last executing test programs: 1m24.477192003s ago: executing program 2 (id=657): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) syz_open_procfs(0x0, &(0x7f0000000440)='stat\x00') 1m24.345628927s ago: executing program 2 (id=660): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10) socket$inet_sctp(0x2, 0x5, 0x84) 1m24.207309376s ago: executing program 2 (id=664): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x20, 0x301, 0x270bd24, 0x25dfdbfd, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x44044}, 0x40) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x100000) 1m23.838770688s ago: executing program 2 (id=669): r0 = inotify_init1(0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0) inotify_add_watch(r0, &(0x7f0000000340)='./file0\x00', 0x203) ftruncate(r1, 0x6000000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x4000) 1m12.611865543s ago: executing program 2 (id=669): r0 = inotify_init1(0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0) inotify_add_watch(r0, &(0x7f0000000340)='./file0\x00', 0x203) ftruncate(r1, 0x6000000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x4000) 1m11.135770192s ago: executing program 4 (id=779): syz_usb_connect(0x0, 0x4bc, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000845dcf0886124620b705010203010902aa04010003f00109047a0008ff04010009050100100000ff0909050a1000020101070905080e0800030180c71004f2a7471c03c0f3f4ca2fea06ed21c2893b526ca2ae4c6320285e61c7047008590b991f436e3dcb5e0a1e180c381883c8206e6823e6d13fb81f0050a160ee9c434d7599cdd5f1ebcb129c56aadf40ff9bd4e08e2e2701d1a2325e6eecf743f153034002ed1ce648aa24f2420f7b00c7b1e15245f9fd34231e7349ca6e3d5d096a7fde77e474be9a5fa5e69845a9474d4c35559576f4b2f6f38feb66df28fe237e3c05"], 0x0) mmap(&(0x7f0000c90000/0x2000)=nil, 0x2000, 0x3000001, 0x31, 0xffffffffffffffff, 0x3b6e8000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_usb_connect$hid(0x6, 0x0, 0x0, 0x0) mincore(&(0x7f000001f000/0x4000)=nil, 0x4000, &(0x7f0000002540)=""/18) 1m4.718004709s ago: executing program 2 (id=669): r0 = inotify_init1(0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0) inotify_add_watch(r0, &(0x7f0000000340)='./file0\x00', 0x203) ftruncate(r1, 0x6000000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x4000) 1m4.440471964s ago: executing program 32 (id=669): r0 = inotify_init1(0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0) inotify_add_watch(r0, &(0x7f0000000340)='./file0\x00', 0x203) ftruncate(r1, 0x6000000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x4000) 56.229722567s ago: executing program 4 (id=779): syz_usb_connect(0x0, 0x4bc, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000845dcf0886124620b705010203010902aa04010003f00109047a0008ff04010009050100100000ff0909050a1000020101070905080e0800030180c71004f2a7471c03c0f3f4ca2fea06ed21c2893b526ca2ae4c6320285e61c7047008590b991f436e3dcb5e0a1e180c381883c8206e6823e6d13fb81f0050a160ee9c434d7599cdd5f1ebcb129c56aadf40ff9bd4e08e2e2701d1a2325e6eecf743f153034002ed1ce648aa24f2420f7b00c7b1e15245f9fd34231e7349ca6e3d5d096a7fde77e474be9a5fa5e69845a9474d4c35559576f4b2f6f38feb66df28fe237e3c05"], 0x0) mmap(&(0x7f0000c90000/0x2000)=nil, 0x2000, 0x3000001, 0x31, 0xffffffffffffffff, 0x3b6e8000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_usb_connect$hid(0x6, 0x0, 0x0, 0x0) mincore(&(0x7f000001f000/0x4000)=nil, 0x4000, &(0x7f0000002540)=""/18) 44.724010502s ago: executing program 4 (id=779): syz_usb_connect(0x0, 0x4bc, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000845dcf0886124620b705010203010902aa04010003f00109047a0008ff04010009050100100000ff0909050a1000020101070905080e0800030180c71004f2a7471c03c0f3f4ca2fea06ed21c2893b526ca2ae4c6320285e61c7047008590b991f436e3dcb5e0a1e180c381883c8206e6823e6d13fb81f0050a160ee9c434d7599cdd5f1ebcb129c56aadf40ff9bd4e08e2e2701d1a2325e6eecf743f153034002ed1ce648aa24f2420f7b00c7b1e15245f9fd34231e7349ca6e3d5d096a7fde77e474be9a5fa5e69845a9474d4c35559576f4b2f6f38feb66df28fe237e3c05"], 0x0) mmap(&(0x7f0000c90000/0x2000)=nil, 0x2000, 0x3000001, 0x31, 0xffffffffffffffff, 0x3b6e8000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_usb_connect$hid(0x6, 0x0, 0x0, 0x0) mincore(&(0x7f000001f000/0x4000)=nil, 0x4000, &(0x7f0000002540)=""/18) 32.942024309s ago: executing program 4 (id=779): syz_usb_connect(0x0, 0x4bc, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000845dcf0886124620b705010203010902aa04010003f00109047a0008ff04010009050100100000ff0909050a1000020101070905080e0800030180c71004f2a7471c03c0f3f4ca2fea06ed21c2893b526ca2ae4c6320285e61c7047008590b991f436e3dcb5e0a1e180c381883c8206e6823e6d13fb81f0050a160ee9c434d7599cdd5f1ebcb129c56aadf40ff9bd4e08e2e2701d1a2325e6eecf743f153034002ed1ce648aa24f2420f7b00c7b1e15245f9fd34231e7349ca6e3d5d096a7fde77e474be9a5fa5e69845a9474d4c35559576f4b2f6f38feb66df28fe237e3c05"], 0x0) mmap(&(0x7f0000c90000/0x2000)=nil, 0x2000, 0x3000001, 0x31, 0xffffffffffffffff, 0x3b6e8000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_usb_connect$hid(0x6, 0x0, 0x0, 0x0) mincore(&(0x7f000001f000/0x4000)=nil, 0x4000, &(0x7f0000002540)=""/18) 30.08100576s ago: executing program 1 (id=1143): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x20000000009) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000000)=0x9) 27.837141946s ago: executing program 1 (id=1160): syz_usb_connect$cdc_ecm(0x3, 0x6a, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x58, 0x1, 0x1, 0x3, 0x20, 0x2, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x2, 0x6, 0x0, 0x1, {{0x7, 0x24, 0x6, 0x0, 0x0, "f4d0"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x2, 0xcc4, 0x8}, [@ncm={0x6, 0x24, 0x1a, 0x4}, @mdlm={0x15, 0x24, 0x12, 0x7}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x2, 0x8, 0x75}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0xcd, 0x7, 0x3}}}}}]}}]}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000040)={@dev={0xac, 0x14, 0x14, 0x19}, @empty, 0x2, "4f6fb4d1af0f724e6118ecfbac0200843af297baebb0efa284da1403011a00", 0x0, 0x4, 0x81, 0x81}, 0x3c) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0) 26.579872989s ago: executing program 1 (id=1174): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x66) syz_usb_disconnect(r0) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x9, 0x0, 0x2b, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x800}, {0xd, 0x24, 0xf, 0x1, 0x8d2b, 0x886, 0x9, 0x81}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x1, 0x4, 0xf0}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x5, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x2, 0x6, 0x9}}}}}}}]}}, 0x0) ioctl$EVIOCRMFF(r0, 0x4004550d, 0x0) 25.715736695s ago: executing program 1 (id=1186): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000640)='./file0\x00', 0x0, 0x2901090, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000340)='.\x00', &(0x7f0000000180)='./file0/../file0/../file0\x00') 25.535186861s ago: executing program 1 (id=1189): r0 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) r1 = shmat(r0, &(0x7f0000ff1000/0x3000)=nil, 0x400c) mremap(&(0x7f0000ff4000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffe000/0x2000)=nil) mremap(&(0x7f0000fe6000/0x8000)=nil, 0x8000, 0x2000, 0x3, &(0x7f0000ffc000/0x2000)=nil) shmdt(r1) 25.164556421s ago: executing program 1 (id=1193): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r2, 0x0, 0x343}}}}}}]}, 0x48}}, 0x0) 24.602136123s ago: executing program 33 (id=1193): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r2, 0x0, 0x343}}}}}}]}, 0x48}}, 0x0) 18.79249468s ago: executing program 4 (id=779): syz_usb_connect(0x0, 0x4bc, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000845dcf0886124620b705010203010902aa04010003f00109047a0008ff04010009050100100000ff0909050a1000020101070905080e0800030180c71004f2a7471c03c0f3f4ca2fea06ed21c2893b526ca2ae4c6320285e61c7047008590b991f436e3dcb5e0a1e180c381883c8206e6823e6d13fb81f0050a160ee9c434d7599cdd5f1ebcb129c56aadf40ff9bd4e08e2e2701d1a2325e6eecf743f153034002ed1ce648aa24f2420f7b00c7b1e15245f9fd34231e7349ca6e3d5d096a7fde77e474be9a5fa5e69845a9474d4c35559576f4b2f6f38feb66df28fe237e3c05"], 0x0) mmap(&(0x7f0000c90000/0x2000)=nil, 0x2000, 0x3000001, 0x31, 0xffffffffffffffff, 0x3b6e8000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_usb_connect$hid(0x6, 0x0, 0x0, 0x0) mincore(&(0x7f000001f000/0x4000)=nil, 0x4000, &(0x7f0000002540)=""/18) 7.404681695s ago: executing program 4 (id=779): syz_usb_connect(0x0, 0x4bc, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000845dcf0886124620b705010203010902aa04010003f00109047a0008ff04010009050100100000ff0909050a1000020101070905080e0800030180c71004f2a7471c03c0f3f4ca2fea06ed21c2893b526ca2ae4c6320285e61c7047008590b991f436e3dcb5e0a1e180c381883c8206e6823e6d13fb81f0050a160ee9c434d7599cdd5f1ebcb129c56aadf40ff9bd4e08e2e2701d1a2325e6eecf743f153034002ed1ce648aa24f2420f7b00c7b1e15245f9fd34231e7349ca6e3d5d096a7fde77e474be9a5fa5e69845a9474d4c35559576f4b2f6f38feb66df28fe237e3c05"], 0x0) mmap(&(0x7f0000c90000/0x2000)=nil, 0x2000, 0x3000001, 0x31, 0xffffffffffffffff, 0x3b6e8000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_usb_connect$hid(0x6, 0x0, 0x0, 0x0) mincore(&(0x7f000001f000/0x4000)=nil, 0x4000, &(0x7f0000002540)=""/18) 4.817344432s ago: executing program 6 (id=1358): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0684113, 0x0) 4.673250979s ago: executing program 6 (id=1360): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="b7f2288d3aaea2bc0000def1260a00"/32, 0x20) r1 = accept(r0, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f00000013c0), r1) 3.761799653s ago: executing program 6 (id=1362): r0 = syz_open_dev$vim2m(0x0, 0x10001, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0xc00000, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r1, &(0x7f0000000140), 0x0}, 0x20) 3.209330054s ago: executing program 3 (id=1370): r0 = io_uring_setup(0x1fcb, &(0x7f0000000080)={0x0, 0x8f50, 0x0, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000}) close_range(r0, 0xffffffffffffffff, 0x0) 3.050152852s ago: executing program 3 (id=1372): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000fd41fd01020400000a00120002002800000019002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0) 2.16040151s ago: executing program 6 (id=1378): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r1, 0x0, &(0x7f0000ff0000/0x10000)=nil, 0x10000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, r2, 0x0, 0x0, 0xffca, &(0x7f0000000040)='?', 0x5}) 2.089628855s ago: executing program 6 (id=1379): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80042, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) io_setup(0x7, &(0x7f0000000080)=0x0) r2 = eventfd(0xa) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x9, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r2}]) 1.9345233s ago: executing program 6 (id=1381): bind$rxrpc(0xffffffffffffffff, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @private=0xa010102}}, 0x24) r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x2, 0xff, 0x71, 0x20, 0x9c4, 0x11, 0xb01c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x7e, 0x10, 0x2, 0x26, 0xd5, 0x18, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, &(0x7f0000000880)={0x2c, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0003f4000000f403"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000e00)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_control_io$printer(r0, &(0x7f00000000c0)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB='@!\f\x00\x00\x00\f!'], 0x0}, 0x0) 1.026666139s ago: executing program 0 (id=1388): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x3c, r0, 0x9, 0x1, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_IDX={0x5, 0x2, 0x1}]}, @NL80211_ATTR_MAC={0xa}]}, 0x3c}}, 0x0) 857.849703ms ago: executing program 0 (id=1389): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x75, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x9c}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 784.121435ms ago: executing program 0 (id=1391): r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) fremovexattr(r0, &(0x7f0000000000)=@known='system.posix_acl_access\x00') 644.55995ms ago: executing program 3 (id=1393): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x90, 0x5, 0x9, 0x7f}}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f00000000c0)={0x3, 0xb}) 622.770006ms ago: executing program 0 (id=1394): r0 = syz_open_dev$dri(&(0x7f0000000480), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4}) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000280)={0x3, r2, 0xf5ffff7f, 0x0, 0xa, 0x1ff, 0x1}) 540.615326ms ago: executing program 5 (id=1395): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0xa08000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mknod(&(0x7f0000000180)='./file0\x00', 0x8000, 0x0) acct(&(0x7f0000000140)='./file0\x00') 463.239063ms ago: executing program 5 (id=1396): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x4}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r1, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f) 386.601504ms ago: executing program 3 (id=1397): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x2400000, 0x0, 0x0, 0x10, "00f8fffffffffffffff7ffffff00"}) r1 = syz_open_pts(r0, 0x121500) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000280)=0x3) 349.860554ms ago: executing program 5 (id=1398): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x3}) 260.534176ms ago: executing program 3 (id=1399): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 239.536615ms ago: executing program 0 (id=1400): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1, 0x3, 0x0, 0x3}}) close_range(r0, 0xffffffffffffffff, 0x400000000000000) 238.658994ms ago: executing program 5 (id=1401): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3e, 0x4) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000002100)=[{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000840)="02b579adcef961357fa4cc6ebf66b7c44f73c722a8697cebfd61ad19a18013bc42930a30cb86f0bb0eb9c0ba234cd81ae490a56e229c807c4c3ebd4473d38d86326ba94bec9bf0fa36574feb167117d819bd56164af816026774dbc97643897d45cc8f066ecf18d0ea6b4d850a16891efb90a948201ee07d2c0b649bc7a3ecfe0e51a82aaaf72e3543b6b2b59a183da27b98f9ce998eb528c9ce6cbc07a60416eace6f65baeaddb3510c670f78d2826229", 0xb1}], 0x1, 0x0, 0x0, 0x4}], 0x1, 0xc0) sendto$packet(r0, &(0x7f00000000c0)="3f030278a8900111db901e0089e9aaa911d7c2290f2b86dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0x10048, 0x0, &(0x7f0000000540)={0x11, 0x6558, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 147.368581ms ago: executing program 5 (id=1402): r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x84) fallocate(r0, 0x0, 0x0, 0x1001f0) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r1, 0x402, 0x8000001f) copy_file_range(r0, &(0x7f0000000100)=0x7fff, r0, 0x0, 0x4, 0x0) 140.360054ms ago: executing program 3 (id=1403): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x102002, 0x0, 0x0, 0xeffffdff, 0x0, [{0x2, 0x0, 0xfc, '\x00', 0xff}, {0x0, 0x9, 0x80, '\x00', 0x7c}, {0xfc, 0x12, 0x4, '\x00', 0xb9}, {0x11, 0xb}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0xfe, '\x00', 0x2}, {0xfd, 0x0, 0x6, '\x00', 0xfc}, {}, {0x1, 0x8f, 0xfa, '\x00', 0xfc}, {0xa8, 0x6, 0x0, '\x00', 0x1}, {0xb, 0x0, 0xff}, {0x5, 0x19, 0x6, '\x00', 0xff}, {0x0, 0x0, 0x2, '\x00', 0x3}, {0x2, 0x2, 0x8}, {0xc3, 0x0, 0x0, '\x00', 0x49}, {0x0, 0x21, 0x80, '\x00', 0x5}, {0x3}, {0x0, 0x2, 0x6, '\x00', 0x10}, {0x48, 0x0, 0xd}, {0x0, 0x80, 0x10}, {0x0, 0x2, 0x0, '\x00', 0x37}, {0xfd, 0x9, 0x0, '\x00', 0x5}, {0x3, 0x2, 0x9}, {0x80, 0xff, 0x3, '\x00', 0x7}]}}) 134.219835ms ago: executing program 0 (id=1404): r0 = syz_clone(0x82100400, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x8001) fcntl$setownex(r2, 0xf, &(0x7f0000000140)={0x2, r0}) sendmmsg$unix(r1, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="11", 0x1}], 0x1}}], 0x1, 0x40015) 0s ago: executing program 5 (id=1405): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x20000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000180)={0x1, [0x0]}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000002c0)={r1, 0x20a9ad}, &(0x7f0000000300)=0x8) kernel console output (not intermixed with test programs): ing VLAN 0 to HW filter on device bond0 [ 134.331769][ T30] audit: type=1400 audit(1748806139.823:1685): avc: denied { read } for pid=7712 comm="syz.1.731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 134.350894][ C0] vkms_vblank_simulate: vblank timer overrun [ 134.361744][ T5821] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 134.448203][ T7499] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.508607][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.515813][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.552628][ T5821] usb 4-1: Using ep0 maxpacket: 8 [ 134.575284][ T5821] usb 4-1: unable to get BOS descriptor or descriptor too short [ 134.595247][ T5821] usb 4-1: config 4 has an invalid interface number: 147 but max is 0 [ 134.641809][ T5821] usb 4-1: config 4 contains an unexpected descriptor of type 0x2, skipping [ 134.683187][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.690347][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.708211][ T5821] usb 4-1: config 4 has no interface number 0 [ 134.736211][ T5821] usb 4-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 134.762159][ T5821] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.808314][ T7499] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 134.826653][ T5821] usb 4-1: Product: syz [ 134.831049][ T30] audit: type=1326 audit(1748806140.383:1686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7703 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21b598e969 code=0x7fc00000 [ 134.841092][ T5821] usb 4-1: Manufacturer: syz [ 134.854347][ C0] vkms_vblank_simulate: vblank timer overrun [ 134.871923][ T7499] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 134.907344][ T5821] usb 4-1: SerialNumber: syz [ 134.917169][ T30] audit: type=1326 audit(1748806140.383:1687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7703 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21b598e969 code=0x7fc00000 [ 135.028318][ T30] audit: type=1326 audit(1748806140.383:1688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7703 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21b598e969 code=0x7fc00000 [ 135.052018][ C0] vkms_vblank_simulate: vblank timer overrun [ 135.091816][ T5138] Bluetooth: hci4: command tx timeout [ 135.104043][ T30] audit: type=1326 audit(1748806140.383:1689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7703 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21b598e969 code=0x7fc00000 [ 135.128878][ T30] audit: type=1326 audit(1748806140.383:1690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7703 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21b598e969 code=0x7fc00000 [ 135.170928][ T30] audit: type=1326 audit(1748806140.383:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7703 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21b598e969 code=0x7fc00000 [ 135.199133][ T5821] usb 4-1: Found UVC 0.02 device syz (04f2:b746) [ 135.211096][ T5821] usb 4-1: No valid video chain found. [ 135.220929][ T5821] usb 4-1: USB disconnect, device number 11 [ 135.247980][ T30] audit: type=1326 audit(1748806140.383:1692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7703 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21b598e969 code=0x7fc00000 [ 135.437101][ T7499] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.580850][ T7499] veth0_vlan: entered promiscuous mode [ 135.624407][ T7499] veth1_vlan: entered promiscuous mode [ 135.727422][ T7499] veth0_macvtap: entered promiscuous mode [ 135.765816][ T7499] veth1_macvtap: entered promiscuous mode [ 135.803833][ T7499] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 135.845338][ T7499] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 135.895970][ T7499] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.935342][ T7499] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.964799][ T7499] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.977309][ T7499] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.197251][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.249096][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.344525][ T199] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.380180][ T199] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.521556][ T7781] Illegal XDP return value 1422763072 on prog (id 97) dev syz_tun, expect packet loss! [ 136.863601][ T7795] SELinux: failed to load policy [ 136.985374][ T7809] netlink: 8 bytes leftover after parsing attributes in process `syz.3.760'. [ 137.013365][ T5138] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 137.023911][ T5138] CPU: 1 UID: 0 PID: 5138 Comm: kworker/u9:1 Not tainted 6.15.0-syzkaller-10815-gbb1556ec9464 #0 PREEMPT(full) [ 137.023940][ T5138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.023954][ T5138] Workqueue: hci1 hci_rx_work [ 137.023986][ T5138] Call Trace: [ 137.023992][ T5138] [ 137.024000][ T5138] dump_stack_lvl+0x16c/0x1f0 [ 137.024028][ T5138] sysfs_warn_dup+0x7f/0xa0 [ 137.024054][ T5138] sysfs_create_dir_ns+0x24b/0x2b0 [ 137.024079][ T5138] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 137.024102][ T5138] ? find_held_lock+0x2b/0x80 [ 137.024133][ T5138] ? do_raw_spin_unlock+0x172/0x230 [ 137.024164][ T5138] kobject_add_internal+0x2c4/0x9b0 [ 137.024197][ T5138] kobject_add+0x16e/0x240 [ 137.024224][ T5138] ? __pfx_kobject_add+0x10/0x10 [ 137.024254][ T5138] ? do_raw_spin_unlock+0x172/0x230 [ 137.024283][ T5138] ? kobject_put+0xab/0x5a0 [ 137.024316][ T5138] device_add+0x288/0x1a70 [ 137.024337][ T5138] ? __pfx_dev_set_name+0x10/0x10 [ 137.024359][ T5138] ? __pfx_device_add+0x10/0x10 [ 137.024379][ T5138] ? mgmt_send_event_skb+0x2fb/0x460 [ 137.024408][ T5138] hci_conn_add_sysfs+0x17e/0x230 [ 137.024433][ T5138] le_conn_complete_evt+0x1075/0x1d70 [ 137.024463][ T5138] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 137.024485][ T5138] ? hci_event_packet+0x459/0x11c0 [ 137.024514][ T5138] hci_le_conn_complete_evt+0x23c/0x370 [ 137.024545][ T5138] hci_le_meta_evt+0x354/0x5e0 [ 137.024571][ T5138] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 137.024599][ T5138] hci_event_packet+0x685/0x11c0 [ 137.024623][ T5138] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 137.024650][ T5138] ? __pfx_hci_event_packet+0x10/0x10 [ 137.024677][ T5138] ? kcov_remote_start+0x3c9/0x6d0 [ 137.024706][ T5138] ? lockdep_hardirqs_on+0x7c/0x110 [ 137.024736][ T5138] hci_rx_work+0x2c5/0x16b0 [ 137.024762][ T5138] ? rcu_is_watching+0x12/0xc0 [ 137.024785][ T5138] process_one_work+0x9cf/0x1b70 [ 137.024824][ T5138] ? __pfx_process_one_work+0x10/0x10 [ 137.024859][ T5138] ? assign_work+0x1a0/0x250 [ 137.024885][ T5138] worker_thread+0x6c8/0xf10 [ 137.024914][ T5138] ? __kthread_parkme+0x19e/0x250 [ 137.024937][ T5138] ? __pfx_worker_thread+0x10/0x10 [ 137.024963][ T5138] kthread+0x3c5/0x780 [ 137.024987][ T5138] ? __pfx_kthread+0x10/0x10 [ 137.025012][ T5138] ? rcu_is_watching+0x12/0xc0 [ 137.025030][ T5138] ? __pfx_kthread+0x10/0x10 [ 137.025054][ T5138] ret_from_fork+0x5d7/0x6f0 [ 137.025074][ T5138] ? __pfx_kthread+0x10/0x10 [ 137.025097][ T5138] ret_from_fork_asm+0x1a/0x30 [ 137.025134][ T5138] [ 137.025179][ T5138] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 137.287276][ T5138] Bluetooth: hci1: failed to register connection device [ 137.566756][ T3516] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.129128][ T3516] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.550644][ T3516] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.615827][ T5813] bridge0: port 3(syz_tun) entered disabled state [ 138.678733][ T5813] syz_tun (unregistering): left allmulticast mode [ 138.710104][ T5813] syz_tun (unregistering): left promiscuous mode [ 138.736416][ T5813] bridge0: port 3(syz_tun) entered disabled state [ 138.781673][ T5821] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 138.839767][ T5138] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 138.865000][ T5138] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 138.879404][ T5138] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 138.880950][ T7867] overlayfs: unescaped trailing colons in lowerdir mount option. [ 138.899633][ T5138] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 138.909142][ T3516] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.916755][ T30] kauditd_printk_skb: 71 callbacks suppressed [ 138.916767][ T30] audit: type=1400 audit(1748806144.473:1764): avc: denied { read } for pid=7868 comm="syz.3.778" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 138.949050][ T5138] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 138.958560][ T30] audit: type=1400 audit(1748806144.493:1765): avc: denied { open } for pid=7868 comm="syz.3.778" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 138.982995][ T30] audit: type=1400 audit(1748806144.493:1766): avc: denied { ioctl } for pid=7868 comm="syz.3.778" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d0f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 139.010067][ T5821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.041792][ T5821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.088082][ T5821] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 139.142435][ T5821] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 139.185604][ T5821] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.234989][ T5821] usb 2-1: config 0 descriptor?? [ 139.387747][ T3516] bridge_slave_1: left allmulticast mode [ 139.413621][ T3516] bridge_slave_1: left promiscuous mode [ 139.419401][ T3516] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.474320][ T3516] bridge_slave_0: left allmulticast mode [ 139.480017][ T3516] bridge_slave_0: left promiscuous mode [ 139.496926][ T3516] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.667106][ T5821] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving [ 139.696200][ T5821] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 139.721994][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 139.731279][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 139.742485][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 139.752760][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 139.761833][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 139.924214][ T5821] usb 2-1: USB disconnect, device number 10 [ 140.305235][ T3516] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 140.326195][ T3516] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 140.347472][ T3516] bond0 (unregistering): Released all slaves [ 141.016781][ T5138] Bluetooth: hci2: command tx timeout [ 141.121033][ T3516] hsr_slave_0: left promiscuous mode [ 141.130504][ T3516] hsr_slave_1: left promiscuous mode [ 141.143912][ T3516] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 141.157070][ T3516] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 141.196874][ T3516] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.217756][ T3516] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 141.245258][ T30] audit: type=1326 audit(1748806146.793:1767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7941 comm="syz.3.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 141.276695][ T30] audit: type=1326 audit(1748806146.793:1768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7941 comm="syz.3.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 141.321397][ T30] audit: type=1326 audit(1748806146.793:1769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7941 comm="syz.3.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 141.330218][ T3516] veth1_macvtap: left promiscuous mode [ 141.344733][ C0] vkms_vblank_simulate: vblank timer overrun [ 141.349917][ T30] audit: type=1326 audit(1748806146.793:1770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7941 comm="syz.3.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 141.356469][ T3516] veth0_macvtap: left promiscuous mode [ 141.410228][ T3516] veth1_vlan: left promiscuous mode [ 141.413334][ T30] audit: type=1326 audit(1748806146.793:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7941 comm="syz.3.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 141.431425][ T3516] veth0_vlan: left promiscuous mode [ 141.521682][ T48] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 141.644898][ T7956] netlink: 4 bytes leftover after parsing attributes in process `syz.3.795'. [ 141.693586][ T48] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 141.704673][ T48] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 141.718725][ T48] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 141.732270][ T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.740350][ T48] usb 2-1: Product: syz [ 141.751842][ T48] usb 2-1: Manufacturer: syz [ 141.760831][ T48] usb 2-1: SerialNumber: syz [ 141.812025][ T51] Bluetooth: hci4: command tx timeout [ 142.114330][ T7969] loop2: detected capacity change from 0 to 7 [ 142.123710][ T7969] Dev loop2: unable to read RDB block 7 [ 142.129607][ T7969] loop2: unable to read partition table [ 142.137614][ T48] usb 2-1: 0:2 : does not exist [ 142.147496][ T48] usb 2-1: unit 4 not found! [ 142.148062][ T7969] loop2: partition table beyond EOD, truncated [ 142.165959][ T48] usb 2-1: USB disconnect, device number 11 [ 142.166961][ T7969] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 142.183462][ T3516] team0 (unregistering): Port device team_slave_1 removed [ 142.304911][ T3516] team0 (unregistering): Port device team_slave_0 removed [ 142.552232][ T7864] chnl_net:caif_netlink_parms(): no params data found [ 142.565832][ T7956] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 142.575330][ T7956] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 142.718943][ T7976] netlink: 256 bytes leftover after parsing attributes in process `syz.3.800'. [ 142.913262][ T7990] input: syz0 as /devices/virtual/input/input17 [ 142.946529][ T7990] input: failed to attach handler leds to device input17, error: -6 [ 143.092066][ T51] Bluetooth: hci2: command tx timeout [ 143.156700][ T7864] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.188020][ T7864] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.203946][ T7864] bridge_slave_0: entered allmulticast mode [ 143.211803][ T7864] bridge_slave_0: entered promiscuous mode [ 143.225896][ T7864] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.233126][ T7864] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.240304][ T7864] bridge_slave_1: entered allmulticast mode [ 143.248261][ T7864] bridge_slave_1: entered promiscuous mode [ 143.312613][ T30] audit: type=1400 audit(1748806148.873:1772): avc: denied { read } for pid=8000 comm="syz.1.805" lport=59409 faddr=::ffff:172.30.1.2 fport=20002 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 143.351572][ T8006] netlink: 4 bytes leftover after parsing attributes in process `syz.3.807'. [ 143.390548][ T7864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 143.443703][ T7864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 143.555648][ T7864] team0: Port device team_slave_0 added [ 143.571683][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 143.584615][ T7864] team0: Port device team_slave_1 added [ 143.599373][ T7889] chnl_net:caif_netlink_parms(): no params data found [ 143.611667][ T5898] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 143.706440][ T7864] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 143.714739][ T7864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.740642][ C0] vkms_vblank_simulate: vblank timer overrun [ 143.750837][ T7864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 143.764008][ T7864] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 143.771015][ T7864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.796931][ C0] vkms_vblank_simulate: vblank timer overrun [ 143.803214][ T7864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 143.817985][ T5898] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 143.839397][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.847610][ T5898] usb 1-1: Product: syz [ 143.855952][ T5898] usb 1-1: Manufacturer: syz [ 143.862506][ T5898] usb 1-1: SerialNumber: syz [ 143.871895][ T5898] usb 1-1: config 0 descriptor?? [ 143.893371][ T51] Bluetooth: hci4: command tx timeout [ 144.025012][ T7889] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.032394][ T7889] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.039598][ T7889] bridge_slave_0: entered allmulticast mode [ 144.049166][ T7889] bridge_slave_0: entered promiscuous mode [ 144.066637][ T7864] hsr_slave_0: entered promiscuous mode [ 144.092485][ T7864] hsr_slave_1: entered promiscuous mode [ 144.155769][ T5821] usb 1-1: USB disconnect, device number 11 [ 144.168242][ T7889] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.189743][ T7889] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.205197][ T7889] bridge_slave_1: entered allmulticast mode [ 144.233982][ T7889] bridge_slave_1: entered promiscuous mode [ 144.320454][ T7889] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 144.391413][ T7889] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 144.498375][ T7889] team0: Port device team_slave_0 added [ 144.546350][ T7889] team0: Port device team_slave_1 added [ 144.554021][ T8043] Invalid logical block size (8) [ 144.772859][ T8051] block nbd1: NBD_DISCONNECT [ 144.779895][ T7889] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 144.788727][ T8051] block nbd1: Send disconnect failed -22 [ 144.795859][ T30] audit: type=1400 audit(1748806150.353:1773): avc: denied { write } for pid=8050 comm="syz.1.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 144.820248][ T7889] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.846869][ T8050] block nbd1: Disconnected due to user request. [ 144.857319][ T7889] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 144.870135][ T7889] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 144.877247][ T8050] block nbd1: shutting down sockets [ 144.917211][ T30] audit: type=1400 audit(1748806150.473:1774): avc: denied { create } for pid=8056 comm="syz.3.821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 144.941767][ T7889] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.982317][ T30] audit: type=1400 audit(1748806150.473:1775): avc: denied { write } for pid=8056 comm="syz.3.821" path="socket:[18795]" dev="sockfs" ino=18795 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 145.038207][ T7889] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 145.355936][ T7889] hsr_slave_0: entered promiscuous mode [ 145.364841][ T7889] hsr_slave_1: entered promiscuous mode [ 145.371367][ T7889] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 145.381439][ T8070] IPVS: Scheduler module ip_vs_sip not found [ 145.409824][ T7889] Cannot create hsr debugfs directory [ 145.427974][ T3516] bridge_slave_1: left allmulticast mode [ 145.447474][ T3516] bridge_slave_1: left promiscuous mode [ 145.459146][ T3516] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.476103][ T3516] bridge_slave_0: left allmulticast mode [ 145.486623][ T3516] bridge_slave_0: left promiscuous mode [ 145.492732][ T3516] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.619258][ T3516] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 145.655724][ T3516] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 145.682918][ T3516] bond0 (unregistering): Released all slaves [ 145.862603][ T3516] hsr_slave_0: left promiscuous mode [ 145.904206][ T3516] hsr_slave_1: left promiscuous mode [ 145.910676][ T3516] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.944250][ T3516] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 145.962707][ T8090] sctp: [Deprecated]: syz.3.833 (pid 8090) Use of struct sctp_assoc_value in delayed_ack socket option. [ 145.962707][ T8090] Use struct sctp_sack_info instead [ 145.979675][ T51] Bluetooth: hci4: command tx timeout [ 146.049005][ T5138] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 146.057915][ T5138] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 146.068296][ T5138] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 146.081656][ T5138] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 146.090064][ T5138] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 146.240152][ T3516] team0 (unregistering): Port device team_slave_1 removed [ 146.277867][ T3516] team0 (unregistering): Port device team_slave_0 removed [ 146.313789][ T5898] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 146.475478][ T5898] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 146.494555][ T5898] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 146.504470][ T5898] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 146.520587][ T5898] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 146.530100][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.548786][ T5898] usb 4-1: Product: syz [ 146.553766][ T5898] usb 4-1: Manufacturer: syz [ 146.558439][ T5898] usb 4-1: SerialNumber: syz [ 146.585095][ T5898] cdc_ncm 4-1:1.0: skipping garbage [ 146.600541][ T5898] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 146.633550][ T5898] cdc_ncm 4-1:1.0: bind() failure [ 146.793664][ T7889] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 146.827516][ T7889] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.855203][ T8116] netlink: 4 bytes leftover after parsing attributes in process `syz.0.836'. [ 146.890882][ T5898] usb 4-1: USB disconnect, device number 12 [ 147.028651][ T7889] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.040300][ T7889] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.066030][ T30] audit: type=1400 audit(1748806152.623:1776): avc: denied { relabelfrom } for pid=8119 comm="syz.1.837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 147.096919][ T30] audit: type=1400 audit(1748806152.623:1777): avc: denied { relabelto } for pid=8119 comm="syz.1.837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 147.168644][ T7889] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.212166][ T7889] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.441559][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 147.471695][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 147.481777][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 147.571435][ T7889] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.587055][ T7889] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.672691][ T8093] chnl_net:caif_netlink_parms(): no params data found [ 148.001624][ T5867] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 148.051587][ T51] Bluetooth: hci4: command tx timeout [ 148.067029][ T8093] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.086939][ T8093] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.106570][ T8093] bridge_slave_0: entered allmulticast mode [ 148.116636][ T8093] bridge_slave_0: entered promiscuous mode [ 148.131662][ T51] Bluetooth: hci2: command tx timeout [ 148.153682][ T8093] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.182110][ T8093] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.191775][ T8093] bridge_slave_1: entered allmulticast mode [ 148.199140][ T8093] bridge_slave_1: entered promiscuous mode [ 148.205045][ T5867] usb 2-1: Using ep0 maxpacket: 16 [ 148.215354][ T5867] usb 2-1: config 6 has too many interfaces: 126, using maximum allowed: 32 [ 148.227273][ T5867] usb 2-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 148.242218][ T5867] usb 2-1: config 6 has 0 interfaces, different from the descriptor's value: 126 [ 148.253431][ T5867] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 148.269121][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 148.295836][ T5867] usb 2-1: SerialNumber: syz [ 148.330904][ T7889] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 148.354612][ T30] audit: type=1326 audit(1748806153.893:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8125 comm="syz.0.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf1a32ab39 code=0x7ffc0000 [ 148.378264][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 148.393013][ T30] audit: type=1326 audit(1748806153.893:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8125 comm="syz.0.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1a38e969 code=0x7ffc0000 [ 148.420488][ T7889] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 148.460212][ T8093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.481825][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 148.514680][ T8093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.541964][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 148.577776][ T5867] usb 2-1: USB disconnect, device number 12 [ 148.590280][ T30] audit: type=1326 audit(1748806153.893:1780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8125 comm="syz.0.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf1a32ab39 code=0x7ffc0000 [ 148.616435][ T8156] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 148.652121][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 148.686228][ T7889] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 148.686239][ T30] audit: type=1326 audit(1748806153.893:1781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8125 comm="syz.0.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf1a32ab39 code=0x7ffc0000 [ 148.727307][ T30] audit: type=1326 audit(1748806153.893:1782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8125 comm="syz.0.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1a38e969 code=0x7ffc0000 [ 148.774515][ T7889] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 148.860107][ T8093] team0: Port device team_slave_0 added [ 148.873048][ T8093] team0: Port device team_slave_1 added [ 148.882464][ T8164] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 148.994545][ T8093] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 149.002082][ T8093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.048154][ T8093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 149.070341][ T8093] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 149.077984][ T8093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.130185][ T8093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 149.325935][ T8093] hsr_slave_0: entered promiscuous mode [ 149.334162][ T8093] hsr_slave_1: entered promiscuous mode [ 149.461719][ T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 149.478628][ T8183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.853'. [ 149.631876][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.648027][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 149.681589][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 149.727896][ T7889] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.757303][ T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 149.784124][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.819072][ T24] usb 4-1: config 0 descriptor?? [ 149.914358][ T7889] 8021q: adding VLAN 0 to HW filter on device team0 [ 149.960123][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.967295][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.012599][ T8198] input: syz1 as /devices/virtual/input/input18 [ 150.086175][ T8093] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 150.118655][ T3516] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.125827][ T3516] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.161885][ T8093] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 150.222566][ T51] Bluetooth: hci2: command tx timeout [ 150.232142][ T8093] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 150.262276][ T8093] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 150.264704][ T24] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving [ 150.297635][ T24] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 150.647405][ T5868] usb 4-1: USB disconnect, device number 13 [ 150.686913][ T8093] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.762674][ T8093] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.796417][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.803594][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.845701][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.852840][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.053791][ T7889] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.117619][ T8093] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 151.813976][ T8093] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.037720][ T7889] veth0_vlan: entered promiscuous mode [ 152.069708][ T7889] veth1_vlan: entered promiscuous mode [ 152.227480][ T7889] veth0_macvtap: entered promiscuous mode [ 152.262701][ T7889] veth1_macvtap: entered promiscuous mode [ 152.282117][ T7889] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 152.291714][ T51] Bluetooth: hci2: command tx timeout [ 152.368804][ T7889] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 152.394820][ T7889] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.407916][ T7889] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.430264][ T7889] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.449596][ T30] kauditd_printk_skb: 136 callbacks suppressed [ 152.449613][ T30] audit: type=1400 audit(1748806158.003:1919): avc: denied { create } for pid=8274 comm="syz.1.872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 152.476741][ T7889] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.835553][ T8290] syzkaller1: entered promiscuous mode [ 152.862478][ T8290] syzkaller1: entered allmulticast mode [ 152.937593][ T8093] veth0_vlan: entered promiscuous mode [ 152.964073][ T1133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.004092][ T1133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.051403][ T8093] veth1_vlan: entered promiscuous mode [ 153.148879][ T1133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.169602][ T1133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.199442][ T8093] veth0_macvtap: entered promiscuous mode [ 153.233674][ T8093] veth1_macvtap: entered promiscuous mode [ 153.315852][ T8093] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.343317][ T8093] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 153.413562][ T8093] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.441346][ T8093] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.466662][ T8093] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.501097][ T8093] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.514781][ T5821] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 153.683433][ T5821] usb 4-1: Using ep0 maxpacket: 16 [ 153.729428][ T5821] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 153.750643][ T5821] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 153.779378][ T5821] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 153.798188][ T5821] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 153.827120][ T5821] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 153.855452][ T5821] usb 4-1: config 0 has no interface number 0 [ 153.874943][ T5821] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 153.898243][ T5821] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 153.921530][ T5821] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 153.951954][ T5821] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 153.991918][ T5821] usb 4-1: config 0 interface 125 has no altsetting 0 [ 154.021576][ T5821] usb 4-1: config 0 interface 125 has no altsetting 2 [ 154.039041][ T5821] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 154.090220][ T5821] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.105989][ T5821] usb 4-1: Product: syz [ 154.108961][ T1155] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.110166][ T5821] usb 4-1: Manufacturer: syz [ 154.126386][ T5821] usb 4-1: SerialNumber: syz [ 154.144286][ T5821] usb 4-1: config 0 descriptor?? [ 154.154708][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.157054][ T5821] usb 4-1: selecting invalid altsetting 2 [ 154.186445][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.247771][ T30] audit: type=1400 audit(1748806159.803:1920): avc: denied { connect } for pid=8333 comm="syz.0.888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 154.273635][ T1155] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.372072][ T51] Bluetooth: hci2: command tx timeout [ 154.418074][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.442935][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.629500][ T1155] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.695952][ T8344] kvm: user requested TSC rate below hardware speed [ 154.736083][ T5138] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 154.749367][ T5138] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 154.757568][ T5138] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 154.772451][ T5138] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 154.792808][ T5138] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 154.825789][ T1155] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.048137][ T30] audit: type=1326 audit(1748806160.603:1921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.1.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2f38e969 code=0x7ffc0000 [ 155.157118][ T30] audit: type=1326 audit(1748806160.643:1922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.1.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2f38e969 code=0x7ffc0000 [ 155.181751][ C1] usb 4-1: async_complete: urb error -71 [ 155.203558][ T5821] get_1284_register: usb error -71 [ 155.208791][ T5821] uss720 4-1:0.125: probe with driver uss720 failed with error -71 [ 155.264771][ T5868] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=5868 comm=kworker/0:5 [ 155.325150][ T1155] bridge_slave_1: left allmulticast mode [ 155.338914][ T5821] usb 4-1: USB disconnect, device number 14 [ 155.373247][ T30] audit: type=1326 audit(1748806160.663:1923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.1.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a2f38e969 code=0x7ffc0000 [ 155.375578][ T1155] bridge_slave_1: left promiscuous mode [ 155.497969][ T30] audit: type=1326 audit(1748806160.663:1924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.1.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2f38e969 code=0x7ffc0000 [ 155.501692][ T1155] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.552450][ T8375] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 155.584014][ T5898] IPVS: starting estimator thread 0... [ 155.591943][ T30] audit: type=1326 audit(1748806160.663:1925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.1.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2f38e969 code=0x7ffc0000 [ 155.634669][ T1155] bridge_slave_0: left allmulticast mode [ 155.640361][ T1155] bridge_slave_0: left promiscuous mode [ 155.656882][ T30] audit: type=1326 audit(1748806160.673:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.1.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a2f38e969 code=0x7ffc0000 [ 155.666814][ T1155] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.688131][ T8382] IPVS: using max 51 ests per chain, 122400 per kthread [ 155.721693][ T30] audit: type=1326 audit(1748806160.673:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.1.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2f38e969 code=0x7ffc0000 [ 155.747668][ T30] audit: type=1326 audit(1748806160.673:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.1.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a2f38e969 code=0x7ffc0000 [ 155.785692][ T10] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 155.957068][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 155.967838][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 155.980289][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 156.009651][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 156.062489][ T10] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 156.076037][ T10] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 156.094308][ T10] usb 2-1: Manufacturer: syz [ 156.127584][ T10] usb 2-1: config 0 descriptor?? [ 156.243461][ T8397] netlink: 20 bytes leftover after parsing attributes in process `syz.3.906'. [ 156.409290][ T1155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 156.419492][ T1155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 156.421708][ T10] rc_core: IR keymap rc-hauppauge not found [ 156.434323][ T10] Registered IR keymap rc-empty [ 156.436442][ T1155] bond0 (unregistering): Released all slaves [ 156.439282][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 156.472650][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 156.548778][ T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 156.617364][ T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input20 [ 156.679945][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 156.733974][ T8349] chnl_net:caif_netlink_parms(): no params data found [ 156.741844][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 156.764881][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 156.781652][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 156.811729][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 156.832557][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 156.853939][ T5138] Bluetooth: hci4: command tx timeout [ 156.863042][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 156.925249][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 156.955103][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 156.981718][ T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.030288][ T10] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 157.043186][ T8349] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.050511][ T8349] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.057709][ T10] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 157.058248][ T8349] bridge_slave_0: entered allmulticast mode [ 157.075033][ T8349] bridge_slave_0: entered promiscuous mode [ 157.090593][ T1155] hsr_slave_0: left promiscuous mode [ 157.101823][ T10] usb 2-1: USB disconnect, device number 13 [ 157.120680][ T1155] hsr_slave_1: left promiscuous mode [ 157.137551][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 157.171309][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 157.181776][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 157.212634][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 157.233008][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 157.303843][ T1155] veth1_macvtap: left promiscuous mode [ 157.313288][ T1155] veth0_macvtap: left promiscuous mode [ 157.322329][ T1155] veth1_vlan: left promiscuous mode [ 157.327748][ T1155] veth0_vlan: left promiscuous mode [ 157.388738][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.429535][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.470112][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 157.513583][ T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 157.534365][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.552719][ T9] usb 6-1: config 0 descriptor?? [ 157.893052][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 157.893068][ T30] audit: type=1326 audit(1748806163.453:1937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8453 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 157.927098][ T30] audit: type=1326 audit(1748806163.453:1938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8453 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 157.954760][ T30] audit: type=1326 audit(1748806163.453:1939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8453 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 157.983292][ T30] audit: type=1326 audit(1748806163.453:1940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8453 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 157.992591][ T9] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving [ 158.011048][ T30] audit: type=1326 audit(1748806163.453:1941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8453 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 158.037997][ T30] audit: type=1326 audit(1748806163.453:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8453 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 158.105230][ T9] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 158.201743][ T30] audit: type=1326 audit(1748806163.763:1943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8453 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 158.287077][ T30] audit: type=1326 audit(1748806163.763:1944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8453 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 158.321156][ T1155] team0 (unregistering): Port device team_slave_1 removed [ 158.328622][ T30] audit: type=1326 audit(1748806163.883:1945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8453 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 158.361808][ T30] audit: type=1326 audit(1748806163.883:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8453 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f162b38e969 code=0x7ffc0000 [ 158.372638][ T9] usb 6-1: USB disconnect, device number 2 [ 158.426850][ T1155] team0 (unregistering): Port device team_slave_0 removed [ 159.017716][ T5138] Bluetooth: hci4: command tx timeout [ 159.024279][ T8349] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.031737][ T8349] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.039017][ T8349] bridge_slave_1: entered allmulticast mode [ 159.046938][ T8349] bridge_slave_1: entered promiscuous mode [ 159.229429][ T8349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 159.267945][ T8349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 159.321385][ T8472] dlm: non-version read from control device 4 [ 159.488173][ T8486] loop4: detected capacity change from 0 to 524255232 [ 159.501449][ T8484] overlayfs: workdir and upperdir must reside under the same mount [ 159.565354][ T8349] team0: Port device team_slave_0 added [ 159.583542][ T8349] team0: Port device team_slave_1 added [ 159.739116][ T8349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 159.789060][ T8349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.927106][ T8349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 159.996143][ T8349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 160.032830][ T8349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.179277][ T8349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 160.553379][ T8349] hsr_slave_0: entered promiscuous mode [ 160.577323][ T8349] hsr_slave_1: entered promiscuous mode [ 160.629841][ T8349] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 160.650374][ T8349] Cannot create hsr debugfs directory [ 161.092623][ T5138] Bluetooth: hci4: command tx timeout [ 161.729159][ T8349] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 161.783727][ T8349] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 161.820023][ T8349] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 161.919377][ T8349] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 162.210863][ T8349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.284597][ T8349] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.313009][ T199] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.320122][ T199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.353297][ T199] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.360418][ T199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.739487][ T8606] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 162.890411][ T8349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.171696][ T5138] Bluetooth: hci4: command tx timeout [ 163.501590][ T5821] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 163.598970][ T8349] veth0_vlan: entered promiscuous mode [ 163.622932][ T8349] veth1_vlan: entered promiscuous mode [ 163.659590][ T5821] usb 1-1: unable to get BOS descriptor or descriptor too short [ 163.672150][ T5821] usb 1-1: not running at top speed; connect to a high speed hub [ 163.682666][ T8349] veth0_macvtap: entered promiscuous mode [ 163.695855][ T5821] usb 1-1: config 9 has an invalid interface number: 76 but max is 0 [ 163.706728][ T8349] veth1_macvtap: entered promiscuous mode [ 163.715686][ T5821] usb 1-1: config 9 has no interface number 0 [ 163.729550][ T5821] usb 1-1: config 9 interface 76 has no altsetting 0 [ 163.758374][ T8349] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.761379][ T5821] usb 1-1: New USB device found, idVendor=16d8, idProduct=6804, bcdDevice=68.d5 [ 163.774789][ T8349] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.798376][ T5821] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.800249][ T8349] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.818813][ T5821] usb 1-1: Product: syz [ 163.834681][ T5821] usb 1-1: Manufacturer: syz [ 163.835481][ T8349] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.846503][ T5821] usb 1-1: SerialNumber: syz [ 163.867002][ T8349] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.881163][ T8349] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.051268][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.086603][ T5821] hub 1-1:9.76: bad descriptor, ignoring hub [ 164.090172][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.096203][ T5821] hub 1-1:9.76: probe with driver hub failed with error -5 [ 164.109085][ T5821] option 1-1:9.76: GSM modem (1-port) converter detected [ 164.184378][ T5821] usb 1-1: USB disconnect, device number 12 [ 164.215578][ T5821] option 1-1:9.76: device disconnected [ 164.266621][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.321648][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.436050][ T8670] capability: warning: `syz.3.988' uses 32-bit capabilities (legacy support in use) [ 164.481683][ T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 164.655002][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 164.665660][ T9] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 164.677759][ T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 164.689637][ T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 164.710743][ T9] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 164.711360][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 164.711372][ T30] audit: type=1400 audit(1748806170.263:1953): avc: denied { ioctl } for pid=8678 comm="syz.1.993" path="/dev/usbmon7" dev="devtmpfs" ino=737 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 164.733321][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.751361][ C1] vkms_vblank_simulate: vblank timer overrun [ 164.828862][ T9] usb 6-1: Product: syz [ 164.834719][ T9] usb 6-1: Manufacturer: syz [ 164.839893][ T9] usb 6-1: SerialNumber: syz [ 164.921645][ T8690] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 165.298112][ T9] usb 6-1: 0:2 : does not exist [ 165.337067][ T1133] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.741019][ T1133] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.917762][ T9] usb 6-1: 1:0: failed to get current value for ch 0 (-22) [ 166.021685][ T9] usb 6-1: USB disconnect, device number 3 [ 166.089283][ T1133] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.290366][ T1133] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.309167][ T5820] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 166.330628][ T5820] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 166.342338][ T5820] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 166.359183][ T5820] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 166.367190][ T5820] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 166.397920][ T8729] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1004'. [ 166.819795][ T30] audit: type=1400 audit(1748806172.373:1954): avc: denied { bind } for pid=8755 comm="syz.5.1012" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 166.971113][ T1133] bridge_slave_1: left allmulticast mode [ 166.984058][ T1133] bridge_slave_1: left promiscuous mode [ 166.990878][ T1133] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.009488][ T1133] bridge_slave_0: left allmulticast mode [ 167.016975][ T1133] bridge_slave_0: left promiscuous mode [ 167.024597][ T1133] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.628123][ T1133] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 167.659673][ T1133] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 167.682862][ T1133] bond0 (unregistering): Released all slaves [ 167.752640][ T8763] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1015'. [ 167.952206][ T8782] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1021'. [ 168.309976][ T8731] chnl_net:caif_netlink_parms(): no params data found [ 168.355395][ T30] audit: type=1400 audit(1748806173.903:1955): avc: denied { read } for pid=8793 comm="syz.1.1025" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 168.411766][ T30] audit: type=1400 audit(1748806173.903:1956): avc: denied { open } for pid=8793 comm="syz.1.1025" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 168.452046][ T5138] Bluetooth: hci4: command tx timeout [ 168.475479][ T8794] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 168.502592][ T8794] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 168.578704][ T8794] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 168.598131][ T8794] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 168.620143][ T8794] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 168.668407][ T8794] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 168.748791][ T1133] hsr_slave_0: left promiscuous mode [ 168.766533][ T8794] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 168.805302][ T1133] hsr_slave_1: left promiscuous mode [ 168.810968][ T8794] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 168.817394][ T8794] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 168.824739][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.842074][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.857497][ T8794] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 168.867812][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 168.877188][ T8794] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 168.884009][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 168.892898][ T8794] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 168.911067][ T8794] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 168.940091][ T8794] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 168.950715][ T1133] veth1_macvtap: left promiscuous mode [ 168.956893][ T1133] veth0_macvtap: left promiscuous mode [ 168.968455][ T1133] veth1_vlan: left promiscuous mode [ 168.976917][ T8794] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 168.983253][ T1133] veth0_vlan: left promiscuous mode [ 169.009227][ T8794] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 169.957183][ T1133] team0 (unregistering): Port device team_slave_1 removed [ 170.049307][ T1133] team0 (unregistering): Port device team_slave_0 removed [ 170.531728][ T5138] Bluetooth: hci0: command 0x0c1a tx timeout [ 170.611888][ T5138] Bluetooth: hci1: command 0x0406 tx timeout [ 170.698122][ T8902] loop7: detected capacity change from 0 to 7 [ 170.713425][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 170.722796][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 170.740730][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 170.749922][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 170.763564][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 170.772760][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 170.786763][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 170.795921][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 170.807184][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 170.816340][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 170.826485][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 170.835672][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 170.844257][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 170.853413][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 170.861743][ T5138] Bluetooth: hci3: command 0x0c1a tx timeout [ 170.868900][ T5833] ldm_validate_partition_table(): Disk read failed. [ 170.888232][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 170.897422][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 170.905759][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 170.914939][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 170.923107][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 170.932330][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 170.940443][ T5833] Dev loop7: unable to read RDB block 0 [ 170.942691][ T8731] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.947112][ T5138] Bluetooth: hci2: command 0x0c1a tx timeout [ 170.954136][ T8731] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.967976][ T5833] loop7: unable to read partition table [ 170.978944][ T5833] loop7: partition table beyond EOD, truncated [ 171.009853][ T8902] ldm_validate_partition_table(): Disk read failed. [ 171.021658][ T5138] Bluetooth: hci4: command 0x040f tx timeout [ 171.026487][ T8902] Dev loop7: unable to read RDB block 0 [ 171.075749][ T8731] bridge_slave_0: entered allmulticast mode [ 171.082760][ T8902] loop7: unable to read partition table [ 171.101778][ T8902] loop7: partition table beyond EOD, truncated [ 171.116651][ T8731] bridge_slave_0: entered promiscuous mode [ 171.141124][ T8902] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5) [ 171.166738][ T8731] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.179040][ T8731] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.197501][ T8731] bridge_slave_1: entered allmulticast mode [ 171.223310][ T8731] bridge_slave_1: entered promiscuous mode [ 171.352675][ T24] kernel write not supported for file /snd/seq (pid: 24 comm: kworker/1:0) [ 171.529040][ T30] audit: type=1400 audit(1748806177.083:1957): avc: denied { mount } for pid=8928 comm="syz.5.1071" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 171.559342][ T8731] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 171.608762][ T30] audit: type=1400 audit(1748806177.093:1958): avc: denied { watch watch_reads } for pid=8928 comm="syz.5.1071" path="/42/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 171.631725][ T5821] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 171.644256][ T8731] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 171.664619][ T30] audit: type=1400 audit(1748806177.123:1959): avc: denied { getopt } for pid=8930 comm="syz.3.1070" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 171.730604][ T30] audit: type=1400 audit(1748806177.173:1960): avc: denied { unmount } for pid=8093 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 171.786273][ T8731] team0: Port device team_slave_0 added [ 171.811324][ T8731] team0: Port device team_slave_1 added [ 171.835773][ T5821] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.845621][ T24] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 171.872862][ T5821] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 171.887030][ T8944] could not open pipe file descriptor [ 171.892933][ T5821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.900465][ T8731] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 171.916537][ T5821] usb 1-1: config 0 descriptor?? [ 171.931888][ T8731] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 171.958646][ T8731] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 172.002106][ T8946] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 172.015755][ T8946] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 172.020966][ T8731] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 172.040344][ T8731] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 172.073637][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.091649][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 172.104143][ T24] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 172.118314][ T8731] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 172.130081][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.183979][ T24] usb 2-1: config 0 descriptor?? [ 172.276357][ T8731] hsr_slave_0: entered promiscuous mode [ 172.302348][ T8731] hsr_slave_1: entered promiscuous mode [ 172.308725][ T8731] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 172.335421][ T8731] Cannot create hsr debugfs directory [ 172.357226][ T5821] lg-g15 0003:046D:C222.0010: unknown main item tag 0x0 [ 172.400250][ T5821] lg-g15 0003:046D:C222.0010: hidraw0: USB HID v10.00 Device [HID 046d:c222] on usb-dummy_hcd.0-1/input0 [ 172.604103][ T24] cm6533_jd 0003:0D8C:0022.0011: unknown main item tag 0x0 [ 172.617051][ T5138] Bluetooth: hci0: command 0x0c1a tx timeout [ 172.623610][ T48] usb 1-1: USB disconnect, device number 13 [ 172.648419][ T24] cm6533_jd 0003:0D8C:0022.0011: unknown main item tag 0x0 [ 172.691628][ T5138] Bluetooth: hci1: command 0x0406 tx timeout [ 172.717317][ T24] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0011/input/input22 [ 172.819221][ T24] cm6533_jd 0003:0D8C:0022.0011: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 172.877835][ T24] usb 2-1: USB disconnect, device number 14 [ 172.931661][ T5138] Bluetooth: hci3: command 0x0c1a tx timeout [ 172.936706][ T8974] fido_id[8974]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 173.011879][ T5138] Bluetooth: hci2: command 0x0c1a tx timeout [ 173.091616][ T5138] Bluetooth: hci4: command 0x040f tx timeout [ 173.776910][ T8731] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 173.818934][ T8731] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 173.894230][ T8731] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 173.958228][ T9011] overlayfs: upper fs does not support tmpfile. [ 173.970921][ T8731] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 174.051940][ T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 174.242462][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 174.249269][ T24] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 174.276854][ T24] usb 6-1: config 0 has no interface number 0 [ 174.299745][ T8731] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.305249][ T24] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 174.362043][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.372531][ T24] usb 6-1: Product: syz [ 174.373736][ T8731] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.376692][ T24] usb 6-1: Manufacturer: syz [ 174.394080][ T24] usb 6-1: SerialNumber: syz [ 174.426138][ T24] usb 6-1: config 0 descriptor?? [ 174.435650][ T1133] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.442796][ T1133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.452929][ T24] smsc95xx v2.0.0 [ 174.513209][ T1133] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.520368][ T1133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.635079][ T8731] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 174.691766][ T5138] Bluetooth: hci0: command 0x0c1a tx timeout [ 174.771974][ T5138] Bluetooth: hci1: command 0x0406 tx timeout [ 175.011978][ T5867] usb 1-1: new low-speed USB device number 14 using dummy_hcd [ 175.030854][ T5138] Bluetooth: hci3: command 0x0c1a tx timeout [ 175.085338][ T8731] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.098372][ T5138] Bluetooth: hci2: command 0x0c1a tx timeout [ 175.174249][ T5138] Bluetooth: hci4: command 0x040f tx timeout [ 175.202970][ T5867] usb 1-1: config 0 has no interfaces? [ 175.208509][ T5867] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 175.234960][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.257126][ T5867] usb 1-1: config 0 descriptor?? [ 175.324564][ T9037] syz.3.1100 (9037): drop_caches: 2 [ 175.345729][ T9037] syz.3.1100 (9037): drop_caches: 2 [ 175.467050][ T24] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71 [ 175.500210][ T9040] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1101'. [ 175.522322][ T9040] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1101'. [ 175.529643][ T24] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 175.557814][ T24] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 175.575556][ T5867] usb 1-1: USB disconnect, device number 14 [ 175.598304][ T24] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 175.625418][ T24] usb 6-1: USB disconnect, device number 4 [ 175.650147][ T8731] veth0_vlan: entered promiscuous mode [ 175.694827][ T8731] veth1_vlan: entered promiscuous mode [ 175.740356][ T8731] veth0_macvtap: entered promiscuous mode [ 175.775175][ T8731] veth1_macvtap: entered promiscuous mode [ 175.804854][ T8731] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.829541][ T8731] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.850094][ T8731] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.866297][ T8731] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.875264][ T8731] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.885495][ T8731] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.004961][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.025765][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 176.101890][ T1133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.119967][ T1133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 176.852078][ T5820] Bluetooth: hci1: command 0x0406 tx timeout [ 177.111561][ T5864] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 177.204866][ T1133] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.277838][ T5864] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 177.295556][ T5864] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 177.318940][ T5864] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 177.329220][ T5864] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 177.340453][ T5864] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 177.353747][ T5864] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 177.365107][ T5864] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 177.381567][ T5864] usb 2-1: Product: syz [ 177.391569][ T5864] usb 2-1: Manufacturer: syz [ 177.415316][ T5864] cdc_wdm 2-1:1.0: skipping garbage [ 177.433845][ T5864] cdc_wdm 2-1:1.0: skipping garbage [ 177.442718][ T5864] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 177.449219][ T5864] cdc_wdm 2-1:1.0: Unknown control protocol [ 177.521010][ T1133] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.633880][ T30] audit: type=1400 audit(1748806183.193:1961): avc: denied { read write } for pid=9121 comm="syz.1.1119" name="cdc-wdm0" dev="devtmpfs" ino=3391 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 177.660634][ T30] audit: type=1400 audit(1748806183.193:1962): avc: denied { open } for pid=9121 comm="syz.1.1119" path="/dev/cdc-wdm0" dev="devtmpfs" ino=3391 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 177.839422][ T1133] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.233318][ T1133] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.292023][ T5820] Bluetooth: hci5: command 0x1003 tx timeout [ 178.301995][ T5138] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 178.412346][ T9170] sock: sock_set_timeout: `syz.3.1126' (pid 9170) tries to set negative timeout [ 178.783987][ T5820] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 178.796364][ T5820] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 178.812923][ T5820] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 178.830522][ T5820] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 178.832638][ T1133] bridge_slave_1: left allmulticast mode [ 178.853517][ T5820] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 178.911676][ T1133] bridge_slave_1: left promiscuous mode [ 178.917444][ T1133] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.993778][ T30] audit: type=1400 audit(1748806184.533:1963): avc: denied { write } for pid=9190 comm="syz.0.1131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 179.093563][ T1133] bridge_slave_0: left allmulticast mode [ 179.099338][ T1133] bridge_slave_0: left promiscuous mode [ 179.120128][ T1133] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.522458][ T5821] usb 2-1: USB disconnect, device number 15 [ 179.821287][ T1133] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 179.835543][ T1133] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 179.845859][ T1133] bond0 (unregistering): Released all slaves [ 180.040597][ T9220] Bluetooth: hci5: Frame reassembly failed (-84) [ 180.306066][ T1133] hsr_slave_0: left promiscuous mode [ 180.332316][ T1133] hsr_slave_1: left promiscuous mode [ 180.338260][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 180.352060][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 180.374865][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 180.423854][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 180.475227][ T1133] veth1_macvtap: left promiscuous mode [ 180.486316][ T1133] veth0_macvtap: left promiscuous mode [ 180.494335][ T1133] veth1_vlan: left promiscuous mode [ 180.500926][ T1133] veth0_vlan: left promiscuous mode [ 180.932801][ T5820] Bluetooth: hci4: command tx timeout [ 181.150464][ T9255] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1152'. [ 181.381378][ T1133] team0 (unregistering): Port device team_slave_1 removed [ 181.416692][ T1133] team0 (unregistering): Port device team_slave_0 removed [ 181.791217][ T9183] chnl_net:caif_netlink_parms(): no params data found [ 182.051746][ T5820] Bluetooth: hci5: command 0xfc11 tx timeout [ 182.058964][ T5138] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 182.106041][ T9183] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.129878][ T9183] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.150358][ T9183] bridge_slave_0: entered allmulticast mode [ 182.167816][ T9183] bridge_slave_0: entered promiscuous mode [ 182.175866][ T9183] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.183028][ T9183] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.190218][ T9183] bridge_slave_1: entered allmulticast mode [ 182.203128][ T9183] bridge_slave_1: entered promiscuous mode [ 182.318059][ T9285] syzkaller1: entered promiscuous mode [ 182.331990][ T9285] syzkaller1: entered allmulticast mode [ 182.377941][ T9183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.393242][ T9183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.452396][ T9183] team0: Port device team_slave_0 added [ 182.478303][ T9183] team0: Port device team_slave_1 added [ 182.542148][ T9183] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 182.550271][ T9183] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.591158][ T5867] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 182.604327][ T9183] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 182.620398][ T9183] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 182.631741][ T9183] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.657660][ C1] vkms_vblank_simulate: vblank timer overrun [ 182.669279][ T9183] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 182.761759][ T5867] usb 2-1: Using ep0 maxpacket: 32 [ 182.787526][ T9294] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1160'. [ 182.804196][ T5867] usb 2-1: unable to get BOS descriptor or descriptor too short [ 182.818977][ T9183] hsr_slave_0: entered promiscuous mode [ 182.832033][ T5867] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 182.842776][ T9183] hsr_slave_1: entered promiscuous mode [ 182.857874][ T5867] usb 2-1: can't read configurations, error -71 [ 182.863500][ T9183] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 182.875713][ T9183] Cannot create hsr debugfs directory [ 183.011745][ T5138] Bluetooth: hci4: command tx timeout [ 183.238355][ T9332] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 183.370841][ T30] audit: type=1400 audit(1748806188.923:1964): avc: denied { remount } for pid=9333 comm="syz.3.1171" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 183.537765][ T30] audit: type=1400 audit(1748806189.093:1965): avc: denied { remount } for pid=9339 comm="syz.0.1173" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 183.878885][ T9183] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 183.900317][ T9183] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 183.921864][ T10] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 183.943135][ T9183] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 183.992709][ T9183] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 184.104067][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 184.141962][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 184.175834][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 184.192535][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 184.224499][ T9183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.255840][ T10] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 184.288484][ T10] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 184.318292][ T9183] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.331741][ T10] usb 4-1: Manufacturer: syz [ 184.352373][ T10] usb 4-1: config 0 descriptor?? [ 184.364946][ T3516] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.372098][ T3516] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.445888][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.453059][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.673974][ T9183] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 184.781644][ T10] rc_core: IR keymap rc-hauppauge not found [ 184.791552][ T10] Registered IR keymap rc-empty [ 184.796522][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 184.863465][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 184.908412][ T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 184.979546][ T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input25 [ 185.041878][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 185.092245][ T5138] Bluetooth: hci4: command tx timeout [ 185.114485][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 185.117526][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.187657][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 185.225317][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.234166][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 185.272331][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 185.297920][ T9183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.301790][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 185.373799][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 185.412390][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 185.450592][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.451686][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 185.521713][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 185.563242][ T10] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 185.611657][ T10] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 185.664660][ T10] usb 4-1: USB disconnect, device number 15 [ 185.695595][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.073985][ T12] bridge_slave_1: left allmulticast mode [ 186.086839][ T12] bridge_slave_1: left promiscuous mode [ 186.100714][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.134994][ T12] bridge_slave_0: left allmulticast mode [ 186.169324][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 186.170365][ T12] bridge_slave_0: left promiscuous mode [ 186.184423][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 186.193074][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 186.200891][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 186.206647][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.223871][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 186.751001][ T30] audit: type=1400 audit(1748806192.303:1966): avc: denied { setopt } for pid=9463 comm="syz.5.1207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 186.929909][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 186.940858][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 186.950613][ T12] bond0 (unregistering): Released all slaves [ 187.070786][ T9183] veth0_vlan: entered promiscuous mode [ 187.171746][ T5820] Bluetooth: hci4: command tx timeout [ 187.445103][ T9183] veth1_vlan: entered promiscuous mode [ 187.762690][ T9183] veth0_macvtap: entered promiscuous mode [ 187.823780][ T9505] netlink: 'syz.5.1222': attribute type 13 has an invalid length. [ 187.857684][ T12] hsr_slave_0: left promiscuous mode [ 187.867512][ T12] hsr_slave_1: left promiscuous mode [ 187.877907][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 187.890403][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 187.920350][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 187.940078][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 187.996717][ T12] veth1_macvtap: left promiscuous mode [ 188.008801][ T9518] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1225'. [ 188.020784][ T12] veth0_macvtap: left promiscuous mode [ 188.031378][ T12] veth1_vlan: left promiscuous mode [ 188.037060][ T12] veth0_vlan: left promiscuous mode [ 188.304466][ T5820] Bluetooth: hci3: command tx timeout [ 188.396388][ T12] team0 (unregistering): Port device team_slave_1 removed [ 188.424611][ T12] team0 (unregistering): Port device team_slave_0 removed [ 188.704441][ T9505] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 188.716137][ T9505] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 188.723999][ T9505] gretap1: entered promiscuous mode [ 188.729258][ T9505] gretap1: entered allmulticast mode [ 188.828849][ T9183] veth1_macvtap: entered promiscuous mode [ 188.947771][ T9530] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1228'. [ 188.969068][ T9183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.984903][ T30] audit: type=1400 audit(1748806194.523:1967): avc: denied { write } for pid=9523 comm="syz.5.1226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 189.077534][ T9183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.128474][ T9524] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 189.163762][ T9183] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.180380][ T9524] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 189.206665][ T9183] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.231104][ T9183] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.271548][ T9183] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.320553][ T9437] chnl_net:caif_netlink_parms(): no params data found [ 189.531926][ T12] IPVS: stop unused estimator thread 0... [ 189.849911][ T9562] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 190.079471][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.113126][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.143312][ T9437] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.157564][ T9437] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.165823][ T9437] bridge_slave_0: entered allmulticast mode [ 190.176270][ T9437] bridge_slave_0: entered promiscuous mode [ 190.193484][ T9437] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.210495][ T9437] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.226737][ T9437] bridge_slave_1: entered allmulticast mode [ 190.256469][ T9437] bridge_slave_1: entered promiscuous mode [ 190.374477][ T5820] Bluetooth: hci3: command tx timeout [ 190.475401][ T9437] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.512164][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.520015][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.540377][ T9437] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.809351][ T9437] team0: Port device team_slave_0 added [ 190.820055][ T9437] team0: Port device team_slave_1 added [ 190.931855][ T5821] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 191.048959][ T9437] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.061699][ T9437] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.120485][ T9437] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.131615][ T5821] usb 6-1: Using ep0 maxpacket: 8 [ 191.146601][ T5821] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 191.162914][ T5821] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 191.181262][ T9437] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.195704][ T9437] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.211534][ T5821] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 191.221760][ C0] vkms_vblank_simulate: vblank timer overrun [ 191.222292][ T9437] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.266624][ T9604] bond0: (slave macsec1): Error -34 calling dev_set_mtu [ 191.274374][ T5821] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 191.288579][ T5821] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 191.371660][ T5821] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.570029][ T199] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.713245][ T199] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.741886][ T5821] usb 6-1: GET_CAPABILITIES returned 0 [ 191.768378][ T5821] usbtmc 6-1:16.0: can't read capabilities [ 191.773197][ T9437] hsr_slave_0: entered promiscuous mode [ 191.804959][ T9437] hsr_slave_1: entered promiscuous mode [ 191.811395][ T9437] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 191.824907][ T9437] Cannot create hsr debugfs directory [ 191.854545][ T199] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.947631][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 191.967245][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 191.976368][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 191.985422][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 191.994636][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.012843][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.021965][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.031039][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.040162][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.049292][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.059872][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.068971][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.078060][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.087160][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.096250][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.108182][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 192.126331][ T5921] usb 6-1: USB disconnect, device number 5 [ 192.134470][ T199] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.454104][ T5820] Bluetooth: hci3: command tx timeout [ 192.721683][ T199] bridge_slave_1: left allmulticast mode [ 192.727369][ T199] bridge_slave_1: left promiscuous mode [ 192.773213][ T199] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.809845][ T199] bridge_slave_0: left allmulticast mode [ 192.827329][ T199] bridge_slave_0: left promiscuous mode [ 192.846521][ T199] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.939050][ T5138] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 192.950002][ T5138] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 192.958299][ T5138] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 192.978369][ T5138] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 192.986035][ T5138] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 193.176134][ T9645] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1258'. [ 193.476506][ T199] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 193.487555][ T199] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 193.500634][ T199] bond0 (unregistering): Released all slaves [ 193.736483][ T9437] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 193.833784][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.840109][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.872667][ T9437] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 193.898116][ T9437] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 193.906082][ T9437] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 194.097155][ T199] hsr_slave_0: left promiscuous mode [ 194.139452][ T199] hsr_slave_1: left promiscuous mode [ 194.145677][ T199] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 194.166651][ T199] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 194.198617][ T199] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 194.210966][ T199] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 194.258897][ T199] veth1_macvtap: left promiscuous mode [ 194.274541][ T199] veth0_macvtap: left promiscuous mode [ 194.284275][ T199] veth1_vlan: left promiscuous mode [ 194.320743][ T199] veth0_vlan: left promiscuous mode [ 194.421567][ T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 194.532592][ T5820] Bluetooth: hci3: command tx timeout [ 194.595397][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 194.625296][ T10] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 194.649593][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.673374][ T10] usb 1-1: Product: syz [ 194.680964][ T10] usb 1-1: Manufacturer: syz [ 194.698533][ T10] usb 1-1: SerialNumber: syz [ 194.719528][ T10] usb 1-1: config 0 descriptor?? [ 194.737074][ T10] gspca_main: sq930x-2.14.0 probing 2770:930c [ 195.097367][ T5820] Bluetooth: hci4: command tx timeout [ 195.240932][ T199] team0 (unregistering): Port device team_slave_1 removed [ 195.303230][ T199] team0 (unregistering): Port device team_slave_0 removed [ 195.782240][ T10] gspca_sq930x: reg_w 0105 0f00 failed -71 [ 195.788423][ T10] sq930x 1-1:0.0: probe with driver sq930x failed with error -71 [ 195.865690][ T10] usb 1-1: USB disconnect, device number 15 [ 195.926975][ T9437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.031171][ T9437] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.056037][ T9636] chnl_net:caif_netlink_parms(): no params data found [ 196.160834][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.168063][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.355636][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.362792][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.405004][ T30] audit: type=1400 audit(1748806201.963:1968): avc: denied { read } for pid=9714 comm="syz.0.1274" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 196.435371][ T30] audit: type=1400 audit(1748806201.963:1969): avc: denied { open } for pid=9714 comm="syz.0.1274" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 196.471603][ T30] audit: type=1400 audit(1748806201.963:1970): avc: denied { ioctl } for pid=9714 comm="syz.0.1274" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 196.610137][ T9636] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.641670][ T9636] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.648892][ T9636] bridge_slave_0: entered allmulticast mode [ 196.664572][ T9723] SELinux: failed to load policy [ 196.676721][ T9636] bridge_slave_0: entered promiscuous mode [ 196.708439][ T9636] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.727330][ T9636] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.763093][ T9636] bridge_slave_1: entered allmulticast mode [ 196.793266][ T9636] bridge_slave_1: entered promiscuous mode [ 196.901285][ T9636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.957660][ T9636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.030619][ T30] audit: type=1400 audit(1748806202.583:1971): avc: denied { nosuid_transition } for pid=9735 comm="syz.3.1280" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1 [ 197.085624][ T9636] team0: Port device team_slave_0 added [ 197.114766][ T9636] team0: Port device team_slave_1 added [ 197.131597][ T30] audit: type=1400 audit(1748806202.583:1972): avc: denied { transition } for pid=9735 comm="syz.3.1280" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1049 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 197.190228][ T5820] Bluetooth: hci4: command tx timeout [ 197.294209][ T9636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.298838][ T30] audit: type=1400 audit(1748806202.583:1973): avc: denied { entrypoint } for pid=9735 comm="syz.3.1280" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1049 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 197.311585][ T9636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.526218][ T30] audit: type=1400 audit(1748806202.583:1974): avc: denied { share } for pid=9735 comm="syz.3.1280" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 197.565270][ T9636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 197.615420][ T9636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 197.639212][ T30] audit: type=1400 audit(1748806202.583:1975): avc: denied { noatsecure } for pid=9735 comm="syz.3.1280" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 197.659559][ T9636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.659617][ T9636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 197.715519][ T9437] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.728754][ T30] audit: type=1400 audit(1748806202.623:1976): avc: denied { module_request } for pid=9437 comm="syz-executor" kmod="netdev-nicvf0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 197.805637][ T30] audit: type=1400 audit(1748806203.343:1977): avc: denied { setopt } for pid=9760 comm="syz.3.1287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 197.910513][ T9636] hsr_slave_0: entered promiscuous mode [ 197.925164][ T9767] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1288'. [ 197.927278][ T9636] hsr_slave_1: entered promiscuous mode [ 197.946466][ T9636] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 197.953241][ T9767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1288'. [ 197.955121][ T9636] Cannot create hsr debugfs directory [ 198.060117][ T9767] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 198.069388][ T9767] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 198.078471][ T9767] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 198.087890][ T9767] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 198.357970][ T9437] veth0_vlan: entered promiscuous mode [ 198.397155][ T9437] veth1_vlan: entered promiscuous mode [ 198.441870][ T5921] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 198.498572][ T9437] veth0_macvtap: entered promiscuous mode [ 198.515185][ T9437] veth1_macvtap: entered promiscuous mode [ 198.579157][ T9437] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.611750][ T5921] usb 6-1: Using ep0 maxpacket: 8 [ 198.636575][ T5921] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 198.669581][ T5921] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 198.704335][ T5921] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.730730][ T9437] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.743649][ T5921] usb 6-1: config 0 descriptor?? [ 198.746772][ T9437] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.760308][ T9437] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.789103][ T9437] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.798044][ T9437] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.850663][ T9636] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 198.867704][ T9636] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 198.897572][ T9636] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 198.948802][ T9636] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 198.971582][ T5898] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 198.979799][ T5921] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 199.116407][ T3516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.156818][ T3516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.173821][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.194848][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 199.223272][ T5898] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 199.229155][ T5821] usb 6-1: USB disconnect, device number 6 [ 199.233157][ T5898] usb 1-1: New USB device strings: Mfr=104, Product=1, SerialNumber=0 [ 199.258299][ T5820] Bluetooth: hci4: command tx timeout [ 199.271825][ T5898] usb 1-1: Product: syz [ 199.290702][ T5898] usb 1-1: Manufacturer: syz [ 199.318950][ T5898] usb 1-1: config 0 descriptor?? [ 199.369628][ T9636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.370184][ T1133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.503496][ T1133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.531742][ T9636] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.562399][ T1133] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.569509][ T1133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.603208][ T1133] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.610373][ T1133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.703935][ T9636] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 200.205869][ T9636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.365420][ T5898] uclogic 0003:256C:006D.0012: failed retrieving string descriptor #100: -71 [ 200.399490][ T5898] uclogic 0003:256C:006D.0012: failed retrieving pen parameters: -71 [ 200.444265][ T5898] uclogic 0003:256C:006D.0012: failed probing pen v1 parameters: -71 [ 200.464669][ T5898] uclogic 0003:256C:006D.0012: failed probing parameters: -71 [ 200.489691][ T5898] uclogic 0003:256C:006D.0012: probe with driver uclogic failed with error -71 [ 200.539597][ T5898] usb 1-1: USB disconnect, device number 16 [ 200.868805][ T9851] autofs4:pid:9851:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.4), cmd(0xc0189379) [ 200.931871][ T9851] autofs4:pid:9851:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189379) [ 201.009690][ T9636] veth0_vlan: entered promiscuous mode [ 201.029461][ T9636] veth1_vlan: entered promiscuous mode [ 201.130073][ T9636] veth0_macvtap: entered promiscuous mode [ 201.158175][ T9636] veth1_macvtap: entered promiscuous mode [ 201.205587][ T9636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 201.241852][ T5898] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 201.260006][ T9636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 201.274793][ T9636] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.286592][ T9636] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.297825][ T9636] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.309970][ T9636] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.332659][ T5820] Bluetooth: hci4: command tx timeout [ 201.420002][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 201.437099][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.462369][ T5898] usb 4-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 201.476596][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.483472][ T5898] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 201.491535][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.501634][ T5898] usb 4-1: Manufacturer: syz [ 201.528238][ T5898] usb 4-1: config 0 descriptor?? [ 201.548129][ T199] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.558795][ T199] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.571584][ T9877] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1314'. [ 201.584557][ T9877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1314'. [ 201.596694][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 201.596708][ T30] audit: type=1400 audit(1748806207.153:1982): avc: denied { read } for pid=9875 comm="syz.6.1314" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 201.661993][ T24] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 201.680859][ T9881] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1315'. [ 201.782656][ T30] audit: type=1400 audit(1748806207.343:1983): avc: denied { remount } for pid=9884 comm="syz.6.1316" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 201.782692][ T9885] tracefs: Invalid uid '0x00000000ffffffff' [ 201.834545][ T24] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 201.851582][ T24] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 201.870741][ T24] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 201.891399][ T24] usb 6-1: config 220 has no interface number 2 [ 201.911708][ T24] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 201.937394][ T24] usb 6-1: config 220 interface 0 has no altsetting 0 [ 201.955879][ T24] usb 6-1: config 220 interface 76 has no altsetting 0 [ 201.970695][ T24] usb 6-1: config 220 interface 1 has no altsetting 0 [ 201.992652][ T5898] cougar 0003:060B:700A.0013: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 202.003048][ T24] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 202.017456][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.048661][ T24] usb 6-1: Product: syz [ 202.061287][ T24] usb 6-1: Manufacturer: syz [ 202.073068][ T24] usb 6-1: SerialNumber: syz [ 202.175755][ T9899] SELinux: ebitmap start bit (1074921480) is not a multiple of the map unit size (64) [ 202.197078][ T9899] SELinux: failed to load policy [ 202.256504][ T5898] usb 4-1: USB disconnect, device number 16 [ 202.278514][ T30] audit: type=1400 audit(1748806207.833:1984): avc: denied { bind } for pid=9904 comm="syz.6.1321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 202.294807][ T24] usb 6-1: selecting invalid altsetting 0 [ 202.316437][ T24] usb 6-1: Found UVC 7.01 device syz (8086:0b07) [ 202.348083][ T24] usb 6-1: No valid video chain found. [ 202.351897][ T30] audit: type=1400 audit(1748806207.833:1985): avc: denied { listen } for pid=9904 comm="syz.6.1321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 202.365926][ T24] usb 6-1: selecting invalid altsetting 0 [ 202.392048][ T24] usbtest 6-1:220.1: probe with driver usbtest failed with error -22 [ 202.424231][ T24] usb 6-1: USB disconnect, device number 7 [ 202.704564][ T199] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.783116][ T9920] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 203.016178][ T199] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.255032][ T199] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.423356][ T199] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.524797][ T9936] ALSA: seq fatal error: cannot create timer (-22) [ 203.602911][ T9935] overlay: filesystem on ./bus not supported as upperdir [ 203.735554][ T199] bridge_slave_1: left allmulticast mode [ 203.772527][ T199] bridge_slave_1: left promiscuous mode [ 203.779993][ T199] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.859302][ T199] bridge_slave_0: left allmulticast mode [ 203.866814][ T199] bridge_slave_0: left promiscuous mode [ 203.877645][ T199] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.987724][ T5138] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 203.997381][ T5138] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 204.007668][ T5138] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 204.024418][ T5138] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 204.034098][ T5138] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 204.132115][ T5820] Bluetooth: hci1: unexpected event 0x03 length: 26 > 11 [ 204.330259][ T9966] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 204.374827][ T199] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 204.389909][ T199] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 204.400490][ T199] bond0 (unregistering): Released all slaves [ 204.435927][ T9968] SELinux: failed to load policy [ 204.979486][ T9993] syz_tun: left promiscuous mode [ 205.032047][ T9993] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 205.079648][ T30] audit: type=1400 audit(1748806210.633:1986): avc: denied { set_context_mgr } for pid=9996 comm="syz.6.1354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 205.104333][ T9997] binder: binder_mmap: 9996 200000ffa000-200000ffe000 bad vm_flags failed -1 [ 205.146044][ T199] hsr_slave_0: left promiscuous mode [ 205.161368][ T199] hsr_slave_1: left promiscuous mode [ 205.172403][ T199] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 205.190781][ T30] audit: type=1400 audit(1748806210.663:1987): avc: denied { map } for pid=9996 comm="syz.6.1354" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 205.217157][ T199] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 205.225504][ T30] audit: type=1400 audit(1748806210.793:1988): avc: denied { mount } for pid=9998 comm="syz.3.1356" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 205.248053][ T199] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 205.259296][ T199] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 205.282751][ T199] veth1_macvtap: left promiscuous mode [ 205.288782][ T199] veth0_macvtap: left promiscuous mode [ 205.299747][ T199] veth1_vlan: left promiscuous mode [ 205.308802][ T199] veth0_vlan: left promiscuous mode [ 205.501709][ T5821] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 205.670363][ T5821] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 205.689998][ T5821] usb 1-1: config 0 interface 0 has no altsetting 0 [ 205.702501][ T5821] usb 1-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 205.715061][ T5821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.725431][ T5821] usb 1-1: config 0 descriptor?? [ 205.731061][T10006] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 205.840655][ T199] team0 (unregistering): Port device team_slave_1 removed [ 205.874783][ T199] team0 (unregistering): Port device team_slave_0 removed [ 206.141986][ T5820] Bluetooth: hci4: command tx timeout [ 206.186059][ T5821] uclogic 0003:5543:0042.0014: item fetching failed at offset 0/3 [ 206.196608][ T5821] uclogic 0003:5543:0042.0014: parse failed [ 206.214922][ T5821] uclogic 0003:5543:0042.0014: probe with driver uclogic failed with error -22 [ 206.260520][T10014] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1361'. [ 206.272005][T10014] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1361'. [ 206.281148][T10014] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1361'. [ 206.297439][T10014] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1361'. [ 206.407412][ T5864] usb 1-1: USB disconnect, device number 17 [ 206.470258][ T9955] chnl_net:caif_netlink_parms(): no params data found [ 206.589908][ T9955] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.591759][ T5898] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 206.598942][ T9955] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.612737][ T9955] bridge_slave_0: entered allmulticast mode [ 206.619439][ T9955] bridge_slave_0: entered promiscuous mode [ 206.630900][ T9955] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.638237][ T9955] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.648523][ T9955] bridge_slave_1: entered allmulticast mode [ 206.660201][ T9955] bridge_slave_1: entered promiscuous mode [ 206.714761][ T9955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.728962][ T9955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.761686][ T5898] usb 7-1: Using ep0 maxpacket: 32 [ 206.768408][ T5898] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 206.809376][ T5898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.820572][ T5898] usb 7-1: config 0 descriptor?? [ 206.837423][ T9955] team0: Port device team_slave_0 added [ 206.847298][ T9955] team0: Port device team_slave_1 added [ 206.904503][ T9955] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 206.921636][ T9955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.960166][ T9955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 206.978650][ T9955] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 206.985764][ T9955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.056025][ T9955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.255586][ T5898] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 207.271840][ T30] audit: type=1400 audit(1748806212.803:1989): avc: denied { write } for pid=10050 comm="syz.0.1375" name="vlan0" dev="proc" ino=4026533839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 207.306618][ T5898] usb 7-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 207.330240][ T5898] usb 7-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 207.353042][ T30] audit: type=1400 audit(1748806212.813:1990): avc: denied { ioctl } for pid=10050 comm="syz.0.1375" path="socket:[31489]" dev="sockfs" ino=31489 ioctlcmd=0x8923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 207.394081][ T9955] hsr_slave_0: entered promiscuous mode [ 207.394607][ T30] audit: type=1400 audit(1748806212.883:1991): avc: denied { map } for pid=10050 comm="syz.0.1375" path="/proc/767/net/vlan/vlan0" dev="proc" ino=4026533839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 207.412417][ T9955] hsr_slave_1: entered promiscuous mode [ 207.430541][ T30] audit: type=1400 audit(1748806212.883:1992): avc: denied { execute } for pid=10050 comm="syz.0.1375" path="/proc/767/net/vlan/vlan0" dev="proc" ino=4026533839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 207.438931][ T9955] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 207.464306][ T30] audit: type=1400 audit(1748806212.883:1993): avc: denied { firmware_load } for pid=5898 comm="kworker/0:6" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 207.485242][ T9955] Cannot create hsr debugfs directory [ 207.497198][T10051] @: renamed from vlan0 (while UP) [ 207.516569][ T199] bridge_slave_1: left allmulticast mode [ 207.522585][ T199] bridge_slave_1: left promiscuous mode [ 207.528437][ T199] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.556561][ T199] bridge_slave_0: left allmulticast mode [ 207.567673][ T199] bridge_slave_0: left promiscuous mode [ 207.582275][ T199] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.589054][T10059] netlink: 788 bytes leftover after parsing attributes in process `syz.5.1377'. [ 207.847043][ T199] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 207.865655][ T199] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.885767][ T199] bond0 (unregistering): Released all slaves [ 207.964190][ T199] tipc: Left network mode [ 208.214836][ T5820] Bluetooth: hci4: command tx timeout [ 208.277862][ T199] hsr_slave_0: left promiscuous mode [ 208.285769][ T199] hsr_slave_1: left promiscuous mode [ 208.291386][ T199] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 208.299576][ T199] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.307768][ T199] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.320702][ T199] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.345695][ T199] veth1_macvtap: left promiscuous mode [ 208.349107][T10081] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1383'. [ 208.351314][ T199] veth0_macvtap: left promiscuous mode [ 208.365959][ T199] veth1_vlan: left promiscuous mode [ 208.373341][ T199] veth0_vlan: left promiscuous mode [ 208.753105][ T199] team0 (unregistering): Port device team_slave_1 removed [ 208.787486][ T199] team0 (unregistering): Port device team_slave_0 removed [ 209.203791][T10098] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1390'. [ 209.317718][ T30] audit: type=1400 audit(1748806214.863:1994): avc: denied { setattr } for pid=10099 comm="syz.0.1391" name="vcsa" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1 [ 209.487062][ T30] audit: type=1400 audit(1748806215.043:1995): avc: denied { mount } for pid=10107 comm="syz.5.1395" name="/" dev="hugetlbfs" ino=32462 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 209.535550][ T30] audit: type=1400 audit(1748806215.093:1996): avc: denied { unmount } for pid=8093 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 209.599684][ T9955] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 209.620750][ T9955] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 209.640862][ T9955] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 209.664725][ T9955] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 209.834926][ T9955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.870520][ T9955] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.897189][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.904351][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.945949][ T199] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.953147][ T199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.050215][T10125] [ 210.052576][T10125] ===================================================== [ 210.059504][T10125] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 210.066938][T10125] 6.15.0-syzkaller-10815-gbb1556ec9464 #0 Not tainted [ 210.073675][T10125] ----------------------------------------------------- [ 210.080582][T10125] syz.0.1404/10125 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 210.088280][T10125] ffffffff8e20c098 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0xed/0xc80 [ 210.096885][T10125] [ 210.096885][T10125] and this task is already holding: [ 210.104225][T10125] ffff8880284432a0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80 [ 210.112908][T10125] which would create a new lock dependency: [ 210.118770][T10125] (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3} [ 210.126321][T10125] [ 210.126321][T10125] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 210.135744][T10125] (&dev->event_lock#2){..-.}-{3:3} [ 210.135769][T10125] [ 210.135769][T10125] ... which became SOFTIRQ-irq-safe at: [ 210.148616][T10125] lock_acquire+0x179/0x350 [ 210.153196][T10125] _raw_spin_lock_irqsave+0x3a/0x60 [ 210.158464][T10125] input_inject_event+0x9f/0x390 [ 210.163469][T10125] led_set_brightness+0x214/0x290 [ 210.168563][T10125] led_trigger_event+0xda/0x270 [ 210.173490][T10125] kbd_bh+0x21b/0x300 [ 210.177560][T10125] tasklet_action_common+0x281/0x400 [ 210.182931][T10125] handle_softirqs+0x219/0x8e0 [ 210.187790][T10125] run_ksoftirqd+0x3a/0x60 [ 210.192278][T10125] smpboot_thread_fn+0x3f7/0xae0 [ 210.197299][T10125] kthread+0x3c5/0x780 [ 210.201446][T10125] ret_from_fork+0x5d7/0x6f0 [ 210.206110][T10125] ret_from_fork_asm+0x1a/0x30 [ 210.210943][T10125] [ 210.210943][T10125] to a SOFTIRQ-irq-unsafe lock: [ 210.217941][T10125] (tasklist_lock){.+.+}-{3:3} [ 210.217965][T10125] [ 210.217965][T10125] ... which became SOFTIRQ-irq-unsafe at: [ 210.230559][T10125] ... [ 210.230565][T10125] lock_acquire+0x179/0x350 [ 210.237703][T10125] _raw_read_lock+0x5f/0x70 [ 210.242281][T10125] __do_wait+0x105/0x890 [ 210.246595][T10125] do_wait+0x21e/0x5a0 [ 210.250734][T10125] kernel_wait+0x9f/0x160 [ 210.255133][T10125] call_usermodehelper_exec_work+0xf1/0x170 [ 210.261097][T10125] process_one_work+0x9cf/0x1b70 [ 210.266111][T10125] worker_thread+0x6c8/0xf10 [ 210.270771][T10125] kthread+0x3c5/0x780 [ 210.274910][T10125] ret_from_fork+0x5d7/0x6f0 [ 210.279573][T10125] ret_from_fork_asm+0x1a/0x30 [ 210.284402][T10125] [ 210.284402][T10125] other info that might help us debug this: [ 210.284402][T10125] [ 210.294612][T10125] Chain exists of: [ 210.294612][T10125] &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock [ 210.294612][T10125] [ 210.307721][T10125] Possible interrupt unsafe locking scenario: [ 210.307721][T10125] [ 210.316024][T10125] CPU0 CPU1 [ 210.321365][T10125] ---- ---- [ 210.326705][T10125] lock(tasklist_lock); [ 210.330960][T10125] local_irq_disable(); [ 210.337688][T10125] lock(&dev->event_lock#2); [ 210.345479][T10125] lock(&f_owner->lock); [ 210.352304][T10125] [ 210.355741][T10125] lock(&dev->event_lock#2); [ 210.360577][T10125] [ 210.360577][T10125] *** DEADLOCK *** [ 210.360577][T10125] [ 210.368698][T10125] 2 locks held by syz.0.1404/10125: [ 210.373870][T10125] #0: ffff888079a3e9c0 (&u->lock){+.+.}-{3:3}, at: unix_stream_sendmsg+0xc7b/0x11d0 [ 210.383343][T10125] #1: ffff8880284432a0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80 [ 210.393592][T10125] [ 210.393592][T10125] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 210.403970][T10125] -> (&dev->event_lock#2){..-.}-{3:3} { [ 210.409784][T10125] IN-SOFTIRQ-W at: [ 210.414002][T10125] lock_acquire+0x179/0x350 [ 210.420662][T10125] _raw_spin_lock_irqsave+0x3a/0x60 [ 210.428009][T10125] input_inject_event+0x9f/0x390 [ 210.435103][T10125] led_set_brightness+0x214/0x290 [ 210.442376][T10125] led_trigger_event+0xda/0x270 [ 210.449381][T10125] kbd_bh+0x21b/0x300 [ 210.455524][T10125] tasklet_action_common+0x281/0x400 [ 210.462959][T10125] handle_softirqs+0x219/0x8e0 [ 210.469881][T10125] run_ksoftirqd+0x3a/0x60 [ 210.476447][T10125] smpboot_thread_fn+0x3f7/0xae0 [ 210.483553][T10125] kthread+0x3c5/0x780 [ 210.489776][T10125] ret_from_fork+0x5d7/0x6f0 [ 210.496519][T10125] ret_from_fork_asm+0x1a/0x30 [ 210.503435][T10125] INITIAL USE at: [ 210.507566][T10125] lock_acquire+0x179/0x350 [ 210.514136][T10125] _raw_spin_lock_irqsave+0x3a/0x60 [ 210.521398][T10125] input_inject_event+0x9f/0x390 [ 210.528419][T10125] led_set_brightness+0x214/0x290 [ 210.535513][T10125] kbd_led_trigger_activate+0xcb/0x110 [ 210.543042][T10125] led_trigger_set+0x597/0xc50 [ 210.549871][T10125] led_trigger_set_default+0x1bd/0x2a0 [ 210.557398][T10125] led_classdev_register_ext+0x7b8/0xa10 [ 210.565102][T10125] input_leds_connect+0x552/0x8e0 [ 210.572188][T10125] input_attach_handler.isra.0+0x184/0x260 [ 210.580057][T10125] input_register_device+0xa84/0x1130 [ 210.587504][T10125] atkbd_connect+0x5da/0xa20 [ 210.594160][T10125] serio_driver_probe+0x77/0xb0 [ 210.601085][T10125] really_probe+0x23e/0xa90 [ 210.607743][T10125] __driver_probe_device+0x1de/0x440 [ 210.615100][T10125] driver_probe_device+0x4c/0x1b0 [ 210.622295][T10125] __driver_attach+0x283/0x580 [ 210.629561][T10125] bus_for_each_dev+0x13b/0x1d0 [ 210.636485][T10125] serio_handle_event+0x247/0xa50 [ 210.643572][T10125] process_one_work+0x9cf/0x1b70 [ 210.650592][T10125] worker_thread+0x6c8/0xf10 [ 210.657266][T10125] kthread+0x3c5/0x780 [ 210.663417][T10125] ret_from_fork+0x5d7/0x6f0 [ 210.670092][T10125] ret_from_fork_asm+0x1a/0x30 [ 210.676925][T10125] } [ 210.679675][T10125] ... key at: [] __key.7+0x0/0x40 [ 210.687034][T10125] -> (&client->buffer_lock){....}-{3:3} { [ 210.692921][T10125] INITIAL USE at: [ 210.696965][T10125] lock_acquire+0x179/0x350 [ 210.703362][T10125] _raw_spin_lock+0x2e/0x40 [ 210.709754][T10125] evdev_pass_values+0x10e/0x9b0 [ 210.716581][T10125] evdev_events+0x1bb/0x390 [ 210.722974][T10125] input_pass_values+0x6c7/0x890 [ 210.729804][T10125] input_handle_event+0xf00/0x14d0 [ 210.736805][T10125] input_inject_event+0x1cd/0x390 [ 210.743720][T10125] evdev_write+0x457/0x750 [ 210.750036][T10125] vfs_write+0x29d/0x1150 [ 210.756255][T10125] ksys_write+0x1f8/0x250 [ 210.762473][T10125] do_syscall_64+0xcd/0x4c0 [ 210.768868][T10125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.776648][T10125] } [ 210.779298][T10125] ... key at: [] __key.1+0x0/0x40 [ 210.786569][T10125] ... acquired at: [ 210.790520][T10125] _raw_spin_lock+0x2e/0x40 [ 210.795174][T10125] evdev_pass_values+0x10e/0x9b0 [ 210.800267][T10125] evdev_events+0x1bb/0x390 [ 210.804921][T10125] input_pass_values+0x6c7/0x890 [ 210.810022][T10125] input_handle_event+0xf00/0x14d0 [ 210.815286][T10125] input_inject_event+0x1cd/0x390 [ 210.820463][T10125] evdev_write+0x457/0x750 [ 210.825043][T10125] vfs_write+0x29d/0x1150 [ 210.829526][T10125] ksys_write+0x1f8/0x250 [ 210.834008][T10125] do_syscall_64+0xcd/0x4c0 [ 210.838668][T10125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.844712][T10125] [ 210.847013][T10125] -> (&new->fa_lock){....}-{3:3} { [ 210.852204][T10125] INITIAL USE at: [ 210.856165][T10125] lock_acquire+0x179/0x350 [ 210.862390][T10125] _raw_write_lock_irq+0x36/0x50 [ 210.869058][T10125] fasync_remove_entry+0xb2/0x1e0 [ 210.875802][T10125] fasync_helper+0xaf/0xd0 [ 210.881953][T10125] lease_modify+0x232/0x500 [ 210.888187][T10125] locks_remove_file+0x29e/0x5c0 [ 210.894849][T10125] __fput+0x351/0xb70 [ 210.900563][T10125] task_work_run+0x14d/0x240 [ 210.906875][T10125] exit_to_user_mode_loop+0xeb/0x110 [ 210.913883][T10125] do_syscall_64+0x3f6/0x4c0 [ 210.920193][T10125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.927807][T10125] INITIAL READ USE at: [ 210.932203][T10125] lock_acquire+0x179/0x350 [ 210.938876][T10125] _raw_read_lock_irqsave+0x74/0x90 [ 210.946229][T10125] kill_fasync+0x138/0x510 [ 210.952802][T10125] lease_break_callback+0x23/0x30 [ 210.959982][T10125] __break_lease+0x671/0x1810 [ 210.966810][T10125] do_dentry_open+0x6e1/0x1c10 [ 210.973725][T10125] vfs_open+0x82/0x3f0 [ 210.979947][T10125] path_openat+0x1de4/0x2cb0 [ 210.986687][T10125] do_filp_open+0x20b/0x470 [ 210.993862][T10125] do_sys_openat2+0x11b/0x1d0 [ 211.000694][T10125] __x64_sys_open+0x153/0x1e0 [ 211.007529][T10125] do_syscall_64+0xcd/0x4c0 [ 211.014198][T10125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.022256][T10125] } [ 211.024824][T10125] ... key at: [] __key.0+0x0/0x40 [ 211.032014][T10125] ... acquired at: [ 211.035885][T10125] _raw_read_lock_irqsave+0x74/0x90 [ 211.041245][T10125] kill_fasync+0x138/0x510 [ 211.045822][T10125] evdev_pass_values+0x619/0x9b0 [ 211.050916][T10125] evdev_events+0x1bb/0x390 [ 211.055573][T10125] input_pass_values+0x6c7/0x890 [ 211.060687][T10125] input_handle_event+0xf00/0x14d0 [ 211.065951][T10125] input_inject_event+0x1cd/0x390 [ 211.071130][T10125] evdev_write+0x457/0x750 [ 211.075705][T10125] vfs_write+0x29d/0x1150 [ 211.080190][T10125] ksys_write+0x1f8/0x250 [ 211.084672][T10125] do_syscall_64+0xcd/0x4c0 [ 211.089334][T10125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.095383][T10125] [ 211.097686][T10125] -> (&f_owner->lock){....}-{3:3} { [ 211.102880][T10125] INITIAL USE at: [ 211.106751][T10125] lock_acquire+0x179/0x350 [ 211.112802][T10125] _raw_write_lock_irq+0x36/0x50 [ 211.119285][T10125] __f_setown+0x61/0x3c0 [ 211.125075][T10125] generic_setlease+0xeef/0x1300 [ 211.131557][T10125] kernel_setlease+0x106/0x140 [ 211.137861][T10125] vfs_setlease+0x258/0x2d0 [ 211.143907][T10125] fcntl_setlease+0x3ed/0x5a0 [ 211.150126][T10125] do_fcntl+0x751/0x15a0 [ 211.155919][T10125] __x64_sys_fcntl+0x163/0x200 [ 211.162231][T10125] do_syscall_64+0xcd/0x4c0 [ 211.168284][T10125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.175718][T10125] INITIAL READ USE at: [ 211.180027][T10125] lock_acquire+0x179/0x350 [ 211.186511][T10125] _raw_read_lock_irqsave+0x74/0x90 [ 211.193690][T10125] send_sigio+0x31/0x3e0 [ 211.199912][T10125] kill_fasync+0x214/0x510 [ 211.206326][T10125] lease_break_callback+0x23/0x30 [ 211.213349][T10125] __break_lease+0x671/0x1810 [ 211.220008][T10125] do_dentry_open+0x6e1/0x1c10 [ 211.226751][T10125] vfs_open+0x82/0x3f0 [ 211.232803][T10125] path_openat+0x1de4/0x2cb0 [ 211.239371][T10125] do_filp_open+0x20b/0x470 [ 211.245851][T10125] do_sys_openat2+0x11b/0x1d0 [ 211.252946][T10125] __x64_sys_open+0x153/0x1e0 [ 211.259611][T10125] do_syscall_64+0xcd/0x4c0 [ 211.266099][T10125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.273969][T10125] } [ 211.276444][T10125] ... key at: [] __key.1+0x0/0x40 [ 211.283538][T10125] ... acquired at: [ 211.287315][T10125] _raw_read_lock_irqsave+0x74/0x90 [ 211.292666][T10125] send_sigio+0x31/0x3e0 [ 211.297066][T10125] kill_fasync+0x214/0x510 [ 211.301639][T10125] lease_break_callback+0x23/0x30 [ 211.306821][T10125] __break_lease+0x671/0x1810 [ 211.311652][T10125] do_dentry_open+0x6e1/0x1c10 [ 211.316567][T10125] vfs_open+0x82/0x3f0 [ 211.320807][T10125] path_openat+0x1de4/0x2cb0 [ 211.325548][T10125] do_filp_open+0x20b/0x470 [ 211.330204][T10125] do_sys_openat2+0x11b/0x1d0 [ 211.335035][T10125] __x64_sys_open+0x153/0x1e0 [ 211.339869][T10125] do_syscall_64+0xcd/0x4c0 [ 211.344526][T10125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.350570][T10125] [ 211.352870][T10125] [ 211.352870][T10125] the dependencies between the lock to be acquired [ 211.352878][T10125] and SOFTIRQ-irq-unsafe lock: [ 211.366348][T10125] -> (tasklist_lock){.+.+}-{3:3} { [ 211.371454][T10125] HARDIRQ-ON-R at: [ 211.375411][T10125] lock_acquire+0x179/0x350 [ 211.381546][T10125] _raw_read_lock+0x5f/0x70 [ 211.387677][T10125] __do_wait+0x105/0x890 [ 211.393550][T10125] do_wait+0x21e/0x5a0 [ 211.399261][T10125] kernel_wait+0x9f/0x160 [ 211.405223][T10125] call_usermodehelper_exec_work+0xf1/0x170 [ 211.412751][T10125] process_one_work+0x9cf/0x1b70 [ 211.419330][T10125] worker_thread+0x6c8/0xf10 [ 211.425554][T10125] kthread+0x3c5/0x780 [ 211.431253][T10125] ret_from_fork+0x5d7/0x6f0 [ 211.437473][T10125] ret_from_fork_asm+0x1a/0x30 [ 211.443865][T10125] SOFTIRQ-ON-R at: [ 211.447824][T10125] lock_acquire+0x179/0x350 [ 211.453958][T10125] _raw_read_lock+0x5f/0x70 [ 211.460092][T10125] __do_wait+0x105/0x890 [ 211.465965][T10125] do_wait+0x21e/0x5a0 [ 211.471671][T10125] kernel_wait+0x9f/0x160 [ 211.477631][T10125] call_usermodehelper_exec_work+0xf1/0x170 [ 211.485162][T10125] process_one_work+0x9cf/0x1b70 [ 211.491733][T10125] worker_thread+0x6c8/0xf10 [ 211.497956][T10125] kthread+0x3c5/0x780 [ 211.503658][T10125] ret_from_fork+0x5d7/0x6f0 [ 211.510140][T10125] ret_from_fork_asm+0x1a/0x30 [ 211.516550][T10125] INITIAL USE at: [ 211.520681][T10125] lock_acquire+0x179/0x350 [ 211.526728][T10125] _raw_write_lock_irq+0x36/0x50 [ 211.533211][T10125] copy_process+0x4caf/0x76a0 [ 211.539427][T10125] kernel_clone+0xfc/0x960 [ 211.545384][T10125] user_mode_thread+0xc7/0x110 [ 211.551691][T10125] rest_init+0x23/0x2b0 [ 211.557394][T10125] start_kernel+0x3ee/0x4d0 [ 211.563446][T10125] x86_64_start_reservations+0x18/0x30 [ 211.570451][T10125] x86_64_start_kernel+0x130/0x190 [ 211.577113][T10125] common_startup_64+0x13e/0x148 [ 211.583602][T10125] INITIAL READ USE at: [ 211.587906][T10125] lock_acquire+0x179/0x350 [ 211.594390][T10125] _raw_read_lock+0x5f/0x70 [ 211.600878][T10125] __do_wait+0x105/0x890 [ 211.607100][T10125] do_wait+0x21e/0x5a0 [ 211.613162][T10125] kernel_wait+0x9f/0x160 [ 211.619471][T10125] call_usermodehelper_exec_work+0xf1/0x170 [ 211.627347][T10125] process_one_work+0x9cf/0x1b70 [ 211.634268][T10125] worker_thread+0x6c8/0xf10 [ 211.640848][T10125] kthread+0x3c5/0x780 [ 211.646916][T10125] ret_from_fork+0x5d7/0x6f0 [ 211.653503][T10125] ret_from_fork_asm+0x1a/0x30 [ 211.660241][T10125] } [ 211.662718][T10125] ... key at: [] tasklist_lock+0x18/0x40 [ 211.670698][T10125] ... acquired at: [ 211.674476][T10125] lock_acquire+0x179/0x350 [ 211.679136][T10125] _raw_read_lock+0x5f/0x70 [ 211.683812][T10125] send_sigurg+0xed/0xc80 [ 211.688300][T10125] sk_send_sigurg+0x76/0x360 [ 211.693047][T10125] unix_stream_sendmsg+0xeb3/0x11d0 [ 211.698430][T10125] ____sys_sendmsg+0xa98/0xc70 [ 211.703353][T10125] ___sys_sendmsg+0x134/0x1d0 [ 211.708191][T10125] __sys_sendmmsg+0x200/0x420 [ 211.713029][T10125] __x64_sys_sendmmsg+0x9c/0x100 [ 211.718120][T10125] do_syscall_64+0xcd/0x4c0 [ 211.722791][T10125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.728836][T10125] [ 211.731141][T10125] [ 211.731141][T10125] stack backtrace: [ 211.737011][T10125] CPU: 0 UID: 0 PID: 10125 Comm: syz.0.1404 Not tainted 6.15.0-syzkaller-10815-gbb1556ec9464 #0 PREEMPT(full) [ 211.737029][T10125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.737038][T10125] Call Trace: [ 211.737043][T10125] [ 211.737049][T10125] dump_stack_lvl+0x116/0x1f0 [ 211.737067][T10125] check_irq_usage+0x7dc/0x920 [ 211.737088][T10125] ? check_path.constprop.0+0x24/0x50 [ 211.737106][T10125] ? __lock_acquire+0x1285/0x1c90 [ 211.737122][T10125] __lock_acquire+0x1285/0x1c90 [ 211.737139][T10125] ? find_held_lock+0x2b/0x80 [ 211.737158][T10125] lock_acquire+0x179/0x350 [ 211.737174][T10125] ? send_sigurg+0xed/0xc80 [ 211.737196][T10125] _raw_read_lock+0x5f/0x70 [ 211.737210][T10125] ? send_sigurg+0xed/0xc80 [ 211.737228][T10125] send_sigurg+0xed/0xc80 [ 211.737246][T10125] ? find_held_lock+0x2b/0x80 [ 211.737260][T10125] sk_send_sigurg+0x76/0x360 [ 211.737275][T10125] unix_stream_sendmsg+0xeb3/0x11d0 [ 211.737293][T10125] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 211.737317][T10125] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 211.737336][T10125] ____sys_sendmsg+0xa98/0xc70 [ 211.737357][T10125] ? copy_msghdr_from_user+0x10a/0x160 [ 211.737373][T10125] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.737394][T10125] ? find_held_lock+0x2b/0x80 [ 211.737407][T10125] ? futex_unqueue+0x133/0x2c0 [ 211.737424][T10125] ___sys_sendmsg+0x134/0x1d0 [ 211.737441][T10125] ? __pfx____sys_sendmsg+0x10/0x10 [ 211.737462][T10125] ? find_held_lock+0x2b/0x80 [ 211.737479][T10125] __sys_sendmmsg+0x200/0x420 [ 211.737497][T10125] ? __pfx___sys_sendmmsg+0x10/0x10 [ 211.737515][T10125] ? __pfx_do_futex+0x10/0x10 [ 211.737536][T10125] ? xfd_validate_state+0x61/0x180 [ 211.737554][T10125] __x64_sys_sendmmsg+0x9c/0x100 [ 211.737570][T10125] ? lockdep_hardirqs_on+0x7c/0x110 [ 211.737587][T10125] do_syscall_64+0xcd/0x4c0 [ 211.737605][T10125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.737618][T10125] RIP: 0033:0x7fcf1a38e969 [ 211.737630][T10125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.737643][T10125] RSP: 002b:00007fcf1b1dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 211.737656][T10125] RAX: ffffffffffffffda RBX: 00007fcf1a5b5fa0 RCX: 00007fcf1a38e969 [ 211.737665][T10125] RDX: 0000000000000001 RSI: 0000200000006c40 RDI: 0000000000000003 [ 211.737674][T10125] RBP: 00007fcf1a410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 211.737682][T10125] R10: 0000000000040015 R11: 0000000000000246 R12: 0000000000000000 [ 211.737690][T10125] R13: 0000000000000000 R14: 00007fcf1a5b5fa0 R15: 00007ffee53ddb48 [ 211.737703][T10125] [ 211.737720][ C0] vkms_vblank_simulate: vblank timer overrun SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 212.004293][ C0] vkms_vblank_simulate: vblank timer overrun [ 212.065259][ T5820] Bluetooth: hci4: command tx timeout [ 212.428195][T10124] bond0: (slave syz_tun): Releasing backup interface [ 212.509587][ T64] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 212.520890][ T64] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.651706][ T64] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 212.671633][ T64] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.753972][ T64] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 212.764303][ T64] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.844097][ T64] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 212.854719][ T64] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.903859][ T64] bridge_slave_1: left allmulticast mode [ 212.909508][ T64] bridge_slave_1: left promiscuous mode [ 212.915432][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.923644][ T64] bridge_slave_0: left allmulticast mode [ 212.929287][ T64] bridge_slave_0: left promiscuous mode [ 212.935016][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.006734][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.018056][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.028124][ T64] bond0 (unregistering): Released all slaves [ 213.236651][ T64] hsr_slave_0: left promiscuous mode [ 213.242527][ T64] hsr_slave_1: left promiscuous mode [ 213.248052][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.255610][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.263087][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.270467][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 213.279587][ T64] veth1_macvtap: left promiscuous mode [ 213.286075][ T64] veth0_macvtap: left promiscuous mode [ 213.291618][ T64] veth1_vlan: left promiscuous mode [ 213.296822][ T64] veth0_vlan: left promiscuous mode [ 213.376102][ T64] team0 (unregistering): Port device team_slave_1 removed [ 213.393633][ T64] team0 (unregistering): Port device team_slave_0 removed [ 213.624807][ T64] IPVS: stop unused estimator thread 0... [ 214.116560][ T64] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.165543][ T64] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.205208][ T64] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.266420][ T64] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.318751][ T64] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.375285][ T64] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.425552][ T64] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.465921][ T64] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.538696][ T64] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 214.549888][ T64] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.616589][ T64] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 214.627269][ T64] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.666141][ T64] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 214.676869][ T64] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.716566][ T64] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 214.726893][ T64] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.816623][ T64] bridge_slave_1: left allmulticast mode [ 214.822477][ T64] bridge_slave_1: left promiscuous mode [ 214.828121][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.836007][ T64] bridge_slave_0: left allmulticast mode [ 214.841781][ T64] bridge_slave_0: left promiscuous mode [ 214.847382][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.855608][ T64] bridge_slave_1: left allmulticast mode [ 214.861226][ T64] bridge_slave_1: left promiscuous mode [ 214.867214][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.875071][ T64] bridge_slave_0: left allmulticast mode [ 214.880689][ T64] bridge_slave_0: left promiscuous mode [ 214.886501][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.894958][ T64] bridge_slave_1: left allmulticast mode [ 214.900582][ T64] bridge_slave_1: left promiscuous mode [ 214.906356][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.914316][ T64] bridge_slave_0: left allmulticast mode [ 214.919958][ T64] bridge_slave_0: left promiscuous mode [ 214.925800][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.934821][ T64] bridge_slave_1: left allmulticast mode [ 214.940456][ T64] bridge_slave_1: left promiscuous mode [ 214.946740][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.954529][ T64] bridge_slave_0: left allmulticast mode [ 214.960145][ T64] bridge_slave_0: left promiscuous mode [ 214.965956][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.056642][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.066226][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.076611][ T64] bond0 (unregistering): Released all slaves [ 215.136401][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.145737][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.155212][ T64] bond0 (unregistering): Released all slaves [ 215.198790][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.208134][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.220017][ T64] bond0 (unregistering): Released all slaves [ 215.298441][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.308260][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.317524][ T64] bond0 (unregistering): Released all slaves [ 215.423148][ T64] IPVS: stopping master sync thread 8690 ... [ 215.802337][ T64] hsr_slave_0: left promiscuous mode [ 215.808143][ T64] hsr_slave_1: left promiscuous mode [ 215.814154][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 215.821506][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 215.830576][ T64] hsr_slave_0: left promiscuous mode [ 215.837145][ T64] hsr_slave_1: left promiscuous mode [ 215.844545][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 215.852423][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 215.859865][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 215.867311][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 215.876054][ T64] hsr_slave_0: left promiscuous mode [ 215.881664][ T64] hsr_slave_1: left promiscuous mode [ 215.887110][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 215.894764][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 215.902350][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 215.909720][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 215.918560][ T64] hsr_slave_0: left promiscuous mode [ 215.924557][ T64] hsr_slave_1: left promiscuous mode [ 215.930030][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 215.937522][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 215.945002][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 215.952828][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 215.965407][ T64] veth1_macvtap: left promiscuous mode [ 215.970871][ T64] veth0_macvtap: left promiscuous mode [ 215.976390][ T64] veth1_vlan: left promiscuous mode [ 215.981663][ T64] veth0_vlan: left promiscuous mode [ 215.987309][ T64] veth1_macvtap: left promiscuous mode [ 215.993018][ T64] veth0_macvtap: left promiscuous mode [ 215.998514][ T64] veth1_vlan: left promiscuous mode [ 216.003844][ T64] veth0_vlan: left promiscuous mode [ 216.009500][ T64] veth1_macvtap: left promiscuous mode [ 216.015126][ T64] veth0_macvtap: left promiscuous mode [ 216.020635][ T64] veth1_vlan: left promiscuous mode [ 216.025906][ T64] veth0_vlan: left promiscuous mode [ 216.152957][ T64] team0 (unregistering): Port device team_slave_1 removed [ 216.169913][ T64] team0 (unregistering): Port device team_slave_0 removed [ 216.304158][ T64] team0 (unregistering): Port device team_slave_1 removed [ 216.317250][ T64] team0 (unregistering): Port device team_slave_0 removed [ 216.430046][ T64] team0 (unregistering): Port device team_slave_1 removed [ 216.448717][ T64] team0 (unregistering): Port device team_slave_0 removed [ 216.563616][ T64] team0 (unregistering): Port device team_slave_1 removed [ 216.579896][ T64] team0 (unregistering): Port device team_slave_0 removed [ 217.419086][ T64] IPVS: stop unused estimator thread 0... [ 217.426031][ T64] IPVS: stop unused estimator thread 0...