last executing test programs: 46.876986024s ago: executing program 3 (id=215): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1181}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x10, 0x0, &(0x7f00000025c0)=[@request_death={0x400c6313, 0x1}], 0x0, 0x0, 0x0}) 46.756034513s ago: executing program 3 (id=217): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a0000000212a277", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0xa, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x4000050, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000100)={0x0, 0x16}, 0x8) 46.658475856s ago: executing program 3 (id=218): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) socket$key(0xf, 0x3, 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x118, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@mcast1, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x9, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0x1}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@address_filter={0x28, 0x1a, {@in=@empty, @in=@rand_addr=0x64010100, 0xa, 0xe, 0x8}}]}, 0x118}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 46.610073325s ago: executing program 3 (id=220): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = memfd_create(&(0x7f0000000080)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\x8aSpA\xd4\x98\x85D\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97\xe7\xe6\x97\xf9\xb3\xf6\xb9\v\xb5$\xee\x84\x1cn,B\xd5?\xe5E:+Pm\x1d\xb4\xb8', 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) splice(r2, 0x0, r1, &(0x7f0000000140), 0x4, 0x0) dup3(r0, r3, 0x0) 46.471266567s ago: executing program 3 (id=223): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x201, 0x4000003e, r0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8}) 46.407507183s ago: executing program 3 (id=224): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private=0x4000000}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x400}}, 0x24) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, '$'}], 0x18, 0xe000}, 0x5}], 0x1, 0x0) 31.282963957s ago: executing program 32 (id=224): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private=0x4000000}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x400}}, 0x24) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, '$'}], 0x18, 0xe000}, 0x5}], 0x1, 0x0) 1.829917928s ago: executing program 4 (id=1017): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="034886dd09032800030020000000600000001204730081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef) 1.76024796s ago: executing program 4 (id=1020): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x50, &(0x7f0000001080)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x2, 0x3}, "7e581ba68817"}}}}}}}, 0x0) 1.670407533s ago: executing program 4 (id=1021): r0 = io_uring_setup(0x669, &(0x7f00000002c0)) setresuid(0xffffffffffffffff, 0xffffffffffffffff, 0xee01) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.670177731s ago: executing program 4 (id=1022): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0xa0000001}) 1.508836487s ago: executing program 4 (id=1024): bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r0 = syz_usb_connect(0x1, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49) 868.112553ms ago: executing program 2 (id=1039): mkdir(&(0x7f0000000040)='./file0\x00', 0x24) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = fspick(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1) fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='+\x00', &(0x7f0000000200)='z', 0x1) 709.364534ms ago: executing program 2 (id=1042): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000008c0)='page_pool_state_hold\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x7000000}, 0x48) 595.664376ms ago: executing program 2 (id=1045): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000000140)=0x1, 0x4) 519.633211ms ago: executing program 2 (id=1047): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1200000d"], 0xfce) 519.285062ms ago: executing program 1 (id=1048): unshare(0x2040400) r0 = fsopen(&(0x7f0000000440)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) unshare(0x22000400) fsmount(r0, 0x0, 0x0) 419.297273ms ago: executing program 1 (id=1050): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x300, &(0x7f0000000040)={&(0x7f0000000880)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "ffd7"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) 418.71166ms ago: executing program 1 (id=1052): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @mcast2, 0x1}, 0x1c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e20, 0xd, @remote, 0x1}, 0x1c) syz_emit_ethernet(0x7e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6a33180000481100fe800000000000000000d500000000bbff0200000000000000000000000000014e204e20"], 0x0) 385.808184ms ago: executing program 2 (id=1053): pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r0, r3, 0x3, 0x0) read$FUSE(r2, &(0x7f0000001900)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f00000006c0)={0x50, 0x0, r4, {0x7, 0x29, 0x9, 0x22911c0, 0x1, 0x5, 0x4, 0xffffbe9e, 0x0, 0x0, 0x2, 0xe}}, 0x50) 328.788009ms ago: executing program 1 (id=1054): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_clone3(&(0x7f0000000340)={0x80800000, 0x0, 0x0, 0x0, {0x3e}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[r0], 0x1}, 0x58) madvise(&(0x7f000070a000/0x2000)=nil, 0x2000, 0x8) 260.678418ms ago: executing program 0 (id=1057): mknodat$null(0xffffffffffffff9c, &(0x7f0000002440)='./file0\x00', 0x8000, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002240), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002540)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000040)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}}) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2092) write$FUSE_INIT(r0, &(0x7f00000046c0)={0x50, 0x0, r1, {0x7, 0x9, 0x4, 0x403a1810, 0xfffe, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc00}}, 0x50) 200.767241ms ago: executing program 2 (id=1058): ftruncate(0xffffffffffffffff, 0x8008976) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185) 200.52533ms ago: executing program 0 (id=1059): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)="30a0", 0x2}], 0x1}, 0x4040001) recvmsg$unix(r0, &(0x7f00000038c0)={0x0, 0x0, 0x0}, 0x40012141) sendmsg$key(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x2, 0x15, 0x4, 0x6, 0x2, 0x0, 0x70bd25, 0x25dfdc00}, 0x10}}, 0x4001) recvmsg$unix(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000440)=""/114, 0x72}], 0x1}, 0x40002042) 123.893376ms ago: executing program 0 (id=1060): mkdir(&(0x7f0000000040)='./bus\x00', 0x49) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000140)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 123.68452ms ago: executing program 0 (id=1061): r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x1, @remote, 'lo\x00'}}, 0x1e) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x1, @empty, 'ip_vti0\x00'}}, 0x1e) close(r1) 98.137301ms ago: executing program 1 (id=1062): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x2, 0x10, 0x8, 0x1830}, &(0x7f0000000080)=0x18) 89.696132ms ago: executing program 4 (id=1063): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000640)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900c1210680320000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000400b9a6080000660f38031166b8377a000000d80f300f300fc79d53bf00000f0057000f01c3", 0xffffffffffffffad}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 86.382751ms ago: executing program 0 (id=1064): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010027cea3dfc8dbdf255300000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 382.552µs ago: executing program 0 (id=1065): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000280)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x4b564d05, 0x0, 0x168}]}) 0s ago: executing program 1 (id=1066): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000007380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)={0x40, r1, 0xe096044a3fc9e6f1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0xfa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x200000d0}, 0x8050) kernel console output (not intermixed with test programs): [ 58.883955][ T40] audit: type=1400 audit(1768331359.251:61): avc: denied { siginh } for pid=5894 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:49015' (ED25519) to the list of known hosts. [ 61.254816][ T40] audit: type=1400 audit(1768331361.661:62): avc: denied { name_bind } for pid=5926 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 61.325898][ T40] audit: type=1400 audit(1768331361.731:63): avc: denied { execute } for pid=5927 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 61.334931][ T40] audit: type=1400 audit(1768331361.731:64): avc: denied { execute_no_trans } for pid=5927 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 64.134774][ T40] audit: type=1400 audit(1768331364.541:65): avc: denied { mounton } for pid=5927 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 64.151264][ T40] audit: type=1400 audit(1768331364.561:66): avc: denied { mount } for pid=5927 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 64.154170][ T5927] cgroup: Unknown subsys name 'net' [ 64.164238][ T40] audit: type=1400 audit(1768331364.571:67): avc: denied { unmount } for pid=5927 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 64.333802][ T5927] cgroup: Unknown subsys name 'cpuset' [ 64.340273][ T5927] cgroup: Unknown subsys name 'rlimit' [ 64.512657][ T40] audit: type=1400 audit(1768331364.921:68): avc: denied { setattr } for pid=5927 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 64.522983][ T40] audit: type=1400 audit(1768331364.931:69): avc: denied { create } for pid=5927 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 64.532030][ T40] audit: type=1400 audit(1768331364.931:70): avc: denied { write } for pid=5927 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 64.540936][ T40] audit: type=1400 audit(1768331364.931:71): avc: denied { read } for pid=5927 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 64.550673][ T40] audit: type=1400 audit(1768331364.941:72): avc: denied { mounton } for pid=5927 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 64.561131][ T40] audit: type=1400 audit(1768331364.941:73): avc: denied { mount } for pid=5927 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 64.571528][ T40] audit: type=1400 audit(1768331364.951:74): avc: denied { read } for pid=5646 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 64.603329][ T5930] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 65.650908][ T5927] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.527990][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 70.528008][ T40] audit: type=1400 audit(1768331370.931:82): avc: denied { execmem } for pid=5935 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 70.682458][ T40] audit: type=1400 audit(1768331371.091:83): avc: denied { create } for pid=5939 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 70.691982][ T40] audit: type=1400 audit(1768331371.091:84): avc: denied { read write } for pid=5939 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 70.702440][ T40] audit: type=1400 audit(1768331371.091:85): avc: denied { open } for pid=5939 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 70.712383][ T40] audit: type=1400 audit(1768331371.101:86): avc: denied { ioctl } for pid=5939 comm="syz-executor" path="socket:[7254]" dev="sockfs" ino=7254 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 70.737007][ T5953] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.741334][ T5953] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.742322][ T5949] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.747698][ T5955] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.748758][ T5953] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.752171][ T5956] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.752972][ T5955] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.753251][ T5955] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.753728][ T5955] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.754038][ T5955] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.756047][ T5949] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.757029][ T5953] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.757698][ T5953] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.760415][ T5949] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.764583][ T5953] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.766035][ T5956] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.771861][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.779274][ T40] audit: type=1400 audit(1768331371.181:87): avc: denied { read } for pid=5942 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 70.783003][ T5950] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.783011][ T5953] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.785374][ T40] audit: type=1400 audit(1768331371.191:88): avc: denied { open } for pid=5942 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 70.789864][ T5950] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.802528][ T40] audit: type=1400 audit(1768331371.191:89): avc: denied { mounton } for pid=5942 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 71.170057][ T40] audit: type=1400 audit(1768331371.581:90): avc: denied { module_request } for pid=5942 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 71.208055][ T5942] chnl_net:caif_netlink_parms(): no params data found [ 71.286680][ T5940] chnl_net:caif_netlink_parms(): no params data found [ 71.294581][ T5943] chnl_net:caif_netlink_parms(): no params data found [ 71.358772][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 71.426947][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.430430][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.433462][ T5942] bridge_slave_0: entered allmulticast mode [ 71.436625][ T5942] bridge_slave_0: entered promiscuous mode [ 71.485251][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.488397][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.492945][ T5942] bridge_slave_1: entered allmulticast mode [ 71.496993][ T5942] bridge_slave_1: entered promiscuous mode [ 71.574933][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.579517][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.582957][ T5940] bridge_slave_0: entered allmulticast mode [ 71.587072][ T5940] bridge_slave_0: entered promiscuous mode [ 71.652827][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.655355][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.658575][ T5940] bridge_slave_1: entered allmulticast mode [ 71.664970][ T5940] bridge_slave_1: entered promiscuous mode [ 71.671267][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.675430][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.678301][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.681435][ T5939] bridge_slave_0: entered allmulticast mode [ 71.685446][ T5939] bridge_slave_0: entered promiscuous mode [ 71.689612][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.693080][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.696754][ T5943] bridge_slave_0: entered allmulticast mode [ 71.701083][ T5943] bridge_slave_0: entered promiscuous mode [ 71.715483][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.718922][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.722560][ T5943] bridge_slave_1: entered allmulticast mode [ 71.726430][ T5943] bridge_slave_1: entered promiscuous mode [ 71.732486][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.736570][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.739767][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.742848][ T5939] bridge_slave_1: entered allmulticast mode [ 71.746762][ T5939] bridge_slave_1: entered promiscuous mode [ 71.807099][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.823821][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.841862][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.847239][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.853196][ T5942] team0: Port device team_slave_0 added [ 71.858149][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.883130][ T5942] team0: Port device team_slave_1 added [ 71.888666][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.926832][ T5943] team0: Port device team_slave_0 added [ 71.931286][ T5940] team0: Port device team_slave_0 added [ 71.946181][ T5940] team0: Port device team_slave_1 added [ 71.971558][ T5943] team0: Port device team_slave_1 added [ 71.984707][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.987322][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.997546][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.004889][ T5939] team0: Port device team_slave_0 added [ 72.026839][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.029336][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.039569][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.046263][ T5939] team0: Port device team_slave_1 added [ 72.049128][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.051932][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.062189][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.071102][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.074185][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.084063][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.104717][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.107921][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.118732][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.131168][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.134265][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.146010][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.167464][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.170769][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.184786][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.219772][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.222940][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.234110][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.285117][ T5942] hsr_slave_0: entered promiscuous mode [ 72.288663][ T5942] hsr_slave_1: entered promiscuous mode [ 72.316233][ T5940] hsr_slave_0: entered promiscuous mode [ 72.319651][ T5940] hsr_slave_1: entered promiscuous mode [ 72.322550][ T5940] debugfs: 'hsr0' already exists in 'hsr' [ 72.325128][ T5940] Cannot create hsr debugfs directory [ 72.363755][ T5943] hsr_slave_0: entered promiscuous mode [ 72.366953][ T5943] hsr_slave_1: entered promiscuous mode [ 72.370017][ T5943] debugfs: 'hsr0' already exists in 'hsr' [ 72.372372][ T5943] Cannot create hsr debugfs directory [ 72.380322][ T5939] hsr_slave_0: entered promiscuous mode [ 72.383409][ T5939] hsr_slave_1: entered promiscuous mode [ 72.386024][ T5939] debugfs: 'hsr0' already exists in 'hsr' [ 72.388091][ T5939] Cannot create hsr debugfs directory [ 72.770249][ T5950] Bluetooth: hci2: command tx timeout [ 72.842443][ T5940] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 72.850777][ T5950] Bluetooth: hci1: command tx timeout [ 72.851857][ T5940] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 72.854374][ T5944] Bluetooth: hci3: command tx timeout [ 72.858965][ T5950] Bluetooth: hci0: command tx timeout [ 72.862395][ T5940] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 72.870225][ T5940] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 72.937041][ T5943] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.945897][ T5943] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.953391][ T5943] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.984907][ T5943] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.058215][ T5942] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 73.075129][ T5942] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 73.086339][ T5942] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 73.104413][ T5942] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 73.165452][ T5939] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 73.175649][ T5939] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 73.185082][ T5939] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 73.195129][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.202674][ T5939] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 73.254604][ T5940] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.275391][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.278899][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.314762][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.317808][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.364957][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.374240][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.396419][ T5943] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.440745][ T40] audit: type=1400 audit(1768331373.851:91): avc: denied { sys_module } for pid=5940 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 73.465020][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.469116][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.475797][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.481148][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.498462][ T5942] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.508185][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.521524][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.524441][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.543986][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.549296][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.552470][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.564438][ T5943] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.589174][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.592334][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.611857][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.614915][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.693332][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.774749][ T5940] veth0_vlan: entered promiscuous mode [ 73.788350][ T5940] veth1_vlan: entered promiscuous mode [ 73.803588][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.822659][ T5940] veth0_macvtap: entered promiscuous mode [ 73.828847][ T5940] veth1_macvtap: entered promiscuous mode [ 73.846356][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.865378][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.884082][ T78] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.890988][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.901489][ T78] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.905089][ T78] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.915261][ T78] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.940906][ T5943] veth0_vlan: entered promiscuous mode [ 73.956352][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.965921][ T5943] veth1_vlan: entered promiscuous mode [ 73.999927][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.003371][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.046587][ T5942] veth0_vlan: entered promiscuous mode [ 74.058693][ T5943] veth0_macvtap: entered promiscuous mode [ 74.058778][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.065013][ T5943] veth1_macvtap: entered promiscuous mode [ 74.065497][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.084472][ T5939] veth0_vlan: entered promiscuous mode [ 74.097424][ T5939] veth1_vlan: entered promiscuous mode [ 74.101574][ T5942] veth1_vlan: entered promiscuous mode [ 74.116605][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.135393][ T5940] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 74.147490][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.159004][ T5939] veth0_macvtap: entered promiscuous mode [ 74.176967][ T5939] veth1_macvtap: entered promiscuous mode [ 74.181248][ T1148] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.186433][ T1148] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.196567][ T5942] veth0_macvtap: entered promiscuous mode [ 74.202877][ T5942] veth1_macvtap: entered promiscuous mode [ 74.206999][ T1148] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.213005][ T1148] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.229349][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.253368][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.261973][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.274375][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.291710][ T78] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.295871][ T78] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.311553][ T78] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.315337][ T78] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.334411][ T78] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.344887][ T78] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.348852][ T78] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.382363][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.387895][ T78] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.388550][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.451463][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.454986][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.502125][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.506597][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.572094][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.575456][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.591010][ T6043] process 'syz.1.9' launched './file2' with NULL argv: empty string added [ 74.618634][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.622977][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.681002][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.684595][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.818707][ T6052] warning: `syz.1.12' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 74.860147][ T5950] Bluetooth: hci2: command tx timeout [ 74.919582][ T6059] syz.1.15 uses obsolete (PF_INET,SOCK_PACKET) [ 74.929752][ T5953] Bluetooth: hci1: command tx timeout [ 74.932327][ T5950] Bluetooth: hci0: command tx timeout [ 74.934655][ T5944] Bluetooth: hci3: command tx timeout [ 75.129617][ T5996] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 75.283097][ T5996] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.288116][ T5996] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.293876][ T5996] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 75.304084][ T5996] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 75.308650][ T5996] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.321016][ T5996] usb 5-1: config 0 descriptor?? [ 75.354210][ T6082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.24'. [ 75.573766][ T40] kauditd_printk_skb: 59 callbacks suppressed [ 75.573782][ T40] audit: type=1400 audit(1768331375.981:151): avc: denied { write } for pid=6089 comm="syz.1.28" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 75.711365][ T40] audit: type=1400 audit(1768331376.121:152): avc: denied { read } for pid=6093 comm="syz.2.29" name="card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 75.715039][ T6094] faux_driver vgem: [drm] Unknown color mode 9; guessing buffer size. [ 75.720800][ T40] audit: type=1400 audit(1768331376.121:153): avc: denied { open } for pid=6093 comm="syz.2.29" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 75.739878][ T40] audit: type=1400 audit(1768331376.121:154): avc: denied { ioctl } for pid=6093 comm="syz.2.29" path="/dev/dri/card0" dev="devtmpfs" ino=635 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 75.754030][ T40] audit: type=1400 audit(1768331376.141:155): avc: denied { map } for pid=6093 comm="syz.2.29" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 75.756660][ T5996] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 75.764351][ T40] audit: type=1400 audit(1768331376.141:156): avc: denied { execute } for pid=6093 comm="syz.2.29" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 75.770955][ T5996] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 75.786019][ T5996] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 75.791325][ T5996] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 75.797044][ T5996] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 75.812935][ T5996] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 75.816505][ T5996] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 75.820677][ T5996] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 75.824010][ T5996] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 75.830419][ T5996] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 75.857987][ T5996] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 75.970370][ T40] audit: type=1400 audit(1768331376.381:157): avc: denied { create } for pid=6100 comm="syz.1.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 75.980836][ T40] audit: type=1400 audit(1768331376.381:158): avc: denied { connect } for pid=6100 comm="syz.1.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 75.987286][ T40] audit: type=1400 audit(1768331376.381:159): avc: denied { write } for pid=6100 comm="syz.1.32" path="socket:[7964]" dev="sockfs" ino=7964 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 76.025691][ T5996] usb 5-1: USB disconnect, device number 2 [ 76.027851][ T6105] netlink: 212924 bytes leftover after parsing attributes in process `syz.2.33'. [ 76.053904][ T6108] netlink: 4 bytes leftover after parsing attributes in process `syz.3.35'. [ 76.121713][ T40] audit: type=1400 audit(1768331376.531:160): avc: denied { create } for pid=6111 comm="syz.2.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 76.290233][ T6027] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 76.297230][ T5996] IPVS: starting estimator thread 0... [ 76.399786][ T6115] IPVS: using max 33 ests per chain, 79200 per kthread [ 76.416016][ T6120] sctp: [Deprecated]: syz.2.38 (pid 6120) Use of struct sctp_assoc_value in delayed_ack socket option. [ 76.416016][ T6120] Use struct sctp_sack_info instead [ 76.450026][ T6027] usb 6-1: Using ep0 maxpacket: 8 [ 76.454413][ T6027] usb 6-1: config 0 interface 0 has no altsetting 0 [ 76.456915][ T6027] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 76.461437][ T6027] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.467342][ T6027] usb 6-1: config 0 descriptor?? [ 76.582537][ T6122] netlink: 12 bytes leftover after parsing attributes in process `syz.0.39'. [ 76.637544][ T6124] netlink: 4 bytes leftover after parsing attributes in process `syz.0.40'. [ 76.880115][ T6027] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 76.919612][ T60] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 76.929593][ T5944] Bluetooth: hci2: command tx timeout [ 77.019620][ T5953] Bluetooth: hci1: command tx timeout [ 77.019812][ T5950] Bluetooth: hci0: command tx timeout [ 77.022361][ T5944] Bluetooth: hci3: command tx timeout [ 77.082474][ T5982] usb 6-1: USB disconnect, device number 2 [ 77.097540][ T60] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 39, changing to 4 [ 77.102534][ T60] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023 [ 77.107491][ T60] usb 5-1: config 0 interface 0 has no altsetting 0 [ 77.112296][ T60] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 77.116005][ T60] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 77.119601][ T60] usb 5-1: Product: syz [ 77.121278][ T60] usb 5-1: Manufacturer: syz [ 77.122891][ T60] usb 5-1: SerialNumber: syz [ 77.128507][ T60] usb 5-1: config 0 descriptor?? [ 77.136781][ T60] usb 5-1: selecting invalid altsetting 0 [ 77.200534][ T6128] block nbd0: server does not support multiple connections per device. [ 77.204502][ T6128] block nbd0: shutting down sockets [ 77.352590][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.358396][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.362107][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.364792][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.369701][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.372477][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.375135][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.377949][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.380801][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.383902][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.386965][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.390534][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.394474][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.397947][ T6126] usb 5-1: cannot submit urb 0, error -2: endpoint not enabled [ 77.403589][ T60] usb 5-1: USB disconnect, device number 3 [ 77.687119][ T6156] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.54'. [ 77.931417][ T6164] netlink: 20 bytes leftover after parsing attributes in process `syz.1.58'. [ 77.989355][ T6168] veth0_to_bridge: entered promiscuous mode [ 77.996747][ T6167] veth0_to_bridge: left promiscuous mode [ 78.138809][ T6177] netlink: 3900 bytes leftover after parsing attributes in process `syz.1.64'. [ 79.009690][ T5950] Bluetooth: hci2: command tx timeout [ 79.090043][ T5950] Bluetooth: hci3: command tx timeout [ 79.090103][ T64] Bluetooth: hci1: command tx timeout [ 79.096014][ T5953] Bluetooth: hci0: command tx timeout [ 79.173483][ T6203] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 79.188374][ T5944] block nbd3: Receive control failed (result -32) [ 79.188533][ T6188] block nbd3: shutting down sockets [ 79.212048][ T6205] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 79.339063][ T6215] sp0: Synchronizing with TNC [ 79.347903][ T6215] sp0: Found TNC [ 79.352260][ T6214] [U] è`` [ 79.530083][ T6230] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 79.530083][ T6230] The task syz.3.82 (6230) triggered the difference, watch for misbehavior. [ 79.673842][ T6243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.90'. [ 80.340452][ T6266] Zero length message leads to an empty skb [ 80.495750][ T6272] ======================================================= [ 80.495750][ T6272] WARNING: The mand mount option has been deprecated and [ 80.495750][ T6272] and is ignored by this kernel. Remove the mand [ 80.495750][ T6272] option from the mount to silence this warning. [ 80.495750][ T6272] ======================================================= [ 80.665204][ T6277] __nla_validate_parse: 1 callbacks suppressed [ 80.665221][ T6277] netlink: 4 bytes leftover after parsing attributes in process `syz.3.104'. [ 80.676303][ T6277] netlink: 4 bytes leftover after parsing attributes in process `syz.3.104'. [ 80.826622][ T40] kauditd_printk_skb: 43 callbacks suppressed [ 80.826635][ T40] audit: type=1400 audit(1768331381.231:204): avc: denied { connect } for pid=6287 comm="syz.3.108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 81.022415][ T6301] netlink: 152 bytes leftover after parsing attributes in process `syz.3.113'. [ 81.027637][ T6301] netlink: 152 bytes leftover after parsing attributes in process `syz.3.113'. [ 81.083532][ T40] audit: type=1400 audit(1768331381.491:205): avc: denied { mount } for pid=6302 comm="syz.3.114" name="/" dev="hugetlbfs" ino=8166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 81.588599][ T40] audit: type=1400 audit(1768331381.991:206): avc: denied { bind } for pid=6314 comm="syz.2.118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 81.801273][ T40] audit: type=1326 audit(1768331382.211:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6333 comm="syz.3.125" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3cab98f7c9 code=0x0 [ 81.801911][ T6332] pim6reg1: entered promiscuous mode [ 81.813507][ T6332] pim6reg1: entered allmulticast mode [ 81.897950][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 81.909595][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 81.992611][ T6327] mmap: syz.0.123 (6327) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 82.041748][ T6344] capability: warning: `syz.1.130' uses deprecated v2 capabilities in a way that may be insecure [ 82.490512][ T6361] netlink: 8 bytes leftover after parsing attributes in process `syz.2.136'. [ 82.590971][ T40] audit: type=1400 audit(1768331383.001:208): avc: denied { create } for pid=6364 comm="syz.2.138" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 82.632125][ T6369] input: syz1 as /devices/virtual/input/input5 [ 82.645849][ T40] audit: type=1400 audit(1768331383.001:209): avc: denied { remove_name } for pid=6364 comm="syz.2.138" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="9p" ino=71827937 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 82.670523][ T40] audit: type=1400 audit(1768331383.001:210): avc: denied { rename } for pid=6364 comm="syz.2.138" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="9p" ino=71827937 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 82.701162][ T40] audit: type=1400 audit(1768331383.031:211): avc: denied { read write } for pid=6368 comm="syz.1.140" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 82.716112][ T40] audit: type=1400 audit(1768331383.031:212): avc: denied { open } for pid=6368 comm="syz.1.140" path="/dev/uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 82.726011][ T40] audit: type=1400 audit(1768331383.031:213): avc: denied { ioctl } for pid=6368 comm="syz.1.140" path="/dev/uinput" dev="devtmpfs" ino=943 ioctlcmd=0x5569 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 83.083909][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.149'. [ 83.259706][ T34] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 83.411287][ T34] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 83.416225][ T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 83.424592][ T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 83.428781][ T34] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 83.435457][ T34] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 83.439992][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.445458][ T34] usb 5-1: config 0 descriptor?? [ 83.782090][ T6424] netlink: 'syz.2.167': attribute type 4 has an invalid length. [ 83.864437][ T34] plantronics 0003:047F:FFFF.0004: ignoring exceeding usage max [ 83.881543][ T34] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 83.890041][ T6431] netlink: 4 bytes leftover after parsing attributes in process `syz.2.171'. [ 83.994568][ T6440] netlink: 'syz.2.174': attribute type 13 has an invalid length. [ 84.458590][ T6473] input: syz0 as /devices/virtual/input/input6 [ 84.969584][ T6027] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 85.131941][ T6027] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 85.136763][ T6027] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 85.140951][ T6027] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 85.147947][ T6027] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 85.152188][ T6027] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.158087][ T6027] usb 7-1: config 0 descriptor?? [ 85.592650][ T6027] usbhid 7-1:0.0: can't add hid device: -71 [ 85.598775][ T6027] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 85.604752][ T6027] usb 7-1: USB disconnect, device number 2 [ 85.651468][ T6510] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 85.657346][ T6510] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 85.747831][ T6514] lo: Caught tx_queue_len zero misconfig [ 85.790674][ T6519] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.209'. [ 85.900282][ T40] kauditd_printk_skb: 40 callbacks suppressed [ 85.900296][ T40] audit: type=1400 audit(1768331386.311:254): avc: denied { create } for pid=6527 comm="syz.3.213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 85.922159][ T40] audit: type=1400 audit(1768331386.331:255): avc: denied { write } for pid=6527 comm="syz.3.213" path="socket:[10165]" dev="sockfs" ino=10165 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 85.998741][ T40] audit: type=1400 audit(1768331386.401:256): avc: denied { read } for pid=6529 comm="syz.3.215" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 86.013118][ T40] audit: type=1400 audit(1768331386.401:257): avc: denied { open } for pid=6529 comm="syz.3.215" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 86.025854][ T40] audit: type=1400 audit(1768331386.431:258): avc: denied { ioctl } for pid=6529 comm="syz.3.215" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 86.033044][ T6530] binder: 6529:6530 ioctl c0306201 200000000640 returned -22 [ 86.038017][ T40] audit: type=1400 audit(1768331386.441:259): avc: denied { set_context_mgr } for pid=6529 comm="syz.3.215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 86.178167][ T40] audit: type=1400 audit(1768331386.581:260): avc: denied { create } for pid=6538 comm="syz.3.218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 86.188744][ T6539] netlink: 32 bytes leftover after parsing attributes in process `syz.3.218'. [ 86.189630][ T40] audit: type=1400 audit(1768331386.581:261): avc: denied { write } for pid=6538 comm="syz.3.218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 86.202753][ T40] audit: type=1400 audit(1768331386.581:262): avc: denied { nlmsg_write } for pid=6538 comm="syz.3.218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 86.269938][ T24] usb 5-1: reset high-speed USB device number 4 using dummy_hcd [ 86.398496][ T40] audit: type=1400 audit(1768331386.801:263): avc: denied { setattr } for pid=5942 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 86.430405][ T24] usb 5-1: device firmware changed [ 86.448719][ T9] usb 5-1: USB disconnect, device number 4 [ 86.450777][ T29] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 86.608028][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 86.632071][ T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 86.637183][ T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 86.641991][ T29] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 86.647632][ T29] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 86.651666][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.658118][ T29] usb 6-1: config 0 descriptor?? [ 86.761456][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 86.765062][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 86.770626][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 86.776624][ T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 86.780527][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.783777][ T9] usb 5-1: Product: syz [ 86.785407][ T9] usb 5-1: Manufacturer: syz [ 86.787323][ T9] usb 5-1: SerialNumber: syz [ 87.002066][ T6516] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 87.006237][ T6516] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 87.037577][ T9] usb 5-1: 0:2 : does not exist [ 87.053267][ T9] usb 5-1: USB disconnect, device number 5 [ 87.079724][ T5947] udevd[5947]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 87.099832][ T29] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 87.351739][ T34] usb 6-1: USB disconnect, device number 3 [ 87.524689][ T6562] netlink: 360 bytes leftover after parsing attributes in process `syz.2.229'. [ 87.772662][ T6576] netlink: 16 bytes leftover after parsing attributes in process `syz.0.236'. [ 87.781016][ T1218] bond0: (slave bond_slave_0): interface is now down [ 87.784009][ T1218] bond0: (slave bond_slave_1): interface is now down [ 87.792225][ T1218] bond0: now running without any active interface! [ 87.960492][ T6587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.242'. [ 88.021163][ T6593] rtc_cmos 00:05: Alarms can be up to one day in the future [ 88.034487][ T6595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.244'. [ 88.263179][ T6607] loop7: detected capacity change from 0 to 16384 [ 88.320412][ T6607] loop7: detected capacity change from 16384 to 16383 [ 88.626078][ T5982] rtc_cmos 00:05: Alarms can be up to one day in the future [ 88.631404][ T5982] rtc_cmos 00:05: Alarms can be up to one day in the future [ 88.635629][ T5982] rtc_cmos 00:05: Alarms can be up to one day in the future [ 88.639635][ T5982] rtc_cmos 00:05: Alarms can be up to one day in the future [ 88.642584][ T5982] rtc rtc0: __rtc_set_alarm: err=-22 [ 89.551058][ T6647] Driver unsupported XDP return value 0 on prog (id 13) dev N/A, expect packet loss! [ 89.979560][ T6027] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 90.141653][ T6027] usb 5-1: Using ep0 maxpacket: 16 [ 90.145322][ T6027] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.152010][ T6027] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 90.157301][ T6027] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 90.161750][ T6027] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.167065][ T6027] usb 5-1: config 0 descriptor?? [ 90.926867][ T40] kauditd_printk_skb: 15 callbacks suppressed [ 90.926881][ T40] audit: type=1400 audit(1768331391.331:279): avc: denied { create } for pid=6684 comm="syz.2.285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 90.944573][ T40] audit: type=1400 audit(1768331391.351:280): avc: denied { ioctl } for pid=6684 comm="syz.2.285" path="socket:[12583]" dev="sockfs" ino=12583 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 90.984489][ T6027] usbhid 5-1:0.0: can't add hid device: -71 [ 90.989592][ T6027] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 90.996650][ T6027] usb 5-1: USB disconnect, device number 6 [ 91.093168][ T6695] netlink: 20 bytes leftover after parsing attributes in process `syz.1.290'. [ 91.304830][ T5947] udevd[5947]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 91.676444][ T6718] netlink: 40 bytes leftover after parsing attributes in process `syz.2.299'. [ 91.680462][ T6718] netlink: 32 bytes leftover after parsing attributes in process `syz.2.299'. [ 91.790592][ T40] audit: type=1400 audit(1768331392.201:281): avc: denied { setopt } for pid=6722 comm="syz.2.301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 91.797811][ T40] audit: type=1400 audit(1768331392.201:282): avc: denied { connect } for pid=6722 comm="syz.2.301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 91.827459][ T40] audit: type=1400 audit(1768331392.211:283): avc: denied { write } for pid=6722 comm="syz.2.301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 92.002883][ T6731] PID 6731 killed due to inadequate hugepage pool [ 92.051224][ T40] audit: type=1400 audit(1768331392.461:284): avc: denied { mounton } for pid=6736 comm="syz.0.307" path="/52/file0" dev="tmpfs" ino=281 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 92.069644][ T40] audit: type=1400 audit(1768331392.471:285): avc: denied { mount } for pid=6736 comm="syz.0.307" name="/" dev="autofs" ino=11925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 92.098423][ T40] audit: type=1400 audit(1768331392.501:286): avc: denied { unmount } for pid=5943 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 92.151513][ T1025] cfg80211: failed to load regulatory.db [ 92.184686][ T40] audit: type=1400 audit(1768331392.591:287): avc: denied { remount } for pid=6738 comm="syz.0.308" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 92.320641][ T40] audit: type=1400 audit(1768331392.731:288): avc: denied { read write } for pid=6746 comm="syz.0.312" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 92.553540][ T6759] vcan0: tx drop: invalid da for name 0x0000000000000004 [ 92.902737][ T6785] tunl0: Caught tx_queue_len zero misconfig [ 93.009558][ T828] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 93.125374][ T6802] netlink: 4 bytes leftover after parsing attributes in process `syz.1.339'. [ 93.179596][ T828] usb 5-1: Using ep0 maxpacket: 8 [ 93.180921][ T6806] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 93.185472][ T828] usb 5-1: config 0 interface 0 has no altsetting 0 [ 93.191071][ T828] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 93.194945][ T828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.201766][ T828] usb 5-1: config 0 descriptor?? [ 93.429621][ T1025] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 93.581674][ T1025] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 93.586437][ T1025] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 93.599512][ T1025] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 93.603454][ T1025] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.612635][ T6808] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 93.623287][ T828] mcp2221 0003:04D8:00DD.0006: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 93.623634][ T1025] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 93.819715][ T959] usb 5-1: USB disconnect, device number 7 [ 93.838418][ T24] usb 7-1: USB disconnect, device number 3 [ 93.940604][ T828] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 94.091400][ T828] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 94.096034][ T828] usb 6-1: config 0 has no interfaces? [ 94.098435][ T828] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 94.102764][ T828] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.110507][ T828] usb 6-1: config 0 descriptor?? [ 94.321194][ T1025] usb 6-1: USB disconnect, device number 4 [ 95.235046][ T6853] tap0: tun_chr_ioctl cmd 1074025675 [ 95.237176][ T6853] tap0: persist enabled [ 95.239044][ T6853] tap0: tun_chr_ioctl cmd 1074025675 [ 95.241527][ T6853] tap0: persist enabled [ 95.372683][ T6863] team_slave_1: Caught tx_queue_len zero misconfig [ 95.489822][ T6869] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.613020][ T6881] netlink: 44 bytes leftover after parsing attributes in process `syz.1.376'. [ 95.969375][ T40] kauditd_printk_skb: 28 callbacks suppressed [ 95.979532][ T40] audit: type=1400 audit(1768331397.373:317): avc: denied { sqpoll } for pid=6902 comm="syz.2.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 96.503835][ T40] audit: type=1400 audit(1768331397.913:318): avc: denied { setopt } for pid=6928 comm="syz.0.397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 96.513234][ T40] audit: type=1400 audit(1768331397.923:319): avc: denied { write } for pid=6928 comm="syz.0.397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 97.437174][ T6947] ip6tnl0: Caught tx_queue_len zero misconfig [ 97.494892][ T6949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.406'. [ 97.499207][ T6949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.406'. [ 97.839588][ T828] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 97.995183][ T828] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.013600][ T828] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.018659][ T828] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 98.024360][ T828] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 98.028149][ T828] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.033799][ T828] usb 7-1: config 0 descriptor?? [ 98.458365][ T828] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 99.743605][ T40] audit: type=1400 audit(1768331401.153:320): avc: denied { write } for pid=6982 comm="syz.0.422" name="raw" dev="proc" ino=4026532918 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 99.894776][ T6987] Bluetooth: MGMT ver 1.23 [ 99.944406][ T40] audit: type=1400 audit(1768331401.353:321): avc: denied { ioctl } for pid=6988 comm="syz.0.425" path="socket:[13054]" dev="sockfs" ino=13054 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 100.269645][ T5982] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 100.429517][ T5982] usb 5-1: Using ep0 maxpacket: 16 [ 100.433490][ T5982] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.438750][ T5982] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.443537][ T5982] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 100.448184][ T5982] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 100.453688][ T5982] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.463347][ T5982] usb 5-1: config 0 descriptor?? [ 100.522491][ T828] usb 7-1: USB disconnect, device number 4 [ 100.627896][ T40] audit: type=1400 audit(1768331402.033:322): avc: denied { watch } for pid=6996 comm="syz.2.429" path="/151" dev="tmpfs" ino=784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 100.715033][ T40] audit: type=1400 audit(1768331402.123:323): avc: denied { setattr } for pid=6998 comm="syz.2.430" name="#b" dev="tmpfs" ino=803 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 100.725435][ T40] audit: type=1400 audit(1768331402.133:324): avc: denied { rename } for pid=6998 comm="syz.2.430" name="#b" dev="tmpfs" ino=803 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 100.736939][ T40] audit: type=1400 audit(1768331402.133:325): avc: denied { link } for pid=6998 comm="syz.2.430" name="00fb2100010b7e99b78c9e4320ae9afe6d17f78c2a0b2eded21b03000000000000" dev="tmpfs" ino=803 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 100.895211][ T5982] input: HID 0955:7214 Haptics as /devices/virtual/input/input7 [ 100.952253][ T5982] shield 0003:0955:7214.0008: Registered Thunderstrike controller [ 100.955835][ T5982] shield 0003:0955:7214.0008: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 100.990244][ T7005] netlink: 12 bytes leftover after parsing attributes in process `syz.2.432'. [ 101.086934][ T5982] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 101.087048][ T1025] usb 5-1: USB disconnect, device number 8 [ 101.092094][ T5982] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 101.092266][ T5982] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 101.092325][ T5982] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 101.549839][ T40] audit: type=1400 audit(1768331402.953:326): avc: denied { execute } for pid=7008 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 101.559498][ T40] audit: type=1400 audit(1768331402.963:327): avc: denied { execute_no_trans } for pid=7008 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 101.654602][ T40] audit: type=1400 audit(1768331403.063:328): avc: denied { setopt } for pid=7009 comm="syz.2.435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 101.666100][ T5953] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 101.672039][ T5953] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 101.678277][ T40] audit: type=1400 audit(1768331403.083:329): avc: denied { connect } for pid=7009 comm="syz.2.435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 101.692466][ T5953] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 101.702437][ T5953] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 101.705650][ T5953] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 101.733206][ T40] audit: type=1400 audit(1768331403.143:330): avc: denied { read } for pid=7015 comm="syz.0.437" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 101.971912][ T7011] chnl_net:caif_netlink_parms(): no params data found [ 102.060672][ T7011] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.064908][ T7011] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.068052][ T7011] bridge_slave_0: entered allmulticast mode [ 102.071962][ T7011] bridge_slave_0: entered promiscuous mode [ 102.366701][ T7011] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.369575][ T7011] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.372165][ T7011] bridge_slave_1: entered allmulticast mode [ 102.375599][ T7011] bridge_slave_1: entered promiscuous mode [ 102.413012][ T1148] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.435575][ T40] audit: type=1400 audit(1768331403.843:331): avc: denied { prog_load } for pid=7039 comm="syz.2.445" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 102.457339][ T7011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.468132][ T7011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.543142][ T1148] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.561165][ T7011] team0: Port device team_slave_0 added [ 102.565910][ T7011] team0: Port device team_slave_1 added [ 102.605666][ T7011] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.609222][ T7011] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.629523][ T7011] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.656458][ T7011] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.673745][ T7011] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.685183][ T7011] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.723051][ T1148] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.758854][ T7011] hsr_slave_0: entered promiscuous mode [ 102.761917][ T7011] hsr_slave_1: entered promiscuous mode [ 102.765102][ T7011] debugfs: 'hsr0' already exists in 'hsr' [ 102.767375][ T7011] Cannot create hsr debugfs directory [ 102.854902][ T1148] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.103142][ T7011] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 103.116346][ T7011] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 103.149178][ T7011] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 103.188961][ T7011] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 103.215789][ T1148] bridge_slave_1: left allmulticast mode [ 103.218564][ T1148] bridge_slave_1: left promiscuous mode [ 103.223037][ T1148] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.231584][ T1148] bridge_slave_0: left allmulticast mode [ 103.234997][ T1148] bridge_slave_0: left promiscuous mode [ 103.238372][ T1148] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.311355][ T40] audit: type=1400 audit(1768331404.713:332): avc: denied { bind } for pid=7068 comm="syz.0.456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 103.636618][ T1148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.643409][ T1148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.648789][ T1148] bond0 (unregistering): Released all slaves [ 103.742542][ T5953] Bluetooth: hci4: command tx timeout [ 103.769189][ T40] audit: type=1400 audit(1768331405.163:333): avc: denied { search } for pid=5646 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 103.779911][ T40] audit: type=1400 audit(1768331405.163:334): avc: denied { search } for pid=5646 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 103.804597][ T40] audit: type=1400 audit(1768331405.163:335): avc: denied { search } for pid=5646 comm="dhcpcd" name="data" dev="tmpfs" ino=14 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 103.917934][ T7011] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.948489][ T7011] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.956515][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.959701][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.987710][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.990832][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.113455][ T7101] netlink: 'syz.0.466': attribute type 29 has an invalid length. [ 104.124966][ T7101] netlink: 'syz.0.466': attribute type 29 has an invalid length. [ 104.131366][ T7101] netlink: 500 bytes leftover after parsing attributes in process `syz.0.466'. [ 104.135143][ T7101] unsupported nla_type 58 [ 104.182891][ T1148] hsr_slave_0: left promiscuous mode [ 104.186012][ T1148] hsr_slave_1: left promiscuous mode [ 104.188933][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 104.192453][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 104.196461][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.201989][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 104.222391][ T1148] veth1_macvtap: left promiscuous mode [ 104.226293][ T1148] veth0_macvtap: left promiscuous mode [ 104.228715][ T1148] veth1_vlan: left promiscuous mode [ 104.232747][ T1148] veth0_vlan: left promiscuous mode [ 104.662688][ T1148] team0 (unregistering): Port device team_slave_1 removed [ 104.701085][ T1148] team0 (unregistering): Port device team_slave_0 removed [ 105.126658][ T7011] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.377277][ T7011] veth0_vlan: entered promiscuous mode [ 105.384813][ T7011] veth1_vlan: entered promiscuous mode [ 105.420469][ T7011] veth0_macvtap: entered promiscuous mode [ 105.425064][ T7011] veth1_macvtap: entered promiscuous mode [ 105.446928][ T7011] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.458279][ T7011] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.468603][ T1218] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.478627][ T1218] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.496331][ T7167] netlink: 92 bytes leftover after parsing attributes in process `syz.2.483'. [ 105.498919][ T1218] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.505429][ T1218] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.583734][ T7171] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 105.588316][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.591732][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.643962][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.658524][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.815430][ T5953] Bluetooth: hci4: command tx timeout [ 105.843714][ T7195] veth0_to_hsr: Caught tx_queue_len zero misconfig [ 106.362804][ T7238] netlink: 'syz.0.512': attribute type 39 has an invalid length. [ 106.393716][ T7240] binder: 7239:7240 ioctl c0306201 2000000004c0 returned -22 [ 106.673507][ T40] kauditd_printk_skb: 16 callbacks suppressed [ 106.673575][ T40] audit: type=1400 audit(1768331408.083:352): avc: denied { watch watch_reads } for pid=7262 comm="syz.2.524" path="pipe:[15721]" dev="pipefs" ino=15721 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 106.696215][ T40] audit: type=1400 audit(1768331408.103:353): avc: denied { listen } for pid=7260 comm="syz.0.522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 106.704136][ T40] audit: type=1400 audit(1768331408.103:354): avc: denied { accept } for pid=7260 comm="syz.0.522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 106.748552][ T40] audit: type=1400 audit(1768331408.153:355): avc: denied { map } for pid=7268 comm="syz.4.525" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 106.768066][ T40] audit: type=1400 audit(1768331408.153:356): avc: denied { execute } for pid=7268 comm="syz.4.525" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 106.810020][ T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 106.982264][ T9] usb 6-1: config index 0 descriptor too short (expected 39, got 27) [ 106.985734][ T9] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 106.993909][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 106.998845][ T9] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 107.003686][ T9] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 107.007181][ T9] usb 6-1: Product: syz [ 107.009015][ T9] usb 6-1: Manufacturer: syz [ 107.011858][ T9] usb 6-1: SerialNumber: syz [ 107.020323][ T9] usb 6-1: config 0 descriptor?? [ 107.026334][ T9] hub 6-1:0.0: bad descriptor, ignoring hub [ 107.029956][ T9] hub 6-1:0.0: probe with driver hub failed with error -5 [ 107.038813][ T9] usb 6-1: selecting invalid altsetting 0 [ 107.049497][ T6027] usb 7-1: new low-speed USB device number 5 using dummy_hcd [ 107.071256][ T7287] netlink: 28 bytes leftover after parsing attributes in process `syz.4.532'. [ 107.074836][ T7287] netlink: 'syz.4.532': attribute type 7 has an invalid length. [ 107.077919][ T7287] netlink: 'syz.4.532': attribute type 8 has an invalid length. [ 107.082226][ T7287] netlink: 4 bytes leftover after parsing attributes in process `syz.4.532'. [ 107.232690][ T6027] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 107.235918][ T6027] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 107.240768][ T6027] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.245744][ T6027] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 107.251860][ T6027] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 107.258020][ T6027] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 107.261542][ T6027] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 107.266102][ T6027] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.271116][ T6027] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 107.275989][ T6027] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 107.281942][ T6027] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 107.285244][ T6027] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 107.289947][ T6027] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.295164][ T6027] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 107.300317][ T6027] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 107.308819][ T6027] usb 7-1: string descriptor 0 read error: -22 [ 107.312166][ T6027] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 107.316081][ T6027] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.330658][ T6027] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 107.592939][ T7313] netlink: 'syz.0.542': attribute type 10 has an invalid length. [ 107.602066][ T7313] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.606702][ T7313] bridge_slave_1: left allmulticast mode [ 107.608608][ T7313] bridge_slave_1: left promiscuous mode [ 107.612449][ T7313] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.620130][ T7313] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 107.769565][ T61] bond0: (slave bridge_slave_1): interface is now down [ 107.773396][ T61] bond0: now running without any active interface! [ 107.832330][ T7323] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 107.890561][ T5953] Bluetooth: hci4: command tx timeout [ 107.944551][ T24] usb 6-1: USB disconnect, device number 5 [ 108.129934][ T24] usb 6-1: new low-speed USB device number 6 using dummy_hcd [ 108.159008][ T7336] netlink: 20 bytes leftover after parsing attributes in process `syz.4.551'. [ 108.201737][ T40] audit: type=1400 audit(1768331409.613:357): avc: denied { read } for pid=7337 comm="syz.0.552" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 108.244881][ T40] audit: type=1400 audit(1768331409.653:358): avc: denied { append } for pid=7341 comm="syz.0.554" name="hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 108.269503][ T40] audit: type=1400 audit(1768331409.663:359): avc: denied { map } for pid=7341 comm="syz.0.554" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 108.308352][ T24] usb 6-1: unable to get BOS descriptor or descriptor too short [ 108.309554][ T40] audit: type=1400 audit(1768331409.663:360): avc: denied { execute } for pid=7341 comm="syz.0.554" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 108.319105][ T24] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 108.329514][ T24] usb 6-1: can't read configurations, error -71 [ 108.669539][ T6027] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 108.829553][ T6027] usb 9-1: Using ep0 maxpacket: 8 [ 108.833590][ T6027] usb 9-1: config 0 interface 0 has no altsetting 0 [ 108.836720][ T6027] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 108.841374][ T6027] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.851399][ T6027] usb 9-1: config 0 descriptor?? [ 109.237148][ T40] audit: type=1400 audit(1768331410.643:361): avc: denied { write } for pid=7371 comm="syz.1.567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 109.287371][ T6027] mcp2221 0003:04D8:00DD.0009: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 109.480360][ T7350] i2c i2c-2: unsupported multi-msg i2c transaction [ 109.490938][ T6027] usb 9-1: USB disconnect, device number 2 [ 109.650280][ T5982] usb 7-1: USB disconnect, device number 5 [ 109.970372][ T5953] Bluetooth: hci4: command tx timeout [ 110.486235][ T7415] vxlan0: entered promiscuous mode [ 110.488822][ T7415] vxlan0: entered allmulticast mode [ 110.491974][ T1218] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.499658][ T1218] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.504907][ T1218] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.519508][ T1218] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.719643][ T1025] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 110.882027][ T1025] usb 9-1: config 0 has no interfaces? [ 110.886324][ T1025] usb 9-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 110.890466][ T1025] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.894429][ T1025] usb 9-1: Product: syz [ 110.896431][ T1025] usb 9-1: Manufacturer: syz [ 110.898428][ T1025] usb 9-1: SerialNumber: syz [ 110.911598][ T1025] usb 9-1: config 0 descriptor?? [ 111.137444][ T7456] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 111.249605][ T5982] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 111.322465][ T7413] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.326147][ T7413] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.345309][ T1025] usb 9-1: USB disconnect, device number 3 [ 111.408802][ T5982] usb 5-1: Using ep0 maxpacket: 8 [ 111.415354][ T5982] usb 5-1: config 0 interface 0 has no altsetting 0 [ 111.418467][ T5982] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 111.423702][ T5982] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.430794][ T5982] usb 5-1: config 0 descriptor?? [ 111.494744][ T7479] vcan0: tx address claim with different name [ 111.840509][ T40] kauditd_printk_skb: 6 callbacks suppressed [ 111.840527][ T40] audit: type=1400 audit(1768331413.243:368): avc: denied { read } for pid=7499 comm="syz.2.599" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 111.866120][ T5982] mcp2221 0003:04D8:00DD.000A: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 112.060550][ T24] usb 5-1: USB disconnect, device number 9 [ 112.180471][ T7519] veth0_to_bridge: Caught tx_queue_len zero misconfig [ 112.303699][ T7524] netlink: 4 bytes leftover after parsing attributes in process `syz.2.609'. [ 112.321325][ T7524] bond1: Invalid ad_actor_system MAC address. [ 112.324317][ T7524] bond1: option ad_actor_system: invalid value (255) [ 112.329254][ T7524] bond1 (unregistering): Released all slaves [ 112.938311][ T40] audit: type=1400 audit(1768331414.343:369): avc: denied { watch_reads } for pid=7553 comm="syz.0.622" path="/164" dev="tmpfs" ino=864 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 113.147836][ T7570] netlink: 20 bytes leftover after parsing attributes in process `syz.1.630'. [ 113.245771][ T40] audit: type=1400 audit(1768331414.653:370): avc: denied { relabelfrom } for pid=7578 comm="syz.0.634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 113.258561][ T40] audit: type=1400 audit(1768331414.663:371): avc: denied { relabelto } for pid=7578 comm="syz.0.634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 113.427818][ T40] audit: type=1400 audit(1768331414.833:372): avc: denied { read write } for pid=7584 comm="syz.4.636" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 113.437604][ T40] audit: type=1400 audit(1768331414.833:373): avc: denied { open } for pid=7584 comm="syz.4.636" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 113.455494][ T40] audit: type=1400 audit(1768331414.843:374): avc: denied { ioctl } for pid=7584 comm="syz.4.636" path="/dev/ppp" dev="devtmpfs" ino=730 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 113.499678][ T7587] netlink: 'syz.0.638': attribute type 9 has an invalid length. [ 113.550922][ T40] audit: type=1400 audit(1768331414.963:375): avc: denied { connect } for pid=7591 comm="syz.0.640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 113.754556][ T40] audit: type=1400 audit(1768331415.163:376): avc: denied { bind } for pid=7605 comm="syz.0.646" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 113.763488][ T40] audit: type=1400 audit(1768331415.173:377): avc: denied { listen } for pid=7605 comm="syz.0.646" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 113.927565][ T7618] bond1: option downdelay: invalid value (18446744073709551615) [ 113.931212][ T7618] bond1: option downdelay: allowed values 0 - 2147483647 [ 113.935856][ T7618] bond1 (unregistering): Released all slaves [ 114.163583][ T7637] netlink: 68 bytes leftover after parsing attributes in process `syz.1.660'. [ 114.210352][ T7639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.661'. [ 114.609567][ T6027] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 114.772747][ T6027] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 114.777255][ T6027] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.781869][ T6027] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.785942][ T6027] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 114.792579][ T6027] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 114.796348][ T6027] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 114.799811][ T6027] usb 9-1: Manufacturer: syz [ 114.804035][ T6027] usb 9-1: config 0 descriptor?? [ 115.222931][ T6027] hid_parser_main: 28 callbacks suppressed [ 115.222950][ T6027] appleir 0003:05AC:8243.000B: unknown main item tag 0x0 [ 115.244089][ T6027] appleir 0003:05AC:8243.000B: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 115.871979][ T7707] netlink: 'syz.2.688': attribute type 12 has an invalid length. [ 115.875666][ T7707] netlink: 'syz.2.688': attribute type 29 has an invalid length. [ 115.878827][ T7707] netlink: 148 bytes leftover after parsing attributes in process `syz.2.688'. [ 115.882904][ T7707] netlink: 'syz.2.688': attribute type 1 has an invalid length. [ 115.885961][ T7707] netlink: 43 bytes leftover after parsing attributes in process `syz.2.688'. [ 115.949144][ T7711] tap1: tun_chr_ioctl cmd 1074025675 [ 115.951660][ T7711] tap1: persist enabled [ 115.954365][ T7711] tap1: tun_chr_ioctl cmd 1074025675 [ 115.956661][ T7711] tap1: persist disabled [ 116.541254][ T53] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 117.311039][ T53] usb 9-1: USB disconnect, device number 4 [ 117.590743][ T7761] netlink: 28 bytes leftover after parsing attributes in process `syz.1.707'. [ 117.595063][ T7761] netlink: 28 bytes leftover after parsing attributes in process `syz.1.707'. [ 117.669627][ T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 117.674357][ T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 117.678124][ T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 117.686948][ T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 117.691174][ T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 117.730632][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 117.730647][ T40] audit: type=1400 audit(1768331419.143:392): avc: denied { bind } for pid=7773 comm="syz.1.712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 117.732668][ T5944] Bluetooth: hci4: command 0x0405 tx timeout [ 117.868954][ T7769] chnl_net:caif_netlink_parms(): no params data found [ 118.003372][ T7769] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.007302][ T7769] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.019652][ T7769] bridge_slave_0: entered allmulticast mode [ 118.026232][ T7769] bridge_slave_0: entered promiscuous mode [ 118.053979][ T7769] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.057058][ T7769] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.060318][ T7769] bridge_slave_1: entered allmulticast mode [ 118.064825][ T7769] bridge_slave_1: entered promiscuous mode [ 118.109377][ T7769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 118.115218][ T7769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 118.118104][ T40] audit: type=1400 audit(1768331419.523:393): avc: denied { unlink } for pid=7804 comm="syz.1.724" name="#f" dev="tmpfs" ino=1099 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 118.122906][ T7805] overlay: filesystem on ./bus not supported as upperdir [ 118.166158][ T7769] team0: Port device team_slave_0 added [ 118.170995][ T7769] team0: Port device team_slave_1 added [ 118.193340][ T40] audit: type=1400 audit(1768331419.603:394): avc: denied { listen } for pid=7810 comm="syz.0.727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 118.197245][ T7769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 118.204520][ T7769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 118.206691][ T40] audit: type=1400 audit(1768331419.613:395): avc: denied { accept } for pid=7810 comm="syz.0.727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 118.215392][ T7769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 118.229147][ T7769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 118.232361][ T7769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 118.242228][ T7769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 118.270164][ T7769] hsr_slave_0: entered promiscuous mode [ 118.272628][ T7769] hsr_slave_1: entered promiscuous mode [ 118.429297][ T7769] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.546751][ T7769] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.610936][ T7769] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.687795][ T7769] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.840886][ T7769] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 118.847507][ T7769] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 118.854598][ T7769] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 118.860715][ T7769] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 118.908905][ T7769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.927998][ T7769] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.938450][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.940908][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.948632][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.951181][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.113909][ T7769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.152921][ T7769] veth0_vlan: entered promiscuous mode [ 119.162124][ T7769] veth1_vlan: entered promiscuous mode [ 119.186678][ T7769] veth0_macvtap: entered promiscuous mode [ 119.192882][ T7769] veth1_macvtap: entered promiscuous mode [ 119.207011][ T7769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.213993][ T7769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.225434][ T1218] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.229157][ T1218] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.234359][ T1218] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.238173][ T1218] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.294289][ T1218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.297213][ T1218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.321026][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.324762][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.346219][ T40] audit: type=1400 audit(1768331420.753:396): avc: denied { mounton } for pid=7769 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 119.401440][ T7849] netlink: 220 bytes leftover after parsing attributes in process `syz.2.708'. [ 119.730551][ T5944] Bluetooth: hci0: command tx timeout [ 120.028407][ T40] audit: type=1400 audit(1768331421.433:397): avc: denied { bind } for pid=7867 comm="syz.2.746" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 120.308670][ T7888] netlink: 'syz.2.756': attribute type 10 has an invalid length. [ 120.313835][ T7888] netlink: 40 bytes leftover after parsing attributes in process `syz.2.756'. [ 120.317652][ T7888] dummy0: entered promiscuous mode [ 120.321713][ T7888] bridge0: port 3(dummy0) entered blocking state [ 120.324775][ T7888] bridge0: port 3(dummy0) entered disabled state [ 120.327946][ T7888] dummy0: entered allmulticast mode [ 120.333553][ T7888] bridge0: port 3(dummy0) entered blocking state [ 120.336810][ T7888] bridge0: port 3(dummy0) entered forwarding state [ 120.438591][ T40] audit: type=1400 audit(1768331421.843:398): avc: denied { map } for pid=7897 comm="syz.1.761" path="socket:[20692]" dev="sockfs" ino=20692 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 120.449713][ T40] audit: type=1400 audit(1768331421.843:399): avc: denied { read accept } for pid=7897 comm="syz.1.761" path="socket:[20692]" dev="sockfs" ino=20692 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 120.579492][ T40] audit: type=1400 audit(1768331421.983:400): avc: denied { ioctl } for pid=7903 comm="syz.2.764" path="/dev/nullb0" dev="devtmpfs" ino=707 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 120.600312][ T6027] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 120.761258][ T6027] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 120.764836][ T6027] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 120.770606][ T6027] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 120.777311][ T6027] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 120.782617][ T6027] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.786143][ T6027] usb 5-1: Product: syz [ 120.787968][ T6027] usb 5-1: Manufacturer: syz [ 120.792044][ T6027] usb 5-1: SerialNumber: syz [ 120.953082][ T7925] netlink: 64 bytes leftover after parsing attributes in process `syz.1.773'. [ 121.029671][ T6027] usb 5-1: USB disconnect, device number 10 [ 121.032722][ T7927] input: syz0 as /devices/virtual/input/input9 [ 121.037278][ T40] audit: type=1400 audit(1768331422.443:401): avc: denied { read } for pid=5329 comm="acpid" name="js0" dev="devtmpfs" ino=2970 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 121.058470][ T5947] udevd[5947]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 121.296014][ T7936] sp0: Synchronizing with TNC [ 121.503223][ T7946] af_packet: tpacket_rcv: packet too big, clamped from 39 to 4294967272. macoff=96 [ 121.819549][ T5944] Bluetooth: hci0: command tx timeout [ 121.974767][ T7972] netlink: 48 bytes leftover after parsing attributes in process `syz.0.795'. [ 122.182330][ T7981] netlink: 52 bytes leftover after parsing attributes in process `syz.0.799'. [ 122.316573][ T7986] netlink: 'syz.0.801': attribute type 11 has an invalid length. [ 122.512500][ T7996] netlink: 8 bytes leftover after parsing attributes in process `syz.1.806'. [ 122.519164][ T7996] netlink: 'syz.1.806': attribute type 30 has an invalid length. [ 122.532302][ T7998] loop6: detected capacity change from 0 to 2640 [ 122.539252][ T7998] Buffer I/O error on dev loop6, logical block 0, async page read [ 122.545249][ T7998] Buffer I/O error on dev loop6, logical block 0, async page read [ 122.548895][ T7998] Buffer I/O error on dev loop6, logical block 0, async page read [ 122.552407][ T7998] Buffer I/O error on dev loop6, logical block 0, async page read [ 122.555808][ T7998] Buffer I/O error on dev loop6, logical block 0, async page read [ 122.573211][ T7998] Buffer I/O error on dev loop6, logical block 0, async page read [ 122.577080][ T7998] Buffer I/O error on dev loop6, logical block 0, async page read [ 122.581475][ T7998] Buffer I/O error on dev loop6, logical block 0, async page read [ 122.585166][ T7998] ldm_validate_partition_table(): Disk read failed. [ 122.588034][ T7998] Buffer I/O error on dev loop6, logical block 0, async page read [ 122.595415][ T7998] Buffer I/O error on dev loop6, logical block 0, async page read [ 122.598865][ T7998] Dev loop6: unable to read RDB block 0 [ 122.609936][ T7998] loop6: unable to read partition table [ 122.614370][ T7998] loop_reread_partitions: partition scan of loop6 (3„ ¾‚³˜) failed (rc=-5) [ 122.753266][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 122.753283][ T40] audit: type=1400 audit(1768331424.163:411): avc: denied { ioctl } for pid=8004 comm="syz.2.810" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x9425 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 123.121735][ T40] audit: type=1400 audit(1768331424.523:412): avc: denied { read } for pid=8035 comm="syz.0.822" path="socket:[18170]" dev="sockfs" ino=18170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 123.349187][ T8048] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.829'. [ 123.639871][ T5944] block nbd1: Receive control failed (result -32) [ 123.643000][ T8016] block nbd1: shutting down sockets [ 123.707880][ T8066] Bluetooth: MGMT ver 1.23 [ 123.755132][ T40] audit: type=1400 audit(1768331425.163:413): avc: denied { setopt } for pid=8067 comm="syz.1.838" lport=57433 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 123.777993][ T8072] input: syz1 as /devices/virtual/input/input10 [ 123.875080][ T40] audit: type=1400 audit(1768331425.283:414): avc: denied { setopt } for pid=8078 comm="syz.1.842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 123.889843][ T40] audit: type=1400 audit(1768331425.293:415): avc: denied { ioctl } for pid=8078 comm="syz.1.842" path="socket:[20196]" dev="sockfs" ino=20196 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 123.911315][ T5944] Bluetooth: hci0: command tx timeout [ 123.915411][ T8081] loop4: detected capacity change from 0 to 2560 [ 124.081220][ T8090] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 124.085752][ T8090] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 124.090358][ T8090] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 124.096741][ T8090] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 124.101774][ T8090] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 124.105345][ T8090] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 124.108904][ T8090] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 124.112598][ T8090] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 124.116112][ T8090] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 124.119656][ T8090] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 124.169277][ T5944] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 124.173704][ T5944] CPU: 3 UID: 0 PID: 5944 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) [ 124.173732][ T5944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.173744][ T5944] Workqueue: hci0 hci_rx_work [ 124.173769][ T5944] Call Trace: [ 124.173776][ T5944] [ 124.173784][ T5944] dump_stack_lvl+0x16c/0x1f0 [ 124.173809][ T5944] sysfs_warn_dup+0x7f/0xa0 [ 124.173831][ T5944] sysfs_create_dir_ns+0x24b/0x2b0 [ 124.173850][ T5944] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 124.173867][ T5944] ? find_held_lock+0x2b/0x80 [ 124.173894][ T5944] ? do_raw_spin_unlock+0x172/0x230 [ 124.173917][ T5944] kobject_add_internal+0x2c4/0x9d0 [ 124.173944][ T5944] kobject_add+0x16e/0x240 [ 124.173967][ T5944] ? __pfx_kobject_add+0x10/0x10 [ 124.173993][ T5944] ? kobject_put+0xaf/0x6f0 [ 124.174013][ T5944] ? _raw_spin_unlock+0x28/0x50 [ 124.174080][ T5944] device_add+0x288/0x1980 [ 124.174098][ T5944] ? __pfx_dev_set_name+0x10/0x10 [ 124.174116][ T5944] ? __pfx_device_add+0x10/0x10 [ 124.174132][ T5944] ? mgmt_send_event_skb+0x2fb/0x460 [ 124.174155][ T5944] hci_conn_add_sysfs+0x1a8/0x260 [ 124.174176][ T5944] le_conn_complete_evt+0x11ed/0x1fa0 [ 124.174201][ T5944] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 124.174225][ T5944] hci_le_conn_complete_evt+0x23c/0x3a0 [ 124.174249][ T5944] hci_le_meta_evt+0x357/0x610 [ 124.174267][ T5944] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 124.174288][ T5944] hci_event_packet+0x685/0x1210 [ 124.174307][ T5944] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 124.174326][ T5944] ? __pfx_hci_event_packet+0x10/0x10 [ 124.174347][ T5944] ? kcov_remote_start+0x399/0x680 [ 124.174605][ T5944] ? lockdep_hardirqs_on+0x7c/0x110 [ 124.174641][ T5944] hci_rx_work+0x2c9/0x1020 [ 124.174666][ T5944] process_one_work+0x9ba/0x1b20 [ 124.174699][ T5944] ? __pfx_process_one_work+0x10/0x10 [ 124.174723][ T5944] ? assign_work+0x1a0/0x250 [ 124.174746][ T5944] worker_thread+0x6c8/0xf10 [ 124.174772][ T5944] ? __kthread_parkme+0x19e/0x250 [ 124.174786][ T5944] ? __pfx_worker_thread+0x10/0x10 [ 124.174804][ T5944] kthread+0x3c5/0x780 [ 124.174822][ T5944] ? __pfx_kthread+0x10/0x10 [ 124.174840][ T5944] ? rcu_is_watching+0x12/0xc0 [ 124.174855][ T5944] ? __pfx_kthread+0x10/0x10 [ 124.174872][ T5944] ret_from_fork+0x983/0xb10 [ 124.174890][ T5944] ? __pfx_ret_from_fork+0x10/0x10 [ 124.174905][ T5944] ? rcu_is_watching+0x12/0xc0 [ 124.174921][ T5944] ? __switch_to+0x7af/0x10d0 [ 124.174942][ T5944] ? __pfx_kthread+0x10/0x10 [ 124.174961][ T5944] ret_from_fork_asm+0x1a/0x30 [ 124.175000][ T5944] [ 124.175029][ T5944] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 124.294580][ T5944] Bluetooth: hci0: failed to register connection device [ 124.496264][ T40] audit: type=1400 audit(1768331425.903:416): avc: denied { append } for pid=8111 comm="syz.2.858" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 124.742500][ T8121] netlink: 4 bytes leftover after parsing attributes in process `syz.4.862'. [ 124.747110][ T8121] chnl_net:caif_netlink_parms(): no params data found [ 124.936969][ T8132] netlink: 4 bytes leftover after parsing attributes in process `syz.0.867'. [ 125.014881][ T8132] team0: Port device team_slave_1 removed [ 125.035037][ T8135] netlink: 212324 bytes leftover after parsing attributes in process `syz.1.868'. [ 125.462990][ T8147] team0 (unregistering): Port device team_slave_0 removed [ 125.494323][ T8147] team0 (unregistering): Port device team_slave_1 removed [ 125.837171][ T8186] netlink: 156 bytes leftover after parsing attributes in process `syz.2.887'. [ 125.898625][ T40] audit: type=1400 audit(1768331427.303:417): avc: denied { ioctl } for pid=8189 comm="syz.4.889" path="socket:[21127]" dev="sockfs" ino=21127 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 125.945937][ T40] audit: type=1400 audit(1768331427.353:418): avc: denied { name_bind } for pid=8192 comm="syz.2.891" src=65530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=rawip_socket permissive=1 [ 125.983577][ T5944] Bluetooth: hci0: command tx timeout [ 126.148059][ T8211] netlink: 20 bytes leftover after parsing attributes in process `syz.0.899'. [ 126.649543][ T1025] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 126.789857][ T5982] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 126.829762][ T1025] usb 9-1: Using ep0 maxpacket: 8 [ 126.849897][ T1025] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 126.854249][ T1025] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.873917][ T1025] pvrusb2: Hardware description: Terratec Grabster AV400 [ 126.877998][ T1025] pvrusb2: ********** [ 126.882988][ T1025] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 126.886749][ T1025] pvrusb2: Important functionality might not be entirely working. [ 126.890321][ T1025] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 126.894860][ T1025] pvrusb2: ********** [ 126.941256][ T5982] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 126.944895][ T5982] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.951897][ T5982] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 126.959565][ T5982] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 126.963361][ T5982] usb 6-1: Manufacturer: syz [ 126.968982][ T5982] usb 6-1: config 0 descriptor?? [ 127.039689][ T5982] rc_core: IR keymap rc-hauppauge not found [ 127.043811][ T5982] Registered IR keymap rc-empty [ 127.050051][ T5982] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 127.058307][ T5982] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input11 [ 127.076654][ T2493] pvrusb2: Invalid write control endpoint [ 127.139565][ T40] audit: type=1400 audit(1768331428.543:419): avc: denied { read } for pid=8251 comm="syz.0.916" path="socket:[22605]" dev="sockfs" ino=22605 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 127.172239][ T2493] pvrusb2: Invalid write control endpoint [ 127.178819][ T2493] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 127.186129][ T2493] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 127.189691][ T2493] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 127.210957][ T2493] pvrusb2: Device being rendered inoperable [ 127.216165][ T2493] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 127.219360][ T2493] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 127.221656][ T1025] usb 6-1: USB disconnect, device number 8 [ 127.237664][ T2493] pvrusb2: Attached sub-driver cx25840 [ 127.240524][ T2493] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 127.244456][ T2493] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 127.290751][ T6191] usb 9-1: USB disconnect, device number 5 [ 127.436952][ T8266] netlink: 4 bytes leftover after parsing attributes in process `syz.2.923'. [ 127.963453][ T8286] netlink: 212336 bytes leftover after parsing attributes in process `syz.1.932'. [ 128.388988][ T40] audit: type=1400 audit(1768331429.793:420): avc: denied { mounton } for pid=8308 comm="syz.1.942" path="/257/file0" dev="tmpfs" ino=1358 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 129.723413][ T8384] net_ratelimit: 45 callbacks suppressed [ 129.723430][ T8384] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 129.750029][ T8385] pim6reg1: entered promiscuous mode [ 129.752379][ T8385] pim6reg1: entered allmulticast mode [ 129.805271][ T40] audit: type=1400 audit(1768331431.213:421): avc: denied { relabelfrom } for pid=8389 comm="syz.0.979" name="" dev="pipefs" ino=23613 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 130.206600][ T8421] KVM: debugfs: duplicate directory 8421-4 [ 130.226117][ T40] audit: type=1400 audit(1768331431.633:422): avc: denied { create } for pid=8422 comm="syz.0.995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 130.255924][ T40] audit: type=1400 audit(1768331431.663:423): avc: denied { write } for pid=8422 comm="syz.0.995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 130.293789][ T40] audit: type=1400 audit(1768331431.703:424): avc: denied { create } for pid=8429 comm="syz.2.999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 130.331187][ T40] audit: type=1400 audit(1768331431.703:425): avc: denied { sys_admin } for pid=8429 comm="syz.2.999" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 130.341072][ T5953] Bluetooth: hci0: unexpected event for opcode 0x042d [ 130.616872][ T40] audit: type=1400 audit(1768331432.023:426): avc: denied { mount } for pid=8449 comm="syz.1.1007" name="/" dev="rpc_pipefs" ino=23658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 130.627964][ T40] audit: type=1400 audit(1768331432.033:427): avc: denied { watch watch_reads } for pid=8449 comm="syz.1.1007" path="/278/file0" dev="rpc_pipefs" ino=23658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=dir permissive=1 [ 130.638407][ T40] audit: type=1400 audit(1768331432.043:428): avc: denied { unmount } for pid=8449 comm="syz.1.1007" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 130.719545][ T6027] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 130.869605][ T6027] usb 5-1: Using ep0 maxpacket: 8 [ 130.873585][ T6027] usb 5-1: config 0 interface 0 has no altsetting 0 [ 130.876315][ T6027] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 130.884497][ T6027] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.892696][ T6027] usb 5-1: config 0 descriptor?? [ 131.042359][ T5944] Bluetooth: hci0: Malformed Event: 0x2f [ 131.314035][ T6027] mcp2221 0003:04D8:00DD.000C: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 131.405356][ T40] audit: type=1400 audit(1768331432.813:429): avc: denied { mounton } for pid=8490 comm="syz.2.1026" path="/83/file0" dev="tmpfs" ino=444 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 131.502787][ T8494] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1027'. [ 131.511420][ T6027] usb 5-1: USB disconnect, device number 11 [ 131.589691][ T6191] usb 9-1: new low-speed USB device number 6 using dummy_hcd [ 131.707510][ T8502] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1032'. [ 131.715616][ T8502] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.755047][ T6191] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 131.759108][ T6191] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 73, setting to 8 [ 131.763209][ T6191] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 131.766610][ T6191] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.787648][ T6191] usb 9-1: config 0 descriptor?? [ 131.791234][ T8488] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 131.931685][ T8515] netlink: 212892 bytes leftover after parsing attributes in process `syz.1.1036'. [ 132.041414][ T6191] iowarrior 9-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 132.248984][ T6191] usb 9-1: USB disconnect, device number 6 [ 132.324114][ T8536] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1046'. [ 132.341280][ T8538] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 4032 [ 132.700080][ T8571] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 132.860040][ T8583] ------------[ cut here ]------------ [ 132.866300][ T8583] intf 08:02:11:00:00:00 [link=0]: bad STA 08:02:11:00:00:01 bandwidth 20 MHz (0) > channel config 5 MHz (6) [ 132.871806][ T8583] WARNING: drivers/net/wireless/virtual/mac80211_hwsim.c:2693 at mac80211_hwsim_sta_rc_update+0x5e4/0x850, CPU#1: syz.1.1066/8583 [ 132.877803][ T8583] Modules linked in: [ 132.880282][ T8583] CPU: 1 UID: 0 PID: 8583 Comm: syz.1.1066 Not tainted syzkaller #0 PREEMPT(full) [ 132.884624][ T8583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 132.889188][ T8583] RIP: 0010:mac80211_hwsim_sta_rc_update+0x607/0x850 [ 132.889320][ T8579] kvm: kvm [8578]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 132.892846][ T8583] Code: 48 8d 3d bc a4 ab 09 48 8b 4c 24 10 48 8b 44 24 20 89 da 44 8b 89 b8 01 00 00 41 54 48 8d b0 72 05 00 00 41 55 44 8b 44 24 14 <67> 48 0f b9 3a 58 5a e9 39 fc ff ff e8 88 54 d6 fa e8 13 b0 8f 04 [ 132.897738][ T8579] kvm: kvm [8578]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 132.905629][ T8583] RSP: 0018:ffffc900032a7148 EFLAGS: 00010246 [ 132.912633][ T8583] RAX: ffff888033de2a60 RBX: 0000000000000000 RCX: ffff888054fa0ec0 [ 132.917262][ T8583] RDX: 0000000000000000 RSI: ffff888033de2fd2 RDI: ffffffff90944bd0 [ 132.921235][ T8583] RBP: dffffc0000000000 R08: 0000000000000014 R09: 0000000000000000 [ 132.925276][ T8583] R10: 0000000000000006 R11: ffff88805bf68b30 R12: 0000000000000006 [ 132.928961][ T8583] R13: 0000000000000005 R14: ffff888054fa1088 R15: ffff88803b163100 [ 132.932843][ T8583] FS: 00007f2d73ac46c0(0000) GS:ffff8880d69f4000(0000) knlGS:0000000000000000 [ 132.936802][ T8583] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.939334][ T8583] CR2: 000000110c367f07 CR3: 000000005bb2c000 CR4: 0000000000352ef0 [ 132.942748][ T8583] Call Trace: [ 132.944214][ T8583] [ 132.945535][ T8583] mac80211_hwsim_sta_add+0xc9/0x290 [ 132.947709][ T8583] ? __pfx_mac80211_hwsim_sta_add+0x10/0x10 [ 132.950443][ T8583] drv_sta_state+0x90d/0x17c0 [ 132.952563][ T8583] sta_info_insert_rcu+0x121b/0x3070 [ 132.954898][ T8583] sta_info_insert+0x16/0xd0 [ 132.956970][ T8583] ieee80211_add_station+0x46d/0x6c0 [ 132.959539][ T8583] nl80211_new_station+0x14ed/0x1c60 [ 132.962248][ T8583] ? __rtnl_unlock+0x68/0xf0 [ 132.964161][ T8583] ? __pfx_nl80211_new_station+0x10/0x10 [ 132.966631][ T8583] ? nl80211_pre_doit+0x1b0/0xb10 [ 132.969306][ T8583] genl_family_rcv_msg_doit+0x209/0x2f0 [ 132.972006][ T8583] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 132.975368][ T8583] ? bpf_lsm_capable+0x9/0x10 [ 132.977347][ T8583] ? security_capable+0x7e/0x260 [ 132.980064][ T8583] ? ns_capable+0xd7/0x110 [ 132.981924][ T8583] genl_rcv_msg+0x55c/0x800 [ 132.984066][ T8583] ? __pfx_genl_rcv_msg+0x10/0x10 [ 132.986771][ T8583] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 132.989769][ T8583] ? __pfx_nl80211_new_station+0x10/0x10 [ 132.992658][ T8583] ? __pfx_nl80211_post_doit+0x10/0x10 [ 132.995586][ T8583] netlink_rcv_skb+0x158/0x420 [ 133.005883][ T8583] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.008087][ T8583] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 133.010504][ T8583] ? netlink_deliver_tap+0x1ae/0xd30 [ 133.012787][ T8583] genl_rcv+0x28/0x40 [ 133.014437][ T8583] netlink_unicast+0x5aa/0x870 [ 133.016538][ T8583] ? __pfx_netlink_unicast+0x10/0x10 [ 133.018861][ T8583] netlink_sendmsg+0x8c8/0xdd0 [ 133.021052][ T8583] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.023320][ T8583] ____sys_sendmsg+0xa5d/0xc30 [ 133.025705][ T8583] ? copy_msghdr_from_user+0x10a/0x160 [ 133.028138][ T8583] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.030601][ T8583] ? __pfx_futex_wake_mark+0x10/0x10 [ 133.032860][ T8583] ___sys_sendmsg+0x134/0x1d0 [ 133.034921][ T8583] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.037169][ T8583] ? futex_private_hash_put+0x160/0x1b0 [ 133.039659][ T8583] __sys_sendmsg+0x16d/0x220 [ 133.041467][ T8583] ? __pfx___sys_sendmsg+0x10/0x10 [ 133.043677][ T8583] ? __x64_sys_futex+0x1e0/0x4c0 [ 133.045990][ T8583] do_syscall_64+0xcd/0xf80 [ 133.048060][ T8583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.050569][ T8583] RIP: 0033:0x7f2d72b8f7c9 [ 133.052464][ T8583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.060707][ T8583] RSP: 002b:00007f2d73ac4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 133.064233][ T8583] RAX: ffffffffffffffda RBX: 00007f2d72de5fa0 RCX: 00007f2d72b8f7c9 [ 133.067754][ T8583] RDX: 0000000000008050 RSI: 0000200000007380 RDI: 0000000000000005 [ 133.070772][ T8583] RBP: 00007f2d72c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 133.073744][ T8583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.077107][ T8583] R13: 00007f2d72de6038 R14: 00007f2d72de5fa0 R15: 00007ffeea6d44b8 [ 133.080415][ T8583] [ 133.081757][ T8583] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 133.084723][ T8583] CPU: 1 UID: 0 PID: 8583 Comm: syz.1.1066 Not tainted syzkaller #0 PREEMPT(full) [ 133.088873][ T8583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.093710][ T8583] Call Trace: [ 133.095231][ T8583] [ 133.096580][ T8583] dump_stack_lvl+0x3d/0x1f0 [ 133.098566][ T8583] vpanic+0x640/0x6f0 [ 133.100347][ T8583] ? mac80211_hwsim_sta_rc_update+0x5e4/0x850 [ 133.102834][ T8583] panic+0xca/0xd0 [ 133.104533][ T8583] ? __pfx_panic+0x10/0x10 [ 133.106445][ T8583] check_panic_on_warn+0xab/0xb0 [ 133.108681][ T8583] __warn+0x108/0x3c0 [ 133.110310][ T8583] __report_bug+0x2a0/0x520 [ 133.112207][ T8583] ? mac80211_hwsim_sta_rc_update+0x5e4/0x850 [ 133.116277][ T8583] ? __pfx___report_bug+0x10/0x10 [ 133.118396][ T8583] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 133.120661][ T8583] report_bug_entry+0xe1/0x290 [ 133.122468][ T8583] ? mac80211_hwsim_sta_rc_update+0x607/0x850 [ 133.125006][ T8583] handle_bug+0x18a/0x260 [ 133.126879][ T8583] exc_invalid_op+0x17/0x50 [ 133.128887][ T8583] asm_exc_invalid_op+0x1a/0x20 [ 133.130951][ T8583] RIP: 0010:mac80211_hwsim_sta_rc_update+0x607/0x850 [ 133.134506][ T8583] Code: 48 8d 3d bc a4 ab 09 48 8b 4c 24 10 48 8b 44 24 20 89 da 44 8b 89 b8 01 00 00 41 54 48 8d b0 72 05 00 00 41 55 44 8b 44 24 14 <67> 48 0f b9 3a 58 5a e9 39 fc ff ff e8 88 54 d6 fa e8 13 b0 8f 04 [ 133.142857][ T8583] RSP: 0018:ffffc900032a7148 EFLAGS: 00010246 [ 133.145650][ T8583] RAX: ffff888033de2a60 RBX: 0000000000000000 RCX: ffff888054fa0ec0 [ 133.149424][ T8583] RDX: 0000000000000000 RSI: ffff888033de2fd2 RDI: ffffffff90944bd0 [ 133.152629][ T8583] RBP: dffffc0000000000 R08: 0000000000000014 R09: 0000000000000000 [ 133.155888][ T8583] R10: 0000000000000006 R11: ffff88805bf68b30 R12: 0000000000000006 [ 133.159055][ T8583] R13: 0000000000000005 R14: ffff888054fa1088 R15: ffff88803b163100 [ 133.162501][ T8583] mac80211_hwsim_sta_add+0xc9/0x290 [ 133.164803][ T8583] ? __pfx_mac80211_hwsim_sta_add+0x10/0x10 [ 133.167362][ T8583] drv_sta_state+0x90d/0x17c0 [ 133.169405][ T8583] sta_info_insert_rcu+0x121b/0x3070 [ 133.171675][ T8583] sta_info_insert+0x16/0xd0 [ 133.173692][ T8583] ieee80211_add_station+0x46d/0x6c0 [ 133.177497][ T8583] nl80211_new_station+0x14ed/0x1c60 [ 133.179829][ T8583] ? __rtnl_unlock+0x68/0xf0 [ 133.182229][ T8583] ? __pfx_nl80211_new_station+0x10/0x10 [ 133.184944][ T8583] ? nl80211_pre_doit+0x1b0/0xb10 [ 133.187255][ T8583] genl_family_rcv_msg_doit+0x209/0x2f0 [ 133.189641][ T8583] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 133.192251][ T8583] ? bpf_lsm_capable+0x9/0x10 [ 133.194290][ T8583] ? security_capable+0x7e/0x260 [ 133.196509][ T8583] ? ns_capable+0xd7/0x110 [ 133.198429][ T8583] genl_rcv_msg+0x55c/0x800 [ 133.200208][ T8583] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.202237][ T8583] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 133.204442][ T8583] ? __pfx_nl80211_new_station+0x10/0x10 [ 133.206960][ T8583] ? __pfx_nl80211_post_doit+0x10/0x10 [ 133.209553][ T8583] netlink_rcv_skb+0x158/0x420 [ 133.211757][ T8583] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.214064][ T8583] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 133.216628][ T8583] ? netlink_deliver_tap+0x1ae/0xd30 [ 133.218849][ T8583] genl_rcv+0x28/0x40 [ 133.220556][ T8583] netlink_unicast+0x5aa/0x870 [ 133.222634][ T8583] ? __pfx_netlink_unicast+0x10/0x10 [ 133.224969][ T8583] netlink_sendmsg+0x8c8/0xdd0 [ 133.227016][ T8583] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.231780][ T8583] ____sys_sendmsg+0xa5d/0xc30 [ 133.233710][ T8583] ? copy_msghdr_from_user+0x10a/0x160 [ 133.235799][ T8583] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.237819][ T8583] ? __pfx_futex_wake_mark+0x10/0x10 [ 133.239798][ T8583] ___sys_sendmsg+0x134/0x1d0 [ 133.241536][ T8583] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.243427][ T8583] ? futex_private_hash_put+0x160/0x1b0 [ 133.245510][ T8583] __sys_sendmsg+0x16d/0x220 [ 133.247185][ T8583] ? __pfx___sys_sendmsg+0x10/0x10 [ 133.248932][ T8583] ? __x64_sys_futex+0x1e0/0x4c0 [ 133.250560][ T8583] do_syscall_64+0xcd/0xf80 [ 133.252118][ T8583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.254318][ T8583] RIP: 0033:0x7f2d72b8f7c9 [ 133.256024][ T8583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.262865][ T8583] RSP: 002b:00007f2d73ac4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 133.265802][ T8583] RAX: ffffffffffffffda RBX: 00007f2d72de5fa0 RCX: 00007f2d72b8f7c9 [ 133.268579][ T8583] RDX: 0000000000008050 RSI: 0000200000007380 RDI: 0000000000000005 [ 133.271087][ T8583] RBP: 00007f2d72c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 133.273642][ T8583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.276955][ T8583] R13: 00007f2d72de6038 R14: 00007f2d72de5fa0 R15: 00007ffeea6d44b8 [ 133.280416][ T8583] [ 133.282624][ T8583] Kernel Offset: disabled [ 133.284567][ T8583] Rebooting in 86400 seconds..