.964583][ T5263] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 686.129379][ T5263] usb 1-1: Product: syz [ 686.228796][ T5263] usb 1-1: Manufacturer: syz [ 686.233565][ T5263] usb 1-1: SerialNumber: syz [ 686.246545][ T5263] usb 1-1: config 0 descriptor?? [ 686.265578][ T5263] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state. [ 686.300470][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.311960][ T5263] pctv452e: pctv452e_power_ctrl: 1 [ 686.311960][ T5263] [ 686.329685][ T5263] usb 1-1: selecting invalid altsetting 3 [ 686.340617][ T5263] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22 [ 686.340617][ T5263] [ 686.367540][ T5263] dvb-usb: bulk message failed: -22 (5/0) [ 686.619870][ T5263] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-22) [ 686.756601][ T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 687.037973][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 687.047020][ T8500] usb 1-1: USB disconnect, device number 16 [ 687.068433][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7 [ 687.123514][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 687.147537][ T9] usb 4-1: New USB device found, idVendor=04ca, idProduct=3bfb, bcdDevice=6e.b5 [ 687.181516][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.263103][ T9] usb 4-1: Product: syz [ 687.271453][ T9] usb 4-1: Manufacturer: syz [ 687.303157][ T9] usb 4-1: SerialNumber: syz [ 687.318939][T11258] netlink: 'syz.4.1507': attribute type 29 has an invalid length. [ 687.329899][T11258] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1507'. [ 687.348755][ T9] usb 4-1: config 0 descriptor?? [ 687.378344][T11258] netlink: 'syz.4.1507': attribute type 29 has an invalid length. [ 687.419643][T11258] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1507'. [ 687.482551][T11258] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1507'. [ 687.491900][T11258] netlink: 57 bytes leftover after parsing attributes in process `syz.4.1507'. [ 687.517469][ T5263] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 687.668311][ T5215] usb 4-1: USB disconnect, device number 11 [ 687.739874][ T5263] usb 2-1: New USB device found, idVendor=0830, idProduct=0060, bcdDevice=13.2b [ 687.790094][ T5263] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.837128][ T5263] usb 2-1: Product: syz [ 687.862025][ T5263] usb 2-1: Manufacturer: syz [ 687.874673][ T5263] usb 2-1: SerialNumber: syz [ 688.261991][ T5263] usb 2-1: palm_os_4_probe - error -110 getting connection info [ 688.271276][ T5263] visor 2-1:1.0: Handspring Visor / Palm OS converter detected [ 688.323746][ T5263] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 689.029618][ T5263] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 689.045971][ T5263] usb 2-1: USB disconnect, device number 27 [ 689.064109][ T5263] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 689.106080][ T5263] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 689.152631][ T5263] visor 2-1:1.0: device disconnected [ 689.413634][ C1] sd 0:0:1:0: [sda] tag#426 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 689.424035][ C1] sd 0:0:1:0: [sda] tag#426 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01 [ 690.148578][T11278] block nbd2: shutting down sockets [ 692.792517][ T29] audit: type=1400 audit(1723098364.847:855): avc: denied { bind } for pid=11301 comm="syz.2.1521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 692.850200][ T56] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 [ 692.861914][ T56] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 56, name: kworker/u9:0 [ 692.871131][ T56] preempt_count: 0, expected: 0 [ 693.174254][ T56] RCU nest depth: 1, expected: 0 [ 693.194416][ T56] 4 locks held by kworker/u9:0/56: [ 693.199751][ T56] #0: ffff888025f9a148 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 693.210605][ T56] #1: ffffc9000121fd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 693.223684][ T56] #2: ffff88802d824078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30 [ 693.234493][ T56] #3: ffffffff8ddb5ca0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30 [ 693.245562][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/u9:0 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 693.256273][ T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 693.266351][ T56] Workqueue: hci2 hci_rx_work [ 693.271088][ T56] Call Trace: [ 693.274385][ T56] [ 693.277339][ T56] dump_stack_lvl+0x16c/0x1f0 [ 693.282065][ T56] __might_resched+0x3c0/0x5e0 [ 693.286864][ T56] ? hlock_class+0x4e/0x130 [ 693.291411][ T56] ? __pfx___might_resched+0x10/0x10 [ 693.296734][ T56] ? __pfx___lock_acquire+0x10/0x10 [ 693.302058][ T56] ? rcu_is_watching+0x12/0xc0 [ 693.306857][ T56] __mutex_lock+0xe2/0x9c0 [ 693.311307][ T56] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 693.317583][ T56] ? __pfx___mutex_lock+0x10/0x10 [ 693.322644][ T56] ? __pfx_lock_acquire+0x10/0x10 [ 693.327696][ T56] ? find_held_lock+0x2d/0x110 [ 693.332493][ T56] ? hci_event_packet+0x438/0x1180 [ 693.337637][ T56] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 693.343909][ T56] hci_le_create_big_complete_evt+0x387/0xb30 [ 693.350096][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 693.356716][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 693.363341][ T56] hci_le_meta_evt+0x2e2/0x5d0 [ 693.368139][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 693.374758][ T56] hci_event_packet+0x666/0x1180 [ 693.379729][ T56] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 693.385046][ T56] ? __pfx_hci_event_packet+0x10/0x10 [ 693.390448][ T56] ? mark_held_locks+0x9f/0xe0 [ 693.395241][ T56] ? kcov_remote_start+0x3d1/0x6e0 [ 693.400382][ T56] ? lockdep_hardirqs_on+0x7c/0x110 [ 693.405607][ T56] hci_rx_work+0x2c6/0x1610 [ 693.410146][ T56] process_one_work+0x9c5/0x1b40 [ 693.415119][ T56] ? __pfx_lock_acquire+0x10/0x10 [ 693.420170][ T56] ? __pfx_process_one_work+0x10/0x10 [ 693.425576][ T56] ? assign_work+0x1a0/0x250 [ 693.430200][ T56] worker_thread+0x6c8/0xf20 [ 693.434828][ T56] ? __pfx_worker_thread+0x10/0x10 [ 693.439964][ T56] kthread+0x2c1/0x3a0 [ 693.444052][ T56] ? _raw_spin_unlock_irq+0x23/0x50 [ 693.449277][ T56] ? __pfx_kthread+0x10/0x10 [ 693.453886][ T56] ret_from_fork+0x45/0x80 [ 693.458339][ T56] ? __pfx_kthread+0x10/0x10 [ 693.462954][ T56] ret_from_fork_asm+0x1a/0x30 [ 693.467757][ T56] [ 693.470809][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.539035][ T56] [ 693.541394][ T56] ============================= [ 693.546239][ T56] [ BUG: Invalid wait context ] [ 693.551087][ T56] 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 Tainted: G W [ 693.559678][ T56] ----------------------------- [ 693.564528][ T56] kworker/u9:0/56 is trying to lock: [ 693.569811][ T56] ffffffff8fc859e8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x387/0xb30 [ 693.580448][ T56] other info that might help us debug this: [ 693.586316][ T56] context-{4:4} [ 693.589754][ T56] 4 locks held by kworker/u9:0/56: [ 693.594845][ T56] #0: ffff888025f9a148 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 693.605276][ T56] #1: ffffc9000121fd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 693.616660][ T56] #2: ffff88802d824078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30 [ 693.627177][ T56] #3: ffffffff8ddb5ca0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30 [ 693.637950][ T56] stack backtrace: [ 693.641650][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/u9:0 Tainted: G W 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 693.653788][ T56] Tainted: [W]=WARN [ 693.657577][ T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 693.667624][ T56] Workqueue: hci2 hci_rx_work [ 693.672316][ T56] Call Trace: [ 693.675577][ T56] [ 693.678543][ T56] dump_stack_lvl+0x116/0x1f0 [ 693.683219][ T56] __lock_acquire+0x13cc/0x3cb0 [ 693.688066][ T56] ? __pfx___lock_acquire+0x10/0x10 [ 693.693262][ T56] ? irqentry_exit+0x3b/0x90 [ 693.697844][ T56] ? lockdep_hardirqs_on+0x7c/0x110 [ 693.703025][ T56] lock_acquire+0x1b1/0x560 [ 693.707515][ T56] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 693.713752][ T56] ? __pfx_lock_acquire+0x10/0x10 [ 693.718770][ T56] ? dump_stack_lvl+0x1a3/0x1f0 [ 693.723616][ T56] ? add_taint+0x5f/0xd0 [ 693.727851][ T56] ? __might_resched+0x3cc/0x5e0 [ 693.732960][ T56] ? hlock_class+0x4e/0x130 [ 693.737457][ T56] ? __pfx___might_resched+0x10/0x10 [ 693.742731][ T56] ? __pfx___lock_acquire+0x10/0x10 [ 693.747917][ T56] __mutex_lock+0x175/0x9c0 [ 693.752410][ T56] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 693.758640][ T56] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 693.764871][ T56] ? __pfx___mutex_lock+0x10/0x10 [ 693.769896][ T56] ? __pfx_lock_acquire+0x10/0x10 [ 693.774917][ T56] ? find_held_lock+0x2d/0x110 [ 693.779670][ T56] ? hci_event_packet+0x438/0x1180 [ 693.784770][ T56] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 693.791087][ T56] hci_le_create_big_complete_evt+0x387/0xb30 [ 693.797144][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 693.803723][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 693.810304][ T56] hci_le_meta_evt+0x2e2/0x5d0 [ 693.815061][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 693.821643][ T56] hci_event_packet+0x666/0x1180 [ 693.826569][ T56] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 693.831841][ T56] ? __pfx_hci_event_packet+0x10/0x10 [ 693.837200][ T56] ? mark_held_locks+0x9f/0xe0 [ 693.841951][ T56] ? kcov_remote_start+0x3d1/0x6e0 [ 693.847052][ T56] ? lockdep_hardirqs_on+0x7c/0x110 [ 693.852269][ T56] hci_rx_work+0x2c6/0x1610 [ 693.856768][ T56] process_one_work+0x9c5/0x1b40 [ 693.861716][ T56] ? __pfx_lock_acquire+0x10/0x10 [ 693.866731][ T56] ? __pfx_process_one_work+0x10/0x10 [ 693.872094][ T56] ? assign_work+0x1a0/0x250 [ 693.876671][ T56] worker_thread+0x6c8/0xf20 [ 693.881252][ T56] ? __pfx_worker_thread+0x10/0x10 [ 693.886374][ T56] kthread+0x2c1/0x3a0 [ 693.890430][ T56] ? _raw_spin_unlock_irq+0x23/0x50 [ 693.895613][ T56] ? __pfx_kthread+0x10/0x10 [ 693.900187][ T56] ret_from_fork+0x45/0x80 [ 693.904597][ T56] ? __pfx_kthread+0x10/0x10 [ 693.909172][ T56] ret_from_fork_asm+0x1a/0x30 [ 693.913929][ T56] [ 693.916962][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.012840][ T56] ================================================================== [ 694.020942][ T56] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa62/0xb30 [ 694.029990][ T56] Read of size 8 at addr ffff888022754000 by task kworker/u9:0/56 [ 694.037805][ T56] [ 694.040134][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/u9:0 Tainted: G W 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 694.052305][ T56] Tainted: [W]=WARN [ 694.056111][ T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 694.066178][ T56] Workqueue: hci2 hci_rx_work [ 694.070883][ T56] Call Trace: [ 694.074170][ T56] [ 694.077106][ T56] dump_stack_lvl+0x116/0x1f0 [ 694.081809][ T56] print_report+0xc3/0x620 [ 694.086242][ T56] ? __virt_addr_valid+0x5e/0x590 [ 694.091282][ T56] ? __phys_addr+0xc6/0x150 [ 694.095799][ T56] kasan_report+0xd9/0x110 [ 694.100232][ T56] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 694.106499][ T56] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 694.112761][ T56] hci_le_create_big_complete_evt+0xa62/0xb30 [ 694.118846][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 694.125455][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 694.132068][ T56] hci_le_meta_evt+0x2e2/0x5d0 [ 694.136854][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 694.143459][ T56] hci_event_packet+0x666/0x1180 [ 694.148422][ T56] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 694.153755][ T56] ? __pfx_hci_event_packet+0x10/0x10 [ 694.159143][ T56] ? mark_held_locks+0x9f/0xe0 [ 694.163925][ T56] ? kcov_remote_start+0x3d1/0x6e0 [ 694.169058][ T56] ? lockdep_hardirqs_on+0x7c/0x110 [ 694.174274][ T56] hci_rx_work+0x2c6/0x1610 [ 694.178804][ T56] process_one_work+0x9c5/0x1b40 [ 694.183759][ T56] ? __pfx_lock_acquire+0x10/0x10 [ 694.188796][ T56] ? __pfx_process_one_work+0x10/0x10 [ 694.194193][ T56] ? assign_work+0x1a0/0x250 [ 694.198799][ T56] worker_thread+0x6c8/0xf20 [ 694.203407][ T56] ? __pfx_worker_thread+0x10/0x10 [ 694.208534][ T56] kthread+0x2c1/0x3a0 [ 694.212617][ T56] ? _raw_spin_unlock_irq+0x23/0x50 [ 694.217832][ T56] ? __pfx_kthread+0x10/0x10 [ 694.222433][ T56] ret_from_fork+0x45/0x80 [ 694.226876][ T56] ? __pfx_kthread+0x10/0x10 [ 694.231480][ T56] ret_from_fork_asm+0x1a/0x30 [ 694.236270][ T56] [ 694.239290][ T56] [ 694.241613][ T56] Allocated by task 56: [ 694.245764][ T56] kasan_save_stack+0x33/0x60 [ 694.250454][ T56] kasan_save_track+0x14/0x30 [ 694.255146][ T56] __kasan_kmalloc+0xaa/0xb0 [ 694.259746][ T56] __hci_conn_add+0x131/0x1a50 [ 694.264530][ T56] hci_conn_add+0x56/0x70 [ 694.268875][ T56] hci_le_big_sync_established_evt+0x73f/0xad0 [ 694.275042][ T56] hci_le_meta_evt+0x2e2/0x5d0 [ 694.279822][ T56] hci_event_packet+0x666/0x1180 [ 694.284773][ T56] hci_rx_work+0x2c6/0x1610 [ 694.289291][ T56] process_one_work+0x9c5/0x1b40 [ 694.294240][ T56] worker_thread+0x6c8/0xf20 [ 694.298842][ T56] kthread+0x2c1/0x3a0 [ 694.302916][ T56] ret_from_fork+0x45/0x80 [ 694.307347][ T56] ret_from_fork_asm+0x1a/0x30 [ 694.312130][ T56] [ 694.314452][ T56] Freed by task 56: [ 694.318258][ T56] kasan_save_stack+0x33/0x60 [ 694.322946][ T56] kasan_save_track+0x14/0x30 [ 694.327634][ T56] kasan_save_free_info+0x3b/0x60 [ 694.332677][ T56] poison_slab_object+0xf7/0x160 [ 694.337625][ T56] __kasan_slab_free+0x32/0x50 [ 694.342400][ T56] kfree+0x12a/0x3b0 [ 694.346304][ T56] device_release+0xa1/0x240 [ 694.350909][ T56] kobject_put+0x1fa/0x5b0 [ 694.355332][ T56] put_device+0x1f/0x30 [ 694.359504][ T56] hci_conn_del_sysfs+0x151/0x180 [ 694.364543][ T56] hci_conn_del+0x54e/0xdb0 [ 694.369066][ T56] hci_le_create_big_complete_evt+0x4ba/0xb30 [ 694.375147][ T56] hci_le_meta_evt+0x2e2/0x5d0 [ 694.379929][ T56] hci_event_packet+0x666/0x1180 [ 694.384884][ T56] hci_rx_work+0x2c6/0x1610 [ 694.389404][ T56] process_one_work+0x9c5/0x1b40 [ 694.394359][ T56] worker_thread+0x6c8/0xf20 [ 694.398964][ T56] kthread+0x2c1/0x3a0 [ 694.403043][ T56] ret_from_fork+0x45/0x80 [ 694.407477][ T56] ret_from_fork_asm+0x1a/0x30 [ 694.412258][ T56] [ 694.414581][ T56] The buggy address belongs to the object at ffff888022754000 [ 694.414581][ T56] which belongs to the cache kmalloc-8k of size 8192 [ 694.428642][ T56] The buggy address is located 0 bytes inside of [ 694.428642][ T56] freed 8192-byte region [ffff888022754000, ffff888022756000) [ 694.442536][ T56] [ 694.444862][ T56] The buggy address belongs to the physical page: [ 694.451283][ T56] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22750 [ 694.460051][ T56] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 694.468555][ T56] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 694.476554][ T56] page_type: 0xfdffffff(slab) [ 694.481253][ T56] raw: 00fff00000000040 ffff888015842280 0000000000000000 dead000000000001 [ 694.489855][ T56] raw: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000 [ 694.498462][ T56] head: 00fff00000000040 ffff888015842280 0000000000000000 dead000000000001 [ 694.507152][ T56] head: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000 [ 694.515837][ T56] head: 00fff00000000003 ffffea000089d401 ffffffffffffffff 0000000000000000 [ 694.524518][ T56] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 694.533196][ T56] page dumped because: kasan: bad access detected [ 694.539625][ T56] page_owner tracks the page as allocated [ 694.545341][ T56] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 9450, tgid 9444 (syz.2.969), ts 505462947717, free_ts 505439798880 [ 694.568026][ T56] post_alloc_hook+0x2d1/0x350 [ 694.572810][ T56] get_page_from_freelist+0x1351/0x2e50 [ 694.578373][ T56] __alloc_pages_noprof+0x22b/0x2460 [ 694.583676][ T56] alloc_slab_page+0x4e/0xf0 [ 694.588294][ T56] new_slab+0x84/0x260 [ 694.592374][ T56] ___slab_alloc+0xdac/0x1870 [ 694.597065][ T56] __slab_alloc.constprop.0+0x56/0xb0 [ 694.602452][ T56] __kmalloc_node_noprof+0x357/0x430 [ 694.607754][ T56] __kvmalloc_node_noprof+0x6f/0x1a0 [ 694.613057][ T56] pfifo_fast_init+0x125/0x3b0 [ 694.617842][ T56] qdisc_create_dflt+0x101/0x440 [ 694.622795][ T56] mq_init+0x328/0x470 [ 694.626878][ T56] qdisc_create_dflt+0x101/0x440 [ 694.631824][ T56] dev_activate+0xaa7/0x12c0 [ 694.636422][ T56] __dev_open+0x396/0x4e0 [ 694.640765][ T56] __dev_change_flags+0x561/0x720 [ 694.645805][ T56] page last free pid 4671 tgid 4671 stack trace: [ 694.652130][ T56] free_unref_page+0x64a/0xe40 [ 694.656906][ T56] qlist_free_all+0x4e/0x140 [ 694.661509][ T56] kasan_quarantine_reduce+0x192/0x1e0 [ 694.666979][ T56] __kasan_slab_alloc+0x69/0x90 [ 694.671850][ T56] kmem_cache_alloc_noprof+0x121/0x2f0 [ 694.677332][ T56] getname_flags.part.0+0x4c/0x550 [ 694.682462][ T56] getname+0x8d/0xe0 [ 694.686366][ T56] do_sys_openat2+0x104/0x1e0 [ 694.691060][ T56] __x64_sys_openat+0x175/0x210 [ 694.695929][ T56] do_syscall_64+0xcd/0x250 [ 694.700451][ T56] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.706367][ T56] [ 694.708688][ T56] Memory state around the buggy address: [ 694.714319][ T56] ffff888022753f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 694.722388][ T56] ffff888022753f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 694.730460][ T56] >ffff888022754000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 694.738525][ T56] ^ [ 694.742596][ T56] ffff888022754080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 694.750671][ T56] ffff888022754100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 694.758733][ T56] ================================================================== [ 694.766830][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.846750][ T56] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 694.853986][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/u9:0 Tainted: G W 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 694.866157][ T56] Tainted: [W]=WARN [ 694.869965][ T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 694.880031][ T56] Workqueue: hci2 hci_rx_work [ 694.884739][ T56] Call Trace: [ 694.888024][ T56] [ 694.890962][ T56] dump_stack_lvl+0x3d/0x1f0 [ 694.895579][ T56] panic+0x6f5/0x7a0 [ 694.899498][ T56] ? __pfx_panic+0x10/0x10 [ 694.903925][ T56] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 694.909923][ T56] ? preempt_schedule_thunk+0x1a/0x30 [ 694.915314][ T56] ? preempt_schedule_common+0x44/0xc0 [ 694.920794][ T56] check_panic_on_warn+0xab/0xb0 [ 694.925757][ T56] end_report+0x117/0x180 [ 694.930109][ T56] kasan_report+0xe9/0x110 [ 694.934540][ T56] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 694.940801][ T56] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 694.947062][ T56] hci_le_create_big_complete_evt+0xa62/0xb30 [ 694.953147][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 694.959751][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 694.966355][ T56] hci_le_meta_evt+0x2e2/0x5d0 [ 694.971140][ T56] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 694.977749][ T56] hci_event_packet+0x666/0x1180 [ 694.982708][ T56] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 694.988012][ T56] ? __pfx_hci_event_packet+0x10/0x10 [ 694.993406][ T56] ? mark_held_locks+0x9f/0xe0 [ 694.998189][ T56] ? kcov_remote_start+0x3d1/0x6e0 [ 695.003319][ T56] ? lockdep_hardirqs_on+0x7c/0x110 [ 695.008536][ T56] hci_rx_work+0x2c6/0x1610 [ 695.013064][ T56] process_one_work+0x9c5/0x1b40 [ 695.018023][ T56] ? __pfx_lock_acquire+0x10/0x10 [ 695.023064][ T56] ? __pfx_process_one_work+0x10/0x10 [ 695.028459][ T56] ? assign_work+0x1a0/0x250 [ 695.033067][ T56] worker_thread+0x6c8/0xf20 [ 695.037675][ T56] ? __pfx_worker_thread+0x10/0x10 [ 695.042804][ T56] kthread+0x2c1/0x3a0 [ 695.046885][ T56] ? _raw_spin_unlock_irq+0x23/0x50 [ 695.052101][ T56] ? __pfx_kthread+0x10/0x10 [ 695.056703][ T56] ret_from_fork+0x45/0x80 [ 695.061140][ T56] ? __pfx_kthread+0x10/0x10 [ 695.065739][ T56] ret_from_fork_asm+0x1a/0x30 [ 695.070526][ T56] [ 695.073847][ T56] Kernel Offset: disabled [ 695.078155][ T56] Rebooting in 86400 seconds..