last executing test programs: 5m2.423948264s ago: executing program 1 (id=1450): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) chdir(&(0x7f0000000080)='./file0\x00') symlink(&(0x7f0000002080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) r4 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000005c0)={r5, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x24, 0x0, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0) 5m1.685281456s ago: executing program 1 (id=1453): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$isdn(0x22, 0x3, 0x3) pidfd_getfd(0xffffffffffffffff, r2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$dri(0x0, 0xd21, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2a18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000380)={0x401, 0x1, &(0x7f0000000240)=[r4], 0x0, &(0x7f00000000c0)=[0x0], &(0x7f0000000040), 0x0, 0x300}) mkdir(&(0x7f0000000200)='./file0\x00', 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) unlinkat(r5, &(0x7f0000000280)='./file0\x00', 0x200) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) 4m59.766919588s ago: executing program 1 (id=1458): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) ioctl$KVM_SET_PIT(r0, 0x8048ae66, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}}) 4m58.656585237s ago: executing program 1 (id=1463): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) chdir(&(0x7f0000000080)='./file0\x00') symlink(&(0x7f0000002080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) r4 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000005c0)={r5, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x24, 0x0, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0) 4m57.079776601s ago: executing program 1 (id=1467): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff0d}, 0x94) r1 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r1, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x200, @dev={0xfe, 0x80, '\x00', 0x26}, 0x1}}, 0x24) sendmsg$inet(r1, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={0x0, r0, 0x0, 0x417}, 0x18) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ntfs3\x00', 0x2208004, 0x0) 4m56.444123064s ago: executing program 1 (id=1469): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r2, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) sendmmsg(r2, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 4m56.151698691s ago: executing program 32 (id=1469): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r2, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) sendmmsg(r2, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 5.117737032s ago: executing program 0 (id=2542): r0 = syz_usb_connect(0x3, 0x3f, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x800) ioctl$FS_IOC_GETVERSION(r1, 0x5b01, 0x0) 3.943219264s ago: executing program 5 (id=2554): sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={0x0, 0x58}, 0x1, 0x0, 0x0, 0x8010}, 0x10) mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0) mlock2(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, 0x0, 0x0) bind$inet(r1, 0x0, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r2, 0x8910, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_mtu=0x6}) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) syz_open_procfs(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0) r3 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r4) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_open_procfs(r3, &(0x7f0000000580)='fd/3\x00') socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) 3.941518228s ago: executing program 3 (id=2555): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0xbe, &(0x7f0000000080)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0xfe, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x7, @local, @rand_addr=0x64010102, {[@cipso={0x86, 0x77, 0xffffffffffffffff, [{0x0, 0xc, "e256b28c59881681fb52"}, {0x0, 0x9, "020007651442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x2, 0x7, "cfa11cab1a"}, {0x0, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x0, 0xa, "6580a5e97612fe86"}, {0x0, 0x12, "73bc23f9ffffffa30900a301c8460000"}, {0x0, 0x12, "c8f46976e79ea788f03d9d3205927e3d"}]}, @cipso={0x86, 0x6, 0xffffffffffffffff}]}}}}}}}, 0x0) 3.572240142s ago: executing program 3 (id=2557): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x34, 0x0, 0x8, 0xc3612368133ec983, 0x0, 0x0, {0x7, 0x0, 0x5}, [@CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6558}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) 3.461963322s ago: executing program 4 (id=2558): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3, 0x0, 0x1e0000}, 0x18) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000b, 0x59033, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) 3.451577659s ago: executing program 3 (id=2560): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x21eae}}, 0x20}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r4) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r9, &(0x7f0000007380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x44, r7, 0xe096044a3fc9e6f1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0xfa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x200000d0}, 0x8050) sendmsg$kcm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010028b6296be141526b7e00000008000300", @ANYRES32=r11, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006000000"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) 3.391874177s ago: executing program 5 (id=2561): r0 = socket(0x8, 0x0, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) accept4$vsock_stream(r0, 0x0, 0x0, 0x80400) listen(r1, 0x9) syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f54020", 0x14, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}, @local, {[], {{0xffff, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xffff, 0x0, 0x9}}}}}}}, 0x0) 3.088882308s ago: executing program 5 (id=2564): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0xa, 0x1, 0x106) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}}, 0x18) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x101, 0x70bd25, 0x100000, {0x0, 0x0, 0x74, r1, {0xa, 0x8}, {0x5, 0xfff3}, {0xfff1, 0x6}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x40}, 0xc4) 3.05543921s ago: executing program 2 (id=2565): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x30, r1, 0x1, 0x70bd28, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) 2.71061365s ago: executing program 2 (id=2566): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x7, 0x4, 0x8, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000001600), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_PORTS(r3, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r4, 0x1}, 0x1c}}, 0x0) 2.451594617s ago: executing program 4 (id=2567): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70) mknodat$loop(r0, 0x0, 0x400, 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') unlink(&(0x7f0000000040)='./file1\x00') open(&(0x7f0000000200)='./bus\x00', 0x1612c2, 0x0) 2.382592912s ago: executing program 4 (id=2568): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x2000002, 0xe, 0x20, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.931952969s ago: executing program 0 (id=2569): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x580, @dev={0xac, 0x14, 0x14, 0xc}}}) 1.803199374s ago: executing program 2 (id=2570): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f00000000c0)=@ethtool_sset_info={0x37, 0x7, 0x4}}) 1.66440765s ago: executing program 4 (id=2571): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000002c0)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x104, 0x8, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0) unshare(0x22020600) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="300000001600000328bd7000ffffff25021804fe", @ANYRES32=r3, @ANYBLOB="080008000000000008000900f7ffffff08000a0002000000"], 0x30}, 0x1, 0x0, 0x0, 0x44801}, 0x0) r4 = socket$inet(0x2, 0x2, 0x4000000a) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000080)='H', 0x1}], 0x1}, 0x0) bind$bt_hci(r6, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r6, &(0x7f0000000080)=ANY=[], 0x6) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r5, &(0x7f0000000380)=ANY=[@ANYBLOB="001c86dd0700100000001400000060ec97000fc804f9fe80000000"], 0xffe) sendmmsg$inet(r4, 0x0, 0x0, 0x4040880) r7 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00') sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_FD={0x8, 0x1c, r7}]}, 0x3c}}, 0x40090) socket$inet_tcp(0x2, 0x1, 0x0) r8 = bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000014c0)={r8}, 0x4) 1.216195675s ago: executing program 2 (id=2572): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x5c}}, 0x80) 1.215966836s ago: executing program 0 (id=2573): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x5bbc}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) mkdir(&(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00') 1.204223719s ago: executing program 3 (id=2574): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000008c0)=r1, 0x4) sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, 0x0, 0x8004) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) 1.195626023s ago: executing program 2 (id=2575): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0, 0x10000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000080)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) 1.136312797s ago: executing program 5 (id=2576): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a3200000000140000001100"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c000340"], 0x60}}, 0x0) 1.107449687s ago: executing program 4 (id=2577): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) chdir(&(0x7f0000000080)='./file0\x00') symlink(&(0x7f0000002080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r5 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000005c0)={r6, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x24, 0x0, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0) 1.092912968s ago: executing program 0 (id=2578): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3, 0x0, 0x1e0000}, 0x18) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000b, 0x59033, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) 1.042993509s ago: executing program 5 (id=2579): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="01146e000000000000e76900000008000300", @ANYRES32=r1, @ANYBLOB="0800260094"], 0x30}}, 0x0) 147.607ms ago: executing program 3 (id=2580): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x31008003, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x85402, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x12, r3, 0x0) 119.127927ms ago: executing program 0 (id=2581): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x2000002, 0xe, 0x20, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 102.102557ms ago: executing program 2 (id=2582): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, 0x0, &(0x7f0000000200)) connect$inet6(0xffffffffffffffff, &(0x7f0000000a40)={0xa, 0x4e02, 0x7ffe, @remote, 0x9}, 0x1c) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 99.91008ms ago: executing program 4 (id=2583): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000280)={0x60, 0x2, 0x6, 0x201, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_DATA={0xb, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0xc8f0}, 0x0) 88.626496ms ago: executing program 5 (id=2584): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x4, &(0x7f0000000080)=0x49, 0x4) unshare(0x22020400) unshare(0x2c060000) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 1.601365ms ago: executing program 0 (id=2585): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x21eae}}, 0x20}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r4) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r9, &(0x7f0000007380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x44, r7, 0xe096044a3fc9e6f1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0xfa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x200000d0}, 0x8050) sendmsg$kcm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010028b6296be141526b7e00000008000300", @ANYRES32=r11, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006000000"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) 0s ago: executing program 3 (id=2586): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100ffffffff"}) kernel console output (not intermixed with test programs): 14609.112:549): avc: denied { read write } for pid=10792 comm="syz.0.1448" name="mouse0" dev="devtmpfs" ino=979 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 485.812355][ T30] audit: type=1400 audit(1753214609.112:550): avc: denied { open } for pid=10792 comm="syz.0.1448" path="/dev/input/mouse0" dev="devtmpfs" ino=979 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 485.872149][T10798] netlink: 'syz.1.1450': attribute type 1 has an invalid length. [ 485.939252][T10798] bond1: entered promiscuous mode [ 485.947120][T10798] 8021q: adding VLAN 0 to HW filter on device bond1 [ 486.018672][T10802] 8021q: adding VLAN 0 to HW filter on device bond1 [ 486.060392][T10802] bond1: (slave vcan2): The slave device specified does not support setting the MAC address [ 486.084806][T10802] bond1: (slave vcan2): Setting fail_over_mac to active for active-backup mode [ 486.394120][T10802] bond1: (slave vcan2): making interface the new active one [ 486.401989][T10802] vcan2: entered promiscuous mode [ 486.471009][T10802] bond1: (slave vcan2): Enslaving as an active interface with an up link [ 486.691309][T10810] 9pnet_fd: Insufficient options for proto=fd [ 487.274628][T10824] ntfs3(nullb0): Primary boot signature is not NTFS. [ 487.281483][T10824] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 489.241382][ T9] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 489.486426][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 489.506885][ T9] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 489.564825][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.591651][ T9] usb 3-1: Product: syz [ 489.595870][ T9] usb 3-1: Manufacturer: syz [ 489.600505][ T9] usb 3-1: SerialNumber: syz [ 489.626372][ T9] usb 3-1: config 0 descriptor?? [ 489.704059][T10841] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1460'. [ 489.722159][T10847] netlink: 'syz.1.1463': attribute type 1 has an invalid length. [ 490.583007][T10852] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 490.584231][ T9] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110 [ 490.625402][T10847] bond2: entered promiscuous mode [ 490.630813][T10847] 8021q: adding VLAN 0 to HW filter on device bond2 [ 490.646534][T10849] 8021q: adding VLAN 0 to HW filter on device bond2 [ 490.717963][T10849] bond2: (slave vcan3): The slave device specified does not support setting the MAC address [ 490.738376][T10849] bond2: (slave vcan3): Setting fail_over_mac to active for active-backup mode [ 490.803344][T10849] bond2: (slave vcan3): making interface the new active one [ 490.810948][T10849] vcan3: entered promiscuous mode [ 490.832972][T10849] bond2: (slave vcan3): Enslaving as an active interface with an up link [ 491.401259][ T9] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 491.742523][ T9] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 491.773376][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.785448][ T9] usb 5-1: config 0 descriptor?? [ 491.859761][ T8630] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.900890][ T8630] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 54004 - 0 [ 491.914541][ T8630] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 36049 - 0 [ 492.013594][ T9] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 492.064674][ T8630] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.100656][ T8630] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 54004 - 0 [ 492.120812][ T8630] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 36049 - 0 [ 492.165529][ T10] usb 3-1: USB disconnect, device number 41 [ 492.268990][ T9] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 492.309786][ T9] [drm] Initialized udl on minor 2 [ 492.609144][ T8630] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.640082][ T8630] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 54004 - 0 [ 492.653892][ T8630] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 36049 - 0 [ 492.852581][ T9] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 1 failed err ffffffb9 [ 493.062670][ T8630] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.121226][ T8630] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 54004 - 0 [ 493.389545][ T9] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 493.418033][ T10] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 493.436446][ T9] usb 5-1: USB disconnect, device number 40 [ 493.452142][ T10] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 493.452179][ T8630] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 36049 - 0 [ 494.360484][T10888] ceph: No mds server is up or the cluster is laggy [ 494.368076][ T10] libceph: connect (1)[c::]:6789 error -101 [ 494.381330][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 494.452322][T10896] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 494.464269][T10896] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 494.475031][T10896] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 494.493997][T10896] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 494.507088][T10896] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 494.624661][ T30] audit: type=1400 audit(1753214618.072:551): avc: denied { mounton } for pid=10895 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 494.799706][T10895] lo speed is unknown, defaulting to 1000 [ 494.813049][T10906] ntfs3(nullb0): Primary boot signature is not NTFS. [ 494.819990][T10906] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 495.267184][ T8630] bridge_slave_1: left allmulticast mode [ 495.274105][ T8630] bridge_slave_1: left promiscuous mode [ 495.285809][ T8630] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.385618][ T8630] bridge_slave_0: left allmulticast mode [ 495.400633][ T8630] bridge_slave_0: left promiscuous mode [ 495.419088][ T8630] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.491188][ T10] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 495.646541][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 495.665889][ T10] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 495.678602][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.705343][ T10] usb 3-1: Product: syz [ 495.720280][ T10] usb 3-1: Manufacturer: syz [ 495.782117][ T10] usb 3-1: SerialNumber: syz [ 495.984292][ T10] usb 3-1: config 0 descriptor?? [ 496.157124][ T8630]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 496.167363][ T8630]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 496.176982][ T8630]  (unregistering): Released all slaves [ 496.253242][ T8630] bond0 (unregistering): (slave vcan1): Releasing backup interface [ 496.261230][ T8630] vcan1: left promiscuous mode [ 496.267218][ T8630] bond0 (unregistering): Released all slaves [ 496.350106][ T8630] bond1 (unregistering): (slave vcan2): Releasing backup interface [ 496.358251][ T8630] vcan2: left promiscuous mode [ 496.364451][ T8630] bond1 (unregistering): Released all slaves [ 496.411522][ T10] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71 [ 496.432027][ T10] usb 3-1: USB disconnect, device number 42 [ 496.463730][ T8630] bond2 (unregistering): (slave vcan3): Releasing backup interface [ 496.472486][ T8630] vcan3: left promiscuous mode [ 496.479855][ T8630] bond2 (unregistering): Released all slaves [ 496.551449][ T5153] Bluetooth: hci0: command tx timeout [ 496.635370][ T8630] tipc: Disabling bearer [ 496.659360][ T8630] tipc: Left network mode [ 497.104056][T10932] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1486'. [ 497.619445][T10895] chnl_net:caif_netlink_parms(): no params data found [ 498.123991][ T10] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 498.308894][ T8630] mac80211_hwsim hwsim2 wlan0 (unregistering): left allmulticast mode [ 498.341655][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 498.355168][ T10] usb 5-1: config 0 has an invalid interface number: 2 but max is 0 [ 498.365510][ T10] usb 5-1: config 0 has no interface number 0 [ 498.374299][ T10] usb 5-1: config 0 interface 2 has no altsetting 0 [ 498.385067][ T10] usb 5-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 498.676485][ T5153] Bluetooth: hci0: command tx timeout [ 498.678661][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.792254][ T10] usb 5-1: Product: syz [ 498.817993][ T10] usb 5-1: Manufacturer: syz [ 498.823020][ T10] usb 5-1: SerialNumber: syz [ 498.831003][ T10] usb 5-1: config 0 descriptor?? [ 498.847968][ T8630] hsr_slave_0: left promiscuous mode [ 498.854354][ T8630] hsr_slave_1: left promiscuous mode [ 498.861010][ T8630] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 498.876319][ T8630] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 498.890336][ T8630] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 498.898149][ T8630] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 498.935165][ T8630] veth1_macvtap: left promiscuous mode [ 498.945311][ T8630] veth0_macvtap: left promiscuous mode [ 498.952712][ T8630] veth1_vlan: left promiscuous mode [ 498.964054][ T8630] veth0_vlan: left promiscuous mode [ 499.409936][ T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 499.764190][ T10] usb 5-1: invalid MIDI in EP 0 [ 499.921137][T10973] syz.0.1498: attempt to access beyond end of device [ 499.921137][T10973] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 499.935175][T10973] (syz.0.1498,10973,0):ocfs2_get_sector:1714 ERROR: status = -5 [ 499.943096][T10973] (syz.0.1498,10973,0):ocfs2_sb_probe:753 ERROR: status = -5 [ 499.950583][T10973] (syz.0.1498,10973,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 499.959552][T10973] (syz.0.1498,10973,0):ocfs2_fill_super:1177 ERROR: status = -5 [ 500.097029][ T10] snd-usb-audio 5-1:0.2: probe with driver snd-usb-audio failed with error -22 [ 500.246556][ T10] usb 5-1: USB disconnect, device number 41 [ 500.264985][ T5847] udevd[5847]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 500.586806][T10978] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 500.711515][ T5153] Bluetooth: hci0: command tx timeout [ 501.100059][ T8630] team0 (unregistering): Port device team_slave_1 removed [ 501.121302][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.127588][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.178209][ T8630] team0 (unregistering): Port device team_slave_0 removed [ 501.737110][T10895] bridge0: port 1(bridge_slave_0) entered blocking state [ 501.768861][T10895] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.780905][T10895] bridge_slave_0: entered allmulticast mode [ 501.790158][T10895] bridge_slave_0: entered promiscuous mode [ 501.803763][T10895] bridge0: port 2(bridge_slave_1) entered blocking state [ 501.811062][T10895] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.819807][T10895] bridge_slave_1: entered allmulticast mode [ 501.844945][T10895] bridge_slave_1: entered promiscuous mode [ 502.026279][T10895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 502.202880][T10895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 502.218643][T11006] No control pipe specified [ 502.575069][ T8630] IPVS: stop unused estimator thread 0... [ 502.597328][T10895] team0: Port device team_slave_0 added [ 502.625052][T10895] team0: Port device team_slave_1 added [ 502.791151][ T5153] Bluetooth: hci0: command 0x0419 tx timeout [ 502.820309][T10895] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 502.828740][T10895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 502.858433][T10895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 502.886043][T10895] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 502.893219][T10895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.058771][T11014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1511'. [ 503.071422][ T24] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 503.091120][T10895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 503.241255][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 503.247865][ T24] usb 5-1: config 0 has an invalid interface number: 2 but max is 0 [ 503.258188][ T24] usb 5-1: config 0 has no interface number 0 [ 503.278451][ T24] usb 5-1: config 0 interface 2 has no altsetting 0 [ 503.384424][ T24] usb 5-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 503.401715][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.430091][ T24] usb 5-1: Product: syz [ 503.434945][ T24] usb 5-1: Manufacturer: syz [ 503.439691][ T24] usb 5-1: SerialNumber: syz [ 503.477022][ T24] usb 5-1: config 0 descriptor?? [ 503.489100][T10895] hsr_slave_0: entered promiscuous mode [ 503.505938][T10895] hsr_slave_1: entered promiscuous mode [ 503.534454][T10895] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 503.542937][T10895] Cannot create hsr debugfs directory [ 503.591225][ T10] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 503.729050][ T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 503.884715][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 503.961749][ T10] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 503.993917][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.011860][ T10] usb 1-1: Product: syz [ 504.021229][ T10] usb 1-1: Manufacturer: syz [ 504.026149][ T10] usb 1-1: SerialNumber: syz [ 504.036693][ T10] usb 1-1: config 0 descriptor?? [ 504.046592][ T24] usb 5-1: invalid MIDI in EP 0 [ 504.158578][ T24] snd-usb-audio 5-1:0.2: probe with driver snd-usb-audio failed with error -22 [ 504.175176][ T24] usb 5-1: USB disconnect, device number 42 [ 504.175828][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 504.270190][T10895] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 504.284030][T10895] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 504.294645][T10895] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 504.304374][T10895] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 504.497145][ T10] dvb_usb_dtv5100 1-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71 [ 504.541301][ T10] usb 1-1: USB disconnect, device number 32 [ 504.637544][T10895] 8021q: adding VLAN 0 to HW filter on device bond0 [ 504.684986][T10895] 8021q: adding VLAN 0 to HW filter on device team0 [ 504.719799][ T9437] bridge0: port 1(bridge_slave_0) entered blocking state [ 504.727004][ T9437] bridge0: port 1(bridge_slave_0) entered forwarding state [ 504.775921][ T1162] bridge0: port 2(bridge_slave_1) entered blocking state [ 504.783145][ T1162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 504.890920][ T5153] Bluetooth: hci0: command 0x0419 tx timeout [ 505.754231][T11053] autofs: Bad value for 'fd' [ 505.886660][ T30] audit: type=1804 audit(1753214629.412:552): pid=11057 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.0.1520" name="/newroot/312/file1" dev="fuse" ino=1 res=1 errno=0 [ 506.093913][ T2146] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 506.230980][ T30] audit: type=1800 audit(1753214629.412:553): pid=11057 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.1520" name="/" dev="fuse" ino=1 res=0 errno=0 [ 506.306719][ T2146] usb 3-1: Using ep0 maxpacket: 16 [ 506.340569][ T2146] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 506.351331][ T30] audit: type=1800 audit(1753214629.412:554): pid=11051 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.1520" name="/" dev="fuse" ino=1 res=0 errno=0 [ 506.377624][ T2146] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 506.424757][ T2146] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 506.671393][ T2146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.684696][T10895] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 506.692807][ T2146] usb 3-1: config 0 descriptor?? [ 506.703782][ T2146] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 506.781199][ T1206] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 506.932849][ T1206] usb 1-1: Using ep0 maxpacket: 8 [ 506.946848][ T1206] usb 1-1: unable to get BOS descriptor or descriptor too short [ 506.967232][ T1206] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 506.986735][ T1206] usb 1-1: can't read configurations, error -71 [ 506.994619][T10895] veth0_vlan: entered promiscuous mode [ 507.004619][T10895] veth1_vlan: entered promiscuous mode [ 507.027754][T10895] veth0_macvtap: entered promiscuous mode [ 507.036531][T10895] veth1_macvtap: entered promiscuous mode [ 507.052706][T10895] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 507.093703][T10895] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 507.110693][T10895] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.119774][T10895] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.129124][T10895] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.138406][T10895] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.759937][ T9437] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 507.768291][ T9437] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 507.795822][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 507.804387][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 508.234495][ T5947] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 508.841886][ T5947] usb 5-1: Using ep0 maxpacket: 32 [ 508.848755][ T5947] usb 5-1: config 0 has an invalid interface number: 2 but max is 0 [ 508.859773][ T5947] usb 5-1: config 0 has no interface number 0 [ 508.866819][ T5947] usb 5-1: config 0 interface 2 has no altsetting 0 [ 508.953196][ T5947] usb 5-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 508.972437][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.980614][ T5947] usb 5-1: Product: syz [ 509.004739][ T5947] usb 5-1: Manufacturer: syz [ 509.434030][ T5947] usb 5-1: SerialNumber: syz [ 509.482568][ T5947] usb 5-1: config 0 descriptor?? [ 509.546679][ T43] usb 3-1: USB disconnect, device number 43 [ 509.828452][ T5947] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 509.865829][ T5947] usb 5-1: invalid MIDI out EP 0 [ 510.259955][T11110] autofs: Bad value for 'fd' [ 510.297825][T11103] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1533'. [ 510.313015][ T30] audit: type=1400 audit(1753214633.832:555): avc: denied { write } for pid=11101 comm="syz.2.1533" path="socket:[30552]" dev="sockfs" ino=30552 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 510.318650][ T5947] snd-usb-audio 5-1:0.2: probe with driver snd-usb-audio failed with error -22 [ 510.364185][T11103] syz.2.1533: attempt to access beyond end of device [ 510.364185][T11103] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 511.241669][ T5947] usb 5-1: USB disconnect, device number 43 [ 511.349884][T11123] netlink: 'syz.0.1539': attribute type 1 has an invalid length. [ 511.375758][T11123] bond3: entered promiscuous mode [ 511.381693][T11123] 8021q: adding VLAN 0 to HW filter on device bond3 [ 511.430801][ T5847] udevd[5847]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 511.518001][T11123] 8021q: adding VLAN 0 to HW filter on device bond3 [ 511.531519][T11123] bond3: (slave vcan3): The slave device specified does not support setting the MAC address [ 511.543061][T11123] bond3: (slave vcan3): Setting fail_over_mac to active for active-backup mode [ 511.564417][T11123] bond3: (slave vcan3): making interface the new active one [ 512.138217][T11123] vcan3: entered promiscuous mode [ 512.163680][T11123] bond3: (slave vcan3): Enslaving as an active interface with an up link [ 512.821213][ T1206] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 512.957040][T11142] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=11142 comm=syz.3.1544 [ 513.261209][ T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 513.487116][ T1206] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 513.663616][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 513.776018][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 513.791228][ T1206] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 513.803768][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 513.817887][ T1206] usb 5-1: config 220 has 2 interfaces, different from the descriptor's value: 3 [ 513.828016][ T1206] usb 5-1: config 220 has no interface number 1 [ 513.834876][ T10] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 513.871155][ T1206] usb 5-1: config 220 interface 0 has no altsetting 0 [ 513.888244][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.905662][ T1206] usb 5-1: config 220 interface 76 has no altsetting 0 [ 513.932388][ T10] usb 6-1: config 0 descriptor?? [ 513.937790][T11149] [U]  [ 513.945092][ T1206] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 513.961927][ T1206] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.972024][ T10] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 513.989911][ T1206] usb 5-1: Product: syz [ 513.994550][ T1206] usb 5-1: Manufacturer: syz [ 513.999162][ T1206] usb 5-1: SerialNumber: syz [ 514.396919][ T1206] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 514.406098][ T1206] usb 5-1: No valid video chain found. [ 514.430978][ T1206] usb 5-1: USB disconnect, device number 44 [ 514.538039][T11159] hfsplus: unable to find HFS+ superblock [ 514.583523][T11160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1551'. [ 514.918803][ T30] audit: type=1804 audit(1753214638.452:556): pid=11164 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.1552" name="/newroot/289/file1" dev="fuse" ino=1 res=1 errno=0 [ 514.992575][ T30] audit: type=1800 audit(1753214638.452:557): pid=11164 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.1552" name="/" dev="fuse" ino=1 res=0 errno=0 [ 515.026778][ T30] audit: type=1800 audit(1753214638.452:558): pid=11164 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.1552" name="/" dev="fuse" ino=1 res=0 errno=0 [ 515.130292][T11167] autofs: Bad value for 'fd' [ 515.150545][T11172] netlink: 'syz.0.1555': attribute type 1 has an invalid length. [ 515.177240][T11172] bond4: entered promiscuous mode [ 515.183490][T11172] 8021q: adding VLAN 0 to HW filter on device bond4 [ 515.527279][T11175] 8021q: adding VLAN 0 to HW filter on device bond4 [ 515.535684][T11175] bond4: (slave vcan4): The slave device specified does not support setting the MAC address [ 515.546471][T11175] bond4: (slave vcan4): Setting fail_over_mac to active for active-backup mode [ 515.594194][T11175] bond4: (slave vcan4): making interface the new active one [ 515.602868][T11175] vcan4: entered promiscuous mode [ 515.724283][T11175] bond4: (slave vcan4): Enslaving as an active interface with an up link [ 516.583750][ T10] usb 6-1: USB disconnect, device number 2 [ 516.870402][T11190] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11190 comm=syz.5.1558 [ 516.883169][T11190] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11190 comm=syz.5.1558 [ 517.856508][T11197] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=11197 comm=syz.2.1559 [ 518.357843][ T30] audit: type=1400 audit(1753214641.892:559): avc: denied { unmount } for pid=11200 comm="syz.4.1562" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 520.211755][T11232] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1570'. [ 520.600945][T11236] netlink: 452 bytes leftover after parsing attributes in process `syz.4.1574'. [ 524.192323][T11285] netlink: 452 bytes leftover after parsing attributes in process `syz.3.1587'. [ 524.282563][T11289] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11289 comm=syz.5.1588 [ 524.295512][T11289] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11289 comm=syz.5.1588 [ 524.391366][ T10] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 524.551272][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 524.562128][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 524.582307][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 524.602292][ T10] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 524.632560][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.659739][ T10] usb 3-1: config 0 descriptor?? [ 524.688036][T11292] fuse: Unknown parameter 'group_i00000000000000000000' [ 524.698575][ T30] audit: type=1800 audit(1753214648.232:560): pid=11292 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.1589" name="file1" dev="tmpfs" ino=1784 res=0 errno=0 [ 525.098804][T11303] netlink: 'syz.3.1592': attribute type 1 has an invalid length. [ 525.398479][ T10] ft260 0003:0403:6030.000F: chip code: 6424 8183 [ 525.443511][ T8630] Bluetooth: hci5: Frame reassembly failed (-84) [ 525.513183][ T8630] Bluetooth: hci5: Frame reassembly failed (-84) [ 525.542905][T11303] bond1: entered promiscuous mode [ 525.681526][T11313] Cannot find set identified by id 0 to match [ 525.870443][T11303] 8021q: adding VLAN 0 to HW filter on device bond1 [ 525.889674][ T10] usb 3-1: USB disconnect, device number 44 [ 526.105666][T11316] Cannot find set identified by id 0 to match [ 526.341363][T11308] 8021q: adding VLAN 0 to HW filter on device bond1 [ 526.371949][T11308] bond1: (slave vcan2): The slave device specified does not support setting the MAC address [ 526.431243][T11308] bond1: (slave vcan2): Setting fail_over_mac to active for active-backup mode [ 526.489839][T11308] bond1: (slave vcan2): making interface the new active one [ 526.536075][T11308] vcan2: entered promiscuous mode [ 526.567173][T11308] bond1: (slave vcan2): Enslaving as an active interface with an up link [ 527.768932][ T5153] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 528.429712][T11347] netlink: 452 bytes leftover after parsing attributes in process `syz.2.1603'. [ 529.284527][T11357] netlink: 'syz.0.1608': attribute type 1 has an invalid length. [ 529.336450][T11357] bond5: entered promiscuous mode [ 529.341980][T11357] 8021q: adding VLAN 0 to HW filter on device bond5 [ 529.436366][T11357] 8021q: adding VLAN 0 to HW filter on device bond5 [ 529.482252][T11357] bond5: (slave vcan5): The slave device specified does not support setting the MAC address [ 529.543765][T11357] bond5: (slave vcan5): Setting fail_over_mac to active for active-backup mode [ 529.556487][T11357] bond5: (slave vcan5): making interface the new active one [ 529.563886][T11357] vcan5: entered promiscuous mode [ 529.574462][T11357] bond5: (slave vcan5): Enslaving as an active interface with an up link [ 530.941204][ T30] audit: type=1400 audit(1753214654.442:561): avc: denied { listen } for pid=11370 comm="syz.5.1612" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 532.000797][ T30] audit: type=1400 audit(1753214654.452:562): avc: denied { accept } for pid=11370 comm="syz.5.1612" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 532.331440][ T5947] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 532.548168][ T5947] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 532.627669][ T5947] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 532.742420][ T5947] usb 6-1: config 220 has 2 interfaces, different from the descriptor's value: 3 [ 532.767593][ T5947] usb 6-1: config 220 has no interface number 1 [ 532.782162][ T5947] usb 6-1: config 220 interface 0 has no altsetting 0 [ 532.790589][T11400] netlink: 452 bytes leftover after parsing attributes in process `syz.4.1619'. [ 532.795148][ T5947] usb 6-1: config 220 interface 76 has no altsetting 0 [ 532.859035][ T5947] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 532.869966][ T5947] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.881693][ T5947] usb 6-1: Product: syz [ 533.158679][ T5947] usb 6-1: Manufacturer: syz [ 533.168629][ T5947] usb 6-1: SerialNumber: syz [ 533.388204][ T5947] usb 6-1: Found UVC 7.01 device syz (8086:0b07) [ 533.413839][ T5947] usb 6-1: No valid video chain found. [ 533.448607][ T5947] usb 6-1: USB disconnect, device number 3 [ 533.471746][ T24] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 533.635215][ T24] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 533.646555][ T24] usb 1-1: config 0 interface 0 has no altsetting 0 [ 533.656587][ T24] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 533.666602][ T24] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 533.682243][ T24] usb 1-1: Product: syz [ 533.686408][ T24] usb 1-1: Manufacturer: syz [ 533.710243][ T24] usb 1-1: SerialNumber: syz [ 533.732654][ T24] usb 1-1: config 0 descriptor?? [ 533.757302][ T24] usb 1-1: selecting invalid altsetting 0 [ 534.035402][ T5878] usb 1-1: USB disconnect, device number 35 [ 536.467727][T11445] autofs: Unknown parameter '00000000000000000000' [ 536.842955][T11449] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1633'. [ 537.692425][ T10] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 538.682747][ T10] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 538.801769][ T10] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 538.817083][ T10] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 538.828667][ T10] usb 5-1: config 220 has no interface number 2 [ 538.835146][ T10] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 538.848433][ T10] usb 5-1: config 220 interface 0 has no altsetting 0 [ 538.855394][ T10] usb 5-1: config 220 interface 76 has no altsetting 0 [ 538.862452][ T10] usb 5-1: config 220 interface 1 has no altsetting 0 [ 538.906609][ T10] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 538.937482][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.980918][ T10] usb 5-1: Product: syz [ 539.034269][ T10] usb 5-1: Manufacturer: syz [ 539.079423][ T10] usb 5-1: SerialNumber: syz [ 539.104917][T11468] fuse: Bad value for 'user_id' [ 539.129791][T11468] fuse: Bad value for 'user_id' [ 539.271905][ T30] audit: type=1800 audit(1753214662.722:563): pid=11468 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.1638" name="file1" dev="tmpfs" ino=125 res=0 errno=0 [ 539.293591][ C0] vkms_vblank_simulate: vblank timer overrun [ 539.345720][ T10] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 539.361459][ T10] usb 5-1: No valid video chain found. [ 539.422546][ T10] usb 5-1: USB disconnect, device number 45 [ 539.493036][ T30] audit: type=1400 audit(1753214662.972:564): avc: denied { getopt } for pid=11469 comm="syz.3.1640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 540.035500][ T24] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 540.306502][T11482] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=11482 comm=syz.2.1642 [ 540.331398][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 540.340995][ T24] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 540.372786][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.404182][ T24] usb 1-1: Product: syz [ 540.412709][ T24] usb 1-1: Manufacturer: syz [ 540.428563][ T24] usb 1-1: SerialNumber: syz [ 540.455016][ T24] usb 1-1: config 0 descriptor?? [ 540.753925][T11489] netlink: 'syz.4.1644': attribute type 10 has an invalid length. [ 540.825078][ T24] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 541.797292][ T24] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 541.972517][T11496] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 542.008327][ T24] usb 1-1: USB disconnect, device number 36 [ 543.845656][T11509] fuse: Bad value for 'user_id' [ 543.866805][T11509] fuse: Bad value for 'user_id' [ 543.874283][ T30] audit: type=1800 audit(1753214667.412:565): pid=11509 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1652" name="file1" dev="tmpfs" ino=1858 res=0 errno=0 [ 544.084360][T11523] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11523 comm=syz.4.1653 [ 544.098008][T11523] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11523 comm=syz.4.1653 [ 544.847941][ T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 545.021869][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 545.096342][T11545] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=11545 comm=syz.4.1662 [ 545.097957][ T24] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 545.204413][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.222536][ T24] usb 6-1: Product: syz [ 545.226883][ T24] usb 6-1: Manufacturer: syz [ 545.247213][ T24] usb 6-1: SerialNumber: syz [ 545.297741][ T24] usb 6-1: config 0 descriptor?? [ 545.534906][ T24] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 545.831326][ T10] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 546.000598][T11552] fuse: Bad value for 'user_id' [ 546.006532][T11552] fuse: Bad value for 'user_id' [ 546.013635][ T10] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 546.033981][ T30] audit: type=1800 audit(1753214669.572:566): pid=11552 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1665" name="file1" dev="tmpfs" ino=1880 res=0 errno=0 [ 546.037851][ T10] usb 1-1: config 27 interface 0 altsetting 0 has a duplicate endpoint with address 0xB, skipping [ 546.070596][ T10] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 546.127752][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.157145][ T10] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 546.181590][ T10] usb 1-1: invalid MIDI out EP 0 [ 546.188295][ T24] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 546.208640][T11558] netlink: 'syz.4.1667': attribute type 1 has an invalid length. [ 546.230445][ T24] usb 6-1: USB disconnect, device number 4 [ 546.293140][T11558] bond0: entered promiscuous mode [ 546.298577][T11558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 546.337013][T11560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 546.349917][ T10] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 546.366333][T11560] bond0: (slave vcan1): The slave device specified does not support setting the MAC address [ 546.385619][T11560] bond0: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 546.427674][T11560] bond0: (slave vcan1): making interface the new active one [ 546.435469][T11560] vcan1: entered promiscuous mode [ 546.459074][T11560] bond0: (slave vcan1): Enslaving as an active interface with an up link [ 546.734352][ T10] usb 1-1: USB disconnect, device number 37 [ 546.779400][T11557] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1666'. [ 547.838603][ T30] audit: type=1400 audit(1753214671.362:567): avc: denied { bind } for pid=11582 comm="syz.2.1675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 547.894594][T11588] fuse: Bad value for 'fd' [ 547.911281][ T5878] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 547.955279][T11589] unsupported nlmsg_type 40 [ 547.976104][ T30] audit: type=1800 audit(1753214671.462:568): pid=11588 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.1677" name="file1" dev="tmpfs" ino=1850 res=0 errno=0 [ 548.141188][ T5878] usb 1-1: Using ep0 maxpacket: 16 [ 548.151799][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 548.171204][ T5878] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 548.184457][ T5878] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 548.193903][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.222013][ T5878] usb 1-1: config 0 descriptor?? [ 548.230234][ T5878] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 548.391904][T11599] netlink: 'syz.2.1681': attribute type 1 has an invalid length. [ 548.430292][T11599] bond1: entered promiscuous mode [ 548.449266][T11599] 8021q: adding VLAN 0 to HW filter on device bond1 [ 548.501141][T11599] 8021q: adding VLAN 0 to HW filter on device bond1 [ 548.508410][T11599] bond1: (slave vcan2): The slave device specified does not support setting the MAC address [ 548.519018][T11599] bond1: (slave vcan2): Setting fail_over_mac to active for active-backup mode [ 548.533775][T11599] bond1: (slave vcan2): making interface the new active one [ 548.741756][T11599] vcan2: entered promiscuous mode [ 548.867598][T11599] bond1: (slave vcan2): Enslaving as an active interface with an up link [ 549.777603][T11622] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1686'. [ 550.025486][T11628] xt_hashlimit: size too large, truncated to 1048576 [ 550.325486][T11631] fuse: Bad value for 'fd' [ 550.348061][ T30] audit: type=1800 audit(1753214673.882:569): pid=11631 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1689" name="file1" dev="tmpfs" ino=1917 res=0 errno=0 [ 550.727340][ T43] usb 1-1: USB disconnect, device number 38 [ 553.303476][ T30] audit: type=1400 audit(1753214676.842:570): avc: denied { unmount } for pid=5841 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 553.397991][T11663] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1699'. [ 554.251107][ T1206] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 554.401275][ T1206] usb 6-1: device descriptor read/64, error -71 [ 554.651137][ T1206] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 554.791240][ T1206] usb 6-1: device descriptor read/64, error -71 [ 554.959934][ T1206] usb usb6-port1: attempt power cycle [ 556.007786][ T1206] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 556.052011][ T1206] usb 6-1: device descriptor read/8, error -71 [ 556.531323][ T1206] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 556.667347][ T1206] usb 6-1: device descriptor read/8, error -71 [ 556.851919][ T1206] usb usb6-port1: unable to enumerate USB device [ 559.477392][T11723] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1719'. [ 559.804024][ T1206] IPVS: starting estimator thread 0... [ 559.901119][T11731] IPVS: using max 39 ests per chain, 93600 per kthread [ 562.558528][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.564950][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.984629][T11763] netlink: 452 bytes leftover after parsing attributes in process `syz.2.1727'. [ 565.132701][ T1206] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 565.802640][ T1206] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 565.811133][ T1206] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 565.835524][ T1206] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 565.863941][ T1206] usb 6-1: config 220 has no interface number 2 [ 565.891139][ T1206] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 565.911414][ T1206] usb 6-1: config 220 interface 0 has no altsetting 0 [ 565.920504][ T1206] usb 6-1: config 220 interface 76 has no altsetting 0 [ 565.936961][ T1206] usb 6-1: config 220 interface 1 has no altsetting 0 [ 565.955309][ T1206] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 566.055231][T11781] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=11781 comm=syz.4.1733 [ 566.313501][ T1206] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.321629][ T1206] usb 6-1: Product: syz [ 566.341042][ T1206] usb 6-1: Manufacturer: syz [ 566.352779][ T1206] usb 6-1: SerialNumber: syz [ 566.583348][ T1206] usb 6-1: Found UVC 7.01 device syz (8086:0b07) [ 566.592038][ T1206] usb 6-1: No valid video chain found. [ 566.677544][ T1206] usb 6-1: USB disconnect, device number 9 [ 569.763178][T11830] ntfs3(nullb0): Primary boot signature is not NTFS. [ 569.770022][T11830] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 570.585082][T11836] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1747'. [ 571.272723][T11841] fuse: Invalid rootmode [ 571.306511][ T30] audit: type=1800 audit(1753214694.832:571): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1750" name="file1" dev="tmpfs" ino=1970 res=0 errno=0 [ 571.311734][T11843] netlink: 'syz.4.1751': attribute type 1 has an invalid length. [ 571.508336][T11843] bond1: entered promiscuous mode [ 571.526018][T11843] 8021q: adding VLAN 0 to HW filter on device bond1 [ 571.622380][T11847] 8021q: adding VLAN 0 to HW filter on device bond1 [ 571.632490][T11847] bond1: (slave vcan2): The slave device specified does not support setting the MAC address [ 571.642659][T11847] bond1: (slave vcan2): Setting fail_over_mac to active for active-backup mode [ 571.686518][T11847] bond1: (slave vcan2): making interface the new active one [ 571.694043][T11847] vcan2: entered promiscuous mode [ 571.709991][T11847] bond1: (slave vcan2): Enslaving as an active interface with an up link [ 574.060563][T11875] syzkaller0: entered promiscuous mode [ 574.091675][T11875] syzkaller0: entered allmulticast mode [ 575.194790][T11887] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 577.743545][ T30] audit: type=1400 audit(1753214701.252:572): avc: denied { module_request } for pid=11913 comm="syz.3.1770" kmod="net-pf-10-proto-258-type-2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 577.776749][T11916] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11916 comm=syz.3.1770 [ 577.789675][T11916] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11916 comm=syz.3.1770 [ 577.943731][ T30] audit: type=1400 audit(1753214701.442:573): avc: denied { create } for pid=11917 comm="syz.2.1772" name="#3e" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 577.984488][ T30] audit: type=1400 audit(1753214701.532:574): avc: denied { link } for pid=11917 comm="syz.2.1772" name="#3e" dev="tmpfs" ino=1856 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 578.017001][ T30] audit: type=1400 audit(1753214701.532:575): avc: denied { rename } for pid=11917 comm="syz.2.1772" name="#3f" dev="tmpfs" ino=1856 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 578.726890][T11932] netlink: 'syz.3.1775': attribute type 1 has an invalid length. [ 579.430059][ T30] audit: type=1400 audit(1753214702.942:576): avc: denied { bind } for pid=11942 comm="syz.5.1778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 579.473267][T11941] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 579.497363][T11945] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1778'. [ 579.756602][T11948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1777'. [ 580.199459][T11944] 8021q: adding VLAN 0 to HW filter on device bond2 [ 580.207742][ T1162] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 581.228325][ T24] libceph: connect (1)[c::]:6789 error -101 [ 581.251235][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 581.581640][ T24] libceph: connect (1)[c::]:6789 error -101 [ 581.588402][T11955] ceph: No mds server is up or the cluster is laggy [ 581.614727][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 581.721229][T11967] hfsplus: unable to find HFS+ superblock [ 581.868681][T11972] binder: BINDER_SET_CONTEXT_MGR already set [ 581.875063][T11972] binder: 11969:11972 ioctl 4018620d 200000000040 returned -16 [ 581.911106][T11972] binder: 11969:11972 ioctl c0306201 200000000280 returned -14 [ 581.953303][T11972] binder: 11969:11972 ioctl 4068aea3 200000000480 returned -22 [ 582.064934][T11932] bond2 (unregistering): (slave ip6gretap1): Removing an active aggregator [ 582.090295][T11932] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface [ 582.174851][T11932] bond2 (unregistering): Released all slaves [ 582.366960][T11986] fuse: Bad value for 'rootmode' [ 582.377238][T11981] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1787'. [ 582.391616][ T30] audit: type=1800 audit(1753214705.922:577): pid=11986 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.1790" name="file1" dev="tmpfs" ino=2003 res=0 errno=0 [ 582.551181][ T24] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 582.657668][ T10] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 582.733580][ T24] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 582.820223][ T24] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 582.843742][ T24] usb 3-1: config 220 has no interface number 2 [ 582.861087][ T24] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 582.879276][ T24] usb 3-1: config 220 interface 0 has no altsetting 0 [ 582.882936][ T10] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 582.890437][ T24] usb 3-1: config 220 interface 76 has no altsetting 0 [ 582.910699][ T10] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 583.938365][ T24] usb 3-1: config 220 interface 1 has no altsetting 0 [ 583.953569][ T24] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 583.963409][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.971720][ T24] usb 3-1: Product: syz [ 583.976004][ T24] usb 3-1: Manufacturer: syz [ 583.980780][ T24] usb 3-1: SerialNumber: syz [ 583.982804][ T10] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 584.013620][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.083667][T11985] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 584.103224][ T10] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 584.179801][T12002] random: crng reseeded on system resumption [ 584.954585][ T24] usb 3-1: selecting invalid altsetting 0 [ 584.960757][ T24] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 584.967854][ T24] usb 3-1: No valid video chain found. [ 584.982469][ T24] usb 3-1: selecting invalid altsetting 0 [ 584.991145][ T24] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 585.003796][ T24] usb 3-1: USB disconnect, device number 45 [ 585.028640][ T10] usb 4-1: USB disconnect, device number 19 [ 585.205564][T12009] comedi comedi2: pcl724: I/O port conflict (0x10009e1,4) [ 585.298153][T12014] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 585.563504][ T1206] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 585.781567][ T1206] usb 1-1: Using ep0 maxpacket: 8 [ 585.788185][ T1206] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 585.798919][ T1206] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 585.812440][ T1206] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 585.845143][ T1206] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 585.889403][T12020] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1802'. [ 586.004391][ T1206] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 586.014779][ T1206] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.525782][ T30] audit: type=1400 audit(1753214709.732:578): avc: denied { create } for pid=12024 comm="syz.3.1804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 586.551382][ T1206] usb 1-1: usb_control_msg returned -32 [ 586.559229][ T1206] usbtmc 1-1:16.0: can't read capabilities [ 586.566379][T12010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 586.583582][T12010] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 586.626706][ T24] usb 1-1: USB disconnect, device number 39 [ 587.044529][T12037] netlink: 'syz.2.1807': attribute type 21 has an invalid length. [ 587.053367][T12037] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1807'. [ 587.114185][T12037] netlink: 'syz.2.1807': attribute type 21 has an invalid length. [ 587.122468][T12037] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1807'. [ 587.457535][T12042] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 587.469226][T12042] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 587.842290][T12043] random: crng reseeded on system resumption [ 588.792070][T12053] netlink: 'syz.3.1810': attribute type 1 has an invalid length. [ 588.844081][T12053] bond2: entered promiscuous mode [ 588.883352][T12053] 8021q: adding VLAN 0 to HW filter on device bond2 [ 588.933162][T12057] 8021q: adding VLAN 0 to HW filter on device bond2 [ 589.086050][T12057] bond2: (slave vcan3): The slave device specified does not support setting the MAC address [ 589.091099][ T24] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 589.151507][T12064] ntfs3(nullb0): Primary boot signature is not NTFS. [ 589.158646][T12064] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 589.621723][T12057] bond2: (slave vcan3): Setting fail_over_mac to active for active-backup mode [ 589.624147][T12053] overlayfs: failed to resolve './bus': -2 [ 589.665495][T12057] bond2: (slave vcan3): making interface the new active one [ 589.678168][T12057] vcan3: entered promiscuous mode [ 589.685380][T12057] bond2: (slave vcan3): Enslaving as an active interface with an up link [ 589.904714][ T24] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 589.981132][ T24] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 590.096538][ T24] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 590.118664][ T24] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 590.173382][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.220060][T12056] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 590.256420][ T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 591.037829][ T24] usb 1-1: USB disconnect, device number 40 [ 591.621096][ T1206] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 592.140456][ T30] audit: type=1400 audit(1753214715.292:579): avc: denied { create } for pid=12085 comm="syz.2.1822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 592.338049][T12091] sp0: Synchronizing with TNC [ 592.771751][ T1206] usb 6-1: Using ep0 maxpacket: 16 [ 593.140862][ T30] audit: type=1400 audit(1753214715.292:580): avc: denied { bind } for pid=12085 comm="syz.2.1822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 593.167201][ T1206] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 593.179881][ T1206] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 593.233735][ T1206] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 593.251199][ T1206] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 593.260348][ T1206] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.290395][ T1206] usb 6-1: config 0 descriptor?? [ 594.476057][ T1206] usbhid 6-1:0.0: can't add hid device: -71 [ 594.482062][ T1206] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 594.516426][ T1206] usb 6-1: USB disconnect, device number 10 [ 594.595305][ T43] libceph: connect (1)[c::]:6789 error -101 [ 594.602264][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 594.883029][ T24] libceph: connect (1)[c::]:6789 error -101 [ 594.889079][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 595.010247][ T43] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 595.386686][T12100] ceph: No mds server is up or the cluster is laggy [ 596.033002][T12111] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 597.196510][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 597.233537][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 597.354594][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 597.367942][ T43] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 597.381354][ T43] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 597.390413][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.447446][ T1206] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 597.986627][ T43] usb 4-1: config 0 descriptor?? [ 598.094954][ T1206] usb 1-1: Using ep0 maxpacket: 8 [ 598.144118][ T1206] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 598.148572][ T43] usb 4-1: can't set config #0, error -71 [ 598.157030][ T1206] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 598.321099][ T1206] usb 1-1: Product: syz [ 598.389593][ T1206] usb 1-1: Manufacturer: syz [ 598.396725][ T43] usb 4-1: USB disconnect, device number 20 [ 598.430071][ T1206] usb 1-1: SerialNumber: syz [ 598.453968][ T1206] usb 1-1: config 0 descriptor?? [ 598.648470][T12142] ntfs3(nullb0): Primary boot signature is not NTFS. [ 598.655803][T12142] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 599.339357][ T1206] usb 1-1: can't set config #0, error -71 [ 599.377530][ T1206] usb 1-1: USB disconnect, device number 41 [ 599.956849][ T5878] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 600.028238][T12157] netlink: 'syz.0.1842': attribute type 1 has an invalid length. [ 600.191156][ T5878] usb 5-1: Using ep0 maxpacket: 16 [ 600.199277][ T5878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 600.215229][ T5878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 600.233711][T12157] bond6: entered promiscuous mode [ 600.239608][ T5878] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 600.243174][T12163] overlayfs: failed to resolve './file1': -2 [ 600.252970][T12157] 8021q: adding VLAN 0 to HW filter on device bond6 [ 600.718199][ T5878] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 600.727358][ T5878] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.845055][ T5878] usb 5-1: config 0 descriptor?? [ 600.954952][T12164] 8021q: adding VLAN 0 to HW filter on device bond6 [ 600.967456][T12164] bond6: (slave vcan6): The slave device specified does not support setting the MAC address [ 600.977723][T12164] bond6: (slave vcan6): Setting fail_over_mac to active for active-backup mode [ 601.132441][T12164] bond6: (slave vcan6): making interface the new active one [ 601.155533][T12164] vcan6: entered promiscuous mode [ 601.176352][T12164] bond6: (slave vcan6): Enslaving as an active interface with an up link [ 601.569079][ T5878] usbhid 5-1:0.0: can't add hid device: -71 [ 601.576318][ T5878] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 601.661178][T12173] fuse: Unknown parameter '0x0000000000000003' [ 601.667542][ T5878] usb 5-1: USB disconnect, device number 46 [ 603.803031][T12194] fuse: Bad value for 'fd' [ 604.605001][T12203] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1855'. [ 605.107007][T12214] fuse: Unknown parameter '0x0000000000000003' [ 605.162879][ T30] audit: type=1800 audit(1753214728.702:581): pid=12216 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.1857" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 606.579334][T12237] fuse: Bad value for 'fd' [ 607.068642][T12248] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1869'. [ 607.275895][T12252] overlayfs: failed to resolve './file1': -2 [ 607.483648][T12258] random: crng reseeded on system resumption [ 610.208771][T12295] random: crng reseeded on system resumption [ 610.331052][T11100] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 611.159596][T11100] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 611.167492][T12300] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1888'. [ 611.170833][T11100] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 611.379571][T11100] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 611.402680][ T10] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 611.431611][T11100] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 611.440662][T11100] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.473739][T12290] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 611.484018][T11100] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 611.547053][T12305] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1890'. [ 611.563608][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 611.589665][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 611.624131][ T1206] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 611.641088][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 611.661156][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 611.691255][ T10] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 611.710577][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.721253][T11100] usb 3-1: USB disconnect, device number 46 [ 611.738708][ T10] usb 6-1: config 0 descriptor?? [ 611.811326][ T1206] usb 4-1: Using ep0 maxpacket: 8 [ 611.840464][ T1206] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 611.859182][ T1206] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 611.868441][ T1206] usb 4-1: Product: syz [ 611.873091][ T1206] usb 4-1: Manufacturer: syz [ 611.877712][ T1206] usb 4-1: SerialNumber: syz [ 611.891798][ T1206] usb 4-1: config 0 descriptor?? [ 612.300949][ T1206] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 612.364449][ T10] usbhid 6-1:0.0: can't add hid device: -71 [ 612.375780][ T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 612.399782][ T10] usb 6-1: USB disconnect, device number 11 [ 613.667780][ T1206] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 613.700381][ T1206] usb 4-1: USB disconnect, device number 21 [ 614.569226][T12342] fuse: Bad value for 'user_id' [ 614.614747][T12342] fuse: Bad value for 'user_id' [ 615.446736][ T1206] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 615.873194][ T1206] usb 5-1: Using ep0 maxpacket: 16 [ 615.884224][ T1206] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 615.911821][ T1206] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 616.033636][ T1206] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 616.052315][ T1206] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 616.061643][ T1206] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.475133][ T1206] usb 5-1: config 0 descriptor?? [ 617.457939][ T1206] usbhid 5-1:0.0: can't add hid device: -71 [ 617.465218][ T1206] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 617.492180][ T1206] usb 5-1: USB disconnect, device number 47 [ 618.163423][T12381] syz.4.1912: attempt to access beyond end of device [ 618.163423][T12381] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 618.176480][T12381] (syz.4.1912,12381,0):ocfs2_get_sector:1714 ERROR: status = -5 [ 618.558530][T12381] (syz.4.1912,12381,1):ocfs2_sb_probe:753 ERROR: status = -5 [ 618.616374][T12381] (syz.4.1912,12381,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 618.636608][T12381] (syz.4.1912,12381,0):ocfs2_fill_super:1177 ERROR: status = -5 [ 619.725511][T12397] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=12397 comm=syz.3.1917 [ 620.951179][ T5153] Bluetooth: hci0: command 0x0419 tx timeout [ 621.091115][ T24] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 621.382506][ T24] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 621.412032][ T24] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 622.257508][ T24] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 622.270582][ T24] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 622.280070][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.345927][ T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 622.357698][ T24] usb 1-1: invalid MIDI out EP 0 [ 622.423828][ T6103] udevd[6103]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 622.471882][ T24] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 622.577865][ T24] usb 1-1: USB disconnect, device number 42 [ 623.071191][T12434] ntfs3(nullb0): Primary boot signature is not NTFS. [ 623.079098][T12434] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 623.637760][T12442] sd 0:0:1:0: device reset [ 624.529163][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.549758][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.716486][ T30] audit: type=1804 audit(1753214749.252:582): pid=12464 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.4.1929" name="/newroot/404/file1" dev="fuse" ino=1 res=1 errno=0 [ 625.739317][ T30] audit: type=1800 audit(1753214749.252:583): pid=12464 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.1929" name="/" dev="fuse" ino=1 res=0 errno=0 [ 625.981380][ T30] audit: type=1800 audit(1753214749.252:584): pid=12464 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.1929" name="/" dev="fuse" ino=1 res=0 errno=0 [ 626.041118][ T9] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 626.224750][ T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 626.299046][ T9] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 626.394005][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.653070][ T9] usb 6-1: config 0 descriptor?? [ 626.886010][ T9] pwc: Askey VC010 type 2 USB webcam detected. [ 627.291328][ T9] pwc: recv_control_msg error -32 req 02 val 2b00 [ 627.304925][ T9] pwc: recv_control_msg error -32 req 02 val 2700 [ 627.322056][ T9] pwc: recv_control_msg error -32 req 02 val 2c00 [ 627.340776][ T9] pwc: recv_control_msg error -32 req 04 val 1000 [ 627.358731][ T9] pwc: recv_control_msg error -32 req 04 val 1300 [ 627.635150][ T9] pwc: recv_control_msg error -71 req 02 val 2000 [ 627.651469][ T9] pwc: recv_control_msg error -71 req 02 val 2100 [ 627.663790][ T9] pwc: recv_control_msg error -71 req 04 val 1500 [ 628.305386][ T9] pwc: recv_control_msg error -71 req 02 val 2500 [ 628.317813][ T9] pwc: recv_control_msg error -71 req 02 val 2400 [ 628.340015][ T9] pwc: recv_control_msg error -71 req 02 val 2600 [ 628.566699][T12483] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1942'. [ 628.579786][ T30] audit: type=1400 audit(1753214752.072:585): avc: denied { write } for pid=12480 comm="syz.2.1942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 628.652559][ T9] pwc: recv_control_msg error -71 req 02 val 2900 [ 628.659514][ T9] pwc: recv_control_msg error -71 req 02 val 2800 [ 628.671546][ T9] pwc: recv_control_msg error -71 req 04 val 1100 [ 628.678744][ T9] pwc: recv_control_msg error -71 req 04 val 1200 [ 628.768693][ T9] pwc: Registered as video103. [ 628.775470][ T9] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input34 [ 628.812569][ T9] usb 6-1: USB disconnect, device number 12 [ 630.774786][ T30] audit: type=1800 audit(1753214754.262:586): pid=12510 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.1950" name="bus" dev="overlay" ino=435 res=0 errno=0 [ 630.835285][T12512] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1949'. [ 631.314770][T12515] vlan2: entered promiscuous mode [ 631.351171][ T30] audit: type=1400 audit(1753214754.722:587): avc: denied { setopt } for pid=12513 comm="syz.4.1951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 631.374333][T12515] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 631.386652][T12515] vlan2: entered allmulticast mode [ 631.392113][T12515] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 631.827923][T12522] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1952'. [ 632.012055][ T30] audit: type=1400 audit(1753214755.552:588): avc: denied { watch } for pid=12513 comm="syz.4.1951" path="/411" dev="tmpfs" ino=2173 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 632.721247][T11100] usb 5-1: new full-speed USB device number 48 using dummy_hcd [ 632.882521][T11100] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12336, setting to 64 [ 632.895838][T11100] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 632.938067][T11100] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.990288][T11100] usb 5-1: config 0 descriptor?? [ 633.234715][T12537] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1957'. [ 633.499933][T11100] ath6kl: Failed to submit usb control message: -71 [ 633.523499][T11100] ath6kl: unable to send the bmi data to the device: -71 [ 633.547373][T11100] ath6kl: Unable to send get target info: -71 [ 633.566671][T11100] ath6kl: Failed to init ath6kl core: -71 [ 633.584735][T11100] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 633.600144][T12543] fuse: Bad value for 'fd' [ 633.642838][T11100] usb 5-1: USB disconnect, device number 48 [ 633.957677][T12547] ntfs3(nullb0): Primary boot signature is not NTFS. [ 633.965417][T12547] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 635.910082][T11100] libceph: connect (1)[c::]:6789 error -101 [ 636.292882][T11100] libceph: mon0 (1)[c::]:6789 connect error [ 636.594714][T11100] libceph: connect (1)[c::]:6789 error -101 [ 636.875376][T12576] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1967'. [ 636.884816][T12576] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073201722423) [ 636.895501][T12576] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647 [ 637.112067][T11100] libceph: mon0 (1)[c::]:6789 connect error [ 637.548953][T12564] ceph: No mds server is up or the cluster is laggy [ 637.703718][T12586] fuse: Bad value for 'fd' [ 638.195584][ T10] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 638.355036][ T30] audit: type=1800 audit(1753214761.902:589): pid=12599 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.1976" name="bus" dev="overlay" ino=2120 res=0 errno=0 [ 638.411609][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 638.422078][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 638.441758][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 638.525835][T12606] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=12606 comm=syz.3.1975 [ 638.538793][T12606] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=12606 comm=syz.3.1975 [ 638.609422][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 638.625332][ T10] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 638.636678][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.756103][ T10] usb 1-1: config 0 descriptor?? [ 639.217629][T12620] fuse: Bad value for 'fd' [ 639.379162][ T9] libceph: connect (1)[c::]:6789 error -101 [ 639.387901][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 639.398678][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 639.411150][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 639.433986][ T10] usb 1-1: USB disconnect, device number 43 [ 639.455954][ T30] audit: type=1400 audit(1753214763.002:590): avc: denied { read } for pid=12621 comm="syz.5.1981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 639.507407][ T30] audit: type=1400 audit(1753214763.042:591): avc: denied { setopt } for pid=12621 comm="syz.5.1981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 639.681090][ T9] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 639.689590][ T1206] libceph: connect (1)[c::]:6789 error -101 [ 639.697970][ T1206] libceph: mon0 (1)[c::]:6789 connect error [ 639.843473][ T9] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 639.852131][ T9] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 639.862803][ T9] usb 5-1: config 220 has no interface number 2 [ 639.870558][ T9] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 639.885042][ T9] usb 5-1: config 220 interface 0 has no altsetting 0 [ 639.894747][ T9] usb 5-1: config 220 interface 76 has no altsetting 0 [ 639.911233][ T9] usb 5-1: config 220 interface 1 has no altsetting 0 [ 639.926253][ T9] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 639.955454][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.966625][ T9] usb 5-1: Product: syz [ 639.976631][ T9] usb 5-1: Manufacturer: syz [ 639.986344][ T9] usb 5-1: SerialNumber: syz [ 640.030786][T12619] ceph: No mds server is up or the cluster is laggy [ 640.179518][T12632] hfsplus: unable to find HFS+ superblock [ 640.221956][ T9] usb 5-1: selecting invalid altsetting 0 [ 640.228500][ T9] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 640.240381][ T9] usb 5-1: No valid video chain found. [ 640.270005][ T9] usb 5-1: selecting invalid altsetting 0 [ 640.276136][ T9] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 640.307612][ T9] usb 5-1: USB disconnect, device number 49 [ 640.682991][T12647] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 641.474507][T12654] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 642.209877][T12664] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=12664 comm=syz.3.1994 [ 642.224009][T12664] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=12664 comm=syz.3.1994 [ 643.231810][T12673] [U]  [ 643.901777][T12684] fuse: Unknown parameter '0x0000000000000004' [ 643.913251][ T30] audit: type=1800 audit(1753214767.452:592): pid=12684 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.2000" name="file1" dev="tmpfs" ino=2231 res=0 errno=0 [ 644.767397][T12693] overlayfs: failed to resolve './file0': -2 [ 644.835571][T12695] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2005'. [ 644.949947][ T30] audit: type=1804 audit(1753214768.462:593): pid=12700 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.2001" name="/newroot/393/file1" dev="fuse" ino=1 res=1 errno=0 [ 645.121178][ T30] audit: type=1800 audit(1753214768.462:594): pid=12700 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.2001" name="/" dev="fuse" ino=1 res=0 errno=0 [ 645.142946][ T30] audit: type=1800 audit(1753214768.462:595): pid=12692 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.2001" name="/" dev="fuse" ino=1 res=0 errno=0 [ 647.207711][T12721] [U]  [ 649.189617][T12741] fuse: Unknown parameter '0x0000000000000004' [ 649.209947][ T30] audit: type=1800 audit(1753214772.742:596): pid=12741 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.2015" name="file1" dev="tmpfs" ino=499 res=0 errno=0 [ 649.360901][T12747] sp0: Synchronizing with TNC [ 649.409089][ T1206] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 649.434946][T12746] [U] è [ 650.454570][ T1206] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 650.465835][ T1206] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 650.477594][ T1206] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 650.487935][ T1206] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 650.533181][ T1206] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.546556][T12739] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 650.557884][ T1206] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 650.578717][ T30] audit: type=1804 audit(1753214774.112:597): pid=12756 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.2021" name="/newroot/422/file1" dev="fuse" ino=1 res=1 errno=0 [ 650.693538][ T30] audit: type=1800 audit(1753214774.112:598): pid=12756 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2021" name="/" dev="fuse" ino=1 res=0 errno=0 [ 650.829912][ T30] audit: type=1800 audit(1753214774.112:599): pid=12755 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2021" name="/" dev="fuse" ino=1 res=0 errno=0 [ 651.231634][ T1206] usb 3-1: USB disconnect, device number 47 [ 651.250785][T12763] overlayfs: failed to resolve './file0': -2 [ 654.801200][T12797] openvswitch: netlink: Missing valid actions attribute. [ 655.107911][T12802] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2034'. [ 655.164991][T12797] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 655.174001][ T30] audit: type=1400 audit(1753214778.522:600): avc: denied { accept } for pid=12798 comm="syz.3.2034" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 657.591135][T12838] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2044'. [ 658.099778][ T1206] libceph: connect (1)[c::]:6789 error -101 [ 658.106651][ T1206] libceph: mon0 (1)[c::]:6789 connect error [ 658.515572][ T1206] libceph: connect (1)[c::]:6789 error -101 [ 658.555825][ T1206] libceph: mon0 (1)[c::]:6789 connect error [ 659.241394][T12841] ceph: No mds server is up or the cluster is laggy [ 659.566318][T12860] fuse: Unknown parameter '0x0000000000000003' [ 659.873208][T12868] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=12868 comm=syz.5.2052 [ 659.885949][T12868] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=12868 comm=syz.5.2052 [ 660.102983][ T9] libceph: connect (1)[c::]:6789 error -101 [ 660.786680][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 662.880134][T12891] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2058'. [ 663.241171][ T9] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 663.255253][T12899] random: crng reseeded on system resumption [ 663.451181][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 663.465321][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 663.599988][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 663.736849][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 663.979053][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 664.095721][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 664.134578][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.239812][T12910] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=12910 comm=syz.3.2064 [ 664.252489][T12910] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=12910 comm=syz.3.2064 [ 664.393487][ T9] usb 3-1: usb_control_msg returned -32 [ 664.410055][ T9] usbtmc 3-1:16.0: can't read capabilities [ 664.641220][ T24] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 664.796118][T12921] usbtmc 3-1:16.0: usb_control_msg returned -32 [ 664.816517][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 664.832404][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 664.839382][ T9] usb 3-1: USB disconnect, device number 48 [ 664.845879][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 664.860918][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 664.888094][ T24] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 664.899065][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.918665][ T24] usb 1-1: config 0 descriptor?? [ 665.560656][ T24] usbhid 1-1:0.0: can't add hid device: -71 [ 665.590368][ T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 665.760997][ T24] usb 1-1: USB disconnect, device number 44 [ 667.180250][ T43] libceph: connect (1)[c::]:6789 error -101 [ 667.191414][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 667.248066][T12952] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2077'. [ 667.361221][ T9] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 667.471472][ T24] libceph: connect (1)[c::]:6789 error -101 [ 667.477515][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 667.511352][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 667.526550][ T9] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 667.536596][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.549199][ T9] usb 1-1: Product: syz [ 667.554343][ T9] usb 1-1: Manufacturer: syz [ 667.559804][ T9] usb 1-1: SerialNumber: syz [ 667.570494][ T9] usb 1-1: config 0 descriptor?? [ 667.999303][T12948] ceph: No mds server is up or the cluster is laggy [ 668.107724][ T9] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 668.196481][ T43] libceph: connect (1)[c::]:6789 error -101 [ 668.202653][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 668.268797][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 668.289314][ T9] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 668.312790][ T9] usb 1-1: media controller created [ 668.355348][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 668.591714][ T9] zl10353_read_register: readreg error (reg=127, ret==0) [ 668.621487][ T9] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 668.646352][ T9] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 668.687109][ T9] usb 1-1: USB disconnect, device number 45 [ 669.212494][ T9] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 669.744653][ T30] audit: type=1804 audit(1753214793.272:601): pid=12981 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.4.2088" name="/newroot/445/file1" dev="fuse" ino=1 res=1 errno=0 [ 669.766727][ T30] audit: type=1800 audit(1753214793.272:602): pid=12981 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.2088" name="/" dev="fuse" ino=1 res=0 errno=0 [ 669.805376][ T30] audit: type=1800 audit(1753214793.272:603): pid=12981 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.2088" name="/" dev="fuse" ino=1 res=0 errno=0 [ 680.538385][T13073] ntfs3(nullb0): Primary boot signature is not NTFS. [ 680.648193][T13073] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 681.965006][T13087] random: crng reseeded on system resumption [ 682.061030][T13087] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2120'. [ 685.303695][T13119] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2131'. [ 685.438221][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.444620][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.497928][T13122] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 685.905436][T13128] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 687.665064][T13180] hfsplus: unable to find HFS+ superblock [ 687.953568][T13186] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=13186 comm=syz.4.2138 [ 690.207945][T13211] syz.3.2146: attempt to access beyond end of device [ 690.207945][T13211] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 690.220816][T13211] (syz.3.2146,13211,1):ocfs2_get_sector:1714 ERROR: status = -5 [ 690.228485][T13211] (syz.3.2146,13211,1):ocfs2_sb_probe:753 ERROR: status = -5 [ 690.235904][T13211] (syz.3.2146,13211,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 690.244639][T13211] (syz.3.2146,13211,1):ocfs2_fill_super:1177 ERROR: status = -5 [ 691.158093][T13215] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2148'. [ 692.703657][T13230] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2153'. [ 693.691024][ T9] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 695.270013][ T9] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 695.281824][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.821057][ T9] usb 3-1: Product: syz [ 695.881158][ T9] usb 3-1: Manufacturer: syz [ 695.885812][ T9] usb 3-1: SerialNumber: syz [ 695.950397][ T9] usb 3-1: config 0 descriptor?? [ 696.001140][ T9] usb 3-1: can't set config #0, error -71 [ 696.087732][ T9] usb 3-1: USB disconnect, device number 49 [ 696.385074][T13267] mmap: syz.0.2163 (13267) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 696.411169][ T30] audit: type=1400 audit(1753214819.942:604): avc: denied { read } for pid=13256 comm="syz.0.2163" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 697.185587][T13259] netlink: 'syz.3.2164': attribute type 8 has an invalid length. [ 698.761156][ T24] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 698.804654][T13298] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=13298 comm=syz.0.2174 [ 698.868394][ T30] audit: type=1800 audit(1753214822.402:605): pid=13300 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.2175" name="file1" dev="tmpfs" ino=2303 res=0 errno=0 [ 698.911398][ T43] usb 3-1: new full-speed USB device number 50 using dummy_hcd [ 698.921520][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 698.928739][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 698.948793][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 698.979374][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 699.000528][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 699.013925][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 699.023024][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 699.078543][ T43] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 699.688632][ T24] usb 5-1: usb_control_msg returned -32 [ 700.044768][ T43] usb 3-1: config 0 has no interface number 0 [ 700.050950][ T43] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 700.051721][ T24] usbtmc 5-1:16.0: can't read capabilities [ 700.066610][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.076966][ T43] usb 3-1: config 0 descriptor?? [ 700.086751][ T24] usb 5-1: USB disconnect, device number 50 [ 700.095931][ T43] usb 3-1: selecting invalid altsetting 1 [ 700.106951][ T43] dvb_ttusb_budget: ttusb_init_controller: error [ 700.153043][ T43] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 700.726966][ T43] DVB: Unable to find symbol cx22700_attach() [ 700.756593][T13322] fuse: Unknown parameter 'user_i00000000000000000000' [ 701.263682][T13314] blkio.reset_stats is deprecated [ 701.278465][ T43] DVB: Unable to find symbol tda10046_attach() [ 701.294036][ T30] audit: type=1400 audit(1753214824.802:606): avc: denied { shutdown } for pid=13310 comm="syz.5.2179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 701.314320][ T43] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 701.331154][ T43] usb 3-1: USB disconnect, device number 50 [ 702.020522][T13341] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 702.038503][T13341] batadv_slave_0: entered promiscuous mode [ 703.288303][T13359] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 703.411047][ T9] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 703.594490][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 703.604058][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 703.625005][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 703.639645][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 703.649890][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 703.665302][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 703.678429][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 703.910199][ T9] usb 3-1: usb_control_msg returned -32 [ 703.919172][ T9] usbtmc 3-1:16.0: can't read capabilities [ 703.942333][ T24] usb 6-1: new full-speed USB device number 13 using dummy_hcd [ 703.953874][ T9] usb 3-1: USB disconnect, device number 51 [ 704.125595][ T24] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 704.135209][ T24] usb 6-1: config 0 has no interface number 0 [ 704.142796][ T24] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 704.152601][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 704.223112][ T24] usb 6-1: config 0 descriptor?? [ 704.250443][ T24] usb 6-1: selecting invalid altsetting 1 [ 704.265783][ T24] dvb_ttusb_budget: ttusb_init_controller: error [ 704.300229][ T24] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 704.518168][T13373] sp0: Synchronizing with TNC [ 704.534647][T13373] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 705.283939][T13371] [U] è [ 705.441304][ T24] DVB: Unable to find symbol cx22700_attach() [ 705.836525][ T24] DVB: Unable to find symbol tda10046_attach() [ 705.892617][ T24] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 705.939048][ T24] usb 6-1: USB disconnect, device number 13 [ 708.451137][ T1206] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 708.621100][ T1206] usb 6-1: Using ep0 maxpacket: 8 [ 708.700244][ T1206] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 708.737014][ T1206] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 708.747361][ T1206] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 708.797767][ T1206] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 708.916126][ T1206] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 709.033611][ T1206] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 709.480913][ T1206] usb 6-1: usb_control_msg returned -32 [ 709.493517][ T1206] usbtmc 6-1:16.0: can't read capabilities [ 709.514262][ T1206] usb 6-1: USB disconnect, device number 14 [ 710.310659][T13433] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2213'. [ 710.765078][T13435] overlayfs: failed to resolve './file1': -2 [ 711.588737][ T1206] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 711.932920][ T1206] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 711.958128][ T1206] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 711.976746][ T1206] usb 1-1: config 220 has no interface number 2 [ 711.985441][ T1206] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 712.014805][ T1206] usb 1-1: config 220 interface 0 has no altsetting 0 [ 712.027972][ T1206] usb 1-1: config 220 interface 76 has no altsetting 0 [ 712.084189][ T1206] usb 1-1: config 220 interface 1 has no altsetting 0 [ 712.256519][ T1206] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 712.271161][ T1206] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 712.399248][ T1206] usb 1-1: Product: syz [ 712.413580][ T1206] usb 1-1: Manufacturer: syz [ 712.418219][ T1206] usb 1-1: SerialNumber: syz [ 712.522134][T13460] hfsplus: unable to find HFS+ superblock [ 712.642129][ T1206] usb 1-1: selecting invalid altsetting 0 [ 712.655406][ T1206] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 712.679673][ T1206] usb 1-1: No valid video chain found. [ 712.702727][ T1206] usb 1-1: selecting invalid altsetting 0 [ 712.721714][ T1206] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 712.794220][ T30] audit: type=1400 audit(1753214836.322:607): avc: denied { read append } for pid=13463 comm="syz.5.2225" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 712.886185][ T1206] usb 1-1: USB disconnect, device number 46 [ 712.935324][ T30] audit: type=1400 audit(1753214836.332:608): avc: denied { open } for pid=13463 comm="syz.5.2225" path="/132/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 712.957495][ C0] vkms_vblank_simulate: vblank timer overrun [ 713.073131][T13471] syz.3.2227: attempt to access beyond end of device [ 713.073131][T13471] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 713.087693][T13471] (syz.3.2227,13471,0):ocfs2_get_sector:1714 ERROR: status = -5 [ 713.095613][T13471] (syz.3.2227,13471,0):ocfs2_sb_probe:753 ERROR: status = -5 [ 713.103314][T13471] (syz.3.2227,13471,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 713.112166][T13471] (syz.3.2227,13471,0):ocfs2_fill_super:1177 ERROR: status = -5 [ 714.221689][T13488] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=13488 comm=syz.4.2232 [ 714.236587][T13488] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13488 comm=syz.4.2232 [ 715.147901][T13496] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2234'. [ 715.782958][T13506] lo speed is unknown, defaulting to 1000 [ 717.554260][T13530] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2245'. [ 718.055929][ T30] audit: type=1400 audit(1753214841.592:609): avc: denied { write } for pid=13535 comm="syz.3.2248" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 719.679231][T13550] [U]  [ 720.894308][T13573] overlayfs: failed to resolve './file0': -2 [ 722.417541][ T24] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 722.611201][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 722.720437][ T24] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 722.732399][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 722.740529][ T24] usb 5-1: Product: syz [ 722.745710][ T24] usb 5-1: Manufacturer: syz [ 722.750285][ T24] usb 5-1: SerialNumber: syz [ 722.760565][ T24] usb 5-1: config 0 descriptor?? [ 723.022122][ T30] audit: type=1804 audit(1753214846.502:610): pid=13595 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.2266" name="/newroot/476/file1" dev="fuse" ino=1 res=1 errno=0 [ 723.192481][ T30] audit: type=1800 audit(1753214846.502:611): pid=13595 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2266" name="/" dev="fuse" ino=1 res=0 errno=0 [ 723.225486][ T30] audit: type=1800 audit(1753214846.502:612): pid=13595 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2266" name="/" dev="fuse" ino=1 res=0 errno=0 [ 723.251272][ T24] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 723.371300][ T43] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 723.507628][ T24] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 723.581322][ T43] usb 3-1: Using ep0 maxpacket: 16 [ 723.638089][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 723.820353][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 723.979411][ T43] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 724.035141][ T43] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 724.105812][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 724.289229][ T43] usb 3-1: config 0 descriptor?? [ 724.789676][T13617] netlink: 'syz.3.2275': attribute type 1 has an invalid length. [ 724.921389][ T43] usbhid 3-1:0.0: can't add hid device: -71 [ 724.949198][ T43] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 725.030362][T13617] bond3: entered promiscuous mode [ 725.038342][T13617] 8021q: adding VLAN 0 to HW filter on device bond3 [ 725.360429][ T1206] usb 5-1: USB disconnect, device number 51 [ 725.389338][ T43] usb 3-1: USB disconnect, device number 52 [ 726.146964][T13641] overlayfs: failed to resolve './file0': -2 [ 727.266278][T13657] tipc: Started in network mode [ 727.281277][T13657] tipc: Node identity 12ee5f34574d, cluster identity 4711 [ 727.288629][T13657] tipc: Enabled bearer , priority 0 [ 727.362316][T13657] syzkaller0: entered promiscuous mode [ 727.427345][T13657] syzkaller0: entered allmulticast mode [ 727.588903][T13657] tipc: Resetting bearer [ 727.706452][T13656] tipc: Resetting bearer [ 727.873274][T13656] tipc: Disabling bearer [ 728.662872][ T30] audit: type=1400 audit(1753214852.192:613): avc: denied { write } for pid=13670 comm="syz.4.2290" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 729.331216][ T9] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 729.701227][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 729.765954][ T9] usb 1-1: config 2 has an invalid interface number: 32 but max is 1 [ 729.926940][ T9] usb 1-1: config 2 has no interface number 1 [ 729.952204][ T9] usb 1-1: config 2 interface 32 has no altsetting 0 [ 729.969041][ T9] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=65.11 [ 729.978654][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 729.992653][ T9] usb 1-1: Product: syz [ 729.997185][ T9] usb 1-1: Manufacturer: syz [ 730.006013][ T9] usb 1-1: SerialNumber: syz [ 730.421261][ T43] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 730.614912][ T43] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 730.737274][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 730.762581][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 730.778793][ T43] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 730.788217][ T9] usb 1-1: USB disconnect, device number 47 [ 730.794330][ T43] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 730.906265][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 730.924379][ T43] usb 5-1: config 0 descriptor?? [ 730.956745][ T5980] udevd[5980]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:2.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 731.077582][T13706] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2302'. [ 731.252551][ T1206] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 731.521173][ T1206] usb 3-1: Using ep0 maxpacket: 16 [ 732.044542][ T43] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 732.122872][ T1206] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 732.253884][ T1206] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 732.262057][ T1206] usb 3-1: Product: syz [ 732.266236][ T1206] usb 3-1: Manufacturer: syz [ 732.270844][ T1206] usb 3-1: SerialNumber: syz [ 732.304160][ T43] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 732.357593][ T1206] usb 3-1: config 0 descriptor?? [ 732.360431][ T43] usb 5-1: USB disconnect, device number 52 [ 732.474813][T13721] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2306'. [ 732.498694][T13719] fido_id[13719]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 732.791160][ T1206] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 732.878873][ T1206] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 732.976239][T13701] dtv5100: wlen = 0, aborting. [ 733.054465][ T1206] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 733.071811][ T1206] usb 3-1: media controller created [ 734.048338][ T1206] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 734.082052][T13735] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2311'. [ 734.165437][T13737] openvswitch: netlink: Flow key attr not present in new flow. [ 734.298332][ T1206] zl10353_read_register: readreg error (reg=127, ret==0) [ 734.306172][ T1206] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 734.321986][ T1206] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 734.381288][ T1206] usb 3-1: USB disconnect, device number 53 [ 734.522666][T13748] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=13748 comm=syz.0.2314 [ 734.535448][T13748] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13748 comm=syz.0.2314 [ 734.571937][ T1206] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 736.969567][T13767] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2317'. [ 737.449152][T13778] openvswitch: netlink: Flow key attr not present in new flow. [ 737.541121][ T10] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 737.680103][T13783] netlink: 452 bytes leftover after parsing attributes in process `syz.0.2323'. [ 737.711220][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 737.755155][ T10] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 737.869627][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 737.990425][ T10] usb 5-1: Product: syz [ 738.053108][ T10] usb 5-1: Manufacturer: syz [ 738.068528][ T10] usb 5-1: SerialNumber: syz [ 738.090577][ T10] usb 5-1: config 0 descriptor?? [ 738.251209][T13786] hfsplus: unable to find HFS+ superblock [ 738.440554][T13795] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=13795 comm=syz.5.2327 [ 738.454691][T13795] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13795 comm=syz.5.2327 [ 738.502734][T13798] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 738.517886][ T10] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 738.528010][T13798] bridge_slave_0: left allmulticast mode [ 738.535280][T13798] bridge_slave_0: left promiscuous mode [ 738.535567][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 738.541169][T13798] bridge0: port 1(bridge_slave_0) entered disabled state [ 738.563580][ T10] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 738.564903][T13798] bridge_slave_1: left allmulticast mode [ 738.577389][T13798] bridge_slave_1: left promiscuous mode [ 738.578046][ T10] usb 5-1: media controller created [ 738.584460][T13798] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.605403][T13798] bond0: (slave bond_slave_0): Releasing backup interface [ 738.607852][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 738.625081][T13798] bond_slave_0: left promiscuous mode [ 738.634222][T13800] netlink: 'syz.0.2330': attribute type 10 has an invalid length. [ 738.644838][T13798] bond0: (slave bond_slave_1): Releasing backup interface [ 738.653063][T13798] bond_slave_1: left promiscuous mode [ 738.674365][T13798] team0: Port device team_slave_0 removed [ 738.698100][T13798] team0: Port device team_slave_1 removed [ 738.705417][T13798] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 738.713634][T13798] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 738.737797][T13798] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 738.751144][T13798] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 738.778124][T13798] bond1: (slave vcan1): Releasing backup interface [ 738.788796][T13798] vcan1: left promiscuous mode [ 738.805643][T13798] bond2: (slave vcan2): Releasing backup interface [ 738.812665][T13798] vcan2: left promiscuous mode [ 738.823406][T13798] bond3: (slave vcan3): Releasing backup interface [ 738.830018][T13798] vcan3: left promiscuous mode [ 738.843278][T13798] bond4: (slave vcan4): Releasing backup interface [ 738.849953][T13798] vcan4: left promiscuous mode [ 738.859854][T13798] bond5: (slave vcan5): Releasing backup interface [ 738.866733][T13798] vcan5: left promiscuous mode [ 738.878090][T13798] bond6: (slave vcan6): Releasing backup interface [ 738.885198][T13798] vcan6: left promiscuous mode [ 738.895578][T11100] lo speed is unknown, defaulting to 1000 [ 738.967837][T13800] mac80211_hwsim hwsim6 wlan1: left allmulticast mode [ 738.982885][T13800] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode [ 738.997500][T13800] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 739.007585][T13810] fuse: Unknown parameter '0xffffffffffffffff' [ 739.165356][ T10] zl10353_read_register: readreg error (reg=127, ret==0) [ 739.175853][T13770] dtv5100: wlen = 0, aborting. [ 739.214317][ T10] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 739.358412][ T10] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 739.775593][ T10] usb 5-1: USB disconnect, device number 53 [ 739.927612][ T30] audit: type=1800 audit(1753214863.462:614): pid=13815 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.2335" name="file1" dev="tmpfs" ino=834 res=0 errno=0 [ 740.064528][ T10] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 742.020644][T13840] fuse: Unknown parameter '0x0000000000000003' [ 742.156525][T13849] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=13849 comm=syz.0.2345 [ 742.170213][T13849] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13849 comm=syz.0.2345 [ 742.283184][T13851] netlink: 'syz.3.2347': attribute type 1 has an invalid length. [ 742.385191][T13851] 8021q: adding VLAN 0 to HW filter on device bond4 [ 742.510317][T13855] bond4: (slave veth3): Enslaving as an active interface with a down link [ 742.511483][T13861] overlayfs: failed to resolve './file1': -2 [ 742.542599][T13858] vlan2: entered allmulticast mode [ 742.557174][T13858] veth1: entered allmulticast mode [ 742.569360][T13858] veth1: entered promiscuous mode [ 742.599452][T13858] veth1: left promiscuous mode [ 742.609812][T13858] bond4: (slave vlan2): making interface the new active one [ 742.629627][T13858] veth1: entered promiscuous mode [ 742.932048][T13858] vlan2: entered promiscuous mode [ 742.988712][T13858] bond4: (slave vlan2): Enslaving as an active interface with an up link [ 743.735474][T13866] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 743.745838][T13865] sp0: Synchronizing with TNC [ 743.908753][T13863] [U] è [ 745.925280][ T30] audit: type=1400 audit(1753214869.462:615): avc: denied { read } for pid=13876 comm="syz.0.2353" path="socket:[41008]" dev="sockfs" ino=41008 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 745.981693][T13848] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 746.709471][T13888] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 746.874568][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.881467][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.731791][T13909] fuse: Unknown parameter '0x0000000000000003' [ 748.061365][T11100] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 748.269844][T11100] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 748.315117][T11100] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 748.572752][T11100] usb 3-1: config 220 has no interface number 2 [ 748.631858][T11100] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 748.731276][T11100] usb 3-1: config 220 interface 0 has no altsetting 0 [ 748.760006][T11100] usb 3-1: config 220 interface 76 has no altsetting 0 [ 749.026803][T11100] usb 3-1: config 220 interface 1 has no altsetting 0 [ 749.381340][T11100] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 749.400615][T11100] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 749.452914][T11100] usb 3-1: Product: syz [ 749.495265][T13935] sp0: Synchronizing with TNC [ 749.505369][T13935] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 749.561312][T11100] usb 3-1: Manufacturer: syz [ 749.620383][T11100] usb 3-1: SerialNumber: syz [ 750.255093][T13932] [U] è [ 751.917596][T11100] usb 3-1: selecting invalid altsetting 0 [ 751.933769][T11100] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 751.948401][T11100] usb 3-1: No valid video chain found. [ 752.452748][T11100] usb 3-1: selecting invalid altsetting 0 [ 752.458530][T11100] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 752.485493][T11100] usb 3-1: USB disconnect, device number 54 [ 753.766950][ T10] usb 6-1: new full-speed USB device number 15 using dummy_hcd [ 755.282329][ T10] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 755.290401][ T10] usb 6-1: config 0 has no interface number 0 [ 755.311085][ T10] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 755.320176][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 755.393039][ T10] usb 6-1: config 0 descriptor?? [ 755.767491][T13977] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=13977 comm=syz.4.2384 [ 755.822087][ T10] usb 6-1: selecting invalid altsetting 1 [ 755.957683][ T10] dvb_ttusb_budget: ttusb_init_controller: error [ 756.065583][ T10] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 756.417043][T11100] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 756.606727][T13988] netdevsim0: mtu less than device minimum [ 756.636014][T11100] hid-generic 0000:0000:0000.0011: hidraw0: HID v0.00 Device [syz1] on syz0 [ 756.755780][ T10] DVB: Unable to find symbol cx22700_attach() [ 756.904227][T13998] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 756.927139][T13998] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 757.001518][T13999] sp0: Synchronizing with TNC [ 757.753645][T13996] [U] è [ 758.285915][ T10] DVB: Unable to find symbol tda10046_attach() [ 758.333078][ T10] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 758.540248][ T10] usb 6-1: USB disconnect, device number 15 [ 759.565864][ T30] audit: type=1800 audit(1753214883.082:616): pid=14017 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.2397" name="file1" dev="tmpfs" ino=2665 res=0 errno=0 [ 760.997640][T14026] syzkaller1: entered promiscuous mode [ 761.024891][T14026] syzkaller1: entered allmulticast mode [ 761.374460][T14036] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2404'. [ 761.461796][T14040] sp0: Synchronizing with TNC [ 762.212524][T14038] [U] è [ 763.841621][ T49] vlan2: left promiscuous mode [ 763.871974][T14062] netlink: 'syz.4.2412': attribute type 8 has an invalid length. [ 765.050532][T14081] overlayfs: missing 'lowerdir' [ 765.217917][ T24] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 765.441101][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 765.449730][ T24] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 765.459501][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.467899][ T24] usb 4-1: Product: syz [ 765.472484][ T24] usb 4-1: Manufacturer: syz [ 765.477180][ T24] usb 4-1: SerialNumber: syz [ 765.505165][ T24] usb 4-1: config 0 descriptor?? [ 765.967438][T14109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2429'. [ 765.983488][T14109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2429'. [ 765.999115][ T24] dvb_usb_rtl28xxu 4-1:0.0: chip type detection failed -71 [ 766.011473][ T24] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 766.022287][T14109] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 766.377560][ T24] usb 4-1: USB disconnect, device number 22 [ 766.573770][T14118] tipc: Enabled bearer , priority 0 [ 766.607905][T14118] syzkaller0: entered promiscuous mode [ 766.629173][T14118] syzkaller0: entered allmulticast mode [ 766.731216][T14118] tipc: Resetting bearer [ 766.834631][T14115] tipc: Resetting bearer [ 766.852166][T14115] tipc: Disabling bearer [ 766.957649][T14132] lo speed is unknown, defaulting to 1000 [ 767.082943][T14132] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2438'. [ 767.554554][T14149] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2443'. [ 767.867032][ T30] audit: type=1400 audit(1753214891.392:617): avc: denied { write } for pid=14150 comm="syz.0.2445" lport=38732 faddr=::ffff:100.1.1.4 fport=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 767.981054][ T30] audit: type=1400 audit(1753214891.392:618): avc: denied { setopt } for pid=14150 comm="syz.0.2445" lport=38732 faddr=::ffff:100.1.1.4 fport=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 768.354407][T14174] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2454'. [ 768.464139][ T24] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 769.042516][ T24] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 769.054072][ T24] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 769.164894][ T24] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 769.225746][ T24] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 769.235681][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 769.262728][T14166] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 769.289625][ T24] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 769.736162][ T24] usb 3-1: USB disconnect, device number 55 [ 769.799208][T14189] overlayfs: missing 'workdir' [ 770.036476][T14190] xt_connbytes: Forcing CT accounting to be enabled [ 770.059597][T14190] set match dimension is over the limit! [ 770.904756][T14224] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=14224 comm=syz.3.2466 [ 770.917504][T14224] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=14224 comm=syz.3.2466 [ 771.673461][T14237] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2473'. [ 771.907350][ T30] audit: type=1400 audit(1753214895.412:619): avc: denied { setopt } for pid=14238 comm="syz.2.2474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 772.752211][T14267] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2485'. [ 774.194846][T14289] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2490'. [ 775.608716][T14311] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 775.691027][ T43] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 776.391125][ T43] usb 1-1: Using ep0 maxpacket: 16 [ 776.407991][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 776.420101][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 776.490777][ T43] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 776.628323][ T43] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 776.676858][T14327] Illegal XDP return value 4294967294 on prog (id 406) dev N/A, expect packet loss! [ 776.755490][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 776.791071][ T5836] Bluetooth: hci0: command 0x0419 tx timeout [ 776.824813][ T43] usb 1-1: config 0 descriptor?? [ 776.893717][T14332] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2504'. [ 777.479473][ T43] usbhid 1-1:0.0: can't add hid device: -71 [ 777.653920][ T43] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 777.852203][ T43] usb 1-1: USB disconnect, device number 48 [ 779.326622][T14373] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=14373 comm=syz.0.2518 [ 779.340387][T14373] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=14373 comm=syz.0.2518 [ 781.035242][T14390] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 781.603865][T14400] hfsplus: unable to find HFS+ superblock [ 781.809127][T14409] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 781.818201][T14409] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 781.837433][ T30] audit: type=1400 audit(1753214905.372:620): avc: denied { ioctl } for pid=14406 comm="syz.4.2531" path="socket:[40882]" dev="sockfs" ino=40882 ioctlcmd=0x89fd scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 783.305431][T14447] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 783.342467][T14447] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 783.451064][T11100] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 783.599900][T11100] usb 1-1: device descriptor read/64, error -71 [ 783.881217][T11100] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 784.031264][T11100] usb 1-1: device descriptor read/64, error -71 [ 784.309935][T11100] usb usb1-port1: attempt power cycle [ 784.681042][T11100] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 784.752781][T11100] usb 1-1: device descriptor read/8, error -71 [ 784.896503][T14486] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 784.924364][T14488] bridge_slave_0: left allmulticast mode [ 784.930064][T14488] bridge_slave_0: left promiscuous mode [ 785.011145][T11100] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 785.045418][T14488] bridge0: port 1(bridge_slave_0) entered disabled state [ 785.093865][T11100] usb 1-1: device descriptor read/8, error -71 [ 785.209485][T14488] bridge_slave_1: left allmulticast mode [ 785.282478][T11100] usb usb1-port1: unable to enumerate USB device [ 785.295887][T14498] netlink: 'syz.3.2560': attribute type 10 has an invalid length. [ 785.439674][T14488] bridge_slave_1: left promiscuous mode [ 785.445543][T14488] bridge0: port 2(bridge_slave_1) entered disabled state [ 785.497320][T14488] : (slave bond_slave_0): Releasing backup interface [ 785.511367][T14488] : (slave bond_slave_1): Releasing backup interface [ 785.517248][T14501] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2564'. [ 786.505745][T14488] team0: Port device team_slave_0 removed [ 786.567757][T14488] team0: Port device team_slave_1 removed [ 786.585459][T14488] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 786.608260][T14488] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 786.665108][T14488] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 786.685707][T14518] Bluetooth: MGMT ver 1.23 [ 786.756064][T14488] bond0: (slave vcan1): Releasing backup interface [ 786.763944][T14488] vcan1: left promiscuous mode [ 786.773847][T14488] bond1: (slave vcan2): Releasing backup interface [ 786.780519][T14488] vcan2: left promiscuous mode [ 786.790774][T14488] bond2: (slave vcan3): Releasing backup interface [ 786.797607][T14488] vcan3: left promiscuous mode [ 786.806788][T14488] bond4: (slave veth3): Releasing active interface [ 786.814888][T14488] bond4: (slave veth3): the permanent HWaddr of slave - d2:2a:4d:d2:f1:f7 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 786.832453][T14488] vlan2: entered promiscuous mode [ 786.839826][T14488] bond4: (slave vlan2): Releasing active interface [ 786.846687][T14488] vlan2: left promiscuous mode [ 786.853009][T14488] veth1: left promiscuous mode [ 786.859123][T14498] mac80211_hwsim hwsim11 wlan1: left allmulticast mode [ 786.866495][T14498] wlan1: mtu less than device minimum [ 786.872256][T14498] : (slave wlan1): Error -22 calling dev_set_mtu [ 786.879641][T14503] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 786.892770][T14503] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 786.909247][ T30] audit: type=1400 audit(1753214910.452:621): avc: denied { firmware_load } for pid=14485 comm="syz.3.2560" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 786.921032][T14503] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 788.122363][T14540] fuse: Bad value for 'fd' [ 788.147206][ T30] audit: type=1800 audit(1753214911.672:622): pid=14540 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2580" name="file1" dev="tmpfs" ino=2874 res=0 errno=0 [ 788.257490][ T5827] ================================================================== [ 788.265595][ T5827] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x1d4/0x200 [ 788.274812][ T5827] Read of size 8 at addr ffff88802bb56558 by task syz-executor/5827 [ 788.282794][ T5827] [ 788.285127][ T5827] CPU: 1 UID: 0 PID: 5827 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 788.285152][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 788.285163][ T5827] Call Trace: [ 788.285169][ T5827] [ 788.285176][ T5827] dump_stack_lvl+0x116/0x1f0 [ 788.285209][ T5827] print_report+0xcd/0x610 [ 788.285227][ T5827] ? __virt_addr_valid+0x81/0x610 [ 788.285247][ T5827] ? __phys_addr+0xe8/0x180 [ 788.285267][ T5827] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 788.285288][ T5827] kasan_report+0xe0/0x110 [ 788.285305][ T5827] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 788.285329][ T5827] __list_del_entry_valid_or_report+0x1d4/0x200 [ 788.285349][ T5827] bt_accept_unlink+0x34/0x2e0 [ 788.285377][ T5827] l2cap_sock_teardown_cb+0x1a3/0x3c0 [ 788.285409][ T5827] l2cap_chan_del+0xba/0x8f0 [ 788.285432][ T5827] l2cap_conn_del+0x37a/0x730 [ 788.285455][ T5827] ? hci_cmd_sync_dequeue+0x191/0x1f0 [ 788.285476][ T5827] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 788.285498][ T5827] l2cap_disconn_cfm+0x96/0xd0 [ 788.285521][ T5827] hci_conn_hash_flush+0x10e/0x260 [ 788.285544][ T5827] hci_dev_close_sync+0x602/0x11d0 [ 788.285566][ T5827] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 788.285585][ T5827] ? up_write+0x1b2/0x520 [ 788.285606][ T5827] hci_dev_do_close+0x2e/0x90 [ 788.285624][ T5827] hci_unregister_dev+0x227/0x640 [ 788.285644][ T5827] ? __pfx_vhci_release+0x10/0x10 [ 788.285660][ T5827] vhci_release+0x79/0xf0 [ 788.285675][ T5827] __fput+0x3ff/0xb70 [ 788.285696][ T5827] task_work_run+0x14d/0x240 [ 788.285715][ T5827] ? __pfx_task_work_run+0x10/0x10 [ 788.285732][ T5827] ? switch_task_namespaces+0xeb/0x100 [ 788.285759][ T5827] do_exit+0x86c/0x2bd0 [ 788.285785][ T5827] ? do_raw_spin_lock+0x12c/0x2b0 [ 788.285804][ T5827] ? __pfx_do_exit+0x10/0x10 [ 788.285829][ T5827] ? rcu_is_watching+0x12/0xc0 [ 788.285852][ T5827] do_group_exit+0xd3/0x2a0 [ 788.285877][ T5827] __x64_sys_exit_group+0x3e/0x50 [ 788.285902][ T5827] x64_sys_call+0x1530/0x1730 [ 788.285921][ T5827] do_syscall_64+0xcd/0x4c0 [ 788.285939][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 788.285956][ T5827] RIP: 0033:0x7f2e2178e9a9 [ 788.285969][ T5827] Code: Unable to access opcode bytes at 0x7f2e2178e97f. [ 788.285977][ T5827] RSP: 002b:00007fff4e291e48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 788.285994][ T5827] RAX: ffffffffffffffda RBX: 00007f2e21810bc7 RCX: 00007f2e2178e9a9 [ 788.286005][ T5827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 788.286015][ T5827] RBP: 0000000000000010 R08: 00007fff4e28fbe6 R09: 00007fff4e293100 [ 788.286026][ T5827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff4e293100 [ 788.286037][ T5827] R13: 00007f2e21810b55 R14: 000055558f05f4a8 R15: 00007fff4e2941d0 [ 788.286054][ T5827] [ 788.286060][ T5827] [ 788.554984][ T5827] Allocated by task 14488: [ 788.559383][ T5827] kasan_save_stack+0x33/0x60 [ 788.564054][ T5827] kasan_save_track+0x14/0x30 [ 788.568717][ T5827] __kasan_kmalloc+0xaa/0xb0 [ 788.573294][ T5827] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 788.579696][ T5827] kmalloc_reserve+0xef/0x2c0 [ 788.584357][ T5827] pskb_expand_head+0x238/0x1030 [ 788.589279][ T5827] netlink_trim+0x22d/0x310 [ 788.593773][ T5827] netlink_broadcast_filtered+0xcc/0xf30 [ 788.599386][ T5827] nlmsg_notify+0x9e/0x220 [ 788.603796][ T5827] rtmsg_ifinfo+0x174/0x1a0 [ 788.608280][ T5827] netif_state_change+0x17f/0x3b0 [ 788.613291][ T5827] do_setlink.constprop.0+0x3570/0x4380 [ 788.618821][ T5827] rtnl_newlink+0x18e0/0x2000 [ 788.623478][ T5827] rtnetlink_rcv_msg+0x95e/0xe90 [ 788.628397][ T5827] netlink_rcv_skb+0x155/0x420 [ 788.633143][ T5827] netlink_unicast+0x58d/0x850 [ 788.637893][ T5827] netlink_sendmsg+0x8d1/0xdd0 [ 788.642640][ T5827] ____sys_sendmsg+0xa95/0xc70 [ 788.647391][ T5827] ___sys_sendmsg+0x134/0x1d0 [ 788.652056][ T5827] __sys_sendmsg+0x16d/0x220 [ 788.656623][ T5827] do_syscall_64+0xcd/0x4c0 [ 788.661116][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 788.666998][ T5827] [ 788.669302][ T5827] Freed by task 14488: [ 788.673345][ T5827] kasan_save_stack+0x33/0x60 [ 788.678012][ T5827] kasan_save_track+0x14/0x30 [ 788.682676][ T5827] kasan_save_free_info+0x3b/0x60 [ 788.687685][ T5827] __kasan_slab_free+0x51/0x70 [ 788.692437][ T5827] kfree+0x2b4/0x4d0 [ 788.696315][ T5827] skb_free_head+0x114/0x210 [ 788.700891][ T5827] skb_release_data+0x776/0x9c0 [ 788.705722][ T5827] consume_skb+0xbf/0x100 [ 788.710036][ T5827] netlink_broadcast_filtered+0x3c9/0xf30 [ 788.715737][ T5827] nlmsg_notify+0x9e/0x220 [ 788.720134][ T5827] rtmsg_ifinfo+0x174/0x1a0 [ 788.724622][ T5827] netif_state_change+0x17f/0x3b0 [ 788.729630][ T5827] do_setlink.constprop.0+0x3570/0x4380 [ 788.735157][ T5827] rtnl_newlink+0x18e0/0x2000 [ 788.739815][ T5827] rtnetlink_rcv_msg+0x95e/0xe90 [ 788.744733][ T5827] netlink_rcv_skb+0x155/0x420 [ 788.749479][ T5827] netlink_unicast+0x58d/0x850 [ 788.754225][ T5827] netlink_sendmsg+0x8d1/0xdd0 [ 788.758971][ T5827] ____sys_sendmsg+0xa95/0xc70 [ 788.763723][ T5827] ___sys_sendmsg+0x134/0x1d0 [ 788.768391][ T5827] __sys_sendmsg+0x16d/0x220 [ 788.772957][ T5827] do_syscall_64+0xcd/0x4c0 [ 788.777443][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 788.783316][ T5827] [ 788.785622][ T5827] The buggy address belongs to the object at ffff88802bb56000 [ 788.785622][ T5827] which belongs to the cache kmalloc-2k of size 2048 [ 788.799658][ T5827] The buggy address is located 1368 bytes inside of [ 788.799658][ T5827] freed 2048-byte region [ffff88802bb56000, ffff88802bb56800) [ 788.813611][ T5827] [ 788.815915][ T5827] The buggy address belongs to the physical page: [ 788.822302][ T5827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2bb50 [ 788.831044][ T5827] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 788.839520][ T5827] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 788.847047][ T5827] page_type: f5(slab) [ 788.851015][ T5827] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 788.859587][ T5827] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 788.868162][ T5827] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 788.876814][ T5827] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 788.885465][ T5827] head: 00fff00000000003 ffffea0000aed401 00000000ffffffff 00000000ffffffff [ 788.894119][ T5827] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 788.902812][ T5827] page dumped because: kasan: bad access detected [ 788.909213][ T5827] page_owner tracks the page as allocated [ 788.914908][ T5827] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5831, tgid 5831 (syz-executor), ts 61384686325, free_ts 51322682347 [ 788.936254][ T5827] post_alloc_hook+0x1c0/0x230 [ 788.941016][ T5827] get_page_from_freelist+0x1321/0x3890 [ 788.946551][ T5827] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 788.952434][ T5827] alloc_pages_mpol+0x1fb/0x550 [ 788.957271][ T5827] new_slab+0x23b/0x330 [ 788.961410][ T5827] ___slab_alloc+0xd9c/0x1940 [ 788.966072][ T5827] __slab_alloc.constprop.0+0x56/0xb0 [ 788.971431][ T5827] __kmalloc_cache_noprof+0xfb/0x3e0 [ 788.976716][ T5827] rxrpc_alloc_connection+0xa3/0x770 [ 788.981993][ T5827] rxrpc_prealloc_service_connection+0x26/0x390 [ 788.988224][ T5827] rxrpc_service_prealloc_one+0x2c7/0xfe0 [ 788.993928][ T5827] rxrpc_kernel_charge_accept+0xcd/0x110 [ 788.999546][ T5827] afs_charge_preallocation+0xc6/0x320 [ 789.004987][ T5827] afs_open_socket+0x323/0x400 [ 789.009742][ T5827] afs_net_init+0x825/0xb00 [ 789.014242][ T5827] ops_init+0x1e2/0x5f0 [ 789.018382][ T5827] page last free pid 5691 tgid 5691 stack trace: [ 789.024684][ T5827] __free_frozen_pages+0x7fe/0x1180 [ 789.029871][ T5827] __put_partials+0x16d/0x1c0 [ 789.034534][ T5827] qlist_free_all+0x4d/0x120 [ 789.039112][ T5827] kasan_quarantine_reduce+0x195/0x1e0 [ 789.044559][ T5827] __kasan_slab_alloc+0x69/0x90 [ 789.049398][ T5827] __kmalloc_noprof+0x1d4/0x510 [ 789.054235][ T5827] tomoyo_realpath_from_path+0xc2/0x6e0 [ 789.059780][ T5827] tomoyo_path_perm+0x274/0x460 [ 789.064618][ T5827] security_inode_getattr+0x116/0x290 [ 789.069979][ T5827] vfs_fstat+0x4b/0xe0 [ 789.074043][ T5827] __do_sys_newfstat+0x87/0x100 [ 789.078878][ T5827] do_syscall_64+0xcd/0x4c0 [ 789.083368][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.089246][ T5827] [ 789.091552][ T5827] Memory state around the buggy address: [ 789.097162][ T5827] ffff88802bb56400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 789.105204][ T5827] ffff88802bb56480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 789.113247][ T5827] >ffff88802bb56500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 789.121289][ T5827] ^ [ 789.128199][ T5827] ffff88802bb56580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 789.136240][ T5827] ffff88802bb56600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 789.144278][ T5827] ================================================================== [ 789.162144][ T30] audit: type=1400 audit(1753214912.692:623): avc: denied { create } for pid=14545 comm="syz.5.2584" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 789.219687][ T30] audit: type=1400 audit(1753214912.752:624): avc: denied { read } for pid=5185 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 789.226819][ T5827] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 789.226836][ T5827] CPU: 1 UID: 0 PID: 5827 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 789.226856][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 789.226865][ T5827] Call Trace: [ 789.226871][ T5827] [ 789.226877][ T5827] dump_stack_lvl+0x3d/0x1f0 [ 789.226905][ T5827] panic+0x71c/0x800 [ 789.226929][ T5827] ? __pfx_panic+0x10/0x10 [ 789.226950][ T5827] ? mark_held_locks+0x49/0x80 [ 789.226976][ T5827] ? preempt_schedule_thunk+0x16/0x30 [ 789.226997][ T5827] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 789.227015][ T5827] ? preempt_schedule_common+0x44/0xc0 [ 789.227040][ T5827] ? check_panic_on_warn+0x1f/0xb0 [ 789.227063][ T5827] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 789.227080][ T5827] check_panic_on_warn+0xab/0xb0 [ 789.227104][ T5827] end_report+0x107/0x170 [ 789.227118][ T5827] kasan_report+0xee/0x110 [ 789.227137][ T5827] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 789.227158][ T5827] __list_del_entry_valid_or_report+0x1d4/0x200 [ 789.227177][ T5827] bt_accept_unlink+0x34/0x2e0 [ 789.227201][ T5827] l2cap_sock_teardown_cb+0x1a3/0x3c0 [ 789.227220][ T5827] l2cap_chan_del+0xba/0x8f0 [ 789.227241][ T5827] l2cap_conn_del+0x37a/0x730 [ 789.227261][ T5827] ? hci_cmd_sync_dequeue+0x191/0x1f0 [ 789.227280][ T5827] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 789.227300][ T5827] l2cap_disconn_cfm+0x96/0xd0 [ 789.227319][ T5827] hci_conn_hash_flush+0x10e/0x260 [ 789.227339][ T5827] hci_dev_close_sync+0x602/0x11d0 [ 789.227358][ T5827] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 789.227375][ T5827] ? up_write+0x1b2/0x520 [ 789.227392][ T5827] hci_dev_do_close+0x2e/0x90 [ 789.227409][ T5827] hci_unregister_dev+0x227/0x640 [ 789.227426][ T5827] ? __pfx_vhci_release+0x10/0x10 [ 789.227441][ T5827] vhci_release+0x79/0xf0 [ 789.227454][ T5827] __fput+0x3ff/0xb70 [ 789.227473][ T5827] task_work_run+0x14d/0x240 [ 789.227490][ T5827] ? __pfx_task_work_run+0x10/0x10 [ 789.227506][ T5827] ? switch_task_namespaces+0xeb/0x100 [ 789.227529][ T5827] do_exit+0x86c/0x2bd0 [ 789.227552][ T5827] ? do_raw_spin_lock+0x12c/0x2b0 [ 789.227568][ T5827] ? __pfx_do_exit+0x10/0x10 [ 789.227590][ T5827] ? rcu_is_watching+0x12/0xc0 [ 789.227610][ T5827] do_group_exit+0xd3/0x2a0 [ 789.227633][ T5827] __x64_sys_exit_group+0x3e/0x50 [ 789.227655][ T5827] x64_sys_call+0x1530/0x1730 [ 789.227671][ T5827] do_syscall_64+0xcd/0x4c0 [ 789.227687][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.227702][ T5827] RIP: 0033:0x7f2e2178e9a9 [ 789.227715][ T5827] Code: Unable to access opcode bytes at 0x7f2e2178e97f. [ 789.227722][ T5827] RSP: 002b:00007fff4e291e48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 789.227738][ T5827] RAX: ffffffffffffffda RBX: 00007f2e21810bc7 RCX: 00007f2e2178e9a9 [ 789.227749][ T5827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 789.227758][ T5827] RBP: 0000000000000010 R08: 00007fff4e28fbe6 R09: 00007fff4e293100 [ 789.227768][ T5827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff4e293100 [ 789.227778][ T5827] R13: 00007f2e21810b55 R14: 000055558f05f4a8 R15: 00007fff4e2941d0 [ 789.227793][ T5827] [ 789.241786][ T5827] Kernel Offset: disabled