last executing test programs: 5m37.733995152s ago: executing program 1 (id=2211): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f00000000c0), 0x0, 0x4404c880) sendto$inet6(r0, &(0x7f0000000380)="194a5c1e130667b3c4cabcdaa6d7def77c80591b1d248c", 0x17, 0x20040004, 0x0, 0x0) 5m37.659042218s ago: executing program 1 (id=2214): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) sendfile(r0, r1, 0x0, 0x20000000000006) 5m37.504970373s ago: executing program 1 (id=2219): mount$afs(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000200), 0x4080, &(0x7f0000000240)={[{@flock_local}, {@dyn}]}) r0 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') pread64(r0, &(0x7f0000002240)=""/237, 0xed, 0x4eb) 5m37.405699586s ago: executing program 1 (id=2221): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 5m37.279207164s ago: executing program 1 (id=2228): bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r0}, 0x10) setitimer(0x2, 0x0, 0x0) 5m36.150627925s ago: executing program 1 (id=2241): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0, 0x0, 0xeffffffffffffffd}, 0x18) r1 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00'}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) 5m35.541108385s ago: executing program 32 (id=2241): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0, 0x0, 0xeffffffffffffffd}, 0x18) r1 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00'}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) 2m8.642882144s ago: executing program 3 (id=3651): open(&(0x7f00000000c0)='./file1\x00', 0x14927e, 0x6) mount$nfs(&(0x7f0000000200)='#\x00', &(0x7f0000000240)='./file1\x00', &(0x7f0000000280), 0x800800, &(0x7f0000000400)) 2m8.532295498s ago: executing program 3 (id=3655): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x68, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x4c, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x80}, @device_a, @device_a, @initial, {0xd, 0x8}}, 0x8000, 0x3, @device_a, {0x0, 0x6, @default_ap_ssid}, @val, @val={0x2d, 0x1a, {0x7692fe781df67fd4, 0x3, 0x2, 0x0, {0x8, 0x5, 0x0, 0x168, 0x0, 0x1}, 0x8, 0x315d}}}}]}, 0x68}, 0x1, 0x0, 0x0, 0xc0}, 0x8800) 2m8.422657664s ago: executing program 3 (id=3657): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x4400}, 0x0) 2m8.367299949s ago: executing program 3 (id=3659): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={0xffffffffffffffff, 0xfffffffffffffe2b, &(0x7f0000000180)}, 0x10) 2m7.2449763s ago: executing program 3 (id=3663): syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x8) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x10) 2m7.11601447s ago: executing program 3 (id=3665): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="050000a2651e42d8ec6c8911848f8a16492e2df0a0ba348a40b5dd909876c1e3a8b21e0b45c25c3f336cde8843e2c1cff81ee446e321453830e1d3a4c00f9a93e457993d9d3b5ce670eb9e09882c717f437817095a5e7d599ae3f1a5898e89fe30f3768a7f99ec9faa13ff69e1be6a9e0a133a0f0fb4428221c80d8e03708664d5ef8b117f570ecd2e20a4a9801451df55eb06b3dfdb41e2122910a8af2e6e017a4df953b443b57b18cbb805d7d0d4eb0de242c61254c8662bdabf4bd18ef77f3d5f19fa8e0f1be4cdb968374e3b14035f429a4891d6ec355b104b2b951d65056f65844f749b3bc85817be23308ba17b9cf7293aa030b7f4b9b0b96ab6e98ed9fbd89dc40fa2e4e02857ac0e7f2f3ce1a762b9a1967c02b0d4fc82dc274b4f528fdaa60724663485dc95521e6c2144e0d5005fa7248e5477b03087b16e85fea8f29e2f051730cb719c6a91abd7340561b0b6a3b50b33d7c654cf7e5620aa0ff0e2fb7e1d", @ANYRES32=0x1, @ANYBLOB="ff27070200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) socket$key(0xf, 0x3, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0, 0x0, 0x1000}, 0x18) syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r5}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x2000008, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x400c5}, 0x0) 1m52.011700687s ago: executing program 33 (id=3665): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="050000a2651e42d8ec6c8911848f8a16492e2df0a0ba348a40b5dd909876c1e3a8b21e0b45c25c3f336cde8843e2c1cff81ee446e321453830e1d3a4c00f9a93e457993d9d3b5ce670eb9e09882c717f437817095a5e7d599ae3f1a5898e89fe30f3768a7f99ec9faa13ff69e1be6a9e0a133a0f0fb4428221c80d8e03708664d5ef8b117f570ecd2e20a4a9801451df55eb06b3dfdb41e2122910a8af2e6e017a4df953b443b57b18cbb805d7d0d4eb0de242c61254c8662bdabf4bd18ef77f3d5f19fa8e0f1be4cdb968374e3b14035f429a4891d6ec355b104b2b951d65056f65844f749b3bc85817be23308ba17b9cf7293aa030b7f4b9b0b96ab6e98ed9fbd89dc40fa2e4e02857ac0e7f2f3ce1a762b9a1967c02b0d4fc82dc274b4f528fdaa60724663485dc95521e6c2144e0d5005fa7248e5477b03087b16e85fea8f29e2f051730cb719c6a91abd7340561b0b6a3b50b33d7c654cf7e5620aa0ff0e2fb7e1d", @ANYRES32=0x1, @ANYBLOB="ff27070200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) socket$key(0xf, 0x3, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0, 0x0, 0x1000}, 0x18) syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r5}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x2000008, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x400c5}, 0x0) 8.532569278s ago: executing program 4 (id=4670): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) r2 = socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getrusage(0x0, &(0x7f0000000340)) dup2(0xffffffffffffffff, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000f0200000000000000000000020100000000005f"], 0x0, 0x34}, 0x20) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x49, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r8, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 7.629200842s ago: executing program 6 (id=4676): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(0x0, r0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = fsopen(&(0x7f0000000200)='affs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:2', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r4, 0x0, 0x21, &(0x7f0000000040)=0x2, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000700)={0x28, r1, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_SECLEVEL={0x5, 0x2a, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x8800) 5.535751995s ago: executing program 6 (id=4684): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000140)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) r5 = accept4(r4, 0x0, 0x0, 0x80800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {0x0}, {&(0x7f00000003c0)="e8700e404d50a969ff", 0x9}], 0x3}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0xf0, &(0x7f00000001c0)=[{&(0x7f0000000280)=""/68, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2, 0x0, 0x44}, 0x0) 4.594058479s ago: executing program 2 (id=4686): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000080)={@private2={0xfc, 0x2, '\x00', 0x1}}, 0x14) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xb, &(0x7f0000000100)=0x400, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) symlink(0x0, &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="110000"], 0x48) socket$kcm(0x2c, 0x3, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) r7 = socket(0x1e, 0x1, 0x0) connect$tipc(r7, &(0x7f0000000000)=@id={0x1e, 0x3, 0x1, {0x4e22, 0x1}}, 0x10) write$binfmt_misc(r7, &(0x7f0000000340), 0x2000011a) setsockopt$TIPC_MCAST_REPLICAST(r7, 0x10f, 0x86) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001a000100000000000000000002202000001e00"], 0x24}}, 0x0) 4.580596577s ago: executing program 6 (id=4687): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0xa00, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) 4.326637968s ago: executing program 4 (id=4690): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) sendto(r0, &(0x7f0000000400)=']N', 0x2, 0x24000081, 0x0, 0x0) recvfrom(r0, &(0x7f0000000340)=""/166, 0xa6, 0x1001, 0x0, 0x0) 3.871495387s ago: executing program 4 (id=4692): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, 0x0, 0x0) sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x3f6e, 0x4) 3.623152867s ago: executing program 2 (id=4693): bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x8d8c}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10) 3.497106982s ago: executing program 2 (id=4694): socket$rxrpc(0x21, 0x2, 0xa) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) syz_open_dev$tty1(0xc, 0x4, 0x1) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000, 0x2, &(0x7f00008b5000/0x1000)=nil) unshare(0x6c000200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) unshare(0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/notes', 0xa4000, 0x81) mount_setattr(r0, 0x0, 0x1800, &(0x7f0000001dc0)={0x0, 0x0, 0x60000}, 0x20) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x4004455}, 0x80) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x61, &(0x7f0000000000)={'filter\x00', 0x4}, 0x68) 3.341896265s ago: executing program 4 (id=4695): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x804c044}, 0x881) r1 = dup(r0) write$FUSE_INIT(r1, &(0x7f00000001c0)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x1000000, 0x9a39, 0xfffb, 0xc0d, 0x400, 0x0, 0x0, 0x8, 0x6}}, 0x50) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0xffffff95, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) 3.277406346s ago: executing program 4 (id=4696): socket(0x840000000002, 0x3, 0xfa) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169b82, 0x189) socket$pppoe(0x18, 0x1, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb000000010902"], 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)) socket$kcm(0x2a, 0x2, 0x0) fsopen(&(0x7f00000007c0)='erofs\x00', 0x1) socket$kcm(0x2, 0x200000000000001, 0x106) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=0x0, &(0x7f00000005c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x4, 0x1cd83f7c25e05491, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100, 0x1, {0x3}}) io_uring_enter(r2, 0x47bc, 0x3, 0x0, 0x0, 0x0) 2.807457372s ago: executing program 0 (id=4701): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) r2 = socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getrusage(0x0, &(0x7f0000000340)) dup2(0xffffffffffffffff, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000f0200000000000000000000020100000000005f"], 0x0, 0x34}, 0x20) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x49, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 1.840350653s ago: executing program 0 (id=4704): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000340)=0x8, 0x4) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r3, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r2, 0x0, r0, 0x0, 0x20000000000002, 0x2) 1.601411894s ago: executing program 6 (id=4705): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x70f9a000) r1 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) dup2(r1, r0) r2 = syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=0x0, &(0x7f00000007c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r2, 0x4d10, 0x2, 0x2, 0x0, 0x0) 1.385863268s ago: executing program 2 (id=4706): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x804c044}, 0x881) r1 = dup(r0) write$FUSE_INIT(r1, &(0x7f00000001c0)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x1000000, 0x9a39, 0xfffb, 0xc0d, 0x400, 0x0, 0x0, 0x8, 0x6}}, 0x50) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0xffffff95, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) 1.252338568s ago: executing program 2 (id=4707): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f0000000400)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0xc0085504, &(0x7f0000000000)=0xffffd) pipe(&(0x7f0000000d00)={0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0x16) ioctl$TCSETSW2(r3, 0x402c542c, &(0x7f00000000c0)={0xffffffdb, 0x0, 0x4004, 0x2, 0x6, "0300920887e8d2b791f19dd026d76d7fcb0f0e", 0x4, 0x202}) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0xff) bpf$ENABLE_STATS(0x20, 0x0, 0x0) splice(r1, 0x0, r2, 0x0, 0x714f, 0x0) 1.179225003s ago: executing program 5 (id=4708): socket$packet(0x11, 0x3, 0x300) r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x38}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000000)="27050200d40f00000600002f8847", 0xe}], 0x1}, 0x0) 1.135673797s ago: executing program 6 (id=4709): ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000000)={0xc}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, 0x0) ioctl$IOMMU_TEST_OP_DESTROY_ACCESS_PAGES(0xffffffffffffffff, 0x3ba0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) fadvise64(0xffffffffffffffff, 0x9, 0x4, 0x2) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000000a0605000000000000000000010000050900020073797a30000000000500010007000000080009400000"], 0x44}, 0x1, 0x0, 0x0, 0x8040}, 0x44000) 1.135141164s ago: executing program 5 (id=4710): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100080200000018000066000000", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a80)=ANY=[@ANYBLOB="58010000", @ANYRES16=r3, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="0600cd000000000031013300000000000802110000010802110000005050505050505f00ffffffffffffff"], 0x158}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1.068612288s ago: executing program 6 (id=4711): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r4}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) 1.050719857s ago: executing program 5 (id=4712): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50) close(r0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x65) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2}, 0x94) 998.5315ms ago: executing program 5 (id=4713): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) sendto(r0, &(0x7f0000000400)=']N', 0x2, 0x24000081, 0x0, 0x0) recvfrom(r0, &(0x7f0000000340)=""/166, 0xa6, 0x1001, 0x0, 0x0) 916.595029ms ago: executing program 5 (id=4714): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) r2 = socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getrusage(0x0, &(0x7f0000000340)) dup2(0xffffffffffffffff, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000f0200000000000000000000020100000000005f"], 0x0, 0x34}, 0x20) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x49, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 840.909892ms ago: executing program 0 (id=4715): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f00000001c0)=0x1, 0x4) sendmmsg(r0, 0x0, 0x0, 0xf5) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x3f6e, 0x4) 798.096694ms ago: executing program 0 (id=4716): syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x1, 0x1, 0x413}}}, 0x7) socket(0x10, 0x803, 0x0) 717.314422ms ago: executing program 0 (id=4717): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x804c044}, 0x881) r1 = dup(r0) write$FUSE_INIT(r1, &(0x7f00000001c0)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x1000000, 0x9a39, 0xfffb, 0xc0d, 0x400, 0x0, 0x0, 0x8, 0x6}}, 0x50) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0xffffff95, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) 493.375329ms ago: executing program 0 (id=4718): r0 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$cgroup_int(r0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ptrace$ARCH_SHSTK_LOCK(0x1e, r2, 0x0, 0x5003) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r5, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)="be38", 0xffe7}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaac14140000000b001400000000000000000000000700000007038b0100000000"], 0x38}, 0x0) 265.659606ms ago: executing program 2 (id=4719): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000007c0)={0x400000000000000, 0x0, 0x0}, 0x40080) r2 = fanotify_init(0x20, 0x80000) fanotify_mark(r2, 0x1, 0x4000001a, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)={0x34, 0x3e, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @pid}]}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="7235ab62"]}, @typed={0x8, 0x7, 0x0, 0x0, @fd=r3}]}, 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) io_uring_setup(0x1b7b, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140004800800024000000000080001400000000571000000060a010400000008000000000100000008000b4000000000400004803c0001800a0001006d617463680000002c0002800800010065636e000c000300e4edf2b75cc7c0a308000240000000000c000100706b7474797065000900010073797a30"], 0xf0}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) 93.389842ms ago: executing program 4 (id=4720): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x80, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x608}}, './file2\x00'}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000000800)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @struct}}) setpgid(0xffffffffffffffff, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) dup3(r3, r0, 0x80000) unshare(0x24040400) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r4, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r4, 0x260}], 0x1, 0x0, 0x0, 0x0) creat(&(0x7f0000000180)='./file2\x00', 0x71283578ac7c5cd) 0s ago: executing program 5 (id=4721): socket$packet(0x11, 0x3, 0x300) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x38}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000000)="27050200d40f00000600002f8847", 0xe}], 0x1}, 0x0) kernel console output (not intermixed with test programs): nvalid_vmcs=1 to dump internal KVM state. [ 520.441468][ T6061] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 520.640225][ T6061] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 520.649392][ T6061] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 520.675451][ T6061] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 520.691005][ T6061] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 520.709173][ T6061] usb 1-1: Manufacturer: syz [ 520.756366][ T6061] usb 1-1: config 0 descriptor?? [ 520.865104][ T6061] rc_core: IR keymap rc-hauppauge not found [ 520.880885][ T6061] Registered IR keymap rc-empty [ 520.894604][ T6061] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 520.906674][ T6061] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input49 [ 520.983434][ C1] igorplugusb 1-1:0.0: Error: urb status = -32 [ 521.015354][ T30] audit: type=1326 audit(1765890750.339:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14072 comm="syz.3.2708" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f562f58f749 code=0x0 [ 521.150366][T14079] fuse: Unknown parameter 'group_i00000000000000000000' [ 521.282583][ T5922] usb 1-1: USB disconnect, device number 17 [ 521.401147][ T30] audit: type=1400 audit(1765890750.729:1085): avc: denied { getopt } for pid=14085 comm="syz.5.2713" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 521.473042][ T4185] 0: reclassify loop, rule prio 0, protocol 800 [ 521.486632][ T30] audit: type=1400 audit(1765890750.809:1086): avc: denied { bind } for pid=14088 comm="syz.5.2714" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 523.176924][ T30] audit: type=1400 audit(1765890752.489:1087): avc: denied { create } for pid=14114 comm="syz.3.2723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 523.202692][T14122] fuse: Unknown parameter 'group_i00000000000000000000' [ 523.537257][ T30] audit: type=1400 audit(1765890752.499:1088): avc: denied { bind } for pid=14114 comm="syz.3.2723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 523.832045][ T30] audit: type=1400 audit(1765890753.069:1089): avc: denied { create } for pid=14124 comm="syz.0.2727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 523.942970][ T30] audit: type=1400 audit(1765890753.069:1090): avc: denied { getopt } for pid=14124 comm="syz.0.2727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 524.119201][ T30] audit: type=1400 audit(1765890753.439:1091): avc: denied { name_bind } for pid=14139 comm="syz.2.2732" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 524.422634][T14124] delete_channel: no stack [ 525.519281][T14172] fuse: Unknown parameter 'group_id00000000000000000000' [ 525.832890][T14179] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2747'. [ 526.598827][ T78] 0: reclassify loop, rule prio 0, protocol 800 [ 526.926890][T14203] 9pnet_virtio: no channels available for device syz [ 526.945369][T14203] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 527.072696][T14203] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 527.082825][T14203] overlayfs: failed to look up (tracing) for ino (-66) [ 530.177692][T14254] 0: reclassify loop, rule prio 0, protocol 800 [ 530.206361][T14264] input: syz1 as /devices/virtual/input/input50 [ 530.228284][T14255] cgroup: name respecified [ 530.896014][ T30] audit: type=1400 audit(1765890760.219:1092): avc: denied { read } for pid=14299 comm="syz.0.2790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 532.353220][ T5993] 0: reclassify loop, rule prio 0, protocol 800 [ 532.403195][T14307] netlink: 'syz.4.2793': attribute type 13 has an invalid length. [ 532.441131][T14311] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2794'. [ 532.511075][T14311] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2794'. [ 532.553645][T14307] gretap0: refused to change device tx_queue_len [ 532.559982][T14307] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 533.130044][T14319] cgroup: name respecified [ 533.716427][ T30] audit: type=1326 audit(1765890763.039:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14403 comm="syz.4.2813" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff82cf8f749 code=0x0 [ 533.751355][ T30] audit: type=1400 audit(1765890763.079:1094): avc: denied { append } for pid=14405 comm="syz.0.2814" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 534.090962][ T5922] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 534.345063][ T5922] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 534.354132][ T5922] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.362486][ T5922] usb 1-1: Product: syz [ 534.366687][ T5922] usb 1-1: Manufacturer: syz [ 534.371623][ T5922] usb 1-1: SerialNumber: syz [ 534.378876][ T5922] usb 1-1: config 0 descriptor?? [ 534.396943][ T5922] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 534.525376][T14429] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2822'. [ 534.719238][ T30] audit: type=1400 audit(1765890764.039:1095): avc: denied { mount } for pid=14435 comm="syz.3.2825" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 534.723828][T14436] overlayfs: failed to clone upperpath [ 534.814878][ T30] audit: type=1400 audit(1765890764.129:1096): avc: denied { name_connect } for pid=14430 comm="syz.2.2823" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 536.024401][ T5922] gspca_sunplus: reg_r err -110 [ 536.029407][ T5922] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 536.825494][T14463] macsec1: entered promiscuous mode [ 536.840949][T14463] team0: entered promiscuous mode [ 536.852533][T14463] team_slave_0: entered promiscuous mode [ 536.867582][T14463] team_slave_1: entered promiscuous mode [ 537.930519][ T6061] usb 1-1: USB disconnect, device number 18 [ 538.539265][T14334] 0: reclassify loop, rule prio 0, protocol 800 [ 539.210080][T14549] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2866'. [ 540.862239][T14579] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2879'. [ 541.149479][T14597] vlan2: entered allmulticast mode [ 541.155078][T14597] dummy0: entered allmulticast mode [ 542.258157][T14626] fuse: Bad value for 'fd' [ 543.181546][ T30] audit: type=1400 audit(1765890772.509:1097): avc: denied { create } for pid=14645 comm="syz.3.2905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 543.490294][T14652] cgroup: name respecified [ 543.872920][T14334] 0: reclassify loop, rule prio 0, protocol 800 [ 544.380744][ T30] audit: type=1400 audit(1765890773.699:1098): avc: denied { map } for pid=14685 comm="syz.2.2918" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 544.564811][ T30] audit: type=1400 audit(1765890773.889:1099): avc: denied { read } for pid=14695 comm="syz.3.2923" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 544.887509][ T5815] Bluetooth: hci2: unexpected event for opcode 0x0004 [ 545.682124][T14729] fuse: Bad value for 'fd' [ 545.889096][ T53] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 545.898528][ T53] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 545.906452][ T53] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 545.914615][ T53] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 545.923007][ T53] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 546.612406][T14733] chnl_net:caif_netlink_parms(): no params data found [ 546.804473][T14774] fuse: Bad value for 'fd' [ 546.866087][T14334] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 547.031061][ T5922] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 547.332294][T14334] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 547.472560][T14733] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.479917][T14733] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.487312][T14733] bridge_slave_0: entered allmulticast mode [ 547.503857][T14733] bridge_slave_0: entered promiscuous mode [ 547.523997][T14733] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.531261][T14733] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.539741][T14733] bridge_slave_1: entered allmulticast mode [ 547.546051][ T5922] usb 1-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 547.561832][T14733] bridge_slave_1: entered promiscuous mode [ 547.575816][ T5922] usb 1-1: config 0 interface 0 has no altsetting 0 [ 547.584868][ T5922] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 547.594314][ T5922] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 547.611109][ T5922] usb 1-1: Product: syz [ 547.620356][ T5922] usb 1-1: Manufacturer: syz [ 547.625861][ T5922] usb 1-1: SerialNumber: syz [ 547.649737][T14334] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 548.071926][ T5815] Bluetooth: hci5: command tx timeout [ 548.300642][ T5922] usb 1-1: config 0 descriptor?? [ 548.350506][ T5922] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 548.460353][T14334] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 548.751113][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 548.859503][ T91] usb 1-1: USB disconnect, device number 19 [ 548.898961][T14742] udevd[14742]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 548.899718][T14801] 9p: Bad value for 'wfdno' [ 548.921081][ T5815] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 548.930308][ T5815] Bluetooth: hci2: Injecting HCI hardware error event [ 548.938408][ T5815] Bluetooth: hci2: hardware error 0x00 [ 548.958836][T14733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 548.978147][T14733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 549.072275][T14377] 0: reclassify loop, rule prio 0, protocol 800 [ 549.106436][T14733] team0: Port device team_slave_0 added [ 549.141865][T14733] team0: Port device team_slave_1 added [ 549.254045][T14334] bridge_slave_1: left allmulticast mode [ 549.259714][T14334] bridge_slave_1: left promiscuous mode [ 549.271194][T14334] bridge0: port 2(bridge_slave_1) entered disabled state [ 549.284728][T14334] bridge_slave_0: left allmulticast mode [ 549.290378][T14334] bridge_slave_0: left promiscuous mode [ 549.301106][T14334] bridge0: port 1(bridge_slave_0) entered disabled state [ 550.070256][T14334] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 550.089814][T14334] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 550.108686][T14334] bond0 (unregistering): Released all slaves [ 550.111788][ T53] Bluetooth: hci5: command tx timeout [ 550.143244][T14733] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 550.150208][T14733] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 550.258631][T14733] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 550.417748][T14733] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 550.450118][T14733] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 550.533821][T14845] 9pnet_virtio: no channels available for device syz [ 550.546682][T14845] overlayfs: missing 'lowerdir' [ 550.588153][T14845] overlayfs: failed to clone lowerpath [ 550.844874][ T5995] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 551.350635][ T5815] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 551.381385][T14733] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 551.437715][ T5995] usb 6-1: Using ep0 maxpacket: 8 [ 552.026413][ T5995] usb 6-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 552.043934][ T5995] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.064300][T14733] hsr_slave_0: entered promiscuous mode [ 552.070722][T14733] hsr_slave_1: entered promiscuous mode [ 552.077201][T14733] debugfs: 'hsr0' already exists in 'hsr' [ 552.083330][T14733] Cannot create hsr debugfs directory [ 552.090925][ T5995] usb 6-1: Product: syz [ 552.095094][ T5995] usb 6-1: Manufacturer: syz [ 552.100458][ T5995] usb 6-1: SerialNumber: syz [ 552.122184][ T5995] usb 6-1: config 0 descriptor?? [ 552.132635][ T5995] radio-usb-si4713 6-1:0.0: Si4713 development board discovered: (10C4:8244) [ 552.191344][ T5815] Bluetooth: hci5: command tx timeout [ 552.467104][T14334] hsr_slave_0: left promiscuous mode [ 552.480925][T14334] hsr_slave_1: left promiscuous mode [ 552.902495][T14334] team0: left promiscuous mode [ 552.909057][ T5995] radio-usb-si4713 6-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 552.925093][T14334] team_slave_0: left promiscuous mode [ 552.932334][ T5995] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 552.939923][T14334] team_slave_1: left promiscuous mode [ 552.961121][ T5995] usb 6-1: USB disconnect, device number 4 [ 553.447544][T14895] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2989'. [ 553.526181][ T30] audit: type=1400 audit(1765890782.849:1100): avc: denied { shutdown } for pid=14897 comm="syz.5.2992" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 553.603220][T14901] 9pnet_virtio: no channels available for device syz [ 553.615858][T14901] overlayfs: missing 'lowerdir' [ 553.692017][T14902] overlayfs: failed to clone lowerpath [ 554.393622][ T5815] Bluetooth: hci5: command tx timeout [ 554.421047][T14334] team0 (unregistering): Port device team_slave_1 removed [ 554.564001][T14334] team0 (unregistering): Port device team_slave_0 removed [ 554.833829][T14377] 0: reclassify loop, rule prio 0, protocol 800 [ 555.390961][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 555.764318][ T30] audit: type=1400 audit(1765890785.089:1101): avc: denied { setopt } for pid=14923 comm="syz.3.3001" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 557.131571][T14940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3007'. [ 557.187207][ T30] audit: type=1400 audit(1765890786.509:1102): avc: denied { create } for pid=14944 comm="syz.0.3009" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 557.242528][ T30] audit: type=1400 audit(1765890786.509:1103): avc: denied { bind } for pid=14944 comm="syz.0.3009" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 557.345547][ T30] audit: type=1400 audit(1765890786.509:1104): avc: denied { write } for pid=14944 comm="syz.0.3009" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 559.061301][ T30] audit: type=1400 audit(1765890788.389:1105): avc: denied { create } for pid=14986 comm="syz.0.3023" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 559.126770][ T30] audit: type=1400 audit(1765890788.449:1106): avc: denied { ioctl } for pid=14986 comm="syz.0.3023" path="socket:[43581]" dev="sockfs" ino=43581 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 559.181688][T14993] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3026'. [ 559.217306][ T30] audit: type=1400 audit(1765890788.449:1107): avc: denied { bind } for pid=14988 comm="syz.5.3025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 559.252166][ T30] audit: type=1400 audit(1765890788.449:1108): avc: denied { name_bind } for pid=14988 comm="syz.5.3025" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 559.287987][ T30] audit: type=1400 audit(1765890788.449:1109): avc: denied { node_bind } for pid=14988 comm="syz.5.3025" saddr=172.20.20.170 src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 559.476864][T14334] IPVS: stop unused estimator thread 0... [ 560.243626][T14733] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 560.275156][T14733] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 560.301410][T15027] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3039'. [ 560.334523][T14733] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 560.367005][T14733] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 560.660828][ T30] audit: type=1400 audit(1765890789.979:1110): avc: denied { append } for pid=15029 comm="syz.5.3041" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 561.040601][T14733] 8021q: adding VLAN 0 to HW filter on device bond0 [ 561.146212][T14733] 8021q: adding VLAN 0 to HW filter on device team0 [ 561.219413][T15055] 9pnet_virtio: no channels available for device syz [ 561.369133][T15055] overlayfs: missing 'lowerdir' [ 561.785368][T15056] overlayfs: failed to clone lowerpath [ 562.110681][ T5993] bridge0: port 1(bridge_slave_0) entered blocking state [ 562.117857][ T5993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 562.197724][ T5993] bridge0: port 2(bridge_slave_1) entered blocking state [ 562.204905][ T5993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 562.435109][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.568646][T14733] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 562.626653][T14733] veth0_vlan: entered promiscuous mode [ 562.640773][T14733] veth1_vlan: entered promiscuous mode [ 563.571546][ T30] audit: type=1400 audit(1765890792.419:1111): avc: denied { getopt } for pid=15059 comm="syz.5.3050" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 563.725598][T14733] veth0_macvtap: entered promiscuous mode [ 563.759697][T14733] veth1_macvtap: entered promiscuous mode [ 563.807708][T14733] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 563.844037][T14733] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 563.872081][T14334] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.919642][T14334] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.946674][T14334] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.974918][T14334] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.124525][T15095] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1124 sclass=netlink_route_socket pid=15095 comm=syz.3.3062 [ 564.287678][T14334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 564.326718][T14334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 564.397315][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 564.416048][T15104] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3064'. [ 564.422901][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 564.777883][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 564.787518][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 564.798783][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 564.806907][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 564.814716][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 564.976239][ T30] audit: type=1326 audit(1765890794.299:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15130 comm="syz.4.3076" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff82cf8f749 code=0x0 [ 565.140961][ T5995] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 565.386904][ T5995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 565.387185][ T5995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 565.387219][ T5995] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 565.387239][ T5995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 565.441520][ T5995] usb 6-1: config 0 descriptor?? [ 565.487210][T15119] chnl_net:caif_netlink_parms(): no params data found [ 565.570899][ T30] audit: type=1400 audit(1765890794.889:1113): avc: denied { listen } for pid=15149 comm="syz.0.3079" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 565.577525][T15150] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15150 comm=syz.0.3079 [ 565.932333][T15119] bridge0: port 1(bridge_slave_0) entered blocking state [ 565.961076][T15119] bridge0: port 1(bridge_slave_0) entered disabled state [ 565.981115][T15119] bridge_slave_0: entered allmulticast mode [ 565.996075][T15119] bridge_slave_0: entered promiscuous mode [ 566.010641][ T5995] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0 [ 566.015467][T15119] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.050438][T15119] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.050546][ T5995] cp2112 0003:10C4:EA90.0003: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0 [ 566.071171][T15119] bridge_slave_1: entered allmulticast mode [ 566.112224][T15119] bridge_slave_1: entered promiscuous mode [ 566.203162][ T5995] cp2112 0003:10C4:EA90.0003: Part Number: 0x82 Device Version: 0xFE [ 566.277277][T15119] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 566.317155][T15160] syzkaller1: entered promiscuous mode [ 566.325463][T15160] syzkaller1: entered allmulticast mode [ 566.366042][T15119] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 566.527200][T15119] team0: Port device team_slave_0 added [ 566.615718][ T5995] cp2112 0003:10C4:EA90.0003: error setting SMBus config [ 566.616927][T15119] team0: Port device team_slave_1 added [ 566.742604][ T5995] cp2112 0003:10C4:EA90.0003: probe with driver cp2112 failed with error -71 [ 566.888515][ T5995] usb 6-1: USB disconnect, device number 5 [ 566.914358][ T53] Bluetooth: hci3: command tx timeout [ 566.947313][T15119] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 566.966683][T15119] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 567.056888][T15119] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 567.551374][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 567.905933][T15189] Process accounting resumed [ 567.913722][T15119] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 567.915446][ T30] audit: type=1400 audit(1765890796.829:1114): avc: denied { create } for pid=15186 comm="syz.0.3090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 567.922178][T15119] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 567.982731][T15119] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 568.022902][ T30] audit: type=1400 audit(1765890796.839:1115): avc: denied { connect } for pid=15186 comm="syz.0.3090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 568.055459][T15119] hsr_slave_0: entered promiscuous mode [ 568.071822][T15119] hsr_slave_1: entered promiscuous mode [ 568.075578][ T30] audit: type=1400 audit(1765890796.839:1116): avc: denied { bind } for pid=15186 comm="syz.0.3090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 568.097414][T15119] debugfs: 'hsr0' already exists in 'hsr' [ 568.104091][T15119] Cannot create hsr debugfs directory [ 568.240996][ T5922] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 568.400954][ T5922] usb 1-1: device descriptor read/64, error -71 [ 568.556336][T15119] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.632506][T15119] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.642929][ T5922] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 568.780928][ T5922] usb 1-1: device descriptor read/64, error -71 [ 568.970320][T15119] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.997150][ T53] Bluetooth: hci3: command tx timeout [ 569.074642][T15119] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.095179][ T5922] usb usb1-port1: attempt power cycle [ 569.145785][T15211] syzkaller1: entered promiscuous mode [ 569.160334][T15211] syzkaller1: entered allmulticast mode [ 569.341320][T15119] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 569.379103][T15119] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 569.430975][T15119] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 569.448515][T15119] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 569.460919][ T5922] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 569.492202][ T5922] usb 1-1: device descriptor read/8, error -71 [ 569.532428][T15218] cgroup: name respecified [ 570.020922][ T5922] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 570.411215][ T5922] usb 1-1: device descriptor read/8, error -71 [ 570.463622][T15119] 8021q: adding VLAN 0 to HW filter on device bond0 [ 571.304081][ T5922] usb usb1-port1: unable to enumerate USB device [ 571.308965][ T53] Bluetooth: hci3: command tx timeout [ 571.428639][T15119] 8021q: adding VLAN 0 to HW filter on device team0 [ 571.505343][T14336] bridge0: port 1(bridge_slave_0) entered blocking state [ 571.512516][T14336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 571.595635][T14336] bridge0: port 2(bridge_slave_1) entered blocking state [ 571.602796][T14336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 572.294117][T15119] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 572.365837][T15119] veth0_vlan: entered promiscuous mode [ 572.388986][T15119] veth1_vlan: entered promiscuous mode [ 572.446701][T15119] veth0_macvtap: entered promiscuous mode [ 572.487620][T15119] veth1_macvtap: entered promiscuous mode [ 572.523155][T15119] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 572.544102][T15119] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 572.578606][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 572.595217][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 572.621673][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 572.640702][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 572.747337][T15271] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3117'. [ 573.483070][ T53] Bluetooth: hci3: command tx timeout [ 577.593702][T15279] Process accounting resumed [ 577.601141][T14334] 0: reclassify loop, rule prio 0, protocol 800 [ 578.151723][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 578.159561][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 578.243343][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 578.252373][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 578.441850][ T30] audit: type=1400 audit(1765890807.769:1117): avc: denied { read } for pid=15295 comm="syz.3.3067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 578.673566][T15304] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3127'. [ 578.846168][T15308] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 578.860423][T15308] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 578.871000][T15308] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 578.882747][T15308] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 578.892526][T15308] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 579.360202][T14327] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 579.403893][T14327] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 579.539555][T14327] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 579.600795][T14327] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 579.696749][T14327] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 579.722507][T14327] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 579.752569][T15307] chnl_net:caif_netlink_parms(): no params data found [ 579.819261][T14327] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 579.833105][T14327] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 579.871042][T15308] Bluetooth: hci0: command 0x0406 tx timeout [ 580.261244][T15307] bridge0: port 1(bridge_slave_0) entered blocking state [ 580.269188][T15307] bridge0: port 1(bridge_slave_0) entered disabled state [ 580.279346][T15307] bridge_slave_0: entered allmulticast mode [ 580.294928][T15307] bridge_slave_0: entered promiscuous mode [ 580.672238][T15307] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.686608][T15307] bridge0: port 2(bridge_slave_1) entered disabled state [ 580.698241][T15307] bridge_slave_1: entered allmulticast mode [ 581.640950][ T53] Bluetooth: hci1: command tx timeout [ 581.641415][ T30] audit: type=1400 audit(1765890810.549:1118): avc: denied { lock } for pid=15330 comm="syz.3.3132" path="socket:[46390]" dev="sockfs" ino=46390 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 581.684353][T15307] bridge_slave_1: entered promiscuous mode [ 581.941282][T15307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 581.964296][T15307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 582.492343][T15351] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 583.070296][ T1304] 0: reclassify loop, rule prio 0, protocol 800 [ 583.241323][ T6061] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 583.379765][T14327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 583.661363][ T6061] usb 6-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 583.681579][T14327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 583.705482][ T6061] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 583.716652][T15308] Bluetooth: hci1: command tx timeout [ 583.723844][T14327] bond0 (unregistering): Released all slaves [ 583.731099][ T6061] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 583.812449][T15307] team0: Port device team_slave_0 added [ 583.835849][T15307] team0: Port device team_slave_1 added [ 583.876207][ T6061] usb 6-1: config 0 interface 0 has no altsetting 0 [ 583.885151][ T6061] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 583.895893][ T6061] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 583.904292][ T6061] usb 6-1: Product: syz [ 583.909321][ T6061] usb 6-1: Manufacturer: syz [ 583.914287][ T6061] usb 6-1: SerialNumber: syz [ 583.922179][ T6061] usb 6-1: config 0 descriptor?? [ 583.927774][T15354] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 583.939127][ T6061] usb 6-1: selecting invalid altsetting 0 [ 584.402543][ T6061] usb 6-1: USB disconnect, device number 7 [ 584.502587][T15307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 584.527485][T15307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 584.609659][T15307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 584.624468][T15307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 584.639816][T15307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 584.666834][T15307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 584.845740][T15307] hsr_slave_0: entered promiscuous mode [ 584.865486][T15307] hsr_slave_1: entered promiscuous mode [ 584.886561][T15307] debugfs: 'hsr0' already exists in 'hsr' [ 584.893442][T15307] Cannot create hsr debugfs directory [ 584.916194][T15375] netlink: 'syz.4.3148': attribute type 83 has an invalid length. [ 584.934720][T14327] hsr_slave_0: left promiscuous mode [ 584.950986][T14327] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 584.958374][T14327] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 584.992643][T14327] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 585.000043][T14327] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 585.053501][T14327] veth1_macvtap: left promiscuous mode [ 585.059029][T14327] veth0_macvtap: left promiscuous mode [ 585.069487][T14327] veth1_vlan: left promiscuous mode [ 585.075179][T14327] veth0_vlan: left promiscuous mode [ 585.121795][ T30] audit: type=1400 audit(1765890814.449:1119): avc: denied { write } for pid=15387 comm="syz.5.3153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 585.168015][ T30] audit: type=1400 audit(1765890814.469:1120): avc: denied { nlmsg_write } for pid=15387 comm="syz.5.3153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 585.791910][T15308] Bluetooth: hci1: command tx timeout [ 586.458078][T15416] sctp: [Deprecated]: syz.2.3159 (pid 15416) Use of struct sctp_assoc_value in delayed_ack socket option. [ 586.458078][T15416] Use struct sctp_sack_info instead [ 587.065723][T14327] team0 (unregistering): Port device team_slave_1 removed [ 587.094216][T14327] team0 (unregistering): Port device team_slave_0 removed [ 587.352469][ T6061] infiniband syz0: ib_query_port failed (-19) [ 587.871057][T15308] Bluetooth: hci1: command tx timeout [ 588.031976][ C1] 0: reclassify loop, rule prio 0, protocol 800 [ 588.309970][T14327] IPVS: stop unused estimator thread 0... [ 588.581194][ T5995] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 588.601038][T15307] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 588.625164][T15307] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 588.637634][T15307] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 588.681586][ T5993] 0: reclassify loop, rule prio 0, protocol 800 [ 588.771165][T15307] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 589.002287][ T5995] usb 6-1: Using ep0 maxpacket: 32 [ 589.014076][ T5995] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 589.801053][ T5995] usb 6-1: config 0 has no interface number 0 [ 589.814050][ T5995] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 589.823212][ T5995] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.900899][T15481] trusted_key: syz.3.3188 sent an empty control message without MSG_MORE. [ 589.963985][ T5995] usb 6-1: Product: syz [ 589.976486][ T5995] usb 6-1: Manufacturer: syz [ 589.990472][ T5995] usb 6-1: SerialNumber: syz [ 590.023946][ T5995] usb 6-1: config 0 descriptor?? [ 590.048785][ T5995] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 590.096064][ T5995] usb 6-1: selecting invalid altsetting 1 [ 590.097624][T15307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 590.123698][T15307] 8021q: adding VLAN 0 to HW filter on device team0 [ 590.131203][ T5995] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 590.134934][ T6047] bridge0: port 1(bridge_slave_0) entered blocking state [ 590.145449][ T6047] bridge0: port 1(bridge_slave_0) entered forwarding state [ 590.173415][ T6047] bridge0: port 2(bridge_slave_1) entered blocking state [ 590.174139][ T5995] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 590.180566][ T6047] bridge0: port 2(bridge_slave_1) entered forwarding state [ 590.216172][ T5995] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 590.239125][ T5995] usb 6-1: media controller created [ 590.276121][ T5995] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 590.332209][ T5995] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 590.339447][ T5995] zl10353_read_register: readreg error (reg=127, ret==-71) [ 590.348901][ T5995] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 590.415030][ T5995] usb 6-1: USB disconnect, device number 8 [ 590.418818][T15307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 590.496611][T15307] veth0_vlan: entered promiscuous mode [ 590.516997][T15307] veth1_vlan: entered promiscuous mode [ 590.539692][T15307] veth0_macvtap: entered promiscuous mode [ 590.548864][T15307] veth1_macvtap: entered promiscuous mode [ 590.564881][T15307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 590.577286][T15307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 590.589667][ T6047] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.600400][ T6047] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.610629][ T6047] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.620425][ T5993] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.704363][ T30] audit: type=1400 audit(1765890820.029:1121): avc: denied { connect } for pid=15504 comm="syz.2.3196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 590.710683][ T6047] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 590.745440][ T6047] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 590.796814][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 590.820524][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 591.871231][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 592.406654][ T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 592.415200][ T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 592.423882][ T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 592.564296][ T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 592.572083][ T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 593.023470][T15526] chnl_net:caif_netlink_parms(): no params data found [ 593.130949][ T6061] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 593.190991][ T5995] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 593.300872][ T6061] usb 1-1: Using ep0 maxpacket: 32 [ 594.115285][ T6061] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 594.164146][ T6061] usb 1-1: config 0 has no interface number 0 [ 594.221199][ T6061] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 594.230319][ T6061] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.266965][ T6061] usb 1-1: Product: syz [ 594.271363][ T5995] usb 4-1: Using ep0 maxpacket: 8 [ 594.289232][ T6061] usb 1-1: Manufacturer: syz [ 594.292521][T15555] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3212'. [ 594.296477][ T5995] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 594.330919][ T6061] usb 1-1: SerialNumber: syz [ 594.342145][ T6061] usb 1-1: config 0 descriptor?? [ 594.360598][T15526] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.360900][ T5995] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 594.376689][T15526] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.386481][ T6061] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 594.390089][T15526] bridge_slave_0: entered allmulticast mode [ 594.411264][ T6061] usb 1-1: selecting invalid altsetting 1 [ 594.431706][T14334] 0: reclassify loop, rule prio 0, protocol 800 [ 594.442592][T15526] bridge_slave_0: entered promiscuous mode [ 594.444340][ T5995] usb 4-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00 [ 594.468137][ T6061] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 594.482891][T15526] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.495632][ T5995] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.501174][T15526] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.507642][ T6061] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 594.536388][ T5995] usb 4-1: Product: syz [ 594.540601][ T5995] usb 4-1: Manufacturer: syz [ 594.542965][T15526] bridge_slave_1: entered allmulticast mode [ 594.570144][ T5995] usb 4-1: SerialNumber: syz [ 594.575359][T15526] bridge_slave_1: entered promiscuous mode [ 594.575883][ T6061] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 594.598981][ T6061] usb 1-1: media controller created [ 594.606849][ T5995] gspca_main: spca501-2.14.0 probing 0000:0000 [ 594.622570][ T6061] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 594.661417][T15563] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3216'. [ 594.673986][ T53] Bluetooth: hci2: command tx timeout [ 594.682448][ T30] audit: type=1400 audit(1765890824.009:1122): avc: denied { mounton } for pid=15562 comm="syz.2.3216" path="/48/file0" dev="tmpfs" ino=266 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 594.682588][ T6061] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 594.717762][ T6061] zl10353_read_register: readreg error (reg=127, ret==-71) [ 594.726273][ T6061] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 594.764361][ T6061] usb 1-1: USB disconnect, device number 24 [ 594.774087][T15526] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 594.813069][ T5995] gspca_spca501: reg write: error -71 [ 594.818528][ T5995] spca501 4-1:1.0: Reg write failed for 0x02,0x0f,0x05 [ 594.829676][ T5995] spca501 4-1:1.0: probe with driver spca501 failed with error -22 [ 594.836624][T15526] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 594.843692][ T5995] usb 4-1: Audio class v2/v3 interfaces need an interface association [ 594.879548][ T5995] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 594.913657][ T5995] usb 4-1: USB disconnect, device number 13 [ 594.955552][T14368] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.969000][T14742] udevd[14742]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 594.987263][T14368] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 595.018731][T15526] team0: Port device team_slave_0 added [ 595.026941][T15526] team0: Port device team_slave_1 added [ 595.066283][T14368] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.082553][T14368] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 595.097154][T15526] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 595.104236][T15526] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 595.130439][T15526] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 595.143900][T15526] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 595.154504][T15526] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 595.182219][T15526] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 595.209957][T14368] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.223217][T14368] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 595.270986][ T30] audit: type=1400 audit(1765890824.569:1123): avc: denied { setopt } for pid=15572 comm="syz.0.3219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 595.334650][ T30] audit: type=1400 audit(1765890824.569:1124): avc: denied { read } for pid=15572 comm="syz.0.3219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 595.405877][T14368] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.429935][T14368] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 595.472885][ T30] audit: type=1800 audit(1765890824.799:1125): pid=15567 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.3216" name="/" dev="fuse" ino=1 res=0 errno=0 [ 595.519257][T15526] hsr_slave_0: entered promiscuous mode [ 595.528223][T15526] hsr_slave_1: entered promiscuous mode [ 595.534679][T15526] debugfs: 'hsr0' already exists in 'hsr' [ 595.540476][T15526] Cannot create hsr debugfs directory [ 596.894275][ T53] Bluetooth: hci2: command tx timeout [ 596.924958][ T30] audit: type=1400 audit(1765890825.339:1126): avc: denied { bind } for pid=15587 comm="syz.0.3225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 597.771388][T14368] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 597.947205][T14368] bond0 (unregistering): Released all slaves [ 599.198157][T15308] Bluetooth: hci2: command tx timeout [ 599.208322][ T7050] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 599.424543][ T7050] usb 6-1: Using ep0 maxpacket: 8 [ 599.439133][ T7050] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 88, changing to 10 [ 599.466890][ T7050] usb 6-1: config 1 interface 0 has no altsetting 0 [ 599.475907][T14368] hsr_slave_0: left promiscuous mode [ 599.485041][ T7050] usb 6-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.40 [ 599.485105][T14368] hsr_slave_1: left promiscuous mode [ 599.502491][ T7050] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.515129][T14368] veth1_macvtap: left promiscuous mode [ 599.518900][ T7050] usb 6-1: Product: syz [ 599.521090][T14368] veth0_macvtap: left promiscuous mode [ 599.532469][T14368] veth1_vlan: left promiscuous mode [ 599.537762][T14368] veth0_vlan: left promiscuous mode [ 599.550025][ T7050] usb 6-1: Manufacturer: syz [ 599.561036][ T7050] usb 6-1: SerialNumber: syz [ 599.785030][ T7050] usbhid 6-1:1.0: can't add hid device: -71 [ 599.801555][ T7050] usbhid 6-1:1.0: probe with driver usbhid failed with error -71 [ 599.849914][ T7050] usb 6-1: USB disconnect, device number 9 [ 600.192509][ T1304] 0: reclassify loop, rule prio 0, protocol 800 [ 600.246159][ T30] audit: type=1400 audit(1765890829.569:1127): avc: denied { name_bind } for pid=15646 comm="syz.0.3246" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 601.241312][T15308] Bluetooth: hci2: command tx timeout [ 602.354171][T15526] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 602.498995][T15526] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 602.524023][T15526] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 602.610795][T15687] ADFS-fs (nbd2): error: unable to read block 3, try 0 [ 602.660448][ T30] audit: type=1400 audit(1765890831.929:1128): avc: denied { mounton } for pid=15683 comm="syz.2.3259" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=38 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 602.719276][T15526] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 603.032699][T15526] 8021q: adding VLAN 0 to HW filter on device bond0 [ 603.055160][T15526] 8021q: adding VLAN 0 to HW filter on device team0 [ 603.095478][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 603.102683][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 603.197082][T14340] bridge0: port 2(bridge_slave_1) entered blocking state [ 603.204258][T14340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 603.737144][T14368] IPVS: stop unused estimator thread 0... [ 604.430900][ T5992] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 604.462650][T15526] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 604.741113][ T5992] usb 6-1: Using ep0 maxpacket: 32 [ 604.752514][ T5992] usb 6-1: config 0 has an invalid interface number: 234 but max is 0 [ 604.780663][ T5992] usb 6-1: config 0 has no interface number 0 [ 604.793444][T15731] fuse: Unknown parameter '0x0000000000000004' [ 604.793717][ T5992] usb 6-1: New USB device found, idVendor=0411, idProduct=0012, bcdDevice=e6.71 [ 605.260593][ T5992] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.268850][ T5992] usb 6-1: Product: syz [ 605.273343][ T5992] usb 6-1: Manufacturer: syz [ 605.277933][ T5992] usb 6-1: SerialNumber: syz [ 605.285877][ T5992] usb 6-1: config 0 descriptor?? [ 605.293837][ T5992] rtl8150 6-1:0.234: couldn't find required endpoints [ 605.305426][ T5992] rtl8150 6-1:0.234: probe with driver rtl8150 failed with error -5 [ 605.356762][T15526] veth0_vlan: entered promiscuous mode [ 605.370527][T15526] veth1_vlan: entered promiscuous mode [ 605.417485][T15526] veth0_macvtap: entered promiscuous mode [ 605.452793][T15526] veth1_macvtap: entered promiscuous mode [ 605.474446][T15526] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 605.502320][T15526] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 605.539603][ T7050] usb 6-1: USB disconnect, device number 10 [ 605.555113][T14330] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.599619][T14330] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.624401][T14330] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.643724][T14330] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.764672][ T4185] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 605.801629][ T4185] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 605.887167][T14368] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 605.895509][T14368] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 605.954316][T14377] 0: reclassify loop, rule prio 0, protocol 800 [ 606.153722][T15770] fuse: Unknown parameter '0x0000000000000004' [ 606.532523][ T5865] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 606.691829][ T5865] usb 6-1: Using ep0 maxpacket: 32 [ 606.704899][ T5865] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 606.717334][ T5865] usb 6-1: config 0 has no interface number 0 [ 606.738386][ T5865] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 606.766963][ T5865] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.783525][ T5865] usb 6-1: Product: syz [ 606.792580][ T5865] usb 6-1: Manufacturer: syz [ 606.798700][ T5865] usb 6-1: SerialNumber: syz [ 606.815793][ T5865] usb 6-1: config 0 descriptor?? [ 606.829587][ T5865] smsc95xx v2.0.0 [ 607.224511][T15809] 9pnet_virtio: no channels available for device syz [ 607.234806][T15809] overlayfs: missing 'lowerdir' [ 607.241836][T15809] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 607.503606][ T30] audit: type=1400 audit(1765890836.829:1129): avc: denied { create } for pid=15821 comm="syz.0.3308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 607.645714][ T5865] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 607.677490][ T5865] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 607.705743][ T5865] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 607.738744][ T5865] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 607.763123][ T5865] usb 6-1: USB disconnect, device number 11 [ 607.990916][ T5995] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 608.173501][ T5995] usb 4-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 608.189958][ T5995] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.203642][ T5995] usb 4-1: config 0 descriptor?? [ 608.217197][ T5995] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 608.340582][T15851] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3320'. [ 608.352222][T15839] cgroup: name respecified [ 609.411013][ T5995] gspca_sunplus: reg_w_riv err -71 [ 609.443144][ T5995] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 609.465702][ T5995] usb 4-1: USB disconnect, device number 14 [ 609.731469][ T30] audit: type=1326 audit(1765890839.059:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15866 comm="syz.0.3327" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb9458f749 code=0x0 [ 610.210930][ T30] audit: type=1400 audit(1765890839.129:1131): avc: denied { read write } for pid=15869 comm="syz.2.3329" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 610.267198][ T30] audit: type=1400 audit(1765890839.139:1132): avc: denied { ioctl } for pid=15869 comm="syz.2.3329" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 610.283969][T15884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3334'. [ 610.332517][T15881] geneve2: entered promiscuous mode [ 610.345309][T14331] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 610.369836][T14331] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 610.425569][T14331] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 610.443747][T14331] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 610.550984][ T5813] usb 6-1: new low-speed USB device number 12 using dummy_hcd [ 610.573199][T15889] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3339'. [ 610.872281][ T5813] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 610.880526][ T5813] usb 6-1: config 0 has no interface number 0 [ 610.891389][ T5813] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 610.905121][ T5813] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 610.929167][ T5813] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 610.944320][ T5813] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 610.955514][ T5813] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 610.966517][ T5813] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 610.979936][ T5813] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 610.989068][ T5813] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.073848][ T5813] usb 6-1: config 0 descriptor?? [ 611.088346][T15885] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 611.112661][T15885] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 611.145616][ T5813] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 611.174750][T15911] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3346'. [ 611.358516][ T5813] usb 6-1: USB disconnect, device number 12 [ 611.368989][ T5813] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 611.711888][ T1304] 0: reclassify loop, rule prio 0, protocol 800 [ 613.133569][T15954] 9pnet_virtio: no channels available for device syz [ 613.143032][T15954] overlayfs: missing 'lowerdir' [ 613.149101][T15954] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 613.177697][T15954] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 613.187819][T15954] overlayfs: failed to look up (tracing) for ino (-66) [ 613.239129][T15959] loop8: detected capacity change from 0 to 8 [ 613.251134][T15959] loop8: [CUMANA/ADFS] p1 [ADFS] p1 [ 613.257429][T15959] loop8: partition table partially beyond EOD, truncated [ 613.266705][T15959] loop8: p1 size 3004527350 extends beyond EOD, truncated [ 613.325060][T14742] udevd[14742]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 613.416088][ T30] audit: type=1326 audit(1765890842.739:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15964 comm="syz.2.3367" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1a9ff8f749 code=0x0 [ 613.441088][ T5813] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 613.626416][T15970] 9pnet_virtio: no channels available for device syz [ 613.633515][ T5813] usb 6-1: Using ep0 maxpacket: 8 [ 613.640475][T15970] overlayfs: missing 'lowerdir' [ 613.648041][T15970] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 613.648463][ T5813] usb 6-1: unable to get BOS descriptor or descriptor too short [ 613.664272][ T5813] usb 6-1: config 4 has an invalid interface number: 30 but max is 0 [ 613.672645][ T5813] usb 6-1: config 4 has no interface number 0 [ 613.673817][T15970] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 613.678776][ T5813] usb 6-1: config 4 interface 30 has no altsetting 0 [ 613.688653][T15970] overlayfs: failed to look up (tracing) for ino (-66) [ 613.706854][ T5813] usb 6-1: string descriptor 0 read error: -22 [ 613.713368][ T5813] usb 6-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 613.722600][ T5813] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.735305][ T5813] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 613.742484][ T5813] dw2102: su3000_power_ctrl: 1, initialized 0 [ 613.748825][ T5813] dvb-usb: bulk message failed: -22 (2/0) [ 613.757308][ T5813] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 613.767257][ T5813] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 613.770920][ T5995] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 613.775037][ T5813] usb 6-1: media controller created [ 613.788020][ T5813] dvb-usb: bulk message failed: -22 (6/0) [ 613.795256][ T5813] dw2102: i2c transfer failed. [ 613.801696][ T5813] dvb-usb: bulk message failed: -22 (6/0) [ 613.808594][ T5813] dw2102: i2c transfer failed. [ 613.813767][ T5813] dvb-usb: bulk message failed: -22 (6/0) [ 613.819528][ T5813] dw2102: i2c transfer failed. [ 613.824678][ T5813] dvb-usb: bulk message failed: -22 (6/0) [ 613.830433][ T5813] dw2102: i2c transfer failed. [ 613.838006][ T5813] dvb-usb: bulk message failed: -22 (6/0) [ 613.844668][ T5813] dw2102: i2c transfer failed. [ 613.849728][ T5813] dvb-usb: bulk message failed: -22 (6/0) [ 613.855703][ T5813] dw2102: i2c transfer failed. [ 613.860742][ T5813] dvb-usb: MAC address: 02:02:02:02:02:02 [ 613.878397][ T5813] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 613.917343][ T5813] dvb-usb: bulk message failed: -22 (3/0) [ 613.923383][ T5813] dw2102: command 0x0e transfer failed. [ 613.930660][ T5813] dvb-usb: bulk message failed: -22 (3/0) [ 613.930891][ T5995] usb 3-1: Using ep0 maxpacket: 32 [ 613.940535][ T5813] dw2102: command 0x0e transfer failed. [ 613.965988][ T5995] usb 3-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 613.976789][ T5995] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.984886][ T5995] usb 3-1: Product: syz [ 613.989185][ T5995] usb 3-1: Manufacturer: syz [ 613.993909][ T5995] usb 3-1: SerialNumber: syz [ 614.001811][ T5995] usb 3-1: config 0 descriptor?? [ 614.016251][ T5995] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 614.024685][ T5995] dvb-usb: bulk message failed: -22 (2/0) [ 614.062088][ T5995] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 614.075139][ T5995] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 614.085357][ T5995] usb 3-1: media controller created [ 614.102375][ T5995] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 614.123048][ T5995] usb 3-1: selecting invalid altsetting 7 [ 614.128798][ T5995] cxusb: set interface failed [ 614.133748][ T5995] dvb-usb: bulk message failed: -22 (1/0) [ 614.155022][ T5995] DVB: Unable to find symbol lgdt330x_attach() [ 614.162143][ T5995] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 614.257943][ T5813] dvb-usb: bulk message failed: -22 (3/0) [ 614.264125][ T5813] dw2102: command 0x0e transfer failed. [ 614.269799][ T5813] dvb-usb: bulk message failed: -22 (3/0) [ 614.282948][ T5813] dw2102: command 0x0e transfer failed. [ 614.288770][ T5813] dvb-usb: bulk message failed: -22 (1/0) [ 614.303011][ T5813] dw2102: command 0x51 transfer failed. [ 614.309095][ T5813] dvb-usb: bulk message failed: -22 (5/0) [ 614.316138][ T5813] dw2102: i2c probe for address 0x68 failed. [ 614.327839][ T5813] dvb-usb: bulk message failed: -22 (5/0) [ 614.336647][ T5813] dw2102: i2c probe for address 0x69 failed. [ 614.343490][ T5813] dvb-usb: bulk message failed: -22 (5/0) [ 614.349641][ T5813] dw2102: i2c probe for address 0x6a failed. [ 614.358046][T15957] dvb-usb: bulk message failed: -22 (3/0) [ 614.365259][T15957] dw2102: i2c transfer failed. [ 614.370304][ T5813] dw2102: probing for demodulator failed. Is the external power switched on? [ 614.380956][T15957] dvb-usb: bulk message failed: -22 (3/0) [ 614.386824][ T5813] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 614.397842][T15957] dw2102: i2c transfer failed. [ 614.406349][T15957] dvb-usb: bulk message failed: -22 (4/0) [ 614.415077][T15957] dw2102: i2c transfer failed. [ 614.444120][T15968] dvb-usb: bulk message failed: -22 (3/0) [ 614.451564][T15968] dw2102: i2c transfer failed. [ 614.470931][T15968] dvb-usb: bulk message failed: -22 (3/0) [ 614.486735][T15968] dw2102: i2c transfer failed. [ 614.492977][ T5995] rc_core: IR keymap rc-dvico-portable not found [ 614.507850][ T5995] Registered IR keymap rc-empty [ 614.521682][ T5995] rc rc1: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc1 [ 614.537612][ T5995] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc1/input52 [ 614.549967][ T5995] dvb-usb: schedule remote query interval to 100 msecs. [ 614.562690][ T5995] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 614.572339][ T5813] rc_core: IR keymap rc-tt-1500 not found [ 614.578927][ T5813] Registered IR keymap rc-empty [ 614.607507][ T5813] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0 [ 614.638342][ T5813] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input51 [ 614.653661][ T5813] dvb-usb: schedule remote query interval to 250 msecs. [ 614.660761][ T5813] dw2102: su3000_power_ctrl: 0, initialized 1 [ 614.667387][ T5813] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 614.675748][ T5995] dvb-usb: bulk message failed: -22 (1/0) [ 614.695538][ T5813] usb 6-1: USB disconnect, device number 13 [ 614.739774][ T30] audit: type=1400 audit(1765890844.059:1134): avc: denied { create } for pid=15980 comm="syz.4.3371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 614.768494][ T30] audit: type=1400 audit(1765890844.089:1135): avc: denied { getopt } for pid=15980 comm="syz.4.3371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 614.791398][ T5995] dvb-usb: bulk message failed: -22 (1/0) [ 614.900932][ T5995] dvb-usb: bulk message failed: -22 (1/0) [ 615.698043][T15999] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3378'. [ 615.754834][ T30] audit: type=1400 audit(1765890844.979:1136): avc: denied { append } for pid=15993 comm="syz.3.3376" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 615.840512][ T30] audit: type=1400 audit(1765890844.989:1137): avc: denied { connect } for pid=15993 comm="syz.3.3376" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 615.869138][ T5923] dvb-usb: bulk message failed: -22 (1/0) [ 615.915241][ T30] audit: type=1400 audit(1765890844.989:1138): avc: denied { read } for pid=15993 comm="syz.3.3376" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 615.952831][T15985] 9pnet_virtio: no channels available for device syz [ 615.962429][T15985] overlayfs: missing 'lowerdir' [ 615.974930][T15985] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 615.983925][ T5923] dvb-usb: bulk message failed: -22 (1/0) [ 615.996555][ T30] audit: type=1400 audit(1765890844.989:1139): avc: denied { open } for pid=15993 comm="syz.3.3376" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 616.094493][ T5923] dvb-usb: bulk message failed: -22 (1/0) [ 616.200969][ T5995] dvb-usb: bulk message failed: -22 (1/0) [ 616.315566][ T5995] dvb-usb: bulk message failed: -22 (1/0) [ 616.437699][ T5995] dvb-usb: bulk message failed: -22 (1/0) [ 616.622099][ T5995] dvb-usb: bulk message failed: -22 (1/0) [ 616.753926][T14330] 0: reclassify loop, rule prio 0, protocol 800 [ 616.773858][ T5995] usb 3-1: USB disconnect, device number 15 [ 616.880222][ T5813] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 617.505842][ T5995] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 617.772174][ T30] audit: type=1400 audit(1765890847.099:1140): avc: denied { ioctl } for pid=16038 comm="syz.0.3394" path="socket:[51193]" dev="sockfs" ino=51193 ioctlcmd=0xb100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 617.831194][ T5995] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 620.821604][ T5995] usb 3-1: device descriptor read/all, error -71 [ 621.401032][T16078] 9pnet_virtio: no channels available for device syz [ 622.864997][T16081] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 623.038006][ T36] 0: reclassify loop, rule prio 0, protocol 800 [ 623.309014][T16085] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3403'. [ 623.318150][T16085] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3403'. [ 623.362005][T16085] bridge0: port 3(vlan2) entered blocking state [ 623.368680][T16085] bridge0: port 3(vlan2) entered disabled state [ 623.375905][T16085] vlan2: entered allmulticast mode [ 623.381082][T16085] bridge0: entered allmulticast mode [ 623.400317][T16085] vlan2: left allmulticast mode [ 623.405279][T16085] bridge0: left allmulticast mode [ 624.315991][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.476398][T16136] 9pnet_virtio: no channels available for device syz [ 627.216555][T16138] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 627.556402][T16148] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3427'. [ 627.948480][T16159] cgroup: name respecified [ 628.147348][T16163] netlink: 'syz.2.3433': attribute type 12 has an invalid length. [ 628.829129][T14327] 0: reclassify loop, rule prio 0, protocol 800 [ 629.283795][T16178] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 629.508023][T16186] bridge0: entered promiscuous mode [ 629.522831][T16189] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3443'. [ 629.559980][T16186] macsec1: entered promiscuous mode [ 629.867775][ T30] audit: type=1400 audit(1765890858.969:1141): avc: denied { read write } for pid=16181 comm="syz.5.3441" name="mouse0" dev="devtmpfs" ino=1002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 630.084795][ T30] audit: type=1400 audit(1765890858.969:1142): avc: denied { open } for pid=16181 comm="syz.5.3441" path="/dev/input/mouse0" dev="devtmpfs" ino=1002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 630.805701][T16205] cgroup: name respecified [ 631.457036][ T30] audit: type=1400 audit(1765890860.779:1143): avc: denied { create } for pid=16217 comm="syz.2.3453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 631.535468][ T30] audit: type=1400 audit(1765890860.829:1144): avc: denied { ioctl } for pid=16217 comm="syz.2.3453" path="socket:[52517]" dev="sockfs" ino=52517 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 631.630925][ T30] audit: type=1400 audit(1765890860.829:1145): avc: denied { write } for pid=16217 comm="syz.2.3453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 632.239748][ T30] audit: type=1400 audit(1765890861.559:1146): avc: denied { listen } for pid=16229 comm="syz.3.3456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 632.299367][T16232] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3457'. [ 634.116110][T14330] 0: reclassify loop, rule prio 0, protocol 800 [ 634.372819][T16260] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3469'. [ 635.533939][T16277] team_slave_0: entered promiscuous mode [ 635.539815][T16277] team_slave_1: entered promiscuous mode [ 635.546057][T16277] macsec1: entered promiscuous mode [ 635.551350][T16277] team0: entered promiscuous mode [ 636.879131][ T30] audit: type=1400 audit(1765890866.189:1147): avc: denied { unlink } for pid=16314 comm="syz.3.3490" name="#29" dev="tmpfs" ino=411 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 637.413867][T16336] 9pnet_virtio: no channels available for device syz [ 637.441441][T16336] overlayfs: missing 'lowerdir' [ 637.471881][T16336] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 637.500385][T16336] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 637.510782][T16336] overlayfs: failed to look up (tracing) for ino (-66) [ 637.940950][ T24] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 638.112970][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 638.129654][ T24] usb 4-1: not running at top speed; connect to a high speed hub [ 638.142445][ T24] usb 4-1: config 7 has an invalid interface number: 145 but max is 0 [ 638.150735][ T24] usb 4-1: config 7 has no interface number 0 [ 638.158247][ T24] usb 4-1: config 7 interface 145 altsetting 6 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 638.192343][ T24] usb 4-1: config 7 interface 145 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 638.215020][ T24] usb 4-1: config 7 interface 145 has no altsetting 0 [ 638.230606][ T24] usb 4-1: string descriptor 0 read error: -22 [ 638.238889][ T24] usb 4-1: New USB device found, idVendor=a168, idProduct=0618, bcdDevice=9a.92 [ 638.259202][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.299460][T16348] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 638.324972][ T24] gspca_main: gspca_sn9c20x-2.14.0 probing a168:0618 [ 638.429222][T16389] sctp: [Deprecated]: syz.4.3523 (pid 16389) Use of struct sctp_assoc_value in delayed_ack socket option. [ 638.429222][T16389] Use struct sctp_sack_info instead [ 638.735363][ T24] gspca_sn9c20x: Write register 1001 failed -71 [ 638.750548][ T24] gspca_sn9c20x: Device initialization failed [ 638.757196][ T24] gspca_sn9c20x 4-1:7.145: probe with driver gspca_sn9c20x failed with error -71 [ 638.773397][ T24] usb 4-1: USB disconnect, device number 15 [ 639.320184][ T30] audit: type=1400 audit(1765890868.639:1148): avc: denied { setopt } for pid=16407 comm="syz.4.3531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 639.372302][ T30] audit: type=1400 audit(1765890868.669:1149): avc: denied { write } for pid=16407 comm="syz.4.3531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 639.394020][ T30] audit: type=1400 audit(1765890868.669:1150): avc: denied { read } for pid=16407 comm="syz.4.3531" lport=4365 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 639.879235][ T4185] 0: reclassify loop, rule prio 0, protocol 800 [ 640.115674][T16423] 9p: Bad value for 'wfdno' [ 641.350559][ T30] audit: type=1400 audit(1765890870.669:1151): avc: denied { connect } for pid=16441 comm="syz.4.3544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 641.636395][T16446] 9pnet_virtio: no channels available for device syz [ 642.651051][T16447] overlayfs: failed to clone lowerpath [ 642.701484][T16449] overlayfs: failed to clone lowerpath [ 643.393599][T16458] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3550'. [ 643.394075][T16462] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3552'. [ 643.639782][T16472] bond1: entered promiscuous mode [ 643.646863][T16472] bond1: entered allmulticast mode [ 643.652452][T16472] 8021q: adding VLAN 0 to HW filter on device bond1 [ 643.746027][T16472] bond1 (unregistering): Released all slaves [ 644.052145][ T5813] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 644.230912][ T5813] usb 6-1: Using ep0 maxpacket: 32 [ 644.242324][ T5813] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 644.259966][ T5813] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.284720][ T5813] usb 6-1: config 0 descriptor?? [ 644.351002][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 644.517489][T16491] 9pnet_virtio: no channels available for device syz [ 645.510275][ T5813] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 645.554206][ T5813] usb 6-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 645.566583][ T5813] usb 6-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 645.600790][ T30] audit: type=1400 audit(1765890874.889:1152): avc: denied { firmware_load } for pid=5813 comm="kworker/0:3" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 645.641199][T14382] 0: reclassify loop, rule prio 0, protocol 800 [ 645.650383][T16491] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 646.927193][T16516] sctp: [Deprecated]: syz.3.3567 (pid 16516) Use of struct sctp_assoc_value in delayed_ack socket option. [ 646.927193][T16516] Use struct sctp_sack_info instead [ 647.021570][T16525] team0: Device xfrm1 is of different type [ 647.327327][T16531] cgroup: name respecified [ 649.384751][ T30] audit: type=1400 audit(1765890878.709:1153): avc: denied { remount } for pid=16557 comm="syz.5.3583" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 649.497853][ T30] audit: type=1400 audit(1765890878.809:1154): avc: denied { unmount } for pid=12670 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 649.740099][T16568] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3586'. [ 650.434893][T16568] veth0_macvtap: left promiscuous mode [ 651.170288][T16583] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3590'. [ 651.401427][ T5993] 0: reclassify loop, rule prio 0, protocol 800 [ 651.420903][ T5992] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 651.572521][ T5992] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 651.582448][ T5992] usb 4-1: config 0 interface 0 has no altsetting 0 [ 651.590671][ T5992] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 651.600696][ T5992] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 651.608912][ T5992] usb 4-1: Product: syz [ 651.613229][ T5992] usb 4-1: Manufacturer: syz [ 651.617833][ T5992] usb 4-1: SerialNumber: syz [ 651.624087][ T5992] usb 4-1: config 0 descriptor?? [ 651.632298][ T5992] usb 4-1: selecting invalid altsetting 0 [ 654.263435][ T91] usb 4-1: USB disconnect, device number 16 [ 654.981086][ T5865] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 655.882304][ T5865] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 655.900936][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 656.037684][ T5865] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 656.070862][ T5865] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 656.078872][ T5865] usb 4-1: Manufacturer: syz [ 656.470397][ T5865] usb 4-1: config 0 descriptor?? [ 656.575837][ T5865] rc_core: IR keymap rc-hauppauge not found [ 656.590437][ T5865] Registered IR keymap rc-empty [ 656.603013][ T5865] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 656.626363][ T5865] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input53 [ 656.710655][ T5865] usb 4-1: USB disconnect, device number 17 [ 656.750637][ T30] audit: type=1400 audit(1765890886.069:1155): avc: denied { create } for pid=16667 comm="syz.4.3620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 657.658467][T14327] 0: reclassify loop, rule prio 0, protocol 800 [ 663.502382][T16789] syzkaller1: entered promiscuous mode [ 663.508021][T16789] syzkaller1: entered allmulticast mode [ 663.552091][T14334] 0: reclassify loop, rule prio 0, protocol 800 [ 666.796938][T16849] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3683'. [ 667.316736][T16872] sctp: [Deprecated]: syz.2.3695 (pid 16872) Use of struct sctp_assoc_value in delayed_ack socket option. [ 667.316736][T16872] Use struct sctp_sack_info instead [ 668.470858][T16903] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3704'. [ 668.641470][T14340] 0: reclassify loop, rule prio 0, protocol 800 [ 669.101306][T16910] sctp: [Deprecated]: syz.0.3712 (pid 16910) Use of struct sctp_assoc_value in delayed_ack socket option. [ 669.101306][T16910] Use struct sctp_sack_info instead [ 669.389875][ T30] audit: type=1400 audit(1765890898.709:1156): avc: denied { mount } for pid=16915 comm="syz.4.3715" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 669.499725][T15308] Bluetooth: hci5: Unknown advertising packet type: 0x78 [ 669.499761][T15308] Bluetooth: hci5: adv larger than maximum supported [ 669.507299][T15308] Bluetooth: hci5: Malformed LE Event: 0x0d [ 669.515494][T16928] macsec0: entered promiscuous mode [ 669.525923][T16928] macsec0: entered allmulticast mode [ 669.531270][T16928] veth1_macvtap: entered allmulticast mode [ 670.295132][ T53] Bluetooth: hci0: unexpected event for opcode 0x0000 [ 670.421696][T16956] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3725'. [ 670.537421][T16960] sctp: [Deprecated]: syz.4.3731 (pid 16960) Use of struct sctp_assoc_value in delayed_ack socket option. [ 670.537421][T16960] Use struct sctp_sack_info instead [ 671.645933][T16993] 9pnet_virtio: no channels available for device syz [ 671.671753][T16993] overlayfs: missing 'lowerdir' [ 671.803840][T16994] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 672.041145][ T53] Bluetooth: hci5: command 0x0406 tx timeout [ 672.855661][T17006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3745'. [ 673.922920][T17046] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3762'. [ 674.431181][ T3857] 0: reclassify loop, rule prio 0, protocol 800 [ 674.863330][T17060] sctp: [Deprecated]: syz.0.3772 (pid 17060) Use of struct sctp_assoc_value in delayed_ack socket option. [ 674.863330][T17060] Use struct sctp_sack_info instead [ 675.034918][T17070] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3777'. [ 675.271825][T17074] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3778'. [ 677.063371][T17110] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3791'. [ 677.189790][T17118] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3794'. [ 677.201015][ T30] audit: type=1400 audit(1765890906.509:1157): avc: denied { nlmsg_read } for pid=17117 comm="syz.2.3794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 677.386542][ T30] audit: type=1400 audit(1765890906.709:1158): avc: denied { bind } for pid=17123 comm="syz.0.3797" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 677.454588][ T30] audit: type=1400 audit(1765890906.779:1159): avc: denied { write } for pid=17128 comm="syz.4.3799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 677.490468][ T30] audit: type=1400 audit(1765890906.779:1160): avc: denied { setopt } for pid=17128 comm="syz.4.3799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 677.524409][ T30] audit: type=1400 audit(1765890906.779:1161): avc: denied { read } for pid=17128 comm="syz.4.3799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 677.661978][T17137] cgroup: name respecified [ 678.164707][ T53] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 678.173437][ T53] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 678.181736][ T53] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 678.190203][ T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 678.198383][ T53] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 678.272388][ T30] audit: type=1400 audit(1765890907.599:1162): avc: denied { ioctl } for pid=17142 comm="syz.2.3804" path="socket:[54179]" dev="sockfs" ino=54179 ioctlcmd=0x6608 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 678.373169][T17146] netlink: 'syz.4.3805': attribute type 11 has an invalid length. [ 678.491467][T17140] chnl_net:caif_netlink_parms(): no params data found [ 678.615008][T15308] Bluetooth: hci1: connection err: -111 [ 678.639654][T17140] bridge0: port 1(bridge_slave_0) entered blocking state [ 678.649549][T17140] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.657125][T17140] bridge_slave_0: entered allmulticast mode [ 678.666237][T17140] bridge_slave_0: entered promiscuous mode [ 678.674521][T17140] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.682551][T17140] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.689679][T17140] bridge_slave_1: entered allmulticast mode [ 678.697686][T17140] bridge_slave_1: entered promiscuous mode [ 678.724784][T17140] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 678.736751][T17140] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 678.761032][T17140] team0: Port device team_slave_0 added [ 678.768116][T17140] team0: Port device team_slave_1 added [ 678.787566][T17140] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 678.794596][T17140] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 678.823581][T17140] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 678.837617][T17140] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 678.844918][T17140] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 678.871289][T17140] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 678.885505][T17167] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3812'. [ 678.925046][T17140] hsr_slave_0: entered promiscuous mode [ 678.933895][T17140] hsr_slave_1: entered promiscuous mode [ 679.035858][T17140] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 679.045385][T17140] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 679.054639][T17140] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 679.063576][T17140] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 679.084017][T17140] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.091131][T17140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 679.098421][T17140] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.105517][T17140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 679.144908][T17140] 8021q: adding VLAN 0 to HW filter on device bond0 [ 679.159881][T14331] bridge0: port 1(bridge_slave_0) entered disabled state [ 679.168748][T14331] bridge0: port 2(bridge_slave_1) entered disabled state [ 679.182861][T17140] 8021q: adding VLAN 0 to HW filter on device team0 [ 679.194973][T14331] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.202078][T14331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 679.213465][ T6047] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.220571][ T6047] bridge0: port 2(bridge_slave_1) entered forwarding state [ 679.349465][T17140] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 679.489225][T17140] veth0_vlan: entered promiscuous mode [ 679.500576][T17140] veth1_vlan: entered promiscuous mode [ 679.519835][T17140] veth0_macvtap: entered promiscuous mode [ 679.529802][T17140] veth1_macvtap: entered promiscuous mode [ 679.544122][T17140] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 679.551203][ T6047] 0: reclassify loop, rule prio 0, protocol 800 [ 679.555705][T17140] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 679.590616][T14331] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.602373][T14331] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.614229][T14331] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.635263][T14330] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.676299][T17189] tmpfs: Bad value for 'mpol' [ 679.709235][T14330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 679.725670][T14330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 679.756046][T14327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 679.765143][T14327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 680.169348][T17206] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3822'. [ 680.274376][T15308] Bluetooth: hci4: command tx timeout [ 681.551847][T17230] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 681.886371][ T30] audit: type=1326 audit(1765890911.209:1163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17235 comm="syz.5.3833" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc3f838f749 code=0x0 [ 682.400916][T15308] Bluetooth: hci4: command tx timeout [ 682.707154][T15308] Bluetooth: hci0: unexpected cc 0x100c length: 65 > 3 [ 682.718320][T15308] Bluetooth: hci0: unexpected event for opcode 0x100c [ 682.775784][ T30] audit: type=1400 audit(1765890912.099:1164): avc: denied { bind } for pid=17275 comm="syz.5.3847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 682.781852][ T9] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 682.833220][T17278] sctp: [Deprecated]: syz.5.3848 (pid 17278) Use of struct sctp_assoc_value in delayed_ack socket option. [ 682.833220][T17278] Use struct sctp_sack_info instead [ 682.964792][ T9] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 682.975869][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.983965][ T9] usb 7-1: Product: syz [ 682.988243][ T9] usb 7-1: Manufacturer: syz [ 682.993901][ T9] usb 7-1: SerialNumber: syz [ 683.002281][ T9] usb 7-1: config 0 descriptor?? [ 683.213330][ T9] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 683.599047][T17304] sctp: [Deprecated]: syz.2.3859 (pid 17304) Use of struct sctp_assoc_value in delayed_ack socket option. [ 683.599047][T17304] Use struct sctp_sack_info instead [ 684.431448][T15308] Bluetooth: hci4: command tx timeout [ 684.447290][T17330] tipc: Started in network mode [ 684.452377][T17330] tipc: Node identity 40400000000000000000000000000001, cluster identity 4711 [ 684.461667][T17330] tipc: Enabling of bearer rejected, failed to enable media [ 684.562837][T17333] sctp: [Deprecated]: syz.0.3872 (pid 17333) Use of struct sctp_assoc_value in delayed_ack socket option. [ 684.562837][T17333] Use struct sctp_sack_info instead [ 684.586960][ T30] audit: type=1400 audit(1765890913.909:1165): avc: denied { ioctl } for pid=17329 comm="syz.5.3871" path="socket:[55901]" dev="sockfs" ino=55901 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 684.635451][ T30] audit: type=1400 audit(1765890913.949:1166): avc: denied { read } for pid=17335 comm="syz.0.3873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 685.319109][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.319752][ T3857] 0: reclassify loop, rule prio 0, protocol 800 [ 685.546768][T17351] netlink: 120 bytes leftover after parsing attributes in process `syz.5.3879'. [ 685.555965][T17351] netlink: 120 bytes leftover after parsing attributes in process `syz.5.3879'. [ 685.565037][T17351] netlink: 120 bytes leftover after parsing attributes in process `syz.5.3879'. [ 686.540852][ T53] Bluetooth: hci4: command tx timeout [ 686.704161][ T9] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 686.726157][ T9] usb 7-1: USB disconnect, device number 2 [ 687.391322][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 687.779704][T15308] Bluetooth: hci0: unexpected event for opcode 0x0c0d [ 688.002804][T17430] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3909'. [ 688.295810][ T30] audit: type=1400 audit(1765890917.619:1167): avc: denied { read } for pid=17450 comm="syz.2.3919" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 688.343541][T17453] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3920'. [ 688.821051][ T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 689.001320][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 689.010170][ T9] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 689.022105][ T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 689.031938][ T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 689.041993][ T9] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 689.055291][ T9] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 689.065122][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.287663][ T9] usb 7-1: GET_CAPABILITIES returned 0 [ 689.293717][ T9] usbtmc 7-1:16.0: can't read capabilities [ 689.520521][ T5992] usb 7-1: USB disconnect, device number 3 [ 691.267482][ T13] 0: reclassify loop, rule prio 0, protocol 800 [ 691.343019][ T30] audit: type=1400 audit(1765890920.669:1168): avc: denied { read write } for pid=17495 comm="syz.6.3936" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 691.421705][ T30] audit: type=1400 audit(1765890920.669:1169): avc: denied { open } for pid=17495 comm="syz.6.3936" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 691.481025][ T30] audit: type=1400 audit(1765890920.689:1170): avc: denied { ioctl } for pid=17495 comm="syz.6.3936" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 693.130052][T17575] sctp: [Deprecated]: syz.0.3970 (pid 17575) Use of struct sctp_assoc_value in delayed_ack socket option. [ 693.130052][T17575] Use struct sctp_sack_info instead [ 693.392616][T15308] Bluetooth: hci1: command tx timeout [ 693.818407][T17616] sctp: [Deprecated]: syz.2.3987 (pid 17616) Use of struct sctp_assoc_value in delayed_ack socket option. [ 693.818407][T17616] Use struct sctp_sack_info instead [ 693.860561][ T30] audit: type=1400 audit(1765890923.179:1171): avc: denied { ioctl } for pid=17617 comm="syz.6.3989" path="socket:[57212]" dev="sockfs" ino=57212 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 695.307513][T17649] cgroup: name respecified [ 695.472080][T17666] sctp: [Deprecated]: syz.0.4004 (pid 17666) Use of struct sctp_assoc_value in delayed_ack socket option. [ 695.472080][T17666] Use struct sctp_sack_info instead [ 696.177342][ T30] audit: type=1400 audit(1765890925.499:1172): avc: denied { read } for pid=17676 comm="syz.6.4012" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 696.459531][ T6047] 0: reclassify loop, rule prio 0, protocol 800 [ 696.476731][ T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 696.641420][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 696.697466][ T10] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 696.745558][ T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 696.915226][ T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 696.926485][ T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 696.946803][ T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 696.968079][ T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 696.980252][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.196054][ T10] usb 7-1: usb_control_msg returned -32 [ 697.206401][ T10] usbtmc 7-1:16.0: can't read capabilities [ 697.460980][T17705] sctp: [Deprecated]: syz.2.4023 (pid 17705) Use of struct sctp_assoc_value in delayed_ack socket option. [ 697.460980][T17705] Use struct sctp_sack_info instead [ 697.556402][T17708] usbtmc 7-1:16.0: stb usb_control_msg returned -32 [ 697.579474][ T6061] usb 7-1: USB disconnect, device number 4 [ 698.495647][T17722] 9pnet_virtio: no channels available for device syz [ 698.514566][T17722] overlayfs: missing 'lowerdir' [ 698.600157][T17723] overlayfs: failed to clone lowerpath [ 699.800181][T17740] tmpfs: Bad value for 'mpol' [ 700.009408][T17751] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4042'. [ 700.057152][ T30] audit: type=1400 audit(1765890929.379:1173): avc: denied { write } for pid=17755 comm="syz.2.4045" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 700.080429][ T30] audit: type=1400 audit(1765890929.379:1174): avc: denied { setopt } for pid=17755 comm="syz.2.4045" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 701.308362][T17787] netlink: 'syz.2.4054': attribute type 1 has an invalid length. [ 701.326687][T17787] 8021q: adding VLAN 0 to HW filter on device bond1 [ 701.561432][T14331] 0: reclassify loop, rule prio 0, protocol 800 [ 702.055821][T17810] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4064'. [ 702.065778][T17810] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4064'. [ 702.129016][T17814] netlink: 'syz.0.4066': attribute type 1 has an invalid length. [ 702.150370][T17814] 8021q: adding VLAN 0 to HW filter on device bond1 [ 702.228547][ T30] audit: type=1400 audit(1765890931.549:1175): avc: denied { associate } for pid=17820 comm="syz.0.4068" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 702.251069][ T30] audit: type=1400 audit(1765890931.549:1176): avc: denied { unmount } for pid=17818 comm="syz.0.4068" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 702.582306][T17834] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4075'. [ 702.592089][T17834] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4075'. [ 702.733198][T17840] netlink: 'syz.2.4078': attribute type 1 has an invalid length. [ 702.762642][ T53] Bluetooth: hci1: command 0x0406 tx timeout [ 702.900928][T15308] Bluetooth: hci0: unexpected event for opcode 0x200b [ 703.993267][T17875] ucma_write: process 83 (syz.6.4093) changed security contexts after opening file descriptor, this is not allowed. [ 704.066523][T17881] VFS: Mount too revealing [ 704.429585][T17897] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4097'. [ 705.307432][T17906] netlink: 'syz.0.4104': attribute type 10 has an invalid length. [ 705.373538][T17906] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 705.949376][ T5813] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 706.024720][ T5813] dvb_usb_az6027 6-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 706.355707][ T5813] usb 6-1: USB disconnect, device number 14 [ 706.705404][ T5813] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 706.864448][T17939] netlink: 104 bytes leftover after parsing attributes in process `syz.2.4118'. [ 706.889490][ T5813] usb 6-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 706.911009][ T5813] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 706.919052][ T5813] usb 6-1: Product: syz [ 706.923426][ T5813] usb 6-1: Manufacturer: syz [ 706.926106][ T5993] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 706.928011][ T5813] usb 6-1: SerialNumber: syz [ 706.971367][ T5813] hub 6-1:24.0: bad descriptor, ignoring hub [ 706.977390][ T5813] hub 6-1:24.0: probe with driver hub failed with error -5 [ 707.015534][ T5993] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 707.073071][ T5993] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 707.114755][ T5993] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 707.179465][ T5813] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 707.190763][ T5813] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 707.219577][ T5813] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 707.260765][ T5813] usb 6-1: media controller created [ 707.279616][ T5813] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 707.288790][ T5993] bridge_slave_1: left allmulticast mode [ 707.295846][ T5993] bridge_slave_1: left promiscuous mode [ 707.311348][ T5993] bridge0: port 2(bridge_slave_1) entered disabled state [ 707.325393][ T5993] bridge_slave_0: left allmulticast mode [ 707.337352][ T5993] bridge_slave_0: left promiscuous mode [ 707.358082][ T5993] bridge0: port 1(bridge_slave_0) entered disabled state [ 707.393952][ T5813] DVB: Unable to find symbol dib7000p_attach() [ 707.413233][ T5813] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 707.551313][ T5813] rc_core: IR keymap rc-dib0700-rc5 not found [ 707.563505][ T5813] Registered IR keymap rc-empty [ 707.568774][ T5813] dvb-usb: could not initialize remote control. [ 707.605901][ T5813] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 707.641583][ T5813] usb 6-1: USB disconnect, device number 15 [ 707.763450][ T5813] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 708.142980][ T5993] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 708.154664][ T5993] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 708.166271][ T5993] bond0 (unregistering): Released all slaves [ 708.505646][T17981] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 708.516559][T17981] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 708.656530][T17981] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 708.742763][T17981] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 709.087826][ T5993] hsr_slave_0: left promiscuous mode [ 709.102708][ T5993] hsr_slave_1: left promiscuous mode [ 709.115475][ T5993] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 709.129857][T17991] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4140'. [ 709.139018][ T5993] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 709.149894][ T5993] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 709.204646][ T5993] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 709.266288][ T5993] team0: left promiscuous mode [ 709.277542][ T5993] team_slave_0: left promiscuous mode [ 709.283183][ T5993] team_slave_1: left promiscuous mode [ 709.316172][ T5993] veth1_macvtap: left promiscuous mode [ 709.333705][ T5993] veth0_macvtap: left promiscuous mode [ 709.339338][ T5993] veth1_vlan: left promiscuous mode [ 709.356543][T17997] 9pnet_virtio: no channels available for device syz [ 709.359377][ T5993] veth0_vlan: left promiscuous mode [ 709.370972][T17997] overlayfs: missing 'lowerdir' [ 709.376862][T17997] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 709.439821][T17997] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 709.503817][T17997] overlayfs: failed to look up (tracing) for ino (-66) [ 709.615434][ T30] audit: type=1400 audit(1765890938.939:1177): avc: denied { read } for pid=18005 comm="syz.5.4146" name="file0" dev="fuse" ino=288230376151711744 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 709.643529][T18006] sd 0:0:1:0: PR command failed: 1026 [ 709.649080][T18006] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 709.672665][T18006] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 709.679911][ T30] audit: type=1400 audit(1765890938.939:1178): avc: denied { open } for pid=18005 comm="syz.5.4146" path="/324/file0/file0" dev="fuse" ino=288230376151711744 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 709.723867][ T30] audit: type=1400 audit(1765890938.969:1179): avc: denied { ioctl } for pid=18005 comm="syz.5.4146" path="/324/file0/file0" dev="fuse" ino=288230376151711744 ioctlcmd=0x70cf scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 710.226327][ T5993] team0 (unregistering): Port device team_slave_1 removed [ 710.269255][ T5993] team0 (unregistering): Port device team_slave_0 removed [ 711.879240][T15308] Bluetooth: unknown link type 116 [ 711.884628][T15308] Bluetooth: hci0: connection err: -111 [ 711.909473][ T30] audit: type=1400 audit(1765890941.229:1180): avc: denied { relabelfrom } for pid=18054 comm="syz.4.4164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 711.993319][ T30] audit: type=1400 audit(1765890941.259:1181): avc: denied { relabelto } for pid=18054 comm="syz.4.4164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 712.779394][T18077] netlink: 112 bytes leftover after parsing attributes in process `syz.2.4173'. [ 714.801371][ T30] audit: type=1400 audit(1765890944.119:1182): avc: denied { listen } for pid=18126 comm="syz.4.4197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 714.826625][ T30] audit: type=1400 audit(1765890944.119:1183): avc: denied { accept } for pid=18126 comm="syz.4.4197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 715.057922][T18146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 715.076250][T18146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 715.529847][T18158] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4212'. [ 715.744607][T18168] netlink: 'syz.4.4217': attribute type 1 has an invalid length. [ 715.751105][T18169] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4216'. [ 715.767079][T18172] netlink: 104 bytes leftover after parsing attributes in process `syz.2.4219'. [ 715.803688][T18168] 8021q: adding VLAN 0 to HW filter on device bond1 [ 716.115467][T18189] 9pnet_virtio: no channels available for device syz [ 716.331697][T18189] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 716.655694][T18197] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4226'. [ 717.285064][T18209] netlink: 'syz.5.4232': attribute type 1 has an invalid length. [ 717.347752][T18209] 8021q: adding VLAN 0 to HW filter on device bond1 [ 717.461899][ T30] audit: type=1400 audit(1765890946.789:1184): avc: denied { ioctl } for pid=18216 comm="syz.2.4235" path="socket:[60229]" dev="sockfs" ino=60229 ioctlcmd=0x89ee scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 717.720988][ T5992] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 717.992557][ T5992] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 718.001460][ T5992] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 718.021111][ T5992] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 718.093343][T18243] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4244'. [ 718.461616][ T5992] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 718.474029][ T5992] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 718.483257][ T5992] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 718.491351][ T5992] usb 6-1: Product: syz [ 718.495508][ T5992] usb 6-1: Manufacturer: syz [ 718.509511][ T5992] cdc_wdm 6-1:1.0: skipping garbage [ 718.521250][ T5992] cdc_wdm 6-1:1.0: skipping garbage [ 718.541107][ T5992] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 718.547031][ T5992] cdc_wdm 6-1:1.0: Unknown control protocol [ 718.565329][T18249] overlayfs: failed to clone upperpath [ 718.679705][ T53] Bluetooth: hci5: unknown advertising packet type: 0x17 [ 718.679737][ T53] Bluetooth: hci5: unknown advertising packet type: 0x25 [ 718.690449][ T53] Bluetooth: hci5: unknown advertising packet type: 0x05 [ 718.698535][ T53] Bluetooth: hci5: unknown advertising packet type: 0xff [ 718.761098][ T30] audit: type=1400 audit(1765890948.079:1185): avc: denied { read write } for pid=18222 comm="syz.5.4238" name="cdc-wdm0" dev="devtmpfs" ino=3335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 718.814069][ T30] audit: type=1400 audit(1765890948.079:1186): avc: denied { open } for pid=18222 comm="syz.5.4238" path="/dev/cdc-wdm0" dev="devtmpfs" ino=3335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 719.480880][ T53] Bluetooth: hci1: command 0x0406 tx timeout [ 719.621214][T18272] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4259'. [ 719.750955][ T10] usb 6-1: USB disconnect, device number 16 [ 720.068246][T15308] Bluetooth: hci1: ISO packet for unknown connection handle 201 [ 720.137124][T18300] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4265'. [ 720.534721][ T30] audit: type=1400 audit(1765890949.859:1187): avc: denied { connect } for pid=18303 comm="syz.5.4271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 720.819439][T18311] netlink: 'syz.2.4274': attribute type 1 has an invalid length. [ 720.841253][T18311] 8021q: adding VLAN 0 to HW filter on device bond2 [ 721.320386][T18315] 9pnet_virtio: no channels available for device syz [ 721.333987][T18315] overlayfs: missing 'lowerdir' [ 721.362751][T14338] 0: reclassify loop, rule prio 0, protocol 800 [ 721.379622][T18315] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 721.491392][T18315] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 721.501595][T18315] overlayfs: failed to look up (tracing) for ino (-66) [ 725.392890][T18350] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4284'. [ 725.907448][T18354] tmpfs: Bad value for 'mpol' [ 726.995527][T14334] 0: reclassify loop, rule prio 0, protocol 800 [ 728.472982][T18401] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4300'. [ 729.458103][T18418] 9pnet_virtio: no channels available for device syz [ 730.253847][T18418] overlayfs: failed to clone lowerpath [ 730.260386][T18418] overlayfs: failed to clone lowerpath [ 731.543226][T18456] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4319'. [ 731.555368][T16775] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 732.472278][T16775] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 732.490388][T16775] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 732.499899][T16775] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 732.508647][T16775] usb 7-1: SerialNumber: syz [ 732.675860][T14327] 0: reclassify loop, rule prio 0, protocol 800 [ 733.593987][T16775] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -71 [ 733.649127][T16775] usb 7-1: USB disconnect, device number 5 [ 735.058459][T18506] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4343'. [ 735.283527][T18519] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4348'. [ 736.137207][ T30] audit: type=1400 audit(1765890965.459:1188): avc: denied { audit_read } for pid=18528 comm="syz.2.4351" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 736.288277][ T5923] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 736.315970][ T5923] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 736.469420][T18551] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4359'. [ 736.483117][T18548] fido_id[18548]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 736.681222][T18556] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4361'. [ 738.088450][T18577] netlink: 4280 bytes leftover after parsing attributes in process `syz.4.4370'. [ 738.097669][T18577] netlink: 4280 bytes leftover after parsing attributes in process `syz.4.4370'. [ 738.431906][T14338] 0: reclassify loop, rule prio 0, protocol 800 [ 738.513623][T18587] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4373'. [ 738.800961][T18599] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4379'. [ 739.005767][T18610] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 739.012534][T18610] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 739.364538][ T30] audit: type=1400 audit(1765890968.689:1189): avc: denied { read write } for pid=18615 comm="syz.5.4386" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 739.422234][ T30] audit: type=1400 audit(1765890968.709:1190): avc: denied { open } for pid=18615 comm="syz.5.4386" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 739.479103][ T30] audit: type=1400 audit(1765890968.729:1191): avc: denied { ioctl } for pid=18615 comm="syz.5.4386" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 739.761281][T18626] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4388'. [ 740.552763][T18628] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4391'. [ 741.631673][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 742.047039][T18692] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.4416'. [ 742.362990][T18701] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4421'. [ 743.344972][T18737] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4434'. [ 743.401883][T18729] cgroup: name respecified [ 743.790166][T18741] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 743.799024][T18741] team0: Port device batadv1 added [ 743.939336][T15308] Bluetooth: hci1: ISO packet for unknown connection handle 201 [ 744.234550][ T78] 0: reclassify loop, rule prio 0, protocol 800 [ 744.741257][T15308] Bluetooth: hci0: unexpected event 0x3e length: 262 > 260 [ 744.741289][T15308] Bluetooth: hci0: unexpected subevent 0x0d length: 261 > 260 [ 745.263260][T18775] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4448'. [ 746.490415][T15308] Bluetooth: hci4: unexpected event 0x3e length: 262 > 260 [ 746.490444][T15308] Bluetooth: hci4: unexpected subevent 0x0d length: 261 > 260 [ 746.755296][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.823636][T18822] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4463'. [ 749.786439][T18853] 9pnet_virtio: no channels available for device syz [ 749.953134][ T3857] 0: reclassify loop, rule prio 0, protocol 800 [ 750.353255][T18864] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4477'. [ 751.287417][T18853] overlayfs: failed to clone lowerpath [ 751.313255][T18853] overlayfs: failed to clone lowerpath [ 751.492909][T15308] Bluetooth: hci2: unexpected event 0x3e length: 262 > 260 [ 751.492939][T15308] Bluetooth: hci2: unexpected subevent 0x0d length: 261 > 260 [ 751.933646][T18893] netlink: 'syz.4.4489': attribute type 72 has an invalid length. [ 751.953792][T18893] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4489'. [ 752.134927][T18900] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4491'. [ 752.393097][T18899] cgroup: name respecified [ 752.856526][T15308] Bluetooth: hci4: unexpected event 0x3e length: 262 > 260 [ 752.856601][T15308] Bluetooth: hci4: unexpected subevent 0x0d length: 261 > 260 [ 754.260396][T18934] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4501'. [ 754.474547][T18932] cgroup: name respecified [ 754.539549][T18944] 9pnet_virtio: no channels available for device syz [ 754.555611][T18944] overlayfs: missing 'lowerdir' [ 754.632964][T18945] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 754.759841][T18945] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 754.770229][T18945] overlayfs: failed to look up (tracing) for ino (-66) [ 755.711314][ T3857] 0: reclassify loop, rule prio 0, protocol 800 [ 755.763502][T15308] Bluetooth: hci5: unexpected event 0x3e length: 262 > 260 [ 755.763530][T15308] Bluetooth: hci5: unexpected subevent 0x0d length: 261 > 260 [ 758.111188][T15308] Bluetooth: hci2: command 0x0406 tx timeout [ 758.425639][T19001] 9pnet_virtio: no channels available for device syz [ 759.943639][ T30] audit: type=1400 audit(1765890989.209:1192): avc: denied { create } for pid=19031 comm="syz.5.4541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 760.048683][T19001] overlayfs: failed to clone lowerpath [ 760.110086][T19001] overlayfs: failed to clone lowerpath [ 761.399262][T19056] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.4550'. [ 761.471208][T14338] 0: reclassify loop, rule prio 0, protocol 800 [ 761.543034][ T6061] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 761.795133][ T6061] usb 7-1: Using ep0 maxpacket: 32 [ 761.855632][ T6061] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 761.864240][ T6061] usb 7-1: config 0 has no interface number 0 [ 761.884391][ T6061] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 761.911822][ T6061] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.938957][ T6061] usb 7-1: Product: syz [ 761.969968][ T6061] usb 7-1: Manufacturer: syz [ 761.988627][ T6061] usb 7-1: SerialNumber: syz [ 762.111052][ T6061] usb 7-1: config 0 descriptor?? [ 762.146969][ T6061] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 762.238625][ T6061] usb 7-1: selecting invalid altsetting 1 [ 762.261265][ T6061] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 762.273996][ T6061] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 762.337990][T19071] Malformed UNC in devname [ 762.337990][T19071] [ 762.345098][T19071] CIFS: VFS: Malformed UNC in devname [ 762.683341][ T6061] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 762.706246][ T6061] usb 7-1: media controller created [ 762.732962][ T6061] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 763.033078][ T6061] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 763.391062][ T53] Bluetooth: hci0: command 0x0406 tx timeout [ 763.413859][ T6061] usb 7-1: USB disconnect, device number 6 [ 765.135521][T19119] 9pnet_virtio: no channels available for device syz [ 765.159638][T19120] netlink: 4280 bytes leftover after parsing attributes in process `syz.2.4574'. [ 765.199940][T19119] overlayfs: missing 'lowerdir' [ 765.213779][T19119] overlayfs: failed to clone lowerpath [ 765.227104][T19120] netlink: 4280 bytes leftover after parsing attributes in process `syz.2.4574'. [ 765.811949][T15308] Bluetooth: hci1: ISO packet for unknown connection handle 201 [ 766.182234][T19136] 9pnet_virtio: no channels available for device syz [ 766.912182][T14327] 0: reclassify loop, rule prio 0, protocol 800 [ 767.053046][T19136] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 768.224870][T19161] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 768.233305][T19161] team0: Port device batadv1 added [ 769.043469][T19177] 9pnet_virtio: no channels available for device syz [ 769.159174][T19177] overlayfs: missing 'lowerdir' [ 769.276639][T19180] overlayfs: failed to clone lowerpath [ 769.311172][T15308] Bluetooth: hci2: command 0x0406 tx timeout [ 770.031186][ T53] Bluetooth: hci4: command 0x0406 tx timeout [ 772.353755][ T1304] 0: reclassify loop, rule prio 0, protocol 800 [ 772.444055][T19222] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4613'. [ 772.888269][T19238] 9pnet_virtio: no channels available for device syz [ 772.897904][T19238] overlayfs: missing 'lowerdir' [ 772.932762][T19238] overlayfs: failed to clone lowerpath [ 775.248961][T19284] 8021q: adding VLAN 0 to HW filter on device bond2 [ 775.429766][T19284] macvlan2: entered promiscuous mode [ 775.457809][T19284] macvlan2: entered allmulticast mode [ 775.469279][ T30] audit: type=1400 audit(1765891004.789:1193): avc: denied { create } for pid=19289 comm="syz.4.4636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 775.470017][T19284] bond2: entered allmulticast mode [ 775.508358][T19284] bond2: entered promiscuous mode [ 775.524661][T19284] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 775.537913][T19284] team0: Port device macvlan2 added [ 775.748527][T19300] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4638'. [ 776.702680][ T9] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 776.979151][ T9] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 776.989122][ T9] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 777.000011][ T9] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 777.009235][ T9] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 777.025002][ T9] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 777.035867][ T9] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 777.044393][ T9] usb 7-1: Product: syz [ 777.048581][ T9] usb 7-1: Manufacturer: syz [ 777.068972][ T9] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22 [ 777.708263][ T5815] Bluetooth: hci2: ISO packet for unknown connection handle 201 [ 778.114854][T14337] 0: reclassify loop, rule prio 0, protocol 800 [ 778.576525][T19357] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4658'. [ 778.759011][T19360] 9pnet_virtio: no channels available for device syz [ 778.811256][T19360] overlayfs: missing 'lowerdir' [ 778.884521][T19360] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 780.572946][ T9] usb 7-1: USB disconnect, device number 7 [ 782.826018][T19409] 9pnet_virtio: no channels available for device syz [ 782.841767][T19409] overlayfs: missing 'lowerdir' [ 782.860563][T19409] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 783.744578][ T5815] Bluetooth: hci0: ISO packet for unknown connection handle 201 [ 783.871589][ T3857] 0: reclassify loop, rule prio 0, protocol 800 [ 785.863901][T19441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4686'. [ 788.240950][T19480] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4703'. [ 788.540346][ T5865] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 788.562088][ T5865] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 789.019893][T19497] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4709'. [ 789.024270][T19499] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4710'. [ 789.339997][ T5815] Bluetooth: hci1: unexpected event for opcode 0x0413 [ 789.633599][ T3857] 0: reclassify loop, rule prio 0, protocol 800 [ 790.150155][ T5815] ================================================================== [ 790.158228][ T5815] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0xe47/0x1010 [ 790.166215][ T5815] Read of size 8 at addr ffff88802277d480 by task kworker/u9:3/5815 [ 790.174175][ T5815] [ 790.176483][ T5815] CPU: 1 UID: 0 PID: 5815 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) [ 790.176495][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 790.176504][ T5815] Workqueue: hci2 hci_rx_work [ 790.176519][ T5815] Call Trace: [ 790.176523][ T5815] [ 790.176528][ T5815] dump_stack_lvl+0x116/0x1f0 [ 790.176543][ T5815] print_report+0xcd/0x630 [ 790.176557][ T5815] ? __virt_addr_valid+0x81/0x610 [ 790.176567][ T5815] ? __phys_addr+0xe8/0x180 [ 790.176577][ T5815] ? l2cap_connect_cfm+0xe47/0x1010 [ 790.176587][ T5815] kasan_report+0xe0/0x110 [ 790.176600][ T5815] ? l2cap_connect_cfm+0xe47/0x1010 [ 790.176611][ T5815] l2cap_connect_cfm+0xe47/0x1010 [ 790.176622][ T5815] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 790.176634][ T5815] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 790.176643][ T5815] le_conn_complete_evt+0x1991/0x1fa0 [ 790.176655][ T5815] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 790.176667][ T5815] hci_le_conn_complete_evt+0x23c/0x3a0 [ 790.176679][ T5815] hci_le_meta_evt+0x357/0x610 [ 790.176692][ T5815] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 790.176703][ T5815] hci_event_packet+0x685/0x1210 [ 790.176713][ T5815] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 790.176724][ T5815] ? __pfx_hci_event_packet+0x10/0x10 [ 790.176734][ T5815] ? kcov_remote_start+0x399/0x680 [ 790.176745][ T5815] ? lockdep_hardirqs_on+0x7c/0x110 [ 790.176758][ T5815] hci_rx_work+0x2c9/0x1020 [ 790.176769][ T5815] process_one_work+0x9ba/0x1b20 [ 790.176784][ T5815] ? __pfx_process_one_work+0x10/0x10 [ 790.176799][ T5815] ? assign_work+0x1a0/0x250 [ 790.176810][ T5815] worker_thread+0x6c8/0xf10 [ 790.176824][ T5815] ? __kthread_parkme+0x19e/0x250 [ 790.176834][ T5815] ? __pfx_worker_thread+0x10/0x10 [ 790.176846][ T5815] kthread+0x3c5/0x780 [ 790.176857][ T5815] ? __pfx_kthread+0x10/0x10 [ 790.176869][ T5815] ? rcu_is_watching+0x12/0xc0 [ 790.176878][ T5815] ? __pfx_kthread+0x10/0x10 [ 790.176889][ T5815] ret_from_fork+0x983/0xb10 [ 790.176900][ T5815] ? __pfx_ret_from_fork+0x10/0x10 [ 790.176911][ T5815] ? rcu_is_watching+0x12/0xc0 [ 790.176919][ T5815] ? __switch_to+0x7af/0x10d0 [ 790.176932][ T5815] ? __pfx_kthread+0x10/0x10 [ 790.176943][ T5815] ret_from_fork_asm+0x1a/0x30 [ 790.176961][ T5815] [ 790.176964][ T5815] [ 790.394384][ T5815] Allocated by task 5815: [ 790.398676][ T5815] kasan_save_stack+0x33/0x60 [ 790.403326][ T5815] kasan_save_track+0x14/0x30 [ 790.407971][ T5815] __kasan_kmalloc+0xaa/0xb0 [ 790.412533][ T5815] l2cap_chan_create+0x44/0x930 [ 790.417357][ T5815] l2cap_sock_alloc.constprop.0+0xf5/0x1d0 [ 790.423146][ T5815] l2cap_sock_new_connection_cb+0x101/0x240 [ 790.429008][ T5815] l2cap_connect_cfm+0x4f0/0x1010 [ 790.434007][ T5815] le_conn_complete_evt+0x1991/0x1fa0 [ 790.439346][ T5815] hci_le_conn_complete_evt+0x23c/0x3a0 [ 790.444949][ T5815] hci_le_meta_evt+0x357/0x610 [ 790.449684][ T5815] hci_event_packet+0x685/0x1210 [ 790.454601][ T5815] hci_rx_work+0x2c9/0x1020 [ 790.459070][ T5815] process_one_work+0x9ba/0x1b20 [ 790.463990][ T5815] worker_thread+0x6c8/0xf10 [ 790.468550][ T5815] kthread+0x3c5/0x780 [ 790.472586][ T5815] ret_from_fork+0x983/0xb10 [ 790.477145][ T5815] ret_from_fork_asm+0x1a/0x30 [ 790.481878][ T5815] [ 790.484173][ T5815] Freed by task 19523: [ 790.488204][ T5815] kasan_save_stack+0x33/0x60 [ 790.492849][ T5815] kasan_save_track+0x14/0x30 [ 790.497494][ T5815] kasan_save_free_info+0x3b/0x60 [ 790.502491][ T5815] __kasan_slab_free+0x5f/0x80 [ 790.507224][ T5815] kfree+0x2f8/0x6e0 [ 790.511094][ T5815] l2cap_chan_put+0x1bb/0x310 [ 790.515746][ T5815] l2cap_sock_cleanup_listen+0x4d/0x2f0 [ 790.521262][ T5815] l2cap_sock_release+0x69/0x280 [ 790.526171][ T5815] __sock_release+0xb3/0x270 [ 790.530735][ T5815] sock_close+0x1c/0x30 [ 790.534862][ T5815] __fput+0x402/0xb70 [ 790.538810][ T5815] task_work_run+0x150/0x240 [ 790.543371][ T5815] do_exit+0x87f/0x2bd0 [ 790.547492][ T5815] do_group_exit+0xd3/0x2a0 [ 790.551972][ T5815] get_signal+0x2671/0x26d0 [ 790.556453][ T5815] arch_do_signal_or_restart+0x8f/0x7e0 [ 790.561968][ T5815] exit_to_user_mode_loop+0x8c/0x540 [ 790.567225][ T5815] do_syscall_64+0x4ee/0xf80 [ 790.571785][ T5815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.577647][ T5815] [ 790.579937][ T5815] The buggy address belongs to the object at ffff88802277d000 [ 790.579937][ T5815] which belongs to the cache kmalloc-2k of size 2048 [ 790.593953][ T5815] The buggy address is located 1152 bytes inside of [ 790.593953][ T5815] freed 2048-byte region [ffff88802277d000, ffff88802277d800) [ 790.607885][ T5815] [ 790.610178][ T5815] The buggy address belongs to the physical page: [ 790.616550][ T5815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22778 [ 790.625272][ T5815] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 790.633732][ T5815] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 790.641677][ T5815] page_type: f5(slab) [ 790.645626][ T5815] raw: 00fff00000000040 ffff88813ff27000 0000000000000000 dead000000000001 [ 790.654175][ T5815] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 790.662724][ T5815] head: 00fff00000000040 ffff88813ff27000 0000000000000000 dead000000000001 [ 790.671359][ T5815] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 790.679994][ T5815] head: 00fff00000000003 ffffea000089de01 00000000ffffffff 00000000ffffffff [ 790.688629][ T5815] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 790.697262][ T5815] page dumped because: kasan: bad access detected [ 790.703637][ T5815] page_owner tracks the page as allocated [ 790.709315][ T5815] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5923, tgid 5923 (kworker/1:6), ts 578124461922, free_ts 572429031650 [ 790.730734][ T5815] post_alloc_hook+0x1af/0x220 [ 790.735480][ T5815] get_page_from_freelist+0xd0b/0x31a0 [ 790.740911][ T5815] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 790.746776][ T5815] alloc_pages_mpol+0x1fb/0x550 [ 790.751603][ T5815] new_slab+0x2c3/0x430 [ 790.755731][ T5815] ___slab_alloc+0xe18/0x1c90 [ 790.760380][ T5815] __slab_alloc.constprop.0+0x63/0x110 [ 790.765816][ T5815] __kmalloc_node_track_caller_noprof+0x4d6/0x930 [ 790.772199][ T5815] kmalloc_reserve+0xef/0x2c0 [ 790.776844][ T5815] __alloc_skb+0x186/0x410 [ 790.781229][ T5815] mld_newpack.isra.0+0x18e/0xa20 [ 790.786226][ T5815] add_grhead+0x299/0x340 [ 790.790521][ T5815] add_grec+0x11b5/0x1720 [ 790.794816][ T5815] mld_send_initial_cr+0x151/0x320 [ 790.799896][ T5815] mld_dad_work+0x32/0x1f0 [ 790.804276][ T5815] process_one_work+0x9ba/0x1b20 [ 790.809280][ T5815] page last free pid 15119 tgid 15119 stack trace: [ 790.815744][ T5815] __free_frozen_pages+0x7df/0x1170 [ 790.820916][ T5815] __put_partials+0x130/0x170 [ 790.825560][ T5815] qlist_free_all+0x4c/0xf0 [ 790.830032][ T5815] kasan_quarantine_reduce+0x195/0x1e0 [ 790.835461][ T5815] __kasan_slab_alloc+0x69/0x90 [ 790.840279][ T5815] kmem_cache_alloc_noprof+0x25e/0x770 [ 790.845704][ T5815] alloc_empty_file+0x55/0x1e0 [ 790.850442][ T5815] alloc_file_pseudo+0x13a/0x230 [ 790.855354][ T5815] sock_alloc_file+0x50/0x210 [ 790.859997][ T5815] __sys_socket+0x1c0/0x260 [ 790.864472][ T5815] __x64_sys_socket+0x72/0xb0 [ 790.869124][ T5815] do_syscall_64+0xcd/0xf80 [ 790.873595][ T5815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.879454][ T5815] [ 790.881747][ T5815] Memory state around the buggy address: [ 790.887351][ T5815] ffff88802277d380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 790.895378][ T5815] ffff88802277d400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 790.903416][ T5815] >ffff88802277d480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 790.911448][ T5815] ^ [ 790.915505][ T5815] ffff88802277d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 790.923546][ T5815] ffff88802277d580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 790.931590][ T5815] ================================================================== [ 790.957584][ T5815] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 790.964779][ T5815] CPU: 0 UID: 0 PID: 5815 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) [ 790.974209][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 790.984237][ T5815] Workqueue: hci2 hci_rx_work [ 790.988893][ T5815] Call Trace: [ 790.992159][ T5815] [ 790.995083][ T5815] dump_stack_lvl+0x3d/0x1f0 [ 790.999677][ T5815] vpanic+0x640/0x6f0 [ 791.003655][ T5815] panic+0xca/0xd0 [ 791.007366][ T5815] ? __pfx_panic+0x10/0x10 [ 791.011849][ T5815] ? l2cap_connect_cfm+0xe47/0x1010 [ 791.017024][ T5815] ? preempt_schedule_common+0x44/0xc0 [ 791.022461][ T5815] ? preempt_schedule_thunk+0x16/0x30 [ 791.027812][ T5815] check_panic_on_warn+0xab/0xb0 [ 791.032727][ T5815] end_report+0x107/0x160 [ 791.037039][ T5815] kasan_report+0xee/0x110 [ 791.041435][ T5815] ? l2cap_connect_cfm+0xe47/0x1010 [ 791.046625][ T5815] l2cap_connect_cfm+0xe47/0x1010 [ 791.051630][ T5815] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 791.057068][ T5815] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 791.062503][ T5815] le_conn_complete_evt+0x1991/0x1fa0 [ 791.067857][ T5815] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 791.073555][ T5815] hci_le_conn_complete_evt+0x23c/0x3a0 [ 791.079080][ T5815] hci_le_meta_evt+0x357/0x610 [ 791.083822][ T5815] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 791.089867][ T5815] hci_event_packet+0x685/0x1210 [ 791.094779][ T5815] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 791.100042][ T5815] ? __pfx_hci_event_packet+0x10/0x10 [ 791.105392][ T5815] ? kcov_remote_start+0x399/0x680 [ 791.110482][ T5815] ? lockdep_hardirqs_on+0x7c/0x110 [ 791.115665][ T5815] hci_rx_work+0x2c9/0x1020 [ 791.120156][ T5815] process_one_work+0x9ba/0x1b20 [ 791.125079][ T5815] ? __pfx_process_one_work+0x10/0x10 [ 791.130432][ T5815] ? assign_work+0x1a0/0x250 [ 791.135001][ T5815] worker_thread+0x6c8/0xf10 [ 791.139573][ T5815] ? __kthread_parkme+0x19e/0x250 [ 791.144572][ T5815] ? __pfx_worker_thread+0x10/0x10 [ 791.149664][ T5815] kthread+0x3c5/0x780 [ 791.153713][ T5815] ? __pfx_kthread+0x10/0x10 [ 791.158283][ T5815] ? rcu_is_watching+0x12/0xc0 [ 791.163021][ T5815] ? __pfx_kthread+0x10/0x10 [ 791.167590][ T5815] ret_from_fork+0x983/0xb10 [ 791.172161][ T5815] ? __pfx_ret_from_fork+0x10/0x10 [ 791.177250][ T5815] ? rcu_is_watching+0x12/0xc0 [ 791.181989][ T5815] ? __switch_to+0x7af/0x10d0 [ 791.186647][ T5815] ? __pfx_kthread+0x10/0x10 [ 791.191218][ T5815] ret_from_fork_asm+0x1a/0x30 [ 791.195971][ T5815] [ 791.199253][ T5815] Kernel Offset: disabled [ 791.203547][ T5815] Rebooting in 86400 seconds..